version 1.196.4.24, 2018/09/03 14:03:03
|
version 1.196.4.25, 2019/08/22 00:00:03
|
Line 27
|
Line 27
|
# |
# |
# This package uses the "londes.js" javascript code. |
# This package uses the "londes.js" javascript code. |
# |
# |
# TODOs that have to be completed: |
|
# interface with lonnet to change the password |
|
|
|
package Apache::lonpreferences; |
package Apache::lonpreferences; |
|
|
Line 477 sub verify_and_change_rolespref {
|
Line 475 sub verify_and_change_rolespref {
|
} |
} |
|
|
|
|
|
|
################################################################ |
################################################################ |
# Anonymous Discussion Name Change Subroutines # |
# Anonymous Discussion Name Change Subroutines # |
################################################################ |
################################################################ |
Line 1229 sub verify_and_change_colors {
|
Line 1226 sub verify_and_change_colors {
|
# password handler subroutines # |
# password handler subroutines # |
###################################################### |
###################################################### |
sub passwordchanger { |
sub passwordchanger { |
my ($r,$errormessage,$caller,$mailtoken) = @_; |
my ($r,$errormessage,$caller,$mailtoken,$timelimit,$extrafields) = @_; |
# This function is a bit of a mess.... |
# This function is a bit of a mess.... |
# Passwords are encrypted using londes.js (DES encryption) |
# Passwords are encrypted using londes.js (DES encryption) |
$errormessage = ($errormessage || ''); |
$errormessage = ($errormessage || ''); |
Line 1254 sub passwordchanger {
|
Line 1251 sub passwordchanger {
|
$caller = 'preferences'; |
$caller = 'preferences'; |
} |
} |
} elsif ($caller eq 'reset_by_email') { |
} elsif ($caller eq 'reset_by_email') { |
my %data = &Apache::lonnet::tmpget($mailtoken); |
my %data = &Apache::lonnet::tmpget($mailtoken); |
if (keys(%data) == 0) { |
if (keys(%data) == 0) { |
$r->print( |
$r->print( |
'<p class="LC_warning">' |
'<p class="LC_warning">' |
.&mt('Sorry, the URL you provided to complete the reset of your password was invalid. Either the token included in the URL has been deleted or the URL you provided was invalid. Please submit a [_1]new request[_2] for a password reset, and follow the link to the new URL included in the e-mail that will be sent to you, to allow you to enter a new password.' |
.&mt('Sorry, the URL you provided to complete the reset of your password was invalid. Either the token included in the URL has been deleted or the URL you provided was invalid. Please submit a [_1]new request[_2] for a password reset, and follow the link to the new URL included in the e-mail that will be sent to you, to allow you to enter a new password.' |
,'<a href="/adm/resetpw">','</a>') |
,'<a href="/adm/resetpw">','</a>') |
.'</p>' |
.'</p>' |
); |
); |
return; |
return; |
} |
} |
if (defined($data{time})) { |
if (defined($data{time})) { |
if (time - $data{'time'} < 7200) { |
if (time - $data{'time'} < $timelimit) { |
$user = $data{'username'}; |
$user = $data{'username'}; |
$domain = $data{'domain'}; |
$domain = $data{'domain'}; |
$currentpass = $data{'temppasswd'}; |
$currentpass = $data{'temppasswd'}; |
} else { |
|
$r->print( |
|
'<p class="LC_warning">' |
|
.&mt('Sorry, the token generated when you requested' |
|
.' a password reset has expired.') |
|
.'</p>' |
|
); |
|
return; |
|
} |
|
} else { |
} else { |
$r->print( |
$r->print( |
'<p class="LC_warning">' |
'<p class="LC_warning">' |
.&mt('Sorry, the URL generated when you requested reset of' |
.&mt('Sorry, the token generated when you requested' |
.' your password contained incomplete information.') |
.' a password reset has expired.') |
.'</p>' |
.'</p>' |
); |
); |
return; |
return; |
} |
} |
if (&Apache::lonnet::domain($domain) eq '') { |
} else { |
$domain = $r->dir_config('lonDefDomain'); |
$r->print( |
} |
'<p class="LC_warning">' |
|
.&mt('Sorry, the URL generated when you requested reset of' |
|
.' your password contained incomplete information.') |
|
.'</p>' |
|
); |
|
return; |
|
} |
|
if (&Apache::lonnet::domain($domain) eq '') { |
|
$domain = $r->dir_config('lonDefDomain'); |
|
} |
} else { |
} else { |
$r->print( |
$r->print( |
'<p class="LC_error">' |
'<p class="LC_error">' |
Line 1328 sub passwordchanger {
|
Line 1325 sub passwordchanger {
|
my $jsh=Apache::File->new($include."/londes.js"); |
my $jsh=Apache::File->new($include."/londes.js"); |
$r->print(<$jsh>); |
$r->print(<$jsh>); |
} |
} |
$r->print(&jscript_send($caller)); |
$r->print(&jscript_send($caller,$extrafields)); |
$r->print(<<ENDFORM); |
$r->print(<<ENDFORM); |
$errormessage |
$errormessage |
|
|
Line 1337 $errormessage
|
Line 1334 $errormessage
|
ensure that unencrypted passwords will not be sent out by a |
ensure that unencrypted passwords will not be sent out by a |
crappy browser --> |
crappy browser --> |
ENDFORM |
ENDFORM |
$r->print(&server_form($logtoken,$caller,$mailtoken)); |
$r->print(&server_form($logtoken,$caller,$mailtoken,$extrafields)); |
$r->print(&client_form($caller,\%hexkey,$currentpass,$domain)); |
$r->print(&client_form($caller,\%hexkey,$currentpass,$domain,$extrafields)); |
|
|
# |
# |
return; |
return; |
} |
} |
|
|
sub jscript_send { |
sub jscript_send { |
my ($caller) = @_; |
my ($caller,$extrafields) = @_; |
my $output = qq| |
my $output = qq| |
<script type="text/javascript" language="JavaScript"> |
<script type="text/javascript" language="JavaScript"> |
|
|
Line 1367 sub jscript_send {
|
Line 1364 sub jscript_send {
|
=getCrypted(this.document.client.elements.newpass_2.value); |
=getCrypted(this.document.client.elements.newpass_2.value); |
|; |
|; |
if ($caller eq 'reset_by_email') { |
if ($caller eq 'reset_by_email') { |
$output .= qq| |
if ((ref($extrafields) eq 'HASH') && ($extrafields->{'username'})) { |
|
$output .= qq| |
this.document.pserver.elements.uname.value = |
this.document.pserver.elements.uname.value = |
this.document.client.elements.uname.value; |
this.document.client.elements.uname.value; |
this.document.pserver.elements.udom.value = |
this.document.pserver.elements.udom.value = |
this.document.client.elements.udom.options[this.document.client.elements.udom.selectedIndex].value; |
this.document.client.elements.udom.options[this.document.client.elements.udom.selectedIndex].value; |
|
|; |
|
} |
|
if ((ref($extrafields) eq 'HASH') && ($extrafields->{'email'})) { |
|
$output .= qq| |
this.document.pserver.elements.email.value = |
this.document.pserver.elements.email.value = |
this.document.client.elements.email.value; |
this.document.client.elements.email.value; |
|; |
|; |
|
} |
} |
} |
$ output .= qq| |
$ output .= qq| |
this.document.pserver.submit(); |
this.document.pserver.submit(); |
Line 1385 sub jscript_send {
|
Line 1388 sub jscript_send {
|
} |
} |
|
|
sub client_form { |
sub client_form { |
my ($caller,$hexkey,$currentpass,$defdom) = @_; |
my ($caller,$hexkey,$currentpass,$defdom,$extrafields) = @_; |
my %lt=&Apache::lonlocal::texthash( |
my %lt=&Apache::lonlocal::texthash( |
'email' => 'E-mail Address', |
'email' => 'E-mail Address', |
'username' => 'Username', |
'username' => 'Username', |
Line 1399 sub client_form {
|
Line 1402 sub client_form {
|
my $output = '<form name="client" action="">' |
my $output = '<form name="client" action="">' |
.&Apache::lonhtmlcommon::start_pick_box(); |
.&Apache::lonhtmlcommon::start_pick_box(); |
if ($caller eq 'reset_by_email') { |
if ($caller eq 'reset_by_email') { |
my $mobileargs; |
if ((ref($extrafields) eq 'HASH') && ($extrafields->{'email'})) { |
(undef,undef,undef,undef,undef,undef,my $clientmobile) = |
$output .= &Apache::lonhtmlcommon::row_title( |
&Apache::loncommon::decode_user_agent(); |
|
if ($clientmobile) { |
|
$mobileargs = 'autocapitalize="off" autocorrect="off" '; |
|
} |
|
$output .= &Apache::lonhtmlcommon::row_title( |
|
'<label for="email">'.$lt{'email'}.'</label>') |
'<label for="email">'.$lt{'email'}.'</label>') |
.'<input type="text" name="email" size="30" '.$mobileargs.'/>' |
.'<input type="text" name="email" size="30" autocapitalize="off" autocorrect="off" />' |
.&Apache::lonhtmlcommon::row_closure() |
.&Apache::lonhtmlcommon::row_closure(); |
.&Apache::lonhtmlcommon::row_title( |
} |
|
if ((ref($extrafields) eq 'HASH') && ($extrafields->{'username'})) { |
|
$output .= &Apache::lonhtmlcommon::row_title( |
'<label for="uname">'.$lt{'username'}.'</label>') |
'<label for="uname">'.$lt{'username'}.'</label>') |
.'<input type="text" name="uname" size="20" '.$mobileargs.'/>' |
.'<input type="text" name="uname" size="20" autocapitalize="off" autocorrect="off" />' |
.'<input type="hidden" name="currentpass" value="'.$currentpass.'" />' |
.&Apache::lonhtmlcommon::row_closure() |
.&Apache::lonhtmlcommon::row_closure() |
.&Apache::lonhtmlcommon::row_title( |
.&Apache::lonhtmlcommon::row_title( |
|
'<label for="udom">'.$lt{'domain'}.'</label>') |
'<label for="udom">'.$lt{'domain'}.'</label>') |
.&Apache::loncommon::select_dom_form($defdom,'udom') |
.&Apache::loncommon::select_dom_form($defdom,'udom') |
.&Apache::lonhtmlcommon::row_closure(); |
.&Apache::lonhtmlcommon::row_closure(); |
|
} |
} else { |
} else { |
$output .= &Apache::lonhtmlcommon::row_title( |
$output .= &Apache::lonhtmlcommon::row_title( |
'<label for="currentpass">'.$lt{'currentpass'}.'</label>') |
'<label for="currentpass">'.$lt{'currentpass'}.'</label>') |
Line 1433 sub client_form {
|
Line 1433 sub client_form {
|
.'<input type="password" name="newpass_2" size="20" />' |
.'<input type="password" name="newpass_2" size="20" />' |
.&Apache::lonhtmlcommon::row_closure(1) |
.&Apache::lonhtmlcommon::row_closure(1) |
.&Apache::lonhtmlcommon::end_pick_box(); |
.&Apache::lonhtmlcommon::end_pick_box(); |
|
if ($caller eq 'reset_by_email') { |
|
$output .= '<input type="hidden" name="currentpass" value="'.$currentpass.'" />'; |
|
} |
$output .= '<p><input type="button" value="'.$lt{'changepass'}.'" onclick="send();" /></p>' |
$output .= '<p><input type="button" value="'.$lt{'changepass'}.'" onclick="send();" /></p>' |
.qq| |
.qq| |
<input type="hidden" name="ukey_cpass" value="$hexkey->{'ukey_cpass'}" /> |
<input type="hidden" name="ukey_cpass" value="$hexkey->{'ukey_cpass'}" /> |
Line 1448 sub client_form {
|
Line 1451 sub client_form {
|
} |
} |
|
|
sub server_form { |
sub server_form { |
my ($logtoken,$caller,$mailtoken) = @_; |
my ($logtoken,$caller,$mailtoken,$extrafields) = @_; |
my $action = '/adm/preferences'; |
my $action = '/adm/preferences'; |
if ($caller eq 'reset_by_email') { |
if ($caller eq 'reset_by_email') { |
$action = '/adm/resetpw'; |
$action = '/adm/resetpw'; |
Line 1459 sub server_form {
|
Line 1462 sub server_form {
|
<input type="hidden" name="currentpass" value="" /> |
<input type="hidden" name="currentpass" value="" /> |
<input type="hidden" name="newpass_1" value="" /> |
<input type="hidden" name="newpass_1" value="" /> |
<input type="hidden" name="newpass_2" value="" /> |
<input type="hidden" name="newpass_2" value="" /> |
|; |
|; |
if ($caller eq 'reset_by_email') { |
if ($caller eq 'reset_by_email') { |
$output .= qq| |
$output .= qq| |
<input type="hidden" name="token" value="$mailtoken" /> |
<input type="hidden" name="token" value="$mailtoken" /> |
|
|; |
|
if ((ref($extrafields) eq 'HASH') && ($extrafields->{'username'})) { |
|
$output .= qq| |
<input type="hidden" name="uname" value="" /> |
<input type="hidden" name="uname" value="" /> |
<input type="hidden" name="udom" value="" /> |
<input type="hidden" name="udom" value="" /> |
|
|; |
|
} |
|
if ((ref($extrafields) eq 'HASH') && ($extrafields->{'email'})) { |
|
$output .= qq| |
<input type="hidden" name="email" value="" /> |
<input type="hidden" name="email" value="" /> |
|
|
|; |
|; |
|
} |
} |
} |
$output .= qq| |
$output .= qq| |
<input type="hidden" name="action" value="verify_and_change_pass" /> |
<input type="hidden" name="action" value="verify_and_change_pass" /> |
Line 1553 ENDERROR
|
Line 1563 ENDERROR
|
return 1; |
return 1; |
} |
} |
my ($ckey,$n1key,$n2key)=split(/&/,$tmpinfo); |
my ($ckey,$n1key,$n2key)=split(/&/,$tmpinfo); |
# |
# |
$currentpass = &Apache::loncommon::des_decrypt($ckey ,$currentpass); |
$currentpass = &Apache::loncommon::des_decrypt($ckey ,$currentpass); |
$newpass1 = &Apache::loncommon::des_decrypt($n1key,$newpass1); |
$newpass1 = &Apache::loncommon::des_decrypt($n1key,$newpass1); |
$newpass2 = &Apache::loncommon::des_decrypt($n2key,$newpass2); |
$newpass2 = &Apache::loncommon::des_decrypt($n2key,$newpass2); |
Line 1574 ENDERROR
|
Line 1584 ENDERROR
|
&mt('Please try again.').'</span>',$caller,$mailtoken); |
&mt('Please try again.').'</span>',$caller,$mailtoken); |
return 1; |
return 1; |
} |
} |
} |
} |
if ($newpass1 ne $newpass2) { |
if ($newpass1 ne $newpass2) { |
&passwordchanger($r, |
&passwordchanger($r, |
'<span class="LC_warning">'. |
'<span class="LC_warning">'. |
Line 1582 ENDERROR
|
Line 1592 ENDERROR
|
&mt('Please try again.').'</span>',$caller,$mailtoken); |
&mt('Please try again.').'</span>',$caller,$mailtoken); |
return 1; |
return 1; |
} |
} |
if (length($newpass1) < 7) { |
if ($currentauth eq 'unix:') { |
&passwordchanger($r, |
if (length($newpass1) < 7) { |
'<span class="LC_warning">'. |
&passwordchanger($r, |
&mt('Passwords must be a minimum of 7 characters long.').' '. |
'<span class="LC_warning">'. |
&mt('Please try again.').'</span>',$caller,$mailtoken); |
&mt('Passwords must be a minimum of 7 characters long.').' '. |
return 1; |
&mt('Please try again.').'</span>',$caller,$mailtoken); |
|
return 1; |
|
} |
|
} else { |
|
my $warning = &Apache::loncommon::check_passwd_rules($domain,$newpass1); |
|
if ($warning) { |
|
&passwordchanger($r,'<span class="LC_warning">'. |
|
$warning. |
|
&mt('Please try again.').'</span>', |
|
$caller,$mailtoken); |
|
return 1; |
|
} |
} |
} |
# |
# |
# Check for bad characters |
# Check for bad characters |
Line 1635 ENDERROR
|
Line 1656 ENDERROR
|
return $result; |
return $result; |
} |
} |
} else { |
} else { |
|
my $feedback; |
|
if ($result eq 'prioruse') { |
|
$feedback = &mt('Please enter a password that you have not used recently.'); |
|
} else { |
|
$feedback = &mt('Please make sure your old password was entered correctly.'); |
|
} |
$message = &Apache::lonhtmlcommon::confirm_success( |
$message = &Apache::lonhtmlcommon::confirm_success( |
&mt("The password for user [_1] was not changed.",'<i>'.$user.'</i>').' '.&mt('Please make sure your old password was entered correctly.'),1); |
&mt("The password for user [_1] was not changed.",'<i>'.$user.'</i>').' '.$feedback,1); |
$message=&Apache::loncommon::confirmwrapper($message); |
$message=&Apache::loncommon::confirmwrapper($message); |
&print_main_menu($r, $message); |
&print_main_menu($r, $message); |
if (ref($ended)) { |
if (ref($ended)) { |