lib/TWiki/Configure/UIs/AUTH.pm
author Colas Nahaboo <colas@nahaboo.net>
Sat, 26 Jan 2008 15:50:53 +0100
changeset 0 414e01d06fd5
permissions -rw-r--r--
RELEASE 4.2.0 freetown
     1 #
     2 # TWiki Enterprise Collaboration Platform, http://TWiki.org/
     3 #
     4 # Copyright (C) 2000-2006 TWiki Contributors.
     5 #
     6 # This program is free software; you can redistribute it and/or
     7 # modify it under the terms of the GNU General Public License
     8 # as published by the Free Software Foundation; either version 2
     9 # of the License, or (at your option) any later version. For
    10 # more details read LICENSE in the root of this distribution.
    11 #
    12 # This program is distributed in the hope that it will be useful,
    13 # but WITHOUT ANY WARRANTY; without even the implied warranty of
    14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
    15 #
    16 # As per the GPL, removal of this notice is prohibited.
    17 package TWiki::Configure::UIs::AUTH;
    18 
    19 use strict;
    20 
    21 use TWiki::Configure::UI;
    22 
    23 use base 'TWiki::Configure::UI';
    24 
    25 my %nonos = (
    26     cfgAccess=>1,
    27     newCfgP=>1,
    28     confCfgP=>1,
    29    );
    30 
    31 sub ui {
    32     my ($this, $canChangePW, $actionMess) = @_;
    33     my $output = '';
    34 
    35     my @script = File::Spec->splitdir($ENV{SCRIPT_NAME});
    36     my $scriptName = pop(@script);
    37     $scriptName =~ s/.*[\/\\]//;  # Fix for Item3511, on Win XP
    38 
    39     $output .= CGI::start_form({ action=>$scriptName, method=>'post' });
    40 
    41     # Pass URL params through, except those below
    42     foreach my $param ( $TWiki::query->param ) {
    43         next if ($nonos{$param});
    44         $output .= $this->hidden( $param, $TWiki::query->param( $param ));
    45         $output .= "\n";
    46     }
    47 
    48     # and add a few more
    49     $output .= "<div id ='twikiPassword'><div class='twikiFormSteps'>\n";
    50 
    51     $output .= CGI::div({ class=>'twikiFormStep' },
    52                    CGI::h3('Enter the configuration password'));
    53 
    54     $output .= CGI::div({ class=>'twikiFormStep' },
    55                    CGI::h3(CGI::strong("Your Password:")).
    56                        CGI::p(CGI::password_field(
    57                            'cfgAccess', '', 20, 80 ) . '&nbsp;' .
    58                              CGI::submit(-class=>'twikiSubmit',
    59                                          -value=>$actionMess)));
    60 
    61     if ($TWiki::cfg{Password} ne '') {
    62         $output .= CGI::div( { class=>'twikiFormStep' },
    63         	CGI::p( CGI::strong('Forgotten your password?' )) .
    64         	CGI::p(<<'HERE'));
    65 To reset the password, log in to the server and delete the
    66 <code>$TWiki::cfg{Password} = '...';</code> line from
    67 <code>lib/LocalSite.cfg</code>
    68 HERE
    69     }
    70 
    71     $output .= '</div><!--/twikiFormSteps--></div><!--/twikiPassword-->';
    72 
    73     if ($canChangePW) {
    74         $output .= "<div id='twikiPasswordChange'><div class='twikiFormSteps'>\n";
    75         $output .= '<div class="explanation">';
    76         $output .= CGI::img({width=>'16', height=>'16',
    77                              src=>$scriptName.'?action=image;image=warning.gif;type=image/gif', alt=>''});
    78         $output .= '&nbsp;'.CGI::span(
    79             { class=>'twikiAlert' }, CGI::strong('Notes on Security'));
    80         $output .= <<HERE;
    81 <ul>
    82  <li>
    83   If you don't set a password, or the password is cracked, then
    84   <code>configure</code> could be used to do <strong>very</strong> nasty
    85   things to your server.
    86  </li>
    87  <li>
    88   If you are running TWiki on a public website, you are
    89   <strong>strongly</strong> advised to totally disable saving from
    90   <code>configure</code> by making <code>lib/LocalSite.cfg</code> readonly once
    91   you are happy with your configuration.
    92  </li>
    93 </ul>
    94 </div><!--expanation-->
    95 HERE
    96 
    97         my $submitStr = $actionMess;
    98         $output .= CGI::div( { class=>'twikiFormStep' },
    99                              CGI::h3( { class=>'twikiFormStep' },
   100                                       'You may set a new password here:') );
   101         $output .= CGI::div( { class=>'twikiFormStep' },
   102                              CGI::strong('New Password:') .
   103 								 CGI::p( CGI::password_field(
   104                                      'newCfgP', '', 20, 80 )
   105                                   ));
   106         $output .= CGI::div( { class=>'twikiFormStep' },
   107                              CGI::strong('Confirm Password:') .
   108 								 CGI::p( CGI::password_field( 
   109                                      'confCfgP', '', 20, 80 )
   110                                   ));
   111         $submitStr = 'Change Password and '.$submitStr;
   112         $output .= CGI::div( { class=>'twikiFormStep twikiLast' },
   113                              CGI::submit( -class=>'twikiSubmit', -value=>$submitStr ));
   114         $output .= "</div><!--/twikiFormSteps--></div><!--/twikiPasswordChange-->";
   115     }
   116 
   117     return $output.CGI::end_form();
   118 }
   119 
   120 1;