[Koha-devel] Member Authentication via Internet

[Roger Buck]

I understand that Koha web services are on the agenda but have need for
something more immediate. Despite this being a quick and dirty, would
obviously be preferable if our work here could help support the main
stream development.

Current Situation:
A school (Department of Education and Training, New South Wales) library
specialising in education resources for kids with learning difficulties.
The library is only staffed 3 days per week and most borrowing is
currently done via fax, postal mail and telephone. Most borrowers are
teachers and/or librarians (around 4,000 items and 1,500 borrowers).

Our most immediate need is for borrowers to reserve items via Internet
for issue (mostly) via postal service.

To that end, we need two discrete levels of user access to OPAC 
services:

 1. Public - browse only

 2. Members - Registered members authenticated via login using personal
username + password (NOT barcode). Members need to browse OPAC and make
on-line requests.

Currently, getting the service up and running is main priority.
Security of user data is non critical as the server will initially only
require population of resources database + user authentication data. The
full libaray database will not (yet) be exported to koha.

What I have done:

Isolated a sub-set of the koha *.pl files to provide a working
"development" environment for above.

on-line opac files are:
subjectsearch.pl detail.pl modrequest.pl   renewscript.pl  
reservereport.pl login.pl  moredetail.pl   request.pl
search.pl        moremember.pl             soupermail  

Most of the above have been minimally hacked - mostly to simplify the
user interface and remove admin features.

I have merged request.pl and placerequest.pl

I have created a login script to handle authentication login.pl

I have added javascript to opac-top.in to handle extended use of cookies
for authentication and tracking.

I am using "soupermail" ( soupermail.sourceforge.net ) for handling of
email requests.

All of the above has been done to enable testing and proof of concept.

I now need to modify tables for authentication.

I was thinking of adding "loginname" and  "password" to "borrowers" (the
existing "users" table doesn't seem to be appropriate to do that?).

Have the devel team given any consideration to how Internet
authentication to opac may be handled?

Any general suggestions or guidelines so that I don't stray too far away
from the intended approach (I assuming my own hacks will only be
required short term - until these features are part of the main koha
distro.)

Also, I'd obviously like to make whatever I do useful to the project.

I am only a perl beginner so not proposing any of the above would be
useful for the "official" development effort... but still very keen to
help in whatever way you might think would be most productive.

_Any_ feedback very gratefully appreciated.

Thanks.

R.