/** * Verify Persona assertion and log the user in * * @return true * @access public */ public function login() { try { $authN = AuthenticationFactory::initAuthentication('MozillaPersona'); $user = $authN->authenticate(); } catch (Exception $e) { if ($configArray['System']['debug']) { error_log("Exception: " . $e->getMessage()); } return $this->output(false, JSON::STATUS_ERROR); } // If we authenticated, store the user in the session: if (PEAR::isError($user)) { error_log('Persona login error: ' . $user->getMessage()); return $this->output(false, JSON::STATUS_ERROR); } unset($_SESSION['no_store']); UserAccount::updateSession($user); return $this->output(true, JSON::STATUS_OK); }
function updatePin() { global $user; global $configArray; if (!$user) { return "You must be logged in to update your pin number."; } if (isset($_REQUEST['pin'])) { $pin = $_REQUEST['pin']; } else { return "Please enter your current pin number"; } if ($user->cat_password != $pin) { return "The current pin number is incorrect"; } if (isset($_REQUEST['pin1'])) { $pin1 = $_REQUEST['pin1']; } else { return "Please enter the new pin number"; } if (isset($_REQUEST['pin2'])) { $pin2 = $_REQUEST['pin2']; } else { return "Please enter the new pin number again"; } if ($pin1 != $pin2) { return "The pin numberdoes not match the confirmed number, please try again."; } global $user; $userId = $user->id; //Get the session token for the user if (isset(HorizonAPI::$sessionIdsForUsers[$userId])) { $sessionToken = HorizonAPI::$sessionIdsForUsers[$userId]; } else { //Log the user in list($userValid, $sessionToken) = $this->loginViaWebService($user->cat_username, $user->cat_password); if (!$userValid) { return array('result' => false, 'message' => 'Sorry, it does not look like you are logged in currently. Please login and try again'); } } //create the hold using the web service $updatePinUrl = $configArray['Catalog']['webServiceUrl'] . '/standard/changeMyPin?clientID=' . $configArray['Catalog']['clientId'] . '&sessionToken=' . $sessionToken . '¤tPin=' . $pin . '&newPin=' . $pin1; $updatePinResponse = $this->getWebServiceResponse($updatePinUrl); if ($updatePinResponse) { $user->cat_password = $pin1; $user->update(); UserAccount::updateSession($user); return "Your pin number was updated successfully."; } else { return "Sorry, we could not update your pin number. Please try again later."; } }
/** * Changes the catalog password of a user * * @param string $password The new password * * @return boolean True on success * @access public */ public function changeCatalogPassword($password) { $this->cat_password = $password; $this->update(); // Update Session if ($session_info = UserAccount::isLoggedIn()) { $session_info->cat_password = $password; UserAccount::updateSession($session_info); } // Update Account $account = new User_account(); $account->user_id = $this->id; $account->cat_username = $this->cat_username; if ($account->find(true)) { $account->cat_password = $password; $account->update(); } return true; }
function updatePatronInfo($canUpdateContactInfo) { $updateErrors = array(); if ($canUpdateContactInfo) { global $configArray; global $user; //Check to make sure the patron alias is valid if provided if (isset($_REQUEST['displayName']) && $_REQUEST['displayName'] != $user->displayName && strlen($_REQUEST['displayName']) > 0) { //make sure the display name is less than 15 characters if (strlen($_REQUEST['displayName']) > 15) { $updateErrors[] = 'Sorry your display name must be 15 characters or less.'; return $updateErrors; } else { //Make sure that we are not using bad words require_once ROOT_DIR . '/Drivers/marmot_inc/BadWord.php'; $badWords = new BadWord(); $badWordsList = $badWords->getBadWordExpressions(); $okToAdd = true; foreach ($badWordsList as $badWord) { if (preg_match($badWord, $_REQUEST['displayName'])) { $okToAdd = false; break; } } if (!$okToAdd) { $updateErrors[] = 'Sorry, that name is in use or invalid.'; return $updateErrors; } //Make sure no one else is using that $userValidation = new User(); $userValidation->query("SELECT * from {$userValidation->__table} WHERE id <> {$user->id} and displayName = '{$_REQUEST['displayName']}'"); if ($userValidation->N > 0) { $updateErrors[] = 'Sorry, that name is in use or is invalid.'; return $updateErrors; } } } //Setup Curl $header = array(); $header[0] = "Accept: text/xml,application/xml,application/xhtml+xml,"; $header[0] .= "text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5"; $header[] = "Cache-Control: max-age=0"; $header[] = "Connection: keep-alive"; $header[] = "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7"; $header[] = "Accept-Language: en-us,en;q=0.5"; $cookie = tempnam("/tmp", "CURLCOOKIE"); //Start at My Account Page $curl_url = $this->hipUrl . "/ipac20/ipac.jsp?profile={$configArray['Catalog']['hipProfile']}&menu=account"; $curl_connection = curl_init($curl_url); curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 30); curl_setopt($curl_connection, CURLOPT_HTTPHEADER, $header); curl_setopt($curl_connection, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"); curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, true); curl_setopt($curl_connection, CURLOPT_UNRESTRICTED_AUTH, true); curl_setopt($curl_connection, CURLOPT_COOKIEJAR, $cookie); curl_setopt($curl_connection, CURLOPT_COOKIESESSION, true); curl_setopt($curl_connection, CURLOPT_REFERER, $curl_url); curl_setopt($curl_connection, CURLOPT_FORBID_REUSE, false); curl_setopt($curl_connection, CURLOPT_HEADER, false); curl_setopt($curl_connection, CURLOPT_HTTPGET, true); $sresult = curl_exec($curl_connection); global $logger; $logger->log("Loading Full Record {$curl_url}", PEAR_LOG_INFO); //Extract the session id from the requestcopy javascript on the page if (preg_match('/\\?session=(.*?)&/s', $sresult, $matches)) { $sessionId = $matches[1]; } else { PEAR_Singleton::raiseError('Could not load session information from page.'); } //Login by posting username and password curl_setopt($curl_connection, CURLOPT_POST, true); $post_data = array('aspect' => 'overview', 'button' => 'Login to Your Account', 'login_prompt' => 'true', 'menu' => 'account', 'profile' => $configArray['Catalog']['hipProfile'], 'ri' => '', 'sec1' => $user->cat_username, 'sec2' => $user->cat_password, 'session' => $sessionId); $post_string = http_build_query($post_data); $curl_url = $this->hipUrl . "/ipac20/ipac.jsp"; curl_setopt($curl_connection, CURLOPT_URL, $curl_url); curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post_string); $sresult = curl_exec($curl_connection); /** @var Memcache $memCache */ global $memCache; // needed here? //update patron information. Use HIP to update the e-mail to make sure that all business rules are followed. if (isset($_REQUEST['email'])) { $post_data = array('menu' => 'account', 'newemailtext' => $_REQUEST['email'], 'newpin' => '', 'oldpin' => '', 'profile' => $configArray['Catalog']['hipProfile'], 'renewpin' => '', 'session' => $sessionId, 'submenu' => 'info', 'updateemail' => 'Update'); $post_string = http_build_query($post_data); curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post_string); $sresult = curl_exec($curl_connection); //check for errors in boldRedFont1 if (preg_match('/<td.*?class="boldRedFont1".*?>(.*?)(?:<br>)*<\\/td>/si', $sresult, $matches)) { $updateErrors[] = $matches[1]; } else { // Update the users cat_password in the Pika database $user->email = $_REQUEST['email']; } } if (isset($_REQUEST['oldPin']) && strlen($_REQUEST['oldPin']) > 0 && isset($_REQUEST['newPin']) && strlen($_REQUEST['newPin']) > 0) { $post_data = array('menu' => 'account', 'newemailtext' => $_REQUEST['email'], 'newpin' => $_REQUEST['newPin'], 'oldpin' => $_REQUEST['oldPin'], 'profile' => $configArray['Catalog']['hipProfile'], 'renewpin' => $_REQUEST['verifyPin'], 'session' => $sessionId, 'submenu' => 'info', 'updatepin' => 'Update'); $post_string = http_build_query($post_data); curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post_string); $sresult = curl_exec($curl_connection); //check for errors in boldRedFont1 if (preg_match('/<td.*?class="boldRedFont1".*?>(.*?)(?:<br>)*<\\/td>/', $sresult, $matches)) { $updateErrors[] = $matches[1]; } else { //Update the users cat_password in the Pika database $user->cat_password = $_REQUEST['newPin']; } } if (isset($_REQUEST['phone'])) { //TODO: Implement Setting Notification Methods $updateErrors[] = 'Phone number can not be updated.'; } if (isset($_REQUEST['address1']) || isset($_REQUEST['city']) || isset($_REQUEST['state']) || isset($_REQUEST['zip'])) { //TODO: Implement Setting Notification Methods $updateErrors[] = 'Address Information can not be updated.'; } if (isset($_REQUEST['notices'])) { //TODO: Implement Setting Notification Methods $updateErrors[] = 'Notice Method can not be updated.'; } if (isset($_REQUEST['pickuplocation'])) { //TODO: Implement Setting Pick-up Locations $updateErrors[] = 'Pickup Locations can not be updated.'; } //check to see if the user has provided an alias if (isset($_REQUEST['displayName']) && $_REQUEST['displayName'] != $user->displayName || isset($_REQUEST['disableRecommendations']) && $_REQUEST['disableRecommendations'] != $user->disableRecommendations || isset($_REQUEST['disableCoverArt']) && $_REQUEST['disableCoverArt'] != $user->disableCoverArt || isset($_REQUEST['bypassAutoLogout']) && $_REQUEST['bypassAutoLogout'] != $user->bypassAutoLogout) { $user->displayName = $_REQUEST['displayName']; $user->disableRecommendations = $_REQUEST['disableRecommendations']; $user->disableCoverArt = $_REQUEST['disableCoverArt']; if (isset($_REQUEST['bypassAutoLogout'])) { $user->bypassAutoLogout = $_REQUEST['bypassAutoLogout'] == 'yes' ? 1 : 0; } } // update Pika user data & clear cache of patron profile $user->update(); UserAccount::updateSession($user); $this->clearPatronProfile(); // Make sure to clear any cached data unlink($cookie); } else { $updateErrors[] = 'You do not have permission to update profile information.'; } return $updateErrors; }
function updatePin() { global $user; global $configArray; if (!$user) { return "You must be logged in to update your pin number."; } if (isset($_REQUEST['pin'])) { $pin = $_REQUEST['pin']; } else { return "Please enter your current pin number"; } if ($user->cat_password != $pin) { return "The current pin number is incorrect"; } if (isset($_REQUEST['pin1'])) { $pin1 = $_REQUEST['pin1']; } else { return "Please enter the new pin number"; } if (isset($_REQUEST['pin2'])) { $pin2 = $_REQUEST['pin2']; } else { return "Please enter the new pin number again"; } if ($pin1 != $pin2) { return "The pin numberdoes not match the confirmed number, please try again."; } //Login to the patron's account $cookieJar = tempnam("/tmp", "CURLCOOKIE"); $success = false; $barcode = $this->_getBarcode(); $patronDump = $this->_getPatronDump($barcode); //Login to the site $curl_url = $configArray['Catalog']['url'] . "/patroninfo"; $curl_connection = curl_init($curl_url); $header = array(); $header[0] = "Accept: text/xml,application/xml,application/xhtml+xml,"; $header[0] .= "text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5"; $header[] = "Cache-Control: max-age=0"; $header[] = "Connection: keep-alive"; $header[] = "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7"; $header[] = "Accept-Language: en-us,en;q=0.5"; curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 30); curl_setopt($curl_connection, CURLOPT_HTTPHEADER, $header); curl_setopt($curl_connection, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"); curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($curl_connection, CURLOPT_UNRESTRICTED_AUTH, true); curl_setopt($curl_connection, CURLOPT_COOKIEJAR, $cookieJar); curl_setopt($curl_connection, CURLOPT_COOKIESESSION, false); curl_setopt($curl_connection, CURLOPT_POST, true); $post_data = $this->_getLoginFormValues($patronDump); foreach ($post_data as $key => $value) { $post_items[] = $key . '=' . urlencode($value); } $post_string = implode('&', $post_items); curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post_string); $sresult = curl_exec($curl_connection); //Issue a post request to update the pin $post_data = array(); $post_data['pin'] = $pin; $post_data['pin1'] = $pin1; $post_data['pin2'] = $pin2; $post_data['submit.x'] = "35"; $post_data['submit.y'] = "15"; $post_items = array(); foreach ($post_data as $key => $value) { $post_items[] = $key . '=' . urlencode($value); } $post_string = implode('&', $post_items); curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post_string); $curl_url = $configArray['Catalog']['url'] . "/patroninfo/" . $patronDump['RECORD_#'] . "/newpin"; curl_setopt($curl_connection, CURLOPT_URL, $curl_url); $sresult = curl_exec($curl_connection); curl_close($curl_connection); unlink($cookieJar); if ($sresult) { if (preg_match('/<FONT COLOR=RED SIZE= 2><EM>(.*?)</EM></FONT>/i', $sresult, $matches)) { return $matches[1]; } else { $user->cat_password = $pin1; $user->update(); UserAccount::updateSession($user); return "Your pin number was updated sucessfully."; } } else { return "Sorry, we could not update your pin number. Please try again later."; } }
function __construct() { global $interface; global $configArray; global $user; $interface->assign('page_body_style', 'sidebar_left'); if ($this->requireLogin && !UserAccount::isLoggedIn()) { require_once ROOT_DIR . '/services/MyAccount/Login.php'; $myAccountAction = new MyAccount_Login(); $myAccountAction->launch(); exit; } // Setup Search Engine Connection $class = $configArray['Index']['engine']; $this->db = new $class($configArray['Index']['url']); // Connect to Database $this->catalog = CatalogFactory::getCatalogConnectionInstance(); // Register Library Catalog Account if (isset($_POST['submit']) && !empty($_POST['submit'])) { if ($this->catalog && isset($_POST['cat_username']) && isset($_POST['cat_password'])) { $result = $this->catalog->patronLogin($_POST['cat_username'], $_POST['cat_password']); if ($result && !PEAR_Singleton::isError($result)) { $user->cat_username = $_POST['cat_username']; $user->cat_password = $_POST['cat_password']; $user->update(); UserAccount::updateSession($user); $interface->assign('user', $user); } else { $interface->assign('loginError', 'Invalid Patron Login'); } } } //Check to see if we have any acs or single use eContent in the catalog //to enable the holds and wishlist appropriately if (isset($configArray['EContent']['hasProtectedEContent'])) { $interface->assign('hasProtectedEContent', $configArray['EContent']['hasProtectedEContent']); } else { $interface->assign('hasProtectedEContent', false); } //This code is also in Search/History since that page displays in the My Account menu as well. //It is also in MyList.php and Admin.php if ($user !== false) { $interface->assign('user', $user); // Profile is already loaded by index.php. plb 4-17-2015 // (keeping in case there is a exception ) // Get My Profile // if ($this->catalog->status) { // if ($user->cat_username) { // $patron = $this->catalog->patronLogin($user->cat_username, $user->cat_password); // if (PEAR_Singleton::isError($patron)){ // PEAR_Singleton::raiseError($patron); // } // // $profile = $this->catalog->getMyProfile($patron); // //global $logger; // //$logger->log("Patron profile phone number in MyResearch = " . $profile['phone'], PEAR_LOG_INFO); // if (!PEAR_Singleton::isError($profile)) { // $interface->assign('profile', $profile); // } // } // } //Figure out if we should show a link to classic opac to pay holds. $ecommerceLink = $configArray['Site']['ecommerceLink']; $homeLibrary = Library::getLibraryForLocation($user->homeLocationId); if (strlen($ecommerceLink) > 0 && isset($homeLibrary) && $homeLibrary->showEcommerceLink == 1) { $interface->assign('showEcommerceLink', true); $interface->assign('minimumFineAmount', $homeLibrary->minimumFineAmount); if ($homeLibrary->payFinesLink == 'default') { $interface->assign('ecommerceLink', $ecommerceLink); } else { $interface->assign('ecommerceLink', $homeLibrary->payFinesLink); } $interface->assign('payFinesLinkText', $homeLibrary->payFinesLinkText); } else { $interface->assign('showEcommerceLink', false); $interface->assign('minimumFineAmount', 0); } } }
function __construct() { global $interface; global $configArray; global $user; $interface->assign('page_body_style', 'sidebar_left'); $interface->assign('ils', $configArray['Catalog']['ils']); if ($this->requireLogin && !UserAccount::isLoggedIn()) { require_once 'Login.php'; Login::launch(); exit; } //$interface->assign('userNoticeFile', 'MyResearch/listNotice.tpl'); // Setup Search Engine Connection $class = $configArray['Index']['engine']; $this->db = new $class($configArray['Index']['url']); if ($configArray['System']['debugSolr']) { $this->db->debug = true; } // Connect to Database $this->catalog = new CatalogConnection($configArray['Catalog']['driver']); // Register Library Catalog Account if (isset($_POST['submit']) && !empty($_POST['submit'])) { if ($this->catalog && isset($_POST['cat_username']) && isset($_POST['cat_password'])) { $result = $this->catalog->patronLogin($_POST['cat_username'], $_POST['cat_password']); if ($result && !PEAR_Singleton::isError($result)) { $user->cat_username = $_POST['cat_username']; $user->cat_password = $_POST['cat_password']; $user->update(); UserAccount::updateSession($user); $interface->assign('user', $user); } else { $interface->assign('loginError', 'Invalid Patron Login'); } } } //Determine whether or not materials request functionality should be enabled $interface->assign('enableMaterialsRequest', MaterialsRequest::enableMaterialsRequest()); //Check to see if we have any acs or single use eContent in the catalog //to enable the holds and wishlist appropriately if (isset($configArray['EContent']['hasProtectedEContent'])) { $interface->assign('hasProtectedEContent', $configArray['EContent']['hasProtectedEContent']); } else { $interface->assign('hasProtectedEContent', false); } global $library; if (isset($library)) { $interface->assign('showFavorites', $library->showFavorites); $interface->assign('showRatings', $library->showRatings); $interface->assign('showComments', $library->showComments); } else { $interface->assign('showFavorites', 1); $interface->assign('showRatings', 1); $interface->assign('showComments', 1); } //This code is also in Search/History since that page displays in the My Account menu as well. //It is also in MyList.php and Admin.php if ($user !== false) { $interface->assign('user', $user); // Get My Profile if ($this->catalog->status) { if ($user->cat_username) { $patron = $this->catalog->patronLogin($user->cat_username, $user->cat_password); if (PEAR_Singleton::isError($patron)) { PEAR_Singleton::raiseError($patron); } $profile = $this->catalog->getMyProfile($patron); //global $logger; //$logger->log("Patron profile phone number in MyResearch = " . $profile['phone'], PEAR_LOG_INFO); if (!PEAR_Singleton::isError($profile)) { $interface->assign('profile', $profile); } } } //Figure out if we should show a link to classic opac to pay holds. $ecommerceLink = $configArray['Site']['ecommerceLink']; $homeLibrary = Library::getLibraryForLocation($user->homeLocationId); if (strlen($ecommerceLink) > 0 && isset($homeLibrary) && $homeLibrary->showEcommerceLink == 1) { $interface->assign('showEcommerceLink', true); $interface->assign('minimumFineAmount', $homeLibrary->minimumFineAmount); if ($homeLibrary->payFinesLink == 'default') { $interface->assign('ecommerceLink', $ecommerceLink); } else { $interface->assign('ecommerceLink', $homeLibrary->payFinesLink); } $interface->assign('payFinesLinkText', $homeLibrary->payFinesLinkText); } else { $interface->assign('showEcommerceLink', false); $interface->assign('minimumFineAmount', 0); } //Load a list of lists $lists = array(); if ($user->disableRecommendations == 0) { $lists[] = array('name' => 'Recommended For You', 'url' => '/MyResearch/SuggestedTitles', 'id' => 'suggestions'); } $tmpList = new User_list(); $tmpList->user_id = $user->id; $tmpList->orderBy("title ASC"); $tmpList->find(); if ($tmpList->N > 0) { while ($tmpList->fetch()) { $lists[$tmpList->id] = array('name' => $tmpList->title, 'url' => '/MyResearch/MyList/' . $tmpList->id, 'id' => $tmpList->id); } } else { $lists[-1] = array('name' => "My Favorites", 'url' => '/MyResearch/MyList/-1', 'id' => -1); } $interface->assign('lists', $lists); // Get My Tags $tagList = $user->getTags(); $interface->assign('tagList', $tagList); } }