--- loncom/interface/createaccount.pm 2012/05/17 17:41:48 1.49 +++ loncom/interface/createaccount.pm 2014/04/19 20:48:43 1.63 @@ -1,9 +1,10 @@ # The LearningOnline Network # Allow visitors to create a user account with the username being either an -# institutional log-in ID (institutional authentication required - localauth -# or kerberos) or an e-mail address. +# institutional log-in ID (institutional authentication required - localauth, +# kerberos, or SSO) or an e-mail address. Requests to use an e-mail address as +# username may be processed automatically, or may be queued for approval. # -# $Id: createaccount.pm,v 1.49 2012/05/17 17:41:48 www Exp $ +# $Id: createaccount.pm,v 1.63 2014/04/19 20:48:43 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -39,14 +40,11 @@ use Apache::lonhtmlcommon; use Apache::lonlocal; use Apache::lonauth; use Apache::resetpw; -use Authen::Captcha; use DynaLoader; # for Crypt::DES version use Crypt::DES; use LONCAPA qw(:DEFAULT :match); use HTML::Entities; -#TODO this module needs documentation - sub handler { my $r = shift; &Apache::loncommon::content_type($r,'text/html'); @@ -57,18 +55,34 @@ sub handler { my $domain; - my $sso_username = $r->subprocess_env->get('REDIRECT_SSOUserUnknown'); - my $sso_domain = $r->subprocess_env->get('REDIRECT_SSOUserDomain'); + my $sso_username = $r->subprocess_env->get('SSOUserUnknown'); + my $sso_domain = $r->subprocess_env->get('SSOUserDomain'); - &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},['token','courseid']); + &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'}, + ['token','courseid','domain','type']); &Apache::lonacc::get_posted_cgi($r); &Apache::lonlocal::get_language_handle($r); if ($sso_username ne '' && $sso_domain ne '') { $domain = $sso_domain; } else { - ($domain, undef) = Apache::lonnet::is_course($env{'form.courseid'}); - $domain ||= &Apache::lonnet::default_login_domain(); + ($domain, undef) = Apache::lonnet::is_course($env{'form.courseid'}); + unless ($domain) { + if ($env{'form.phase'} =~ /^username_(activation|validation)$/) { + if (($env{'form.udom'} =~ /^$match_domain$/) && + (&Apache::lonnet::domain($env{'form.udom'}) ne '')) { + $domain = $env{'form.udom'}; + } else { + $domain = &Apache::lonnet::default_login_domain(); + } + } elsif (($env{'form.phase'} eq '') && + ($env{'form.domain'} =~ /^$match_domain$/) && + (&Apache::lonnet::domain($env{'form.domain'}) ne '')) { + $domain = $env{'form.domain'}; + } else { + $domain = &Apache::lonnet::default_login_domain(); + } + } } my $domdesc = &Apache::lonnet::domain($domain,'description'); my $contact_name = &mt('LON-CAPA helpdesk'); @@ -88,7 +102,8 @@ sub handler { my $end_page = &Apache::loncommon::end_page(); $r->print($start_page."\n".'

'.&mt('You are already logged in').'

'. - '

'.&mt('Please either [_1]continue the current session[_2] or [_3]log out[_4].','','','',''). + '

'.&mt('Please either [_1]continue the current session[_2] or [_3]log out[_4].', + '','','',''). '

'.&mt('Login problems?').'

'.$end_page); return OK; } @@ -109,37 +124,40 @@ sub handler { my %domconfig = &Apache::lonnet::get_dom('configuration',['usercreation'],$domain); - my ($cancreate,$statustocreate) = + my ($cancreate,$statustocreate,$emailusername) = &get_creation_controls($domain,$domconfig{'usercreation'}); my ($result,$output) = &username_validation($r,$env{'form.uname'},$domain,$domdesc, $contact_name,$contact_email,$courseid, $lonhost,$statustocreate); - if ($result eq 'existingaccount') { + if ($result eq 'redirect') { + $r->internal_redirect('/adm/switchserver'); + return OK; + } elsif ($result eq 'existingaccount') { $r->print($output); &print_footer($r); return OK; } else { - $start_page = - &Apache::loncommon::start_page($title,$js); + $start_page = &Apache::loncommon::start_page($title,$js); &print_header($r,$start_page,$courseid); $r->print($output); &print_footer($r); return OK; } } - $start_page = - &Apache::loncommon::start_page($title,$js); + $start_page = &Apache::loncommon::start_page($title,$js); my %domconfig = &Apache::lonnet::get_dom('configuration',['usercreation'],$domain); - my ($cancreate,$statustocreate) = &get_creation_controls($domain,$domconfig{'usercreation'}); + my ($cancreate,$statustocreate,$emailusername) = + &get_creation_controls($domain,$domconfig{'usercreation'}); if (@{$cancreate} == 0) { &print_header($r,$start_page,$courseid); my $output = '

'.&mt('Account creation unavailable').'

'. ''. - &mt('Creation of a new user account using an e-mail address or an institutional log-in ID as username is not permitted at this institution ([_1]).',$domdesc).'

'; + &mt('Creation of a new user account using an e-mail address or an institutional log-in ID as username is not permitted at this institution ([_1]).',$domdesc). + '

'; $r->print($output); &print_footer($r); return OK; @@ -166,13 +184,17 @@ sub handler { return OK; } - my ($output,$nostart,$noend); + my ($output,$nostart,$noend,$redirect); my $token = $env{'form.token'}; if ($token) { - ($output,$nostart,$noend) = + ($output,$nostart,$noend,$redirect) = &process_mailtoken($r,$token,$contact_name,$contact_email,$domain, - $domdesc,$lonhost,$include,$start_page); - if ($nostart) { + $domdesc,$lonhost,$include,$start_page,$cancreate, + $domconfig{'usercreation'}); + if ($redirect) { + $r->internal_redirect('/adm/switchserver'); + return OK; + } elsif ($nostart) { if ($noend) { return OK; } else { @@ -191,8 +213,11 @@ sub handler { if ($env{'form.phase'} eq 'username_activation') { (my $result,$output,$nostart) = &username_activation($r,$env{'form.uname'},$domain,$domdesc, - $lonhost,$courseid); - if ($result eq 'ok') { + $courseid); + if ($result eq 'redirect') { + $r->internal_redirect('/adm/switchserver'); + return OK; + } elsif ($result eq 'ok') { if ($nostart) { return OK; } @@ -215,23 +240,32 @@ sub handler { } } elsif ($env{'form.create_with_email'}) { &print_header($r,$start_page,$courseid); - $output = &process_email_request($env{'form.useremail'},$domain,$domdesc, + my $usertype = &get_usertype($domain); + $output = &process_email_request($env{'form.uname'},$domain,$domdesc, $contact_name,$contact_email,$cancreate, $lonhost,$domconfig{'usercreation'}, - $courseid); + $emailusername,$courseid,$usertype); } elsif (!$token) { &print_header($r,$start_page,$courseid); my $now=time; + my $gotlondes; if (grep(/^login$/,@{$cancreate})) { - my $jsh=Apache::File->new($include."/londes.js"); - $r->print(<$jsh>); - $r->print(&javascript_setforms($now)); + if (open(my $jsh,"<$include/londes.js")) { + while(my $line = <$jsh>) { + $r->print($line); + } + close($jsh); + $r->print(&javascript_setforms($now)); + $gotlondes = 1; + } } - if (grep(/^email$/,@{$cancreate})) { + if (grep(/^email(|approval)$/,@{$cancreate})) { $r->print(&javascript_validmail()); } - $output = &print_username_form($domain,$domdesc,$cancreate,$now,$lonhost, - $courseid); + my $usertype = &get_usertype($domain); + $output = &print_username_form($r,$domain,$domdesc,$cancreate,$now,$lonhost, + $include,$courseid,$gotlondes,$emailusername, + $usertype); } $r->print($output); &print_footer($r); @@ -259,13 +293,29 @@ sub print_footer { $r->print('
'. &Apache::lonhtmlcommon::echo_form_input(['backto','logtoken', 'token','serverid','uname','upass','phase','create_with_email', - 'code','useremail','crypt','cfirstname','clastname', + 'code','crypt','cfirstname','clastname', + 'recaptcha_challenge_field','recaptcha_response_field', 'cmiddlename','cgeneration','cpermanentemail','cid']). '
'); } $r->print(&Apache::loncommon::end_page()); } +sub get_usertype { + my ($domain) = @_; + my $usertype = 'default'; + my ($othertitle,$usertypes,$types) = &Apache::loncommon::sorted_inst_types($domain); + if (ref($types) eq 'ARRAY') { + push(@{$types},'default'); + my $posstype = $env{'form.type'}; + $posstype =~ s/^\s+|\s$//g; + if (grep(/^\Q$posstype\E$/,@{$types})) { + $usertype = $posstype; + } + } + return $usertype; +} + sub selfenroll_crumbs { my ($r,$courseid,$desc) = @_; &Apache::lonhtmlcommon::add_breadcrumb @@ -278,7 +328,7 @@ sub selfenroll_crumbs { } my $last_crumb; if ($desc ne '') { - $last_crumb = &mt('Self-enroll in [_1]',"$desc"); + $last_crumb = &mt("Self-enroll in [_1]","'$desc'"); } else { $last_crumb = &mt('Self-enroll'); } @@ -290,53 +340,121 @@ sub selfenroll_crumbs { } sub javascript_setforms { - my ($now) = @_; - my $js = < - function send() { - this.document.server.elements.uname.value = this.document.client.elements.uname.value; - this.document.server.elements.udom.value = this.document.client.elements.udom.value; - uextkey=this.document.client.elements.uextkey.value; - lextkey=this.document.client.elements.lextkey.value; - initkeys(); - - this.document.server.elements.upass.value - = crypted(this.document.client.elements.upass$now.value); - - this.document.client.elements.uname.value=''; - this.document.client.elements.upass$now.value=''; + my ($now,$emailusername,$captcha,$usertype) = @_; + my ($setuserinfo,@required,$requiredchk); + if (ref($emailusername) eq 'HASH') { + if (ref($emailusername->{$usertype}) eq 'HASH') { + foreach my $key (sort(keys(%{$emailusername->{$usertype}}))) { + if ($emailusername->{$usertype}{$key} eq 'required') { + push(@required,$key); + } + $setuserinfo .= ' server.elements.'.$key.'.value=client.elements.'.$key.'.value;'."\n"; + } + $setuserinfo .= ' server.elements.type.value=client.elements.type.value;'."\n"; + } + if ($captcha eq 'original') { + $setuserinfo .= ' server.elements.code.value=client.elements.code.value;'."\n". + ' server.elements.crypt.value=client.elements.crypt.value;'."\n"; + } elsif ($captcha eq 'recaptcha') { + $setuserinfo .= + ' server.elements.recaptcha_challenge_field.value=client.elements.recaptcha_challenge_field.value;'."\n". + ' server.elements.recaptcha_response_field.value=client.elements.recaptcha_response_field.value;'."\n"; + } + } + if (@required) { + my $missprompt = &mt('One or more required fields are currently blank.'); + my $reqstr = join("','",@required); + $requiredchk = <<"ENDCHK"; + var requiredfields = new Array('$reqstr'); + missing = 0; + for (var i=0; i 0) { + alert("$missprompt"); + return false; + } - this.document.server.submit(); +ENDCHK + } + my $js = < +// +// ]]> + ENDSCRIPT return $js; } sub javascript_checkpass { - my ($now) = @_; + my ($now,$context) = @_; my $nopass = &mt('You must enter a password.'); my $mismatchpass = &mt('The passwords you entered did not match.').'\\n'. &mt('Please try again.'); my $js = <<"ENDSCRIPT"; - ENDSCRIPT return $js; @@ -348,10 +466,11 @@ sub javascript_validmail { notv => 'is not a valid e-mail address', ); my $output = "\n".''."\n"; + $output .= "\n".'// ]]>'."\n".''."\n"; return $output; } sub print_username_form { - my ($domain,$domdesc,$cancreate,$now,$lonhost,$courseid) = @_; - my %lt = &Apache::lonlocal::texthash( + my ($r,$domain,$domdesc,$cancreate,$now,$lonhost,$include,$courseid,$gotlondes,$emailusername, + $usertype) = @_; + my %lt = &Apache::lonlocal::texthash ( unam => 'username', udom => 'domain', uemail => 'E-mail address in LON-CAPA', - proc => 'Proceed'); + proc => 'Proceed', + crac => 'Create account with a username provided by this institution', + clca => 'Create LON-CAPA account', + type => 'Type in your log-in ID and password to find out.', + plse => 'Please provide a password for your new account.', + info => 'Please provide user information and a password for your new account.', + yopw => 'Your password will be encrypted when sent (and stored).', + ); my $output; if (ref($cancreate) eq 'ARRAY') { if (grep(/^login$/,@{$cancreate})) { my %domdefaults = &Apache::lonnet::get_domain_defaults($domain); if ((($domdefaults{'auth_def'} =~/^krb/) && ($domdefaults{'auth_arg_def'} ne '')) || ($domdefaults{'auth_def'} eq 'localauth')) { - $output = '

'.&mt('Create account with a username provided by this institution').'

'; - my $submit_text = &mt('Create LON-CAPA account'); - $output .= &mt('If you already have a log-in ID at this institution,[_1] you may be able to use it for LON-CAPA.','
').'

'.&mt('Type in your log-in ID and password to find out.').'

'; - $output .= &login_box($now,$lonhost,$courseid,$submit_text, + $output = '

'.$lt{'crac'}.'

'; + $output .= &mt('If you already have a log-in ID at this institution [_1]you may be able to use it for LON-CAPA.','
'). + '

'. + $lt{'type'}. + '

'; + $output .= &login_box($now,$lonhost,$courseid,$lt{'clca'}, $domain,'createaccount').'
'; } } - if (grep(/^email$/,@{$cancreate})) { + if (grep(/^email(|approval)$/,@{$cancreate})) { $output .= '

'.&mt('Create account with an e-mail address as your username').'

'; - my $captchaform = &create_captcha(); - if ($captchaform) { - my $submit_text = &mt('Request LON-CAPA account'); - my $emailform = ''; - if (grep(/^login$/,@{$cancreate})) { - $output .= &mt('Provide your e-mail address to request a LON-CAPA account,[_1] if you do not have a log-in ID at your institution.','
').'

'; - } else { - $output .= '
'; - } - $output .= '
'. - &Apache::lonhtmlcommon::start_pick_box()."\n". - &Apache::lonhtmlcommon::row_title(&mt('E-mail address'), - 'LC_pick_box_title')."\n". - $emailform."\n". - &Apache::lonhtmlcommon::row_closure(1). - &Apache::lonhtmlcommon::row_title(&mt('Validation'), - 'LC_pick_box_title')."\n". - $captchaform."\n".'

'; - if ($courseid ne '') { - $output .= ''."\n"; - } - $output .= &Apache::lonhtmlcommon::row_closure(1). - &Apache::lonhtmlcommon::row_title().'
'. - ''. - &Apache::lonhtmlcommon::row_closure(1). - &Apache::lonhtmlcommon::end_pick_box().'

'; - if ($courseid ne '') { - $output .= &Apache::lonhtmlcommon::echo_form_input(['courseid']); - } - $output .= '
'; - } else { + my ($captchaform,$error,$captcha) = &Apache::loncommon::captcha_display('usercreation',$lonhost); + if ($error) { my $helpdesk = '/adm/helpdesk?origurl=%2fadm%2fcreateaccount'; if ($courseid ne '') { $helpdesk .= '&courseid='.$courseid; } - $output .= ''.&mt('An error occurred generating the validation code[_1] required for an e-mail address to be used as username.','
').'

'.&mt('[_1]Contact the helpdesk[_2] or [_3]reload[_2] the page and try again.','','',''); + $output .= ''. + &mt('An error occurred generating the validation code[_1] required for an e-mail address to be used as username.','
'). + '

'. + &mt('[_1]Contact the helpdesk[_2] or [_3]reload[_2] the page and try again.', + '','',''); + } else { + if (grep(/^login$/,@{$cancreate})) { + $output .= &mt('If you do not have a log-in ID at your institution, [_1]provide your e-mail address to request a LON-CAPA account.','
').'

'. + $lt{'plse'}.'
'. + $lt{'yopw'}.'
'; + } else { + my $prompt = $lt{'plse'}; + if (ref($emailusername) eq 'HASH') { + if (ref($emailusername->{$usertype}) eq 'HASH') { + if (keys(%{$emailusername->{$usertype}}) > 0) { + $prompt = $lt{'info'}; + } + } + } + $output .= $prompt.'
'. + $lt{'yopw'}.'
'; + } + $output .= &print_dataentry_form($r,$domain,$lonhost,$include,$now,$captchaform, + $courseid,$gotlondes,$emailusername,$captcha, + $usertype); } $output .= '
'; } @@ -440,14 +563,14 @@ sub login_box { createaccount => 'Log-in ID', selfenroll => 'Username', ); - my ($lkey,$ukey) = &Apache::lonpreferences::des_keys(); + my ($lkey,$ukey) = &Apache::loncommon::des_keys(); my ($lextkey,$uextkey) = &getkeys($lkey,$ukey); my $logtoken=Apache::lonnet::reply('tmpput:'.$ukey.$lkey.'&createaccount:createaccount', $lonhost); $output = &serverform($logtoken,$lonhost,undef,$courseid,$context); - my $unameform = ''; - my $upassform = ''; - $output .= '
'."\n". + my $unameform = ''; + my $upassform = ''; + $output .= ''."\n". &Apache::lonhtmlcommon::start_pick_box()."\n". &Apache::lonhtmlcommon::row_title($titles{$context}, 'LC_pick_box_title')."\n". @@ -486,11 +609,10 @@ sub login_box { sub process_email_request { my ($useremail,$domain,$domdesc,$contact_name,$contact_email,$cancreate, - $server,$settings,$courseid) = @_; - $useremail = $env{'form.useremail'}; + $server,$settings,$emailusername,$courseid,$usertype) = @_; my $output; if (ref($cancreate) eq 'ARRAY') { - if (!grep(/^email$/,@{$cancreate})) { + if (!grep(/^email(|approval)$/,@{$cancreate})) { $output = &invalid_state('noemails',$domdesc, $contact_name,$contact_email); return $output; @@ -499,58 +621,49 @@ sub process_email_request { $contact_name,$contact_email); return $output; } else { + $useremail =~ s/^\s+|\s+$//g; + my $uname=&LONCAPA::clean_username($useremail); + if ($useremail ne $uname) { + $output = &invalid_state('badusername',$domdesc, + $contact_name,$contact_email); + return $output; + } my $uhome = &Apache::lonnet::homeserver($useremail,$domain); if ($uhome ne 'no_host') { $output = &invalid_state('existinguser',$domdesc, $contact_name,$contact_email); return $output; } else { - my $code = $env{'form.code'}; - my $md5sum = $env{'form.crypt'}; - my %captcha_params = &captcha_settings(); - my $captcha = Authen::Captcha->new( - output_folder => $captcha_params{'output_dir'}, - data_folder => $captcha_params{'db_dir'}, - ); - my $captcha_chk = $captcha->check_code($code,$md5sum); - my %captcha_hash = ( - 0 => 'Code not checked (file error)', - -1 => 'Failed: code expired', - -2 => 'Failed: invalid code (not in database)', - -3 => 'Failed: invalid code (code does not match crypt)', - ); + my ($captcha_chk,$captcha_error) = &Apache::loncommon::captcha_response('usercreation',$server); if ($captcha_chk != 1) { $output = &invalid_state('captcha',$domdesc,$contact_name, - $contact_email,$captcha_hash{$captcha_chk}); + $contact_email,$captcha_error); return $output; } - my $uhome=&Apache::lonnet::homeserver($useremail,$domain); - if ($uhome eq 'no_host') { - my (%rulematch,%inst_results,%curr_rules,%got_rules,%alerts); - &call_rulecheck($useremail,$domain,\%alerts,\%rulematch, - \%inst_results,\%curr_rules,\%got_rules,'username'); - if (ref($alerts{'username'}) eq 'HASH') { - if (ref($alerts{'username'}{$domain}) eq 'HASH') { - if ($alerts{'username'}{$domain}{$useremail}) { - $output = &invalid_state('userrules',$domdesc, - $contact_name,$contact_email); - return $output; - } + my (%rulematch,%inst_results,%curr_rules,%got_rules,%alerts); + &call_rulecheck($useremail,$domain,\%alerts,\%rulematch, + \%inst_results,\%curr_rules,\%got_rules,'username'); + if (ref($alerts{'username'}) eq 'HASH') { + if (ref($alerts{'username'}{$domain}) eq 'HASH') { + if ($alerts{'username'}{$domain}{$useremail}) { + $output = &invalid_state('userrules',$domdesc, + $contact_name,$contact_email); + return $output; } } - my $format_msg = - &guest_format_check($useremail,$domain,$cancreate, - $settings); - if ($format_msg) { - $output = &invalid_state('userformat',$domdesc,$contact_name, - $contact_email,$format_msg); - return $output; - } + } + my $format_msg = + &guest_format_check($useremail,$domain,$cancreate, + $settings); + if ($format_msg) { + $output = &invalid_state('userformat',$domdesc,$contact_name, + $contact_email,$format_msg); + return $output; } } } $output = &send_token($domain,$useremail,$server,$domdesc,$contact_name, - $contact_email,$courseid); + $contact_email,$courseid,$emailusername,$usertype); } return $output; } @@ -570,86 +683,130 @@ sub call_rulecheck { } sub send_token { - my ($domain,$email,$server,$domdesc,$contact_name,$contact_email,$courseid) = @_; + my ($domain,$email,$server,$domdesc,$contact_name,$contact_email,$courseid,$emailusername, + $usertype) = @_; my $msg = '

'.&mt('Account creation status').'

'. &mt('Thank you for your request to create a new LON-CAPA account.'). '

'; my $now = time; - my %info = ('ip' => $ENV{'REMOTE_ADDR'}, - 'time' => $now, - 'domain' => $domain, - 'username' => $email, - 'courseid' => $courseid); - my $token = &Apache::lonnet::tmpput(\%info,$server,'createaccount'); - if ($token !~ /^error/ && $token ne 'no_such_host') { - my $esc_token = &escape($token); - my $showtime = localtime(time); - my $mailmsg = &mt('A request was submitted on [_1] for creation of a LON-CAPA account at the following institution: [_2].',$showtime,$domdesc).' '. - &mt('To complete this process please open a web browser and enter the following URL in the address/location box: [_1]', - &Apache::lonnet::absolute_url().'/adm/createaccount?token='.$esc_token); - my $result = &Apache::resetpw::send_mail($domdesc,$email,$mailmsg,$contact_name, - $contact_email); - if ($result eq 'ok') { - $msg .= &mt('A message has been sent to the e-mail address you provided.').'
'.&mt('The message includes the web address for the link you will use to complete the account creation process.').'
'.&mt("The link included in the message will be valid for the next [_1]two[_2] hours.",'',''); + $env{'form.logtoken'} =~ s/(`)//g; + if ($env{'form.logtoken'}) { + my $logtoken = $env{'form.logtoken'}; + my $tmpinfo=Apache::lonnet::reply('tmpget:'.$logtoken,$server); + if (($tmpinfo=~/^error/) || ($tmpinfo eq 'con_lost')) { + $msg = &mt('Information needed to process your request is missing, inaccessible or expired.') + .'
'.&mt('Return to the previous page to try again.'); + } else { + my $reply = &Apache::lonnet::reply('tmpdel:'.$logtoken,$server); + unless ($reply eq 'ok') { + $msg .= &mt('Request could not be processed.'); + } + } + my %info = ('ip' => $ENV{'REMOTE_ADDR'}, + 'time' => $now, + 'domain' => $domain, + 'username' => $email, + 'courseid' => $courseid, + 'upass' => $env{'form.upass'}, + 'serverid' => $env{'form.serverid'}, + 'tmpinfo' => $tmpinfo); + + if (ref($emailusername) eq 'HASH') { + if (ref($emailusername->{$usertype}) eq 'HASH') { + foreach my $item (keys(%{$emailusername->{$usertype}})) { + $info{$item} = $env{'form.'.$item}; + $info{$item} =~ s/(`)//g; + } + unless ($usertype eq 'default') { + $info{'inststatus'} = $usertype; + } + } + } + my $token = &Apache::lonnet::tmpput(\%info,$server,'createaccount'); + if ($token !~ /^error/ && $token ne 'no_such_host') { + my $esc_token = &escape($token); + my $showtime = localtime(time); + my $mailmsg = &mt('A request was submitted on [_1] for creation of a LON-CAPA account at the following institution: [_2].',$showtime,$domdesc).' '. + &mt('To complete this process please open a web browser and enter the following URL in the address/location box: [_1]', + &Apache::lonnet::absolute_url().'/adm/createaccount?token='.$esc_token); + my $result = &Apache::resetpw::send_mail($domdesc,$email,$mailmsg,$contact_name, + $contact_email); + if ($result eq 'ok') { + $msg .= &mt('A message has been sent to the e-mail address you provided.').'
'. + &mt('The message includes the web address for the link you will use to complete the account creation process.').'
'. + &mt("The link included in the message will be valid for the next [_1]two[_2] hours.",'',''); + } else { + $msg .= ''. + &mt('An error occurred when sending a message to the e-mail address you provided.').'
'. + ' '.&mt('Please contact the [_1] ([_2]) for assistance.',$contact_name,$contact_email); + } } else { $msg .= ''. - &mt('An error occurred when sending a message to the e-mail address you provided.').'
'. + &mt('An error occurred creating a token required for the account creation process.').'
'. ' '.&mt('Please contact the [_1] ([_2]) for assistance.',$contact_name,$contact_email); } } else { - $msg .= ''. - &mt('An error occurred creating a token required for the account creation process.').'
'. - ' '.&mt('Please contact the [_1] ([_2]) for assistance.',$contact_name,$contact_email); + $msg .= $msg = &mt('Information needed to process your request is missing, inaccessible or expired.') + .'
'.&mt('Return to the previous page to try again.'); + } return $msg; } sub process_mailtoken { my ($r,$token,$contact_name,$contact_email,$domain,$domdesc,$lonhost, - $include,$start_page) = @_; - my ($msg,$nostart,$noend); + $include,$start_page,$cancreate,$settings) = @_; + my ($msg,$nostart,$noend,$redirect); my %data = &Apache::lonnet::tmpget($token); my $now = time; if (keys(%data) == 0) { $msg = &mt('Sorry, the URL you provided to complete creation of a new LON-CAPA account was invalid.') .' '.&mt('Either the token included in the URL has been deleted or the URL you provided was invalid.') - .' '.&mt('Please submit a [_1]new request[_2] for account creation and follow the new link page included in the e-mail that will be sent to you.','',''); + .' '.&mt('Please submit a [_1]new request[_2] for account creation and follow the new link page included in the e-mail that will be sent to you.', + '',''); return $msg; } if (($data{'time'} =~ /^\d+$/) && ($data{'domain'} ne '') && ($data{'username'} =~ /^[^\@]+\@[^\@]+\.[^\@\.]+$/)) { if ($now - $data{'time'} < 7200) { - if ($env{'form.phase'} eq 'createaccount') { - my ($result,$output) = &create_account($r,$domain,$lonhost, - $data{'username'},$domdesc); - if ($result eq 'ok') { - $msg = $output; - my $shownow = &Apache::lonlocal::locallocaltime($now); - my $mailmsg = &mt('A LON-CAPA account for the institution: [_1] has been created [_2] from IP address: [_3]. If you did not perform this action or authorize it, please contact the [_4] ([_5]).',$domdesc,$shownow,$ENV{'REMOTE_ADDR'},$contact_name,$contact_email)."\n"; - my $mailresult = &Apache::resetpw::send_mail($domdesc,$data{'email'}, - $mailmsg,$contact_name, - $contact_email); - if ($mailresult eq 'ok') { - $msg .= &mt('An e-mail confirming creation of your new LON-CAPA account has been sent to [_1].',$data{'username'}); +# Check if request should be queued. + if (ref($cancreate) eq 'ARRAY') { + if (grep(/^email$/,@{$cancreate})) { + my ($result,$output,$uhome) = + &create_account($r,$domain,$domdesc,\%data); + if ($result eq 'ok') { + $msg = $output; + my $shownow = &Apache::lonlocal::locallocaltime($now); + my $mailmsg = &mt('A LON-CAPA account for the institution: [_1] has been created [_2] from IP address: [_3]. If you did not perform this action or authorize it, please contact the [_4] ([_5]).',$domdesc,$shownow,$ENV{'REMOTE_ADDR'},$contact_name,$contact_email)."\n"; + my $mailresult = &Apache::resetpw::send_mail($domdesc,$data{'email'}, + $mailmsg,$contact_name, + $contact_email); + if ($mailresult eq 'ok') { + $msg .= &mt('An e-mail confirming creation of your new LON-CAPA account has been sent to [_1].',$data{'username'}); + } else { + $msg .= &mt('An error occurred when sending e-mail to [_1] confirming creation of your LON-CAPA account.',$data{'username'}); + } + $redirect = &start_session($r,$data{'username'},$domain,$uhome, + $data{'courseid'},$token); + $nostart = 1; + $noend = 1; } else { - $msg .= &mt('An error occurred when sending e-mail to [_1] confirming creation of your LON-CAPA account.',$data{'username'}); + $msg .= &mt('A problem occurred when attempting to create your new LON-CAPA account.') + .'
'.$output; + if (($contact_name ne '') && ($contact_email ne '')) { + $msg .= &mt('Please contact the [_1] ([_2]) for assistance.',$contact_name,$contact_email); + } } - &start_session($r, $data{'username'}, $domain, $lonhost, - $data{'courseid'}, $token); - $nostart = 1; - $noend = 1; + my $delete = &Apache::lonnet::tmpdel($token); + } elsif (grep(/^emailapproval$/,@{$cancreate})) { + $msg = &store_request($domain,$data{'username'},'approval',\%data,$settings); + my $delete = &Apache::lonnet::tmpdel($token); } else { - $msg .= &mt('A problem occurred when attempting to create your new LON-CAPA account.') - .'
'.$output -# .&mt('Please contact the [_1] ([_2]) for assistance.',$contact_name,''.$contact_email.''); - .&mt('Please contact the [_1] ([_2]) for assistance.',$contact_name,$contact_email); + $msg = &invalid_state('noemails',$domdesc,$contact_name,$contact_email); } - my $delete = &Apache::lonnet::tmpdel($token); } else { - $msg .= &mt('Please provide user information and a password for your new account.').'
'.&mt('Your password, which must contain at least seven characters, will be sent to the LON-CAPA server in an encrypted form.').'
'; - $msg .= &print_dataentry_form($r,$domain,$lonhost,$include,$token,$now,$data{'username'},$start_page); - $nostart = 1; + $msg = &invalid_state('noemails',$domdesc,$contact_name,$contact_email); } } else { $msg = &mt('Sorry, the token generated when you requested creation of an account has expired.') @@ -659,23 +816,23 @@ sub process_mailtoken { $msg .= &mt('Sorry, the URL generated when you requested creation of an account contained incomplete information.') .' '.&mt('Please submit a [_1]new request[_2] for account creation and follow the new link included in the e-mail that will be sent to you.','',''); } - return ($msg,$nostart,$noend); + return ($msg,$nostart,$noend,$redirect); } sub start_session { - my ($r, $username, $domain, $lonhost, $courseid, $token) = @_; + my ($r,$username,$domain,$uhome,$courseid,$token) = @_; if ($r->dir_config('lonBalancer') eq 'yes') { - Apache::lonauth::success($r, $username, $domain, $lonhost, + Apache::lonauth::success($r, $username, $domain, $uhome, 'noredirect', undef, {}); Apache::lonnet::tmpdel($token) if $token; - $r->internal_redirect('/adm/switchserver'); + return 'redirect'; } else { $courseid = Apache::lonnet::is_course($courseid); - Apache::lonauth::success($r, $username, $domain, $lonhost, + Apache::lonauth::success($r, $username, $domain, $uhome, ($courseid ? "/adm/selfenroll?courseid=$courseid" : '/adm/roles'), undef, {}); } @@ -683,76 +840,81 @@ sub start_session { return; } - +# +# The screen that the user gets to create his or her account +# Desired username, desired password, etc +# Stores token to store DES-key and stage during creation session +# sub print_dataentry_form { - my ($r,$domain,$lonhost,$include,$mailtoken,$now,$username,$start_page) = @_; + my ($r,$domain,$lonhost,$include,$now,$captchaform,$courseid,$gotlondes,$emailusername,$captcha, + $usertype) = @_; my ($error,$output); - &print_header($r,$start_page); - if (open(my $jsh,"<$include/londes.js")) { - while(my $line = <$jsh>) { - $r->print($line); - } - close($jsh); - $output .= &javascript_setforms($now)."\n".&javascript_checkpass($now); - my ($lkey,$ukey) = &Apache::lonpreferences::des_keys(); + unless ($gotlondes) { + if (open(my $jsh,"<$include/londes.js")) { + while(my $line = <$jsh>) { + $r->print($line); + } + close($jsh); + $output = &javascript_setforms($now,$emailusername,$captcha,$usertype)."\n"; + $gotlondes = 1; + } + } + if ($gotlondes) { + $output .= &javascript_checkpass($now,'email'); + my ($lkey,$ukey) = &Apache::loncommon::des_keys(); my ($lextkey,$uextkey) = &getkeys($lkey,$ukey); my $logtoken=Apache::lonnet::reply('tmpput:'.$ukey.$lkey.'&createaccount:createaccount', $lonhost); - my $formtag = ''; - my ($datatable,$rowcount) = - &Apache::loncreateuser::personal_data_display($username,$domain, - 'email','selfcreate'); - if ($rowcount) { - $output .= '
'.$formtag.$datatable; - } else { - $output .= $formtag; + $output .= + ''; + if ($courseid ne '') { + $output .= ''."\n"; + } + if (ref($emailusername) eq 'HASH') { + if (ref($emailusername->{$usertype}) eq 'HASH') { + foreach my $field (sort(keys(%{$emailusername->{$usertype}}))) { + $output .= ''."\n"; + } + $output .= ''."\n"; + } + } + if ($captcha eq 'original') { + $output .= ' + + +'; + } elsif ($captcha eq 'recaptcha') { + $output .= ' + + +'; } $output .= <<"ENDSERVERFORM"; - + ENDSERVERFORM + my $beginclientform = '
'."\n"; + my $endclientform = ''."\n". + ''."\n". + ''."\n". + '
'."\n". + '

'.&mt('Fields marked [_1]*[_2] are required.','','').'

'; + my ($datatable,$rowcount) = + &Apache::loncreateuser::personal_data_display('',$domain,'email','selfcreate', + '','',$now,$captchaform, + $emailusername,$usertype); if ($rowcount) { - $output .= '
'. - '
'; + $output .= '
'.$beginclientform.$datatable.$endclientform; + } else { + $output .= $beginclientform.$endclientform; } - my $upassone = ''; - my $upasstwo = ''; - my $submit_text = &mt('Create LON-CAPA account'); - $output .= '

'.&mt('Login Data').'

'."\n". - '
'."\n". - &Apache::lonhtmlcommon::start_pick_box()."\n". - &Apache::lonhtmlcommon::row_title(&mt('Username'), - 'LC_pick_box_title', - 'LC_oddrow_value')."\n". - $username."\n". - &Apache::lonhtmlcommon::row_closure(1)."\n". - &Apache::lonhtmlcommon::row_title(&mt('Password'), - 'LC_pick_box_title', - 'LC_oddrow_value')."\n". - $upassone."\n". - &Apache::lonhtmlcommon::row_closure(1)."\n". - &Apache::lonhtmlcommon::row_title(&mt('Confirm password'), - 'LC_pick_box_title', - 'LC_oddrow_value')."\n". - $upasstwo. - &Apache::lonhtmlcommon::row_closure(1)."\n". - &Apache::lonhtmlcommon::row_title()."\n". - '
'. - &Apache::lonhtmlcommon::row_closure(1)."\n". - &Apache::lonhtmlcommon::end_pick_box()."\n". - ''."\n". - ''."\n". - ''."\n". - ''."\n". - '
'; if ($rowcount) { $output .= '
'."\n". '
'."\n"; @@ -763,9 +925,13 @@ ENDSERVERFORM return $output; } +# +# Retrieve rules for generating accounts from domain configuration +# Can the user make a new account or just self-enroll? + sub get_creation_controls { my ($domain,$usercreation) = @_; - my (@cancreate,@statustocreate); + my (@cancreate,@statustocreate,$emailusername); if (ref($usercreation) eq 'HASH') { if (ref($usercreation->{'cancreate'}) eq 'HASH') { if (ref($usercreation->{'cancreate'}{'statustocreate'}) eq 'ARRAY') { @@ -795,71 +961,153 @@ sub get_creation_controls { ($usercreation->{'cancreate'}{'selfcreate'} ne '')) { @cancreate = ($usercreation->{'cancreate'}{'selfcreate'}); } + if (ref($usercreation->{'cancreate'}{'emailusername'}) eq 'HASH') { + $emailusername = $usercreation->{'cancreate'}{'emailusername'}; + } else { + $emailusername = {'lastname' => '1', 'firstname' => 1, }; + } } } - return (\@cancreate,\@statustocreate); + return (\@cancreate,\@statustocreate,$emailusername); } sub create_account { - my ($r,$domain,$lonhost,$username,$domdesc) = @_; - my ($retrieved,$output,$upass) = &process_credentials($env{'form.logtoken'}, - $env{'form.serverid'}); - # Error messages - my $error = ''.&mt('Error:').' '; - my $end = '

'; - my $rtnlink = ''. + my ($r,$domain,$domdesc,$dataref) = @_; + my $error = ''.&mt('Error:').' '; + my $end = '

'; + my $rtnlink = ''. &mt('Return to previous page').''. &Apache::loncommon::end_page(); - if ($retrieved eq 'ok') { - if ($env{'form.courseid'} ne '') { - my ($result,$userchkmsg) = &check_id($username,$domain,$domdesc); - if ($result eq 'fail') { - $output = $error.&mt('Invalid ID format').$end. - $userchkmsg.$rtnlink; - return ('fail',$output); + my $output; + if (ref($dataref) eq 'HASH') { + my ($username,$encpass,$serverid,$courseid,$id,$firstname,$middlename,$lastname, + $generation,$inststatus); + $username = $dataref->{'username'}; + $encpass = $dataref->{'upass'}; + $serverid = $dataref->{'serverid'}; + $courseid = $dataref->{'courseid'}; + $id = $dataref->{'id'}; + $firstname = $dataref->{'firstname'}; + $middlename = $dataref->{'middlename'}; + $lastname = $dataref->{'lastname'}; + $generation = $dataref->{'generation'}; + $inststatus = $dataref->{'inststatus'}; + + my $currhome = &Apache::lonnet::homeserver($username,$domain); + unless ($currhome eq 'no_host') { + $output = &mt('User account requested for username: [_1] in domain: [_2] already exists.',$username,$domain); + return ('fail',$error.$output.$end.$rtnlink); + } + +# Split the logtoken to retrieve the DES key and decrypt the encypted password + + my ($key,$caller)=split(/&/,$dataref->{'tmpinfo'}); + if ($caller eq 'createaccount') { + my $upass = &Apache::loncommon::des_decrypt($key,$encpass); + +# See if we are allowed to use the proposed student/employee ID, +# as per domain rules; if not, student/employee will be left blank. + + if ($id ne '') { + my ($result,$userchkmsg) = &check_id($username,$domain,$id,$domdesc,'email'); + if ($result eq 'fail') { + $output = $error.&mt('Invalid ID format').$end. + $userchkmsg; + undef($id); + } + } + +# Create an internally authenticated account with password $upass +# if the user account does not already exist. +# Assign student/employee id, first name, last name, etc. + + my $result = + &Apache::lonnet::modifyuser($domain,$username,$id, + 'internal',$upass,$firstname,$middlename, + $lastname,$generation,undef,undef,$username); + $output = &mt('Generating user: [_1]',$result); + +# Now that the user account exists, retrieve the homeserver, and include it in the output. + + my $uhome = &Apache::lonnet::homeserver($username,$domain); + unless (($inststatus eq 'default') || ($inststatus eq '')) { + &Apache::lonnet::put('environment',{inststatus => $inststatus},$domain,$username); } + $output .= '
'.&mt('Home server: [_1]',$uhome).' '. + &Apache::lonnet::hostname($uhome).'

'; + return ('ok',$output,$uhome); + } else { + $output = &mt('Unable to retrieve your account creation information - unexpected context'); + undef($encpass); + return ('fail',$error.$output.$end.$rtnlink); } } else { + $output = &mt('Unable to retrieve information for your account request.'); return ('fail',$error.$output.$end.$rtnlink); } - # Call modifyuser - my $result = - &Apache::lonnet::modifyuser($domain,$username,$env{'form.cid'}, - 'internal',$upass,$env{'form.cfirstname'}, - $env{'form.cmiddlename'},$env{'form.clastname'}, - $env{'form.cgeneration'},undef,undef,$username); - $output = &mt('Generating user: [_1]',$result); - my $uhome = &Apache::lonnet::homeserver($username,$domain); - $output .= '
'.&mt('Home server: [_1]',$uhome).' '. - &Apache::lonnet::hostname($uhome).'

'; - return ('ok',$output); } sub username_validation { my ($r,$username,$domain,$domdesc,$contact_name,$contact_email,$courseid, $lonhost,$statustocreate) = @_; +# $r: request object # $username,$domain: for the user who needs to be validated # $domdesc: full name of the domain (for error messages) -# $contact_name, $contact_email: name and email for user assistance (for error messages in &username_check -# $courseid: ID of the course that the user should be validated for, goes into start_session +# $contact_name, $contact_email: name and email for user assistance (for error messages in &username_check) +# $courseid: ID of the course if user came to username_validation via self-enroll link, +# passed to start_session() +# $lonhost: LON-CAPA lonHostID # $statustocreate: -> inststatus in username_check ('faculty', 'staff', 'student', ...) - my ($retrieved,$output,$upass); - +# +# Sanitize incoming username and domain +# $username= &LONCAPA::clean_username($username); $domain = &LONCAPA::clean_domain($domain); + +# +# Check if LON-CAPA account already exists for $username:$domain +# my $uhome = &Apache::lonnet::homeserver($username,$domain); - ($retrieved,$output,$upass) = &process_credentials($env{'form.logtoken'}, - $env{'form.serverid'}); - if ($retrieved ne 'ok') { + my $output; + +# Retrieve DES key from server using logtoken + + my $tmpinfo=Apache::lonnet::reply('tmpget:'.$env{'form.logtoken'},$env{'form.serverid'}); + if (($tmpinfo=~/^error/) || ($tmpinfo eq 'con_lost')) { + $output = &mt('Information needed to verify your login information is missing, inaccessible or expired.') + .'
'.&mt('You may need to reload the previous page to obtain a new token.'); + return ('fail',$output); + } else { + my $reply = &Apache::lonnet::reply('tmpdel:'.$env{'form.logtoken'},$env{'form.serverid'}); + unless ($reply eq 'ok') { + $output = &mt('Session could not be opened.'); + return ('fail',$output); + } + } + +# Split the logtoken to retrieve the DES key and decrypt the encypted password + + my ($key,$caller)=split(/&/,$tmpinfo); + my $upass; + if ($caller eq 'createaccount') { + $upass = &Apache::loncommon::des_decrypt($key,$env{'form.upass'}); + } else { + $output = &mt('Unable to retrieve your log-in information - unexpected context'); return ('fail',$output); } if ($uhome ne 'no_host') { my $result = &Apache::lonnet::authenticate($username,$upass,$domain); if ($result ne 'no_host') { - &start_session($r, $username, $domain, $lonhost, $courseid); - $output = '

'.&mt('A LON-CAPA account already exists for username [_1] at this institution ([_2]).',''.$username.'',$domdesc).'
'.&mt('The password entered was also correct so you have been logged in.'); + my $redirect = &start_session($r,$username,$domain,$uhome,$courseid); + if ($redirect) { + return ($redirect); + } + $output = '

'. + &mt('A LON-CAPA account already exists for username [_1] at this institution ([_2]).', + ''.$username.'',$domdesc).'
'. + &mt('The password entered was also correct so you have been logged in.'); return ('existingaccount',$output); } else { $output = &login_failure_msg($courseid); @@ -868,7 +1116,8 @@ sub username_validation { my $primlibserv = &Apache::lonnet::domain($domain,'primary'); my $authok; my %domdefaults = &Apache::lonnet::get_domain_defaults($domain); - if ((($domdefaults{'auth_def'} =~/^krb(4|5)$/) && ($domdefaults{'auth_arg_def'} ne '')) || ($domdefaults{'auth_def'} eq 'localauth')) { + if ((($domdefaults{'auth_def'} =~/^krb(4|5)$/) && ($domdefaults{'auth_arg_def'} ne '')) || + ($domdefaults{'auth_def'} eq 'localauth')) { my $checkdefauth = 1; $authok = &Apache::lonnet::reply("encrypt:auth:$domain:$username:$upass:$checkdefauth",$primlibserv); @@ -1012,11 +1261,11 @@ sub username_check { } sub username_activation { - my ($r,$username,$domain,$domdesc,$lonhost,$courseid) = @_; + my ($r,$username,$domain,$domdesc,$courseid) = @_; my $output; my $error = ''.&mt('Error:').' '; my $end = '

'; - my $rtnlink = ''. + my $rtnlink = ''. &mt('Return to previous page').''. &Apache::loncommon::end_page(); my %domdefaults = &Apache::lonnet::get_domain_defaults($domain); @@ -1038,14 +1287,20 @@ sub username_activation { $output = &mt('Sorry, your authentication has expired.'); } if ($earlyout ne '') { - $output .= '
'.&mt('Please [_1]start again[_2].','',''); + my $link = '/adm/createaccount'; + if (&Apache::lonnet::domain($domain) ne '') { + $link .= "?domain=$domain"; + } + $output .= '
'.&mt('Please [_1]start again[_2].', + '',''); return($earlyout,$output); } if ((($domdefaults{'auth_def'} =~/^krb(4|5)$/) && ($domdefaults{'auth_arg_def'} ne '')) || ($domdefaults{'auth_def'} eq 'localauth')) { if ($env{'form.courseid'} ne '') { - my ($result,$userchkmsg) = &check_id($username,$domain,$domdesc); + my $id = $env{'form.cid'}; + my ($result,$userchkmsg) = &check_id($username,$domain,$id,$domdesc,'institutional'); if ($result eq 'fail') { $output = $error.&mt('Invalid ID format').$end. $userchkmsg.$rtnlink; @@ -1082,9 +1337,14 @@ sub username_activation { if ($result eq 'ok') { my $delete = &Apache::lonnet::tmpdel($env{'form.authtoken'}); $output = &mt('A LON-CAPA account has been created for username: [_1] in domain: [_2].',$username,$domain); - &start_session($r, $username, $domain, $lonhost, $courseid); + my $uhome=&Apache::lonnet::homeserver($username,$domain,'true'); my $nostart = 1; - return ('ok',$output,$nostart); + my $response = 'ok'; + my $redirect = &start_session($r,$username,$domain,$uhome,$courseid); + if ($redirect) { + $response = $redirect; + } + return ($response,$output,$nostart); } else { $output = &mt('Account creation failed for username: [_1] in domain: [_2].',$username,$domain).'
'.&mt('Error: [_1]',$result).''; return ('fail',$output); @@ -1096,13 +1356,15 @@ sub username_activation { } sub check_id { - my ($username,$domain,$domdesc) = @_; - # Check ID format + my ($username,$domain,$id,$domdesc,$usernametype) = @_; + # Check student/employee ID format + # Is proposed student/employee ID acceptable according to domain's rules. + # $domdesc is just used for user error messages my (%alerts,%rulematch,%inst_results,%curr_rules,%checkhash); my %checks = ('id' => 1); %{$checkhash{$username.':'.$domain}} = ( 'newuser' => 1, - 'id' => $env{'form.cid'}, + 'id' => $id, ); &Apache::loncommon::user_rule_check(\%checkhash,\%checks,\%alerts, \%rulematch,\%inst_results,\%curr_rules); @@ -1111,11 +1373,15 @@ sub check_id { if ($alerts{'id'}{$domain}{$env{'form.cid'}}) { my $userchkmsg; if (ref($curr_rules{$domain}) eq 'HASH') { - $userchkmsg = - &Apache::loncommon::instrule_disallow_msg('id', - $domdesc,1). - &Apache::loncommon::user_rule_formats($domain, - $domdesc,$curr_rules{$domain}{'id'},'id'); + if ($usernametype eq 'email') { + $userchkmsg = &mt('A student/employee ID has not been set because the value suggested matched the format used for institutional users in the domain, and you are using an e-mail address as username, not an institutional username.'); + } else { + $userchkmsg = + &Apache::loncommon::instrule_disallow_msg('id', + $domdesc,1). + &Apache::loncommon::user_rule_formats($domain, + $domdesc,$curr_rules{$domain}{'id'},'id'); + } } return ('fail',$userchkmsg); } @@ -1129,6 +1395,8 @@ sub invalid_state { my $msg = '

'.&mt('Account creation unavailable').'

'; if ($error eq 'baduseremail') { $msg .= &mt('The e-mail address you provided does not appear to be a valid address.'); + } elsif ($error eq 'badusername') { + $msg .= &mt('The e-mail address you provided contains characters which prevent its use as a username in LON-CAPA.'); } elsif ($error eq 'existinguser') { $msg .= &mt('The e-mail address you provided is already in use as a username in LON-CAPA at this institution.'); } elsif ($error eq 'userrules') { @@ -1161,44 +1429,11 @@ sub linkto_email_help { } $msg .= '
'.&mt('You may wish to contact the [_1]LON-CAPA helpdesk[_2] for [_3].','','',$domdesc).'
'; } else { - $msg .= '
'.&mt('You may wish to send an e-mail to the server administrator: [_1] for [_2].',$Apache::lonnet::perlvar{'AdminEmail'},$domdesc).'
'; + $msg .= '
'.&mt('You may wish to send an e-mail to the server administrator: [_1] for [_2].',$Apache::lonnet::perlvar{'AdmEMail'},$domdesc).'
'; } return $msg; } -sub create_captcha { - my ($output_dir,$db_dir) = @_; - my %captcha_params = &captcha_settings(); - my ($output,$maxtries,$tries) = ('',10,0); - while ($tries < $maxtries) { - $tries ++; - my $captcha = Authen::Captcha->new ( - output_folder => $captcha_params{'output_dir'}, - data_folder => $captcha_params{'db_dir'}, - ); - my $md5sum = $captcha->generate_code($captcha_params{'numchars'}); - - if (-e $Apache::lonnet::perlvar{'lonCaptchaDir'}.'/'.$md5sum.'.png') { - $output = ''."\n". - &mt('Type in the letters/numbers shown below').' '. - '
'. - ''; - last; - } - } - return $output; -} - -sub captcha_settings { - my %captcha_params = ( - output_dir => $Apache::lonnet::perlvar{'lonCaptchaDir'}, - www_output_dir => "/captchaspool", - db_dir => $Apache::lonnet::perlvar{'lonCaptchaDb'}, - numchars => '5', - ); - return %captcha_params; -} - sub getkeys { my ($lkey,$ukey) = @_; my $lextkey=hex($lkey); @@ -1235,39 +1470,72 @@ ENDSERVERFORM return $output; } -sub process_credentials { -# -# Fetches the information from the logtoken via tmpget -# Token contains the DES-key and the stage of the process (would only be "createaccount") -# $lonhost in this routine is *not* necessarily the machine that this runs on, -# but $env{'form.serverid'}, the machine that issued the token. -# - my ($logtoken,$lonhost) = @_; - my $tmpinfo=Apache::lonnet::reply('tmpget:'.$logtoken,$lonhost); - my ($retrieved,$output,$upass); - if (($tmpinfo=~/^error/) || ($tmpinfo eq 'con_lost')) { - $output = &mt('Information needed to verify your login information is missing, inaccessible or expired.') - .'
'.&mt('You may need to reload the previous page to obtain a new token.'); - return ($retrieved,$output,$upass); - } else { - my $reply = &Apache::lonnet::reply('tmpdel:'.$logtoken,$lonhost); - if ($reply eq 'ok') { - $retrieved = 'ok'; - } else { - $output = &mt('Session could not be opened.'); +sub store_request { + my ($dom,$username,$val,$dataref,$settings) = @_; + my $output; + my $domconfiguser = &Apache::lonnet::get_domainconfiguser($dom); + my $key = &escape($username); + my $now = time(); + if (&Apache::lonnet::put('usernamequeue', { $key.'_'.$val => $now }, + $dom,$domconfiguser) eq 'ok') { + if (ref($dataref) eq 'HASH') { + my $logtoken = $dataref->{'tmpinfo'}; + my $serverid = $dataref->{'serverid'}; + if ($logtoken && $serverid) { + my $tmpinfo=Apache::lonnet::reply('tmpget:'.$logtoken,$serverid); + unless (($tmpinfo=~/^error/) || ($tmpinfo eq 'con_lost')) { + my $reply = &Apache::lonnet::reply('tmpdel:'.$logtoken,$serverid); + if ($reply eq 'ok') { + my ($key,$caller)=split(/&/,$tmpinfo); + $dataref->{'key'} = $key; + undef($dataref->{'tmpinfo'}); + undef($dataref->{'serverid'}); + } + } + } } - } - my ($key,$caller)=split(/&/,$tmpinfo); - if ($caller eq 'createaccount') { - $upass = &Apache::lonpreferences::des_decrypt($key,$env{'form.upass'}); + my %userrequest = ( $username => $dataref ); + $userrequest{$username}{timestamp} = $now; + $userrequest{$username}{status} = $val; + my $notifylist; + if (ref($settings) eq 'HASH') { + if (ref($settings->{'cancreate'}) eq 'HASH') { + if (ref($settings->{'cancreate'}{'notify'}) eq 'HASH') { + my $notifylist = $settings->{'cancreate'}{'notify'}{'approval'}; + if ($notifylist) { + my $sender = $domconfiguser.':'.$dom; + my $domdesc = &Apache::lonnet::domain($dom,'description'); + my $fullname; + if (ref($dataref) eq 'HASH') { + if ($dataref->{'firstname'}) { + $fullname = $dataref->{'firstname'}; + } + if ($dataref->{'lastname'}) { + $fullname .= ' '.$dataref->{'lastname'}; + } + $fullname =~ s/^\s+|\s+$//g; + } + &Apache::loncoursequeueadmin::send_selfserve_notification($notifylist, + "$fullname ($username)", + undef,$domdesc,$now,'usernamereq',$sender); + } + } + } + } + my $userresult = + &Apache::lonnet::put('nohist_requestedusernames',\%userrequest,$dom,$domconfiguser); + $output = '

'. + &mt('Your request for a LON-CAPA account has been submitted for approval.'). + '

'. + '

'. + &mt('An e-mail will be sent to [_1] when your request has been reviewed by an administrator and action has been taken.',$username). + '

'; } else { - $output = &mt('Unable to retrieve your log-in information - unexpected context'); + $output = ''. + &mt('An error occurred when attempting to save your request for a LON-CAPA account.'); + ''; } -# $retrieved is 'ok' if retrieved okay -# $output is screen output for the user -# $upass is $env{'form.upass'}, decrypted with the DES-key, if stage was 'createaccount' - - return ($retrieved,$output,$upass); + return $output; } sub guest_format_check { @@ -1293,7 +1561,9 @@ sub guest_format_check { } if ($format_match) { ($login) = ($useremail =~ /^([^\@]+)\@/); - $format_msg = '
'.&mt("Your e-mail address uses the same internet domain as your institution's LON-CAPA service.").'
'.&mt('Creation of a LON-CAPA account with this type of e-mail address as username is not permitted.').'
'; + $format_msg = '
'. + &mt("Your e-mail address uses the same internet domain as your institution's LON-CAPA service.").'
'. + &mt('Creation of a LON-CAPA account with this type of e-mail address as username is not permitted.').'
'; if (ref($cancreate) eq 'ARRAY') { if (grep(/^login$/,@{$cancreate})) { $format_msg .= &mt('You should request creation of a LON-CAPA account for a log-in ID of "[_1]" at your institution instead.',$login).'
'; @@ -1327,7 +1597,7 @@ sub sso_logout_frag { sub catreturn_js { return <<"ENDSCRIPT"; ENDSCRIPT