--- loncom/interface/resetpw.pm	2017/08/21 15:25:55	1.40
+++ loncom/interface/resetpw.pm	2019/02/08 19:57:29	1.43
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Allow access to password changing via a token sent to user's e-mail. 
 #
-# $Id: resetpw.pm,v 1.40 2017/08/21 15:25:55 raeburn Exp $
+# $Id: resetpw.pm,v 1.43 2019/02/08 19:57:29 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -412,13 +412,17 @@ sub invalid_state {
 
 sub homeserver_redirect {
     my ($uname,$udom,$domdesc,$brcrum) = @_;
-    my $uhome = &Apache::lonnet::homeserver();
-    if ($uhome eq 'no_host') {
+    my $uhome;
+    if (($uname ne '') && ($udom ne '')) {
+        $uhome = &Apache::lonnet::homeserver($uname,$udom);
+    }
+    if (($uhome eq 'no_host') || ($uhome eq '')) {
         $uhome = &Apache::lonnet::domain($udom,'primary');
     }
+    my $hostname = &Apache::lonnet::hostname($uhome);
     my $protocol = $Apache::lonnet::protocol{$uhome};
     $protocol = 'http' if ($protocol ne 'https');
-    my $url = $protocol.'://'.&Apache::lonnet::hostname($uhome).'/adm/resetpw';
+    my $url = $protocol.'://'.$hostname.'/adm/resetpw';
     # Breadcrumbs
     my $start_page = &Apache::loncommon::start_page('Switching Server',undef,
                                                     {'redirect' => [0,$url],
@@ -452,7 +456,11 @@ sub reset_passwd {
             return;
         } elsif ($now - $data{'time'} < 7200) {
             if ($env{'form.action'} eq 'verify_and_change_pass') {
+                $env{'form.uname'} =~ s/^\s+|\s+$//g;
+                $env{'form.udom'} =~ s/^\s+|\s+$//g;
+                $env{'form.email'} =~ s/^\s+|\s+$//g;
                 unless (($env{'form.uname'} eq $data{'username'}) && ($env{'form.udom'} eq $data{'domain'}) && ($env{'form.email'} eq $data{'email'})) {
+                    &Apache::lonnet::logthis("Forgot Password -- token data: ||$data{'username'}|| ||$data{'domain'}|| ||$data{'email'}|| differs from form: ||$env{'form.uname'}|| ||$env{'form.udom'}|| ||$env{'form.email'}||");
                     $r->print(&generic_failure_msg($contact_name,$contact_email));
                     return;
                 }
@@ -490,10 +498,10 @@ sub reset_passwd {
                     if ($homeserver eq 'no_host') {
                         $r->print(&generic_failure_msg($contact_name,$contact_email));
                     } else {
+                        my $hostname = &Apache::lonnet::hostname($homeserver);
                         my $protocol = $Apache::lonnet::protocol{$homeserver};
                         $protocol = 'http' if ($protocol ne 'https');
-                        my $url = $protocol.'://'.&Apache::lonnet::hostname($homeserver).
-                                  '/adm/resetpw';
+                        my $url = $protocol.'://'.$hostname.'/adm/resetpw';
                         my ($opentag,$closetag);
                         if ($url) {
                            $opentag = '<a href="'.$url.'">';