--- loncom/interface/resetpw.pm 2016/01/27 00:24:09 1.37 +++ loncom/interface/resetpw.pm 2016/09/12 16:02:16 1.38 @@ -1,7 +1,7 @@ # The LearningOnline Network # Allow access to password changing via a token sent to user's e-mail. # -# $Id: resetpw.pm,v 1.37 2016/01/27 00:24:09 raeburn Exp $ +# $Id: resetpw.pm,v 1.38 2016/09/12 16:02:16 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -57,6 +57,7 @@ use Apache::lonnet; use Apache::loncommon; use Apache::lonlocal; use LONCAPA; +use HTML::Entities; sub handler { my $r = shift; @@ -87,8 +88,20 @@ sub handler { &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},['token']); my @emailtypes = ('permanentemail','critnotification','notification'); - my $uname = &unescape($env{'form.uname'}); - my $udom = $env{'form.udom'}; + my $uname = $env{'form.uname'}; + $uname =~ s/^\s+|\s+$//g; + $uname = &LONCAPA::clean_username($uname); + my $udom = &LONCAPA::clean_domain($env{'form.udom'}); + my ($domdesc,$otherinst); + if ($udom) { + $domdesc = &Apache::lonnet::domain($udom,'description'); + if ($domdesc) { + my %servers = &Apache::lonnet::internet_dom_servers($udom); + unless (exists($servers{$server})) { + $otherinst = 1; + } + } + } my $token = $env{'form.token'}; my $brcrum = []; if ($token) { @@ -106,71 +119,152 @@ sub handler { } } my $args = {bread_crumbs => $brcrum}; - $r->print(&Apache::loncommon::start_page('Reset password','',$args)); - $r->print('
'.$blocktext.'
' - .&display_actions($contact_email,$domdesc); - } elsif ($useremail !~ /^[^\@]+\@[^\@]+\.[^\@\.]+$/) { + } elsif ($udom) { + if (!$domdesc) { + $output = &invalid_state('baddomain',$domdesc, + $contact_name,$contact_email); + } elsif ($otherinst) { + ($header,$output) = &homeserver_redirect($uname,$udom,$domdesc,$brcrum); + } elsif ($uname) { + my $authtype = &Apache::lonnet::queryauthenticate($uname,$udom); + if ($authtype =~ /^internal/) { + my $useremail = $env{'form.useremail'}; + my ($blocked,$blocktext) = + &Apache::loncommon::blocking_status('passwd',$uname,$udom); + if ($blocked) { + $output = ''.$blocktext.'
' + .&display_actions($contact_email,$domdesc); + } elsif ($useremail !~ /^[^\@]+\@[^\@]+\.[^\@\.]+$/) { $output = &invalid_state('baduseremail',$domdesc, $contact_name,$contact_email); - } else { - my %userinfo = - &Apache::lonnet::get('environment',\@emailtypes, - $udom,$uname); - my @allemails; - foreach my $type (@emailtypes) { - my $email = $userinfo{$type}; - my @items; - if ($email =~ /,/) { - @items = split(',',$userinfo{$type}); - } else { - @items = ($email); - } - foreach my $item (@items) { - if ($item =~ /^[^\@]+\@[^\@]+\.[^\@\.]+$/) { - unless(grep(/^\Q$item\E$/,@allemails)) { - push(@allemails,$item); + } else { + my %userinfo = + &Apache::lonnet::get('environment',\@emailtypes, + $udom,$uname); + my @allemails; + foreach my $type (@emailtypes) { + my $email = $userinfo{$type}; + my @items; + if ($email =~ /,/) { + @items = split(',',$userinfo{$type}); + } else { + @items = ($email); + } + foreach my $item (@items) { + if ($item =~ /^[^\@]+\@[^\@]+\.[^\@\.]+$/) { + unless(grep(/^\Q$item\E$/,@allemails)) { + push(@allemails,$item); + } } } } - } - if (@allemails > 0) { - if (grep(/^\Q$useremail\E$/,@allemails)) { - $output = &send_token($uname,$udom,$useremail,$server, - $domdesc,$contact_name, - $contact_email); + if (@allemails > 0) { + if (grep(/^\Q$useremail\E$/,@allemails)) { + $output = &send_token($uname,$udom,$useremail,$server, + $domdesc,$contact_name, + $contact_email); + } else { + $output = &invalid_state('mismatch',$domdesc, + $contact_name, + $contact_email); + } } else { - $output = &invalid_state('mismatch',$domdesc, - $contact_name, - $contact_email); + $output = &invalid_state('missing',$domdesc, + $contact_name,$contact_email); } - } else { - $output = &invalid_state('missing',$domdesc, - $contact_name,$contact_email); } + } elsif ($authtype =~ /^(krb|unix|local)/) { + $output = &invalid_state('authentication',$domdesc, + $contact_name,$contact_email); + } else { + $output = &invalid_state('invalid',$domdesc, + $contact_name,$contact_email); } - } elsif ($authtype =~ /^(krb|unix|local)/) { - $output = &invalid_state('authentication',$domdesc, - $contact_name,$contact_email); } else { - $output = &invalid_state('invalid',$domdesc, - $contact_name,$contact_email); + $output = &get_uname($defdom); } } else { $output = &get_uname($defdom); } - $r->print($output); + $r->print($header.$output); $r->print(&Apache::loncommon::end_page()); return OK; } @@ -189,16 +283,23 @@ sub get_uname { .''.$msg.'
' .&display_actions($contact_email,$domdesc); @@ -299,6 +402,25 @@ sub invalid_state { return $msg; } +sub homeserver_redirect { + my ($uname,$udom,$domdesc,$brcrum) = @_; + my $uhome = &Apache::lonnet::homeserver(); + if ($uhome eq 'no_host') { + $uhome = &Apache::lonnet::domain($udom,'primary'); + } + my $protocol = $Apache::lonnet::protocol{$uhome}; + $protocol = 'http' if ($protocol ne 'https'); + my $url = $protocol.'://'.&Apache::lonnet::hostname($uhome).'/adm/resetpw'; + # Breadcrumbs + my $start_page = &Apache::loncommon::start_page('Switching Server',undef, + {'redirect' => [0,$url], + 'bread_crumbs' => $brcrum,}); + my $output = ''.&mt('This LON-CAPA server belongs to a different domain.').' '. + &mt('You are being switched to your domain ([_1]), to use the "Forgot Password" tool.',$domdesc). + '
'; + return ($start_page,$output); +} + sub reset_passwd { my ($r,$token,$contact_name,$contact_email) = @_; my $msg;