opac/sco/sco-patron-image.pl

   1 #!/usr/bin/perl
   2 #
   3 # Copyright 2009 LibLime
   4 #
   5 # This file is part of Koha.
   6 #
   7 # Koha is free software; you can redistribute it and/or modify it
   8 # under the terms of the GNU General Public License as published by
   9 # the Free Software Foundation; either version 3 of the License, or
  10 # (at your option) any later version.
  11 #
  12 # Koha is distributed in the hope that it will be useful, but
  13 # WITHOUT ANY WARRANTY; without even the implied warranty of
  14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15 # GNU General Public License for more details.
  16 #
  17 # You should have received a copy of the GNU General Public License
  18 # along with Koha; if not, see <http://www.gnu.org/licenses>.
  19
  20 use Modern::Perl;
  21 use C4::Auth qw(in_ipset);
  22 use C4::Service;
  23 use C4::Members;
  24 use Koha::Patron::Images;
  25 use Koha::Patrons;
  26 use Koha::Token;
  27
  28 my ( $query, $response ) = C4::Service->init( self_check => 'self_checkout_module' );
  29
  30 unless (C4::Context->preference('WebBasedSelfCheck')) {
  31     print $query->header(status => '403 Forbidden - web-based self-check not enabled');
  32     exit;
  33 }
  34 unless (C4::Context->preference('ShowPatronImageInWebBasedSelfCheck')) {
  35     print $query->header(status => '403 Forbidden - displaying patron images in self-check not enabled');
  36     exit;
  37 }
  38
  39 unless ( in_ipset(C4::Context->preference('SelfCheckAllowByIPRanges')) ) {
  40     print $query->header(status => '403 Forbidden - functionality not available from your location');
  41     exit;
  42 }
  43
  44 my ($borrowernumber) = C4::Service->require_params('borrowernumber');
  45 my ($csrf_token) = C4::Service->require_params('csrf_token');
  46
  47 my $patron = Koha::Patrons->find( $borrowernumber );
  48 my $patron_image = $patron->image;
  49
  50 if ($patron_image) {
  51
  52     unless (
  53         Koha::Token->new->check_csrf(
  54             {
  55                 session_id => scalar $query->cookie('CGISESSID')
  56                   . $patron->cardnumber,
  57                 id => $patron->userid,
  58                 token => $csrf_token,
  59             }
  60         )
  61       )
  62     {
  63
  64         print $query->header(-type => 'text/plain', -status => '403 Forbidden');
  65         exit;
  66     }
  67     print $query->header(
  68         -type           => $patron_image->mimetype,
  69         -Content_Length => length( $patron_image->imagefile )
  70       ),
  71       $patron_image->imagefile;
  72 } else {
  73     print $query->header(status => '404 patron image not found');
  74 }