--- loncom/auth/lonauth.pm 2008/05/30 19:09:50 1.92
+++ loncom/auth/lonauth.pm 2008/10/01 11:11:08 1.95
@@ -1,7 +1,7 @@
# The LearningOnline Network
# User Authentication Module
#
-# $Id: lonauth.pm,v 1.92 2008/05/30 19:09:50 bisitz Exp $
+# $Id: lonauth.pm,v 1.95 2008/10/01 11:11:08 bisitz Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -122,11 +122,12 @@ sub failed {
{'no_inline_link' => 1,});
my $end_page = &Apache::loncommon::end_page();
&Apache::loncommon::content_type($r,'text/html');
+ sleep 1; # brute force counteraction: slow down attackers, which try to hack user authentication with automated scripts
$r->send_http_header;
$r->print(
$start_page
.''.&mt('Sorry ...').'
'
- .''.&mt($message).'
'
+ .''.&mt($message).'
'
.''.&mt('Please [_1]log in again[_2].'
,"{'uname'}&domain=$form->{'udom'}\">",'')
.'
'
@@ -212,6 +213,7 @@ sub handler {
my $role = $r->dir_config('lonRole');
my $domain = $r->dir_config('lonDefDomain');
my $prodir = $r->dir_config('lonUsersDir');
+ my $contact_name = &mt('LON-CAPA helpdesk');
# ---------------------------------------- Get the information from login token
@@ -230,6 +232,10 @@ sub handler {
return OK;
}
}
+ if (!&Apache::lonnet::domain($form{'udom'})) {
+ &failed($r,'The domain you provided is not a valid LON-CAPA domain.',\%form);
+ return OK;
+ }
my ($key,$firsturl)=split(/&/,$tmpinfo);
my $keybin=pack("H16",$key);
@@ -287,19 +293,21 @@ sub handler {
&Apache::loncommon::start_page('Create a user account in LON-CAPA',
'',{'no_inline_link' => 1,});
my $domdesc = &Apache::lonnet::domain($form{'udom'},'description');
- my ($output,$checkfail) = &Apache::createaccount::username_check($form{'uname'},
- $form{'udom'},$domdesc);
+ my $lonhost = $r->dir_config('lonHostID');
+ my $origmail = $Apache::lonnet::perlvar{'lonSupportEMail'};
+ my $contacts =
+ &Apache::loncommon::build_recipient_list(undef,'helpdeskmail',
+ $form{'udom'},$origmail);
+ my ($contact_email) = split(',',$contacts);
+ my $output = &Apache::createaccount::username_check($form{'uname'},
+ $form{'udom'},$domdesc,'',
+ $lonhost,$contact_email,$contact_name);
&Apache::loncommon::content_type($r,'text/html');
$r->send_http_header;
&Apache::createaccount::print_header($r,$start_page);
- my $msg = ''.&mt('Although your username and password were authenticated, you do not currently have a LON-CAPA account in this domain.').'
';
- if ($checkfail) {
- $msg .= &mt('A LON-CAPA account may not be created with the username you used.');
- } else {
- $msg .= &mt('To create one, use the table below to provide information about yourself (if appropriate), then click the "Create LON-CAPA account" button.');
- }
- $r->print(''.$msg.'
'.$output);
- $r->print(&Apache::loncommon::end_page());
+ $r->print(''.&mt('Account creation').'
'.
+ &mt('Although your username and password were authenticated, you do not currently have a LON-CAPA account at this institution.').'
'.
+ $output.&Apache::loncommon::end_page());
return OK;
} else {
&failed($r,'Although your username and password were authenticated, you do not currently have a LON-CAPA account in this domain, and you are not permitted to create one.',\%form);