Parent Directory
| 
Revision Log
- created macros/IO.pl, which is loaded with no opmask by PG.pm. It is a copy of WeBWorK::PG::IO.pm, with some changes to make it work as a macro package. The translator no longer shares IO.pm's functions with the safe compartment. This is a BAD THING, and should be reconsidered when the Translator is revised. - Changed many (but not all) checks for HTML or HTML_tth modes to match /^HTML/ in the macros. - changed &header to &head in Problem.pm - Added problem environment variables for gif2eps and png2eps and modified &dangerousMacros::alias to use them - fixed MOST of the harmless warnings in the system. there's still the "Use of uninitialized value in null operation" warning in template(), tho. Still to come: - make images in PDFs work - fix TTH mode character encodings on mac (maybe) - have logout button invalidate key - Pretty die messages (from outside of the translator) - Feedback - need nice modular way of sending email - Options - email address and password
1 ################################################################################ 2 # WeBWorK mod_perl (c) 2000-2002 WeBWorK Project 3 # $Id$ 4 ################################################################################ 5 6 package WeBWorK::Authen; 7 8 =head1 NAME 9 10 WeBWorK::Authen - Check user identity, manage session keys. 11 12 =cut 13 14 use strict; 15 use warnings; 16 use WeBWorK::DB::Auth; 17 18 sub new($$$) { 19 my $invocant = shift; 20 my $class = ref($invocant) || $invocant; 21 my $self = {}; 22 ($self->{r}, $self->{courseEnvironment}) = @_; 23 bless $self, $class; 24 return $self; 25 } 26 27 sub generate_key { 28 # Package constants. These should never be changed in other places ever 29 my $key_length = 40; # number of chars in each key 30 my @key_chars = ('A'..'Z', 'a'..'z', '0'..'9', '.', '^', '/', '!', '*'); 31 32 my $i = $key_length; 33 my $key = ''; 34 srand; 35 while($i) { 36 $key .= $key_chars[rand(@key_chars)]; 37 $i--; 38 } 39 return $key; 40 } 41 42 # verify will return 1 if the person is who they say the are. 43 # If the verification failed because of of invalid authentication data, 44 # a note will be written in the request explaining why it failed. 45 # If the request failed because no authentication data was provided, however, 46 # no note will be written, as this is expected to happen whenever someone 47 # types in a URL manually, and is not considered an error condition. 48 sub verify($) { 49 my $self = shift; 50 my $r = $self->{r}; 51 my $course_env = $self->{courseEnvironment}; 52 53 my $user = $r->param('user'); 54 my $passwd = $r->param('passwd'); 55 my $key = $r->param('key'); 56 my $time = time; 57 58 # I wanted to get rid of that passwd up here for security reasons, 59 # but usability dictates that we not clear out invalid passwords. 60 #$r->param('passwd',undef); 61 62 my $error; 63 my $return; 64 65 my $auth = WeBWorK::DB::Auth->new($course_env); 66 67 # The first part of this big conditional checks to make that we have 68 # all of the form info that we need. It's pretty boring. The kooky 69 # authen stuff comes after that. 70 if (!defined $user && !defined $passwd && !defined $key) { 71 # The user hasn't even had a chance to say who he is, so we 72 # can't hold it against him that we don't know. 73 undef $error; 74 $return = 0; 75 } elsif (!$user) { 76 $error = "You must specify a username"; 77 $return = 0; 78 } elsif (!$passwd && !$key) { 79 $error = "You must enter a password"; 80 $return = 0; 81 } 82 # OK, we're done with the trivia. Now lets authenticate. 83 elsif ($passwd) { 84 # A bit of extra logic for practice users 85 # Practice users are different because: 86 # - They aren't allowed to log in if an active key exists 87 # (except for $debugPracticeUser) 88 # - They are allowed to log in with any password 89 my $practiceUserPrefix = $course_env->{"practiceUserPrefix"}; 90 my $debugPracticeUser = $course_env->{"debugPracticeUser"}; 91 if ($practiceUserPrefix and $user =~ /^$practiceUserPrefix/) { 92 if (!$auth->getPassword($user)) { # the only way DB::Auth provides for checking the existence of a user 93 $error = "That practice account does not exist"; 94 $return = 0; 95 } elsif ($auth->getKey($user) and $user ne $debugPracticeUser) { 96 $error = "That practice account is in use"; 97 $return = 0; 98 } else { 99 $key = generate_key; 100 $auth->setKey($user, $key); 101 $r->param('key',$key); 102 $return = 1; 103 } 104 } 105 # Not a practice user. Do normal authentication. 106 elsif ($auth->verifyPassword($user, $passwd)) { 107 # Remove the passwd field from subsequent requests. 108 $r->param('passwd',""); 109 $key = $auth->getKey($user) || generate_key; 110 $auth->setKey($user, $key); 111 $r->param('key',$key); 112 $return = 1; 113 } else { 114 $error = "Incorrect username or password"; 115 $return = 0; 116 } 117 } elsif ($key) { 118 # The timestamp gets updated by verifyKey 119 if ($auth->verifyKey($user, $key)) { 120 $return = 1; 121 } else { 122 $error = "Your session has expired. You must login again"; 123 $return = 0; 124 } 125 } else { 126 $error = "Unexpected authentication error!"; 127 $return = 0; 128 } 129 130 $r->notes("authen_error",$error) if defined($error); 131 return $return; 132 133 # Whatever you do, don't delete this! 134 critical($r); 135 } 136 137 1; 138 139 __END__ 140 141 =head1 AUTHOR 142 143 Written by Dennis Lambe Jr., malsyned (at) math.rochester.edu 144 145 =cut
| aubreyja at gmail dot com | ViewVC Help |
| Powered by ViewVC 1.0.9 |