Including Login to access the OPAC
Dear Colleagues, I would like to make my koha library catalogue accessible over the internet but at the same time I would like to secure it such that only authorised persons can search and use the catalogue. I specifically would like that when a user accesses the catalogue they initially receive a login screen just as is the case with the staff interface. Could anyone kindly guide me on how I may achieve this. Hope to hear from you. Anselm Olweny Teaching Assistant East African School of Library and Information Science Makerere University Kampala, Uganda
Anselm Olweny wrote:
I would like to make my koha library catalogue accessible over the internet but at the same time I would like to secure it such that only authorised persons can search and use the catalogue. I specifically would like that when a user accesses the catalogue they initially receive a login screen just as is the case with the staff interface.
Could anyone kindly guide me on how I may achieve this.
Near the top of each Koha script in the OPAC and Admin areas, i.e. in the directories /usr/share/koha/intranet/cgi-bin and /usr/share/koha/opac/cgi-bin is a flag that reads as follows: authnotrequired => 1 Change the 1 to a 0 in each script that you want the user to login to use it. HTH! cheers rickw -- _________________________________ Rick Welykochy || Praxis Services You got to keep repeating things over and over and over again for the truth to sink in, to kind of catapult the propaganda. -- George W Bush
Thanks Ricky for the help. I made the adjustments and now it works as I need it to. Thanks again and stay well Anselm On Sun, Nov 1, 2009 at 1:36 PM, Rick Welykochy <rick@praxis.com.au> wrote:
Anselm Olweny wrote:
I would like to make my koha library catalogue accessible over the
internet but at the same time I would like to secure it such that only authorised persons can search and use the catalogue. I specifically would like that when a user accesses the catalogue they initially receive a login screen just as is the case with the staff interface.
Could anyone kindly guide me on how I may achieve this.
Near the top of each Koha script in the OPAC and Admin areas, i.e. in the directories
/usr/share/koha/intranet/cgi-bin
and
/usr/share/koha/opac/cgi-bin
is a flag that reads as follows:
authnotrequired => 1
Change the 1 to a 0 in each script that you want the user to login to use it.
HTH!
cheers rickw
-- _________________________________ Rick Welykochy || Praxis Services
You got to keep repeating things over and over and over again for the truth to sink in, to kind of catapult the propaganda. -- George W Bush
Dear Ricky, I needed to make full text documents accessible through my Koha OPAC so I created a new directory called docs at /usr/share/koha/opac/htdocs/opac-tmpl/prog/ When cataloguing I included the url to the full text which I have stored in the docs directory above in the field 856$u. Specifically the url looks like this http://10.2.1.64/opac-tmpl/prog/docs/filename.pdf I am able to download the full text from the opac. I have also adjusted authnotrequired => 1 to authnotrequired => 0 in the scripts found at /usr/share/koha/opac/cgi-bin However, When I simply enter the url "http://10.2.1.64/opac-tmpl/prog/docs/filename.pdf" in the browser address bar I am able to access the full text without being required to login. I would also like to secure the full texts. Kindly assist by advising what I need to do to secure the full texts. Thanks Anselm O ---------- Forwarded message ---------- From: Anselm Olweny <aolweny@gmail.com> Date: Sun, 1 Nov 2009 14:24:49 +0300 Subject: Re: [Koha] Including Login to access the OPAC To: Rick Welykochy <rick@praxis.com.au> Cc: koha <Koha@lists.katipo.co.nz>, "Nijnatten, Jan van" <jan.v.nijnatten@philips.com> Thanks Ricky for the help. I made the adjustments and now it works as I need it to. Thanks again and stay well Anselm On Sun, Nov 1, 2009 at 1:36 PM, Rick Welykochy <rick@praxis.com.au> wrote:
Anselm Olweny wrote:
I would like to make my koha library catalogue accessible over the
internet but at the same time I would like to secure it such that only authorised persons can search and use the catalogue. I specifically would like that when a user accesses the catalogue they initially receive a login screen just as is the case with the staff interface.
Could anyone kindly guide me on how I may achieve this.
Near the top of each Koha script in the OPAC and Admin areas, i.e. in the directories
/usr/share/koha/intranet/cgi-bin
and
/usr/share/koha/opac/cgi-bin
is a flag that reads as follows:
authnotrequired => 1
Change the 1 to a 0 in each script that you want the user to login to use it.
HTH!
cheers rickw
-- _________________________________ Rick Welykochy || Praxis Services
You got to keep repeating things over and over and over again for the truth to sink in, to kind of catapult the propaganda. -- George W Bush
Anselm Olweny wrote:
When cataloguing I included the url to the full text which I have stored in the docs directory above in the field 856$u. Specifically the url looks like this http://10.2.1.64/opac-tmpl/prog/docs/filename.pdf
I am able to download the full text from the opac. I have also adjusted authnotrequired => 1 to => 0 in the scripts found at /usr/share/koha/opac/cgi-bin
However, When I simply enter the url "http://10.2.1.64/opac-tmpl/prog/docs/filename.pdf" in the browser address bar I am able to access the full text without being required to login.
I would also like to secure the full texts. Kindly assist by advising what I need to do to secure the full texts.
The scripts are secured since the perl script actually checks the flag "authnotrequired" and it takes action accordingly to redirect to the login page if the user has not logged in. But when you enter the URL of a document that is not a Koha perl script, there is nothing checking that the user has logged in. One simple but inconvenient solution is to add HTTP Basic Authentication (Apache's mod_auth) to the directory /usr/share/koha/opac/htdocs/opac-tmpl/prog/docs, but this is fraught with problems, i.e. 1. you have to duplicate the borrowers table usernames and passwords in a htpasswd file 2. the user has to re-enter their login details when the browser pops up the Basic Authentication dialogue. 3. the login sequence in item 2 above doesn't fit in with the usual work flow and look 'n' feel of Koha. Item 1. above can be alleviated by using an Apache module called mod_auth_mysql, of which there are several. One example that seems recent is at <http://www.heuer.org/mod_auth_mysql/> Item 2. is more complex, but there is probably a solution that involves using mod_auth_mysql plus a cookie generation mechanism that ensures the user is logged into Koha with a proper cookie, or session ID. Item 3. would take more work but is prolly the best solution. Have mod_auth_mysql redirect to the login page and remember which document was request. The document is returned once the user logs in. This sounds like a nifty project for Koha, the ability to add static content that falls under the same login authentication as the scripted areas. But a bit of work! cheers ricky -- _________________________________ Rick Welykochy || Praxis Services You got to keep repeating things over and over and over again for the truth to sink in, to kind of catapult the propaganda. -- George W Bush
participants (2)
-
Anselm Olweny -
Rick Welykochy