--- loncom/interface/resetpw.pm	2009/10/08 19:54:37	1.20
+++ loncom/interface/resetpw.pm	2010/03/22 20:11:22	1.24
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Allow access to password changing via a token sent to user's e-mail. 
 #
-# $Id: resetpw.pm,v 1.20 2009/10/08 19:54:37 raeburn Exp $
+# $Id: resetpw.pm,v 1.24 2010/03/22 20:11:22 droeschl Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -26,6 +26,28 @@
 # http://www.lon-capa.org/
 #
 #
+
+=pod
+
+=head1 NAME
+
+Apache::resetpw: reset user password.
+
+=head1 SYNOPSIS
+
+Handles resetting of forgotten passwords.
+
+This is part of the LearningOnline Network with CAPA project
+described at http://www.lon-capa.org.
+ 
+=head1 OVERVIEW
+
+A user with an e-mail address associated with his/her LON-CAPA username
+can reset a forgotten password, using a link sent to the e-mail address
+if the authentication type for the account is "internal".
+
+=cut
+
 package Apache::resetpw;
 
 use strict;
@@ -56,9 +78,7 @@ sub handler {
     my $udom = $env{'form.udom'};
     my $token = $env{'form.token'};
     my $start_page =
-        &Apache::loncommon::start_page('Reset password','',
-                                           {
-                                             'no_inline_link'   => 1,});
+        &Apache::loncommon::start_page('Reset password');
     $r->print($start_page);
     $r->print('<h3>'.&mt('Reset forgotten LON-CAPA password').'</h3>');
     my $output;
@@ -131,7 +151,7 @@ sub get_uname {
                                          uemail => 'E-mail address in LON-CAPA',
                                          proc => 'Proceed');
 
-    my $msg = &mt('If you use the same account for other campus services besides LON-CAPA, (e.g., e-mail, course registration, etc.), a separate centrally managed mechanism likely exists to reset a password.  However, if your account is used for just LON-CAPA access you will probably be able to reset a password from this page.');
+    my $msg = &mt('If you use the same account for other campus services besides LON-CAPA, (e.g., e-mail, course registration, etc.), a separate centrally managed mechanism likely exists to reset a password. However, if your account is used for just LON-CAPA access you will probably be able to reset a password from this page.');
     $msg .= '<br /><br />'.&mt('Three conditions must be met:')
            .'<ul><li>'.&mt('An e-mail address must have previously been associated with your LON-CAPA username.').'</li>'
            .'<li>'.&mt('You must be able to access e-mail sent to that address.').'</li>'
@@ -254,6 +274,10 @@ sub reset_passwd {
         my $reqtime = &Apache::lonlocal::locallocaltime($data{'time'});
         if ($now - $data{'time'} < 7200) {
             if ($env{'form.action'} eq 'verify_and_change_pass') {
+                unless (($env{'form.uname'} eq $data{'username'}) && ($env{'form.udom'} eq $data{'domain'}) && ($env{'form.email'} eq $data{'email'})) {
+                    $msg = &generic_failure_msg($contact_name,$contact_email);
+                    return $msg;
+                }
                 my $change_failed = 
 		    &Apache::lonpreferences::verify_and_change_password($r,'reset_by_email',$token);
                 if (!$change_failed) {