File:
[LON-CAPA] /
loncom /
auth /
lonlogin.pm
Revision
1.83:
download - view:
text,
annotated -
select for diffs
Fri Nov 10 02:02:57 2006 UTC (17 years, 11 months ago) by
raeburn
Branches:
MAIN
CVS tags:
HEAD
Modify tmpput handler in lond to use md5_hash of random items when creating token for password resets to provide less deterministic token.
Add an extra argument to lonnet::tmpput() so context is included when request sent to lond (if context argument was supplied). It appears some uses of lond::tmpput make use of the number_IP_number structure of current token.
Add Forgot Password link to log-in page.
Some wording changes in reset password page.
More comprehensive check of e-mail for valid format.
Require user to provide e-mail address when requesting password change, and compare with e-mail in record associated with LON-CAPA user account.
# The LearningOnline Network
# Login Screen
#
# $Id: lonlogin.pm,v 1.83 2006/11/10 02:02:57 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
# This file is part of the LearningOnline Network with CAPA (LON-CAPA).
#
# LON-CAPA is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# LON-CAPA is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with LON-CAPA; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# /home/httpd/html/adm/gpl.txt
#
# http://www.lon-capa.org/
#
package Apache::lonlogin;
use strict;
use Apache::Constants qw(:common);
use CGI::Cookie();
use Apache::File ();
use Apache::lonnet;
use Apache::loncommon();
use Apache::lonauth();
use Apache::lonlocal;
use Apache::migrateuser();
use lib '/home/httpd/lib/perl/';
use LONCAPA;
sub additional_machine_domains {
my @domains;
open(my $fh,"<".$Apache::lonnet::perlvar{'lonTabDir'}.'/expected_domains.tab');
while( my $line = <$fh>) {
$line =~ s/\s//g;
push(@domains,$line);
}
return @domains;
}
sub handler {
my $r = shift;
&Apache::loncommon::get_unprocessed_cgi
(join('&',$ENV{'QUERY_STRING'},$env{'request.querystring'},
$ENV{'REDIRECT_QUERY_STRING'}),
['interface','username','domain','firsturl','localpath','localres',
'token']);
# -- check if they are a migrating user
if (defined($env{'form.token'})) {
return &Apache::migrateuser::handler($r);
}
&Apache::loncommon::no_cache($r);
&Apache::lonlocal::get_language_handle($r);
&Apache::loncommon::content_type($r,'text/html');
$r->send_http_header;
return OK if $r->header_only;
# Are we re-routing?
if (-e '/home/httpd/html/lon-status/reroute.txt') {
&Apache::lonauth::reroute($r);
return OK;
}
# -------------------------------- Prevent users from attempting to login twice
my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
my $lonid=$cookies{'lonID'};
my $cookie;
if ($lonid) {
my $handle=$lonid->value;
$handle=~s/\W//g;
my $lonidsdir=$r->dir_config('lonIDsDir');
if (-e "$lonidsdir/$handle.id") {
# Is there an existing token file?
if ($handle=~/^publicuser\_/) {
# For "public user" - remove it, we apparently really want to login
unlink("$lonidsdir/$handle.id");
} elsif ($handle ne '') {
# Indeed, a valid token is found
my $start_page =
&Apache::loncommon::start_page('Already logged in');
my $end_page =
&Apache::loncommon::end_page();
$r->print(<<ENDFAILED);
$start_page
<h1>You are already logged in</h1>
<p>Please either <a href="/adm/roles">continue the current session</a> or
<a href="/adm/logout">logout</a>.</p>
<p>
<a href="/adm/loginproblems.html">Problems?</a></p>
$end_page
ENDFAILED
return OK;
}
}
}
# ---------------------------------------------------- No valid token, continue
# ---------------------------- Not possible to really login to domain "public"
if ($env{'form.domain'} eq 'public') {
$env{'form.domain'}='';
$env{'form.username'}='';
}
# ----------------------------------------------------------- Process Interface
$env{'form.interface'}=~s/\W//g;
my $textbrowsers=$r->dir_config('lonTextBrowsers');
my $httpbrowser=$ENV{"HTTP_USER_AGENT"};
foreach (split(/\:/,$textbrowsers)) {
if ($httpbrowser=~/$_/i) {
$env{'form.interface'}='textual';
}
}
my $fullgraph=($env{'form.interface'} ne 'textual');
my $port_to_use=$r->dir_config('lonhttpdPort');
if (!defined($port_to_use)) {
$port_to_use='8080';
}
my $iconpath= 'http://'.$ENV{'HTTP_HOST'}.':'.$port_to_use.
$r->dir_config('lonIconsURL');
my $domain = $r->dir_config('lonDefDomain');
my $testdomain=(split(/\./,$ENV{'HTTP_HOST'}))[0];
foreach my $posdom (&Apache::lonnet::current_machine_domains(),
&additional_machine_domains()) {
if (lc($posdom) eq lc($testdomain)) { $domain=$posdom; }
}
if (($env{'form.domain'}) &&
($Apache::lonnet::domaindescription{$env{'form.domain'}})) {
$domain=$env{'form.domain'};
}
my $role = $r->dir_config('lonRole');
my $loadlim = $r->dir_config('lonLoadLim');
my $lonhost = $r->dir_config('lonHostID');
my $tabdir = $r->dir_config('lonTabDir');
my $include = $r->dir_config('lonIncludes');
my $expire = $r->dir_config('lonExpire');
my $version = $r->dir_config('lonVersion');
my $host_name = $Apache::lonnet::hostname{$lonhost};
# --------------------------------------------- Default values for login fields
my $authusername=($env{'form.username'}?$env{'form.username'}:'');
my $authdomain=($env{'form.domain'}?$env{'form.domain'}:$domain);
# ---------------------------------------------------------- Determine own load
my $loadavg;
{
my $loadfile=Apache::File->new('/proc/loadavg');
$loadavg=<$loadfile>;
}
$loadavg =~ s/\s.*//g;
my $loadpercent=sprintf("%.1f",100*$loadavg/$loadlim);
my $userloadpercent=&Apache::lonnet::userload();
# ------------------------------------------------------- Do the load balancing
my $otherserver= &Apache::lonnet::absolute_url($host_name);
my $firsturl=
($env{'request.firsturl'}?$env{'request.firsturl'}:$env{'form.firsturl'});
# ---------------------------------------- Are we access server and overloaded?
if (($role eq 'access') &&
(($userloadpercent>100.0)||($loadpercent>100.0))) {
my $unloaded=Apache::lonnet::spareserver($loadpercent,$userloadpercent);
if ($unloaded) { $otherserver=$unloaded; }
}
# ----------------------------------------------------------- Get announcements
my $announcements=&Apache::lonnet::getannounce();
# -------------------------------------------------------- Set login parameters
my @hexstr=('0','1','2','3','4','5','6','7',
'8','9','a','b','c','d','e','f');
my $lkey='';
for (0..7) {
$lkey.=$hexstr[rand(15)];
}
my $ukey='';
for (0..7) {
$ukey.=$hexstr[rand(15)];
}
my $lextkey=hex($lkey);
if ($lextkey>2147483647) { $lextkey-=4294967296; }
my $uextkey=hex($ukey);
if ($uextkey>2147483647) { $uextkey-=4294967296; }
# -------------------------------------------------------- Store away log token
my $logtoken=Apache::lonnet::reply(
'tmpput:'.$ukey.$lkey.'&'.$firsturl,
$lonhost);
# ------------------- If we cannot talk to ourselves, we are in serious trouble
if ($logtoken eq 'con_lost') {
my $spares='';
my $last;
foreach my $hostid (sort
{
$Apache::lonnet::hostname{$a} cmp
$Apache::lonnet::hostname{$b};
}
keys(%Apache::lonnet::spareid)) {
next if ($hostid eq $lonhost);
next if ($last eq $Apache::lonnet::hostname{$hostid});
$spares.='<br /><font size="+1"><a href="http://'.
$Apache::lonnet::hostname{$hostid}.
'/adm/login?domain='.$authdomain.'">'.
$Apache::lonnet::hostname{$hostid}.'</a>'.
' (preferred)</font>'.$/;
$last=$Apache::lonnet::hostname{$hostid};
}
$spares.= '<br />';
foreach my $hostid (sort
{
$Apache::lonnet::hostname{$a} cmp
$Apache::lonnet::hostname{$b};
}
keys(%Apache::lonnet::hostname)) {
next if ($hostid eq $lonhost || $Apache::lonnet::spareid{$hostid});
next if ($last eq $Apache::lonnet::hostname{$hostid});
$spares.='<br /><a href="http://'.
$Apache::lonnet::hostname{$hostid}.
'/adm/login?domain='.$authdomain.'">'.
$Apache::lonnet::hostname{$hostid}.'</a>';
$last=$Apache::lonnet::hostname{$hostid};
}
$r->print(<<ENDTROUBLE);
<html>
<head><title>The LearningOnline Network with CAPA</title></head>
<body bgcolor="#FFFFFF">
<img src="/adm/lonKaputt/lonlogo_broken.gif" align="right" />
<h3>This LON-CAPA server is temporarily not available for login</h3>
<p>Please attempt to login to one of the following servers:</p>$spares
</body>
</html>
ENDTROUBLE
return OK;
}
# ----------------------------------------------- Apparently we are in business
my $domainlogo=&Apache::loncommon::domainlogo($domain);
# --------------------------------------------------- Print login screen header
$r->print(<<ENDHEADER);
<html>
<head>
<meta HTTP-EQUIV="Refresh" CONTENT="$expire; url=/adm/roles" />
<title>The LearningOnline Network with CAPA Login</title>
</head>
ENDHEADER
# ---------------------------------------------------- Serve out DES JavaScript
{
my $jsh=Apache::File->new($include."/londes.js");
$r->print(<$jsh>);
}
# ----------------------------------------------------------- Front page design
my $pgbg=
($fullgraph?&Apache::loncommon::designparm('login.pgbg',$domain):'#FFFFFF');
my $font=
($fullgraph?&Apache::loncommon::designparm('login.font',$domain):'#000000');
my $link=
($fullgraph?&Apache::loncommon::designparm('login.link',$domain):'#0000FF');
my $vlink=
($fullgraph?&Apache::loncommon::designparm('login.vlink',$domain):'#0000FF');
my $alink=&Apache::loncommon::designparm('login.alink',$domain);
my $mainbg=
($fullgraph?&Apache::loncommon::designparm('login.mainbg',$domain):'#FFFFFF');
my $sidebg=
($fullgraph?&Apache::loncommon::designparm('login.sidebg',$domain):'#FFFFFF');
my $logo=&Apache::loncommon::designparm('login.logo',$domain);
my $img=&Apache::loncommon::designparm('login.img',$domain);
# ----------------------------------------------------------------------- Texts
my %lt=&Apache::lonlocal::texthash(
'un' => 'Username',
'pw' => 'Password',
'dom' => 'Domain',
'perc' => 'percent',
'load' => 'Load',
'userload' => 'User Load',
'about' => 'aboutlon.gif',
'access' => 'accessbutton.gif',
'auth' => 'userauthentication.gif',
'log' => 'Log in',
'help' => 'Help',
'serv' => 'Server',
'helpdesk' => 'Contact Helpdesk',
'forgotpw' => 'Forgot password?');
# -------------------------------------------------- Change password field name
my $now=time;
my $forgotpw = &forgotpwdisplay(\%lt);
# ---------------------------------------------------------- Serve rest of page
$r->print(<<ENDSCRIPT);
<body bgcolor="$pgbg" text="$font" link="$link" vlink="$vlink" alink="$alink"
topmargin=0 leftmargin=0 marginwidth=0 marginheight=0>
<script language="JavaScript">
function send()
{
this.document.server.elements.uname.value
=this.document.client.elements.uname.value;
this.document.server.elements.udom.value
=this.document.client.elements.udom.value;
this.document.server.elements.imagesuppress.value
=this.document.client.elements.imagesuppress.checked;
this.document.server.elements.embedsuppress.value
=this.document.client.elements.embedsuppress.checked;
this.document.server.elements.appletsuppress.value
=this.document.client.elements.appletsuppress.checked;
this.document.server.elements.fontenhance.value
=this.document.client.elements.fontenhance.checked;
this.document.server.elements.blackwhite.value
=this.document.client.elements.blackwhite.checked;
this.document.server.elements.remember.value
=this.document.client.elements.remember.checked;
uextkey=this.document.client.elements.uextkey.value;
lextkey=this.document.client.elements.lextkey.value;
initkeys();
this.document.server.elements.upass0.value
=crypted(this.document.client.elements.upass$now.value.substr(0,15));
this.document.server.elements.upass1.value
=crypted(this.document.client.elements.upass$now.value.substr(15,15));
this.document.server.elements.upass2.value
=crypted(this.document.client.elements.upass$now.value.substr(30,15));
this.document.client.elements.uname.value='';
this.document.client.elements.upass$now.value='';
this.document.server.submit();
return false;
}
</script>
ENDSCRIPT
if ($fullgraph) {
$r->print(
'<table width="100%" cellpadding=0 cellspacing=0 border=0>');
}
$r->print(<<ENDSERVERFORM);
<form name="server" action="$otherserver/adm/authenticate" method="post" target="_top">
<input type="hidden" name="logtoken" value="$logtoken" />
<input type="hidden" name="serverid" value="$lonhost" />
<input type="hidden" name="interface" value="$env{'form.interface'}" />
<input type="hidden" name="uname" value="" />
<input type="hidden" name="upass0" value="" />
<input type="hidden" name="upass1" value="" />
<input type="hidden" name="upass2" value="" />
<input type="hidden" name="udom" value="" />
<input type="hidden" name="imagesuppress" value="" />
<input type="hidden" name="appletsuppress" value="" />
<input type="hidden" name="embedsuppress" value="" />
<input type="hidden" name="fontenhance" value="" />
<input type="hidden" name="blackwhite" value="" />
<input type="hidden" name="remember" value="" />
<input type="hidden" name="localpath" value="$env{'form.localpath'}" />
<input type="hidden" name="localres" value="$env{'form.localres'}" />
</form>
ENDSERVERFORM
if ($fullgraph) { $r->print(<<ENDTOP);
<!-- The LON-CAPA Header -->
<tr>
<!-- Row 1 Columns 2-4 -->
<td width="100%" height=75 colspan=4 align="left" valign="top" bgcolor="$pgbg"><img src="$img" border=0 alt="The Learning Online Network with CAPA" /></td>
</tr>
<!-- The gray bar that starts the two table frames -->
<tr>
<!-- Row 2 Column 1 -->
<td width=182 height=27 bgcolor="$sidebg"> </td>
<!-- Row 2 Column 2 -->
<td width=27 height=27 align="left" background="$iconpath/filltop.gif"><img src="$iconpath/upperleft.gif" border=0 alt="" /></td>
<!-- Row 2 Column 3 -->
<td height=27 background="$iconpath/filltop.gif"><img src="$iconpath/filltop.gif" alt="" /></td>
<!-- Row 2 Column 4 -->
<td width=27 height=27 align="right" background="$iconpath/filltop.gif"><img src="$iconpath/upperright.gif" border=0 alt="" /></td>
</tr>
<tr>
<!-- A cell that will hold the 'access' and 'about' buttons -->
<!-- Row 3 Column 1 -->
<td valign="top" height=60 align="center" bgcolor="$sidebg">
<a href="/adm/login?interface=textual"><img src="$iconpath/$lt{'access'}" border=0 alt="Accessibility Options" /></a>
<br />
<a href="/adm/about.html"><img src="$iconpath/$lt{'about'}" border=0 alt="About LON-CAPA" /></a>
</td>
<!-- The shaded space between the two main columns -->
<!-- Row 3 Column 2 -->
<td width=27 height=60 background="$iconpath/fillleft.gif"><img src="$iconpath/fillleft.gif" alt="" /></td>
<!-- The right main column holding the large LON-CAPA logo-->
<!-- Rows 3-4 Column 3 -->
<td align="center" valign="top" width="100%" height="100%" bgcolor="$mainbg">
<center>
<img src="$logo" alt="" />
</center>
</td>
<!-- Row 3 Column 4 -->
<td width=27 background="$iconpath/fillright.gif"><img src="$iconpath/fillright.gif" alt="" /></td>
</tr>
<tr>
<!-- The entry form -->
<!-- Row 4 Column 1 -->
<td align="center" valign="middle" bgcolor="$sidebg">
ENDTOP
} else {
$r->print('<h1>The Learning<i>Online</i> Network with CAPA</h1><h2>Text-based Interface Login</h2>'.$announcements);
}
$r->print('<form name="client" onsubmit="return(send())">');
unless ($fullgraph) {
$r->print(<<ENDACCESSOPTIONS);
<h3>Select Accessibility Options</h3>
<label><input type="checkbox" name="imagesuppress" /> Suppress rendering of images</label><br />
<label><input type="checkbox" name="appletsuppress" /> Suppress Java applets</label><br />
<label><input type="checkbox" name="embedsuppress" /> Suppress rendering of embedded multimedia</label><br />
<label><input type="checkbox" name="fontenhance" /> Increase font size</label><br />
<label><input type="checkbox" name="blackwhite" /> Switch to black and white mode</label><br />
<input type="checkbox" name="remember" /> Remember these settings for next login<hr />
ENDACCESSOPTIONS
} else {
$r->print(<<ENDNOOPT);
<input type="hidden" name="imagesuppress" value="" />
<input type="hidden" name="embedsuppress" value="" />
<input type="hidden" name="appletsuppress" value="" />
<input type="hidden" name="fontenhance" value="" />
<input type="hidden" name="blackwhite" value="" />
<input type="hidden" name="remember" value="" />
ENDNOOPT
}
$r->print(<<ENDLOGIN);
<input type="hidden" name="lextkey" value="$lextkey">
<input type="hidden" name="uextkey" value="$uextkey">
<!-- Start the sub-table for text and input alignment -->
<table border=0 cellspacing=0 cellpadding=0>
<tr><td bgcolor="$sidebg" colspan=2><img src="$iconpath/$lt{'auth'}" alt="User Authentication" /></td></tr>
<tr>
<td bgcolor="$mainbg"><br /><font size=-1><b> $lt{'un'}:</b></font></td>
<td bgcolor="$mainbg"><br /><input type="text" name="uname" size="10" value="$authusername" /></td>
</tr>
<tr>
<td bgcolor="$mainbg"><font size=-1><b> $lt{'pw'}:</b></font></td>
<td bgcolor="$mainbg"><input type="password" name="upass$now" size="10" /></td>
</tr>
<tr>
<td bgcolor="$mainbg"><font size=-1><b> $lt{'dom'}:</b></font></td>
<td bgcolor="$mainbg"><input type="text" name="udom" size="10" value="$authdomain" /></td>
</tr>
<tr>
<td bgcolor="$mainbg"> <a href="/adm/loginproblems.html">$lt{'help'}</a></td>
<td bgcolor="$mainbg" valign="bottom" align="center">
<br />
<input type="submit" value="$lt{'log'}" />
</td>
</tr>
<tr>
<td bgcolor="$mainbg" valign="bottom" align="left" colspan="2">
$forgotpw
</td>
</tr>
</table>
<!-- End sub-table -->
</form>
ENDLOGIN
if ($fullgraph) {
my $helpdeskscript;
my $contactblock = &contactdisplay(\%lt,$version,$authdomain,\$helpdeskscript);
$r->print(<<ENDDOCUMENT);
</td>
<!-- Row 4 Column 2 -->
<td width=27 background="$iconpath/fillleft.gif"><img src="$iconpath/fillleft.gif" alt="" /></td>
<!-- Row 4 Column 3 -->
<td bgcolor="$mainbg">$announcements</td>
<!-- Row 4 Column 4 -->
<td width=27 background="$iconpath/fillright.gif"><img src="$iconpath/fillright.gif" alt="" /></td>
</tr>
<tr>
<!-- Row 5 Column 1 -->
<td bgcolor="$sidebg" valign="middle" align="left">
<br />
<table border=0 cellspacing=0 cellpadding=0>
<tr>
<td bgcolor="$sidebg" align="left" valign="top">
<small><b> $lt{'dom'}: </b></small>
</td>
<td bgcolor="$sidebg" align="left" valign="top">
<small><tt> $domain</tt></small>
</td>
</tr>
<tr>
<td bgcolor="$sidebg" align="left" valign="top">
<small><b> $lt{'serv'}: </b></small>
</td>
<td bgcolor="$sidebg" align="left" valign="top">
<small><tt> $lonhost ($role)</tt></small>
</td>
</tr>
<tr>
<td bgcolor="$sidebg" align="left" valign="top">
<small><b> $lt{'load'}: </b></small>
</td>
<td bgcolor="$sidebg" align="left" valign="top">
<small><tt> $loadpercent $lt{'perc'}</tt></small>
</td>
</tr>
<tr>
<td bgcolor="$sidebg" align="left" valign="top">
<small><b> $lt{'userload'}: </b></small>
</td>
<td bgcolor="$sidebg" align="left" valign="top">
<small><tt> $userloadpercent $lt{'perc'}</tt></small>
</td>
</tr>
</table>
<br />
$contactblock
</td>
<!-- Row 5 Column 2 -->
<td width=27 background="$iconpath/fillleft.gif"><img src="$iconpath/fillleft.gif" alt="" /></td>
<!-- Row 5 Column 3 -->
<td width="100%" valign="bottom" bgcolor="$mainbg">
$domainlogo
</td>
<!-- Row 5 Column 4 -->
<td width=27 background="$iconpath/fillright.gif"><img src="$iconpath/fillright.gif" alt="" /></td>
</tr>
<tr>
<!-- Row 6 Column 1 -->
<td bgcolor="$sidebg"> </td>
<!-- Row 6 Column 2 -->
<td align="left" background="$iconpath/fillbottom.gif"><img src="$iconpath/lowerleft.gif" alt="" /></td>
<!-- Row 6 Column 3 -->
<td background="$iconpath/fillbottom.gif"><img src="$iconpath/fillbottom.gif" alt="" /></td>
<!-- Row 6 Column 4 -->
<td align="right" background="$iconpath/fillbottom.gif"><img src="$iconpath/lowerright.gif" alt="" /></td>
</tr>
</table>
<script type="text/javascript">
// the if prevents the script error if the browser can not handle this
if ( document.client.uname ) { document.client.uname.focus(); }
</script>
$helpdeskscript
ENDDOCUMENT
}
$r->print('</body></html>');
return OK;
}
sub contactdisplay {
my ($lt,$version,$authdomain,$helpdeskscript) = @_;
my $contactblock;
my $showhelpdesk = 0;
my $requestmail = $Apache::lonnet::perlvar{'lonSupportEMail'};
if ($requestmail =~ m/^[^\@]+\@[^\@]+$/) {
$showhelpdesk = 1;
}
if ($showhelpdesk) {
$contactblock .= '<b> <a href="javascript:helpdesk()">'.$$lt{'helpdesk'}.'</a></b><br />';
my $thisurl = &escape('/adm/login');
$$helpdeskscript = <<"ENDSCRIPT";
<script type="text/javascript">
function helpdesk() {
var codedom = document.client.udom.value;
if (codedom == '') {
codedom = "$authdomain";
}
var querystr = "origurl=$thisurl&codedom="+codedom;
document.location.href = "/adm/helpdesk?"+querystr;
return;
}
</script>
ENDSCRIPT
}
$contactblock .= <<"ENDBLOCK";
$version
ENDBLOCK
return $contactblock;
}
sub forgotpwdisplay {
my ($lt) = @_;
my $prompt_for_resetpw = 1;
if ($prompt_for_resetpw) {
return '<br /> <a href="/adm/resetpw">'.$lt->{'forgotpw'}.'</a></b><br /><br />';
}
return;
}
1;
__END__
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>