--- loncom/interface/lonpreferences.pm	2002/02/15 22:04:39	1.3
+++ loncom/interface/lonpreferences.pm	2003/04/19 01:34:22	1.19
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Preferences
 #
-# $Id: lonpreferences.pm,v 1.3 2002/02/15 22:04:39 matthew Exp $
+# $Id: lonpreferences.pm,v 1.19 2003/04/19 01:34:22 www Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -49,50 +49,22 @@ use Apache::Constants qw(:common);
 use Apache::File;
 use Crypt::DES;
 use DynaLoader; # for Crypt::DES version
+use Apache::loncommon();
 
-#------------------- forms to be output
-my $passwordform =<<ENDPASSWORDFORM;
-<form name="client" action="/adm/preferences" method="post">
-<input type="hidden" name="action" value="changepass">
-<input type="submit" value="Change password">
-</form>
-ENDPASSWORDFORM
-
-my $environmentform = <<ENDENVIRONMENTFORM;
-<p>
-There are currently no environment variables you can change.
-</p>
-<!----
-    You may set the following environment variables:
-    <table>
-    <tr><th>Environment Setting</th><th>Current Value</th></tr>
-    <tr>
-        <td colspan="2">
-        <font color="#ff0000">No variables currently set up</font>
-        </td>
-    </tr>
-    </table>
- -->
-ENDENVIRONMENTFORM
-#------------------ end of forms to be output
-
-################################################################
-#                       Handler subroutines                    #
-################################################################
 #
 # Write lonnet::passwd to do the call below.
 # Use:
 #   my $answer=reply("encrypt:passwd:$udom:$uname:$upass",$tryserver);
 #
-# I really should write some javascript to check on the client side for
-# mismatched passwords, but other problems are more pressing
-#
 ##################################################
 #          password associated functions         #
 ##################################################
 sub des_keys {
-    # Make a new key for DES encryption
-    # Each key has two parts which are returned seperately
+    # Make a new key for DES encryption.
+    # Each key has two parts which are returned seperately.
+    # Please note:  Each key must be passed through the &hex function
+    # before it is output to the web browser.  The hex versions cannot
+    # be used to decrypt.
     my @hexstr=('0','1','2','3','4','5','6','7',
                 '8','9','a','b','c','d','e','f');
     my $lkey='';
@@ -119,16 +91,238 @@ sub des_decrypt {
 	$cypher->decrypt(unpack("a8",pack("H16",substr($cyphertext,0,16))));
     $plaintext.=
 	$cypher->decrypt(unpack("a8",pack("H16",substr($cyphertext,16,16))));
-    $plaintext=unpack("a8",$plaintext);
-    $plaintext=substr($plaintext,1,ord(substr($plaintext,0,1)));
-    unpack("a8",$plaintext);
+    $plaintext=substr($plaintext,1,ord(substr($plaintext,0,1)) );
     return $plaintext;
 }
 
+################################################################
+#                       Handler subroutines                    #
+################################################################
+
+################################################################
+#         Anonymous Discussion Name Change Subroutines         #
+################################################################
+sub screennamechanger {
+    my $r = shift;
+    my $user       = $ENV{'user.name'};
+    my $domain     = $ENV{'user.domain'};
+    my %userenv = &Apache::lonnet::get
+        ('environment',['screenname','nickname']);
+    my $screenname=$userenv{'screenname'};
+    my $nickname=$userenv{'nickname'};
+    my $bodytag=&Apache::loncommon::bodytag(
+              'Change Your Nickname and Anonymous Screen Name');
+    $r->print(<<ENDSCREEN);
+<html>
+$bodytag
+
+<form name="server" action="/adm/preferences" method="post">
+<input type="hidden" name="action" value="verify_and_change_screenname" />
+<br />New screenname (shown if you post anonymously):
+<input type="text" size="20" value="$screenname" name="screenname" />
+<br />New nickname (shown if you post non-anonymously):
+<input type="text" size="20" value="$nickname" name="nickname" />
+<input type="submit" value="Change" />
+</form>
+</body>
+</html>
+ENDSCREEN
+}
+
+sub verify_and_change_screenname {
+    my $r = shift;
+    my $user       = $ENV{'user.name'};
+    my $domain     = $ENV{'user.domain'};
+# Screenname
+    my $newscreen  = $ENV{'form.screenname'};
+    $newscreen=~s/[^ \w]//g;
+    my $message='';
+    if ($newscreen) {
+        &Apache::lonnet::put('environment',{'screenname' => $newscreen});
+        &Apache::lonnet::appenv('environment.screenname' => $newscreen);
+        $message='Set new screenname to '.$newscreen;
+    } else {
+        &Apache::lonnet::del('environment',['screenname']);
+        &Apache::lonnet::delenv('environment\.screenname');
+        $message='Reset screenname';
+    }
+# Nickname
+    $message.='<br />';
+    $newscreen  = $ENV{'form.nickname'};
+    $newscreen=~s/[^ \w]//g;
+    if ($newscreen) {
+        &Apache::lonnet::put('environment',{'nickname' => $newscreen});
+        &Apache::lonnet::appenv('environment.nickname' => $newscreen);
+        $message.='Set new nickname to '.$newscreen;
+    } else {
+        &Apache::lonnet::del('environment',['nickname']);
+        &Apache::lonnet::delenv('environment\.nickname');
+        $message.='Reset nickname';
+    }
+
+    my $bodytag=&Apache::loncommon::bodytag(
+                    'Change Your Nickname and Anonymous Screen Name');
+    $r->print(<<ENDVCSCREEN);
+<html>
+$bodytag
+</p>
+$message
+</body></html>
+ENDVCSCREEN
+}
+
+################################################################
+#         Colors                                               #
+################################################################
+
+sub colorschanger {
+    my $r = shift;
+    my $bodytag=&Apache::loncommon::bodytag(
+                    'Change Color Scheme for Current Role Type');
+# figure out colors
+    my $function='student';
+    if ($ENV{'request.role'}=~/^(cc|in|ta|ep)/) {
+	$function='coordinator';
+    }
+    if ($ENV{'request.role'}=~/^(su|dc|ad|li)/) {
+	$function='admin';
+    }
+    if (($ENV{'request.role'}=~/^(au|ca)/) ||
+	($ENV{'REQUEST_URI'}=~/^(\/priv|\~)/)) {
+	$function='author';
+    }
+    my $domain=&Apache::loncommon::determinedomain();
+    my %colortypes=('pgbg'  => 'Page Background',
+                    'tabbg' => 'Header Background',
+                    'sidebg'=> 'Header Border',
+                    'font'  => 'Font',
+                    'link'  => 'Un-Visited Link',
+                    'vlink' => 'Visited Link',
+                    'alink' => 'Active Link');
+    my $chtable='';
+    foreach my $item (keys %colortypes) {
+       my $curcol=&Apache::loncommon::designparm($function.'.'.$item,$domain);
+       $chtable.='<tr><td>'.$colortypes{$item}.'</td><td bgcolor="'.$curcol.
+        '">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td><td><input name="'.$item.
+        '" size="8" value="'.$curcol.
+'" /></td><td><a href="javascript:pjump('."'color','".$colortypes{$item}.
+"','".$curcol."','"
+	    .$item."','".$item."','psub'".');">Select</a></td></tr>';
+    }
+    $r->print(<<ENDCOL);
+<html>
+<script>
+
+    function pclose() {
+        parmwin=window.open("/adm/rat/empty.html","LONCAPAparms",
+                 "height=350,width=350,scrollbars=no,menubar=no");
+        parmwin.close();
+    }
+
+    function pjump(type,dis,value,marker,ret,call) {
+        parmwin=window.open("/adm/rat/parameter.html?type="+escape(type)
+                 +"&value="+escape(value)+"&marker="+escape(marker)
+                 +"&return="+escape(ret)
+                 +"&call="+escape(call)+"&name="+escape(dis),"LONCAPAparms",
+                 "height=350,width=350,scrollbars=no,menubar=no");
+
+    }
+
+    function psub() {
+        pclose();
+        if (document.parmform.pres_marker.value!='') {
+            document.parmform.action+='#'+document.parmform.pres_marker.value;
+            var typedef=new Array();
+            typedef=document.parmform.pres_type.value.split('_');
+           if (document.parmform.pres_type.value!='') {
+            if (typedef[0]=='date') {
+                eval('document.parmform.recent_'+
+                     document.parmform.pres_type.value+
+		     '.value=document.parmform.pres_value.value;');
+            } else {
+                eval('document.parmform.recent_'+typedef[0]+
+		     '.value=document.parmform.pres_value.value;');
+            }
+	   }
+            document.parmform.submit();
+        } else {
+            document.parmform.pres_value.value='';
+            document.parmform.pres_marker.value='';
+        }
+    }
+
+
+</script>
+$bodytag
+
+<form name="server" action="/adm/preferences" method="post">
+<input type="hidden" name="action" value="verify_and_change_colors" />
+<table border="2">
+$chtable
+</table>
+<input type="submit" value="Change" />
+</form>
+</body>
+</html>
+ENDCOL
+}
+
+sub verify_and_change_colors {
+    my $r = shift;
+# figure out colors
+    my $function='student';
+    if ($ENV{'request.role'}=~/^(cc|in|ta|ep)/) {
+	$function='coordinator';
+    }
+    if ($ENV{'request.role'}=~/^(su|dc|ad|li)/) {
+	$function='admin';
+    }
+    if (($ENV{'request.role'}=~/^(au|ca)/) ||
+	($ENV{'REQUEST_URI'}=~/^(\/priv|\~)/)) {
+	$function='author';
+    }
+    my $domain=&Apache::loncommon::determinedomain();
+    my %colortypes=('pgbg'  => 'Page Background',
+                    'tabbg' => 'Header Background',
+                    'sidebg'=> 'Header Border',
+                    'font'  => 'Font',
+                    'link'  => 'Un-Visited Link',
+                    'vlink' => 'Visited Link',
+                    'alink' => 'Active Link');
+
+    my $message='';
+#    my $newscreen='';
+#    $newscreen=~s/\,$//;
+#    if ($newscreen) {
+#        &Apache::lonnet::put('environment',{'msgforward' => $newscreen});
+#        &Apache::lonnet::appenv('environment.msgforward' => $newscreen);
+#        $message.='Set new message forwarding to '.$newscreen.'<br />';
+#    } else {
+#        &Apache::lonnet::del('environment',['msgforward']);
+#        &Apache::lonnet::delenv('environment\.msgforward');
+#        $message.='Reset message forwarding<br />';
+#    }
+
+    my $bodytag=&Apache::loncommon::bodytag(
+                           'Change Color Scheme for Current Role Type');
+    $r->print(<<ENDVCCOL);
+<html>
+$bodytag
+</p>
+$message
+</body></html>
+ENDVCCOL
+}
+
+######################################################
+#            password handler subroutines            #
+######################################################
 sub passwordchanger {
+    # This function is a bit of a mess....
     # Passwords are encrypted using londes.js (DES encryption)
-    #
     my $r = shift;
+    my $errormessage = shift;
+    $errormessage = ($errormessage || '');
     my $user       = $ENV{'user.name'};
     my $domain     = $ENV{'user.domain'};
     my $homeserver = $ENV{'user.home'};
@@ -140,14 +334,14 @@ sub passwordchanger {
     my ($lkey_cpass ,$ukey_cpass ) = &des_keys();
     my ($lkey_npass1,$ukey_npass1) = &des_keys();
     my ($lkey_npass2,$ukey_npass2) = &des_keys();
-    # Store the keys
+    # Store the keys in the log files
     my $lonhost = $r->dir_config('lonHostID');
     my $logtoken=Apache::lonnet::reply('tmpput:'
 				       .$ukey_cpass  . $lkey_cpass .'&'
 				       .$ukey_npass1 . $lkey_npass1.'&'
 				       .$ukey_npass2 . $lkey_npass2,
 				       $lonhost);
-    # Hexify these keys
+    # Hexify the keys for output as javascript variables
     $ukey_cpass = hex($ukey_cpass);
     $lkey_cpass = hex($lkey_cpass);
     $ukey_npass1= hex($ukey_npass1);
@@ -155,21 +349,18 @@ sub passwordchanger {
     $ukey_npass2= hex($ukey_npass2);
     $lkey_npass2= hex($lkey_npass2);
     # Output javascript to deal with passwords
-    $r->print(<<ENDHEADER);
-<html>
-<head>
-<title>The LearningOnline Network with CAPA</title>
-</head>
-ENDHEADER
-   # Output DES javascript
+    # Output DES javascript
+    $r->print("<html><head>");
     {
 	my $include = $r->dir_config('lonIncludes');
 	my $jsh=Apache::File->new($include."/londes.js");
 	$r->print(<$jsh>);
     }
+    my $bodytag=&Apache::loncommon::bodytag('Change Password','',
+                                         'onLoad="init();"');
     $r->print(<<ENDFORM);
-
-<body bgcolor="#FFFFFF" onLoad="init();">
+</head>
+$bodytag
 
 <script language="JavaScript">
 
@@ -197,11 +388,8 @@ ENDHEADER
     }
 
 </script>
-<h1>Preferences for $user</h1>
-<h3>$user is a member of domain $domain</h3>
-<p>
-Change password for $user
-</p>
+$errormessage
+
 <p>
 <!-- We seperate the forms into 'server' and 'client' in order to
      ensure that unencrypted passwords will not be sent out by a
@@ -211,23 +399,23 @@ Change password for $user
 <input type="hidden" name="logtoken"    value="$logtoken" />
 <input type="hidden" name="action"      value="verify_and_change_pass" />
 <input type="hidden" name="currentpass" value="" />
-<input type="hidden" name="newpass_1"    value="" />
-<input type="hidden" name="newpass_2"    value="" />
+<input type="hidden" name="newpass_1"   value="" />
+<input type="hidden" name="newpass_2"   value="" />
 </form>
 
 <form name="client" >
 <table>
-<tr><td align="right"> Current password:             </td>
-    <td><input type="password" name="currentpass" /> </td></tr>
-<tr><td align="right"> New password:                 </td>
-    <td><input type="password" name="newpass_1" />    </td></tr>
-<tr><td align="right"> Confirm password:             </td>
-    <td><input type="password" name="newpass_2" />    </td></tr>
+<tr><td align="right"> Current password:                      </td>
+    <td><input type="password" name="currentpass" size="10"/> </td></tr>
+<tr><td align="right"> New password:                          </td>
+    <td><input type="password" name="newpass_1" size="10"  /> </td></tr>
+<tr><td align="right"> Confirm password:                      </td>
+    <td><input type="password" name="newpass_2" size="10"  /> </td></tr>
 <tr><td colspan="2" align="center">
     <input type="button" value="Change Password" onClick="send();">
 </table>
-<input type="hidden" name="ukey_cpass"   value="$ukey_cpass" />
-<input type="hidden" name="lkey_cpass"   value="$lkey_cpass" />
+<input type="hidden" name="ukey_cpass"  value="$ukey_cpass" />
+<input type="hidden" name="lkey_cpass"  value="$lkey_cpass" />
 <input type="hidden" name="ukey_npass1" value="$ukey_npass1" />
 <input type="hidden" name="lkey_npass1" value="$lkey_npass1" />
 <input type="hidden" name="ukey_npass2" value="$ukey_npass2" />
@@ -245,47 +433,103 @@ sub verify_and_change_password {
     my $domain     = $ENV{'user.domain'};
     my $homeserver = $ENV{'user.home'};
     my $currentauth=&Apache::lonnet::queryauthenticate($user,$domain);
+    # Check for authentication types that allow changing of the password.
+    return if ($currentauth !~ /^(unix|internal):/);
     #
-    $r->print("<h1>verify and change password</h1>\n");
+    $r->print(<<ENDHEADER);
+<html>
+<head>
+<title>LON-CAPA Preferences:  Change password for $user</title>
+</head>
+ENDHEADER
     #
     my $currentpass = $ENV{'form.currentpass'}; 
     my $newpass1    = $ENV{'form.newpass_1'}; 
     my $newpass2    = $ENV{'form.newpass_2'};
     my $logtoken    = $ENV{'form.logtoken'};
     # Check for empty data 
-    if (!(defined($currentpass) && 
-	  defined($newpass1)    && 
-	  defined($newpass2))){
-	$r->print("<font color='#ff0000'>ERROR</font> Password data was ".
-		  "blank.\n");
+    unless (defined($currentpass) && 
+	    defined($newpass1)    && 
+	    defined($newpass2)    ){
+	&passwordchanger($r,"<p>\n<font color='#ff0000'>ERROR</font>".
+			 "Password data was blank.\n</p>");
 	return;
     }
     # Get the keys
     my $lonhost = $r->dir_config('lonHostID');
     my $tmpinfo = Apache::lonnet::reply('tmpget:'.$logtoken,$lonhost);
     if (($tmpinfo=~/^error/) || ($tmpinfo eq 'con_lost')) {
+        # I do not a have a better idea about how to handle this
 	$r->print(<<ENDERROR);
 <p>
 <font color="#ff0000">ERROR:</font> Unable to retrieve stored token for
-password decryption.  
+password decryption.  Please log out and try again.
 </p>
 ENDERROR
+        # Probably should log an error here
         return;
     }
     my ($ckey,$n1key,$n2key)=split(/&/,$tmpinfo);
-    # decrypt
-    my $currentpass = &des_decrypt($ckey ,$currentpass);
-    my $newpass1    = &des_decrypt($n1key,$newpass1);
-    my $newpass2    = &des_decrypt($n2key,$newpass2);
-    # Sanity check
+    # 
+    $currentpass = &des_decrypt($ckey ,$currentpass);
+    $newpass1    = &des_decrypt($n1key,$newpass1);
+    $newpass2    = &des_decrypt($n2key,$newpass2);
+    # 
     if ($newpass1 ne $newpass2) {
-	$r->print('<font color="#ff0000">ERROR:</font>The new passwords you '.
-		  'entered do not match.  Please try again.');
-	&passwordchanger($r);
+	&passwordchanger($r,
+			 '<font color="#ff0000">ERROR:</font>'.
+			 'The new passwords you entered do not match.  '.
+			 'Please try again.');
+	return;
+    }
+    if (length($newpass1) < 7) {
+	&passwordchanger($r,
+			 '<font color="#ff0000">ERROR:</font>'.
+			 'Passwords must be a minimum of 7 characters long.  '.
+			 'Please try again.');
 	return;
     }
+    #
+    # Check for bad characters
+    my $badpassword = 0;
+    foreach (split(//,$newpass1)) {
+	$badpassword = 1 if ((ord($_)<32)||(ord($_)>126));
+    }
+    if ($badpassword) {
+	# I can't figure out how to enter bad characters on my browser.
+	&passwordchanger($r,<<ENDERROR);
+<font color="#ff0000">ERROR:</font>
+The password you entered contained illegal characters.<br />
+Valid characters are: space and <br />
+<pre>
+!&quot;\#$%&amp;\'()*+,-./0123456789:;&lt;=&gt;?\@
+ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_\`abcdefghijklmnopqrstuvwxyz{|}~
+</pre>
+ENDERROR
+    }
+    # 
+    # Change the password (finally)
+    my $result = &Apache::lonnet::changepass
+	($user,$domain,$currentpass,$newpass1,$homeserver);
+    # Inform the user the password has (not?) been changed
+    if ($result =~ /^ok$/) {
+	$r->print(<<"ENDTEXT");
+<h2>The password for $user was successfully changed</h2>
+ENDTEXT
+    } else {
+	# error error: run in circles, scream and shout
+        $r->print(<<ENDERROR);
+<h2><font color="#ff0000">The password for $user was not changed</font></h2>
+Please make sure your old password was entered correctly.
+ENDERROR
+    }
+    return;
 }
 
+######################################################
+#            other handler subroutines               #
+######################################################
+
 ################################################################
 #                          Main handler                        #
 ################################################################
@@ -294,37 +538,100 @@ sub handler {
     my $user = $ENV{'user.name'};
     my $domain = $ENV{'user.domain'};
     $r->content_type('text/html');
+    # Some pages contain DES keys and should not be cached.
+    &Apache::loncommon::no_cache($r);
     $r->send_http_header;
     return OK if $r->header_only;
-    # Spit out the header
+    #
     if ($ENV{'form.action'} eq 'changepass') {
 	&passwordchanger($r);
     } elsif ($ENV{'form.action'} eq 'verify_and_change_pass') {
 	&verify_and_change_password($r);
+    } elsif ($ENV{'form.action'} eq 'changescreenname') {
+        &screennamechanger($r);
+    } elsif ($ENV{'form.action'} eq 'verify_and_change_screenname') {
+        &verify_and_change_screenname($r);
+    } elsif ($ENV{'form.action'} eq 'changemsgforward') {
+        &msgforwardchanger($r);
+    } elsif ($ENV{'form.action'} eq 'verify_and_change_msgforward') {
+        &verify_and_change_msgforward($r);
+    } elsif ($ENV{'form.action'} eq 'changecolors') {
+        &colorschanger($r);
+    } elsif ($ENV{'form.action'} eq 'verify_and_change_colors') {
+        &verify_and_change_colors($r);
+    } elsif ($ENV{'form.action'} eq 'debugtoggle') {
+	if ($ENV{'user.name'} eq 'albertel' ) {
+	    if ($ENV{'user.debug'}) {
+		&Apache::lonnet::delenv('user\.debug');
+	    } else {
+		&Apache::lonnet::appenv('user.debug' => 1);
+	    }
+	}
     } else {
 	$r->print(<<ENDHEADER);
 <html>
 <head>
-<title>The LearningOnline Network with CAPA</title>
+<title>LON-CAPA Preferences</title>
 </head>
-<body bgcolor="#FFFFFF" >
-<h1>Preferences for $user</h1>
-<h3>$user is a member of domain $domain</h3>
 ENDHEADER
+        $r->print(&Apache::loncommon::bodytag('Change Your Preferences'));
 	# Determine current authentication method
 	my $currentauth=&Apache::lonnet::queryauthenticate($user,$domain);
 	if ($currentauth =~ /^(unix|internal):/) {
-	    $r->print($passwordform);
+	    $r->print(<<ENDPASSWORDFORM);
+<form name="client" action="/adm/preferences" method="post">
+<input type="hidden" name="action" value="changepass" />
+<input type="submit" value="Change password" />
+</form>
+ENDPASSWORDFORM
+        }
+# Change screen name
+	    $r->print(<<ENDSCREENNAMEFORM);
+<form name="client" action="/adm/preferences" method="post">
+<input type="hidden" name="action" value="changescreenname" />
+<input type="submit" 
+value="Change nickname and anonymous discussion screen name" />
+</form>
+ENDSCREENNAMEFORM
+	    $r->print(<<ENDMSGFORWARDFORM);
+<form name="client" action="/adm/preferences" method="post">
+<input type="hidden" name="action" value="changemsgforward" />
+<input type="submit" value="Change message forwarding and notification addresses" />
+</form>
+ENDMSGFORWARDFORM
+# The "about me" page
+	my $aboutmeaction=
+	    '/adm/'.$ENV{'user.domain'}.'/'.$ENV{'user.name'}.'/aboutme';
+	$r->print(<<ENDABOUTME);
+<form name="client" action="$aboutmeaction" method="post">
+<input type="hidden" name="action" value="changescreenname" />
+<input type="submit" value="Edit the 'About Me' personal information screen" />
+</form>
+ENDABOUTME
+	    $r->print(<<ENDCOLORFORM);
+<form name="client" action="/adm/preferences" method="post">
+<input type="hidden" name="action" value="changecolors" />
+<input type="submit" value="Change color scheme" />
+</form>
+ENDCOLORFORM
+
+	if ($ENV{'user.name'} eq 'albertel') {
+	    $r->print(<<ENDDEBUG);
+<form name="client" action="/adm/preferences" method="post">
+<input type="hidden" name="action" value="debugtoggle" />
+<input type="submit" value="Toggle Debug" />
+Current Debug status is -$ENV{'user.debug'}-.
+</form>
+ENDDEBUG
 	}
-	$r->print($environmentform);
+	# Other preference setting code should be added here
     }
-    # Spit out the footer
     $r->print(<<ENDFOOTER);
 </body>
 </html>
 ENDFOOTER
     return OK;
-} 
+}
 
 1;
 __END__