--- loncom/interface/loncreateuser.pm 2001/02/21 20:38:35 1.3 +++ loncom/interface/loncreateuser.pm 2001/11/16 07:00:53 1.21 @@ -1,4 +1,4 @@ -# The LearningOnline Network +# The LearningOnline Network with CAPA # Create a user # # (Create a course @@ -10,20 +10,154 @@ # 5/21/99,5/22,5/25,5/26,5/31,6/2,6/10,7/12,7/14, # 1/14/00,5/29,5/30,6/1,6/29,7/1,11/9 Gerd Kortemeyer) # +# YEAR=2001 # 3/1/1 Gerd Kortemeyer) # # 3/1 Gerd Kortemeyer) # # 2/14 Gerd Kortemeyer) # -# 2/14,2/17,2/19,2/20,2/21 Gerd Kortemeyer +# 2/14,2/17,2/19,2/20,2/21,2/22,2/23,3/2,3/17,3/24,04/12 Gerd Kortemeyer +# April Guy Albertelli +# 05/10,10/16 Gerd Kortemeyer +# 11/12,11/13,11/15 Scott Harrison # +# $Id: loncreateuser.pm,v 1.21 2001/11/16 07:00:53 harris41 Exp $ +### + package Apache::loncreateuser; use strict; use Apache::Constants qw(:common :http); use Apache::lonnet; +my $loginscript; # piece of javascript used in two separate instances +my $generalrule; +my $authformnop; +my $authformkrb; +my $authformint; +my $authformfsys; +my $authformloc; + +sub BEGIN { + $ENV{'SERVER_NAME'}=~/(\w+\.\w+)$/; + my $krbdefdom=$1; + $krbdefdom=~tr/a-z/A-Z/; + $authformnop=(< + +Do not change login data +

+END + $authformkrb=(< + +Kerberos authenticated with domain + +

+END + $authformint=(< + +Internally authenticated (with initial password +) +

+END + $authformfsys=(< + +Filesystem authenticated (with initial password +) +

+END + $authformloc=(< + +Local Authentication with argument + +

+END + $loginscript=(< +function setkrb(vf) { + if (vf.krbdom.value!='') { + vf.login[0].checked=true; + vf.krbdom.value=vf.krbdom.value.toUpperCase(); + vf.intpwd.value=''; + vf.fsyspwd.value=''; + vf.locarg.value=''; + } +} + +function setint(vf) { + if (vf.intpwd.value!='') { + vf.login[1].checked=true; + vf.krbdom.value=''; + vf.fsyspwd.value=''; + vf.locarg.value=''; + } +} + +function setfsys(vf) { + if (vf.fsyspwd.value!='') { + vf.login[2].checked=true; + vf.krbdom.value=''; + vf.intpwd.value=''; + vf.locarg.value=''; + } +} + +function setloc(vf) { + if (vf.locarg.value!='') { + vf.login[3].checked=true; + vf.krbdom.value=''; + vf.intpwd.value=''; + vf.fsyspwd.value=''; + } +} + +function clicknop(vf) { + vf.krbdom.value=''; + vf.intpwd.value=''; + vf.fsyspwd.value=''; + vf.locarg.value=''; +} + +function clickkrb(vf) { + vf.krbdom.value='$krbdefdom'; + vf.intpwd.value=''; + vf.fsyspwd.value=''; + vf.locarg.value=''; +} + +function clickint(vf) { + vf.krbdom.value=''; + vf.fsyspwd.value=''; + vf.locarg.value=''; +} + +function clickfsys(vf) { + vf.krbdom.value=''; + vf.intpwd.value=''; + vf.locarg.value=''; +} + +function clickloc(vf) { + vf.krbdom.value=''; + vf.intpwd.value=''; + vf.fsyspwd.value=''; +} + +ENDLOGINSCRIPT + $generalrule=< +As a general rule, only authors or co-authors should be filesystem +authenticated (which allows access to the server filesystem). +

+END +} + # =================================================================== Phase one sub phase_one { @@ -53,6 +187,13 @@ sub phase_two { my $r=shift; my $ccuname=$ENV{'form.ccuname'}; my $ccdomain=$ENV{'form.ccdomain'}; + + $ENV{'SERVER_NAME'}=~/(\w+\.\w+)$/; + my $krbdefdom=$1; + $krbdefdom=~tr/a-z/A-Z/; + + my $defdom=$ENV{'user.domain'}; + $ccuname=~s/\W//g; $ccdomain=~s/\W//g; $r->print(< + + ENDENHEAD my $uhome=&Apache::lonnet::homeserver($ccuname,$ccdomain); my %incdomains; my %inccourses; - $incdomains{$ENV{'user.domain'}}=1; + map { + $incdomains{$_}=1; + } values %Apache::lonnet::hostdom; map { if ($_=~/^user\.priv\.cm\.\/(\w+)\/(\w+)/) { $inccourses{$1.'_'.$2}=1; } } %ENV; if ($uhome eq 'no_host') { - $r->print('

New user '.$ccuname.' at '.$ccdomain.'

'); + $r->print(<New user $ccuname at $ccdomain +ENDNUSER + $r->print(< +

Personal Data

+First Name:
+Middle Name:
+Last Name:
+Generation:

+ +ID/Student Number:

+ +

Login Data

+$generalrule +$authformkrb +$authformint +$authformfsys +$authformloc +ENDNUSER } else { - $r->print('

Existing user '.$ccuname.' at '.$ccdomain.'

'); + $r->print('

Existing user '.$ccuname.' at '.$ccdomain.'

'); + my $rolesdump=&Apache::lonnet::reply( "dump:$ccdomain:$ccuname:roles",$uhome); unless ($rolesdump eq 'con_lost') { @@ -125,23 +291,29 @@ ENDENHEAD my ($trole,$tend,$tstart)=split(/_/,$role); my $bgcol='ffffff'; my $allows=0; - if ($area=~/^\/(\w+)\/(\d\w+)\/(\w+)/) { + if ($area=~/^\/(\w+)\/(\d\w+)/) { my %coursedata=&Apache::lonnet::coursedescription($1.'_'.$2); - $area='Course: '. - $coursedata{'description'}.'
Section/Group: '.$3; + my $carea='Course: '.$coursedata{'description'}; $inccourses{$1.'_'.$2}=1; - if (&Apache::lonnet::allowed('c'.$trole,$1.'_'.$2)) { + if (&Apache::lonnet::allowed('c'.$trole,$1.'/'.$2)) { $allows=1; } $bgcol=$1.'_'.$2; $bgcol=~s/[^8-9b-e]//g; $bgcol=substr($bgcol.$bgcol.$bgcol.'ffffff',0,6); + if ($area=~/^\/(\w+)\/(\d\w+)\/(\w+)/) { + $carea.='
Section/Group: '.$3; + } + $area=$carea; } else { - if ($1) { - $incdomains{$1}=1; + if ($area=~/^\/(\w+)\//) { if (&Apache::lonnet::allowed('c'.$trole,$1)) { $allows=1; } + } else { + if (&Apache::lonnet::allowed('c'.$trole,'/')) { + $allows=1; + } } } @@ -167,22 +339,163 @@ ENDENHEAD } split(/&/,$rolesdump); $r->print(''); } + my $currentauth=&Apache::lonnet::queryauthenticate($ccuname,$ccdomain); + if ($currentauth=~/^krb4:/) { + $currentauth=~/^krb4:(.*)/; + my $krbdefdom2=$1; + $loginscript=~s/vf\.krbdom\.value='.*?';/vf.krbdom.value='$krbdefdom2';/; + } + # minor script hack here +# $loginscript=~s/login\[3\]/login\[4\]/; # loc +# $loginscript=~s/login\[2\]/login\[3\]/; # fsys +# $loginscript=~s/login\[1\]/login\[2\]/; # int +# $loginscript=~s/login\[0\]/login\[1\]/; # krb4 + + unless ($currentauth=~/^krb4:/ or + $currentauth=~/^unix:/ or + $currentauth=~/^internal:/ or + $currentauth=~/^localauth:/ + ) { + $r->print(< +$loginscript +ERROR: +This user has an unrecognized authentication scheme ($currentauth). +Please specify login data below. +

Login Data

+$generalrule +$authformkrb +$authformint +$authformfsys +$authformloc +END + } + else { + my $authformcurrent=''; + my $authformother=''; + if ($currentauth=~/^krb4:/) { + $authformcurrent=$authformkrb; + $authformother=$authformint.$authformfsys.$authformloc; + # embarrassing script hack here + $loginscript=~s/login\[3\]/login\[4\]/; # loc + $loginscript=~s/login\[2\]/login\[3\]/; # fsys + $loginscript=~s/login\[1\]/login\[2\]/; # int + $loginscript=~s/login\[0\]/login\[1\]/; # krb4 + } + elsif ($currentauth=~/^internal:/) { + $authformcurrent=$authformint; + $authformother=$authformkrb.$authformfsys.$authformloc; + # embarrassing script hack here + $loginscript=~s/login\[3\]/login\[4\]/; # loc + $loginscript=~s/login\[2\]/login\[3\]/; # fsys + $loginscript=~s/login\[1\]/login\[1\]/; # int + $loginscript=~s/login\[0\]/login\[2\]/; # krb4 + } + elsif ($currentauth=~/^unix:/) { + $authformcurrent=$authformfsys; + $authformother=$authformkrb.$authformint.$authformloc; + # embarrassing script hack here + $loginscript=~s/login\[3\]/login\[4\]/; # loc + $loginscript=~s/login\[1\]/login\[3\]/; # int + $loginscript=~s/login\[2\]/login\[1\]/; # fsys + $loginscript=~s/login\[0\]/login\[2\]/; # krb4 + } + elsif ($currentauth=~/^localauth:/) { + $authformcurrent=$authformloc; + $authformother=$authformkrb.$authformint.$authformfsys; + # embarrassing script hack here + $loginscript=~s/login\[3\]/login\[loc\]/; # loc + $loginscript=~s/login\[2\]/login\[4\]/; # fsys + $loginscript=~s/login\[1\]/login\[3\]/; # int + $loginscript=~s/login\[0\]/login\[2\]/; # krb4 + $loginscript=~s/login\[loc\]/login\[1\]/; # loc + } + $authformcurrent=< + +* * * WARNING * * * +* * * WARNING * * * + +$authformcurrent +Changing this value will overwrite existing authentication for the user; you should notify the user of this change. + +END + $r->print(< +$loginscript +

Change Current Login Data

+$generalrule +$authformnop +$authformcurrent +

Enter New Login Data

+$authformother +END + } + } + $r->print('

Add Roles

'); +# +# Co-Author +# + + if (&Apache::lonnet::allowed('cca',$ENV{'user.domain'})) { + my $cuname=$ENV{'user.name'}; + my $cudom=$ENV{'user.domain'}; + $r->print(<Construction Space + + + + + + + + + +
ActivateRoleExtentStartEnd
Co-Author$cudom\_$cuname +Set Start Date +Set End Date
+ENDCOAUTH } - $r->print('

Add Roles

System Level
'); - $r->print('
Domain Level
'); +# +# Domain level +# + $r->print('

Domain Level

'. + ''. + ''); map { my $thisdomain=$_; map { if (&Apache::lonnet::allowed('c'.$_,$thisdomain)) { - $r->print($_.' - '.$thisdomain.'
'); + my $plrole=&Apache::lonnet::plaintext($_); + $r->print(< + + + + + + +ENDDROW } - } ('dc','cc','li','dg','au'); + } ('dc','li','dg','au'); } sort keys %incdomains; - $r->print('
Course Level
'. + $r->print('
ActivateRoleExtentStartEnd
$plrole$thisdomain +Set Start Date +Set End Date
'); +# +# Course level +# + $r->print('

Course Level

'. ''. ''); map { my $thiscourse=$_; + my $protectedcourse=$_; + $thiscourse=~s:_:/:g; my %coursedata=&Apache::lonnet::coursedescription($thiscourse); my $area=$coursedata{'description'}; my $bgcol=$thiscourse; @@ -191,28 +504,183 @@ ENDENHEAD map { if (&Apache::lonnet::allowed('c'.$_,$thiscourse)) { my $plrole=&Apache::lonnet::plaintext($_); - $r->print(<print(" - + - - - + +"javascript:pjump('date_end','End Date $plrole',document.cu.end_$protectedcourse\_$_.value,'end_$protectedcourse\_$_','cu.pres','dateset')">Set End Date ENDROW - } - } ('st','ta','ep','ad','in'); + } ('st','ta','ep','ad','in','cc'); } sort keys %inccourses; $r->print('
ActivateRoleExtentGroup/SectionStartEnd
$plrole $area +"); + if ($_ ne 'cc') { + $r->print(""); + } else { $r->print(" "); } + $r->print(< Set Start Date +"javascript:pjump('date_start','Start Date $plrole',document.cu.start_$protectedcourse\_$_.value,'start_$protectedcourse\_$_','cu.pres','dateset')">Set Start Date Set End Date
'); + $r->print(''); $r->print(''); } +# ================================================================= Phase Three + +sub phase_three { + my $r=shift; + $r->print(< + +The LearningOnline Network with CAPA + + + +

Create User, Change User Privileges

+ENDTHREEHEAD + $r->print('

'.$ENV{'form.cuname'}.' at '.$ENV{'form.cdomain'}.'

'); + if ($ENV{'form.makeuser'}) { + $r->print('

Creating User

'); + if (($ENV{'form.cuname'})&&($ENV{'form.cuname'}!~/\W/)&& + ($ENV{'form.cdomain'})&&($ENV{'form.cdomain'}!~/\W/)) { + my $amode=''; + my $genpwd=''; + if ($ENV{'form.login'} eq 'krb') { + $amode='krb4'; + $genpwd=$ENV{'form.krbdom'}; + } elsif ($ENV{'form.login'} eq 'int') { + $amode='internal'; + $genpwd=$ENV{'form.intpwd'}; + } elsif ($ENV{'form.login'} eq 'fsys') { + $amode='unix'; + $genpwd=$ENV{'form.fsyspwd'}; + } elsif ($ENV{'form.login'} eq 'loc') { + $amode='localauth'; + $genpwd=$ENV{'form.locarg'}; + if (!$genpwd) { $genpwd=" "; } + } + if (($amode) && ($genpwd)) { + $r->print('Generating user: '.&Apache::lonnet::modifyuser( + $ENV{'form.cdomain'},$ENV{'form.cuname'}, + $ENV{'form.cstid'},$amode,$genpwd, + $ENV{'form.cfirst'},$ENV{'form.cmiddle'}, + $ENV{'form.clast'},$ENV{'form.cgen'})); + $r->print('
Home server: '.&Apache::lonnet::homeserver + ($ENV{'form.cuname'},$ENV{'form.cdomain'})); + + } else { + $r->print('Invalid login mode or password'); + } + } else { + $r->print('Invalid username or domain'); + } + } + if (!$ENV{'form.makeuser'} and $ENV{'form.login'} ne 'nop') { + $r->print('

Changing User Login Data

'); + if (($ENV{'form.cuname'})&&($ENV{'form.cuname'}!~/\W/)&& + ($ENV{'form.cdomain'})&&($ENV{'form.cdomain'}!~/\W/)) { + my $amode=''; + my $genpwd=''; + if ($ENV{'form.login'} eq 'krb') { + $amode='krb4'; + $genpwd=$ENV{'form.krbdom'}; + } elsif ($ENV{'form.login'} eq 'int') { + $amode='internal'; + $genpwd=$ENV{'form.intpwd'}; + } elsif ($ENV{'form.login'} eq 'fsys') { + $amode='unix'; + $genpwd=$ENV{'form.fsyspwd'}; + } elsif ($ENV{'form.login'} eq 'loc') { + $amode='localauth'; + $genpwd=$ENV{'form.locarg'}; + if (!$genpwd) { $genpwd=" "; } + } + if (($amode) && ($genpwd)) { + $r->print('Modifying authentication: '. + &Apache::lonnet::modifyuserauth( + $ENV{'form.cdomain'},$ENV{'form.cuname'}, + $amode,$genpwd)); + $r->print('
Home server: '.&Apache::lonnet::homeserver + ($ENV{'form.cuname'},$ENV{'form.cdomain'})); + + } else { + $r->print('Invalid login mode or password'); + } + } else { + $r->print('Invalid username or domain'); + } + } + my $now=time; + $r->print('

Modifying Roles

'); + map { + if (($_=~/^form\.rev\:([^\_]+)\_([^\_]+)$/) && ($ENV{$_})) { + $r->print('Revoking '.$2.' in '.$1.': '. + &Apache::lonnet::assignrole($ENV{'form.cdomain'},$ENV{'form.cuname'}, + $1,$2,$now).'
'); + if ($2 eq 'st') { + $1=~/^\/(\w+)\/(\w+)/; + my $cid=$1.'_'.$2; + $r->print('Drop from classlist: '. + &Apache::lonnet::critical('put:'.$ENV{'course.'.$cid.'.domain'}.':'. + $ENV{'course.'.$cid.'.num'}.':classlist:'. + &Apache::lonnet::escape($ENV{'form.cuname'}.':'. + $ENV{'form.cdomain'}).'='. + &Apache::lonnet::escape($now.':'), + $ENV{'course.'.$cid.'.home'}).'
'); + } + } + } keys %ENV; + map { + if (($_=~/^form\.act\_([^\_]+)\_([^\_]+)\_([^\_]+)$/) && ($ENV{$_})) { + my $url='/'.$1.'/'.$2; + if ($ENV{'form.sec_'.$1.'_'.$2.'_'.$3}) { + $url.='/'.$ENV{'form.sec_'.$1.'_'.$2.'_'.$3}; + } + my $start=$now; + if ($ENV{'form.start_'.$1.'_'.$2.'_'.$3}) { + $start=$ENV{'form.start_'.$1.'_'.$2.'_'.$3}; + } + my $end=0; + if ($ENV{'form.end_'.$1.'_'.$2.'_'.$3}) { + $end=$ENV{'form.end_'.$1.'_'.$2.'_'.$3}; + } + $r->print('Assigning: '.$3.' in '.$url.': '. + &Apache::lonnet::assignrole($ENV{'form.cdomain'},$ENV{'form.cuname'}, + $url,$3,$end,$start).'
'); + if ($3 eq 'st') { + $url=~/^\/(\w+)\/(\w+)/; + my $cid=$1.'_'.$2; + $r->print('Add to classlist: '. + &Apache::lonnet::critical('put:'.$ENV{'course.'.$cid.'.domain'}.':'. + $ENV{'course.'.$cid.'.num'}.':classlist:'. + &Apache::lonnet::escape($ENV{'form.cuname'}.':'. + $ENV{'form.cdomain'}).'='. + &Apache::lonnet::escape($end.':'.$start), + $ENV{'course.'.$cid.'.home'}).'
'); + } + } elsif (($_=~/^form\.act\_([^\_]+)\_([^\_]+)$/) && ($ENV{$_})) { + my $url='/'.$1.'/'; + my $start=$now; + if ($ENV{'form.start_'.$1.'_'.$2}) { + $start=$ENV{'form.start_'.$1.'_'.$2}; + } + my $end=0; + if ($ENV{'form.end_'.$1.'_'.$2}) { + $end=$ENV{'form.end_'.$1.'_'.$2}; + } + $r->print('Assigning: '.$2.' in '.$url.': '. + &Apache::lonnet::assignrole($ENV{'form.cdomain'},$ENV{'form.cuname'}, + $url,$2,$end,$start).'
'); + } + } keys %ENV; + $r->print(''); +} + # ================================================================ Main Handler sub handler { my $r = shift; @@ -227,6 +695,7 @@ sub handler { (&Apache::lonnet::allowed('cin',$ENV{'request.course.id'})) || (&Apache::lonnet::allowed('ccr',$ENV{'request.course.id'})) || (&Apache::lonnet::allowed('cep',$ENV{'request.course.id'})) || + (&Apache::lonnet::allowed('cca',$ENV{'user.domain'})) || (&Apache::lonnet::allowed('mau',$ENV{'user.domain'}))) { $r->content_type('text/html'); $r->send_http_header; @@ -235,10 +704,12 @@ sub handler { } if ($ENV{'form.phase'} eq 'two') { &phase_two($r); + } elsif ($ENV{'form.phase'} eq 'three') { + &phase_three($r); } } else { $ENV{'user.error.msg'}= - "/adm/createcourse:mau:0:0:Cannot modify user data"; + "/adm/createuser:mau:0:0:Cannot modify user data"; return HTTP_NOT_ACCEPTABLE; } return OK;