--- loncom/interface/createaccount.pm 2008/06/27 16:08:42 1.6 +++ loncom/interface/createaccount.pm 2008/07/08 13:57:00 1.11 @@ -3,7 +3,7 @@ # institutional log-in ID (institutional authentication required - localauth # or kerberos) or an e-mail address. # -# $Id: createaccount.pm,v 1.6 2008/06/27 16:08:42 bisitz Exp $ +# $Id: createaccount.pm,v 1.11 2008/07/08 13:57:00 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -42,6 +42,7 @@ use Authen::Captcha; use DynaLoader; # for Crypt::DES version use Crypt::DES; use LONCAPA qw(:DEFAULT :match); +use HTML::Entities; sub handler { my $r = shift; @@ -106,7 +107,7 @@ sub handler { if (@cancreate == 0) { &print_header($r,$start_page); - my $output = &mt('Creation of a new user account using an e-mail address as username or a loginID from your institution is not permitted in the domain: [_1] ([_2]).',$domain,$domdesc); + my $output = &mt('Creation of a new user account using an e-mail address or an institutional log-in ID as username is not permitted in the domain: [_1] ([_2]).',$domain,$domdesc); $r->print($output); $r->print(&Apache::loncommon::end_page()); return OK; @@ -122,9 +123,13 @@ sub handler { my ($output,$msg); if (grep(/^sso$/,@cancreate)) { $msg = &mt("Although your username and password were authenticated by your institution's Single Sign On system, you do not currently have a LON-CAPA account in this domain."); - ($output, my $checkfail) = &username_check($sso_username,$domain,$domdesc,$courseid); - if ($checkfail) { + ($output, my $checkfail) = &username_check($sso_username,$domain, + $domdesc,$courseid, + $lonhost,$contact_email); + if ($checkfail eq 'username') { $msg .= &mt('A LON-CAPA account may not be created with the username you use.'); + } elsif ($checkfail eq 'authtoken') { + $msg .= &mt('Error creating token.'); } else { $msg .= &mt('To create one, use the table below to provide information about yourself (if appropriate), then click the "Create LON-CAPA account" button.'); } @@ -181,7 +186,8 @@ sub handler { $courseid); } elsif ($env{'form.phase'} eq 'username_validation') { $output = &username_validation($env{'form.uname'},$domain,$domdesc, - $contact_name,$contact_email,$courseid); + $contact_name,$contact_email,$courseid, + $lonhost); } elsif (!$token) { my $now=time; if (grep(/^login$/,@cancreate)) { @@ -245,7 +251,7 @@ ENDSCRIPT sub javascript_checkpass { my ($now) = @_; - my $nopass = &mt('You must enter a password'); + my $nopass = &mt('You must enter a password.'); my $mismatchpass = &mt('The passwords you entered did not match.').'\\n'. &mt('Please try again.'); my $js = <<"ENDSCRIPT"; @@ -284,7 +290,7 @@ sub print_username_form { my %domdefaults = &Apache::lonnet::get_domain_defaults($domain); if ((($domdefaults{'auth_def'} =~/^krb/) && ($domdefaults{'auth_arg_def'} ne '')) || ($domdefaults{'auth_def'} eq 'localauth')) { $output = '

'.&mt('Create account with a username provided by your institution').'

'; - $output .= &mt('If you already have a Log-in ID at your institution, you may be able to use it[_1] for LON-CAPA.','
').' '.&mt('Type in your Log-in ID and password to find out.').'

'; + $output .= &mt('If you already have a log-in ID at your institution,[_1] you may be able to use it for LON-CAPA.','
').'

'.&mt('Type in your log-in ID and password to find out.').'

'; my ($lkey,$ukey) = &Apache::lonpreferences::des_keys(); my ($lextkey,$uextkey) = &getkeys($lkey,$ukey); my $logtoken=Apache::lonnet::reply('tmpput:'.$ukey.$lkey.'&createaccount', @@ -314,7 +320,7 @@ sub print_username_form { if (grep(/^email$/,@{$cancreate})) { $output .= '

'.&mt('Create account with an e-mail address as your username').'

'; if (grep(/^login$/,@{$cancreate})) { - $output .= &mt('Provide your e-mail address to request a LON-CAPA account if you do not have [_1] a log-in ID at your institution.','
').'

'; + $output .= &mt('Provide your e-mail address to request a LON-CAPA account,[_1] if you do not have a log-in ID at your institution.','
').'

'; } else { $output .= '
'; } @@ -341,7 +347,7 @@ sub print_username_form { } } if ($output eq '') { - $output = &mt('Creation of a new user account using either an e-mail address or institutional log-in ID as your username is not permitted in the domain: [_1] ([_2])',$domain,$domdesc); + $output = &mt('Creation of a new user account using an e-mail address or an institutional log-in ID as your username is not permitted in the domain: [_1] ([_2])',$domain,$domdesc); } else { $output .= '
'; } @@ -436,17 +442,20 @@ sub send_token { if ($token !~ /^error/ && $token ne 'no_such_host') { my $esc_token = &escape($token); my $mailmsg = &mt('A request was submitted on [_1] for creation of a LON-CAPA account in the [_2] domain.',localtime(time),$domdesc).' '. - &mt('To complete this process please open a web browser and enter the following ". - "URL in the address/location box: ').&Apache::lonnet::absolute_url()."/adm/createaccount?token=$esc_token"; + &mt('To complete this process please open a web browser and enter the following' + .' URL in the address/location box: [_1]' + ,&Apache::lonnet::absolute_url().'/adm/createaccount?token='.$esc_token); my $result = &Apache::resetpw::send_mail($domdesc,$email,$mailmsg,$contact_name, $contact_email); if ($result eq 'ok') { $msg .= &mt('A message has been sent to the e-mail address you provided.').'
'.&mt('The message includes the web address for the link you will use to complete the account creation process.').'
'.&mt("The link included in the message will be valid for the next [_1]two[_2] hours.",'',''); } else { - $msg .= &mt('An error occurred when sending a message to the e-mail address you provided. Please contact the [_1] ([_2]) for assistance.',$contact_name,$contact_email); + $msg .= &mt('An error occurred when sending a message to the e-mail address you provided.') + .' '.&mt('Please contact the [_1] ([_2]) for assistance.',$contact_name,$contact_email); } } else { - $msg .= &mt('An error occurred creating a token required for the account creation process. Please contact the [_1] ([_2]) for assistance.',$contact_name,$contact_email); + $msg .= &mt('An error occurred creating a token required for the account creation process.') + .' '.&mt('Please contact the [_1] ([_2]) for assistance.',$contact_name,$contact_email); } return $msg; } @@ -458,7 +467,9 @@ sub process_mailtoken { my %data = &Apache::lonnet::tmpget($token); my $now = time; if (keys(%data) == 0) { - $msg = &mt('Sorry, the URL you provided to complete creation of a new LON-CAPA account was invalid. Either the token included in the URL has been deleted or the URL you provided was invalid. Please submit a new request for account creation and follow the link to the new URL included in the e-mail that will be sent to you.'); + $msg = &mt('Sorry, the URL you provided to complete creation of a new LON-CAPA account was invalid.') + .' '.&mt('Either the token included in the URL has been deleted or the URL you provided was invalid.') + .' '.&mt('Please submit a [_1]new request[_2] for account creation and follow the new link page included in the e-mail that will be sent to you.','',''); return $msg; } if (($data{'time'} =~ /^\d+$/) && @@ -486,7 +497,10 @@ sub process_mailtoken { $nostart = 1; $noend = 1; } else { - $msg .= &mt('A problem occurred when attempting to create your new LON-CAPA account').'
'.$output.&mt('Please contact the [_1] - ([_2]) for assistance.',$contact_name,$contact_email); + $msg .= &mt('A problem occurred when attempting to create your new LON-CAPA account.') + .'
'.$output +# .&mt('Please contact the [_1] ([_2]) for assistance.',$contact_name,''.$contact_email.''); + .&mt('Please contact the [_1] ([_2]) for assistance.',$contact_name,$contact_email); } my $delete = &Apache::lonnet::tmpdel($token); } else { @@ -495,10 +509,12 @@ sub process_mailtoken { $nostart = 1; } } else { - $msg = &mt('Sorry, the token generated when you requested creation of an account has expired. Please submit a new request, and follow the link to the web page included in the new e-mail that will be sent to you, to allow you to create the account.'); + $msg = &mt('Sorry, the token generated when you requested creation of an account has expired.') + .' '.&mt('Please submit a [_1]new request[_2] for account creation and follow the new link included in the e-mail that will be sent to you.','',''); } } else { - $msg .= &mt('Sorry, the URL generated when you requested creation of an account contained incomplete information. Please submit a new request for creation of an account, and use the new URL that will be sent to your e-mail address to complete the process.'); + $msg .= &mt('Sorry, the URL generated when you requested creation of an account contained incomplete information.') + .' '.&mt('Please submit a [_1]new request[_2] for account creation and follow the new link included in the e-mail that will be sent to you.','',''); } return ($msg,$nostart,$noend); } @@ -618,7 +634,7 @@ ENDSERVERFORM '
'; } else { - $output = &mt('Could not load javascript file [_1]','londes.js'); + $output = &mt('Could not load javascript file [_1]','londes.js'); } return $output; } @@ -628,7 +644,7 @@ sub create_account { my ($retrieved,$output,$upass) = &process_credentials($env{'form.logtoken'}, $env{'form.serverid'}); # Error messages - my $error = ''.&mt('Error').': '; + my $error = ''.&mt('Error:').' '; my $end = '

'; my $rtnlink = ''. &mt('Return to previous page').''. @@ -651,15 +667,15 @@ sub create_account { 'internal',$upass,$env{'form.cfirstname'}, $env{'form.cmiddlename'},$env{'form.clastname'}, $env{'form.cgeneration'},undef,undef,$username); - $output = &mt('Generating user').': '.$result; + $output = &mt('Generating user: [_1]',$result); my $uhome = &Apache::lonnet::homeserver($username,$domain); - $output .= '
'.&mt('Home server').': '.$uhome.' '. + $output .= '
'.&mt('Home server: [_1]',$uhome).' '. &Apache::lonnet::hostname($uhome).'

'; return ('ok',$output); } sub username_validation { - my ($username,$domain,$domdesc,$contact_name,$contact_email,$courseid) = @_; + my ($username,$domain,$domdesc,$contact_name,$contact_email,$courseid,$lonhost) = @_; my ($retrieved,$output,$upass); $username= &LONCAPA::clean_username($username); @@ -685,7 +701,8 @@ sub username_validation { $authok = 'non_authorized'; } if ($authok eq 'authorized') { - ($output,undef) = &username_check($username,$domain,$domdesc,$courseid); + ($output,undef) = &username_check($username,$domain,$domdesc, + $courseid,$lonhost,$contact_email); } else { $output = '
' .&mt('Username and/or password could not be authenticated.') @@ -697,7 +714,7 @@ sub username_validation { } sub username_check { - my ($username,$domain,$domdesc,$courseid) = @_; + my ($username,$domain,$domdesc,$courseid,$lonhost,$contact_email) = @_; my (%rulematch,%inst_results,$newuser,%alerts,%curr_rules,%got_rules); $newuser = 1; my $checkhash; @@ -715,7 +732,7 @@ sub username_check { &Apache::loncommon::user_rule_formats($domain,$domdesc, $curr_rules{$domain}{'username'},'username'); if ($userchkmsg) { - $checkfail = 1; + $checkfail = 'username'; } } return ($userchkmsg,$checkfail); @@ -723,13 +740,26 @@ sub username_check { } } my $submit_text = &mt('Create LON-CAPA account'); - # FIXME need a cookie to confirm credentials were validated. my $output = '
'. &Apache::loncreateuser::personal_data_display($username,$domain,1, undef,$inst_results{$username.':'.$domain}). '

'."\n". ''."\n". ''; + my $now = time; + my %info = ('ip' => $ENV{'REMOTE_ADDR'}, + 'time' => $now, + 'domain' => $domain, + 'username' => $username); + my $authtoken = &Apache::lonnet::tmpput(\%info,$lonhost); + if ($authtoken !~ /^error/ && $authtoken ne 'no_such_host') { + $output .= ''; + } else { + $output = &mt('An error occurred when storing a token').'
'. + &mt('You will not be able to proceed to the next stage of account creation'). + &linkto_email_help($contact_email,$domdesc); + return($output,'authtoken'); + } if ($courseid ne '') { $output .= ''; } @@ -741,12 +771,33 @@ sub username_check { sub username_activation { my ($r,$username,$domain,$domdesc,$lonhost,$courseid) = @_; my $output; - my $error = ''.&mt('Error').': '; + my $error = ''.&mt('Error:').' '; my $end = '

'; my $rtnlink = ''. &mt('Return to previous page').''. &Apache::loncommon::end_page(); my %domdefaults = &Apache::lonnet::get_domain_defaults($domain); + my %data = &Apache::lonnet::tmpget($env{'form.authtoken'}); + my $now = time; + my $earlyout; + my $timeout = 300; + if (keys(%data) == 0) { + $output = &mt('Sorry, your authentication has expired.'); + $earlyout = 'fail'; + } + if (($data{'time'} !~ /^\d+$/) || + ($data{'domain'} ne $domain) || + ($data{'username'} ne $username)) { + $earlyout = 'fail'; + $output = &mt('The credentials you provided could not be verified.'); + } elsif ($now - $data{'time'} > $timeout) { + $earlyout = 'fail'; + $output = &mt('Sorry, your authentication has expired.'); + } + if ($earlyout ne '') { + $output .= '
'.&mt('Please [_1]start again[_2].','',''); + return($earlyout,$output); + } if ((($domdefaults{'auth_def'} =~/^krb(4|5)$/) && ($domdefaults{'auth_arg_def'} ne '')) || ($domdefaults{'auth_def'} eq 'localauth')) { @@ -767,6 +818,7 @@ sub username_activation { $env{'form.cgeneration'},undef,undef, $env{'form.cpermanentemail'}); if ($result eq 'ok') { + my $delete = &Apache::lonnet::tmpdel($env{'form.authtoken'}); $output = &mt('A LON-CAPA account has been created for username: [_1] in domain: [_2].',$username,$domain); my %form = &start_session($r,$username,$domain,$lonhost,$courseid); my $nostart = 1; @@ -776,7 +828,7 @@ sub username_activation { return ('fail',$output); } } else { - $output = &mt("User account creation is not available for the current default authentication type.\n"); + $output = &mt('User account creation is not available for the current default authentication type.')."\n"; return('fail',$output); } } @@ -829,11 +881,18 @@ sub invalid_state { if ($msgtext) { $msg .= '
'.$msgtext; } + $msg .= &linkto_email_help($contact_email,$domdesc); + return $msg; +} + +sub linkto_email_help { + my ($contact_email,$domdesc) = @_; + my $msg; if ($contact_email ne '') { my $escuri = &HTML::Entities::encode('/adm/createaccount','&<>"'); - $msg .= '
'.&mt(' You may wish to contact the LON-CAPA helpdesk for the [_2] domain.',$escuri,$domdesc); + $msg .= '
'.&mt('You may wish to contact the [_1]LON-CAPA helpdesk[_2] for the [_3] domain.','','',$domdesc); } else { - $msg .= '
'.&mt(' You may wish to send an e-mail to the server administrator: [_1] for the [_2] domain.',$Apache::lonnet::perlvar{'AdminEmail'},$domdesc); + $msg .= '
'.&mt('You may wish to send an e-mail to the server administrator: [_1] for the [_2] domain.',$Apache::lonnet::perlvar{'AdminEmail'},$domdesc); } return $msg; } @@ -855,7 +914,7 @@ sub create_captcha { sub captcha_settings { my %captcha_params = ( - output_dir => "/home/httpd/html/captcha", + output_dir => $Apache::lonnet::perlvar{'lonDocRoot'}.'/captcha', www_output_dir => "/captcha", db_dir => "/home/www/captchadb", numchars => '5', @@ -894,7 +953,8 @@ sub process_credentials { my $tmpinfo=Apache::lonnet::reply('tmpget:'.$logtoken,$lonhost); my ($retrieved,$output,$upass); if (($tmpinfo=~/^error/) || ($tmpinfo eq 'con_lost')) { - $output = &mt('Information needed to retrieve your log-in information is missing, inaccessible or expired.').'
'.&mt('You may need to reload the previous page to obtain a new token.'); + $output = &mt('Information needed to verify your login information is missing, inaccessible or expired.') + .'
'.&mt('You may need to reload the previous page to obtain a new token.'); return ($retrieved,$output,$upass); } else { my $reply = &Apache::lonnet::reply('tmpdel:'.$logtoken,$lonhost); @@ -939,7 +999,7 @@ sub guest_format_check { $format_msg = '
'.&mt("Your e-mail address uses the same internet domain as your institution's LON-CAPA service.").'
'.&mt('Creation of a LON-CAPA account with this type of e-mail address as username is not permitted.').'
'; if (ref($cancreate) eq 'ARRAY') { if (grep(/^login$/,@{$cancreate})) { - $format_msg .= &mt('You should request creation of a LON-CAPA account for a Log-in ID of "[_1]" at your institution instead.',$login).'
'; + $format_msg .= &mt('You should request creation of a LON-CAPA account for a log-in ID of "[_1]" at your institution instead.',$login).'
'; } } }