# The LearningOnline Network with CAPA # Create a user # # $Id: loncreateuser.pm,v 1.25 2002/02/11 15:37:58 matthew Exp $ # # Copyright Michigan State University Board of Trustees # # This file is part of the LearningOnline Network with CAPA (LON-CAPA). # # LON-CAPA is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # LON-CAPA is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with LON-CAPA; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # # /home/httpd/html/adm/gpl.txt # # http://www.lon-capa.org/ # # (Create a course # (My Desk # # (Internal Server Error Handler # # (Login Screen # 5/21/99,5/22,5/25,5/26,5/31,6/2,6/10,7/12,7/14, # 1/14/00,5/29,5/30,6/1,6/29,7/1,11/9 Gerd Kortemeyer) # # YEAR=2001 # 3/1/1 Gerd Kortemeyer) # # 3/1 Gerd Kortemeyer) # # 2/14 Gerd Kortemeyer) # # 2/14,2/17,2/19,2/20,2/21,2/22,2/23,3/2,3/17,3/24,04/12 Gerd Kortemeyer # April Guy Albertelli # 05/10,10/16 Gerd Kortemeyer # 11/12,11/13,11/15 Scott Harrison # 02/11/02 Matthew Hall # # $Id: loncreateuser.pm,v 1.25 2002/02/11 15:37:58 matthew Exp $ ### package Apache::loncreateuser; use strict; use Apache::Constants qw(:common :http); use Apache::lonnet; my $loginscript; # piece of javascript used in two separate instances my $generalrule; my $authformnop; my $authformkrb; my $authformint; my $authformfsys; my $authformloc; BEGIN { $ENV{'SERVER_NAME'}=~/(\w+\.\w+)$/; my $krbdefdom=$1; $krbdefdom=~tr/a-z/A-Z/; $authformnop=(< Do not change login data

END $authformkrb=(< Kerberos authenticated with domain

END $authformint=(< Internally authenticated (with initial password )

END $authformfsys=(< Filesystem authenticated (with initial password )

END $authformloc=(< Local Authentication with argument

END $loginscript=(< function setkrb(vf) { if (vf.krbdom.value!='') { vf.login[0].checked=true; vf.krbdom.value=vf.krbdom.value.toUpperCase(); vf.intpwd.value=''; vf.fsyspwd.value=''; vf.locarg.value=''; } } function setint(vf) { if (vf.intpwd.value!='') { vf.login[1].checked=true; vf.krbdom.value=''; vf.fsyspwd.value=''; vf.locarg.value=''; } } function setfsys(vf) { if (vf.fsyspwd.value!='') { vf.login[2].checked=true; vf.krbdom.value=''; vf.intpwd.value=''; vf.locarg.value=''; } } function setloc(vf) { if (vf.locarg.value!='') { vf.login[3].checked=true; vf.krbdom.value=''; vf.intpwd.value=''; vf.fsyspwd.value=''; } } function clicknop(vf) { vf.krbdom.value=''; vf.intpwd.value=''; vf.fsyspwd.value=''; vf.locarg.value=''; } function clickkrb(vf) { vf.krbdom.value='$krbdefdom'; vf.intpwd.value=''; vf.fsyspwd.value=''; vf.locarg.value=''; } function clickint(vf) { vf.krbdom.value=''; vf.fsyspwd.value=''; vf.locarg.value=''; } function clickfsys(vf) { vf.krbdom.value=''; vf.intpwd.value=''; vf.locarg.value=''; } function clickloc(vf) { vf.krbdom.value=''; vf.intpwd.value=''; vf.fsyspwd.value=''; } ENDLOGINSCRIPT $generalrule=< As a general rule, only authors or co-authors should be filesystem authenticated (which allows access to the server filesystem).

END } # =================================================================== Phase one sub phase_one { my $r=shift; my $defdom=$ENV{'user.domain'}; $r->print(< The LearningOnline Network with CAPA

Create User, Change User Privileges

Username:
Domain:

ENDDOCUMENT } # =================================================================== Phase two sub phase_two { my $r=shift; my $ccuname=$ENV{'form.ccuname'}; my $ccdomain=$ENV{'form.ccdomain'}; $ENV{'SERVER_NAME'}=~/(\w+\.\w+)$/; my $krbdefdom=$1; $krbdefdom=~tr/a-z/A-Z/; my $defdom=$ENV{'user.domain'}; $ccuname=~s/\W//g; $ccdomain=~s/\W//g; my $dochead =<<"ENDDOCHEAD"; The LearningOnline Network with CAPA ENDDOCHEAD my $forminfo =<<"ENDFORMINFO";
ENDFORMINFO my $uhome=&Apache::lonnet::homeserver($ccuname,$ccdomain); my %incdomains; my %inccourses; foreach (%Apache::lonnet::hostdom) { $incdomains{$_}=1; } foreach (keys(%ENV)) { if ($_=~/^user\.priv\.cm\.\/(\w+)\/(\w+)/) { $inccourses{$1.'_'.$2}=1; } } if ($uhome eq 'no_host') { $r->print(<Create New User $forminfo

New user "$ccuname" in domain $ccdomain

ENDNUSER $r->print(<

Personal Data

First Name
Middle Name
Last Name
Generation
ID/Student Number

Login Data

$generalrule $authformkrb $authformint $authformfsys $authformloc ENDNUSER } else { # user already exists $r->print(<Change User Privileges $forminfo

User "$ccuname" in domain $ccdomain

ENDCHUSER my $rolesdump=&Apache::lonnet::reply( "dump:$ccdomain:$ccuname:roles",$uhome); # Build up table of user roles to allow revocation of a role. unless ($rolesdump eq 'con_lost') { my $now=time; $r->print('

Revoke Existing Roles

'. ''. ''); foreach (split(/&/,$rolesdump)) { if ($_!~/^rolesdef\&/) { my ($area,$role)=split(/=/,$_); my $thisrole=$area; $area=~s/\_\w\w$//; my ($role_code,$role_end_time,$role_start_time)=split(/_/,$role); my $bgcol='ffffff'; my $allows=0; if ($area=~/^\/(\w+)\/(\d\w+)/) { my %coursedata=&Apache::lonnet::coursedescription($1.'_'.$2); my $carea='Course: '.$coursedata{'description'}; $inccourses{$1.'_'.$2}=1; if (&Apache::lonnet::allowed('c'.$role_code,$1.'/'.$2)) { $allows=1; } # What follows is an odd computation. It seems the value # of the $area variable above is used to compute the # background color. This makes sense, but I can't make # heads or tail of the computation at this point.. $bgcol=$1.'_'.$2; $bgcol=~s/[^8-9b-e]//g; $bgcol=substr($bgcol.$bgcol.$bgcol.'ffffff',0,6); if ($area=~/^\/(\w+)\/(\d\w+)\/(\w+)/) { $carea.='
Section/Group: '.$3; } $area=$carea; } else { if ($area=~/^\/(\w+)\//) { if (&Apache::lonnet::allowed('c'.$role_code,$1)) { $allows=1; } } else { if (&Apache::lonnet::allowed('c'.$role_code,'/')) { $allows=1; } } } my $active=1; if (($role_end_time) && ($now>$role_end_time)) { $active=0; } $r->print('\n"); } } $r->print('
RevokeRoleExtentStartEnd
'); if (!($active) && ($allows)) { $r->print(''); } else { $r->print(' '); } $r->print(''.&Apache::lonnet::plaintext($role_code). ''.$area.''. ($role_start_time ? localtime($role_start_time) : ' ' ) .''. ($role_end_time ? localtime($role_end_time) : ' ' ) ."
'); } my $currentauth=&Apache::lonnet::queryauthenticate($ccuname,$ccdomain); if ($currentauth=~/^krb4:/) { $currentauth=~/^krb4:(.*)/; my $krbdefdom2=$1; $loginscript=~s/vf\.krbdom\.value='.*?';/vf.krbdom.value='$krbdefdom2';/; } # Here is where we'll have to check against the permissions of the # user attempting to modify this users data. Only users with # MAU (Modify Authentication User) permissions should be able to # make these changes. I think a subroutine would be in order here. unless ($currentauth=~/^krb4:/ or $currentauth=~/^unix:/ or $currentauth=~/^internal:/ or $currentauth=~/^localauth:/ ) { $r->print(< $loginscript ERROR: This user has an unrecognized authentication scheme ($currentauth). Please specify login data below.

Login Data

$generalrule $authformkrb $authformint $authformfsys $authformloc END } else { my $authformcurrent=''; my $authformother=''; if ($currentauth=~/^krb4:/) { $authformcurrent=$authformkrb; $authformother=$authformint.$authformfsys.$authformloc; # embarrassing script hack here $loginscript=~s/login\[3\]/login\[4\]/; # loc $loginscript=~s/login\[2\]/login\[3\]/; # fsys $loginscript=~s/login\[1\]/login\[2\]/; # int $loginscript=~s/login\[0\]/login\[1\]/; # krb4 } elsif ($currentauth=~/^internal:/) { $authformcurrent=$authformint; $authformother=$authformkrb.$authformfsys.$authformloc; # embarrassing script hack here $loginscript=~s/login\[3\]/login\[4\]/; # loc $loginscript=~s/login\[2\]/login\[3\]/; # fsys $loginscript=~s/login\[1\]/login\[1\]/; # int $loginscript=~s/login\[0\]/login\[2\]/; # krb4 } elsif ($currentauth=~/^unix:/) { $authformcurrent=$authformfsys; $authformother=$authformkrb.$authformint.$authformloc; # embarrassing script hack here $loginscript=~s/login\[3\]/login\[4\]/; # loc $loginscript=~s/login\[1\]/login\[3\]/; # int $loginscript=~s/login\[2\]/login\[1\]/; # fsys $loginscript=~s/login\[0\]/login\[2\]/; # krb4 } elsif ($currentauth=~/^localauth:/) { $authformcurrent=$authformloc; $authformother=$authformkrb.$authformint.$authformfsys; # embarrassing script hack here $loginscript=~s/login\[3\]/login\[loc\]/; # loc $loginscript=~s/login\[2\]/login\[4\]/; # fsys $loginscript=~s/login\[1\]/login\[3\]/; # int $loginscript=~s/login\[0\]/login\[2\]/; # krb4 $loginscript=~s/login\[loc\]/login\[1\]/; # loc } $authformcurrent=< * * * WARNING * * * * * * WARNING * * * $authformcurrent Changing this value will overwrite existing authentication for the user; you should notify the user of this change. END $r->print(< $loginscript

Change Current Login Data

$generalrule $authformnop $authformcurrent

Enter New Login Data

$authformother END } } ## End of new user/old user logic $r->print('

Add Roles

'); # # Co-Author # if (&Apache::lonnet::allowed('cca',$ENV{'user.domain'})) { my $cuname=$ENV{'user.name'}; my $cudom=$ENV{'user.domain'}; $r->print(<Construction Space
ActivateRoleExtent StartEnd
Co-Author $cudom\_$cuname Set Start Date Set End Date
ENDCOAUTH } # # Domain level # $r->print('

Domain Level

'. ''. ''); foreach ( sort( keys(%incdomains))) { my $thisdomain=$_; foreach ('dc','li','dg','au') { if (&Apache::lonnet::allowed('c'.$_,$thisdomain)) { my $plrole=&Apache::lonnet::plaintext($_); $r->print(< ENDDROW } } } $r->print('
ActivateRoleExtentStartEnd
$plrole $thisdomain Set Start Date Set End Date
'); # # Course level # $r->print('

Course Level

'. ''. ''); foreach (sort( keys(%inccourses))) { my $thiscourse=$_; my $protectedcourse=$_; $thiscourse=~s:_:/:g; my %coursedata=&Apache::lonnet::coursedescription($thiscourse); my $area=$coursedata{'description'}; my $bgcol=$thiscourse; $bgcol=~s/[^8-9b-e]//g; $bgcol=substr($bgcol.$bgcol.$bgcol.'ffffff',0,6); foreach ('st','ta','ep','ad','in','cc') { if (&Apache::lonnet::allowed('c'.$_,$thiscourse)) { my $plrole=&Apache::lonnet::plaintext($_); $r->print(" ENDROW } } } $r->print('
ActivateRoleExtentGroup/SectionStartEnd
$plrole $area "); if ($_ ne 'cc') { $r->print(""); } else { $r->print(" "); } $r->print(< Set Start Date Set End Date
'); $r->print(''); $r->print(''); } # ================================================================= Phase Three sub phase_three { my $r=shift; $r->print(< The LearningOnline Network with CAPA

Create User, Change User Privileges

ENDTHREEHEAD $r->print('

'.$ENV{'form.cuname'}.' at '.$ENV{'form.cdomain'}.'

'); if ($ENV{'form.makeuser'}) { $r->print('

Creating User

'); if (($ENV{'form.cuname'})&&($ENV{'form.cuname'}!~/\W/)&& ($ENV{'form.cdomain'})&&($ENV{'form.cdomain'}!~/\W/)) { my $amode=''; my $genpwd=''; if ($ENV{'form.login'} eq 'krb') { $amode='krb4'; $genpwd=$ENV{'form.krbdom'}; } elsif ($ENV{'form.login'} eq 'int') { $amode='internal'; $genpwd=$ENV{'form.intpwd'}; } elsif ($ENV{'form.login'} eq 'fsys') { $amode='unix'; $genpwd=$ENV{'form.fsyspwd'}; } elsif ($ENV{'form.login'} eq 'loc') { $amode='localauth'; $genpwd=$ENV{'form.locarg'}; if (!$genpwd) { $genpwd=" "; } } if (($amode) && ($genpwd)) { $r->print('Generating user: '.&Apache::lonnet::modifyuser( $ENV{'form.cdomain'},$ENV{'form.cuname'}, $ENV{'form.cstid'},$amode,$genpwd, $ENV{'form.cfirst'},$ENV{'form.cmiddle'}, $ENV{'form.clast'},$ENV{'form.cgen'})); $r->print('
Home server: '.&Apache::lonnet::homeserver ($ENV{'form.cuname'},$ENV{'form.cdomain'})); } else { $r->print('Invalid login mode or password'); } } else { $r->print('Invalid username or domain'); } } if (!$ENV{'form.makeuser'} and $ENV{'form.login'} ne 'nop') { $r->print('

Changing User Login Data

'); if (($ENV{'form.cuname'})&&($ENV{'form.cuname'}!~/\W/)&& ($ENV{'form.cdomain'})&&($ENV{'form.cdomain'}!~/\W/)) { my $amode=''; my $genpwd=''; if ($ENV{'form.login'} eq 'krb') { $amode='krb4'; $genpwd=$ENV{'form.krbdom'}; } elsif ($ENV{'form.login'} eq 'int') { $amode='internal'; $genpwd=$ENV{'form.intpwd'}; } elsif ($ENV{'form.login'} eq 'fsys') { $amode='unix'; $genpwd=$ENV{'form.fsyspwd'}; } elsif ($ENV{'form.login'} eq 'loc') { $amode='localauth'; $genpwd=$ENV{'form.locarg'}; if (!$genpwd) { $genpwd=" "; } } if (($amode) && ($genpwd)) { $r->print('Modifying authentication: '. &Apache::lonnet::modifyuserauth( $ENV{'form.cdomain'},$ENV{'form.cuname'}, $amode,$genpwd)); $r->print('
Home server: '.&Apache::lonnet::homeserver ($ENV{'form.cuname'},$ENV{'form.cdomain'})); } else { $r->print('Invalid login mode or password'); } } else { $r->print('Invalid username or domain'); } } my $now=time; $r->print('

Modifying Roles

'); foreach (keys (%ENV)) { if (($_=~/^form\.rev\:([^\_]+)\_([^\_]+)$/) && ($ENV{$_})) { $r->print('Revoking '.$2.' in '.$1.': '. &Apache::lonnet::assignrole($ENV{'form.cdomain'},$ENV{'form.cuname'}, $1,$2,$now).'
'); if ($2 eq 'st') { $1=~/^\/(\w+)\/(\w+)/; my $cid=$1.'_'.$2; $r->print('Drop from classlist: '. &Apache::lonnet::critical('put:'.$ENV{'course.'.$cid.'.domain'}.':'. $ENV{'course.'.$cid.'.num'}.':classlist:'. &Apache::lonnet::escape($ENV{'form.cuname'}.':'. $ENV{'form.cdomain'}).'='. &Apache::lonnet::escape($now.':'), $ENV{'course.'.$cid.'.home'}).'
'); } } } foreach (keys(%ENV)) { if (($_=~/^form\.act\_([^\_]+)\_([^\_]+)\_([^\_]+)$/) && ($ENV{$_})) { my $url='/'.$1.'/'.$2; if ($ENV{'form.sec_'.$1.'_'.$2.'_'.$3}) { $url.='/'.$ENV{'form.sec_'.$1.'_'.$2.'_'.$3}; } my $start=$now; if ($ENV{'form.start_'.$1.'_'.$2.'_'.$3}) { $start=$ENV{'form.start_'.$1.'_'.$2.'_'.$3}; } my $end=0; if ($ENV{'form.end_'.$1.'_'.$2.'_'.$3}) { $end=$ENV{'form.end_'.$1.'_'.$2.'_'.$3}; } $r->print('Assigning: '.$3.' in '.$url.': '. &Apache::lonnet::assignrole($ENV{'form.cdomain'},$ENV{'form.cuname'}, $url,$3,$end,$start).'
'); if ($3 eq 'st') { $url=~/^\/(\w+)\/(\w+)/; my $cid=$1.'_'.$2; $r->print('Add to classlist: '. &Apache::lonnet::critical('put:'.$ENV{'course.'.$cid.'.domain'}.':'. $ENV{'course.'.$cid.'.num'}.':classlist:'. &Apache::lonnet::escape($ENV{'form.cuname'}.':'. $ENV{'form.cdomain'}).'='. &Apache::lonnet::escape($end.':'.$start), $ENV{'course.'.$cid.'.home'}).'
'); } } elsif (($_=~/^form\.act\_([^\_]+)\_([^\_]+)$/) && ($ENV{$_})) { my $url='/'.$1.'/'; my $start=$now; if ($ENV{'form.start_'.$1.'_'.$2}) { $start=$ENV{'form.start_'.$1.'_'.$2}; } my $end=0; if ($ENV{'form.end_'.$1.'_'.$2}) { $end=$ENV{'form.end_'.$1.'_'.$2}; } $r->print('Assigning: '.$2.' in '.$url.': '. &Apache::lonnet::assignrole($ENV{'form.cdomain'},$ENV{'form.cuname'}, $url,$2,$end,$start).'
'); } } $r->print(''); } # ================================================================ Main Handler sub handler { my $r = shift; if ($r->header_only) { $r->content_type('text/html'); $r->send_http_header; return OK; } if ((&Apache::lonnet::allowed('cta',$ENV{'request.course.id'})) || (&Apache::lonnet::allowed('cin',$ENV{'request.course.id'})) || (&Apache::lonnet::allowed('ccr',$ENV{'request.course.id'})) || (&Apache::lonnet::allowed('cep',$ENV{'request.course.id'})) || (&Apache::lonnet::allowed('cca',$ENV{'user.domain'})) || (&Apache::lonnet::allowed('mau',$ENV{'user.domain'}))) { $r->content_type('text/html'); $r->send_http_header; unless ($ENV{'form.phase'}) { &phase_one($r); } if ($ENV{'form.phase'} eq 'two') { &phase_two($r); } elsif ($ENV{'form.phase'} eq 'three') { &phase_three($r); } } else { $ENV{'user.error.msg'}= "/adm/createuser:mau:0:0:Cannot modify user data"; return HTTP_NOT_ACCEPTABLE; } return OK; } 1; __END__