Newer
Older
Digital_Repository / OARiNZ / DIY / deb_package / eprints-3.0 / cgi / confirm
nstanger on 7 Jun 2007 4 KB - Added debian package source.
  1. ######################################################################
  2. #
  3. # Confirm Password or Email Change
  4. #
  5. ######################################################################
  6. #
  7. # This file is part of GNU EPrints 2.
  8. #
  9. # Copyright (c) 2000-2004 University of Southampton, UK. SO17 1BJ.
  10. #
  11. # EPrints 2 is free software; you can redistribute it and/or modify
  12. # it under the terms of the GNU General Public License as published by
  13. # the Free Software Foundation; either version 2 of the License, or
  14. # (at your option) any later version.
  15. #
  16. # EPrints 2 is distributed in the hope that it will be useful,
  17. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  18. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  19. # GNU General Public License for more details.
  20. #
  21. # You should have received a copy of the GNU General Public License
  22. # along with EPrints 2; if not, write to the Free Software
  23. # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
  24. #
  25. ######################################################################
  26.  
  27. use EPrints;
  28.  
  29. use strict;
  30.  
  31. my $session = new EPrints::Session;
  32. exit( 0 ) unless( defined $session );
  33.  
  34. my( $title, $page ) = make_confirm_page( $session );
  35.  
  36. $session->build_page( $title, $page, "confirm" );
  37. $session->send_page();
  38. $session->terminate();
  39.  
  40.  
  41. sub make_confirm_page
  42. {
  43. my( $session ) = @_;
  44.  
  45. my $page = $session->make_doc_fragment;
  46.  
  47. my $user_ds = $session->get_repository->get_dataset( "user" );
  48.  
  49. if( !$session->have_parameters() )
  50. {
  51. $page->appendChild( $session->html_phrase( "general:bad_param" ) );
  52. return( $session->html_phrase( "cgi/confirm:err_title" ) , $page );
  53. }
  54.  
  55. # Process the form.
  56. my $userid = $session->param( "userid" )+0;
  57. my $pin = $session->param( "pin" );
  58.  
  59. my $user = new EPrints::User( $session, $userid );
  60.  
  61. if( !defined $user )
  62. {
  63. $page->appendChild( $session->html_phrase( "cgi/confirm:bad_user" ) );
  64. return( $session->html_phrase( "cgi/confirm:err_title" ) , $page );
  65. }
  66.  
  67. my $userpin = $user->get_value( "pin" );
  68. my $pinsettime = $user->get_value( "pinsettime" );
  69. my $delta = (time - $pinsettime);
  70.  
  71. if( !defined $userpin )
  72. {
  73. $page->appendChild( $session->html_phrase( "cgi/confirm:no_pin" ) );
  74. return( $session->html_phrase( "cgi/confirm:err_title" ) , $page );
  75. }
  76. if( $userpin ne $pin)
  77. {
  78. $page->appendChild( $session->html_phrase( "cgi/confirm:pin_mismatch" ) );
  79. return( $session->html_phrase( "cgi/confirm:err_title" ) , $page );
  80. }
  81. my $maxdelta = $session->get_repository->get_conf( "pin_timeout" );
  82. if( ( $maxdelta != 0 ) && ( $maxdelta * 60 * 60 < $delta ) )
  83. {
  84. $page->appendChild( $session->html_phrase( "cgi/confirm:pin_timeout" ) );
  85. return( $session->html_phrase( "cgi/confirm:err_title" ) , $page );
  86. }
  87.  
  88. # Only ONE of these should be set, as the two set_* scripts should zero the
  89. # other value when they set theirs.
  90.  
  91. # This script hacks the SQL directly, as normally "secret" fields are not
  92. # accessable to eprints.
  93. if( $user->is_set( "newemail" ) )
  94. {
  95. # check no one else has this email! cjg
  96. my $sql = "UPDATE ".$user_ds->get_sql_table_name()." SET email=newemail, newemail=NULL, pin=NULL where userid=".$userid;
  97. $session->get_database->do( $sql );
  98. if( $user->has_priv( "lock-username-to-email" ) )# cjg change to new system
  99. {
  100. my $sql = "UPDATE ".$user_ds->get_sql_table_name()." SET username=email where userid=".$userid;
  101. $session->get_database->do( $sql );
  102. # shim the username in the current user object
  103. $user->set_value( "username", $user->get_value( "newemail" ) );
  104. }
  105. $page->appendChild( $session->html_phrase(
  106. "cgi/confirm:set_email",
  107. newemail=>$session->make_text( $user->get_value( "newemail" ) ) ) );
  108. }
  109. else
  110. {
  111. # Must be password then. Can't see it 'cus it's a "secret".
  112. my $sql = "UPDATE ".$user_ds->get_sql_table_name()." SET password=newpassword, newpassword=NULL, pin=NULL where userid=".$userid;
  113. $session->get_database->do( $sql );
  114. $page->appendChild( $session->html_phrase( "cgi/confirm:set_password" ) );
  115. $session->login( $user );
  116. }
  117.  
  118. $page->appendChild( $session->html_phrase( "cgi/confirm:username",
  119. username => $user->render_value( "username" ) ) );
  120.  
  121. $page->appendChild( $session->html_phrase( "cgi/confirm:go_login" ) );
  122.  
  123. return( $session->html_phrase( "cgi/confirm:title" ) , $page );
  124. }
  125.