--- loncom/interface/resetpw.pm	2009/10/01 21:05:12	1.17.10.2
+++ loncom/interface/resetpw.pm	2009/11/19 16:08:25	1.17.10.3
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Allow access to password changing via a token sent to user's e-mail. 
 #
-# $Id: resetpw.pm,v 1.17.10.2 2009/10/01 21:05:12 raeburn Exp $
+# $Id: resetpw.pm,v 1.17.10.3 2009/11/19 16:08:25 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -26,6 +26,28 @@
 # http://www.lon-capa.org/
 #
 #
+
+=pod
+
+=head1 NAME
+
+Apache::resetpw: reset user password.
+
+=head1 SYNOPSIS
+
+Handles resetting of forgotten passwords.
+
+This is part of the LearningOnline Network with CAPA project
+described at http://www.lon-capa.org.
+
+=head1 OVERVIEW
+
+A user with an e-mail address associated with his/her LON-CAPA username
+can reset a forgotten password, using a link sent to the e-mail address
+if the authentication type for the account is "internal".
+
+=cut
+
 package Apache::resetpw;
 
 use strict;
@@ -254,6 +276,10 @@ sub reset_passwd {
         my $reqtime = &Apache::lonlocal::locallocaltime($data{'time'});
         if ($now - $data{'time'} < 7200) {
             if ($env{'form.action'} eq 'verify_and_change_pass') {
+                unless (($env{'form.uname'} eq $data{'username'}) && ($env{'form.udom'} eq $data{'domain'}) && ($env{'form.email'} eq $data{'email'})) {
+                    $msg = &generic_failure_msg($contact_name,$contact_email);
+                    return $msg;
+                }
                 my $change_failed = 
 		    &Apache::lonpreferences::verify_and_change_password($r,'reset_by_email',$token);
                 if (!$change_failed) {
@@ -271,10 +297,24 @@ sub reset_passwd {
                     }
                     $msg .= '<br /><br />'
                            .'<a href="/adm/login">'.&mt('Go to the login page').'</a>.';
+                } elsif ($change_failed eq 'invalid_client') {
+                    my $homeserver = &Apache::lonnet::homeserver($data{'username'},$data{'domain'});
+                    if ($homeserver eq 'no_host') {
+                        $msg .= &generic_failure_msg($contact_name,$contact_email);
+                    } else {
+                        my $protocol = $Apache::lonnet::protocol{$homeserver};
+                        $protocol = 'http' if ($protocol ne 'https');
+                        my $url = $protocol.'://'.&Apache::lonnet::hostname($homeserver).
+                                  '/adm/resetpw';
+                        my ($opentag,$closetag);
+                        if ($url) {
+                           $opentag = '<a href="'.$url.'">';
+                           $closetag = '</a>';
+                        }
+                        $msg .= &mt('A problem occurred when attempting to reset the password for your account. Please try again from your [_1]home server[_2].',$opentag,$closetag);
+                    }
                 } else {
-                    $msg .= &mt('A problem occurred when attempting to reset the password for your account. Please contact the [_1] - ([_2]) for assistance.'
-                               ,$contact_name
-                               ,'<a href="mailto:'.$contact_email.'">'.$contact_email.'</a>');
+                    $msg .= &generic_failure_msg($contact_name,$contact_email);
                 }
             } else {
                 $r->print(&mt('The token included in an e-mail sent to you [_1] has been verified, so you may now proceed to reset the password for your LON-CAPA account.',$reqtime).'<br /><br />');
@@ -292,6 +332,12 @@ sub reset_passwd {
     return $msg;
 }
 
+sub generic_failure_msg {
+    my ($contact_name,$contact_email) = @_;
+    return &mt('A problem occurred when attempting to reset the password for your account. Please contact the [_1] - ([_2]) for assistance.',
+              $contact_name,'<a href="mailto:'.$contact_email.'">'.$contact_email.'</a>');
+}
+
 sub create_passwd {
     my $passwd = '';
     my @letts = ("a".."z");