Index: openacs-4/packages/acs-subsite/lib/login.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-subsite/lib/login.tcl,v diff -u -N -r1.40 -r1.41 --- openacs-4/packages/acs-subsite/lib/login.tcl 14 Sep 2018 18:29:12 -0000 1.40 +++ openacs-4/packages/acs-subsite/lib/login.tcl 25 Nov 2018 23:18:59 -0000 1.41 @@ -22,8 +22,8 @@ set self_registration [parameter::get_from_package_key \ -package_key acs-authentication \ - -parameter AllowSelfRegister \ - -default 1] + -parameter AllowSelfRegister \ + -default 1] if { $subsite_id eq "" } { set subsite_id [subsite::get_element -element object_id] @@ -48,7 +48,7 @@ # Persistent login -# The logic is: +# The logic is: # 1. Allowed if allowed both site-wide (on acs-kernel) and on the subsite # 2. Default setting is in acs-kernel @@ -101,11 +101,11 @@ -show_required_p 0 \ -edit_buttons $login_button \ -action "[subsite::get_url]register/" -form { - {return_url:text(hidden)} - {time:text(hidden)} + {return_url:text(hidden)} + {time:text(hidden)} {host_node_id:text(hidden),optional} - {token_id:integer(hidden)} - {hash:text(hidden)} + {token_id:integer(hidden)} + {hash:text(hidden)} } -validate { { token_id {$token_id < 2**31} "invalid token id"} } @@ -118,9 +118,9 @@ set focus {} if { [auth::UseEmailForLoginP] } { ad_form -extend -name login \ - -form [list [list email:text($username_widget),nospell \ - [list label "[_ acs-subsite.Email]"] \ - {html {style "width: 150px"}}]] + -form [list [list email:text($username_widget),nospell \ + [list label "[_ acs-subsite.Email]"] \ + {html {style "width: 150px"}}]] set user_id_widget_name email if { $email ne "" } { set focus "password" @@ -130,17 +130,17 @@ } else { if { [llength $authority_options] > 1 } { ad_form -extend -name login -form { - {authority_id:integer(select) - {label "[_ acs-subsite.Authority]"} + {authority_id:integer(select) + {label "[_ acs-subsite.Authority]"} {options $authority_options} } } } ad_form -extend -name login \ - -form [list [list username:text($username_widget),nospell \ - [list label "[_ acs-subsite.Username]"] \ - {html {style "width: 150px"}}]] + -form [list [list username:text($username_widget),nospell \ + [list label "[_ acs-subsite.Username]"] \ + {html {style "width: 150px"}}]] set user_id_widget_name username if { $username ne "" } { set focus "password" @@ -151,9 +151,9 @@ set focus "login.$focus" ad_form -extend -name login -form { - {password:text(password) + {password:text(password) {label "[_ acs-subsite.Password]"} - {html {style "width: 150px"}} + {html {style "width: 150px"}} } } @@ -176,7 +176,7 @@ # after a user logs out and relogin by using the cached password in # the browser. We generate a unique hashed timestamp so that users # cannot use the back button. - + set time [ns_time] set token_id [sec_get_random_cached_token_id] set token [sec_get_token $token_id] @@ -187,14 +187,19 @@ # Check timestamp set token [sec_get_token $token_id] set computed_hash [ns_sha1 "$time$token_id$token"] - + set expiration_time [parameter::get \ -parameter LoginPageExpirationTime \ -package_id $::acs::kernel_id \ -default 600] - if { $expiration_time < 30 } { - # If expiration_time is less than 30 seconds, it's practically impossible to login - # and you will have completely hosed login on your entire site + if { $expiration_time < 30 } { + # + # Sanity check: If expiration_time is less than 30 seconds, + # it's practically impossible to login and you will have + # completely hosed login on your entire site + # + ns_log warning "login: fix invalid setting of kernel parameter LoginPageExpirationTime \ + (value $expiration_time); must be at least 30 (secs)" set expiration_time 30 } @@ -209,11 +214,11 @@ set persistent_p "f" } if {![element exists login email]} { - set email [ns_queryget email ""] + set email [ns_queryget email ""] } set first_names [ns_queryget first_names ""] set last_name [ns_queryget last_name ""] - + array set auth_info [auth::authenticate \ -return_url $return_url \ -authority_id $authority_id \ @@ -224,7 +229,7 @@ -password $password \ -host_node_id $host_node_id \ -persistent=[expr {$allow_persistent_login_p && [template::util::is_true $persistent_p]}]] - + # Handle authentication problems switch -- $auth_info(auth_status) { ok { @@ -251,58 +256,58 @@ # Continue below } default { - # if element_messages exists we try to get the element info - if {[info exists auth_info(element_messages)] - && [auth::authority::get_element \ - -authority_id $authority_id \ - -element allow_user_entered_info_p]} { - foreach message [lsort $auth_info(element_messages)] { - ns_log notice "LOGIN $message" - switch -glob -- $message { - *email* { - if {[element exists login email]} { - set operation set_properties - } else { - set operation create - } - element $operation login email \ + # if element_messages exists we try to get the element info + if {[info exists auth_info(element_messages)] + && [auth::authority::get_element \ + -authority_id $authority_id \ + -element allow_user_entered_info_p]} { + foreach message [lsort $auth_info(element_messages)] { + ns_log notice "LOGIN $message" + switch -glob -- $message { + *email* { + if {[element exists login email]} { + set operation set_properties + } else { + set operation create + } + element $operation login email \ -widget $username_widget \ -datatype text \ -label [_ acs-subsite.Email] - if {[element error_p login email]} { - template::form::set_error login email [_ acs-subsite.Email_not_provided_by_authority] - } - } - *first* { - element create login first_names \ + if {[element error_p login email]} { + template::form::set_error login email [_ acs-subsite.Email_not_provided_by_authority] + } + } + *first* { + element create login first_names \ -widget text \ -datatype text \ -label [_ acs-subsite.First_names] - template::form::set_error login email [_ acs-subsite.First_names_not_provided_by_authority] - } - *last* { - element create login last_name \ + template::form::set_error login email [_ acs-subsite.First_names_not_provided_by_authority] + } + *last* { + element create login last_name \ -widget text \ -datatype text \ -label [_ acs-subsite.Last_name] - template::form::set_error login last_name [_ acs-subsite.Last_name_not_provided_by_authority] - } - } - } - set auth_info(account_message) "" - - ad_return_template - - } else { + template::form::set_error login last_name [_ acs-subsite.Last_name_not_provided_by_authority] + } + } + } + set auth_info(account_message) "" + + ad_return_template + + } else { set message [expr { [info exists auth_info(account_message)] ? $auth_info(account_message) : "" }] - # Display the message on a separate page + # Display the message on a separate page ad_returnredirect \ -message $message \ -html \ [export_vars \ -base "[subsite::get_element -element url]register/account-closed"] - ad_script_abort - } + ad_script_abort + } } } } -after_submit {