1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
|
##############################################################################
# The Faq-O-Matic is Copyright 1997 by Jon Howell, all rights reserved. #
# #
# This program is free software; you can redistribute it and/or #
# modify it under the terms of the GNU General Public License #
# as published by the Free Software Foundation; either version 2 #
# of the License, or (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program; if not, write to the Free Software #
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.#
# #
# Jon Howell can be contacted at: #
# 6211 Sudikoff Lab, Dartmouth College #
# Hanover, NH 03755-3510 #
# jonh@cs.dartmouth.edu #
# #
# An electronic copy of the GPL is available at: #
# http://www.gnu.org/copyleft/gpl.html #
# #
##############################################################################
use strict;
package FAQ::OMatic::authenticate;
use CGI;
use FAQ::OMatic::Item;
use FAQ::OMatic;
use FAQ::OMatic::Auth;
use FAQ::OMatic::HelpMod;
use FAQ::OMatic::I18N;
sub main {
my $cgi = FAQ::OMatic::dispatch::cgi();
my $params = FAQ::OMatic::getParams($cgi);
my $rt = FAQ::OMatic::pageHeader($params, ['help', 'faq']);
my $what = $params->{'_restart'};
my $whoIsAllowed = FAQ::OMatic::Auth::authError($params->{'_reason'},
$params->{'file'});
# Give them the option of setting up a new password
# Creating a login is the same thing
my $newPassButton .= FAQ::OMatic::button(
FAQ::OMatic::makeAref('changePass',
{'_pass_pass' => '',
'_pass_id' => '' }, '', 'saveTransients'),
gettext("Set a New Password"));
my $newLoginButton .= FAQ::OMatic::button(
FAQ::OMatic::makeAref('changePass',
{'_pass_pass' => '',
'_pass_id' => '' }, '', 'saveTransients'),
gettext("Create a New Login"));
if ($params->{'badPass'}) {
$rt.=gettext("That password is invalid. If you've forgotten your old password, you can")." $newPassButton.\n";
delete $params->{'badPass'};
# We had to use a nontransient param because the func that sets
# the badPass flag (FAQ::OMatic::AuthLocal::authenticate()) doesn't directly
# generate a URL, and of course stuffing a transient param
# into the param list won't make it to the URL.
#
# You're probably worried the param could live on too long (I was).
# Say you fill in the authentication dialog with a bad password.
# You get a badPass param, but say the script checking your
# authentication decides to accept the 'anonymous' $aq==1
# authentication that results. But wait -- the reason you were
# asked to authenticate in the first place was that your previous
# auth wasn't good enough for that script. And aq=1 is certainly
# no better.
} else {
if ($what eq 'addItem') {
$rt.=gettexta("New items can only be added by %0.",$whoIsAllowed);
} elsif ($what eq 'addPart') {
$rt.=gettexta("New text parts can only be added by %0.",$whoIsAllowed);
} elsif ($what eq 'delPart') {
$rt.=gettexta("Text parts can only be removed by %0.",$whoIsAllowed);
} elsif ($what eq 'editPart' or $what eq 'submitPart') {
my $xreason = $params->{'_xreason'} || '';
if ($xreason eq 'useHTML') {
$rt.=gettexta("This part contains raw HTML. To avoid pages with invalid HTML, the moderator has specified that only %0 can edit HTML parts. If you are %0 you may authenticate yourself with this form.",$whoIsAllowed);
} elsif ($params->{'_insertpart'}) {
$rt.=gettexta("Text parts can only be added by %0.",$whoIsAllowed);
} else {
$rt.=gettexta("Text parts can only be edited by %0.",$whoIsAllowed);
}
} elsif ($what eq 'editItem' or $what eq 'submitItem') {
$rt.=gettexta("The title and options for this item can only be edited by %0.",$whoIsAllowed);
} elsif ($what eq 'editModOptions' or $what eq 'submitModOptions') {
$rt.=gettexta("The moderator options can only be edited by %0.",$whoIsAllowed);
} elsif ($what eq 'moveItem' or $what eq 'submitMove') {
if ($whoIsAllowed =~ m/moderator/) {
$rt.=gettext("This item can only be moved by someone who can edit both the source and destination parent items.");
} else {
$rt.=gettexta("This item can only be moved by %0.",$whoIsAllowed);
}
} elsif ($what eq 'selectBag'
or $what eq 'editBag'
or $what eq 'submitBag') {
my $xreason = $params->{'_xreason'} || '';
if ($xreason eq 'replace') {
$rt.=gettexta("Existing bags can only be replaced by %0.",$whoIsAllowed);
} else {
$rt.=gettexta("Bags can only be posted by %0.",$whoIsAllowed);
}
} elsif ($what eq 'install') {
$rt.=gettexta("The FAQ-O-Matic can only be configured by %0.",$whoIsAllowed);
} else {
$rt.=gettexta("The operation you attempted (%0) can only be done by %1.",$what,$whoIsAllowed);
}
$rt .= "<ul><li>".gettext("If you have never established a password to use with FAQ-O-Matic, you can")." $newLoginButton.\n";
$rt .= "<li>".gettext("If you have forgotten your password, you can")." $newPassButton.\n";
$rt .= "<li>".gettext("If you have already logged in earlier today, it may be that the token I use to identify you has expired. Please log in again.")."\n";
$rt .= "</ul>\n";
}
$rt .= FAQ::OMatic::makeAref($params->{'_restart'},
{ 'id' => '', 'auth' => '',
'_pass_id'=>'', # since we saveTransients, our own
'_pass_pass'=>'', # transients must be explicitly killed
'_none_id'=>'' },
'POST', 'saveTransients');
my $reason = FAQ::OMatic::stripInt($params->{'_reason'});
if ($reason <= 3) {
$rt .= "<p>"
.gettext("Please offer one of the following forms of identification:")."\n";
$rt .= "<p><input type=radio name=\"auth\" value=\"none\" checked>\n";
$rt .= " ".gettext("No authentication, but my email address is:")."\n";
$rt .= "<br>".gettext("Email:")
." <input type=text name=\"_none_id\" value=\"\" size=60>\n";
}
$rt .= "<p><input type=radio name=\"auth\" value=\"pass\"";
$rt .= " checked" if ($reason > 3);
$rt .= ">\n";
$rt .= " ".gettext("Authenticated login:")."\n";
$rt .= "<br>Email: <input type=text name=\"_pass_id\" value=\"\" size=60>\n";
$rt .= "<br>".gettext("Password:")." <input type=password name=\"_pass_pass\" value=\"\" size=10>\n";
$rt .= "<p><input type=submit name=\"_submit\" value=\"".gettext("Log In")."\">\n";
$rt .= "</form>\n";
# Give them the option of leaving whatever authentication they
# used to have intact, and giving up on "better" auth.
# $rt .= FAQ::OMatic::button(FAQ::OMatic::makeAref(
# '-command'=>'faq',
# '-params'=>$params,
# '-changedParams'=>{'partnum'=>'',
# 'checkSequenceNumber'=>''}
# ),
# "Cancel and Return to FAQ");
$rt.=FAQ::OMatic::HelpMod::helpFor($params, 'authenticate');
$rt .= FAQ::OMatic::pageFooter($params, ['help', 'faq']);
print $rt;
}
1;
|
