--- loncom/interface/resetpw.pm	2009/09/23 20:17:53	1.17.10.1
+++ loncom/interface/resetpw.pm	2010/03/22 20:11:22	1.24
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Allow access to password changing via a token sent to user's e-mail. 
 #
-# $Id: resetpw.pm,v 1.17.10.1 2009/09/23 20:17:53 gci Exp $
+# $Id: resetpw.pm,v 1.24 2010/03/22 20:11:22 droeschl Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -26,6 +26,28 @@
 # http://www.lon-capa.org/
 #
 #
+
+=pod
+
+=head1 NAME
+
+Apache::resetpw: reset user password.
+
+=head1 SYNOPSIS
+
+Handles resetting of forgotten passwords.
+
+This is part of the LearningOnline Network with CAPA project
+described at http://www.lon-capa.org.
+ 
+=head1 OVERVIEW
+
+A user with an e-mail address associated with his/her LON-CAPA username
+can reset a forgotten password, using a link sent to the e-mail address
+if the authentication type for the account is "internal".
+
+=cut
+
 package Apache::resetpw;
 
 use strict;
@@ -46,7 +68,7 @@ sub handler {
     my $contact_name = &mt('LON-CAPA helpdesk');
     my $contact_email =  $r->dir_config('lonSupportEMail');
     my $server = $r->dir_config('lonHostID');
-    my $defdom = $r->dir_config('lonDefDomain');
+    my $defdom = &Apache::lonnet::default_login_domain();
     &Apache::lonacc::get_posted_cgi($r);
     &Apache::lonlocal::get_language_handle($r);
     &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},['token']);
@@ -56,9 +78,7 @@ sub handler {
     my $udom = $env{'form.udom'};
     my $token = $env{'form.token'};
     my $start_page =
-        &Apache::loncommon::start_page('Reset password','',
-                                           {
-                                             'no_inline_link'   => 1,});
+        &Apache::loncommon::start_page('Reset password');
     $r->print($start_page);
     $r->print('<h3>'.&mt('Reset forgotten LON-CAPA password').'</h3>');
     my $output;
@@ -76,18 +96,26 @@ sub handler {
                 my %userinfo = 
 		    &Apache::lonnet::get('environment',\@emailtypes,
 					 $udom,$uname);
-                my $email = '';
-                my $emailtarget;
+                my @allemails;
                 foreach my $type (@emailtypes) {
-                    $email = $userinfo{$type};
-                    if ($email =~ /[^\@]+\@[^\@]+/) {
-                        $emailtarget = $type; 
-                        last;
+                    my $email = $userinfo{$type};
+                    my @items;
+                    if ($email =~ /,/) {
+                        @items = split(',',$userinfo{$type});
+                    } else {
+                        @items = ($email);
+                    }
+                    foreach my $item (@items) {
+                        if ($item =~ /^[^\@]+\@[^\@]+\.[^\@\.]+$/) {
+                            unless(grep(/^\Q$item\E$/,@allemails)) { 
+                                push(@allemails,$item);
+                            }
+                        }
                     }
                 }
-                if ($email =~ /^[^\@]+\@[^\@]+\.[^\@\.]+$/) {
-                    if ($useremail eq $email) {
-                        $output = &send_token($uname,$udom,$email,$server,
+                if (@allemails > 0) {
+                    if (grep(/^\Q$useremail\E$/,@allemails)) {
+                        $output = &send_token($uname,$udom,$useremail,$server,
                                               $domdesc,$contact_name,
                                               $contact_email);
                     } else {
@@ -123,7 +151,7 @@ sub get_uname {
                                          uemail => 'E-mail address in LON-CAPA',
                                          proc => 'Proceed');
 
-    my $msg = &mt('If you use the same account for other campus services besides LON-CAPA, (e.g., e-mail, course registration, etc.), a separate centrally managed mechanism likely exists to reset a password.  However, if your account is used for just LON-CAPA access you will probably be able to reset a password from this page.');
+    my $msg = &mt('If you use the same account for other campus services besides LON-CAPA, (e.g., e-mail, course registration, etc.), a separate centrally managed mechanism likely exists to reset a password. However, if your account is used for just LON-CAPA access you will probably be able to reset a password from this page.');
     $msg .= '<br /><br />'.&mt('Three conditions must be met:')
            .'<ul><li>'.&mt('An e-mail address must have previously been associated with your LON-CAPA username.').'</li>'
            .'<li>'.&mt('You must be able to access e-mail sent to that address.').'</li>'
@@ -133,9 +161,9 @@ sub get_uname {
 <form name="forgotpw" method="post">
 <table>
 <tr><td>
-<tr><td align="left">GCI WebCenter $lt{'unam'}:                      </td>
+<tr><td align="left">LON-CAPA $lt{'unam'}:                      </td>
     <td><input type="text" name="uname" size="15" /></td></tr>
-<tr><td align="left">GCI WebCenter $lt{'udom'}:                      </td>
+<tr><td align="left">LON-CAPA $lt{'udom'}:                      </td>
     <td>|;
     $msg .= &Apache::loncommon::select_dom_form($defdom,'udom');
     $msg .= qq|</td></tr>
@@ -246,6 +274,10 @@ sub reset_passwd {
         my $reqtime = &Apache::lonlocal::locallocaltime($data{'time'});
         if ($now - $data{'time'} < 7200) {
             if ($env{'form.action'} eq 'verify_and_change_pass') {
+                unless (($env{'form.uname'} eq $data{'username'}) && ($env{'form.udom'} eq $data{'domain'}) && ($env{'form.email'} eq $data{'email'})) {
+                    $msg = &generic_failure_msg($contact_name,$contact_email);
+                    return $msg;
+                }
                 my $change_failed = 
 		    &Apache::lonpreferences::verify_and_change_password($r,'reset_by_email',$token);
                 if (!$change_failed) {
@@ -263,10 +295,24 @@ sub reset_passwd {
                     }
                     $msg .= '<br /><br />'
                            .'<a href="/adm/login">'.&mt('Go to the login page').'</a>.';
+                } elsif ($change_failed eq 'invalid_client') {
+                    my $homeserver = &Apache::lonnet::homeserver($data{'username'},$data{'domain'});
+                    if ($homeserver eq 'no_host') {
+                        $msg .= &generic_failure_msg($contact_name,$contact_email);
+                    } else {
+                        my $protocol = $Apache::lonnet::protocol{$homeserver};
+                        $protocol = 'http' if ($protocol ne 'https');
+                        my $url = $protocol.'://'.&Apache::lonnet::hostname($homeserver).
+                                  '/adm/resetpw';
+                        my ($opentag,$closetag);
+                        if ($url) {
+                           $opentag = '<a href="'.$url.'">';
+                           $closetag = '</a>';
+                        }
+                        $msg .= &mt('A problem occurred when attempting to reset the password for your account. Please try again from your [_1]home server[_2].',$opentag,$closetag);
+                    }
                 } else {
-                    $msg .= &mt('A problem occurred when attempting to reset the password for your account. Please contact the [_1] - ([_2]) for assistance.'
-                               ,$contact_name
-                               ,'<a href="mailto:'.$contact_email.'">'.$contact_email.'</a>');
+                    $msg .= &generic_failure_msg($contact_name,$contact_email);
                 }
             } else {
                 $r->print(&mt('The token included in an e-mail sent to you [_1] has been verified, so you may now proceed to reset the password for your LON-CAPA account.',$reqtime).'<br /><br />');
@@ -284,6 +330,12 @@ sub reset_passwd {
     return $msg;
 }
 
+sub generic_failure_msg {
+    my ($contact_name,$contact_email) = @_;
+    return &mt('A problem occurred when attempting to reset the password for your account. Please contact the [_1] - ([_2]) for assistance.',
+              $contact_name,'<a href="mailto:'.$contact_email.'">'.$contact_email.'</a>');
+}
+
 sub create_passwd {
     my $passwd = '';
     my @letts = ("a".."z");

-
GCI WebCenter $lt{'unam'}:
LON-CAPA $lt{'unam'}:
GCI WebCenter $lt{'udom'}:
LON-CAPA $lt{'udom'}:	\|; $msg .= &Apache::loncommon::select_dom_form($defdom,'udom'); $msg .= qq\|