--- loncom/interface/createaccount.pm 2008/07/01 16:41:57 1.7 +++ loncom/interface/createaccount.pm 2008/07/04 18:53:22 1.8 @@ -3,7 +3,7 @@ # institutional log-in ID (institutional authentication required - localauth # or kerberos) or an e-mail address. # -# $Id: createaccount.pm,v 1.7 2008/07/01 16:41:57 bisitz Exp $ +# $Id: createaccount.pm,v 1.8 2008/07/04 18:53:22 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -42,6 +42,7 @@ use Authen::Captcha; use DynaLoader; # for Crypt::DES version use Crypt::DES; use LONCAPA qw(:DEFAULT :match); +use HTML::Entities; sub handler { my $r = shift; @@ -122,9 +123,13 @@ sub handler { my ($output,$msg); if (grep(/^sso$/,@cancreate)) { $msg = &mt("Although your username and password were authenticated by your institution's Single Sign On system, you do not currently have a LON-CAPA account in this domain."); - ($output, my $checkfail) = &username_check($sso_username,$domain,$domdesc,$courseid); - if ($checkfail) { + ($output, my $checkfail) = &username_check($sso_username,$domain, + $domdesc,$courseid, + $lonhost,$contact_email); + if ($checkfail eq 'username') { $msg .= &mt('A LON-CAPA account may not be created with the username you use.'); + } elsif ($checkfail eq 'authtoken') { + $msg .= &mt('Error creating token.'); } else { $msg .= &mt('To create one, use the table below to provide information about yourself (if appropriate), then click the "Create LON-CAPA account" button.'); } @@ -181,7 +186,8 @@ sub handler { $courseid); } elsif ($env{'form.phase'} eq 'username_validation') { $output = &username_validation($env{'form.uname'},$domain,$domdesc, - $contact_name,$contact_email,$courseid); + $contact_name,$contact_email,$courseid, + $lonhost); } elsif (!$token) { my $now=time; if (grep(/^login$/,@cancreate)) { @@ -668,7 +674,7 @@ sub create_account { } sub username_validation { - my ($username,$domain,$domdesc,$contact_name,$contact_email,$courseid) = @_; + my ($username,$domain,$domdesc,$contact_name,$contact_email,$courseid,$lonhost) = @_; my ($retrieved,$output,$upass); $username= &LONCAPA::clean_username($username); @@ -694,7 +700,8 @@ sub username_validation { $authok = 'non_authorized'; } if ($authok eq 'authorized') { - ($output,undef) = &username_check($username,$domain,$domdesc,$courseid); + ($output,undef) = &username_check($username,$domain,$domdesc, + $courseid,$lonhost,$contact_email); } else { $output = '
' .&mt('Username and/or password could not be authenticated.') @@ -706,7 +713,7 @@ sub username_validation { } sub username_check { - my ($username,$domain,$domdesc,$courseid) = @_; + my ($username,$domain,$domdesc,$courseid,$lonhost,$contact_email) = @_; my (%rulematch,%inst_results,$newuser,%alerts,%curr_rules,%got_rules); $newuser = 1; my $checkhash; @@ -724,7 +731,7 @@ sub username_check { &Apache::loncommon::user_rule_formats($domain,$domdesc, $curr_rules{$domain}{'username'},'username'); if ($userchkmsg) { - $checkfail = 1; + $checkfail = 'username'; } } return ($userchkmsg,$checkfail); @@ -732,13 +739,26 @@ sub username_check { } } my $submit_text = &mt('Create LON-CAPA account'); - # FIXME need a cookie to confirm credentials were validated. my $output = '
'. &Apache::loncreateuser::personal_data_display($username,$domain,1, undef,$inst_results{$username.':'.$domain}). '

'."\n". ''."\n". ''; + my $now = time; + my %info = ('ip' => $ENV{'REMOTE_ADDR'}, + 'time' => $now, + 'domain' => $domain, + 'username' => $username); + my $authtoken = &Apache::lonnet::tmpput(\%info,$lonhost); + if ($authtoken !~ /^error/ && $authtoken ne 'no_such_host') { + $output .= ''; + } else { + $output = &mt('An error occurred when storing a token').'
'. + &mt('You will not be able to proceed to the next stage of account creation'). + &linkto_email_help($contact_email,$domdesc); + return($output,'authtoken'); + } if ($courseid ne '') { $output .= ''; } @@ -756,6 +776,27 @@ sub username_activation { &mt('Return to previous page').''. &Apache::loncommon::end_page(); my %domdefaults = &Apache::lonnet::get_domain_defaults($domain); + my %data = &Apache::lonnet::tmpget($env{'form.authtoken'}); + my $now = time; + my $earlyout; + my $timeout = 300; + if (keys(%data) == 0) { + $output = &mt('Sorry, your authentication has expired.'); + $earlyout = 'fail'; + } + if (($data{'time'} !~ /^\d+$/) || + ($data{'domain'} ne $domain) || + ($data{'username'} ne $username)) { + $earlyout = 'fail'; + $output = &mt('The credentials you provided could not be verified.'); + } elsif ($now - $data{'time'} > $timeout) { + $earlyout = 'fail'; + $output = &mt('Sorry, your authentication has expired.'); + } + if ($earlyout ne '') { + $output .= '
'.&mt('Please [_1]start again[_2].','',''); + return($earlyout,$output); + } if ((($domdefaults{'auth_def'} =~/^krb(4|5)$/) && ($domdefaults{'auth_arg_def'} ne '')) || ($domdefaults{'auth_def'} eq 'localauth')) { @@ -776,6 +817,7 @@ sub username_activation { $env{'form.cgeneration'},undef,undef, $env{'form.cpermanentemail'}); if ($result eq 'ok') { + my $delete = &Apache::lonnet::tmpdel($env{'form.authtoken'}); $output = &mt('A LON-CAPA account has been created for username: [_1] in domain: [_2].',$username,$domain); my %form = &start_session($r,$username,$domain,$lonhost,$courseid); my $nostart = 1; @@ -838,6 +880,13 @@ sub invalid_state { if ($msgtext) { $msg .= '
'.$msgtext; } + $msg .= &linkto_email_help($contact_email,$domdesc); + return $msg; +} + +sub linkto_email_help { + my ($contact_email,$domdesc) = @_; + my $msg; if ($contact_email ne '') { my $escuri = &HTML::Entities::encode('/adm/createaccount','&<>"'); $msg .= '
'.&mt('You may wish to contact the [_1]LON-CAPA helpdesk[_2] for the [_3] domain.','','',$domdesc);