[prev in list] [next in list] [prev in thread] [next in thread]
List: lon-capa-cvs
Subject: [LON-CAPA-cvs] cvs: modules /raeburn/register DirectLogin.pm Login.pm
From: raeburn <lon-capa-cvs () mail ! lon-capa ! org>
Date: 2005-04-27 16:59:55
Message-ID: cvsraeburn1114621195 () cvsserver
[Download RAW message or body]
raeburn Wed Apr 27 12:59:55 2005 EDT
Added files:
/modules/raeburn/register DirectLogin.pm
Modified files:
/modules/raeburn/register Login.pm
Log:
E-mail sent when new guest ID is created now includes link that allows direct \
access to registration form without need to enter username/password. Token included \
in link expires after 30 minutes.
Index: modules/raeburn/register/Login.pm
diff -u modules/raeburn/register/Login.pm:1.2 modules/raeburn/register/Login.pm:1.3
--- modules/raeburn/register/Login.pm:1.2 Mon Nov 1 14:51:22 2004
+++ modules/raeburn/register/Login.pm Wed Apr 27 12:59:54 2005
@@ -984,6 +984,7 @@
my @infochanges = ();
my $newuser = 0;
my $outcome = 0;
+ my ($event, $year);
my $width = '698';
my $newpass = '';
my %userdata = ();
@@ -1005,17 +1006,38 @@
$newuser = 1;
$outcome = &create_account($r,$dbh,$user_quoted,\$newpass);
$webmsg = "<br />New account created. <br />An e-mail containing
- the new password has been sent to $user. Please return to
- the Log-in page and use these credentials to access the \
registration/support
- system.";
- $mailmsg .= "A request was recently submitted for creation of a new user \
account ".
- "in the system used to register for workshops/conferences \
concerned ".
- "with LON-CAPA - a learning content management system.\n\n".
- "Please log-in to http://loncapa.org/conferences.html to learn \
about ". + the new password has been sent to $user.<br /><br />";
+ my $maildirections;
+ my $mailtext = "Visit http://loncapa.org/conferences.html to learn about \
".
"upcoming events, and to add, modify or cancel conference \
registrations.\n".
- "The credentials you should use to sign-in are:\n".
+ "Whenever you need to log-in the credentials you should use to \
sign-in are:\n". "username: $user\n".
- "password: $newpass\n";
+ "password: $newpass\n\n".
+ "After log-in you will be given the opportunity to change your \
password\n\n"; + my $webdirections = "Please return to the Log-in page and \
use these + credentials to access the \
registration/support + system";
+ if ($caller) {
+ ($event,$year) = ($caller =~ /register\?event=([^&]+)&year=([^&]+)/);
+ unless ($event eq '' || $year eq '') {
+ my $event_quoted = $dbh->quote( $event );
+ my $year_quoted = $dbh->quote( $year );
+ my $directlogin = $dbh->selectrow_array("SELECT directlogin FROM \
event_config WHERE event = $event_quoted AND year = $year_quoted"); + \
if ($directlogin) { + my $logtoken;
+ if (&maketoken($user,$event,$year,$caller,\$logtoken) eq 'ok') \
{ + $maildirections = "Go to \
http://support.loncapa.org/directlogin?logintoken=$logtoken to log-in to the LON-CAPA \
registration form for the $event, $year. This URL will be valid for the next 30 \
minutes. After that time you will need to return to the events page listed below and \
use your username and initial password to log-in.\n\n"; + \
$webdirections = "This e-mail contains a link which you can use to directly access \
the registration form for the $event, $year. The token included in the link will be \
valid for the next 30 minutes. After that time you will need to use the password and \
username credentials included in the e-mail to log-in to the form."; + \
} + }
+ }
+ }
+
+ $mailmsg .= "A request was recently submitted for creation of a new user \
account ". + "in the system used to register for \
workshops/conferences concerned ". + "with LON-CAPA - a learning \
content management system.\n\n"; + $mailmsg .= $maildirections.$mailtext;
+ $webmsg .= $webdirections;
$mailflag = 1;
}
@@ -1185,4 +1207,27 @@
return $error_msg;
}
+sub maketoken {
+ my ($user,$event,$year,$caller,$logtoken) = @_;
+ my $timestamp = time;
+ $$logtoken = MD5->hexhash(MD5->hexhash(time.{}.rand().$$));
+ my %tempHash = (
+ 'user' => $user,
+ 'created' => $timestamp,
+ 'event' => $event,
+ 'year' => $year,
+ 'caller' => $caller
+ );
+ if (!-e "/home/helpdesk/tokens") {
+ mkdir("/home/helpdesk/tokens",0755);
+ }
+ my $hashid = '/home/helpdesk/tokens/'.$$logtoken;
+ eval { store(\%tempHash, $hashid) };
+ if ($@) {
+ return 'failed';
+ } else {
+ return 'ok';
+ }
+}
+
1;
Index: modules/raeburn/register/DirectLogin.pm
+++ modules/raeburn/register/DirectLogin.pm
package Apache::LON::DirectLogin;
use strict;
use Storable qw(store retrieve dclone);
use Apache::Constants qw(:common :http REDIRECT);
use CGI::Cookie();
use Apache::LON::Session;
sub handler {
my $r = shift;
my $login = $r->dir_config('Login');
my $inbound = $r->uri;
$r->custom_response(FORBIDDEN, $login);
my $auth_name = $r->auth_name; # Auth Name is LONCAPAID
my $cookie; # cookie to send to client
my $dbpwd; # get db credentials
my $authkeydir = "/home/helpdesk/admindata";
my $authkeyfile = $authkeydir.'/mysql.dat';
if (open (my $fh, "<$authkeyfile") ) {
$dbpwd = <$fh>;
close($fh);
chomp($dbpwd);
}
my %attr = (
data_source => $r->dir_config('Auth_DBI_data_source'),
username => $r->dir_config('Auth_DBI_username'),
password => $dbpwd
);
# connect to database
my $dbh = DBI->connect($attr{data_source}, $attr{username},
$attr{password});
unless ($dbh) {
return SERVER_ERROR;
}
$r->notes('_COOKIESTUFF' => $auth_name);
$r->notes('_AUTHFAIL' => 1);
my %params = ($r->args,$r->content);
my $logintoken = $params{'logintoken'};
if (($logintoken ne '') && (-e "/home/helpdesk/tokens/$logintoken")) {
my $tokenhash = &Storable::retrieve("/home/helpdesk/tokens/$logintoken");
# unlink "/home/helpdesk/tokens/$logintoken";
my $caller = $$tokenhash{'caller'};
$r->notes('_ORIGURL' => $caller);
$r->notes('_CURRURL' => $caller);
my $auth_cookie = new CGI::Cookie (
-name => $r->auth_name,
-value => { uri => $caller },
-path => '/'
);
my $now = time;
if ($now - $$tokenhash{'created'} > 1800) {
$r->notes('_RejectAuth' => "Your token has expired. Please authenticate \
using the username and password provided in the e-mail sent to you.");
} else {
if (&autologin($r,$dbh,\%attr,$tokenhash)) {
$r->notes('_AUTHFAIL' => 0);
$r->err_headers_out->{'Set-cookie'} = $auth_cookie;
}
}
} else {
$r->notes('_RejectAuth' => "A valid token was not provided. Please \
authenticate using the username and password provided in the e-mail sent to you."); \
} $dbh->disconnect;
return OK;
}
sub autologin {
my ($r,$dbh,$attr,$tokenhash,$auth_cookie) = @_;
my $user = $$tokenhash{'user'};
my $status = &Apache::LON::Session::new_session($r,$dbh,$attr,$user,$auth_cookie);
return $status;
}
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic