--- loncom/interface/resetpw.pm 2009/10/01 17:22:13 1.19
+++ loncom/interface/resetpw.pm 2010/11/09 19:36:11 1.23.2.1
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Allow access to password changing via a token sent to user's e-mail.
#
-# $Id: resetpw.pm,v 1.19 2009/10/01 17:22:13 raeburn Exp $
+# $Id: resetpw.pm,v 1.23.2.1 2010/11/09 19:36:11 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -26,6 +26,28 @@
# http://www.lon-capa.org/
#
#
+
+=pod
+
+=head1 NAME
+
+Apache::resetpw: reset user password.
+
+=head1 SYNOPSIS
+
+Handles resetting of forgotten passwords.
+
+This is part of the LearningOnline Network with CAPA project
+described at http://www.lon-capa.org.
+
+=head1 OVERVIEW
+
+A user with an e-mail address associated with his/her LON-CAPA username
+can reset a forgotten password, using a link sent to the e-mail address
+if the authentication type for the account is "internal".
+
+=cut
+
package Apache::resetpw;
use strict;
@@ -131,7 +153,7 @@ sub get_uname {
uemail => 'E-mail address in LON-CAPA',
proc => 'Proceed');
- my $msg = &mt('If you use the same account for other campus services besides LON-CAPA, (e.g., e-mail, course registration, etc.), a separate centrally managed mechanism likely exists to reset a password. However, if your account is used for just LON-CAPA access you will probably be able to reset a password from this page.');
+ my $msg = &mt('If you use the same account for other campus services besides LON-CAPA, (e.g., e-mail, course registration, etc.), a separate centrally managed mechanism likely exists to reset a password. However, if your account is used for just LON-CAPA access you will probably be able to reset a password from this page.');
$msg .= '<br /><br />'.&mt('Three conditions must be met:')
.'<ul><li>'.&mt('An e-mail address must have previously been associated with your LON-CAPA username.').'</li>'
.'<li>'.&mt('You must be able to access e-mail sent to that address.').'</li>'
@@ -196,6 +218,7 @@ sub send_mail {
my $requestmail = "To: $email\n".
"From: $contact_name <$contact_email>\n".
"Subject: ".&mt('Your LON-CAPA account')."\n".
+ "Content-type: text/plain\;charset=UTF-8\n".
"\n\n".$mailmsg."\n\n".
&mt('[_1] LON-CAPA support team',$domdesc)."\n".
"$contact_email\n";
@@ -254,6 +277,10 @@ sub reset_passwd {
my $reqtime = &Apache::lonlocal::locallocaltime($data{'time'});
if ($now - $data{'time'} < 7200) {
if ($env{'form.action'} eq 'verify_and_change_pass') {
+ unless (($env{'form.uname'} eq $data{'username'}) && ($env{'form.udom'} eq $data{'domain'}) && ($env{'form.email'} eq $data{'email'})) {
+ $msg = &generic_failure_msg($contact_name,$contact_email);
+ return $msg;
+ }
my $change_failed =
&Apache::lonpreferences::verify_and_change_password($r,'reset_by_email',$token);
if (!$change_failed) {
@@ -271,10 +298,24 @@ sub reset_passwd {
}
$msg .= '<br /><br />'
.'<a href="/adm/login">'.&mt('Go to the login page').'</a>.';
+ } elsif ($change_failed eq 'invalid_client') {
+ my $homeserver = &Apache::lonnet::homeserver($data{'username'},$data{'domain'});
+ if ($homeserver eq 'no_host') {
+ $msg .= &generic_failure_msg($contact_name,$contact_email);
+ } else {
+ my $protocol = $Apache::lonnet::protocol{$homeserver};
+ $protocol = 'http' if ($protocol ne 'https');
+ my $url = $protocol.'://'.&Apache::lonnet::hostname($homeserver).
+ '/adm/resetpw';
+ my ($opentag,$closetag);
+ if ($url) {
+ $opentag = '<a href="'.$url.'">';
+ $closetag = '</a>';
+ }
+ $msg .= &mt('A problem occurred when attempting to reset the password for your account. Please try again from your [_1]home server[_2].',$opentag,$closetag);
+ }
} else {
- $msg .= &mt('A problem occurred when attempting to reset the password for your account. Please contact the [_1] - ([_2]) for assistance.'
- ,$contact_name
- ,'<a href="mailto:'.$contact_email.'">'.$contact_email.'</a>');
+ $msg .= &generic_failure_msg($contact_name,$contact_email);
}
} else {
$r->print(&mt('The token included in an e-mail sent to you [_1] has been verified, so you may now proceed to reset the password for your LON-CAPA account.',$reqtime).'<br /><br />');
@@ -292,6 +333,12 @@ sub reset_passwd {
return $msg;
}
+sub generic_failure_msg {
+ my ($contact_name,$contact_email) = @_;
+ return &mt('A problem occurred when attempting to reset the password for your account. Please contact the [_1] - ([_2]) for assistance.',
+ $contact_name,'<a href="mailto:'.$contact_email.'">'.$contact_email.'</a>');
+}
+
sub create_passwd {
my $passwd = '';
my @letts = ("a".."z");