lib/TWiki/Configure/UIs/AUTH.pm
author Colas Nahaboo <colas@nahaboo.net>
Sat, 26 Jan 2008 15:50:53 +0100
changeset 0 414e01d06fd5
permissions -rw-r--r--
RELEASE 4.2.0 freetown
colas@0
     1
#
colas@0
     2
# TWiki Enterprise Collaboration Platform, http://TWiki.org/
colas@0
     3
#
colas@0
     4
# Copyright (C) 2000-2006 TWiki Contributors.
colas@0
     5
#
colas@0
     6
# This program is free software; you can redistribute it and/or
colas@0
     7
# modify it under the terms of the GNU General Public License
colas@0
     8
# as published by the Free Software Foundation; either version 2
colas@0
     9
# of the License, or (at your option) any later version. For
colas@0
    10
# more details read LICENSE in the root of this distribution.
colas@0
    11
#
colas@0
    12
# This program is distributed in the hope that it will be useful,
colas@0
    13
# but WITHOUT ANY WARRANTY; without even the implied warranty of
colas@0
    14
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
colas@0
    15
#
colas@0
    16
# As per the GPL, removal of this notice is prohibited.
colas@0
    17
package TWiki::Configure::UIs::AUTH;
colas@0
    18
colas@0
    19
use strict;
colas@0
    20
colas@0
    21
use TWiki::Configure::UI;
colas@0
    22
colas@0
    23
use base 'TWiki::Configure::UI';
colas@0
    24
colas@0
    25
my %nonos = (
colas@0
    26
    cfgAccess=>1,
colas@0
    27
    newCfgP=>1,
colas@0
    28
    confCfgP=>1,
colas@0
    29
   );
colas@0
    30
colas@0
    31
sub ui {
colas@0
    32
    my ($this, $canChangePW, $actionMess) = @_;
colas@0
    33
    my $output = '';
colas@0
    34
colas@0
    35
    my @script = File::Spec->splitdir($ENV{SCRIPT_NAME});
colas@0
    36
    my $scriptName = pop(@script);
colas@0
    37
    $scriptName =~ s/.*[\/\\]//;  # Fix for Item3511, on Win XP
colas@0
    38
colas@0
    39
    $output .= CGI::start_form({ action=>$scriptName, method=>'post' });
colas@0
    40
colas@0
    41
    # Pass URL params through, except those below
colas@0
    42
    foreach my $param ( $TWiki::query->param ) {
colas@0
    43
        next if ($nonos{$param});
colas@0
    44
        $output .= $this->hidden( $param, $TWiki::query->param( $param ));
colas@0
    45
        $output .= "\n";
colas@0
    46
    }
colas@0
    47
colas@0
    48
    # and add a few more
colas@0
    49
    $output .= "<div id ='twikiPassword'><div class='twikiFormSteps'>\n";
colas@0
    50
colas@0
    51
    $output .= CGI::div({ class=>'twikiFormStep' },
colas@0
    52
                   CGI::h3('Enter the configuration password'));
colas@0
    53
colas@0
    54
    $output .= CGI::div({ class=>'twikiFormStep' },
colas@0
    55
                   CGI::h3(CGI::strong("Your Password:")).
colas@0
    56
                       CGI::p(CGI::password_field(
colas@0
    57
                           'cfgAccess', '', 20, 80 ) . '&nbsp;' .
colas@0
    58
                             CGI::submit(-class=>'twikiSubmit',
colas@0
    59
                                         -value=>$actionMess)));
colas@0
    60
colas@0
    61
    if ($TWiki::cfg{Password} ne '') {
colas@0
    62
        $output .= CGI::div( { class=>'twikiFormStep' },
colas@0
    63
        	CGI::p( CGI::strong('Forgotten your password?' )) .
colas@0
    64
        	CGI::p(<<'HERE'));
colas@0
    65
To reset the password, log in to the server and delete the
colas@0
    66
<code>$TWiki::cfg{Password} = '...';</code> line from
colas@0
    67
<code>lib/LocalSite.cfg</code>
colas@0
    68
HERE
colas@0
    69
    }
colas@0
    70
colas@0
    71
    $output .= '</div><!--/twikiFormSteps--></div><!--/twikiPassword-->';
colas@0
    72
colas@0
    73
    if ($canChangePW) {
colas@0
    74
        $output .= "<div id='twikiPasswordChange'><div class='twikiFormSteps'>\n";
colas@0
    75
        $output .= '<div class="explanation">';
colas@0
    76
        $output .= CGI::img({width=>'16', height=>'16',
colas@0
    77
                             src=>$scriptName.'?action=image;image=warning.gif;type=image/gif', alt=>''});
colas@0
    78
        $output .= '&nbsp;'.CGI::span(
colas@0
    79
            { class=>'twikiAlert' }, CGI::strong('Notes on Security'));
colas@0
    80
        $output .= <<HERE;
colas@0
    81
<ul>
colas@0
    82
 <li>
colas@0
    83
  If you don't set a password, or the password is cracked, then
colas@0
    84
  <code>configure</code> could be used to do <strong>very</strong> nasty
colas@0
    85
  things to your server.
colas@0
    86
 </li>
colas@0
    87
 <li>
colas@0
    88
  If you are running TWiki on a public website, you are
colas@0
    89
  <strong>strongly</strong> advised to totally disable saving from
colas@0
    90
  <code>configure</code> by making <code>lib/LocalSite.cfg</code> readonly once
colas@0
    91
  you are happy with your configuration.
colas@0
    92
 </li>
colas@0
    93
</ul>
colas@0
    94
</div><!--expanation-->
colas@0
    95
HERE
colas@0
    96
colas@0
    97
        my $submitStr = $actionMess;
colas@0
    98
        $output .= CGI::div( { class=>'twikiFormStep' },
colas@0
    99
                             CGI::h3( { class=>'twikiFormStep' },
colas@0
   100
                                      'You may set a new password here:') );
colas@0
   101
        $output .= CGI::div( { class=>'twikiFormStep' },
colas@0
   102
                             CGI::strong('New Password:') .
colas@0
   103
								 CGI::p( CGI::password_field(
colas@0
   104
                                     'newCfgP', '', 20, 80 )
colas@0
   105
                                  ));
colas@0
   106
        $output .= CGI::div( { class=>'twikiFormStep' },
colas@0
   107
                             CGI::strong('Confirm Password:') .
colas@0
   108
								 CGI::p( CGI::password_field( 
colas@0
   109
                                     'confCfgP', '', 20, 80 )
colas@0
   110
                                  ));
colas@0
   111
        $submitStr = 'Change Password and '.$submitStr;
colas@0
   112
        $output .= CGI::div( { class=>'twikiFormStep twikiLast' },
colas@0
   113
                             CGI::submit( -class=>'twikiSubmit', -value=>$submitStr ));
colas@0
   114
        $output .= "</div><!--/twikiFormSteps--></div><!--/twikiPasswordChange-->";
colas@0
   115
    }
colas@0
   116
colas@0
   117
    return $output.CGI::end_form();
colas@0
   118
}
colas@0
   119
colas@0
   120
1;