--- loncom/interface/resetpw.pm 2009/09/23 20:17:53 1.17.10.1
+++ loncom/interface/resetpw.pm 2010/09/19 15:04:40 1.22.2.2
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Allow access to password changing via a token sent to user's e-mail.
#
-# $Id: resetpw.pm,v 1.17.10.1 2009/09/23 20:17:53 gci Exp $
+# $Id: resetpw.pm,v 1.22.2.2 2010/09/19 15:04:40 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -26,6 +26,28 @@
# http://www.lon-capa.org/
#
#
+
+=pod
+
+=head1 NAME
+
+Apache::resetpw: reset user password.
+
+=head1 SYNOPSIS
+
+Handles resetting of forgotten passwords.
+
+This is part of the LearningOnline Network with CAPA project
+described at http://www.lon-capa.org.
+
+=head1 OVERVIEW
+
+A user with an e-mail address associated with his/her LON-CAPA username
+can reset a forgotten password, using a link sent to the e-mail address
+if the authentication type for the account is "internal".
+
+=cut
+
package Apache::resetpw;
use strict;
@@ -46,15 +68,17 @@ sub handler {
my $contact_name = &mt('LON-CAPA helpdesk');
my $contact_email = $r->dir_config('lonSupportEMail');
my $server = $r->dir_config('lonHostID');
- my $defdom = $r->dir_config('lonDefDomain');
+ my $defdom = &Apache::lonnet::default_login_domain();
&Apache::lonacc::get_posted_cgi($r);
&Apache::lonlocal::get_language_handle($r);
&Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},['token']);
my @emailtypes = ('permanentemail','critnotification','notification');
my $uname = &unescape($env{'form.uname'});
+ my $useremail = $env{'form.useremail'};
my $udom = $env{'form.udom'};
my $token = $env{'form.token'};
+ my $case_change;
my $start_page =
&Apache::loncommon::start_page('Reset password','',
{
@@ -66,9 +90,20 @@ sub handler {
$output = &reset_passwd($r,$token,$contact_name,$contact_email);
} elsif ($uname && $udom) {
my $domdesc = &Apache::lonnet::domain($udom,'description');
+ my $homeserver = &Apache::lonnet::homeserver($uname,$udom);
+ if ($homeserver eq 'no_host') {
+ my $lc_uname = lc($uname);
+ if ($lc_uname ne $uname) {
+ $homeserver = &Apache::lonnet::homeserver($lc_uname,$udom);
+ unless ($homeserver eq 'no_host') {
+ $uname = $lc_uname;
+ $useremail = lc($env{'form.useremail'});
+ $case_change = 1;
+ }
+ }
+ }
my $authtype = &Apache::lonnet::queryauthenticate($uname,$udom);
if ($authtype =~ /^internal/) {
- my $useremail = $env{'form.useremail'};
if ($useremail !~ /^[^\@]+\@[^\@]+\.[^\@\.]+$/) {
$output = &invalid_state('baduseremail',$domdesc,
$contact_name,$contact_email);
@@ -76,18 +111,33 @@ sub handler {
my %userinfo =
&Apache::lonnet::get('environment',\@emailtypes,
$udom,$uname);
- my $email = '';
- my $emailtarget;
+ my @allemails;
foreach my $type (@emailtypes) {
- $email = $userinfo{$type};
- if ($email =~ /[^\@]+\@[^\@]+/) {
- $emailtarget = $type;
- last;
+ my $email = $userinfo{$type};
+ my @items;
+ if ($email =~ /,/) {
+ @items = split(',',$userinfo{$type});
+ } else {
+ @items = ($email);
+ }
+ foreach my $item (@items) {
+ if ($item =~ /^[^\@]+\@[^\@]+\.[^\@\.]+$/) {
+ if ($case_change) {
+ my $lcitem = lc($item);
+ unless(grep(/^\Q$lcitem\E$/,@allemails)) {
+ push(@allemails,$lcitem);
+ }
+ } else {
+ unless(grep(/^\Q$item\E$/,@allemails)) {
+ push(@allemails,$item);
+ }
+ }
+ }
}
}
- if ($email =~ /^[^\@]+\@[^\@]+\.[^\@\.]+$/) {
- if ($useremail eq $email) {
- $output = &send_token($uname,$udom,$email,$server,
+ if (@allemails > 0) {
+ if (grep(/^\Q$useremail\E$/,@allemails)) {
+ $output = &send_token($uname,$udom,$useremail,$server,
$domdesc,$contact_name,
$contact_email);
} else {
@@ -118,34 +168,32 @@ sub handler {
sub get_uname {
my ($defdom) = @_;
my %lt = &Apache::lonlocal::texthash(
- unam => 'username',
- udom => 'domain',
+ unam => 'LON-CAPA username',
+ udom => 'LON-CAPA domain',
uemail => 'E-mail address in LON-CAPA',
proc => 'Proceed');
- my $msg = &mt('If you use the same account for other campus services besides LON-CAPA, (e.g., e-mail, course registration, etc.), a separate centrally managed mechanism likely exists to reset a password. However, if your account is used for just LON-CAPA access you will probably be able to reset a password from this page.');
- $msg .= '
'.&mt('Three conditions must be met:')
+ my $msg = '
'.&mt('To be able to reset a forgotten password:')
.'- '.&mt('An e-mail address must have previously been associated with your LON-CAPA username.').'
'
- .'- '.&mt('You must be able to access e-mail sent to that address.').'
'
- .'- '.&mt('Your LON-CAPA account must be of a type for which LON-CAPA can reset a password.')
- .'
';
- $msg .= qq|
+ .''.&mt('You must be able to access e-mail sent to the e-mail address associated with your WebCenter account.').'
'
+ .&mt('In most cases the GCI WebCenter username is the same as your e-mail address, in which case you will enter the same information twice. ').'
';
+ $msg .= '
-|;
+'."\n";
return $msg;
}
@@ -172,12 +220,12 @@ sub send_token {
my $result = &send_mail($domdesc,$email,$mailmsg,$contact_name,
$contact_email);
if ($result eq 'ok') {
- $msg .= &mt("An e-mail sent to the e-mail address associated with your LON-CAPA account includes the web address for the link you should use to complete the reset process.
The link included in the message will be valid for the next two hours.");
+ $msg .= &mt('An e-mail sent to the e-mail address associated with your LON-CAPA account includes the web address for the link you should use to complete the reset process.').'
'.&mt('The link included in the message will be valid for the next [_1]two[_2] hours.','','');
} else {
- $msg .= &mt("An error occurred when sending a message to the e-mail address associated with your LON-CAPA account. Please contact the [_1] ([_2]) for assistance.",$contact_name,$contact_email);
+ $msg .= &mt('An error occurred when sending a message to the e-mail address associated with your LON-CAPA account. Please contact the [_1] ([_2]) for assistance.',$contact_name,$contact_email);
}
} else {
- $msg .= &mt("An error occurred creating a token required for the password reset process. Please contact the [_1] ([_2]) for assistance.",$contact_name,$contact_email);
+ $msg .= &mt('An error occurred creating a token required for the password reset process. Please contact the [_1] ([_2]) for assistance.',$contact_name,$contact_email);
}
return $msg;
}
@@ -246,6 +294,23 @@ sub reset_passwd {
my $reqtime = &Apache::lonlocal::locallocaltime($data{'time'});
if ($now - $data{'time'} < 7200) {
if ($env{'form.action'} eq 'verify_and_change_pass') {
+ my $homeserver = &Apache::lonnet::homeserver($env{'form.uname'},$env{'form.udom'});
+ if ($homeserver eq 'no_host') {
+ my $lc_uname = lc($env{'form.uname'});
+ if ($lc_uname ne $env{'form.uname'}) {
+ $homeserver = &Apache::lonnet::homeserver($lc_uname,$env{'form.udom'});
+ unless ($homeserver eq 'no_host') {
+ if ($env{'form.uname'} eq $env{'form.email'}) {
+ $env{'form.email'} = $lc_uname;
+ }
+ $env{'form.uname'} = $lc_uname;
+ }
+ }
+ }
+ unless (($env{'form.uname'} eq $data{'username'}) && ($env{'form.udom'} eq $data{'domain'}) && ($env{'form.email'} eq $data{'email'})) {
+ $msg = &generic_failure_msg($contact_name,$contact_email);
+ return $msg;
+ }
my $change_failed =
&Apache::lonpreferences::verify_and_change_password($r,'reset_by_email',$token);
if (!$change_failed) {
@@ -263,14 +328,31 @@ sub reset_passwd {
}
$msg .= '
'
.''.&mt('Go to the login page').'.';
+ } elsif ($change_failed eq 'invalid_client') {
+ my $homeserver = &Apache::lonnet::homeserver($data{'username'},$data{'domain'});
+ if ($homeserver eq 'no_host') {
+ $msg .= &generic_failure_msg($contact_name,$contact_email);
+ } else {
+ my $protocol = $Apache::lonnet::protocol{$homeserver};
+ $protocol = 'http' if ($protocol ne 'https');
+ my $url = $protocol.'://'.&Apache::lonnet::hostname($homeserver).
+ '/adm/resetpw';
+ my ($opentag,$closetag);
+ if ($url) {
+ $opentag = '';
+ $closetag = '';
+ }
+ $msg .= &mt('A problem occurred when attempting to reset the password for your account. Please try again from your [_1]home server[_2].',$opentag,$closetag);
+ }
} else {
- $msg .= &mt('A problem occurred when attempting to reset the password for your account. Please contact the [_1] - ([_2]) for assistance.'
- ,$contact_name
- ,''.$contact_email.'');
+ $msg .= &generic_failure_msg($contact_name,$contact_email);
}
} else {
- $r->print(&mt('The token included in an e-mail sent to you [_1] has been verified, so you may now proceed to reset the password for your LON-CAPA account.',$reqtime).'
');
- $r->print(&mt('Please enter the username and domain of the LON-CAPA account, and the associated e-mail address, for which you are setting a password. The new password must contain at least 7 characters.').' '.&mt('Your new password will be sent to the LON-CAPA server in an encrypted form.').'
');
+ $r->print(&mt('The token included in an e-mail sent to you [_1] has been verified, so you may now proceed to reset the password for your LON-CAPA account.',$reqtime).'
'.
+ ''.&mt('Please enter the username and domain of the LON-CAPA account, and the associated e-mail address, for which you are setting a password.').'
'.
+ &mt('In most cases the GCI WebCenter username is the same as your e-mail address, in which case you will enter the same information twice.').'
'.
+ ''.&mt('The new password must contain at least 7 characters.').' '.
+ &mt('Your new password will be sent to the LON-CAPA server in an encrypted form.').'
');
&Apache::lonpreferences::passwordchanger($r,'','reset_by_email',$token);
}
} else {
@@ -284,6 +366,12 @@ sub reset_passwd {
return $msg;
}
+sub generic_failure_msg {
+ my ($contact_name,$contact_email) = @_;
+ return &mt('A problem occurred when attempting to reset the password for your account. Please contact the [_1] - ([_2]) for assistance.',
+ $contact_name,''.$contact_email.'');
+}
+
sub create_passwd {
my $passwd = '';
my @letts = ("a".."z");