--- loncom/auth/lonauth.pm 2013/11/26 01:19:12 1.128
+++ loncom/auth/lonauth.pm 2014/10/04 02:59:32 1.135
@@ -1,7 +1,7 @@
# The LearningOnline Network
# User Authentication Module
#
-# $Id: lonauth.pm,v 1.128 2013/11/26 01:19:12 raeburn Exp $
+# $Id: lonauth.pm,v 1.135 2014/10/04 02:59:32 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -108,11 +108,11 @@ sub success {
}
$desturl = &HTML::Entities::encode($desturl,'"<>&');
$destsymb = &HTML::Entities::encode($destsymb,'"<>&');
- $destination .= '&destinationurl='.$desturl.
+ $destination .= 'destinationurl='.$desturl.
'&destsymb='.$destsymb;
} else {
$destsymb = &HTML::Entities::encode($destsymb,'"<>&');
- $destination .= '&destinationurl='.$destsymb;
+ $destination .= 'destinationurl='.$destsymb;
}
}
if ($destination =~ m{^/adm/roles}) {
@@ -155,6 +155,7 @@ $loginhelp
$continuelink
$end_page
ENDSUCCESS
+ return;
}
# --------------------------------------------------------------- Failed login!
@@ -169,36 +170,46 @@ sub failed {
}
my $start_page = &Apache::loncommon::start_page('Unsuccessful Login',undef,$args);
- my $uname = $form->{'uname'};
- my $udom;
- if (&Apache::lonnet::domain($form->{'udom'},'description') ne '') {
- $udom = $form->{'udom'};
- }
- my $retry = '/adm/login?username='.$form->{'uname'};
+ my $uname = &Apache::loncommon::cleanup_html($form->{'uname'});
+ my $udom = &Apache::loncommon::cleanup_html($form->{'udom'});
+ if (&Apache::lonnet::domain($udom,'description') eq '') {
+ undef($udom);
+ }
+ my $retry = '/adm/login';
+ if ($uname eq $form->{'uname'}) {
+ $retry .= '?username='.$uname;
+ }
if ($udom) {
- $retry .= '&domain='.$form->{'udom'}
+ $retry .= (($retry=~/\?/)?'&':'?').'domain='.$udom;
}
if (exists($form->{role})) {
- $retry .= '&role='.$form->{role};
+ my $role = &Apache::loncommon::cleanup_html($form->{role});
+ if ($role ne '') {
+ $retry .= (($retry=~/\?/)?'&':'?').'role='.$role;
+ }
}
if (exists($form->{symb})) {
- $retry .= '&symb='.$form->{symb};
+ my $symb = &Apache::loncommon::cleanup_html($form->{symb});
+ if ($symb ne '') {
+ $retry .= (($retry=~/\?/)?'&':'?').'symb='.$symb;
+ }
}
- my $end_page = &Apache::loncommon::end_page();
+ my $end_page = &Apache::loncommon::end_page();
&Apache::loncommon::content_type($r,'text/html');
$r->send_http_header;
+ my @actions =
+ (&mt('Please [_1]log in again[_2].','',''));
my $loginhelp = &loginhelpdisplay($udom);
if ($loginhelp) {
- $loginhelp = ''.&mt('Login problems?').'
';
+ push(@actions, ''.&mt('Login problems?').'');
}
+ #FIXME: link to helpdesk might be added here
$r->print(
$start_page
- .''.&mt('Sorry ...').'
'
- .''.&mt($message).'
'
- .''.&mt('Please [_1]log in again[_2].','','')
- .'
'
- .$loginhelp
+ .''.&mt('Sorry ...').'
'
+ .&Apache::lonhtmlcommon::confirm_success(&mt($message),1).'
'
+ .&Apache::lonhtmlcommon::actionbox(\@actions)
.$end_page
);
}
@@ -298,12 +309,6 @@ sub handler {
my $tmpinfo=Apache::lonnet::reply('tmpget:'.$form{'logtoken'},
$form{'serverid'});
- my %sessiondata;
- if ($form{'iptoken'}) {
- %sessiondata = &Apache::lonnet::tmpget($form{'iptoken'});
- my $delete = &Apache::lonnet::tmpdel($form{'token'});
- }
-
if (($tmpinfo=~/^error/) || ($tmpinfo eq 'con_lost') ||
($tmpinfo eq 'no_such_host')) {
&failed($r,'Information needed to verify your login information is missing, inaccessible or expired.',\%form);
@@ -323,19 +328,25 @@ sub handler {
return OK;
}
- my ($key,$firsturl,$rolestr,$symbstr)=split(/&/,$tmpinfo);
+ my ($key,$firsturl,$rolestr,$symbstr,$iptokenstr)=split(/&/,$tmpinfo);
if ($rolestr) {
$rolestr = &unescape($rolestr);
}
if ($symbstr) {
$symbstr= &unescape($symbstr);
}
+ if ($iptokenstr) {
+ $iptokenstr = &unescape($iptokenstr);
+ }
if ($rolestr =~ /^role=/) {
(undef,$form{'role'}) = split('=',$rolestr);
}
if ($symbstr =~ /^symb=/) {
(undef,$form{'symb'}) = split('=',$symbstr);
}
+ if ($iptokenstr =~ /^iptoken=/) {
+ (undef,$form{'iptoken'}) = split('=',$iptokenstr);
+ }
my $keybin=pack("H16",$key);
@@ -419,6 +430,8 @@ sub handler {
my $hosthere;
if ($form{'iptoken'}) {
+ my %sessiondata = &Apache::lonnet::tmpget($form{'iptoken'});
+ my $delete = &Apache::lonnet::tmpdel($form{'iptoken'});
if (($sessiondata{'domain'} eq $form{'udom'}) &&
($sessiondata{'username'} eq $form{'uname'})) {
$hosthere = 1;
@@ -462,7 +475,17 @@ sub handler {
if ($otherserver) {
&success($r,$form{'uname'},$form{'udom'},$authhost,'noredirect',undef,
\%form);
- $r->internal_redirect('/adm/switchserver?otherserver='.$otherserver.'&origurl='.$firsturl);
+ my $switchto = '/adm/switchserver?otherserver='.$otherserver;
+ if (($firsturl) && ($firsturl ne '/adm/switchserver') && ($firsturl ne '/adm/roles')) {
+ $switchto .= '&origurl='.$firsturl;
+ }
+ if ($form{'role'}) {
+ $switchto .= '&role='.$form{'role'};
+ }
+ if ($form{'symb'}) {
+ $switchto .= '&symb='.$form{'symb'};
+ }
+ $r->internal_redirect($switchto);
} else {
$r->print(&noswitch());
}
@@ -473,7 +496,17 @@ sub handler {
if ($otherserver) {
&success($r,$form{'uname'},$form{'udom'},$authhost,'noredirect',undef,
\%form);
- $r->internal_redirect('/adm/switchserver?otherserver='.$otherserver.'&origurl='.$firsturl);
+ my $switchto = '/adm/switchserver?otherserver='.$otherserver;
+ if (($firsturl) && ($firsturl ne '/adm/switchserver') && ($firsturl ne '/adm/roles')) {
+ $switchto .= '&origurl='.$firsturl;
+ }
+ if ($form{'role'}) {
+ $switchto .= '&role='.$form{'role'};
+ }
+ if ($form{'symb'}) {
+ $switchto .= '&symb='.$form{'symb'};
+ }
+ $r->internal_redirect($switchto);
} else {
$r->print(&noswitch());
}