1: # The LearningOnline Network
2: # Preferences
3: #
4: # $Id: lonpreferences.pm,v 1.5 2002/03/30 17:59:34 www Exp $
5: #
6: # Copyright Michigan State University Board of Trustees
7: #
8: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
9: #
10: # LON-CAPA is free software; you can redistribute it and/or modify
11: # it under the terms of the GNU General Public License as published by
12: # the Free Software Foundation; either version 2 of the License, or
13: # (at your option) any later version.
14: #
15: # LON-CAPA is distributed in the hope that it will be useful,
16: # but WITHOUT ANY WARRANTY; without even the implied warranty of
17: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18: # GNU General Public License for more details.
19: #
20: # You should have received a copy of the GNU General Public License
21: # along with LON-CAPA; if not, write to the Free Software
22: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23: #
24: # /home/httpd/html/adm/gpl.txt
25: #
26: # http://www.lon-capa.org/
27: #
28: # (Internal Server Error Handler
29: #
30: # (Login Screen
31: # 5/21/99,5/22,5/25,5/26,5/31,6/2,6/10,7/12,7/14,
32: # 1/14/00,5/29,5/30,6/1,6/29,7/1,11/9 Gerd Kortemeyer)
33: #
34: # 3/1/1 Gerd Kortemeyer)
35: #
36: # 3/1 Gerd Kortemeyer
37: #
38: # 2/13/02 2/14 2/15 Matthew Hall
39: #
40: # This package uses the "londes.js" javascript code.
41: #
42: # TODOs that have to be completed:
43: # interface with lonnet to change the password
44:
45: package Apache::lonpreferences;
46:
47: use strict;
48: use Apache::Constants qw(:common);
49: use Apache::File;
50: use Crypt::DES;
51: use DynaLoader; # for Crypt::DES version
52: use Apache::loncommon();
53:
54: #
55: # Write lonnet::passwd to do the call below.
56: # Use:
57: # my $answer=reply("encrypt:passwd:$udom:$uname:$upass",$tryserver);
58: #
59: ##################################################
60: # password associated functions #
61: ##################################################
62: sub des_keys {
63: # Make a new key for DES encryption.
64: # Each key has two parts which are returned seperately.
65: # Please note: Each key must be passed through the &hex function
66: # before it is output to the web browser. The hex versions cannot
67: # be used to decrypt.
68: my @hexstr=('0','1','2','3','4','5','6','7',
69: '8','9','a','b','c','d','e','f');
70: my $lkey='';
71: for (0..7) {
72: $lkey.=$hexstr[rand(15)];
73: }
74: my $ukey='';
75: for (0..7) {
76: $ukey.=$hexstr[rand(15)];
77: }
78: return ($lkey,$ukey);
79: }
80:
81: sub des_decrypt {
82: my ($key,$cyphertext) = @_;
83: my $keybin=pack("H16",$key);
84: my $cypher;
85: if ($Crypt::DES::VERSION>=2.03) {
86: $cypher=new Crypt::DES $keybin;
87: } else {
88: $cypher=new DES $keybin;
89: }
90: my $plaintext=
91: $cypher->decrypt(unpack("a8",pack("H16",substr($cyphertext,0,16))));
92: $plaintext.=
93: $cypher->decrypt(unpack("a8",pack("H16",substr($cyphertext,16,16))));
94: $plaintext=substr($plaintext,1,ord(substr($plaintext,0,1)) );
95: return $plaintext;
96: }
97:
98: ################################################################
99: # Handler subroutines #
100: ################################################################
101: sub screennamechanger {
102: my $r = shift;
103: my $errormessage = shift;
104: $errormessage = ($errormessage || '');
105: my $user = $ENV{'user.name'};
106: my $domain = $ENV{'user.domain'};
107: my $homeserver = $ENV{'user.home'};
108: $r->print(<<ENDSCREEN);
109: <html>
110: <body bgcolor="#FFFFFF">
111: <h1>Preferences for $user</h1>
112: <h3>$user is a member of domain $domain</h3>
113: $errormessage
114: <p>
115: Change anonymous discussion screen name for $user
116: </p>
117: </body>
118: </html>
119: ENDSCREEN
120: }
121: ######################################################
122: # password handler subroutines #
123: ######################################################
124: sub passwordchanger {
125: # This function is a bit of a mess....
126: # Passwords are encrypted using londes.js (DES encryption)
127: my $r = shift;
128: my $errormessage = shift;
129: $errormessage = ($errormessage || '');
130: my $user = $ENV{'user.name'};
131: my $domain = $ENV{'user.domain'};
132: my $homeserver = $ENV{'user.home'};
133: my $currentauth=&Apache::lonnet::queryauthenticate($user,$domain);
134: # Check for authentication types that allow changing of the password.
135: return if ($currentauth !~ /^(unix|internal):/);
136: #
137: # Generate keys
138: my ($lkey_cpass ,$ukey_cpass ) = &des_keys();
139: my ($lkey_npass1,$ukey_npass1) = &des_keys();
140: my ($lkey_npass2,$ukey_npass2) = &des_keys();
141: # Store the keys in the log files
142: my $lonhost = $r->dir_config('lonHostID');
143: my $logtoken=Apache::lonnet::reply('tmpput:'
144: .$ukey_cpass . $lkey_cpass .'&'
145: .$ukey_npass1 . $lkey_npass1.'&'
146: .$ukey_npass2 . $lkey_npass2,
147: $lonhost);
148: # Hexify the keys for output as javascript variables
149: $ukey_cpass = hex($ukey_cpass);
150: $lkey_cpass = hex($lkey_cpass);
151: $ukey_npass1= hex($ukey_npass1);
152: $lkey_npass1= hex($lkey_npass1);
153: $ukey_npass2= hex($ukey_npass2);
154: $lkey_npass2= hex($lkey_npass2);
155: # Output javascript to deal with passwords
156: # Output DES javascript
157: {
158: my $include = $r->dir_config('lonIncludes');
159: my $jsh=Apache::File->new($include."/londes.js");
160: $r->print(<$jsh>);
161: }
162: $r->print(<<ENDFORM);
163:
164: <body bgcolor="#FFFFFF" onLoad="init();">
165:
166: <script language="JavaScript">
167:
168: function send() {
169: uextkey=this.document.client.elements.ukey_cpass.value;
170: lextkey=this.document.client.elements.lkey_cpass.value;
171: initkeys();
172:
173: this.document.server.elements.currentpass.value
174: =crypted(this.document.client.elements.currentpass.value);
175:
176: uextkey=this.document.client.elements.ukey_npass1.value;
177: lextkey=this.document.client.elements.lkey_npass1.value;
178: initkeys();
179: this.document.server.elements.newpass_1.value
180: =crypted(this.document.client.elements.newpass_1.value);
181:
182: uextkey=this.document.client.elements.ukey_npass2.value;
183: lextkey=this.document.client.elements.lkey_npass2.value;
184: initkeys();
185: this.document.server.elements.newpass_2.value
186: =crypted(this.document.client.elements.newpass_2.value);
187:
188: this.document.server.submit();
189: }
190:
191: </script>
192: <h1>Preferences for $user</h1>
193: <h3>$user is a member of domain $domain</h3>
194: $errormessage
195: <p>
196: Change password for $user
197: </p>
198: <p>
199: <!-- We seperate the forms into 'server' and 'client' in order to
200: ensure that unencrypted passwords will not be sent out by a
201: crappy browser -->
202:
203: <form name="server" action="/adm/preferences" method="post">
204: <input type="hidden" name="logtoken" value="$logtoken" />
205: <input type="hidden" name="action" value="verify_and_change_pass" />
206: <input type="hidden" name="currentpass" value="" />
207: <input type="hidden" name="newpass_1" value="" />
208: <input type="hidden" name="newpass_2" value="" />
209: </form>
210:
211: <form name="client" >
212: <table>
213: <tr><td align="right"> Current password: </td>
214: <td><input type="password" name="currentpass" size="10"/> </td></tr>
215: <tr><td align="right"> New password: </td>
216: <td><input type="password" name="newpass_1" size="10" /> </td></tr>
217: <tr><td align="right"> Confirm password: </td>
218: <td><input type="password" name="newpass_2" size="10" /> </td></tr>
219: <tr><td colspan="2" align="center">
220: <input type="button" value="Change Password" onClick="send();">
221: </table>
222: <input type="hidden" name="ukey_cpass" value="$ukey_cpass" />
223: <input type="hidden" name="lkey_cpass" value="$lkey_cpass" />
224: <input type="hidden" name="ukey_npass1" value="$ukey_npass1" />
225: <input type="hidden" name="lkey_npass1" value="$lkey_npass1" />
226: <input type="hidden" name="ukey_npass2" value="$ukey_npass2" />
227: <input type="hidden" name="lkey_npass2" value="$lkey_npass2" />
228: </form>
229: </p>
230: ENDFORM
231: #
232: return;
233: }
234:
235: sub verify_and_change_password {
236: my $r = shift;
237: my $user = $ENV{'user.name'};
238: my $domain = $ENV{'user.domain'};
239: my $homeserver = $ENV{'user.home'};
240: my $currentauth=&Apache::lonnet::queryauthenticate($user,$domain);
241: # Check for authentication types that allow changing of the password.
242: return if ($currentauth !~ /^(unix|internal):/);
243: #
244: $r->print(<<ENDHEADER);
245: <html>
246: <head>
247: <title>LON-CAPA Preferences: Change password for $user</title>
248: </head>
249: ENDHEADER
250: #
251: my $currentpass = $ENV{'form.currentpass'};
252: my $newpass1 = $ENV{'form.newpass_1'};
253: my $newpass2 = $ENV{'form.newpass_2'};
254: my $logtoken = $ENV{'form.logtoken'};
255: # Check for empty data
256: unless (defined($currentpass) &&
257: defined($newpass1) &&
258: defined($newpass2) ){
259: &passwordchanger($r,"<p>\n<font color='#ff0000'>ERROR</font>".
260: "Password data was blank.\n</p>");
261: return;
262: }
263: # Get the keys
264: my $lonhost = $r->dir_config('lonHostID');
265: my $tmpinfo = Apache::lonnet::reply('tmpget:'.$logtoken,$lonhost);
266: if (($tmpinfo=~/^error/) || ($tmpinfo eq 'con_lost')) {
267: # I do not a have a better idea about how to handle this
268: $r->print(<<ENDERROR);
269: <p>
270: <font color="#ff0000">ERROR:</font> Unable to retrieve stored token for
271: password decryption. Please log out and try again.
272: </p>
273: ENDERROR
274: # Probably should log an error here
275: return;
276: }
277: my ($ckey,$n1key,$n2key)=split(/&/,$tmpinfo);
278: #
279: my $currentpass = &des_decrypt($ckey ,$currentpass);
280: my $newpass1 = &des_decrypt($n1key,$newpass1);
281: my $newpass2 = &des_decrypt($n2key,$newpass2);
282: #
283: if ($newpass1 ne $newpass2) {
284: &passwordchanger($r,
285: '<font color="#ff0000">ERROR:</font>'.
286: 'The new passwords you entered do not match. '.
287: 'Please try again.');
288: return;
289: }
290: if (length($newpass1) < 7) {
291: &passwordchanger($r,
292: '<font color="#ff0000">ERROR:</font>'.
293: 'Passwords must be a minimum of 7 characters long. '.
294: 'Please try again.');
295: return;
296: }
297: #
298: # Check for bad characters
299: my $badpassword = 0;
300: foreach (split(//,$newpass1)) {
301: $badpassword = 1 if ((ord($_)<32)||(ord($_)>126));
302: }
303: if ($badpassword) {
304: # I can't figure out how to enter bad characters on my browser.
305: &passwordchanger($r,<<ENDERROR);
306: <font color="#ff0000">ERROR:</font>
307: The password you entered contained illegal characters.<br />
308: Valid characters are: space and <br />
309: <pre>
310: !"\#$%&\'()*+,-./0123456789:;<=>?\@
311: ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_\`abcdefghijklmnopqrstuvwxyz{|}~
312: </pre>
313: ENDERROR
314: }
315: #
316: # Change the password (finally)
317: my $result = &Apache::lonnet::changepass
318: ($user,$domain,$currentpass,$newpass1,$homeserver);
319: # Inform the user the password has (not?) been changed
320: if ($result =~ /^ok$/) {
321: $r->print(<<"ENDTEXT");
322: <h2>Password for $user was successfully changed</h2>
323: ENDTEXT
324: } else {
325: # error error: run in circles, scream and shout
326: $r->print(<<ENDERROR);
327: <h2><font color="#ff0000">Password for $user was not changed</font></h2>
328: There was an internal error when attempting to change your password.
329: Please contact your instructor or the domain coordinator.
330: ENDERROR
331: }
332: return;
333: }
334:
335: ######################################################
336: # other handler subroutines #
337: ######################################################
338:
339:
340: ################################################################
341: # Main handler #
342: ################################################################
343: sub handler {
344: my $r = shift;
345: my $user = $ENV{'user.name'};
346: my $domain = $ENV{'user.domain'};
347: $r->content_type('text/html');
348: # Some pages contain DES keys and should not be cached.
349: &Apache::loncommon::no_cache($r);
350: $r->send_http_header;
351: return OK if $r->header_only;
352: # Spit out the header
353: if ($ENV{'form.action'} eq 'changepass') {
354: &passwordchanger($r);
355: } elsif ($ENV{'form.action'} eq 'verify_and_change_pass') {
356: &verify_and_change_password($r);
357: } elsif ($ENV{'form.action'} eq 'changescreenname') {
358: &screennamechanger($r);
359: } else {
360: $r->print(<<ENDHEADER);
361: <html>
362: <head>
363: <title>LON-CAPA Preferences</title>
364: </head>
365: <body bgcolor="#FFFFFF" >
366: <h1>Preferences for $user</h1>
367: <h3>$user is a member of domain $domain</h3>
368: ENDHEADER
369: # Determine current authentication method
370: my $currentauth=&Apache::lonnet::queryauthenticate($user,$domain);
371: if ($currentauth =~ /^(unix|internal):/) {
372: $r->print(<<ENDPASSWORDFORM);
373: <form name="client" action="/adm/preferences" method="post">
374: <input type="hidden" name="action" value="changepass">
375: <input type="submit" value="Change password">
376: </form>
377: ENDPASSWORDFORM
378: # Change screen name
379: $r->print(<<ENDSCREENNAMEFORM);
380: <form name="client" action="/adm/preferences" method="post">
381: <input type="hidden" name="action" value="changescreenname">
382: <input type="submit" value="Change anonymous discussion screen name">
383: </form>
384: ENDSCREENNAMEFORM
385: # Other preference setting code should be added here
386: }
387: }
388: $r->print(<<ENDFOOTER);
389: </body>
390: </html>
391: ENDFOOTER
392: return OK;
393: }
394:
395: 1;
396: __END__
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to lonpreferences.pm CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom / interface