loncom/interface/resetpw.pm - diff

Return to resetpw.pm CVS log

Up to [LON-CAPA] / loncom / interface

Diff for /loncom/interface/resetpw.pm between versions 1.44 and 1.49

version 1.44, 2019/04/24 01:44:30	version 1.49, 2021/05/04 18:47:36
Line 300 END	Line 300 END
$output = &invalid_state('baddomain',$domdesc,	$output = &invalid_state('baddomain',$domdesc,
$contact_name,$contact_email);	$contact_name,$contact_email);
} elsif ($otherinst) {	} elsif ($otherinst) {
($header,$output) = &homeserver_redirect($uname,$udom,$domdesc,$brcrum);	($header,$output) = &homeserver_redirect($r,$uname,$udom,$domdesc,$brcrum);
} elsif (($uname) \|\| ($useremail)) {	} elsif (($uname) \|\| ($useremail)) {
my $earlyout;	my $earlyout;
unless ($passwdconf{'captcha'} eq 'unused') {	unless ($passwdconf{'captcha'} eq 'unused') {
my ($captcha_chk,$captcha_error) =	my ($captcha_chk,$captcha_error) =
&Apache::loncommon::captcha_response('passwords',$server);	&Apache::loncommon::captcha_response('passwords',$server,$dom_in_effect);
if ($captcha_chk != 1) {	if ($captcha_chk != 1) {
my $error = 'captcha';	my $error = 'captcha';
if ($passwdconf{'captcha'} eq 'recaptcha') {	if ($passwdconf{'captcha'} eq 'recaptcha') {
Line 359 END	Line 359 END
}	}
foreach my $item (@items) {	foreach my $item (@items) {
if ($item =~ /^[^\@]+\@[^\@]+\.[^\@\.]+$/) {	if ($item =~ /^[^\@]+\@[^\@]+\.[^\@\.]+$/) {
unless (grep(/^\Q$item\E$/i,@allemails)) {	unless (grep(/^\Q$item\E$/i,@allemails)) {
push(@allemails,$item);	push(@allemails,$item);
}	}
}	}
Line 482 sub send_token {	Line 482 sub send_token {

my $now = time;	my $now = time;
my $temppasswd = &create_passwd();	my $temppasswd = &create_passwd();
my %info = ('ip' => $ENV{'REMOTE_ADDR'},	my $ip = &Apache::lonnet::get_requestor_ip();
	my %info = ('ip' => $ip,
'time' => $now,	'time' => $now,
'domain' => $udom,	'domain' => $udom,
'username' => $uname,	'username' => $uname,
Line 578 sub invalid_state {	Line 579 sub invalid_state {
}	}

sub homeserver_redirect {	sub homeserver_redirect {
my ($uname,$udom,$domdesc,$brcrum) = @_;	my ($r,$uname,$udom,$domdesc,$brcrum) = @_;
my $uhome;	my $uhome;
if (($uname ne '') && ($udom ne '')) {	if (($uname ne '') && ($udom ne '')) {
$uhome = &Apache::lonnet::homeserver($uname,$udom);	$uhome = &Apache::lonnet::homeserver($uname,$udom);
Line 589 sub homeserver_redirect {	Line 590 sub homeserver_redirect {
my $hostname = &Apache::lonnet::hostname($uhome);	my $hostname = &Apache::lonnet::hostname($uhome);
my $protocol = $Apache::lonnet::protocol{$uhome};	my $protocol = $Apache::lonnet::protocol{$uhome};
$protocol = 'http' if ($protocol ne 'https');	$protocol = 'http' if ($protocol ne 'https');
	my $alias = &Apache::lonnet::use_proxy_alias($r,$uhome);
	$hostname = $alias if ($alias ne '');
my $url = $protocol.'://'.$hostname.'/adm/resetpw';	my $url = $protocol.'://'.$hostname.'/adm/resetpw';
# Breadcrumbs	# Breadcrumbs
my $start_page = &Apache::loncommon::start_page('Switching Server',undef,	my $start_page = &Apache::loncommon::start_page('Switching Server',undef,
Line 639 sub reset_passwd {	Line 642 sub reset_passwd {
$invalidinfo = "\|\|$env{'form.uname'}\|\| \|\|$env{'form.udom'}\|\| ";	$invalidinfo = "\|\|$env{'form.uname'}\|\| \|\|$env{'form.udom'}\|\| ";
}	}
} else {	} else {
unless ((lc($env{'form.uname'}) eq lc($data{'username'})) && (lc($env{'form.udom'}) eq lc($data{'domain'}))) {	if ((lc($env{'form.uname'}) eq lc($data{'username'})) && (lc($env{'form.udom'}) eq lc($data{'domain'}))) {
	$env{'form.uname'} = $data{'username'};
	} else {
$invalidinfo = "\|\|$env{'form.uname'}\|\| \|\|$env{'form.udom'}\|\| ";	$invalidinfo = "\|\|$env{'form.uname'}\|\| \|\|$env{'form.udom'}\|\| ";
}	}
}	}
Line 661 sub reset_passwd {	Line 666 sub reset_passwd {
}	}
if ($invalidinfo) {	if ($invalidinfo) {
&Apache::lonnet::logthis("Forgot Password -- token data: \|\|$data{'username'}\|\| \|\|$data{'domain'}\|\| \|\|$data{'email'}\|\| differs from form: $invalidinfo");	&Apache::lonnet::logthis("Forgot Password -- token data: \|\|$data{'username'}\|\| \|\|$data{'domain'}\|\| \|\|$data{'email'}\|\| differs from form: $invalidinfo");
$r->print(&generic_failure_msg($contact_name,$contact_email));	my $retry;
	$r->print(
	'<p class="LC_warning">'
	.&mt('A problem occurred when attempting to reset'
	.' the password for your account.').'</p>');
	if (($formfields{'username'}) && ($formfields{'email'})) {
	if ($needscase) {
	$r->print('<p>'
	.&mt('Please verify you entered the correct username and e-mail address, '
	.'including the correct lower and/or upper case letters')
	.'</p>');
	} else {
	$r->print('<p>'
	.&mt('Please verify you entered the correct username and e-mail address.')
	.'</p>');
	}
	$retry = 1;
	} elsif ($formfields{'username'}) {
	if ($needscase) {
	$r->print('<p>'
	.&mt('Please verify you entered the correct username, '
	.'including the correct lower and/or upper case letters')
	.'</p>');
	} else {
	$r->print('<p>'
	.&mt('Please verify you entered the correct username.')
	.'</p>');
	}
	$retry = 1;
	} elsif ($formfields{'email'}) {
	if ($needscase) {
	$r->print('<p>'
	.&mt('Please verify you entered the correct e-mail address, '
	.'including the correct lower and/or upper case letters')
	.'</p>');
	} else {
	$r->print('<p>'
	.&mt('Please verify you entered the correct e-mail address.')
	.'</p>');
	}
	$retry = 1;
	}
	if ($retry) {
	&Apache::lonpreferences::passwordchanger($r,'','reset_by_email',$token,$timelimit,\%formfields);
	} else {
	$r->print(&generic_failure_msg($contact_name,$contact_email));
	}
unless ($formfields{'username'}) {	unless ($formfields{'username'}) {
delete($env{'form.uname'});	delete($env{'form.uname'});
delete($env{'form.udom'});	delete($env{'form.udom'});
Line 669 sub reset_passwd {	Line 720 sub reset_passwd {
return;	return;
}	}
my $change_failed =	my $change_failed =
&Apache::lonpreferences::verify_and_change_password($r,'reset_by_email',$token);	&Apache::lonpreferences::verify_and_change_password($r,'reset_by_email',$token,$timelimit,\%formfields);
if (!$change_failed) {	if (!$change_failed) {
my $delete = &Apache::lonnet::tmpdel($token);	my $delete = &Apache::lonnet::tmpdel($token);
my $now = &Apache::lonlocal::locallocaltime(time);	my $now = &Apache::lonlocal::locallocaltime(time);
my $domdesc =	my $domdesc =
&Apache::lonnet::domain($data{'domain'},'description');	&Apache::lonnet::domain($data{'domain'},'description');
my $mailmsg = &mt('The password for your LON-CAPA account in the [_1] domain was changed [_2] from IP address: [_3]. If you did not perform this change or authorize it, please contact the [_4] ([_5]).',$domdesc,$now,$ENV{'REMOTE_ADDR'},$contact_name,$contact_email)."\n";	my $ip = &Apache::lonnet::get_requestor_ip();
	my $mailmsg = &mt('The password for your LON-CAPA account in the [_1] domain was changed [_2] from IP address: [_3]. If you did not perform this change or authorize it, please contact the [_4] ([_5]).',$domdesc,$now,$ip,$contact_name,$contact_email)."\n";
my $result = &send_mail($domdesc,$data{'email'},$mailmsg,	my $result = &send_mail($domdesc,$data{'email'},$mailmsg,
$contact_name,$contact_email);	$contact_name,$contact_email);
my $confirm_msg;	my $confirm_msg;
Line 705 sub reset_passwd {	Line 757 sub reset_passwd {
my $hostname = &Apache::lonnet::hostname($homeserver);	my $hostname = &Apache::lonnet::hostname($homeserver);
my $protocol = $Apache::lonnet::protocol{$homeserver};	my $protocol = $Apache::lonnet::protocol{$homeserver};
$protocol = 'http' if ($protocol ne 'https');	$protocol = 'http' if ($protocol ne 'https');
	my $alias = &Apache::lonnet::use_proxy_alias($r,$homeserver);
	$hostname = $alias if ($alias ne '');
my $url = $protocol.'://'.$hostname.'/adm/resetpw';	my $url = $protocol.'://'.$hostname.'/adm/resetpw';
my ($opentag,$closetag);	my ($opentag,$closetag);
if ($url) {	if ($url) {
Line 720 sub reset_passwd {	Line 774 sub reset_passwd {
.'</p>'	.'</p>'
);	);
}	}
} else {	} elsif (($change_failed eq 'prioruse') && ($passwdconf->{'numsaved'})) {
	my $domdesc =
	&Apache::lonnet::domain($data{'domain'},'description');
	$r->print(
	'<p class="LC_warning">'
	.&mt('Please enter a password that you have not used recently.')
	.'</p>'
	.&display_actions($contact_email,$domdesc,$token)
	);
	} elsif (($change_failed eq 'internalerror') \|\| ($change_failed eq 'missingtemp') \|\|
	($change_failed eq 'error')) {
$r->print(&generic_failure_msg($contact_name,$contact_email));	$r->print(&generic_failure_msg($contact_name,$contact_email));
}	}
unless ($formfields{'username'}) {	unless ($formfields{'username'}) {
Line 740 sub reset_passwd {	Line 804 sub reset_passwd {
if ($needscase) {	if ($needscase) {
$r->print(' '.&mt('User data entered must match LON-CAPA account information (including case).'));	$r->print(' '.&mt('User data entered must match LON-CAPA account information (including case).'));
}	}
$r->print(' ');	$r->print('<br />');
	}
	my ($min,$max,$minrule,$maxrule);
	if ($passwdconf->{min}) {
	$min = $passwdconf->{min};
	} else {
	$min = $Apache::lonnet::passwdmin;
	}
	if ($min) {
	$minrule = &mt('Minimum password length: [_1]',$min);
	}
	if ($passwdconf->{max}) {
	$max = $passwdconf->{max};
	$maxrule = &mt('Maximum password length: [_1]',$max);
}	}
if (ref($passwdconf->{chars}) eq 'ARRAY') {	if (ref($passwdconf->{chars}) eq 'ARRAY') {
my %rules;	my %rules;
Line 757 sub reset_passwd {	Line 834 sub reset_passwd {
$r->print('<li>'.$rulenames{$poss}.'</li>');	$r->print('<li>'.$rulenames{$poss}.'</li>');
}	}
}	}
	if ($min) {
	$r->print('<li>'.$minrule.'</li>');
	}
	if ($max) {
	$r->print('<li>'.$maxrule.'</li>');
	}
$r->print('</ul>');	$r->print('</ul>');
} else {	} else {
$r->print(&mt('The new password must contain at least 7 characters.').' ');	if ($min && $max) {
	$r->print(&mt('The new password must satisfy the following:').'<ul>'."\n".
	'<li>'.$minrule.'</li>'."\n".
	'<li>'.$maxrule.'</li>'."\n".
	'</ul>'."\n");
	} elsif ($min) {
	$r->print($minrule.'<br />');
	} elsif ($max) {
	$r->print($maxrule.'<br />');
	}
}	}
$r->print(&mt('Your new password will be sent to the LON-CAPA server in an encrypted form.').'<br />');	$r->print(&mt('Your new password will be sent to the LON-CAPA server in an encrypted form.').'<br />');
&Apache::lonpreferences::passwordchanger($r,'','reset_by_email',$token,$timelimit,\%formfields);	&Apache::lonpreferences::passwordchanger($r,'','reset_by_email',$token,$timelimit,\%formfields);
Line 767 sub reset_passwd {	Line 859 sub reset_passwd {
} else {	} else {
$r->print(	$r->print(
'<p class="LC_warning">'	'<p class="LC_warning">'
.&mt('Sorry, the token generated when you requested a password reset has expired. Please submit a [_1]new request[_2], and follow the link to the web page included in the new e-mail that will be sent to you, to allow you to enter a new password.'	.&mt('Sorry, the token generated when you requested a password reset has expired.').'<br />'
	.&mt('Please submit a [_1]new request[_2], and follow the link to the web page included in the new e-mail that will be sent to you, to allow you to enter a new password.'
,'<a href="/adm/resetpw">','</a>')	,'<a href="/adm/resetpw">','</a>')
.'</p>'	.'</p>'
);	);
Line 815 sub create_passwd {	Line 908 sub create_passwd {
}	}

sub display_actions {	sub display_actions {
my ($contact_email, $domdesc) = @_;	my ($contact_email,$domdesc,$token) = @_;
	my $url = '/adm/resetpw';
	if ($token) {
	$url .= '?token='.&escape($token);
	}
my @msg = (&mt('[_1]Go back[_2] and try again',	my @msg = (&mt('[_1]Go back[_2] and try again',
'<a href="javascript:history.go(-1)">','</a>'));	'<a href="'.$url.'">','</a>'));
my $msg2 = '';	my $msg2 = '';
if ($contact_email ne '') {	if ($contact_email ne '') {
my $escuri = &HTML::Entities::encode('/adm/resetpw','&<>"');	my $escuri = &HTML::Entities::encode('/adm/resetpw','&<>"');

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.44
changed lines
	Added in v.1.49