/**
* Verify Persona assertion and log the user in
*
* @return true
* @access public
*/
public function login()
{
try {
$authN = AuthenticationFactory::initAuthentication('MozillaPersona');
$user = $authN->authenticate();
} catch (Exception $e) {
if ($configArray['System']['debug']) {
error_log("Exception: " . $e->getMessage());
}
return $this->output(false, JSON::STATUS_ERROR);
}
// If we authenticated, store the user in the session:
if (PEAR::isError($user)) {
error_log('Persona login error: ' . $user->getMessage());
return $this->output(false, JSON::STATUS_ERROR);
}
unset($_SESSION['no_store']);
UserAccount::updateSession($user);
return $this->output(true, JSON::STATUS_OK);
}
function updatePin()
{
global $user;
global $configArray;
if (!$user) {
return "You must be logged in to update your pin number.";
}
if (isset($_REQUEST['pin'])) {
$pin = $_REQUEST['pin'];
} else {
return "Please enter your current pin number";
}
if ($user->cat_password != $pin) {
return "The current pin number is incorrect";
}
if (isset($_REQUEST['pin1'])) {
$pin1 = $_REQUEST['pin1'];
} else {
return "Please enter the new pin number";
}
if (isset($_REQUEST['pin2'])) {
$pin2 = $_REQUEST['pin2'];
} else {
return "Please enter the new pin number again";
}
if ($pin1 != $pin2) {
return "The pin numberdoes not match the confirmed number, please try again.";
}
global $user;
$userId = $user->id;
//Get the session token for the user
if (isset(HorizonAPI::$sessionIdsForUsers[$userId])) {
$sessionToken = HorizonAPI::$sessionIdsForUsers[$userId];
} else {
//Log the user in
list($userValid, $sessionToken) = $this->loginViaWebService($user->cat_username, $user->cat_password);
if (!$userValid) {
return array('result' => false, 'message' => 'Sorry, it does not look like you are logged in currently. Please login and try again');
}
}
//create the hold using the web service
$updatePinUrl = $configArray['Catalog']['webServiceUrl'] . '/standard/changeMyPin?clientID=' . $configArray['Catalog']['clientId'] . '&sessionToken=' . $sessionToken . '¤tPin=' . $pin . '&newPin=' . $pin1;
$updatePinResponse = $this->getWebServiceResponse($updatePinUrl);
if ($updatePinResponse) {
$user->cat_password = $pin1;
$user->update();
UserAccount::updateSession($user);
return "Your pin number was updated successfully.";
} else {
return "Sorry, we could not update your pin number. Please try again later.";
}
}
/**
* Changes the catalog password of a user
*
* @param string $password The new password
*
* @return boolean True on success
* @access public
*/
public function changeCatalogPassword($password)
{
$this->cat_password = $password;
$this->update();
// Update Session
if ($session_info = UserAccount::isLoggedIn()) {
$session_info->cat_password = $password;
UserAccount::updateSession($session_info);
}
// Update Account
$account = new User_account();
$account->user_id = $this->id;
$account->cat_username = $this->cat_username;
if ($account->find(true)) {
$account->cat_password = $password;
$account->update();
}
return true;
}
function updatePatronInfo($canUpdateContactInfo)
{
$updateErrors = array();
if ($canUpdateContactInfo) {
global $configArray;
global $user;
//Check to make sure the patron alias is valid if provided
if (isset($_REQUEST['displayName']) && $_REQUEST['displayName'] != $user->displayName && strlen($_REQUEST['displayName']) > 0) {
//make sure the display name is less than 15 characters
if (strlen($_REQUEST['displayName']) > 15) {
$updateErrors[] = 'Sorry your display name must be 15 characters or less.';
return $updateErrors;
} else {
//Make sure that we are not using bad words
require_once ROOT_DIR . '/Drivers/marmot_inc/BadWord.php';
$badWords = new BadWord();
$badWordsList = $badWords->getBadWordExpressions();
$okToAdd = true;
foreach ($badWordsList as $badWord) {
if (preg_match($badWord, $_REQUEST['displayName'])) {
$okToAdd = false;
break;
}
}
if (!$okToAdd) {
$updateErrors[] = 'Sorry, that name is in use or invalid.';
return $updateErrors;
}
//Make sure no one else is using that
$userValidation = new User();
$userValidation->query("SELECT * from {$userValidation->__table} WHERE id <> {$user->id} and displayName = '{$_REQUEST['displayName']}'");
if ($userValidation->N > 0) {
$updateErrors[] = 'Sorry, that name is in use or is invalid.';
return $updateErrors;
}
}
}
//Setup Curl
$header = array();
$header[0] = "Accept: text/xml,application/xml,application/xhtml+xml,";
$header[0] .= "text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5";
$header[] = "Cache-Control: max-age=0";
$header[] = "Connection: keep-alive";
$header[] = "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7";
$header[] = "Accept-Language: en-us,en;q=0.5";
$cookie = tempnam("/tmp", "CURLCOOKIE");
//Start at My Account Page
$curl_url = $this->hipUrl . "/ipac20/ipac.jsp?profile={$configArray['Catalog']['hipProfile']}&menu=account";
$curl_connection = curl_init($curl_url);
curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($curl_connection, CURLOPT_HTTPHEADER, $header);
curl_setopt($curl_connection, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)");
curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($curl_connection, CURLOPT_UNRESTRICTED_AUTH, true);
curl_setopt($curl_connection, CURLOPT_COOKIEJAR, $cookie);
curl_setopt($curl_connection, CURLOPT_COOKIESESSION, true);
curl_setopt($curl_connection, CURLOPT_REFERER, $curl_url);
curl_setopt($curl_connection, CURLOPT_FORBID_REUSE, false);
curl_setopt($curl_connection, CURLOPT_HEADER, false);
curl_setopt($curl_connection, CURLOPT_HTTPGET, true);
$sresult = curl_exec($curl_connection);
global $logger;
$logger->log("Loading Full Record {$curl_url}", PEAR_LOG_INFO);
//Extract the session id from the requestcopy javascript on the page
if (preg_match('/\\?session=(.*?)&/s', $sresult, $matches)) {
$sessionId = $matches[1];
} else {
PEAR_Singleton::raiseError('Could not load session information from page.');
}
//Login by posting username and password
curl_setopt($curl_connection, CURLOPT_POST, true);
$post_data = array('aspect' => 'overview', 'button' => 'Login to Your Account', 'login_prompt' => 'true', 'menu' => 'account', 'profile' => $configArray['Catalog']['hipProfile'], 'ri' => '', 'sec1' => $user->cat_username, 'sec2' => $user->cat_password, 'session' => $sessionId);
$post_string = http_build_query($post_data);
$curl_url = $this->hipUrl . "/ipac20/ipac.jsp";
curl_setopt($curl_connection, CURLOPT_URL, $curl_url);
curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post_string);
$sresult = curl_exec($curl_connection);
/** @var Memcache $memCache */
global $memCache;
// needed here?
//update patron information. Use HIP to update the e-mail to make sure that all business rules are followed.
if (isset($_REQUEST['email'])) {
$post_data = array('menu' => 'account', 'newemailtext' => $_REQUEST['email'], 'newpin' => '', 'oldpin' => '', 'profile' => $configArray['Catalog']['hipProfile'], 'renewpin' => '', 'session' => $sessionId, 'submenu' => 'info', 'updateemail' => 'Update');
$post_string = http_build_query($post_data);
curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post_string);
$sresult = curl_exec($curl_connection);
//check for errors in boldRedFont1
if (preg_match('/<td.*?class="boldRedFont1".*?>(.*?)(?:<br>)*<\\/td>/si', $sresult, $matches)) {
$updateErrors[] = $matches[1];
} else {
// Update the users cat_password in the Pika database
$user->email = $_REQUEST['email'];
}
}
if (isset($_REQUEST['oldPin']) && strlen($_REQUEST['oldPin']) > 0 && isset($_REQUEST['newPin']) && strlen($_REQUEST['newPin']) > 0) {
$post_data = array('menu' => 'account', 'newemailtext' => $_REQUEST['email'], 'newpin' => $_REQUEST['newPin'], 'oldpin' => $_REQUEST['oldPin'], 'profile' => $configArray['Catalog']['hipProfile'], 'renewpin' => $_REQUEST['verifyPin'], 'session' => $sessionId, 'submenu' => 'info', 'updatepin' => 'Update');
$post_string = http_build_query($post_data);
curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post_string);
$sresult = curl_exec($curl_connection);
//check for errors in boldRedFont1
if (preg_match('/<td.*?class="boldRedFont1".*?>(.*?)(?:<br>)*<\\/td>/', $sresult, $matches)) {
$updateErrors[] = $matches[1];
} else {
//Update the users cat_password in the Pika database
$user->cat_password = $_REQUEST['newPin'];
}
}
if (isset($_REQUEST['phone'])) {
//TODO: Implement Setting Notification Methods
$updateErrors[] = 'Phone number can not be updated.';
}
if (isset($_REQUEST['address1']) || isset($_REQUEST['city']) || isset($_REQUEST['state']) || isset($_REQUEST['zip'])) {
//TODO: Implement Setting Notification Methods
$updateErrors[] = 'Address Information can not be updated.';
}
if (isset($_REQUEST['notices'])) {
//TODO: Implement Setting Notification Methods
$updateErrors[] = 'Notice Method can not be updated.';
}
if (isset($_REQUEST['pickuplocation'])) {
//TODO: Implement Setting Pick-up Locations
$updateErrors[] = 'Pickup Locations can not be updated.';
}
//check to see if the user has provided an alias
if (isset($_REQUEST['displayName']) && $_REQUEST['displayName'] != $user->displayName || isset($_REQUEST['disableRecommendations']) && $_REQUEST['disableRecommendations'] != $user->disableRecommendations || isset($_REQUEST['disableCoverArt']) && $_REQUEST['disableCoverArt'] != $user->disableCoverArt || isset($_REQUEST['bypassAutoLogout']) && $_REQUEST['bypassAutoLogout'] != $user->bypassAutoLogout) {
$user->displayName = $_REQUEST['displayName'];
$user->disableRecommendations = $_REQUEST['disableRecommendations'];
$user->disableCoverArt = $_REQUEST['disableCoverArt'];
if (isset($_REQUEST['bypassAutoLogout'])) {
$user->bypassAutoLogout = $_REQUEST['bypassAutoLogout'] == 'yes' ? 1 : 0;
}
}
// update Pika user data & clear cache of patron profile
$user->update();
UserAccount::updateSession($user);
$this->clearPatronProfile();
// Make sure to clear any cached data
unlink($cookie);
} else {
$updateErrors[] = 'You do not have permission to update profile information.';
}
return $updateErrors;
}
function updatePin()
{
global $user;
global $configArray;
if (!$user) {
return "You must be logged in to update your pin number.";
}
if (isset($_REQUEST['pin'])) {
$pin = $_REQUEST['pin'];
} else {
return "Please enter your current pin number";
}
if ($user->cat_password != $pin) {
return "The current pin number is incorrect";
}
if (isset($_REQUEST['pin1'])) {
$pin1 = $_REQUEST['pin1'];
} else {
return "Please enter the new pin number";
}
if (isset($_REQUEST['pin2'])) {
$pin2 = $_REQUEST['pin2'];
} else {
return "Please enter the new pin number again";
}
if ($pin1 != $pin2) {
return "The pin numberdoes not match the confirmed number, please try again.";
}
//Login to the patron's account
$cookieJar = tempnam("/tmp", "CURLCOOKIE");
$success = false;
$barcode = $this->_getBarcode();
$patronDump = $this->_getPatronDump($barcode);
//Login to the site
$curl_url = $configArray['Catalog']['url'] . "/patroninfo";
$curl_connection = curl_init($curl_url);
$header = array();
$header[0] = "Accept: text/xml,application/xml,application/xhtml+xml,";
$header[0] .= "text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5";
$header[] = "Cache-Control: max-age=0";
$header[] = "Connection: keep-alive";
$header[] = "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7";
$header[] = "Accept-Language: en-us,en;q=0.5";
curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($curl_connection, CURLOPT_HTTPHEADER, $header);
curl_setopt($curl_connection, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)");
curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($curl_connection, CURLOPT_UNRESTRICTED_AUTH, true);
curl_setopt($curl_connection, CURLOPT_COOKIEJAR, $cookieJar);
curl_setopt($curl_connection, CURLOPT_COOKIESESSION, false);
curl_setopt($curl_connection, CURLOPT_POST, true);
$post_data = $this->_getLoginFormValues($patronDump);
foreach ($post_data as $key => $value) {
$post_items[] = $key . '=' . urlencode($value);
}
$post_string = implode('&', $post_items);
curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post_string);
$sresult = curl_exec($curl_connection);
//Issue a post request to update the pin
$post_data = array();
$post_data['pin'] = $pin;
$post_data['pin1'] = $pin1;
$post_data['pin2'] = $pin2;
$post_data['submit.x'] = "35";
$post_data['submit.y'] = "15";
$post_items = array();
foreach ($post_data as $key => $value) {
$post_items[] = $key . '=' . urlencode($value);
}
$post_string = implode('&', $post_items);
curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post_string);
$curl_url = $configArray['Catalog']['url'] . "/patroninfo/" . $patronDump['RECORD_#'] . "/newpin";
curl_setopt($curl_connection, CURLOPT_URL, $curl_url);
$sresult = curl_exec($curl_connection);
curl_close($curl_connection);
unlink($cookieJar);
if ($sresult) {
if (preg_match('/<FONT COLOR=RED SIZE= 2><EM>(.*?)</EM></FONT>/i', $sresult, $matches)) {
return $matches[1];
} else {
$user->cat_password = $pin1;
$user->update();
UserAccount::updateSession($user);
return "Your pin number was updated sucessfully.";
}
} else {
return "Sorry, we could not update your pin number. Please try again later.";
}
}
function __construct()
{
global $interface;
global $configArray;
global $user;
$interface->assign('page_body_style', 'sidebar_left');
if ($this->requireLogin && !UserAccount::isLoggedIn()) {
require_once ROOT_DIR . '/services/MyAccount/Login.php';
$myAccountAction = new MyAccount_Login();
$myAccountAction->launch();
exit;
}
// Setup Search Engine Connection
$class = $configArray['Index']['engine'];
$this->db = new $class($configArray['Index']['url']);
// Connect to Database
$this->catalog = CatalogFactory::getCatalogConnectionInstance();
// Register Library Catalog Account
if (isset($_POST['submit']) && !empty($_POST['submit'])) {
if ($this->catalog && isset($_POST['cat_username']) && isset($_POST['cat_password'])) {
$result = $this->catalog->patronLogin($_POST['cat_username'], $_POST['cat_password']);
if ($result && !PEAR_Singleton::isError($result)) {
$user->cat_username = $_POST['cat_username'];
$user->cat_password = $_POST['cat_password'];
$user->update();
UserAccount::updateSession($user);
$interface->assign('user', $user);
} else {
$interface->assign('loginError', 'Invalid Patron Login');
}
}
}
//Check to see if we have any acs or single use eContent in the catalog
//to enable the holds and wishlist appropriately
if (isset($configArray['EContent']['hasProtectedEContent'])) {
$interface->assign('hasProtectedEContent', $configArray['EContent']['hasProtectedEContent']);
} else {
$interface->assign('hasProtectedEContent', false);
}
//This code is also in Search/History since that page displays in the My Account menu as well.
//It is also in MyList.php and Admin.php
if ($user !== false) {
$interface->assign('user', $user);
// Profile is already loaded by index.php. plb 4-17-2015
// (keeping in case there is a exception )
// Get My Profile
// if ($this->catalog->status) {
// if ($user->cat_username) {
// $patron = $this->catalog->patronLogin($user->cat_username, $user->cat_password);
// if (PEAR_Singleton::isError($patron)){
// PEAR_Singleton::raiseError($patron);
// }
//
// $profile = $this->catalog->getMyProfile($patron);
// //global $logger;
// //$logger->log("Patron profile phone number in MyResearch = " . $profile['phone'], PEAR_LOG_INFO);
// if (!PEAR_Singleton::isError($profile)) {
// $interface->assign('profile', $profile);
// }
// }
// }
//Figure out if we should show a link to classic opac to pay holds.
$ecommerceLink = $configArray['Site']['ecommerceLink'];
$homeLibrary = Library::getLibraryForLocation($user->homeLocationId);
if (strlen($ecommerceLink) > 0 && isset($homeLibrary) && $homeLibrary->showEcommerceLink == 1) {
$interface->assign('showEcommerceLink', true);
$interface->assign('minimumFineAmount', $homeLibrary->minimumFineAmount);
if ($homeLibrary->payFinesLink == 'default') {
$interface->assign('ecommerceLink', $ecommerceLink);
} else {
$interface->assign('ecommerceLink', $homeLibrary->payFinesLink);
}
$interface->assign('payFinesLinkText', $homeLibrary->payFinesLinkText);
} else {
$interface->assign('showEcommerceLink', false);
$interface->assign('minimumFineAmount', 0);
}
}
}
function __construct()
{
global $interface;
global $configArray;
global $user;
$interface->assign('page_body_style', 'sidebar_left');
$interface->assign('ils', $configArray['Catalog']['ils']);
if ($this->requireLogin && !UserAccount::isLoggedIn()) {
require_once 'Login.php';
Login::launch();
exit;
}
//$interface->assign('userNoticeFile', 'MyResearch/listNotice.tpl');
// Setup Search Engine Connection
$class = $configArray['Index']['engine'];
$this->db = new $class($configArray['Index']['url']);
if ($configArray['System']['debugSolr']) {
$this->db->debug = true;
}
// Connect to Database
$this->catalog = new CatalogConnection($configArray['Catalog']['driver']);
// Register Library Catalog Account
if (isset($_POST['submit']) && !empty($_POST['submit'])) {
if ($this->catalog && isset($_POST['cat_username']) && isset($_POST['cat_password'])) {
$result = $this->catalog->patronLogin($_POST['cat_username'], $_POST['cat_password']);
if ($result && !PEAR_Singleton::isError($result)) {
$user->cat_username = $_POST['cat_username'];
$user->cat_password = $_POST['cat_password'];
$user->update();
UserAccount::updateSession($user);
$interface->assign('user', $user);
} else {
$interface->assign('loginError', 'Invalid Patron Login');
}
}
}
//Determine whether or not materials request functionality should be enabled
$interface->assign('enableMaterialsRequest', MaterialsRequest::enableMaterialsRequest());
//Check to see if we have any acs or single use eContent in the catalog
//to enable the holds and wishlist appropriately
if (isset($configArray['EContent']['hasProtectedEContent'])) {
$interface->assign('hasProtectedEContent', $configArray['EContent']['hasProtectedEContent']);
} else {
$interface->assign('hasProtectedEContent', false);
}
global $library;
if (isset($library)) {
$interface->assign('showFavorites', $library->showFavorites);
$interface->assign('showRatings', $library->showRatings);
$interface->assign('showComments', $library->showComments);
} else {
$interface->assign('showFavorites', 1);
$interface->assign('showRatings', 1);
$interface->assign('showComments', 1);
}
//This code is also in Search/History since that page displays in the My Account menu as well.
//It is also in MyList.php and Admin.php
if ($user !== false) {
$interface->assign('user', $user);
// Get My Profile
if ($this->catalog->status) {
if ($user->cat_username) {
$patron = $this->catalog->patronLogin($user->cat_username, $user->cat_password);
if (PEAR_Singleton::isError($patron)) {
PEAR_Singleton::raiseError($patron);
}
$profile = $this->catalog->getMyProfile($patron);
//global $logger;
//$logger->log("Patron profile phone number in MyResearch = " . $profile['phone'], PEAR_LOG_INFO);
if (!PEAR_Singleton::isError($profile)) {
$interface->assign('profile', $profile);
}
}
}
//Figure out if we should show a link to classic opac to pay holds.
$ecommerceLink = $configArray['Site']['ecommerceLink'];
$homeLibrary = Library::getLibraryForLocation($user->homeLocationId);
if (strlen($ecommerceLink) > 0 && isset($homeLibrary) && $homeLibrary->showEcommerceLink == 1) {
$interface->assign('showEcommerceLink', true);
$interface->assign('minimumFineAmount', $homeLibrary->minimumFineAmount);
if ($homeLibrary->payFinesLink == 'default') {
$interface->assign('ecommerceLink', $ecommerceLink);
} else {
$interface->assign('ecommerceLink', $homeLibrary->payFinesLink);
}
$interface->assign('payFinesLinkText', $homeLibrary->payFinesLinkText);
} else {
$interface->assign('showEcommerceLink', false);
$interface->assign('minimumFineAmount', 0);
}
//Load a list of lists
$lists = array();
if ($user->disableRecommendations == 0) {
$lists[] = array('name' => 'Recommended For You', 'url' => '/MyResearch/SuggestedTitles', 'id' => 'suggestions');
}
$tmpList = new User_list();
$tmpList->user_id = $user->id;
$tmpList->orderBy("title ASC");
$tmpList->find();
if ($tmpList->N > 0) {
while ($tmpList->fetch()) {
$lists[$tmpList->id] = array('name' => $tmpList->title, 'url' => '/MyResearch/MyList/' . $tmpList->id, 'id' => $tmpList->id);
}
} else {
$lists[-1] = array('name' => "My Favorites", 'url' => '/MyResearch/MyList/-1', 'id' => -1);
}
$interface->assign('lists', $lists);
// Get My Tags
$tagList = $user->getTags();
$interface->assign('tagList', $tagList);
}
}
