[system] / branches / rel-2-1-a1 / webwork-modperl / lib / WeBWorK / Authen.pm Repository:
ViewVC logotype

Diff of /branches/rel-2-1-a1/webwork-modperl/lib/WeBWorK/Authen.pm

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 348 Revision 349
64 } elsif (!$passwd && !$key) { 64 } elsif (!$passwd && !$key) {
65 $error = "You must enter a password"; 65 $error = "You must enter a password";
66 $return = 0; 66 $return = 0;
67 } 67 }
68 # OK, we're done with the trivia. Now lets authenticate. 68 # OK, we're done with the trivia. Now lets authenticate.
69 # This is the part that will get rewritten after Sam finishes
70 # his work on the database stuff.
71 elsif ($passwd) { 69 elsif ($passwd) {
70 # A bit of extra logic for practice users
71 # Practice users are different because:
72 # - They aren't allowed to log in if an active key exists
73 # (except for $debugPracticeUser)
74 # - They are allowed to log in with any password
75 $practiceUserPrefix = $course_env->{"practiceUserPrefix"};
76 $debugPracticeUser = $course_env->{"debugPracticeUser"};
77 if ($practiceUserPrefix and $user =~ /^$practiceUserPrefix/) {
78 if (!$auth->getPassword($user)) { # the only way DB::Auth provides for checking the existence of a user
79 $error = "That practice account does not exist";
80 $return = 0;
81 } elsif ($auth->getKey($user) and $user ne $debugPracticeUser) {
82 $error = "That practice account is in use";
83 $return = 0;
84 } else {
85 $key = generate_key;
86 $auth->setKey($user, $key);
87 $r->param('key',$key);
88 $return = 1;
89 }
90 }
91 # Not a practice user. Do normal authentication.
72 if ($auth->verifyPassword($user, $passwd)) { 92 elsif ($auth->verifyPassword($user, $passwd)) {
73 # Remove the passwd field from subsequent requests. 93 # Remove the passwd field from subsequent requests.
74 $r->param('passwd',undef); 94 $r->param('passwd',undef);
75 $key = generate_key; 95 $key = $auth->getKey($user) || generate_key;
76 $auth->setKey($user, $key, time); 96 $auth->setKey($user, $key);
77 $r->param('key',$key); 97 $r->param('key',$key);
78 $return = 1; 98 $return = 1;
79 } else { 99 } else {
80 $error = "Incorrect username or password"; 100 $error = "Incorrect username or password";
81 $return = 0; 101 $return = 0;
82 } 102 }
83 } elsif ($key) { 103 } elsif ($key) {
84 # The timestamp gets updated by verifyKey with the time passed in 104 # The timestamp gets updated by verifyKey
85 if ($auth->verifyKey($user, $key, time)) { 105 if ($auth->verifyKey($user, $key)) {
86 $return = 1; 106 $return = 1;
87 } else { 107 } else {
88 $error = "Your session has expired. You must login again"; 108 $error = "Your session has expired. You must login again";
89 $return = 0; 109 $return = 0;
90 } 110 }
Legend:
Removed from v.348  
changed lines
  Added in v.349
aubreyja at gmail dot com
 ViewVC Help
Powered by ViewVC 1.0.9