|
version 1.2, 2001/12/19 17:17:46
|
version 1.3, 2002/02/15 22:04:39
|
|
Line 35
|
Line 35
|
| # |
# |
| # 3/1 Gerd Kortemeyer |
# 3/1 Gerd Kortemeyer |
| # |
# |
| |
# 2/13/02 2/14 2/15 Matthew Hall |
| |
# |
| |
# This package uses the "londes.js" javascript code. |
| |
# |
| |
# TODOs that have to be completed: |
| |
# interface with lonnet to change the password |
| |
|
| package Apache::lonpreferences; |
package Apache::lonpreferences; |
| |
|
| use strict; |
use strict; |
| use Apache::Constants qw(:common); |
use Apache::Constants qw(:common); |
| |
use Apache::File; |
| |
use Crypt::DES; |
| |
use DynaLoader; # for Crypt::DES version |
| |
|
| |
#------------------- forms to be output |
| |
my $passwordform =<<ENDPASSWORDFORM; |
| |
<form name="client" action="/adm/preferences" method="post"> |
| |
<input type="hidden" name="action" value="changepass"> |
| |
<input type="submit" value="Change password"> |
| |
</form> |
| |
ENDPASSWORDFORM |
| |
|
| |
my $environmentform = <<ENDENVIRONMENTFORM; |
| |
<p> |
| |
There are currently no environment variables you can change. |
| |
</p> |
| |
<!---- |
| |
You may set the following environment variables: |
| |
<table> |
| |
<tr><th>Environment Setting</th><th>Current Value</th></tr> |
| |
<tr> |
| |
<td colspan="2"> |
| |
<font color="#ff0000">No variables currently set up</font> |
| |
</td> |
| |
</tr> |
| |
</table> |
| |
--> |
| |
ENDENVIRONMENTFORM |
| |
#------------------ end of forms to be output |
| |
|
| |
################################################################ |
| |
# Handler subroutines # |
| |
################################################################ |
| |
# |
| |
# Write lonnet::passwd to do the call below. |
| |
# Use: |
| |
# my $answer=reply("encrypt:passwd:$udom:$uname:$upass",$tryserver); |
| |
# |
| |
# I really should write some javascript to check on the client side for |
| |
# mismatched passwords, but other problems are more pressing |
| |
# |
| |
################################################## |
| |
# password associated functions # |
| |
################################################## |
| |
sub des_keys { |
| |
# Make a new key for DES encryption |
| |
# Each key has two parts which are returned seperately |
| |
my @hexstr=('0','1','2','3','4','5','6','7', |
| |
'8','9','a','b','c','d','e','f'); |
| |
my $lkey=''; |
| |
for (0..7) { |
| |
$lkey.=$hexstr[rand(15)]; |
| |
} |
| |
my $ukey=''; |
| |
for (0..7) { |
| |
$ukey.=$hexstr[rand(15)]; |
| |
} |
| |
return ($lkey,$ukey); |
| |
} |
| |
|
| |
sub des_decrypt { |
| |
my ($key,$cyphertext) = @_; |
| |
my $keybin=pack("H16",$key); |
| |
my $cypher; |
| |
if ($Crypt::DES::VERSION>=2.03) { |
| |
$cypher=new Crypt::DES $keybin; |
| |
} else { |
| |
$cypher=new DES $keybin; |
| |
} |
| |
my $plaintext= |
| |
$cypher->decrypt(unpack("a8",pack("H16",substr($cyphertext,0,16)))); |
| |
$plaintext.= |
| |
$cypher->decrypt(unpack("a8",pack("H16",substr($cyphertext,16,16)))); |
| |
$plaintext=unpack("a8",$plaintext); |
| |
$plaintext=substr($plaintext,1,ord(substr($plaintext,0,1))); |
| |
unpack("a8",$plaintext); |
| |
return $plaintext; |
| |
} |
| |
|
| |
sub passwordchanger { |
| |
# Passwords are encrypted using londes.js (DES encryption) |
| |
# |
| |
my $r = shift; |
| |
my $user = $ENV{'user.name'}; |
| |
my $domain = $ENV{'user.domain'}; |
| |
my $homeserver = $ENV{'user.home'}; |
| |
my $currentauth=&Apache::lonnet::queryauthenticate($user,$domain); |
| |
# Check for authentication types that allow changing of the password. |
| |
return if ($currentauth !~ /^(unix|internal):/); |
| |
# |
| |
# Generate keys |
| |
my ($lkey_cpass ,$ukey_cpass ) = &des_keys(); |
| |
my ($lkey_npass1,$ukey_npass1) = &des_keys(); |
| |
my ($lkey_npass2,$ukey_npass2) = &des_keys(); |
| |
# Store the keys |
| |
my $lonhost = $r->dir_config('lonHostID'); |
| |
my $logtoken=Apache::lonnet::reply('tmpput:' |
| |
.$ukey_cpass . $lkey_cpass .'&' |
| |
.$ukey_npass1 . $lkey_npass1.'&' |
| |
.$ukey_npass2 . $lkey_npass2, |
| |
$lonhost); |
| |
# Hexify these keys |
| |
$ukey_cpass = hex($ukey_cpass); |
| |
$lkey_cpass = hex($lkey_cpass); |
| |
$ukey_npass1= hex($ukey_npass1); |
| |
$lkey_npass1= hex($lkey_npass1); |
| |
$ukey_npass2= hex($ukey_npass2); |
| |
$lkey_npass2= hex($lkey_npass2); |
| |
# Output javascript to deal with passwords |
| |
$r->print(<<ENDHEADER); |
| |
<html> |
| |
<head> |
| |
<title>The LearningOnline Network with CAPA</title> |
| |
</head> |
| |
ENDHEADER |
| |
# Output DES javascript |
| |
{ |
| |
my $include = $r->dir_config('lonIncludes'); |
| |
my $jsh=Apache::File->new($include."/londes.js"); |
| |
$r->print(<$jsh>); |
| |
} |
| |
$r->print(<<ENDFORM); |
| |
|
| |
<body bgcolor="#FFFFFF" onLoad="init();"> |
| |
|
| |
<script language="JavaScript"> |
| |
|
| |
function send() { |
| |
uextkey=this.document.client.elements.ukey_cpass.value; |
| |
lextkey=this.document.client.elements.lkey_cpass.value; |
| |
initkeys(); |
| |
|
| |
this.document.server.elements.currentpass.value |
| |
=crypted(this.document.client.elements.currentpass.value); |
| |
|
| |
uextkey=this.document.client.elements.ukey_npass1.value; |
| |
lextkey=this.document.client.elements.lkey_npass1.value; |
| |
initkeys(); |
| |
this.document.server.elements.newpass_1.value |
| |
=crypted(this.document.client.elements.newpass_1.value); |
| |
|
| |
uextkey=this.document.client.elements.ukey_npass2.value; |
| |
lextkey=this.document.client.elements.lkey_npass2.value; |
| |
initkeys(); |
| |
this.document.server.elements.newpass_2.value |
| |
=crypted(this.document.client.elements.newpass_2.value); |
| |
|
| |
this.document.server.submit(); |
| |
} |
| |
|
| |
</script> |
| |
<h1>Preferences for $user</h1> |
| |
<h3>$user is a member of domain $domain</h3> |
| |
<p> |
| |
Change password for $user |
| |
</p> |
| |
<p> |
| |
<!-- We seperate the forms into 'server' and 'client' in order to |
| |
ensure that unencrypted passwords will not be sent out by a |
| |
crappy browser --> |
| |
|
| |
<form name="server" action="/adm/preferences" method="post"> |
| |
<input type="hidden" name="logtoken" value="$logtoken" /> |
| |
<input type="hidden" name="action" value="verify_and_change_pass" /> |
| |
<input type="hidden" name="currentpass" value="" /> |
| |
<input type="hidden" name="newpass_1" value="" /> |
| |
<input type="hidden" name="newpass_2" value="" /> |
| |
</form> |
| |
|
| |
<form name="client" > |
| |
<table> |
| |
<tr><td align="right"> Current password: </td> |
| |
<td><input type="password" name="currentpass" /> </td></tr> |
| |
<tr><td align="right"> New password: </td> |
| |
<td><input type="password" name="newpass_1" /> </td></tr> |
| |
<tr><td align="right"> Confirm password: </td> |
| |
<td><input type="password" name="newpass_2" /> </td></tr> |
| |
<tr><td colspan="2" align="center"> |
| |
<input type="button" value="Change Password" onClick="send();"> |
| |
</table> |
| |
<input type="hidden" name="ukey_cpass" value="$ukey_cpass" /> |
| |
<input type="hidden" name="lkey_cpass" value="$lkey_cpass" /> |
| |
<input type="hidden" name="ukey_npass1" value="$ukey_npass1" /> |
| |
<input type="hidden" name="lkey_npass1" value="$lkey_npass1" /> |
| |
<input type="hidden" name="ukey_npass2" value="$ukey_npass2" /> |
| |
<input type="hidden" name="lkey_npass2" value="$lkey_npass2" /> |
| |
</form> |
| |
</p> |
| |
ENDFORM |
| |
# |
| |
return; |
| |
} |
| |
|
| |
sub verify_and_change_password { |
| |
my $r = shift; |
| |
my $user = $ENV{'user.name'}; |
| |
my $domain = $ENV{'user.domain'}; |
| |
my $homeserver = $ENV{'user.home'}; |
| |
my $currentauth=&Apache::lonnet::queryauthenticate($user,$domain); |
| |
# |
| |
$r->print("<h1>verify and change password</h1>\n"); |
| |
# |
| |
my $currentpass = $ENV{'form.currentpass'}; |
| |
my $newpass1 = $ENV{'form.newpass_1'}; |
| |
my $newpass2 = $ENV{'form.newpass_2'}; |
| |
my $logtoken = $ENV{'form.logtoken'}; |
| |
# Check for empty data |
| |
if (!(defined($currentpass) && |
| |
defined($newpass1) && |
| |
defined($newpass2))){ |
| |
$r->print("<font color='#ff0000'>ERROR</font> Password data was ". |
| |
"blank.\n"); |
| |
return; |
| |
} |
| |
# Get the keys |
| |
my $lonhost = $r->dir_config('lonHostID'); |
| |
my $tmpinfo = Apache::lonnet::reply('tmpget:'.$logtoken,$lonhost); |
| |
if (($tmpinfo=~/^error/) || ($tmpinfo eq 'con_lost')) { |
| |
$r->print(<<ENDERROR); |
| |
<p> |
| |
<font color="#ff0000">ERROR:</font> Unable to retrieve stored token for |
| |
password decryption. |
| |
</p> |
| |
ENDERROR |
| |
return; |
| |
} |
| |
my ($ckey,$n1key,$n2key)=split(/&/,$tmpinfo); |
| |
# decrypt |
| |
my $currentpass = &des_decrypt($ckey ,$currentpass); |
| |
my $newpass1 = &des_decrypt($n1key,$newpass1); |
| |
my $newpass2 = &des_decrypt($n2key,$newpass2); |
| |
# Sanity check |
| |
if ($newpass1 ne $newpass2) { |
| |
$r->print('<font color="#ff0000">ERROR:</font>The new passwords you '. |
| |
'entered do not match. Please try again.'); |
| |
&passwordchanger($r); |
| |
return; |
| |
} |
| |
} |
| |
|
| |
################################################################ |
| |
# Main handler # |
| |
################################################################ |
| sub handler { |
sub handler { |
| my $r = shift; |
my $r = shift; |
| |
my $user = $ENV{'user.name'}; |
| |
my $domain = $ENV{'user.domain'}; |
| $r->content_type('text/html'); |
$r->content_type('text/html'); |
| $r->send_http_header; |
$r->send_http_header; |
| return OK if $r->header_only; |
return OK if $r->header_only; |
| |
# Spit out the header |
| # --------------------------------------------------- Print login screen header |
if ($ENV{'form.action'} eq 'changepass') { |
| $r->print(<<ENDDOCUMENT); |
&passwordchanger($r); |
| |
} elsif ($ENV{'form.action'} eq 'verify_and_change_pass') { |
| |
&verify_and_change_password($r); |
| |
} else { |
| |
$r->print(<<ENDHEADER); |
| <html> |
<html> |
| <head> |
<head> |
| <title>The LearningOnline Network with CAPA</title> |
<title>The LearningOnline Network with CAPA</title> |
| </head> |
</head> |
| <body bgcolor="#FFFFFF"> |
<body bgcolor="#FFFFFF" > |
| <h1>Preferences</h1> |
<h1>Preferences for $user</h1> |
| <img src="/adm/lonKaputt/lonconstruct.gif"> |
<h3>$user is a member of domain $domain</h3> |
| |
ENDHEADER |
| |
# Determine current authentication method |
| |
my $currentauth=&Apache::lonnet::queryauthenticate($user,$domain); |
| |
if ($currentauth =~ /^(unix|internal):/) { |
| |
$r->print($passwordform); |
| |
} |
| |
$r->print($environmentform); |
| |
} |
| |
# Spit out the footer |
| |
$r->print(<<ENDFOOTER); |
| </body> |
</body> |
| </html> |
</html> |
| ENDDOCUMENT |
ENDFOOTER |
| return OK; |
return OK; |
| } |
} |
| |
|
![[BACK]](/icons/back.gif){kind=icon}
Return to lonpreferences.pm CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom / interface