@@ -1222,9 +1232,9 @@ sub verify_and_change_colors {
my $message='';
foreach my $item (keys(%colortypes)) {
my $color=$env{'form.'.$item};
- if (!($color =~ /^#/)) {
- $color = '#' . $color;
- }
+ if (!($color =~ /^#/)) {
+ $color = '#' . $color;
+ }
my $entry='color.'.$function.'.'.$item;
if (($color=~/^\#[0-9A-Fa-f]{6}$/) && (!$env{'form.resetall'})) {
&Apache::lonnet::put('environment',{$entry => $color});
@@ -1251,11 +1261,12 @@ sub verify_and_change_colors {
# password handler subroutines #
sub passwordchanger {
- my ($r,$errormessage,$caller,$mailtoken) = @_;
+ my ($r,$errormessage,$caller,$mailtoken,$timelimit,$extrafields) = @_;
# This function is a bit of a mess....
# Passwords are encrypted using londes.js (DES encryption)
$errormessage = ($errormessage || '');
- my ($user,$domain,$currentpass);
+ my ($user,$domain,$currentpass,$clientip);
+ $clientip = &Apache::lonnet::get_requestor_ip($r);
{ href => '/adm/preferences?action=changepass',
text => 'Change Password'});
@@ -1269,43 +1280,55 @@ sub passwordchanger {
if (!defined($caller)) {
$caller = 'preferences';
+ my ($blocked,$blocktext) =
+ &Apache::loncommon::blocking_status('passwd',$clientip);
+ if ($blocked) {
+ $r->print(''.$blocktext.'
+ return;
+ }
} elsif ($caller eq 'reset_by_email') {
- my %data = &Apache::lonnet::tmpget($mailtoken);
- if (keys(%data) == 0) {
- $r->print(
- ''
- .&mt('Sorry, the URL you provided to complete the reset of your password was invalid. Either the token included in the URL has been deleted or the URL you provided was invalid. Please submit a [_1]new request[_2] for a password reset, and follow the link to the new URL included in the e-mail that will be sent to you, to allow you to enter a new password.'
- ,'',' ')
- .'
- );
- return;
- }
- if (defined($data{time})) {
- if (time - $data{'time'} < 7200) {
- $user = $data{'username'};
- $domain = $data{'domain'};
- $currentpass = $data{'temppasswd'};
- } else {
- $r->print(
- ''
- .&mt('Sorry, the token generated when you requested'
- .' a password reset has expired.')
- .'
- );
+ my %data = &Apache::lonnet::tmpget($mailtoken);
+ if (keys(%data) == 0) {
+ $r->print(
+ ''
+ .&mt('Sorry, the URL you provided to complete the reset of your password was invalid. Either the token included in the URL has been deleted or the URL you provided was invalid. Please submit a [_1]new request[_2] for a password reset, and follow the link to the new URL included in the e-mail that will be sent to you, to allow you to enter a new password.'
+ ,'',' ')
+ .'
+ );
+ return;
+ }
+ if (defined($data{time})) {
+ if (time - $data{'time'} < $timelimit) {
+ $user = $data{'username'};
+ $domain = $data{'domain'};
+ $currentpass = $data{'temppasswd'};
+ my ($blocked,$blocktext) =
+ &Apache::loncommon::blocking_status('passwd',$clientip,$user,$domain);
+ if ($blocked) {
+ $r->print(''.$blocktext.'
} else {
- ''
- .&mt('Sorry, the URL generated when you requested reset of'
- .' your password contained incomplete information.')
+ '
+ .&mt('Sorry, the token generated when you requested'
+ .' a password reset has expired.')
- if (&Apache::lonnet::domain($domain) eq '') {
- $domain = $r->dir_config('lonDefDomain');
- }
+ } else {
+ $r->print(
+ ''
+ .&mt('Sorry, the URL generated when you requested reset of'
+ .' your password contained incomplete information.')
+ .'
+ );
+ return;
+ }
+ if (&Apache::lonnet::domain($domain) eq '') {
+ $domain = $r->dir_config('lonDefDomain');
+ }
} else {
@@ -1344,7 +1367,7 @@ sub passwordchanger {
my $jsh=Apache::File->new($include."/londes.js");
- $r->print(&jscript_send($caller));
+ $r->print(&jscript_send($caller,$domain,$currentauth,$extrafields));
- $r->print(&server_form($logtoken,$caller,$mailtoken));
- $r->print(&client_form($caller,\%hexkey,$currentpass,$domain));
+ $r->print(&server_form($logtoken,$caller,$mailtoken,$extrafields));
+ $r->print(&client_form($caller,\%hexkey,$currentpass,$domain,$extrafields));
sub jscript_send {
- my ($caller) = @_;
+ my ($caller,$domain,$currentauth,$extrafields) = @_;
+ my ($min,$max,$rulestr,$numrules);
+ $min = $Apache::lonnet::passwdmin;
+ my %js_lt = &Apache::lonlocal::texthash(
+ uc => 'New password needs at least one upper case letter',
+ lc => 'New password needs at least one lower case letter',
+ num => 'New password needs at least one number',
+ spec => 'New password needs at least one non-alphanumeric',
+ blank1 => 'Empty Password field',
+ blank2 => 'Empty Confirm Password field',
+ mismatch => 'Contents of Password and Confirm Password fields must match',
+ fail => 'Please fix the following:',
+ );
+ &js_escape(\%js_lt);
+ if ($currentauth eq 'internal:') {
+ if ($domain ne '') {
+ my %passwdconf = &Apache::lonnet::get_passwdconf($domain);
+ if (keys(%passwdconf)) {
+ if ($passwdconf{min}) {
+ $min = $passwdconf{min};
+ }
+ if ($passwdconf{max}) {
+ $max = $passwdconf{max};
+ $js_lt{'long'} = &js_escape(&mt('Maximum password length: [_1]',$max));
+ }
+ if (ref($passwdconf{chars}) eq 'ARRAY') {
+ if (@{$passwdconf{chars}}) {
+ $rulestr = join('","',@{$passwdconf{chars}});
+ $numrules = scalar(@{$passwdconf{chars}});
+ }
+ }
+ }
+ }
+ }
+ $js_lt{'short'} = &js_escape(&mt('Minimum password length: [_1]',$min));
+ my $passwdcheck = <<"ENDJS";
+ var errors = new Array();
+ var min = parseInt("$min") || 0;
+ var currauth = "$currentauth";
+ if (this.document.client.elements.newpass_1.value == '') {
+ errors.push("$js_lt{'blank1'}");
+ }
+ if (this.document.client.elements.newpass_2.value == '') {
+ errors.push("$js_lt{'blank2'}");
+ }
+ if (errors.length == 0) {
+ if (this.document.client.elements.newpass_1.value != this.document.client.elements.newpass_2.value) {
+ errors.push("$js_lt{'mismatch'}");
+ }
+ var posspass = this.document.client.elements.newpass_1.value;
+ if (min > 0) {
+ if (posspass.length < min) {
+ errors.push("$js_lt{'short'}");
+ }
+ }
+ if (currauth == 'internal:') {
+ var max = parseInt("$max") || 0;
+ if (max > 0) {
+ if (posspass.length > max) {
+ errors.push("$js_lt{'long'}");
+ }
+ }
+ var numrules = parseInt("$numrules") || 0;
+ if (numrules > 0) {
+ var rules = new Array("$rulestr");
+ for (var i=0; i\\/?]/;
+ if (!posspass.match(pattern)) {
+ errors.push("$js_lt{'spec'}");
+ }
+ }
+ }
+ }
+ }
+ }
+ if (errors.length > 0) {
+ alert("$js_lt{'fail'}"+"\\n\\n"+errors.join("\\n"));
+ return;
+ }
my $output = qq|
sub client_form {
- my ($caller,$hexkey,$currentpass,$defdom) = @_;
+ my ($caller,$hexkey,$currentpass,$defdom,$extrafields) = @_;
my %lt=&Apache::lonlocal::texthash(
'email' => 'E-mail Address',
'username' => 'Username',
@@ -1417,34 +1538,40 @@ sub client_form {
my $output = '
+ if ($caller eq 'reset_by_email') {
+ return 'missingdata';
+ } else {
+ return;
+ }
# Get the keys
my $lonhost = $r->dir_config('lonHostID');
@@ -1556,10 +1705,14 @@ sub verify_and_change_password {
# Probably should log an error here
- return 1;
+ if ($caller eq 'reset_by_email') {
+ return 'internalerror';
+ } else {
+ return;
+ }
my ($ckey,$n1key,$n2key)=split(/&/,$tmpinfo);
- #
+ #
$currentpass = &Apache::loncommon::des_decrypt($ckey ,$currentpass);
$newpass1 = &Apache::loncommon::des_decrypt($n1key,$newpass1);
$newpass2 = &Apache::loncommon::des_decrypt($n2key,$newpass2);
@@ -1570,30 +1723,53 @@ ENDERROR
&mt('Could not verify current authentication.').' '.
- &mt('Please try again.').' ',$caller,$mailtoken);
- return 1;
+ &mt('Please try again.').'',$caller,$mailtoken,$timelimit,$extrafields);
+ return 'emptydata';
if ($currentpass ne $data{'temppasswd'}) {
&mt('Could not verify current authentication.').' '.
- &mt('Please try again.').' ',$caller,$mailtoken);
- return 1;
+ &mt('Please try again.').'',$caller,$mailtoken,$timelimit,$extrafields);
+ return 'missingtemp';
- }
+ }
if ($newpass1 ne $newpass2) {
&mt('The new passwords you entered do not match.').' '.
- &mt('Please try again.').' ',$caller,$mailtoken);
- return 1;
+ &mt('Please try again.').'',$caller,$mailtoken,$timelimit,$extrafields);
+ if ($caller eq 'reset_by_email') {
+ return 'mismatch';
+ } else {
+ return;
+ }
- if (length($newpass1) < 7) {
- &passwordchanger($r,
- ''.
- &mt('Passwords must be a minimum of 7 characters long.').' '.
- &mt('Please try again.').' ',$caller,$mailtoken);
- return 1;
+ if ($currentauth eq 'unix:') {
+ if (length($newpass1) < 7) {
+ &passwordchanger($r,
+ ''.
+ &mt('Passwords must be a minimum of 7 characters long.').' '.
+ &mt('Please try again.').' ',$caller,$mailtoken,$timelimit,$extrafields);
+ if ($caller eq 'reset_by_email') {
+ return 'length';
+ } else {
+ return;
+ }
+ }
+ } else {
+ my $warning = &Apache::loncommon::check_passwd_rules($domain,$newpass1);
+ if ($warning) {
+ &passwordchanger($r,''.
+ $warning.
+ &mt('Please try again.').' ',
+ $caller,$mailtoken,$timelimit,$extrafields);
+ if ($caller eq 'reset_by_email') {
+ return 'rules';
+ } else {
+ return;
+ }
+ }
# Check for bad characters
@@ -1612,8 +1788,12 @@ ENDERROR
- &passwordchanger($r,$errormessage,$caller,$mailtoken);
- return 1;
+ &passwordchanger($r,$errormessage,$caller,$mailtoken,$timelimit,$extrafields);
+ if ($caller eq 'reset_by_email') {
+ return 'badchars';
+ } else {
+ return;
+ }
# Change the password (finally)
@@ -1628,20 +1808,32 @@ ENDERROR
$r->print($message.' ');
} else {
&print_main_menu($r, $message);
+ if (ref($ended)) {
+ $$ended = 1;
+ }
} else {
# error error: run in circles, scream and shout
if ($caller eq 'reset_by_email') {
if (!$result) {
- return 1;
+ return 'error';
} else {
return $result;
} else {
+ my $feedback;
+ if ($result eq 'prioruse') {
+ $feedback = &mt('Please enter a password that you have not used recently.');
+ } else {
+ $feedback = &mt('Please make sure your old password was entered correctly.');
+ }
$message = &Apache::lonhtmlcommon::confirm_success(
- &mt("The password for user [_1] was not changed.",''.$user.' ').' '.&mt('Please make sure your old password was entered correctly.'),1);
+ &mt("The password for user [_1] was not changed.",''.$user.' ').' '.$feedback,1);
&print_main_menu($r, $message);
+ if (ref($ended)) {
+ $$ended = 1;
+ }
@@ -1877,6 +2069,64 @@ sub verify_and_change_coursepage {
+sub author_space_settings {
+ my $r = shift;
+ &Apache::lonhtmlcommon::add_breadcrumb(
+ { href => '/adm/preferences?action=authorsettings',
+ text => 'Authoring Space Settings'});
+ my $user = $env{'user.name'};
+ my $domain = $env{'user.domain'};
+ my %author_roles = &Apache::lonnet::get_my_roles($user,$domain,'userroles','',['au','ca','aa']);
+ if (keys(%author_roles) > 0) {
+ $r->print(Apache::loncommon::start_page('Authoring Space Settings'));
+ $r->print(Apache::lonhtmlcommon::breadcrumbs('Authoring Space Settings'));
+ my %userenv = &Apache::lonnet::get('environment',['nocodemirror']);
+ my $constchecked='';
+ if ($env{'environment.nocodemirror'}) {
+ $constchecked=' checked="checked"';
+ }
+ my $text=&mt('By default, CodeMirror an editor with advanced functionality for editing code is activated for authors.');
+ my $cmoff=&mt('Deactivate CodeMirror. This can improve performance on slow computers and accessibility.');
+ my $change=&mt('Save');
+ my $returnurl = &HTML::Entities::encode($env{'form.returnurl'},'"<>&\'');
+ $r->print(<
+ $text
+ $cmoff