nigel.stanger / Digital_Repository
Transfer to URL with SHA Find file
Newer
Older
Digital_Repository / OARiNZ / DIY / deb_package / eprints-3.0 / cgi / confirm
nstanger on 7 Jun 2007 4 KB - Added debian package source.
Raw Blame History 
######################################################################
#
#  Confirm Password or Email Change
#
######################################################################
#
#  This file is part of GNU EPrints 2.
#  
#  Copyright (c) 2000-2004 University of Southampton, UK. SO17 1BJ.
#  
#  EPrints 2 is free software; you can redistribute it and/or modify
#  it under the terms of the GNU General Public License as published by
#  the Free Software Foundation; either version 2 of the License, or
#  (at your option) any later version.
#  
#  EPrints 2 is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU General Public License for more details.
#  
#  You should have received a copy of the GNU General Public License
#  along with EPrints 2; if not, write to the Free Software
#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
#
######################################################################

use EPrints;

use strict;

my $session = new EPrints::Session;
exit( 0 ) unless( defined $session );

my( $title, $page ) = make_confirm_page( $session );

$session->build_page( $title, $page, "confirm" );
$session->send_page();
$session->terminate();


sub make_confirm_page
{
	my( $session ) = @_;

	my $page = $session->make_doc_fragment;

	my $user_ds = $session->get_repository->get_dataset( "user" );

	if( !$session->have_parameters() )
	{
		$page->appendChild( $session->html_phrase( "general:bad_param" ) );
		return( $session->html_phrase( "cgi/confirm:err_title" ) , $page );
	}

	# Process the form.
	my $userid = $session->param( "userid" )+0;
	my $pin = $session->param( "pin" );

	my $user = new EPrints::User( $session, $userid );

	if( !defined $user )
	{
		$page->appendChild( $session->html_phrase( "cgi/confirm:bad_user" ) );
		return( $session->html_phrase( "cgi/confirm:err_title" ) , $page );
	}

	my $userpin = $user->get_value( "pin" );
	my $pinsettime = $user->get_value( "pinsettime" );
	my $delta = (time - $pinsettime);

	if( !defined $userpin )
	{
		$page->appendChild( $session->html_phrase( "cgi/confirm:no_pin" ) );
		return( $session->html_phrase( "cgi/confirm:err_title" ) , $page );
	}
	if( $userpin ne $pin)
	{
		$page->appendChild( $session->html_phrase( "cgi/confirm:pin_mismatch" ) );
		return( $session->html_phrase( "cgi/confirm:err_title" ) , $page );
	}
	my $maxdelta = $session->get_repository->get_conf( "pin_timeout" );
	if( ( $maxdelta != 0 ) && ( $maxdelta * 60 * 60 < $delta ) )
	{
		$page->appendChild( $session->html_phrase( "cgi/confirm:pin_timeout" ) );
		return( $session->html_phrase( "cgi/confirm:err_title" ) , $page );
	}

	# Only ONE of these should be set, as the two set_* scripts should zero the
	# other value when they set theirs.

	# This script hacks the SQL directly, as normally "secret" fields are not
	# accessable to eprints. 
	
	if( $user->is_set( "newemail" ) )
	{
		# check no one else has this email! cjg
		my $sql = "UPDATE ".$user_ds->get_sql_table_name()." SET email=newemail, newemail=NULL, pin=NULL where userid=".$userid; 
		$session->get_database->do( $sql );
		if( $user->has_priv( "lock-username-to-email" ) )# cjg change to new system
		{
			my $sql = "UPDATE ".$user_ds->get_sql_table_name()." SET username=email where userid=".$userid; 
			$session->get_database->do( $sql );
			# shim the username in the current user object
			$user->set_value( "username", $user->get_value( "newemail" ) );
		}
		$page->appendChild( $session->html_phrase( 
			"cgi/confirm:set_email",
			newemail=>$session->make_text( $user->get_value( "newemail" ) ) ) );
	} 
	else
	{
		# Must be password then. Can't see it 'cus it's a "secret".
		my $sql = "UPDATE ".$user_ds->get_sql_table_name()." SET password=newpassword, newpassword=NULL, pin=NULL where userid=".$userid; 
		$session->get_database->do( $sql );
		$page->appendChild( $session->html_phrase( "cgi/confirm:set_password" ) );
		$session->login( $user );
	}

	$page->appendChild( $session->html_phrase( "cgi/confirm:username",
		username => $user->render_value( "username" ) ) );

	$page->appendChild( $session->html_phrase( "cgi/confirm:go_login" ) );

	return( $session->html_phrase( "cgi/confirm:title" ) , $page );
}