--- loncom/interface/lonpreferences.pm	2018/09/03 14:03:03	1.196.4.24
+++ loncom/interface/lonpreferences.pm	2019/08/22 00:00:03	1.196.4.25
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Preferences
 #
-# $Id: lonpreferences.pm,v 1.196.4.24 2018/09/03 14:03:03 raeburn Exp $
+# $Id: lonpreferences.pm,v 1.196.4.25 2019/08/22 00:00:03 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -27,8 +27,6 @@
 #
 # This package uses the "londes.js" javascript code. 
 #
-# TODOs that have to be completed:
-#    interface with lonnet to change the password
  
 package Apache::lonpreferences;
 
@@ -477,7 +475,6 @@ sub verify_and_change_rolespref {
 }
 
 
-
 ################################################################
 #         Anonymous Discussion Name Change Subroutines         #
 ################################################################
@@ -1229,7 +1226,7 @@ sub verify_and_change_colors {
 #            password handler subroutines            #
 ######################################################
 sub passwordchanger {
-    my ($r,$errormessage,$caller,$mailtoken) = @_;
+    my ($r,$errormessage,$caller,$mailtoken,$timelimit,$extrafields) = @_;
     # This function is a bit of a mess....
     # Passwords are encrypted using londes.js (DES encryption)
     $errormessage = ($errormessage || '');
@@ -1254,42 +1251,42 @@ sub passwordchanger {
             $caller = 'preferences';
         }
     } elsif ($caller eq 'reset_by_email') {
-            my %data = &Apache::lonnet::tmpget($mailtoken);
-            if (keys(%data) == 0) {
-                $r->print(
-                    '<p class="LC_warning">'
-                   .&mt('Sorry, the URL you provided to complete the reset of your password was invalid. Either the token included in the URL has been deleted or the URL you provided was invalid. Please submit a [_1]new request[_2] for a password reset, and follow the link to the new URL included in the e-mail that will be sent to you, to allow you to enter a new password.'
-                             ,'<a href="/adm/resetpw">','</a>')
-                   .'</p>'
-                );
-                return;
-            }
-            if (defined($data{time})) {
-                if (time - $data{'time'} < 7200) {
-                    $user = $data{'username'};
-                    $domain = $data{'domain'};
-                    $currentpass = $data{'temppasswd'};
-                } else {
-                    $r->print(
-                        '<p class="LC_warning">'
-                       .&mt('Sorry, the token generated when you requested'
-                           .' a password reset has expired.')
-                       .'</p>'
-                    );
-                    return;
-                }
+        my %data = &Apache::lonnet::tmpget($mailtoken);
+        if (keys(%data) == 0) {
+            $r->print(
+                '<p class="LC_warning">'
+               .&mt('Sorry, the URL you provided to complete the reset of your password was invalid. Either the token included in the URL has been deleted or the URL you provided was invalid. Please submit a [_1]new request[_2] for a password reset, and follow the link to the new URL included in the e-mail that will be sent to you, to allow you to enter a new password.'
+                   ,'<a href="/adm/resetpw">','</a>')
+               .'</p>'
+            );
+            return;
+        }
+        if (defined($data{time})) {
+            if (time - $data{'time'} < $timelimit) {
+                $user = $data{'username'};
+                $domain = $data{'domain'};
+                $currentpass = $data{'temppasswd'};
             } else {
                 $r->print(
-                   '<p class="LC_warning">'
-                  .&mt('Sorry, the URL generated when you requested reset of'
-                      .' your password contained incomplete information.')
+                    '<p class="LC_warning">'
+                   .&mt('Sorry, the token generated when you requested'
+                       .' a password reset has expired.')
                    .'</p>'
                 );
                 return;
             }
-            if (&Apache::lonnet::domain($domain) eq '') {
-                $domain = $r->dir_config('lonDefDomain');
-            }
+        } else {
+            $r->print(
+                '<p class="LC_warning">'
+                .&mt('Sorry, the URL generated when you requested reset of'
+                    .' your password contained incomplete information.')
+                .'</p>'
+            );
+            return;
+        }
+        if (&Apache::lonnet::domain($domain) eq '') {
+            $domain = $r->dir_config('lonDefDomain');
+        }
     } else {
         $r->print(
             '<p class="LC_error">'
@@ -1328,7 +1325,7 @@ sub passwordchanger {
 	my $jsh=Apache::File->new($include."/londes.js");
 	$r->print(<$jsh>);
     }
-    $r->print(&jscript_send($caller));
+    $r->print(&jscript_send($caller,$extrafields));
     $r->print(<<ENDFORM);
 $errormessage
 
@@ -1337,15 +1334,15 @@ $errormessage
      ensure that unencrypted passwords will not be sent out by a
      crappy browser -->
 ENDFORM
-    $r->print(&server_form($logtoken,$caller,$mailtoken));
-    $r->print(&client_form($caller,\%hexkey,$currentpass,$domain));
+    $r->print(&server_form($logtoken,$caller,$mailtoken,$extrafields));
+    $r->print(&client_form($caller,\%hexkey,$currentpass,$domain,$extrafields));
 
     #
     return;
 }
 
 sub jscript_send {
-    my ($caller) = @_;
+    my ($caller,$extrafields) = @_;
     my $output = qq|
 <script type="text/javascript" language="JavaScript">
 
@@ -1367,14 +1364,20 @@ sub jscript_send {
             =getCrypted(this.document.client.elements.newpass_2.value);
 |;
     if ($caller eq 'reset_by_email') {
-        $output .= qq|
+        if ((ref($extrafields) eq 'HASH') && ($extrafields->{'username'})) {
+            $output .= qq|
         this.document.pserver.elements.uname.value =
                    this.document.client.elements.uname.value;
         this.document.pserver.elements.udom.value =
                    this.document.client.elements.udom.options[this.document.client.elements.udom.selectedIndex].value;
+|;
+        }
+        if ((ref($extrafields) eq 'HASH') && ($extrafields->{'email'})) {
+            $output .= qq|
         this.document.pserver.elements.email.value =
                    this.document.client.elements.email.value;
 |;
+        }
     }
     $ output .= qq|
         this.document.pserver.submit();
@@ -1385,7 +1388,7 @@ sub jscript_send {
 }
 
 sub client_form {
-    my ($caller,$hexkey,$currentpass,$defdom) = @_;
+    my ($caller,$hexkey,$currentpass,$defdom,$extrafields) = @_;
     my %lt=&Apache::lonlocal::texthash(
                 'email' => 'E-mail Address',
                 'username' => 'Username',
@@ -1399,25 +1402,22 @@ sub client_form {
     my $output = '<form name="client" action="">'
                 .&Apache::lonhtmlcommon::start_pick_box();
     if ($caller eq 'reset_by_email') {
-        my $mobileargs;
-        (undef,undef,undef,undef,undef,undef,my $clientmobile) =
-            &Apache::loncommon::decode_user_agent();
-        if ($clientmobile) {
-            $mobileargs = 'autocapitalize="off" autocorrect="off" ';
-        }
-        $output .= &Apache::lonhtmlcommon::row_title(
+        if ((ref($extrafields) eq 'HASH') && ($extrafields->{'email'})) {
+            $output .= &Apache::lonhtmlcommon::row_title(
                        '<label for="email">'.$lt{'email'}.'</label>')
-                  .'<input type="text" name="email" size="30" '.$mobileargs.'/>'
-                  .&Apache::lonhtmlcommon::row_closure()
-                  .&Apache::lonhtmlcommon::row_title(
+                      .'<input type="text" name="email" size="30" autocapitalize="off" autocorrect="off" />'
+                      .&Apache::lonhtmlcommon::row_closure();
+        }
+        if ((ref($extrafields) eq 'HASH') && ($extrafields->{'username'})) {
+            $output .= &Apache::lonhtmlcommon::row_title(
                        '<label for="uname">'.$lt{'username'}.'</label>')
-                  .'<input type="text" name="uname" size="20" '.$mobileargs.'/>'
-                  .'<input type="hidden" name="currentpass" value="'.$currentpass.'" />'
-                  .&Apache::lonhtmlcommon::row_closure()
-                  .&Apache::lonhtmlcommon::row_title(
+                      .'<input type="text" name="uname" size="20" autocapitalize="off" autocorrect="off" />'
+                      .&Apache::lonhtmlcommon::row_closure()
+                      .&Apache::lonhtmlcommon::row_title(
                        '<label for="udom">'.$lt{'domain'}.'</label>')
-                  .&Apache::loncommon::select_dom_form($defdom,'udom')
-                  .&Apache::lonhtmlcommon::row_closure();
+                      .&Apache::loncommon::select_dom_form($defdom,'udom')
+                      .&Apache::lonhtmlcommon::row_closure();
+        }
     } else {
         $output .= &Apache::lonhtmlcommon::row_title(
                        '<label for="currentpass">'.$lt{'currentpass'}.'</label>')
@@ -1433,6 +1433,9 @@ sub client_form {
               .'<input type="password" name="newpass_2" size="20" />'
               .&Apache::lonhtmlcommon::row_closure(1)
               .&Apache::lonhtmlcommon::end_pick_box();
+    if ($caller eq 'reset_by_email') {
+        $output .= '<input type="hidden" name="currentpass" value="'.$currentpass.'" />';
+    }
     $output .= '<p><input type="button" value="'.$lt{'changepass'}.'" onclick="send();" /></p>'
               .qq|
 <input type="hidden" name="ukey_cpass"  value="$hexkey->{'ukey_cpass'}" />
@@ -1448,7 +1451,7 @@ sub client_form {
 }
 
 sub server_form {
-    my ($logtoken,$caller,$mailtoken) = @_;
+    my ($logtoken,$caller,$mailtoken,$extrafields) = @_;
     my $action = '/adm/preferences';
     if ($caller eq 'reset_by_email') {
         $action = '/adm/resetpw';
@@ -1459,15 +1462,22 @@ sub server_form {
 <input type="hidden" name="currentpass" value="" />
 <input type="hidden" name="newpass_1"   value="" />
 <input type="hidden" name="newpass_2"   value="" />
-    |;
+|;
     if ($caller eq 'reset_by_email') {
         $output .=  qq|
 <input type="hidden" name="token"   value="$mailtoken" />
+|;
+       if ((ref($extrafields) eq 'HASH') && ($extrafields->{'username'})) {
+           $output .=  qq|
 <input type="hidden" name="uname"   value="" />
 <input type="hidden" name="udom"   value="" />
+|;
+       }
+       if ((ref($extrafields) eq 'HASH') && ($extrafields->{'email'})) {
+           $output .=  qq|
 <input type="hidden" name="email"   value="" />
-
 |;
+       }
     }
     $output .= qq|
 <input type="hidden" name="action" value="verify_and_change_pass" />
@@ -1553,7 +1563,7 @@ ENDERROR
         return 1;
     }
     my ($ckey,$n1key,$n2key)=split(/&/,$tmpinfo);
-    # 
+    #
     $currentpass = &Apache::loncommon::des_decrypt($ckey ,$currentpass);
     $newpass1    = &Apache::loncommon::des_decrypt($n1key,$newpass1);
     $newpass2    = &Apache::loncommon::des_decrypt($n2key,$newpass2);
@@ -1574,7 +1584,7 @@ ENDERROR
                          &mt('Please try again.').'</span>',$caller,$mailtoken);
             return 1;
         }
-    } 
+    }
     if ($newpass1 ne $newpass2) {
 	&passwordchanger($r,
 			 '<span class="LC_warning">'.
@@ -1582,12 +1592,23 @@ ENDERROR
 			 &mt('Please try again.').'</span>',$caller,$mailtoken);
 	return 1;
     }
-    if (length($newpass1) < 7) {
-	&passwordchanger($r,
-			 '<span class="LC_warning">'.
-			 &mt('Passwords must be a minimum of 7 characters long.').'  '.
-			 &mt('Please try again.').'</span>',$caller,$mailtoken);
-	return 1;
+    if ($currentauth eq 'unix:') {
+        if (length($newpass1) < 7) {
+            &passwordchanger($r,
+                             '<span class="LC_warning">'.
+                             &mt('Passwords must be a minimum of 7 characters long.').'  '.
+                             &mt('Please try again.').'</span>',$caller,$mailtoken);
+            return 1;
+        }
+    } else {
+        my $warning = &Apache::loncommon::check_passwd_rules($domain,$newpass1);
+        if ($warning) {
+	    &passwordchanger($r,'<span class="LC_warning">'.
+                             $warning.
+			     &mt('Please try again.').'</span>',
+                             $caller,$mailtoken);
+	    return 1;
+        }
     }
     #
     # Check for bad characters
@@ -1635,8 +1656,14 @@ ENDERROR
                 return $result;
             }
         } else {
+            my $feedback;
+            if ($result eq 'prioruse') {
+                $feedback = &mt('Please enter a password that you have not used recently.');
+            } else {
+                $feedback = &mt('Please make sure your old password was entered correctly.');
+            }
             $message = &Apache::lonhtmlcommon::confirm_success(
-                &mt("The password for user [_1] was not changed.",'<i>'.$user.'</i>').' '.&mt('Please make sure your old password was entered correctly.'),1);
+                &mt("The password for user [_1] was not changed.",'<i>'.$user.'</i>').' '.$feedback,1);
             $message=&Apache::loncommon::confirmwrapper($message);
             &print_main_menu($r, $message);
             if (ref($ended)) {