From 79f907772aef608a83338589f64c10a901889b5c Mon Sep 17 00:00:00 2001
From: rich <rich>
Date: Sat, 25 Sep 2004 13:17:00 +0000
Subject: [PATCH] Change password form. "Force password change" now
 implemented. Experimentally reduced the font size on the edit menu.

---
 MANIFEST                            |  3 ++
 html/_css/easyweb.css               |  4 +-
 scripts/.depend                     | 12 +++++-
 scripts/Makefile                    |  4 +-
 scripts/change_password.ml          | 86 +++++++++++++++++++++++++++++++++++++
 scripts/change_password_form.ml     | 36 ++++++++++++++++
 scripts/login.ml                    | 19 ++++++--
 templates/change_password_form.html | 58 +++++++++++++++++++++++++
 templates/page.html                 |  3 ++
 9 files changed, 217 insertions(+), 8 deletions(-)
 create mode 100644 scripts/change_password.ml
 create mode 100644 scripts/change_password_form.ml
 create mode 100644 templates/change_password_form.html

diff --git a/MANIFEST b/MANIFEST
index 0260904..b929636 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -49,6 +49,8 @@ scripts/admin/edit_hostnames.ml
 scripts/admin/edit_hostnames_form.ml
 scripts/admin/host.ml
 scripts/cgi_expires.ml
+scripts/change_password.ml
+scripts/change_password_form.ml
 scripts/cocanwiki.ml
 scripts/cocanwiki_cgi_args.ml
 scripts/cocanwiki_date.ml
@@ -149,6 +151,7 @@ templates/admin/edit_emails_form.html
 templates/admin/edit_host_css_form.html
 templates/admin/edit_hostnames_form.html
 templates/admin/host.html
+templates/change_password_form.html
 templates/contact.txt
 templates/contact_show.html
 templates/contacts.html
diff --git a/html/_css/easyweb.css b/html/_css/easyweb.css
index df99b7c..330f3ab 100644
--- a/html/_css/easyweb.css
+++ b/html/_css/easyweb.css
@@ -1,5 +1,5 @@
 /* Stylesheet for EWM.
- * $Id: easyweb.css,v 1.4 2004/09/20 12:37:24 rich Exp $
+ * $Id: easyweb.css,v 1.5 2004/09/25 13:17:00 rich Exp $
  */
 
 /* Based on the standard stylesheet. */
@@ -47,6 +47,8 @@ ul#editmenu {
   margin-top: 4em;
 
   list-style-type: square;
+
+  font-size: 0.8em;
 }
 
 ul#editmenu li {
diff --git a/scripts/.depend b/scripts/.depend
index aea3bce..89d031e 100644
--- a/scripts/.depend
+++ b/scripts/.depend
@@ -2,6 +2,10 @@
 00-TEMPLATE.cmx: cocanwiki.cmx cocanwiki_template.cmx 
 cgi_expires.cmo: cocanwiki_date.cmo 
 cgi_expires.cmx: cocanwiki_date.cmx 
+change_password.cmo: cocanwiki.cmo cocanwiki_ok.cmo 
+change_password.cmx: cocanwiki.cmx cocanwiki_ok.cmx 
+change_password_form.cmo: cocanwiki.cmo cocanwiki_template.cmi 
+change_password_form.cmx: cocanwiki.cmx cocanwiki_template.cmx 
 cocanwiki.cmo: cocanwiki_ok.cmo cocanwiki_strings.cmo 
 cocanwiki.cmx: cocanwiki_ok.cmx cocanwiki_strings.cmx 
 cocanwiki_diff.cmo: cocanwiki_files.cmo 
@@ -122,6 +126,10 @@ mailing_list_send.cmx: cocanwiki.cmx cocanwiki_ok.cmx cocanwiki_strings.cmx \
     cocanwiki_template.cmx 
 mailing_list_unsubscribe.cmo: cocanwiki.cmo cocanwiki_ok.cmo 
 mailing_list_unsubscribe.cmx: cocanwiki.cmx cocanwiki_ok.cmx 
+mailing_list_view.cmo: cocanwiki.cmo cocanwiki_date.cmo \
+    cocanwiki_template.cmi 
+mailing_list_view.cmx: cocanwiki.cmx cocanwiki_date.cmx \
+    cocanwiki_template.cmx 
 page.cmo: cocanwiki.cmo cocanwiki_cgi_args.cmo cocanwiki_date.cmo \
     cocanwiki_ok.cmo cocanwiki_server_settings.cmo cocanwiki_template.cmi \
     wikilib.cmi 
@@ -204,8 +212,8 @@ admin/admin.cmo: cocanwiki.cmo cocanwiki_date.cmo cocanwiki_template.cmi
 admin/admin.cmx: cocanwiki.cmx cocanwiki_date.cmx cocanwiki_template.cmx 
 admin/create_host.cmo: cocanwiki.cmo cocanwiki_ok.cmo cocanwiki_strings.cmo 
 admin/create_host.cmx: cocanwiki.cmx cocanwiki_ok.cmx cocanwiki_strings.cmx 
-admin/create_host_form.cmo: cocanwiki_template.cmi 
-admin/create_host_form.cmx: cocanwiki_template.cmx 
+admin/create_host_form.cmo: cocanwiki.cmo cocanwiki_template.cmi 
+admin/create_host_form.cmx: cocanwiki.cmx cocanwiki_template.cmx 
 admin/edit_emails.cmo: cocanwiki.cmo cocanwiki_ok.cmo cocanwiki_strings.cmo 
 admin/edit_emails.cmx: cocanwiki.cmx cocanwiki_ok.cmx cocanwiki_strings.cmx 
 admin/edit_emails_form.cmo: cocanwiki.cmo cocanwiki_template.cmi 
diff --git a/scripts/Makefile b/scripts/Makefile
index 1b92ab5..ff2f470 100644
--- a/scripts/Makefile
+++ b/scripts/Makefile
@@ -1,5 +1,5 @@
 # Makefile for COCANWIKI.
-# $Id: Makefile,v 1.25 2004/09/24 17:07:10 rich Exp $
+# $Id: Makefile,v 1.26 2004/09/25 13:17:00 rich Exp $
 
 include ../Makefile.config
 
@@ -24,6 +24,8 @@ LIB_OBJS := \
 	cgi_expires.cmo
 
 OBJS := 00-TEMPLATE.cmo \
+	change_password.cmo \
+	change_password_form.cmo \
 	contact.cmo \
 	contact_show.cmo \
 	contacts.cmo \
diff --git a/scripts/change_password.ml b/scripts/change_password.ml
new file mode 100644
index 0000000..d189f83
--- /dev/null
+++ b/scripts/change_password.ml
@@ -0,0 +1,86 @@
+(* COCANWIKI - a wiki written in Objective CAML.
+ * Written by Richard W.M. Jones <rich@merjis.com>.
+ * Copyright (C) 2004 Merjis Ltd.
+ * $Id: change_password.ml,v 1.1 2004/09/25 13:17:00 rich Exp $
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; see the file COPYING.  If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+ * Boston, MA 02111-1307, USA.
+ *)
+
+open Apache
+open Registry
+open Cgi
+open Printf
+
+open Cocanwiki
+open Cocanwiki_ok
+
+let run r (q : cgi) (dbh : Dbi.connection) hostid _ user =
+  let old_password = q#param "old_password" in
+
+  (* Check the old password was supplied correctly. *)
+  let userid =
+    match user with
+	Anonymous -> assert false (* cannot happen *)
+      | User (userid, _, _) -> userid in
+
+  let sth = dbh#prepare_cached "select 1 from users
+                                 where id = ? and password = ?" in
+  sth#execute [`Int userid; `String old_password];
+
+  let old_password_ok =
+    try 1 = sth#fetch1int ()
+    with
+	Not_found -> false in
+
+  if not old_password_ok then (
+    error ~title:"Bad password"
+      ~back_button:true
+      q "The password you gave is wrong.";
+    return ()
+  );
+
+  let password1 = q#param "password1" in
+  let password2 = q#param "password2" in
+
+  if password1 = "" || password2 = "" then (
+    error ~back_button:true ~title:"Bad password"
+      q "The password you gave is empty.";
+    return ()
+  );
+
+  if password1 <> password2 then (
+    error ~back_button:true ~title:"Passwords don't match"
+      q "The two passwords you gave aren't identical.";
+    return ()
+  );
+
+  let password = password1 in
+
+  (* Change the password. *)
+  let sth =
+    dbh#prepare_cached
+      "update users set password = ?, force_password_change = false
+        where id = ?" in
+  sth#execute [`String password; `Int userid];
+
+  dbh#commit ();
+
+  let buttons = [ ok_button "/" ] in
+  ok ~buttons ~title:"Password changed"
+    q "The password was changed."
+
+let () =
+  register_script ~anonymous:false run
diff --git a/scripts/change_password_form.ml b/scripts/change_password_form.ml
new file mode 100644
index 0000000..4ca1e4e
--- /dev/null
+++ b/scripts/change_password_form.ml
@@ -0,0 +1,36 @@
+(* COCANWIKI - a wiki written in Objective CAML.
+ * Written by Richard W.M. Jones <rich@merjis.com>.
+ * Copyright (C) 2004 Merjis Ltd.
+ * $Id: change_password_form.ml,v 1.1 2004/09/25 13:17:00 rich Exp $
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; see the file COPYING.  If not, write to
+ * the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+ * Boston, MA 02111-1307, USA.
+ *)
+
+open Apache
+open Registry
+open Cgi
+open Printf
+
+open Cocanwiki
+open Cocanwiki_template
+
+let run r (q : cgi) (dbh : Dbi.connection) hostid _ _ =
+  let template = get_template dbh hostid "change_password_form.html" in
+
+  q#template template
+
+let () =
+  register_script ~anonymous:false run
diff --git a/scripts/login.ml b/scripts/login.ml
index 01d325c..e316d64 100644
--- a/scripts/login.ml
+++ b/scripts/login.ml
@@ -1,7 +1,7 @@
 (* COCANWIKI - a wiki written in Objective CAML.
  * Written by Richard W.M. Jones <rich@merjis.com>.
  * Copyright (C) 2004 Merjis Ltd.
- * $Id: login.ml,v 1.3 2004/09/09 12:21:22 rich Exp $
+ * $Id: login.ml,v 1.4 2004/09/25 13:17:00 rich Exp $
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -35,13 +35,17 @@ let run r (q : cgi) (dbh : Dbi.connection) hostid _ _ =
   let permanent = try "1" = q#param "permanent" with Not_found -> false in
   let redirect = try q#param "redirect" with Not_found -> "/" in
 
-  let sth = dbh#prepare_cached "select id from users
+  let sth = dbh#prepare_cached "select id, force_password_change from users
                                  where name = ? and password = ?
                                    and hostid = ?" in
   sth#execute [`String username; `String password; `Int hostid];
 
   try
-    let userid = sth#fetch1int () in
+    let userid, force_password_change =
+      match sth#fetch1 () with
+	  [ `Int userid; `Bool force_password_change ] ->
+	    userid, force_password_change
+	| _ -> assert false in
 
     (* Create a cookie. *)
     let cookie = random_sessionid () in
@@ -51,6 +55,11 @@ let run r (q : cgi) (dbh : Dbi.connection) hostid _ _ =
 
     dbh#commit ();
 
+    (* Force password change? *)
+    let redirect =
+      if force_password_change then "/_bin/change_password_form.cmo"
+      else redirect in
+
     let cookie =
       if permanent then
 	Cookie.cookie ~name:"auth" ~value:cookie ~path:"/" ~expires ()
@@ -58,7 +67,9 @@ let run r (q : cgi) (dbh : Dbi.connection) hostid _ _ =
 	Cookie.cookie ~name:"auth" ~value:cookie ~path:"/" () in
 
     ok ~title:"Logged in" ~buttons:[ok_button redirect] ~cookie
-      q ("Welcome back " ^ username ^ ".")
+      q ("Welcome back " ^ username ^ "." ^
+	 if force_password_change then "  Please change your password now."
+	 else "")
   with
       Not_found ->
 	error
diff --git a/templates/change_password_form.html b/templates/change_password_form.html
new file mode 100644
index 0000000..190238f
--- /dev/null
+++ b/templates/change_password_form.html
@@ -0,0 +1,58 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head>
+<title>Change your password</title>
+<meta name="robots" content="noindex,nofollow"/>
+<meta name="author" content="http://www.merjis.com/" />
+<link rel="stylesheet" href="::theme_css_html_tag::" type="text/css" title="Standard"/>
+</head><body>
+
+<h1>Change your password</h1>
+
+<form method="post" action="change_password.cmo">
+<table class="left_table">
+<tr>
+<th> Old password: </th>
+<td> <input type="password" name="old_password" value="" /> </td>
+</tr>
+<tr>
+<th> New password: </th>
+<td> <input type="password" name="password1" value="" /> </td>
+</tr>
+<tr>
+<th> New password again: </th>
+<td> <input type="password" name="password2" value="" /> </td>
+</tr>
+<tr>
+<td></td>
+<td> <input type="submit" value="   Change password   " /> </td>
+</tr>
+</table>
+</form>
+
+<ul id="topmenu" class="menu">
+<li class="first"> <a href="/">Home&nbsp;page</a> </li>
+<li> <a href="/_sitemap">Sitemap</a> </li>
+<li> <a href="/_recent">Recent&nbsp;changes</a> </li>
+</ul>
+
+<div id="menu_div">
+<ul id="bottommenu" class="menu">
+<li class="first"> <a href="/">Home&nbsp;page</a> </li>
+::table(sitemenu)::<li> <a href="/::url_html_tag::">::label_html::</a> </li>
+::end::
+<li> <a href="/_sitemap">Sitemap</a> </li>
+</ul>
+</div>
+
+<div id="footer_div">
+<hr/>
+
+<ul id="footer" class="menu">
+<li class="first"> <a href="/copyright">Copyright &copy; ::year::</a> </li>
+<li> Powered by <a href="http://sandbox.merjis.com/">::cocanwiki_package_html:: ::cocanwiki_version_html::</a> </li>
+</ul>
+</div>
+
+</body>
+</html>
\ No newline at end of file
diff --git a/templates/page.html b/templates/page.html
index e687dd4..6b67969 100644
--- a/templates/page.html
+++ b/templates/page.html
@@ -89,6 +89,9 @@
 ::if(mailing_list)::
 <li> <a href="/_bin/mailing_list_form.cmo">Join our mailing list</a> </li>
 ::end::
+::if(user_logged_in)::
+<li> <a href="/_bin/change_password_form.cmo">Change password</a> </li>
+::end::
 </ul>
 </div>
 
-- 
1.8.3.1