--- loncom/interface/resetpw.pm 2016/09/12 16:02:16 1.38 +++ loncom/interface/resetpw.pm 2019/02/08 19:57:29 1.43 @@ -1,7 +1,7 @@ # The LearningOnline Network # Allow access to password changing via a token sent to user's e-mail. # -# $Id: resetpw.pm,v 1.38 2016/09/12 16:02:16 raeburn Exp $ +# $Id: resetpw.pm,v 1.43 2019/02/08 19:57:29 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -96,9 +96,14 @@ sub handler { if ($udom) { $domdesc = &Apache::lonnet::domain($udom,'description'); if ($domdesc) { + $otherinst = 1; + my @ids=&Apache::lonnet::current_machine_ids(); my %servers = &Apache::lonnet::internet_dom_servers($udom); - unless (exists($servers{$server})) { - $otherinst = 1; + foreach my $server (keys(%servers)) { + if (grep(/^\Q$server\E$/,@ids)) { + $otherinst = 0; + last; + } } } } @@ -196,7 +201,10 @@ END '
'.$blocktext.'
'; - return $msg; + $r->print(''.$blocktext.'
'); + return; } elsif ($now - $data{'time'} < 7200) { if ($env{'form.action'} eq 'verify_and_change_pass') { + $env{'form.uname'} =~ s/^\s+|\s+$//g; + $env{'form.udom'} =~ s/^\s+|\s+$//g; + $env{'form.email'} =~ s/^\s+|\s+$//g; unless (($env{'form.uname'} eq $data{'username'}) && ($env{'form.udom'} eq $data{'domain'}) && ($env{'form.email'} eq $data{'email'})) { - $msg = &generic_failure_msg($contact_name,$contact_email); - return $msg; + &Apache::lonnet::logthis("Forgot Password -- token data: ||$data{'username'}|| ||$data{'domain'}|| ||$data{'email'}|| differs from form: ||$env{'form.uname'}|| ||$env{'form.udom'}|| ||$env{'form.email'}||"); + $r->print(&generic_failure_msg($contact_name,$contact_email)); + return; } my $change_failed = &Apache::lonpreferences::verify_and_change_password($r,'reset_by_email',$token); @@ -472,34 +488,36 @@ sub reset_passwd { .' confirming setting of your new password.' ,''.$data{'email'}.''),1); } - $msg .= + $r->print( &Apache::loncommon::confirmwrapper($confirm_msg) .&Apache::lonhtmlcommon::actionbox([ - ''.&mt('Go to the login page').'']); + ''.&mt('Go to the login page').'']) + ); } elsif ($change_failed eq 'invalid_client') { my $homeserver = &Apache::lonnet::homeserver($data{'username'},$data{'domain'}); if ($homeserver eq 'no_host') { - $msg .= &generic_failure_msg($contact_name,$contact_email); + $r->print(&generic_failure_msg($contact_name,$contact_email)); } else { + my $hostname = &Apache::lonnet::hostname($homeserver); my $protocol = $Apache::lonnet::protocol{$homeserver}; $protocol = 'http' if ($protocol ne 'https'); - my $url = $protocol.'://'.&Apache::lonnet::hostname($homeserver). - '/adm/resetpw'; + my $url = $protocol.'://'.$hostname.'/adm/resetpw'; my ($opentag,$closetag); if ($url) { $opentag = ''; $closetag = ''; } - $msg .= + $r->print( '' .&mt('A problem occurred when attempting to reset' .' the password for your account.' .' Please try again from your [_1]home server[_2].' ,$opentag,$closetag) - .'
'; + .'' + ); } } else { - $msg .= &generic_failure_msg($contact_name,$contact_email); + $r->print(&generic_failure_msg($contact_name,$contact_email)); } } else { $r->print(&mt('The token included in an e-mail sent to you [_1] has been verified, so you may now proceed to reset the password for your LON-CAPA account.',$reqtime).'' .&mt('Sorry, the token generated when you requested a password reset has expired. Please submit a [_1]new request[_2], and follow the link to the web page included in the new e-mail that will be sent to you, to allow you to enter a new password.' ,'','') - .'
'; + .'' + ); } } else { - $msg .= + $r->print( '' .&mt('Sorry, the URL generated when you requested reset of your password contained incomplete information. Please submit a [_1]new request[_2] for a password reset, and use the new URL that will be sent to your e-mail account to complete the process.' ,'','') - .'
'; + .'' + ); } - return $msg; + return; } sub generic_failure_msg {