login.pl 20 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749
  1. # Copyright (C) 2004 Fletcher T. Penney <fletcher@freeshell.org>
  2. #
  3. # This program is free software; you can redistribute it and/or modify
  4. # it under the terms of the GNU General Public License as published by
  5. # the Free Software Foundation; either version 3 of the License, or
  6. # (at your option) any later version.
  7. #
  8. # This program is distributed in the hope that it will be useful,
  9. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  10. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  11. # GNU General Public License for more details.
  12. #
  13. # You should have received a copy of the GNU General Public License
  14. # along with this program. If not, see <http://www.gnu.org/licenses/>.
  15. use strict;
  16. use v5.10;
  17. AddModuleDescription('login.pl', 'Login Module');
  18. our ($q, %Action, $SiteName, @MyAdminCode, $IndexFile, $DataDir, $FullUrl);
  19. our ($RegistrationForm, $MinimumPasswordLength, $RegistrationsMustBeApproved, $LoginForm, $PasswordFile, $PasswordFileToUse, $PendingPasswordFile, $RequireLoginToEdit, $ConfirmEmailAddress, $UnconfirmedPasswordFile, $EmailSenderAddress, $EmailCommand, $EmailRegExp, $NotifyPendingRegistrations, $EmailConfirmationMessage, $ResetPasswordMessage, $LogoutForm, $ResetForm, $ChangePassForm, $RequireCamelUserName, $UsernameRegExp);
  20. my $EncryptedPassword = "";
  21. push(@MyAdminCode, \&LoginAdminRule);
  22. $EmailRegExp = '[\w\.\-]+@([\w\-]+\.)+[\w]+';
  23. $UsernameRegExp = '([A-Z][a-z]+){2,}';
  24. $RequireCamelUserName = 0 unless defined $RequireCamelUserName;
  25. $RequireLoginToEdit = 1 unless defined $RequireLoginToEdit;
  26. $MinimumPasswordLength = 6 unless defined $MinimumPasswordLength;
  27. $PasswordFile = "$DataDir/passwords" unless defined $PasswordFile;
  28. $RegistrationsMustBeApproved = 1 unless defined $RegistrationsMustBeApproved;
  29. $PendingPasswordFile = "$DataDir/pending" unless defined $PendingPasswordFile;
  30. $ConfirmEmailAddress = 1 unless defined $ConfirmEmailAddress;
  31. $UnconfirmedPasswordFile = "$DataDir/uncomfirmed" unless defined $UnconfirmedPasswordFile;
  32. $EmailSenderAddress = "fletcher\@freeshell.org" unless defined $EmailSenderAddress;
  33. $EmailCommand = "/usr/sbin/sendmail -oi -t" unless defined $EmailCommand;
  34. $NotifyPendingRegistrations = "fletcher\@mercury.local" unless defined $NotifyPendingRegistrations;
  35. $EmailConfirmationMessage = qq!From: $EmailSenderAddress
  36. Subject: $SiteName Registration Confirmation
  37. This email address was used to create an account at $SiteName. If you did not register at this site, you do not need to do anything.
  38. Otherwise, in order to confirm your account, follow the link below.
  39. Thank you...
  40. ! unless defined $EmailConfirmationMessage;
  41. $ResetPasswordMessage = qq!From: $EmailSenderAddress
  42. Subject: $SiteName Password Reset
  43. We received a request to reset your password on our website. Your password has been reset (see below). You may log in and change to a password of your choice.
  44. Thank you...
  45. ! unless defined $ResetPasswordMessage;
  46. $PasswordFileToUse = $RegistrationsMustBeApproved
  47. ? $PendingPasswordFile : $PasswordFile;
  48. $PasswordFileToUse = $ConfirmEmailAddress
  49. ? $UnconfirmedPasswordFile : $PasswordFileToUse;
  50. $RegistrationForm = <<'EOT' unless defined $RegistrationForm;
  51. <p>Your Username should be a CamelCase form of your real name, e.g. JohnDoe.</p>
  52. <p>Your password must be at least 6 characters long.</p>
  53. <p>Your email address must be real, as a confirmation email will be sent to you. Your email address will not be shared with anyone else, or used for any other purpose.</p>
  54. <form method="post">
  55. <input type="hidden" name="action" value="process_registration" />
  56. <table class="form">
  57. <tr><td class="label">
  58. Username:
  59. </td><td class="input">
  60. <input type="text" name="username" value="%username%" />
  61. </td></tr>
  62. <tr><td class="label">
  63. Password:
  64. </td><td class="input">
  65. <input type="password" name="pwd1" value="" />
  66. </td></tr>
  67. <tr><td class="label">
  68. Reenter:
  69. </td><td class="input">
  70. <input type="password" name="pwd2" value="" />
  71. </td></tr>
  72. <tr><td class="label">
  73. Email:
  74. </td><td class="input">
  75. <input type="text" name="email" value="%email%" />
  76. </td></tr>
  77. <tr><td colspan="2" class="button">
  78. <input type="submit" value="Register" />
  79. </td></tr>
  80. </table>
  81. </form>
  82. EOT
  83. $LoginForm = <<'EOT' unless defined $LoginForm;
  84. <form method="post">
  85. <input type="hidden" name="action" value="process_login" />
  86. <table class="form">
  87. <tr><td class="label">
  88. Username:
  89. </td><td class="input">
  90. <input type="text" name="username" value="%username%" />
  91. </td></tr>
  92. <tr><td class="label">
  93. Password:
  94. </td><td class="input">
  95. <input type="password" name="pwd" value="" />
  96. </td></tr>
  97. <tr><td colspan="2" class="button">
  98. <input type="submit" value="Login" />
  99. </td></tr>
  100. </table>
  101. </form>
  102. EOT
  103. $LogoutForm = <<'EOT' unless defined $LogoutForm;
  104. <form method="post">
  105. <input type="hidden" name="action" value="process_logout" />
  106. <input type="hidden" name="pwd" value="" />
  107. <table class="form">
  108. <tr><td colspan="2" class="button">
  109. <input type="submit" value="Logout" />
  110. </td></tr>
  111. </table>
  112. </form>
  113. EOT
  114. $ResetForm = <<'EOT' unless defined $ResetForm;
  115. <p>Submit your username in order to reset your password.</p>
  116. <p>A temporary password will be mailed to you.</p>
  117. <form method="post">
  118. <input type="hidden" name="action" value="reset_password" />
  119. <input type="hidden" name="pwd" value="" />
  120. <table class="form">
  121. <tr><td class="label">
  122. Username:
  123. </td><td class="input">
  124. <input type="text" name="username" value="%username%" />
  125. </td></tr>
  126. <tr><td colspan="2" class="button">
  127. <input type="submit" value="Reset" />
  128. </td></tr>
  129. </table>
  130. </form>
  131. EOT
  132. $ChangePassForm = <<'EOT' unless defined $ChangePassForm;
  133. <form method="post">
  134. <input type="hidden" name="action" value="change_password" />
  135. <table class="form">
  136. <tr><td class="label">
  137. Username:
  138. </td><td class="input">
  139. <input type="text" name="username" value="%username%" />
  140. </td></tr>
  141. <tr><td class="label">
  142. Old Password:
  143. </td><td class="input">
  144. <input type="password" name="oldpwd" value="" />
  145. </td></tr>
  146. <tr><td class="label">
  147. Password:
  148. </td><td class="input">
  149. <input type="password" name="pwd1" value="" />
  150. </td></tr>
  151. <tr><td class="label">
  152. Reenter:
  153. </td><td class="input">
  154. <input type="password" name="pwd2" value="" />
  155. </td></tr>
  156. <tr><td colspan="2" class="button">
  157. <input type="submit" value="Submit" />
  158. </td></tr>
  159. </table>
  160. </form>
  161. EOT
  162. $Action{register} = \&DoRegister;
  163. sub DoRegister {
  164. my $id = shift;
  165. print GetHeader('', Ts('Register for %s', $SiteName), '');
  166. print '<div class="content">';
  167. $RegistrationForm =~ s/\%([a-z]+)\%/GetParam($1)/egi;
  168. $RegistrationForm =~ s/\$([a-z]+)\$/$q->span({-class=>'param'}, GetParam($1))
  169. . $q->input({-type=>'hidden', -name=>$1, -value=>GetParam($1)})/eg;
  170. print $RegistrationForm;
  171. print '</div>';
  172. PrintFooter();
  173. }
  174. $Action{process_registration} = \&DoProcessRegistration;
  175. sub DoProcessRegistration {
  176. my $id = shift;
  177. my $username = GetParam('username', '');
  178. my $pwd1 = GetParam('pwd1', '');
  179. my $pwd2 = GetParam('pwd2', '');
  180. my $email = GetParam('email', '');
  181. if ($RequireCamelUserName) {
  182. ReportError(T('Please choose a username of the form "FirstLast" using your real name.'))
  183. unless ($username =~ /$UsernameRegExp/);
  184. }
  185. ReportError(T('The passwords do not match.'))
  186. unless ($pwd1 eq $pwd2);
  187. ReportError(Ts('The password must be at least %s characters.', $MinimumPasswordLength))
  188. unless (length($pwd1) > ($MinimumPasswordLength-1));
  189. ReportError(T('That email address is invalid.'))
  190. unless ($email =~ /$EmailRegExp/);
  191. ReportError(Ts('The username %s has already been registered.', $username))
  192. if (UserExists($username));
  193. print GetHeader('', Ts('Register for %s', $SiteName), '');
  194. if ($RegistrationsMustBeApproved) {
  195. if (AddUser($username, $pwd1, $email, $PasswordFileToUse)) {
  196. print Ts('Your registration for %s has been submitted.', $SiteName);
  197. print " ";
  198. print T('Please allow time for the webmaster to approve your request.');
  199. print " ";
  200. if ($ConfirmEmailAddress) {
  201. print Ts('An email has been sent to "%s" with further instructions.', $email);
  202. print " ";
  203. } else {
  204. SendNotification($username);
  205. }
  206. } else {
  207. ReportError(T('There was an error saving your registration.'));
  208. }
  209. } else {
  210. if (AddUser($username, $pwd1, $email, $PasswordFileToUse)) {
  211. print Ts('An account was created for %s.', $username);
  212. print " ";
  213. if ($ConfirmEmailAddress) {
  214. print Ts('An email has been sent to "%s" with further instructions.', $email);
  215. print " ";
  216. }
  217. } else {
  218. ReportError(T('There was an error saving your registration.'));
  219. }
  220. }
  221. SendConfirmationEmail($username,$email) if ($ConfirmEmailAddress);
  222. PrintFooter();
  223. }
  224. $Action{login} = \&DoLogin;
  225. sub DoLogin {
  226. my $id = shift;
  227. print GetHeader('', Ts('Login to %s', $SiteName), '');
  228. print '<div class="content">';
  229. $LoginForm =~ s/\%([a-z]+)\%/GetParam($1)/eg;
  230. $LoginForm =~ s/\$([a-z]+)\$/$q->span({-class=>'param'}, GetParam($1))
  231. . $q->input({-type=>'hidden', -name=>$1, -value=>GetParam($1)})/eg;
  232. print $LoginForm;
  233. print '</div>';
  234. PrintFooter();
  235. }
  236. $Action{process_login} = \&DoProcessLogin;
  237. sub DoProcessLogin {
  238. my $id = shift;
  239. my $username = GetParam('username', '');
  240. my $pwd = GetParam('pwd', '');
  241. my $email = GetParam('email', '');
  242. ReportError(T('Username and/or password are incorrect.'))
  243. unless (AuthenticateUser($username,$pwd));
  244. Unlink($IndexFile);
  245. print GetHeader('', Ts('Register for %s', $SiteName), '');
  246. print '<div class="content">';
  247. print Ts('Logged in as %s.', $username);
  248. print '</div>';
  249. PrintFooter();
  250. }
  251. $Action{logout} = \&DoLogout;
  252. sub DoLogout {
  253. my $id = shift;
  254. print GetHeader('', Ts('Logout of %s', $SiteName), '');
  255. print '<div class="content">';
  256. print '<p>' . Ts('Logout of %s?',$SiteName) . '</p>';
  257. $LogoutForm =~ s/\%([a-z]+)\%/GetParam($1)/eg;
  258. $LogoutForm =~ s/\$([a-z]+)\$/$q->span({-class=>'param'}, GetParam($1))
  259. . $q->input({-type=>'hidden', -name=>$1, -value=>GetParam($1)})/eg;
  260. print $LogoutForm;
  261. print '</div>';
  262. PrintFooter();
  263. }
  264. $Action{process_logout} = \&DoProcessLogout;
  265. sub DoProcessLogout {
  266. SetParam('pwd','');
  267. SetParam('username','');
  268. Unlink($IndexFile); # I shouldn't have to do this...
  269. print GetHeader('', Ts('Logged out of %s', $SiteName), '');
  270. print '<div class="content">';
  271. print T('You are now logged out.');
  272. print '</div>';
  273. PrintFooter();
  274. }
  275. sub UserExists {
  276. my $username = shift;
  277. if (open (my $PASSWD, '<', encode_utf8($PasswordFile))) {
  278. while ( <$PASSWD> ) {
  279. if ($_ =~ /^$username:/) {
  280. return 1;
  281. }
  282. }
  283. close $PASSWD;
  284. }
  285. if ($RegistrationsMustBeApproved) {
  286. if (open (my $PASSWD, '<', encode_utf8($PendingPasswordFile))) {
  287. while ( <$PASSWD> ) {
  288. if ($_ =~ /^$username:/) {
  289. return 1;
  290. }
  291. }
  292. close $PASSWD;
  293. }
  294. }
  295. if ($ConfirmEmailAddress) {
  296. if (open (my $PASSWD, '<', encode_utf8($UnconfirmedPasswordFile))) {
  297. while ( <$PASSWD> ) {
  298. if ($_ =~ /^$username:/) {
  299. return 1;
  300. }
  301. }
  302. close $PASSWD;
  303. }
  304. }
  305. return 0;
  306. }
  307. sub AddUser {
  308. my ($username, $pwd, $email, $FileToUse) = @_;
  309. my @salts = ('a'..'z', 'A'..'Z', 0..9, '.', '/');
  310. my $salt=$salts[rand @salts];
  311. $salt.=$salts[rand @salts];
  312. my $encrypted = crypt($pwd,$salt);
  313. $EncryptedPassword = $encrypted;
  314. my %passwords = ();
  315. my %emails = ();
  316. if (open (my $PASSWD, '<', $FileToUse)) {
  317. while ( <$PASSWD> ) {
  318. if ($_ =~ /^(.*):(.*):(.*)$/) {
  319. $passwords{$1}=$2;
  320. $emails{$1}=$3;
  321. }
  322. }
  323. close $PASSWD;
  324. }
  325. $passwords{$username} = $encrypted;
  326. $emails{$username} = $email;
  327. open (my $PASSWD, '>', $FileToUse);
  328. foreach my $key ( sort keys(%passwords)) {
  329. print $PASSWD "$key:$passwords{$key}:$emails{$key}\n";
  330. }
  331. close $PASSWD;
  332. return 1;
  333. }
  334. *OldUserCanEdit = \&UserCanEdit;
  335. *UserCanEdit = \&LoginUserCanEdit;
  336. sub LoginUserCanEdit {
  337. my ($id, $editing) = @_;
  338. my $user = GetParam('username', '');
  339. my $pwd = GetParam('pwd', '');
  340. if ($RequireLoginToEdit) {
  341. if ($user and $pwd) {
  342. # If not logged in, return 0. Otherwise, let Oddmuse d$
  343. return 0 unless AuthenticateUser($user, $pwd);
  344. return OldUserCanEdit($id, $editing);
  345. }
  346. return 0;
  347. }
  348. return OldUserCanEdit($id, $editing);
  349. }
  350. sub AuthenticateUser {
  351. my ($username, $password) = @_;
  352. my $line;
  353. if (open(my $PASSWD, '<', $PasswordFile)) {
  354. while ($line = <$PASSWD>) {
  355. if ($line =~ /^$username:(.*):(.*)/) {
  356. if (crypt($password,$1) eq $1) {
  357. close $PASSWD;
  358. return 1;
  359. }
  360. }
  361. }
  362. close $PASSWD;
  363. }
  364. return 0;
  365. }
  366. sub LoginAdminRule {
  367. my ($id, $menuref) = @_;
  368. push(@$menuref, ScriptLink('action=register', T('Register a new account'), 'register'));
  369. push(@$menuref, ScriptLink('action=login', T('Login'), 'login'));
  370. push(@$menuref, ScriptLink('action=logout', T('Logout'), 'logout'));
  371. push(@$menuref, ScriptLink('action=whoami', T('Who am I?'), 'whoami'));
  372. push(@$menuref, ScriptLink('action=reset', T('Forgot your password?'), 'reset'));
  373. push(@$menuref, ScriptLink('action=change', T('Change your password'), 'change'));
  374. if (UserIsAdmin()) {
  375. push(@$menuref, ScriptLink('action=approve_pending', T('Approve pending registrations'), 'approve'));
  376. }
  377. }
  378. sub SendConfirmationEmail {
  379. my ($username, $email) = @_;
  380. my $key = $EncryptedPassword;
  381. my @salts = ('a'..'z', 'A'..'Z', 0..9, '.', '/');
  382. my $salt=$salts[rand @salts];
  383. $salt.=$salts[rand @salts];
  384. my $encrypted = crypt($key,$salt);
  385. my $confirmationLink = "$FullUrl?action=confirm_registration;account=$username;key=$encrypted;";
  386. open (my $MAIL, '|', $EmailCommand);
  387. print $MAIL "To: $email\n$EmailConfirmationMessage\n\nClick on the following link to confirm:\n\n$confirmationLink\n\n";
  388. close $MAIL;
  389. }
  390. $Action{confirm_registration} = \&DoConfirmRegistration;
  391. sub DoConfirmRegistration {
  392. my $id = shift;
  393. my $account = GetParam('account', '');
  394. my $key = GetParam('key', '');
  395. if ( ConfirmUser($account,$key)) {
  396. print GetHeader('', Ts('Confirm Registration for %s', $SiteName), '');
  397. print Ts('%s, your registration has been approved. You can now use your password to login and edit this wiki.',$account);
  398. PrintFooter();
  399. } else {
  400. ReportError(Ts('Confirmation failed. Please email %s for help.', $EmailSenderAddress));
  401. }
  402. }
  403. sub ConfirmUser {
  404. my ($username, $key) = @_;
  405. my $FileToUse = $RegistrationsMustBeApproved
  406. ? $PendingPasswordFile : $PasswordFileToUse;
  407. if (open(my $PASSWD, '<', encode_utf8($UnconfirmedPasswordFile))) {
  408. while (<$PASSWD>) {
  409. if ($_ =~ /^$username:(.*):(.*)/) {
  410. if (crypt($1,$key) eq $key) {
  411. AddUser($username,$1,$2,$FileToUse);
  412. close $PASSWD;
  413. RemoveUser($username,$UnconfirmedPasswordFile);
  414. if ($RegistrationsMustBeApproved) {
  415. SendNotification($username);
  416. }
  417. return 1;
  418. }
  419. }
  420. }
  421. }
  422. return 0;
  423. }
  424. sub RemoveUser {
  425. my ($username, $FileToUse) = @_;
  426. my %passwords = ();
  427. my %emails = ();
  428. if (open (my $PASSWD, '<', encode_utf8($FileToUse))) {
  429. while ( <$PASSWD> ) {
  430. if ($_ =~ /^(.*):(.*):(.*)$/) {
  431. next if ($1 eq $username);
  432. $passwords{$1}=$2;
  433. $emails{$1}=$3;
  434. }
  435. }
  436. close $PASSWD;
  437. }
  438. open (my $PASSWD, '>', $FileToUse);
  439. foreach my $key ( sort keys(%passwords)) {
  440. print $PASSWD "$key:$passwords{$key}:$emails{$key}\n";
  441. }
  442. close $PASSWD;
  443. return 1;
  444. }
  445. $Action{whoami} = \&DoWhoAmI;
  446. sub DoWhoAmI {
  447. print GetHeader('', T('Who Am I?'), '');
  448. my $user = GetParam('username', '');
  449. my $pwd = GetParam('pwd', '');
  450. if (AuthenticateUser($user, $pwd)) {
  451. print Ts('You are logged in as %s.',GetParam('username', ''));
  452. } else {
  453. print T('You are not logged in.');
  454. }
  455. PrintFooter();
  456. }
  457. $Action{reset_password} = \&DoResetPassword;
  458. sub DoResetPassword {
  459. my $id = shift;
  460. my $username = GetParam('username', '');
  461. if (UserExists($username)) {
  462. my ($newpass, $newhash) = newpass();
  463. my $email = ChangePassword($username,$newhash);
  464. if ($email ne "") {
  465. print GetHeader('', T('Reset Password'), '');
  466. print Ts('The password for %s was reset. It has been emailed to the address on file.',$username);
  467. PrintFooter();
  468. SendResetEmail($email,$newpass);
  469. } else {
  470. ReportError(Ts('There was an error resetting the password for %s.',$username));
  471. }
  472. } else {
  473. ReportError(Ts('The username "%s" does not exist.',$username));
  474. }
  475. }
  476. sub newpass {
  477. # Create a random password
  478. my @salts = ('a'..'z', 'A'..'Z', 0..9, '.', '/');
  479. my $salt=$salts[rand @salts];
  480. $salt.=$salts[rand @salts];
  481. my $password = $salts[rand @salts];
  482. for (my $i = 0; $i < 7; $i++) {
  483. $password .= $salts[rand @salts];
  484. }
  485. my $hash = crypt($password, $salt);
  486. return ($password, $hash);
  487. }
  488. sub ChangePassword {
  489. my ($user, $hash) = @_;
  490. my %passwords = ();
  491. my %emails = ();
  492. if (open (my $PASSWD, '<', encode_utf8($PasswordFile))) {
  493. while ( <$PASSWD> ) {
  494. if ($_ =~ /^(.*):(.*):(.*)$/) {
  495. $passwords{$1}=$2;
  496. $emails{$1}=$3;
  497. }
  498. }
  499. close $PASSWD;
  500. }
  501. $passwords{$user} = $hash;
  502. open (my $PASSWD, '>', encode_utf8($PasswordFile));
  503. foreach my $key ( sort keys(%passwords)) {
  504. print $PASSWD "$key:$passwords{$key}:$emails{$key}\n";
  505. }
  506. close $PASSWD;
  507. return $emails{$user};
  508. }
  509. $Action{reset} = \&DoReset;
  510. sub DoReset {
  511. my $id = shift;
  512. print GetHeader('', Ts('Reset Password for %s', $SiteName), '');
  513. print '<div class="content">';
  514. print '<p>' . T('Reset Password?') . '</p>';
  515. $ResetForm =~ s/\%([a-z]+)\%/GetParam($1)/eg;
  516. $ResetForm =~ s/\$([a-z]+)\$/$q->span({-class=>'param'}, GetParam($1))
  517. . $q->input({-type=>'hidden', -name=>$1, -value=>GetParam($1)})/eg;
  518. print $ResetForm;
  519. print '</div>';
  520. PrintFooter();
  521. }
  522. sub SendResetEmail {
  523. my ($email, $newpass) = @_;
  524. open (my $MAIL, '|', $EmailCommand);
  525. print $MAIL "To: $email\n$EmailConfirmationMessage\n\nYour new temporary password:\n\n$newpass\n\n";
  526. close $MAIL;
  527. }
  528. $Action{change} = \&DoChangePassword;
  529. sub DoChangePassword {
  530. my $id = shift;
  531. print GetHeader('', Ts('Change Password for %s', $SiteName), '');
  532. print '<div class="content">';
  533. print '<p>' . T('Change Password?') . '</p>';
  534. $ChangePassForm =~ s/\%([a-z]+)\%/GetParam($1)/eg;
  535. $ChangePassForm =~ s/\$([a-z]+)\$/$q->span({-class=>'param'}, GetParam($1))
  536. . $q->input({-type=>'hidden', -name=>$1, -value=>GetParam($1)})/eg;
  537. print $ChangePassForm;
  538. print '</div>';
  539. PrintFooter();
  540. }
  541. $Action{change_password} = \&DoProcessChangePassword;
  542. sub DoProcessChangePassword {
  543. my $id = shift;
  544. my $username = GetParam('username', '');
  545. my $pwd1 = GetParam('pwd1', '');
  546. my $pwd2 = GetParam('pwd2', '');
  547. my $oldpwd = GetParam('oldpwd', '');
  548. ReportError(T('Your current password is incorrect.')) if
  549. (! AuthenticateUser($username,$oldpwd));
  550. ReportError(T('The passwords do not match.'))
  551. unless ($pwd1 eq $pwd2);
  552. ReportError(Ts('The password must be at least %s characters.', $MinimumPasswordLength))
  553. unless (length($pwd1) > ($MinimumPasswordLength-1));
  554. print GetHeader('', Ts('Register for %s', $SiteName), '');
  555. my @salts = ('a'..'z', 'A'..'Z', 0..9, '.', '/');
  556. my $salt=$salts[rand @salts];
  557. $salt.=$salts[rand @salts];
  558. my $encrypted = crypt($pwd1,$salt);
  559. ChangePassword($username,$encrypted);
  560. print T('Your password has been changed.');
  561. PrintFooter();
  562. }
  563. sub SendNotification {
  564. my $NewUser = shift;
  565. open (my $MAIL, '|', $EmailCommand);
  566. print $MAIL "To: $NotifyPendingRegistrations\nFrom: $EmailSenderAddress\nSubject: New User at $SiteName\n\nYou have a new pending registration at $SiteName:\n\n$NewUser\n\n";
  567. close $MAIL;
  568. }
  569. $Action{approve_pending} = \&DoApprovePending;
  570. sub DoApprovePending {
  571. my $id = shift;
  572. my $count = 0;
  573. my $ToBeApproved = GetParam('user','');
  574. UserIsAdminOrError();
  575. print GetHeader('', Ts('Approve Pending Registrations for %s', $SiteName), '');
  576. if ($ToBeApproved) {
  577. if (ApproveUser($ToBeApproved)) {
  578. print Ts('%s has been approved.',$ToBeApproved);
  579. } else {
  580. print Ts('There was an error approving %s.',$ToBeApproved);
  581. }
  582. } else {
  583. print '<ul>';
  584. if (open(my $PASSWD, '<', encode_utf8($PendingPasswordFile))) {
  585. while (<$PASSWD>) {
  586. if ($_ =~ /^(.*):(.*):(.*)$/) {
  587. print '<li>' . ScriptLink("action=approve_pending;user=$1;",$1) . ' - ' . $3 . '</li>';
  588. $count++;
  589. }
  590. }
  591. }
  592. print '</ul>';
  593. if ($count == 0) {
  594. print T('There are no pending registrations.');
  595. }
  596. }
  597. PrintFooter();
  598. }
  599. sub ApproveUser {
  600. my ($username) = @_;
  601. if (open(my $PASSWD, '<', encode_utf8($PendingPasswordFile))) {
  602. while (<$PASSWD>) {
  603. if ($_ =~ /^$username:(.*):(.*)/) {
  604. AddUser($username,$1,$2,$PasswordFile);
  605. close $PASSWD;
  606. RemoveUser($username,$PendingPasswordFile);
  607. return 1;
  608. }
  609. }
  610. }
  611. return 0;
  612. }