--- loncom/interface/resetpw.pm 2009/10/08 19:54:37 1.20 +++ loncom/interface/resetpw.pm 2009/12/07 03:53:17 1.22.2.1 @@ -1,7 +1,7 @@ # The LearningOnline Network # Allow access to password changing via a token sent to user's e-mail. # -# $Id: resetpw.pm,v 1.20 2009/10/08 19:54:37 raeburn Exp $ +# $Id: resetpw.pm,v 1.22.2.1 2009/12/07 03:53:17 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -26,6 +26,28 @@ # http://www.lon-capa.org/ # # + +=pod + +=head1 NAME + +Apache::resetpw: reset user password. + +=head1 SYNOPSIS + +Handles resetting of forgotten passwords. + +This is part of the LearningOnline Network with CAPA project +described at http://www.lon-capa.org. + +=head1 OVERVIEW + +A user with an e-mail address associated with his/her LON-CAPA username +can reset a forgotten password, using a link sent to the e-mail address +if the authentication type for the account is "internal". + +=cut + package Apache::resetpw; use strict; @@ -126,8 +148,8 @@ sub handler { sub get_uname { my ($defdom) = @_; my %lt = &Apache::lonlocal::texthash( - unam => 'username', - udom => 'domain', + unam => 'LON-CAPA username', + udom => 'LON-CAPA domain', uemail => 'E-mail address in LON-CAPA', proc => 'Proceed'); @@ -141,9 +163,9 @@ sub get_uname {
+ - + @@ -254,6 +276,10 @@ sub reset_passwd { my $reqtime = &Apache::lonlocal::locallocaltime($data{'time'}); if ($now - $data{'time'} < 7200) { if ($env{'form.action'} eq 'verify_and_change_pass') { + unless (($env{'form.uname'} eq $data{'username'}) && ($env{'form.udom'} eq $data{'domain'}) && ($env{'form.email'} eq $data{'email'})) { + $msg = &generic_failure_msg($contact_name,$contact_email); + return $msg; + } my $change_failed = &Apache::lonpreferences::verify_and_change_password($r,'reset_by_email',$token); if (!$change_failed) {
-
LON-CAPA $lt{'unam'}:
$lt{'unam'}:
LON-CAPA $lt{'udom'}:
$lt{'udom'}: |; $msg .= &Apache::loncommon::select_dom_form($defdom,'udom'); $msg .= qq|