--- loncom/interface/resetpw.pm 2009/04/29 16:57:29 1.17 +++ loncom/interface/resetpw.pm 2010/11/29 19:15:14 1.26 @@ -1,7 +1,7 @@ # The LearningOnline Network # Allow access to password changing via a token sent to user's e-mail. # -# $Id: resetpw.pm,v 1.17 2009/04/29 16:57:29 bisitz Exp $ +# $Id: resetpw.pm,v 1.26 2010/11/29 19:15:14 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -26,6 +26,28 @@ # http://www.lon-capa.org/ # # + +=pod + +=head1 NAME + +Apache::resetpw: reset user password. + +=head1 SYNOPSIS + +Handles resetting of forgotten passwords. + +This is part of the LearningOnline Network with CAPA project +described at http://www.lon-capa.org. + +=head1 OVERVIEW + +A user with an e-mail address associated with his/her LON-CAPA username +can reset a forgotten password, using a link sent to the e-mail address +if the authentication type for the account is "internal". + +=cut + package Apache::resetpw; use strict; @@ -46,7 +68,16 @@ sub handler { my $contact_name = &mt('LON-CAPA helpdesk'); my $contact_email = $r->dir_config('lonSupportEMail'); my $server = $r->dir_config('lonHostID'); - my $defdom = $r->dir_config('lonDefDomain'); + my $defdom = &Apache::lonnet::default_login_domain(); + my $handle = &Apache::lonnet::check_for_valid_session($r); + my $lonidsdir=$r->dir_config('lonIDsDir'); + if ($handle ne '') { + if ($handle=~/^publicuser\_/) { + unlink($r->dir_config('lonIDsDir')."/$handle.id"); + } else { + &Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle); + } + } &Apache::lonacc::get_posted_cgi($r); &Apache::lonlocal::get_language_handle($r); &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},['token']); @@ -55,11 +86,27 @@ sub handler { my $uname = &unescape($env{'form.uname'}); my $udom = $env{'form.udom'}; my $token = $env{'form.token'}; - my $start_page = - &Apache::loncommon::start_page('Reset password','', - { - 'no_inline_link' => 1,}); - $r->print($start_page); + my $brcrum = []; + my $bread_crumbs_component = 'Forgotten Password'; + if ($token) { + push (@{$brcrum}, + {href => '/adm/resetpw', + text => 'Update Password'}); + + $bread_crumbs_component = 'Reset Password'; + } else { + push (@{$brcrum}, + {href => '/adm/resetpw', + text => 'Account Information'}); + if ($uname && $udom) { + push (@{$brcrum}, + {href => '/adm/resetpw', + text => 'Result'}); + } + } + my $args = {bread_crumbs => $brcrum, + bread_crumbs_component => $bread_crumbs_component}; + $r->print(&Apache::loncommon::start_page('Reset password','',$args)); $r->print('

'.&mt('Reset forgotten LON-CAPA password').'

'); my $output; if ($token) { @@ -76,18 +123,26 @@ sub handler { my %userinfo = &Apache::lonnet::get('environment',\@emailtypes, $udom,$uname); - my $email = ''; - my $emailtarget; + my @allemails; foreach my $type (@emailtypes) { - $email = $userinfo{$type}; - if ($email =~ /[^\@]+\@[^\@]+/) { - $emailtarget = $type; - last; + my $email = $userinfo{$type}; + my @items; + if ($email =~ /,/) { + @items = split(',',$userinfo{$type}); + } else { + @items = ($email); + } + foreach my $item (@items) { + if ($item =~ /^[^\@]+\@[^\@]+\.[^\@\.]+$/) { + unless(grep(/^\Q$item\E$/,@allemails)) { + push(@allemails,$item); + } + } } } - if ($email =~ /^[^\@]+\@[^\@]+\.[^\@\.]+$/) { - if ($useremail eq $email) { - $output = &send_token($uname,$udom,$email,$server, + if (@allemails > 0) { + if (grep(/^\Q$useremail\E$/,@allemails)) { + $output = &send_token($uname,$udom,$useremail,$server, $domdesc,$contact_name, $contact_email); } else { @@ -123,29 +178,24 @@ sub get_uname { uemail => 'E-mail address in LON-CAPA', proc => 'Proceed'); - my $msg = &mt('If you use the same account for other campus services besides LON-CAPA, (e.g., e-mail, course registration, etc.), a separate centrally managed mechanism likely exists to reset a password. However, if your account is used for just LON-CAPA access you will probably be able to reset a password from this page.'); + my $msg = &mt('If you use the same account for other campus services besides LON-CAPA, (e.g., e-mail, course registration, etc.), a separate centrally managed mechanism likely exists to reset a password. However, if your account is used for just LON-CAPA access you will probably be able to reset a password from this page.'); $msg .= '

'.&mt('Three conditions must be met:') .''; - $msg .= qq| -
- - - - - - - - -
-
LON-CAPA $lt{'unam'}:
LON-CAPA $lt{'udom'}: |; - $msg .= &Apache::loncommon::select_dom_form($defdom,'udom'); - $msg .= qq|
$lt{'uemail'}:

-
-
-|; + $msg .= '
'. + &Apache::lonhtmlcommon::start_pick_box(). + &Apache::lonhtmlcommon::row_title('LON-CAPA '.$lt{'unam'}). + ''. + &Apache::lonhtmlcommon::row_closure(1). + &Apache::lonhtmlcommon::row_title('LON-CAPA '.$lt{'udom'}). + &Apache::loncommon::select_dom_form($defdom,'udom'). + &Apache::lonhtmlcommon::row_closure(1). + &Apache::lonhtmlcommon::row_title($lt{'uemail'}). + ''. + &Apache::lonhtmlcommon::end_pick_box(). + '

'; return $msg; } @@ -168,7 +218,7 @@ sub send_token { my $esc_token = &escape($token); my $showtime = &Apache::lonlocal::locallocaltime(time); my $reseturl = &Apache::lonnet::absolute_url().'/adm/resetpw?token='.$esc_token; - my $mailmsg = &mt('A request was submitted on [_1] for reset of the password for your LON-CAPA account.',$showtime).' '.&mt('To complete this process please open a web browser and enter the following URL in the address/location box: [_1]',$reseturl); + my $mailmsg = &mt('A request was submitted on [_1] for reset of the password for your LON-CAPA account.',$showtime)." \n".&mt('To complete this process please open a web browser and enter the following URL in the address/location box: [_1]',"\n\n".$reseturl); my $result = &send_mail($domdesc,$email,$mailmsg,$contact_name, $contact_email); if ($result eq 'ok') { @@ -188,6 +238,7 @@ sub send_mail { my $requestmail = "To: $email\n". "From: $contact_name <$contact_email>\n". "Subject: ".&mt('Your LON-CAPA account')."\n". + "Content-type: text/plain\;charset=UTF-8\n". "\n\n".$mailmsg."\n\n". &mt('[_1] LON-CAPA support team',$domdesc)."\n". "$contact_email\n"; @@ -205,8 +256,8 @@ sub invalid_state { my ($error,$domdesc,$contact_name,$contact_email) = @_; my $msg; if ($error eq 'invalid') { - $msg = &mt('The username you provided was not verified as a valid username in the LON-CAPA system for the [_1] domain.',$domdesc) - .' '.&mt('Please [_1]go back[_2] and try again.','',''); + $msg = '

'.&mt('The username you provided was not verified as a valid username in the LON-CAPA system for the [_1] domain.',$domdesc) + .'

'.&mt('Please [_1]go back[_2] and try again.','',''); } else { if ($error eq 'baduseremail') { $msg = &mt('The e-mail address you provided does not appear to be a valid address.'); @@ -217,6 +268,7 @@ sub invalid_state { } elsif ($error eq 'authentication') { $msg = &mt('The username you provided uses an authentication type which can not be reset directly via LON-CAPA.'); } + $msg = '

'.$msg.'

'; if ($contact_email ne '') { my $escuri = &HTML::Entities::encode('/adm/resetpw','&<>"'); $msg .= '
'.&mt('You may wish to contact the [_1]LON-CAPA helpdesk[_2] for the [_3] domain.' @@ -246,6 +298,10 @@ sub reset_passwd { my $reqtime = &Apache::lonlocal::locallocaltime($data{'time'}); if ($now - $data{'time'} < 7200) { if ($env{'form.action'} eq 'verify_and_change_pass') { + unless (($env{'form.uname'} eq $data{'username'}) && ($env{'form.udom'} eq $data{'domain'}) && ($env{'form.email'} eq $data{'email'})) { + $msg = &generic_failure_msg($contact_name,$contact_email); + return $msg; + } my $change_failed = &Apache::lonpreferences::verify_and_change_password($r,'reset_by_email',$token); if (!$change_failed) { @@ -263,10 +319,24 @@ sub reset_passwd { } $msg .= '

' .''.&mt('Go to the login page').'.'; + } elsif ($change_failed eq 'invalid_client') { + my $homeserver = &Apache::lonnet::homeserver($data{'username'},$data{'domain'}); + if ($homeserver eq 'no_host') { + $msg .= &generic_failure_msg($contact_name,$contact_email); + } else { + my $protocol = $Apache::lonnet::protocol{$homeserver}; + $protocol = 'http' if ($protocol ne 'https'); + my $url = $protocol.'://'.&Apache::lonnet::hostname($homeserver). + '/adm/resetpw'; + my ($opentag,$closetag); + if ($url) { + $opentag = ''; + $closetag = ''; + } + $msg .= &mt('A problem occurred when attempting to reset the password for your account. Please try again from your [_1]home server[_2].',$opentag,$closetag); + } } else { - $msg .= &mt('A problem occurred when attempting to reset the password for your account. Please contact the [_1] - ([_2]) for assistance.' - ,$contact_name - ,''.$contact_email.''); + $msg .= &generic_failure_msg($contact_name,$contact_email); } } else { $r->print(&mt('The token included in an e-mail sent to you [_1] has been verified, so you may now proceed to reset the password for your LON-CAPA account.',$reqtime).'

'); @@ -284,6 +354,12 @@ sub reset_passwd { return $msg; } +sub generic_failure_msg { + my ($contact_name,$contact_email) = @_; + return &mt('A problem occurred when attempting to reset the password for your account. Please contact the [_1] - ([_2]) for assistance.', + $contact_name,''.$contact_email.''); +} + sub create_passwd { my $passwd = ''; my @letts = ("a".."z");