nigel.stanger / Digital_Repository
Transfer to URL with SHA Find file
Newer
Older
Digital_Repository / OARiNZ / DIY / deb_package / eprints-3.0 / cgi / confirm
nstanger on 7 Jun 2007 4 KB - Added debian package source.
Raw Blame History 
  1. ######################################################################
  2. #
  3. #  Confirm Password or Email Change
  4. #
  5. ######################################################################
  6. #
  7. #  This file is part of GNU EPrints 2.
  8. #  
  9. #  Copyright (c) 2000-2004 University of Southampton, UK. SO17 1BJ.
  10. #  
  11. #  EPrints 2 is free software; you can redistribute it and/or modify
  12. #  it under the terms of the GNU General Public License as published by
  13. #  the Free Software Foundation; either version 2 of the License, or
  14. #  (at your option) any later version.
  15. #  
  16. #  EPrints 2 is distributed in the hope that it will be useful,
  17. #  but WITHOUT ANY WARRANTY; without even the implied warranty of
  18. #  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  19. #  GNU General Public License for more details.
  20. #  
  21. #  You should have received a copy of the GNU General Public License
  22. #  along with EPrints 2; if not, write to the Free Software
  23. #  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  24. #
  25. ######################################################################
  26.  
  27. use EPrints;
  28.  
  29. use strict;
  30.  
  31. my $session = new EPrints::Session;
  32. exit( 0 ) unless( defined $session );
  33.  
  34. my( $title, $page ) = make_confirm_page( $session );
  35.  
  36. $session->build_page( $title, $page, "confirm" );
  37. $session->send_page();
  38. $session->terminate();
  39.  
  40.  
  41. sub make_confirm_page
  42. {
  43. 	my( $session ) = @_;
  44.  
  45. 	my $page = $session->make_doc_fragment;
  46.  
  47. 	my $user_ds = $session->get_repository->get_dataset( "user" );
  48.  
  49. 	if( !$session->have_parameters() )
  50. 	{
  51. 		$page->appendChild( $session->html_phrase( "general:bad_param" ) );
  52. 		return( $session->html_phrase( "cgi/confirm:err_title" ) , $page );
  53. 	}
  54.  
  55. 	# Process the form.
  56. 	my $userid = $session->param( "userid" )+0;
  57. 	my $pin = $session->param( "pin" );
  58.  
  59. 	my $user = new EPrints::User( $session, $userid );
  60.  
  61. 	if( !defined $user )
  62. 	{
  63. 		$page->appendChild( $session->html_phrase( "cgi/confirm:bad_user" ) );
  64. 		return( $session->html_phrase( "cgi/confirm:err_title" ) , $page );
  65. 	}
  66.  
  67. 	my $userpin = $user->get_value( "pin" );
  68. 	my $pinsettime = $user->get_value( "pinsettime" );
  69. 	my $delta = (time - $pinsettime);
  70.  
  71. 	if( !defined $userpin )
  72. 	{
  73. 		$page->appendChild( $session->html_phrase( "cgi/confirm:no_pin" ) );
  74. 		return( $session->html_phrase( "cgi/confirm:err_title" ) , $page );
  75. 	}
  76. 	if( $userpin ne $pin)
  77. 	{
  78. 		$page->appendChild( $session->html_phrase( "cgi/confirm:pin_mismatch" ) );
  79. 		return( $session->html_phrase( "cgi/confirm:err_title" ) , $page );
  80. 	}
  81. 	my $maxdelta = $session->get_repository->get_conf( "pin_timeout" );
  82. 	if( ( $maxdelta != 0 ) && ( $maxdelta * 60 * 60 < $delta ) )
  83. 	{
  84. 		$page->appendChild( $session->html_phrase( "cgi/confirm:pin_timeout" ) );
  85. 		return( $session->html_phrase( "cgi/confirm:err_title" ) , $page );
  86. 	}
  87.  
  88. 	# Only ONE of these should be set, as the two set_* scripts should zero the
  89. 	# other value when they set theirs.
  90.  
  91. 	# This script hacks the SQL directly, as normally "secret" fields are not
  92. 	# accessable to eprints. 
  93. 	
  94. 	if( $user->is_set( "newemail" ) )
  95. 	{
  96. 		# check no one else has this email! cjg
  97. 		my $sql = "UPDATE ".$user_ds->get_sql_table_name()." SET email=newemail, newemail=NULL, pin=NULL where userid=".$userid; 
  98. 		$session->get_database->do( $sql );
  99. 		if( $user->has_priv( "lock-username-to-email" ) )# cjg change to new system
  100. 		{
  101. 			my $sql = "UPDATE ".$user_ds->get_sql_table_name()." SET username=email where userid=".$userid; 
  102. 			$session->get_database->do( $sql );
  103. 			# shim the username in the current user object
  104. 			$user->set_value( "username", $user->get_value( "newemail" ) );
  105. 		}
  106. 		$page->appendChild( $session->html_phrase( 
  107. 			"cgi/confirm:set_email",
  108. 			newemail=>$session->make_text( $user->get_value( "newemail" ) ) ) );
  109. 	} 
  110. 	else
  111. 	{
  112. 		# Must be password then. Can't see it 'cus it's a "secret".
  113. 		my $sql = "UPDATE ".$user_ds->get_sql_table_name()." SET password=newpassword, newpassword=NULL, pin=NULL where userid=".$userid; 
  114. 		$session->get_database->do( $sql );
  115. 		$page->appendChild( $session->html_phrase( "cgi/confirm:set_password" ) );
  116. 		$session->login( $user );
  117. 	}
  118.  
  119. 	$page->appendChild( $session->html_phrase( "cgi/confirm:username",
  120. 		username => $user->render_value( "username" ) ) );
  121.  
  122. 	$page->appendChild( $session->html_phrase( "cgi/confirm:go_login" ) );
  123.  
  124. 	return( $session->html_phrase( "cgi/confirm:title" ) , $page );
  125. }
  126.