version 1.3, 2002/02/15 22:04:39
|
version 1.4, 2002/02/19 21:50:40
|
Line 49 use Apache::Constants qw(:common);
|
Line 49 use Apache::Constants qw(:common);
|
use Apache::File; |
use Apache::File; |
use Crypt::DES; |
use Crypt::DES; |
use DynaLoader; # for Crypt::DES version |
use DynaLoader; # for Crypt::DES version |
|
use Apache::loncommon(); |
|
|
#------------------- forms to be output |
|
my $passwordform =<<ENDPASSWORDFORM; |
|
<form name="client" action="/adm/preferences" method="post"> |
|
<input type="hidden" name="action" value="changepass"> |
|
<input type="submit" value="Change password"> |
|
</form> |
|
ENDPASSWORDFORM |
|
|
|
my $environmentform = <<ENDENVIRONMENTFORM; |
|
<p> |
|
There are currently no environment variables you can change. |
|
</p> |
|
<!---- |
|
You may set the following environment variables: |
|
<table> |
|
<tr><th>Environment Setting</th><th>Current Value</th></tr> |
|
<tr> |
|
<td colspan="2"> |
|
<font color="#ff0000">No variables currently set up</font> |
|
</td> |
|
</tr> |
|
</table> |
|
--> |
|
ENDENVIRONMENTFORM |
|
#------------------ end of forms to be output |
|
|
|
################################################################ |
|
# Handler subroutines # |
|
################################################################ |
|
# |
# |
# Write lonnet::passwd to do the call below. |
# Write lonnet::passwd to do the call below. |
# Use: |
# Use: |
# my $answer=reply("encrypt:passwd:$udom:$uname:$upass",$tryserver); |
# my $answer=reply("encrypt:passwd:$udom:$uname:$upass",$tryserver); |
# |
# |
# I really should write some javascript to check on the client side for |
|
# mismatched passwords, but other problems are more pressing |
|
# |
|
################################################## |
################################################## |
# password associated functions # |
# password associated functions # |
################################################## |
################################################## |
sub des_keys { |
sub des_keys { |
# Make a new key for DES encryption |
# Make a new key for DES encryption. |
# Each key has two parts which are returned seperately |
# Each key has two parts which are returned seperately. |
|
# Please note: Each key must be passed through the &hex function |
|
# before it is output to the web browser. The hex versions cannot |
|
# be used to decrypt. |
my @hexstr=('0','1','2','3','4','5','6','7', |
my @hexstr=('0','1','2','3','4','5','6','7', |
'8','9','a','b','c','d','e','f'); |
'8','9','a','b','c','d','e','f'); |
my $lkey=''; |
my $lkey=''; |
Line 119 sub des_decrypt {
|
Line 91 sub des_decrypt {
|
$cypher->decrypt(unpack("a8",pack("H16",substr($cyphertext,0,16)))); |
$cypher->decrypt(unpack("a8",pack("H16",substr($cyphertext,0,16)))); |
$plaintext.= |
$plaintext.= |
$cypher->decrypt(unpack("a8",pack("H16",substr($cyphertext,16,16)))); |
$cypher->decrypt(unpack("a8",pack("H16",substr($cyphertext,16,16)))); |
$plaintext=unpack("a8",$plaintext); |
$plaintext=substr($plaintext,1,ord(substr($plaintext,0,1)) ); |
$plaintext=substr($plaintext,1,ord(substr($plaintext,0,1))); |
|
unpack("a8",$plaintext); |
|
return $plaintext; |
return $plaintext; |
} |
} |
|
|
|
################################################################ |
|
# Handler subroutines # |
|
################################################################ |
|
|
|
###################################################### |
|
# password handler subroutines # |
|
###################################################### |
sub passwordchanger { |
sub passwordchanger { |
|
# This function is a bit of a mess.... |
# Passwords are encrypted using londes.js (DES encryption) |
# Passwords are encrypted using londes.js (DES encryption) |
# |
|
my $r = shift; |
my $r = shift; |
|
my $errormessage = shift; |
|
$errormessage = ($errormessage || ''); |
my $user = $ENV{'user.name'}; |
my $user = $ENV{'user.name'}; |
my $domain = $ENV{'user.domain'}; |
my $domain = $ENV{'user.domain'}; |
my $homeserver = $ENV{'user.home'}; |
my $homeserver = $ENV{'user.home'}; |
Line 140 sub passwordchanger {
|
Line 119 sub passwordchanger {
|
my ($lkey_cpass ,$ukey_cpass ) = &des_keys(); |
my ($lkey_cpass ,$ukey_cpass ) = &des_keys(); |
my ($lkey_npass1,$ukey_npass1) = &des_keys(); |
my ($lkey_npass1,$ukey_npass1) = &des_keys(); |
my ($lkey_npass2,$ukey_npass2) = &des_keys(); |
my ($lkey_npass2,$ukey_npass2) = &des_keys(); |
# Store the keys |
# Store the keys in the log files |
my $lonhost = $r->dir_config('lonHostID'); |
my $lonhost = $r->dir_config('lonHostID'); |
my $logtoken=Apache::lonnet::reply('tmpput:' |
my $logtoken=Apache::lonnet::reply('tmpput:' |
.$ukey_cpass . $lkey_cpass .'&' |
.$ukey_cpass . $lkey_cpass .'&' |
.$ukey_npass1 . $lkey_npass1.'&' |
.$ukey_npass1 . $lkey_npass1.'&' |
.$ukey_npass2 . $lkey_npass2, |
.$ukey_npass2 . $lkey_npass2, |
$lonhost); |
$lonhost); |
# Hexify these keys |
# Hexify the keys for output as javascript variables |
$ukey_cpass = hex($ukey_cpass); |
$ukey_cpass = hex($ukey_cpass); |
$lkey_cpass = hex($lkey_cpass); |
$lkey_cpass = hex($lkey_cpass); |
$ukey_npass1= hex($ukey_npass1); |
$ukey_npass1= hex($ukey_npass1); |
Line 155 sub passwordchanger {
|
Line 134 sub passwordchanger {
|
$ukey_npass2= hex($ukey_npass2); |
$ukey_npass2= hex($ukey_npass2); |
$lkey_npass2= hex($lkey_npass2); |
$lkey_npass2= hex($lkey_npass2); |
# Output javascript to deal with passwords |
# Output javascript to deal with passwords |
$r->print(<<ENDHEADER); |
# Output DES javascript |
<html> |
|
<head> |
|
<title>The LearningOnline Network with CAPA</title> |
|
</head> |
|
ENDHEADER |
|
# Output DES javascript |
|
{ |
{ |
my $include = $r->dir_config('lonIncludes'); |
my $include = $r->dir_config('lonIncludes'); |
my $jsh=Apache::File->new($include."/londes.js"); |
my $jsh=Apache::File->new($include."/londes.js"); |
Line 199 ENDHEADER
|
Line 172 ENDHEADER
|
</script> |
</script> |
<h1>Preferences for $user</h1> |
<h1>Preferences for $user</h1> |
<h3>$user is a member of domain $domain</h3> |
<h3>$user is a member of domain $domain</h3> |
|
$errormessage |
<p> |
<p> |
Change password for $user |
Change password for $user |
</p> |
</p> |
Line 211 Change password for $user
|
Line 185 Change password for $user
|
<input type="hidden" name="logtoken" value="$logtoken" /> |
<input type="hidden" name="logtoken" value="$logtoken" /> |
<input type="hidden" name="action" value="verify_and_change_pass" /> |
<input type="hidden" name="action" value="verify_and_change_pass" /> |
<input type="hidden" name="currentpass" value="" /> |
<input type="hidden" name="currentpass" value="" /> |
<input type="hidden" name="newpass_1" value="" /> |
<input type="hidden" name="newpass_1" value="" /> |
<input type="hidden" name="newpass_2" value="" /> |
<input type="hidden" name="newpass_2" value="" /> |
</form> |
</form> |
|
|
<form name="client" > |
<form name="client" > |
<table> |
<table> |
<tr><td align="right"> Current password: </td> |
<tr><td align="right"> Current password: </td> |
<td><input type="password" name="currentpass" /> </td></tr> |
<td><input type="password" name="currentpass" size="10"/> </td></tr> |
<tr><td align="right"> New password: </td> |
<tr><td align="right"> New password: </td> |
<td><input type="password" name="newpass_1" /> </td></tr> |
<td><input type="password" name="newpass_1" size="10" /> </td></tr> |
<tr><td align="right"> Confirm password: </td> |
<tr><td align="right"> Confirm password: </td> |
<td><input type="password" name="newpass_2" /> </td></tr> |
<td><input type="password" name="newpass_2" size="10" /> </td></tr> |
<tr><td colspan="2" align="center"> |
<tr><td colspan="2" align="center"> |
<input type="button" value="Change Password" onClick="send();"> |
<input type="button" value="Change Password" onClick="send();"> |
</table> |
</table> |
<input type="hidden" name="ukey_cpass" value="$ukey_cpass" /> |
<input type="hidden" name="ukey_cpass" value="$ukey_cpass" /> |
<input type="hidden" name="lkey_cpass" value="$lkey_cpass" /> |
<input type="hidden" name="lkey_cpass" value="$lkey_cpass" /> |
<input type="hidden" name="ukey_npass1" value="$ukey_npass1" /> |
<input type="hidden" name="ukey_npass1" value="$ukey_npass1" /> |
<input type="hidden" name="lkey_npass1" value="$lkey_npass1" /> |
<input type="hidden" name="lkey_npass1" value="$lkey_npass1" /> |
<input type="hidden" name="ukey_npass2" value="$ukey_npass2" /> |
<input type="hidden" name="ukey_npass2" value="$ukey_npass2" /> |
Line 245 sub verify_and_change_password {
|
Line 219 sub verify_and_change_password {
|
my $domain = $ENV{'user.domain'}; |
my $domain = $ENV{'user.domain'}; |
my $homeserver = $ENV{'user.home'}; |
my $homeserver = $ENV{'user.home'}; |
my $currentauth=&Apache::lonnet::queryauthenticate($user,$domain); |
my $currentauth=&Apache::lonnet::queryauthenticate($user,$domain); |
|
# Check for authentication types that allow changing of the password. |
|
return if ($currentauth !~ /^(unix|internal):/); |
# |
# |
$r->print("<h1>verify and change password</h1>\n"); |
$r->print(<<ENDHEADER); |
|
<html> |
|
<head> |
|
<title>LON-CAPA Preferences: Change password for $user</title> |
|
</head> |
|
ENDHEADER |
# |
# |
my $currentpass = $ENV{'form.currentpass'}; |
my $currentpass = $ENV{'form.currentpass'}; |
my $newpass1 = $ENV{'form.newpass_1'}; |
my $newpass1 = $ENV{'form.newpass_1'}; |
my $newpass2 = $ENV{'form.newpass_2'}; |
my $newpass2 = $ENV{'form.newpass_2'}; |
my $logtoken = $ENV{'form.logtoken'}; |
my $logtoken = $ENV{'form.logtoken'}; |
# Check for empty data |
# Check for empty data |
if (!(defined($currentpass) && |
unless (defined($currentpass) && |
defined($newpass1) && |
defined($newpass1) && |
defined($newpass2))){ |
defined($newpass2) ){ |
$r->print("<font color='#ff0000'>ERROR</font> Password data was ". |
&passwordchanger($r,"<p>\n<font color='#ff0000'>ERROR</font>". |
"blank.\n"); |
"Password data was blank.\n</p>"); |
return; |
return; |
} |
} |
# Get the keys |
# Get the keys |
my $lonhost = $r->dir_config('lonHostID'); |
my $lonhost = $r->dir_config('lonHostID'); |
my $tmpinfo = Apache::lonnet::reply('tmpget:'.$logtoken,$lonhost); |
my $tmpinfo = Apache::lonnet::reply('tmpget:'.$logtoken,$lonhost); |
if (($tmpinfo=~/^error/) || ($tmpinfo eq 'con_lost')) { |
if (($tmpinfo=~/^error/) || ($tmpinfo eq 'con_lost')) { |
|
# I do not a have a better idea about how to handle this |
$r->print(<<ENDERROR); |
$r->print(<<ENDERROR); |
<p> |
<p> |
<font color="#ff0000">ERROR:</font> Unable to retrieve stored token for |
<font color="#ff0000">ERROR:</font> Unable to retrieve stored token for |
password decryption. |
password decryption. Please log out and try again. |
</p> |
</p> |
ENDERROR |
ENDERROR |
|
# Probably should log an error here |
return; |
return; |
} |
} |
my ($ckey,$n1key,$n2key)=split(/&/,$tmpinfo); |
my ($ckey,$n1key,$n2key)=split(/&/,$tmpinfo); |
# decrypt |
# |
my $currentpass = &des_decrypt($ckey ,$currentpass); |
my $currentpass = &des_decrypt($ckey ,$currentpass); |
my $newpass1 = &des_decrypt($n1key,$newpass1); |
my $newpass1 = &des_decrypt($n1key,$newpass1); |
my $newpass2 = &des_decrypt($n2key,$newpass2); |
my $newpass2 = &des_decrypt($n2key,$newpass2); |
# Sanity check |
# |
if ($newpass1 ne $newpass2) { |
if ($newpass1 ne $newpass2) { |
$r->print('<font color="#ff0000">ERROR:</font>The new passwords you '. |
&passwordchanger($r, |
'entered do not match. Please try again.'); |
'<font color="#ff0000">ERROR:</font>'. |
&passwordchanger($r); |
'The new passwords you entered do not match. '. |
|
'Please try again.'); |
|
return; |
|
} |
|
if (length($newpass1) < 7) { |
|
&passwordchanger($r, |
|
'<font color="#ff0000">ERROR:</font>'. |
|
'Passwords must be a minimum of 7 characters long. '. |
|
'Please try again.'); |
return; |
return; |
} |
} |
|
# |
|
# Check for bad characters |
|
my $badpassword = 0; |
|
foreach (split(//,$newpass1)) { |
|
$badpassword = 1 if ((ord($_)<32)||(ord($_)>126)); |
|
} |
|
if ($badpassword) { |
|
# I can't figure out how to enter bad characters on my browser. |
|
&passwordchanger($r,<<ENDERROR); |
|
<font color="#ff0000">ERROR:</font> |
|
The password you entered contained illegal characters.<br /> |
|
Valid characters are: space and <br /> |
|
<pre> |
|
!"\#$%&\'()*+,-./0123456789:;<=>?\@ |
|
ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_\`abcdefghijklmnopqrstuvwxyz{|}~ |
|
</pre> |
|
ENDERROR |
|
} |
|
# |
|
# Change the password (finally) |
|
my $result = &Apache::lonnet::changepass |
|
($user,$domain,$currentpass,$newpass1,$homeserver); |
|
# Inform the user the password has (not?) been changed |
|
if ($result =~ /^ok$/) { |
|
$r->print(<<"ENDTEXT"); |
|
<h2>Password for $user was successfully changed</h2> |
|
ENDTEXT |
|
} else { |
|
# error error: run in circles, scream and shout |
|
$r->print(<<ENDERROR); |
|
<h2><font color="#ff0000">Password for $user was not changed</font></h2> |
|
There was an internal error when attempting to change your password. |
|
Please contact your instructor or the domain coordinator. |
|
ENDERROR |
|
} |
|
return; |
} |
} |
|
|
|
###################################################### |
|
# other handler subroutines # |
|
###################################################### |
|
|
|
|
################################################################ |
################################################################ |
# Main handler # |
# Main handler # |
################################################################ |
################################################################ |
Line 294 sub handler {
|
Line 326 sub handler {
|
my $user = $ENV{'user.name'}; |
my $user = $ENV{'user.name'}; |
my $domain = $ENV{'user.domain'}; |
my $domain = $ENV{'user.domain'}; |
$r->content_type('text/html'); |
$r->content_type('text/html'); |
|
# Some pages contain DES keys and should not be cached. |
|
&Apache::loncommon::no_cache($r); |
$r->send_http_header; |
$r->send_http_header; |
return OK if $r->header_only; |
return OK if $r->header_only; |
# Spit out the header |
# Spit out the header |
Line 305 sub handler {
|
Line 339 sub handler {
|
$r->print(<<ENDHEADER); |
$r->print(<<ENDHEADER); |
<html> |
<html> |
<head> |
<head> |
<title>The LearningOnline Network with CAPA</title> |
<title>LON-CAPA Preferences</title> |
</head> |
</head> |
<body bgcolor="#FFFFFF" > |
<body bgcolor="#FFFFFF" > |
<h1>Preferences for $user</h1> |
<h1>Preferences for $user</h1> |
Line 314 ENDHEADER
|
Line 348 ENDHEADER
|
# Determine current authentication method |
# Determine current authentication method |
my $currentauth=&Apache::lonnet::queryauthenticate($user,$domain); |
my $currentauth=&Apache::lonnet::queryauthenticate($user,$domain); |
if ($currentauth =~ /^(unix|internal):/) { |
if ($currentauth =~ /^(unix|internal):/) { |
$r->print($passwordform); |
$r->print(<<ENDPASSWORDFORM); |
|
<form name="client" action="/adm/preferences" method="post"> |
|
<input type="hidden" name="action" value="changepass"> |
|
<input type="submit" value="Change password"> |
|
</form> |
|
ENDPASSWORDFORM |
|
# Other preference setting code should be added here |
} |
} |
$r->print($environmentform); |
|
} |
} |
# Spit out the footer |
|
$r->print(<<ENDFOOTER); |
$r->print(<<ENDFOOTER); |
</body> |
</body> |
</html> |
</html> |