--- loncom/interface/resetpw.pm 2016/10/30 01:45:31 1.39 +++ loncom/interface/resetpw.pm 2018/12/27 18:14:25 1.42 @@ -1,7 +1,7 @@ # The LearningOnline Network # Allow access to password changing via a token sent to user's e-mail. # -# $Id: resetpw.pm,v 1.39 2016/10/30 01:45:31 raeburn Exp $ +# $Id: resetpw.pm,v 1.42 2018/12/27 18:14:25 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -96,9 +96,14 @@ sub handler { if ($udom) { $domdesc = &Apache::lonnet::domain($udom,'description'); if ($domdesc) { + $otherinst = 1; + my @ids=&Apache::lonnet::current_machine_ids(); my %servers = &Apache::lonnet::internet_dom_servers($udom); - unless (exists($servers{$server})) { - $otherinst = 1; + foreach my $server (keys(%servers)) { + if (grep(/^\Q$server\E$/,@ids)) { + $otherinst = 0; + last; + } } } } @@ -407,13 +412,17 @@ sub invalid_state { sub homeserver_redirect { my ($uname,$udom,$domdesc,$brcrum) = @_; - my $uhome = &Apache::lonnet::homeserver(); - if ($uhome eq 'no_host') { + my $uhome; + if ($uname ne '') && ($udom ne '')) { + $uhome = &Apache::lonnet::homeserver($uname,$udom); + } + if (($uhome eq 'no_host') || ($uhome eq '')) { $uhome = &Apache::lonnet::domain($udom,'primary'); } + my $hostname = &Apache::lonnet::hostname($uhome); my $protocol = $Apache::lonnet::protocol{$uhome}; $protocol = 'http' if ($protocol ne 'https'); - my $url = $protocol.'://'.&Apache::lonnet::hostname($uhome).'/adm/resetpw'; + my $url = $protocol.'://'.$hostname.'/adm/resetpw'; # Breadcrumbs my $start_page = &Apache::loncommon::start_page('Switching Server',undef, {'redirect' => [0,$url], @@ -447,7 +456,11 @@ sub reset_passwd { return; } elsif ($now - $data{'time'} < 7200) { if ($env{'form.action'} eq 'verify_and_change_pass') { + $env{'form.uname'} =~ s/^\s+|\s+$//g; + $env{'form.udom'} =~ s/^\s+|\s+$//g; + $env{'form.email'} =~ s/^\s+|\s+$//g; unless (($env{'form.uname'} eq $data{'username'}) && ($env{'form.udom'} eq $data{'domain'}) && ($env{'form.email'} eq $data{'email'})) { + &Apache::lonnet::logthis("Forgot Password -- token data: ||$data{'username'}|| ||$data{'domain'}|| ||$data{'email'}|| differs from form: ||$env{'form.uname'}|| ||$env{'form.udom'}|| ||$env{'form.email'}||"); $r->print(&generic_failure_msg($contact_name,$contact_email)); return; } @@ -485,10 +498,10 @@ sub reset_passwd { if ($homeserver eq 'no_host') { $r->print(&generic_failure_msg($contact_name,$contact_email)); } else { + my $hostname = &Apache::lonnet::hostname($homeserver); my $protocol = $Apache::lonnet::protocol{$homeserver}; $protocol = 'http' if ($protocol ne 'https'); - my $url = $protocol.'://'.&Apache::lonnet::hostname($homeserver). - '/adm/resetpw'; + my $url = $protocol.'://'.$hostname.'/adm/resetpw'; my ($opentag,$closetag); if ($url) { $opentag = '';