- ######################################################################
- #
- # Confirm Password or Email Change
- #
- ######################################################################
- #
- # This file is part of GNU EPrints 2.
- #
- # Copyright (c) 2000-2004 University of Southampton, UK. SO17 1BJ.
- #
- # EPrints 2 is free software; you can redistribute it and/or modify
- # it under the terms of the GNU General Public License as published by
- # the Free Software Foundation; either version 2 of the License, or
- # (at your option) any later version.
- #
- # EPrints 2 is distributed in the hope that it will be useful,
- # but WITHOUT ANY WARRANTY; without even the implied warranty of
- # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
- # along with EPrints 2; if not, write to the Free Software
- # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- #
- ######################################################################
-
- use EPrints;
-
- use strict;
-
- my $session = new EPrints::Session;
- exit( 0 ) unless( defined $session );
-
- my( $title, $page ) = make_confirm_page( $session );
-
- $session->build_page( $title, $page, "confirm" );
- $session->send_page();
- $session->terminate();
-
-
- sub make_confirm_page
- {
- my( $session ) = @_;
-
- my $page = $session->make_doc_fragment;
-
- my $user_ds = $session->get_repository->get_dataset( "user" );
-
- if( !$session->have_parameters() )
- {
- $page->appendChild( $session->html_phrase( "general:bad_param" ) );
- return( $session->html_phrase( "cgi/confirm:err_title" ) , $page );
- }
-
- # Process the form.
- my $userid = $session->param( "userid" )+0;
- my $pin = $session->param( "pin" );
-
- my $user = new EPrints::User( $session, $userid );
-
- if( !defined $user )
- {
- $page->appendChild( $session->html_phrase( "cgi/confirm:bad_user" ) );
- return( $session->html_phrase( "cgi/confirm:err_title" ) , $page );
- }
-
- my $userpin = $user->get_value( "pin" );
- my $pinsettime = $user->get_value( "pinsettime" );
- my $delta = (time - $pinsettime);
-
- if( !defined $userpin )
- {
- $page->appendChild( $session->html_phrase( "cgi/confirm:no_pin" ) );
- return( $session->html_phrase( "cgi/confirm:err_title" ) , $page );
- }
- if( $userpin ne $pin)
- {
- $page->appendChild( $session->html_phrase( "cgi/confirm:pin_mismatch" ) );
- return( $session->html_phrase( "cgi/confirm:err_title" ) , $page );
- }
- my $maxdelta = $session->get_repository->get_conf( "pin_timeout" );
- if( ( $maxdelta != 0 ) && ( $maxdelta * 60 * 60 < $delta ) )
- {
- $page->appendChild( $session->html_phrase( "cgi/confirm:pin_timeout" ) );
- return( $session->html_phrase( "cgi/confirm:err_title" ) , $page );
- }
-
- # Only ONE of these should be set, as the two set_* scripts should zero the
- # other value when they set theirs.
-
- # This script hacks the SQL directly, as normally "secret" fields are not
- # accessable to eprints.
-
- if( $user->is_set( "newemail" ) )
- {
- # check no one else has this email! cjg
- my $sql = "UPDATE ".$user_ds->get_sql_table_name()." SET email=newemail, newemail=NULL, pin=NULL where userid=".$userid;
- $session->get_database->do( $sql );
- if( $user->has_priv( "lock-username-to-email" ) )# cjg change to new system
- {
- my $sql = "UPDATE ".$user_ds->get_sql_table_name()." SET username=email where userid=".$userid;
- $session->get_database->do( $sql );
- # shim the username in the current user object
- $user->set_value( "username", $user->get_value( "newemail" ) );
- }
- $page->appendChild( $session->html_phrase(
- "cgi/confirm:set_email",
- newemail=>$session->make_text( $user->get_value( "newemail" ) ) ) );
- }
- else
- {
- # Must be password then. Can't see it 'cus it's a "secret".
- my $sql = "UPDATE ".$user_ds->get_sql_table_name()." SET password=newpassword, newpassword=NULL, pin=NULL where userid=".$userid;
- $session->get_database->do( $sql );
- $page->appendChild( $session->html_phrase( "cgi/confirm:set_password" ) );
- $session->login( $user );
- }
-
- $page->appendChild( $session->html_phrase( "cgi/confirm:username",
- username => $user->render_value( "username" ) ) );
-
- $page->appendChild( $session->html_phrase( "cgi/confirm:go_login" ) );
-
- return( $session->html_phrase( "cgi/confirm:title" ) , $page );
- }
-