[LON-CAPA-cvs] cvs: modules /raeburn/register DirectLogin.pm Login.pm
raeburn
lon-capa-cvs@mail.lon-capa.org
Wed, 27 Apr 2005 16:59:55 -0000
raeburn Wed Apr 27 12:59:55 2005 EDT
Added files:
/modules/raeburn/register DirectLogin.pm
Modified files:
/modules/raeburn/register Login.pm
Log:
E-mail sent when new guest ID is created now includes link that allows direct access to registration form without need to enter username/password. Token included in link expires after 30 minutes.
Index: modules/raeburn/register/Login.pm
diff -u modules/raeburn/register/Login.pm:1.2 modules/raeburn/register/Login.pm:1.3
--- modules/raeburn/register/Login.pm:1.2 Mon Nov 1 14:51:22 2004
+++ modules/raeburn/register/Login.pm Wed Apr 27 12:59:54 2005
@@ -984,6 +984,7 @@
my @infochanges = ();
my $newuser = 0;
my $outcome = 0;
+ my ($event, $year);
my $width = '698';
my $newpass = '';
my %userdata = ();
@@ -1005,17 +1006,38 @@
$newuser = 1;
$outcome = &create_account($r,$dbh,$user_quoted,\$newpass);
$webmsg = "<br />New account created. <br />An e-mail containing
- the new password has been sent to $user. Please return to
- the Log-in page and use these credentials to access the registration/support
- system.";
- $mailmsg .= "A request was recently submitted for creation of a new user account ".
- "in the system used to register for workshops/conferences concerned ".
- "with LON-CAPA - a learning content management system.\n\n".
- "Please log-in to http://loncapa.org/conferences.html to learn about ".
+ the new password has been sent to $user.<br /><br />";
+ my $maildirections;
+ my $mailtext = "Visit http://loncapa.org/conferences.html to learn about ".
"upcoming events, and to add, modify or cancel conference registrations.\n".
- "The credentials you should use to sign-in are:\n".
+ "Whenever you need to log-in the credentials you should use to sign-in are:\n".
"username: $user\n".
- "password: $newpass\n";
+ "password: $newpass\n\n".
+ "After log-in you will be given the opportunity to change your password\n\n";
+ my $webdirections = "Please return to the Log-in page and use these
+ credentials to access the registration/support
+ system";
+ if ($caller) {
+ ($event,$year) = ($caller =~ /register\?event=([^&]+)&year=([^&]+)/);
+ unless ($event eq '' || $year eq '') {
+ my $event_quoted = $dbh->quote( $event );
+ my $year_quoted = $dbh->quote( $year );
+ my $directlogin = $dbh->selectrow_array("SELECT directlogin FROM event_config WHERE event = $event_quoted AND year = $year_quoted");
+ if ($directlogin) {
+ my $logtoken;
+ if (&maketoken($user,$event,$year,$caller,\$logtoken) eq 'ok') {
+ $maildirections = "Go to http://support.loncapa.org/directlogin?logintoken=$logtoken to log-in to the LON-CAPA registration form for the $event, $year. This URL will be valid for the next 30 minutes. After that time you will need to return to the events page listed below and use your username and initial password to log-in.\n\n";
+ $webdirections = "This e-mail contains a link which you can use to directly access the registration form for the $event, $year. The token included in the link will be valid for the next 30 minutes. After that time you will need to use the password and username credentials included in the e-mail to log-in to the form.";
+ }
+ }
+ }
+ }
+
+ $mailmsg .= "A request was recently submitted for creation of a new user account ".
+ "in the system used to register for workshops/conferences concerned ".
+ "with LON-CAPA - a learning content management system.\n\n";
+ $mailmsg .= $maildirections.$mailtext;
+ $webmsg .= $webdirections;
$mailflag = 1;
}
@@ -1185,4 +1207,27 @@
return $error_msg;
}
+sub maketoken {
+ my ($user,$event,$year,$caller,$logtoken) = @_;
+ my $timestamp = time;
+ $$logtoken = MD5->hexhash(MD5->hexhash(time.{}.rand().$$));
+ my %tempHash = (
+ 'user' => $user,
+ 'created' => $timestamp,
+ 'event' => $event,
+ 'year' => $year,
+ 'caller' => $caller
+ );
+ if (!-e "/home/helpdesk/tokens") {
+ mkdir("/home/helpdesk/tokens",0755);
+ }
+ my $hashid = '/home/helpdesk/tokens/'.$$logtoken;
+ eval { store(\%tempHash, $hashid) };
+ if ($@) {
+ return 'failed';
+ } else {
+ return 'ok';
+ }
+}
+
1;
Index: modules/raeburn/register/DirectLogin.pm
+++ modules/raeburn/register/DirectLogin.pm
package Apache::LON::DirectLogin;
use strict;
use Storable qw(store retrieve dclone);
use Apache::Constants qw(:common :http REDIRECT);
use CGI::Cookie();
use Apache::LON::Session;
sub handler {
my $r = shift;
my $login = $r->dir_config('Login');
my $inbound = $r->uri;
$r->custom_response(FORBIDDEN, $login);
my $auth_name = $r->auth_name; # Auth Name is LONCAPAID
my $cookie; # cookie to send to client
my $dbpwd; # get db credentials
my $authkeydir = "/home/helpdesk/admindata";
my $authkeyfile = $authkeydir.'/mysql.dat';
if (open (my $fh, "<$authkeyfile") ) {
$dbpwd = <$fh>;
close($fh);
chomp($dbpwd);
}
my %attr = (
data_source => $r->dir_config('Auth_DBI_data_source'),
username => $r->dir_config('Auth_DBI_username'),
password => $dbpwd
);
# connect to database
my $dbh = DBI->connect($attr{data_source}, $attr{username},
$attr{password});
unless ($dbh) {
return SERVER_ERROR;
}
$r->notes('_COOKIESTUFF' => $auth_name);
$r->notes('_AUTHFAIL' => 1);
my %params = ($r->args,$r->content);
my $logintoken = $params{'logintoken'};
if (($logintoken ne '') && (-e "/home/helpdesk/tokens/$logintoken")) {
my $tokenhash = &Storable::retrieve("/home/helpdesk/tokens/$logintoken");
# unlink "/home/helpdesk/tokens/$logintoken";
my $caller = $$tokenhash{'caller'};
$r->notes('_ORIGURL' => $caller);
$r->notes('_CURRURL' => $caller);
my $auth_cookie = new CGI::Cookie (
-name => $r->auth_name,
-value => { uri => $caller },
-path => '/'
);
my $now = time;
if ($now - $$tokenhash{'created'} > 1800) {
$r->notes('_RejectAuth' => "Your token has expired. Please authenticate using the username and password provided in the e-mail sent to you.");
} else {
if (&autologin($r,$dbh,\%attr,$tokenhash)) {
$r->notes('_AUTHFAIL' => 0);
$r->err_headers_out->{'Set-cookie'} = $auth_cookie;
}
}
} else {
$r->notes('_RejectAuth' => "A valid token was not provided. Please authenticate using the username and password provided in the e-mail sent to you.");
}
$dbh->disconnect;
return OK;
}
sub autologin {
my ($r,$dbh,$attr,$tokenhash,$auth_cookie) = @_;
my $user = $$tokenhash{'user'};
my $status = &Apache::LON::Session::new_session($r,$dbh,$attr,$user,$auth_cookie);
return $status;
}