--- loncom/interface/resetpw.pm	2020/12/18 15:23:02	1.48
+++ loncom/interface/resetpw.pm	2025/02/15 03:43:36	1.54
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Allow access to password changing via a token sent to user's e-mail. 
 #
-# $Id: resetpw.pm,v 1.48 2020/12/18 15:23:02 raeburn Exp $
+# $Id: resetpw.pm,v 1.54 2025/02/15 03:43:36 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -115,6 +115,7 @@ sub handler {
         }
     }
     my %passwdconf = &Apache::lonnet::get_passwdconf($dom_in_effect);
+    my $clientip = &Apache::lonnet::get_requestor_ip($r);
     my $token = $env{'form.token'};
     my $useremail = $env{'form.useremail'};
     if (($udom ne '') && (!$otherinst) && (!$token)) {
@@ -288,19 +289,20 @@ END
         $js.= "\n".'<script src="https://www.google.com/recaptcha/api.js"></script>'."\n";
     }
     my $header = &Apache::loncommon::start_page('Reset password',$js,$args).
-                 '<h2>'.&mt('Reset forgotten LON-CAPA password').'</h2>';
+                 '<div class="LC_landmark" role="banner">'.
+                 '<h2 class="LC_heading_2">'.&mt('Reset forgotten LON-CAPA password').'</h2></div>';
     my $output;
     if ($token) {
-        $r->print($header);
-        &reset_passwd($r,$token,$contact_name,$contact_email,\%passwdconf);
-        $r->print(&Apache::loncommon::end_page());
+        $r->print($header.'<div class="LC_landmark" role="main">');
+        &reset_passwd($r,$token,$contact_name,$contact_email,$clientip,\%passwdconf);
+        $r->print('</div>'.&Apache::loncommon::end_page());
         return OK;
     } elsif ($udom) {
         if (!$domdesc) {
             $output = &invalid_state('baddomain',$domdesc,
                                      $contact_name,$contact_email); 
         } elsif ($otherinst) {
-            ($header,$output) = &homeserver_redirect($uname,$udom,$domdesc,$brcrum);
+            ($header,$output) = &homeserver_redirect($r,$uname,$udom,$domdesc,$brcrum);
         } elsif (($uname) || ($useremail)) {
             my $earlyout;
             unless ($passwdconf{'captcha'} eq 'unused') {
@@ -327,7 +329,7 @@ END
                 my $authtype = &Apache::lonnet::queryauthenticate($uname,$udom);
                 if ($authtype =~ /^internal/) {
                     my ($blocked,$blocktext) =
-                        &Apache::loncommon::blocking_status('passwd',$uname,$udom);
+                        &Apache::loncommon::blocking_status('passwd',$clientip,$uname,$udom);
                     if ($blocked) {
                         $output = '<p class="LC_warning">'.$blocktext.'</p>'
                                   .&display_actions($contact_email,$domdesc);
@@ -417,7 +419,7 @@ END
     } else {
         $output = &get_uname($server,$defdom,\%passwdconf);
     }
-    $r->print($header.$output);
+    $r->print($header.'<div class="LC_landmark" role="main">'.$output.'</div>');
     $r->print(&Apache::loncommon::end_page());
     return OK;
 }
@@ -441,22 +443,22 @@ sub get_uname {
             $msg .= $contents;
         }
     }
-    $msg .= '<p>'.&mt('Three conditions must be met:')
+    $msg .= '<p>'.&mt('Three conditions must be met:').'</p>'
            .'<ul><li>'.&mt('An e-mail address must have previously been associated with your LON-CAPA username.').'</li>'
            .'<li>'.&mt('You must be able to access e-mail sent to that address.').'</li>'
-           .'<li>'.&mt('Your LON-CAPA account must be of a type for which LON-CAPA can reset a password.')
-           .'</ul></p>';
+           .'<li>'.&mt('Your LON-CAPA account must be of a type for which LON-CAPA can reset a password.').'</li>'
+           .'</ul>';
     my $onchange = 'javascript:verifyDomain(this,this.form);';
     $msg .= '<form name="forgotpw" method="post" action="/adm/resetpw" onsubmit="return validInfo();">'.
             &Apache::lonhtmlcommon::start_pick_box().
-            &Apache::lonhtmlcommon::row_title($lt{'udom'}).
-            &Apache::loncommon::select_dom_form($defdom,'udom',undef,undef,$onchange).
+            &Apache::lonhtmlcommon::row_title('<label for="udom">'.$lt{'udom'}.'</label>').
+            &Apache::loncommon::select_dom_form($defdom,'udom',undef,undef,$onchange,'','','','udom').
             &Apache::lonhtmlcommon::row_closure(1).
-            &Apache::lonhtmlcommon::row_title($lt{'unam'}).
-            '<input type="text" name="uname" size="20" autocapitalize="off" autocorrect="off" />'.
+            &Apache::lonhtmlcommon::row_title('<label for="uname">'.$lt{'unam'}.'</label>').
+            '<input type="text" name="uname" id="uname" size="20" autocapitalize="off" autocorrect="off" />'.
             &Apache::lonhtmlcommon::row_closure(1).
-            &Apache::lonhtmlcommon::row_title($lt{'uemail'}).
-            '<input type="text" name="useremail" size="30" autocapitalize="off" autocorrect="off" />'.
+            &Apache::lonhtmlcommon::row_title('<label for="useremail">'.$lt{'uemail'}.'</label>').
+            '<input type="text" name="useremail" id="useremail" size="30" autocapitalize="off" autocorrect="off" />'.
             &Apache::lonhtmlcommon::row_closure(1);
     unless ($passwdconf->{'captcha'} eq 'notused') {
         my ($captcha_form,$captcha_error,$captcha,$recaptcha_version) =
@@ -579,7 +581,7 @@ sub invalid_state {
 }
 
 sub homeserver_redirect {
-    my ($uname,$udom,$domdesc,$brcrum) = @_;
+    my ($r,$uname,$udom,$domdesc,$brcrum) = @_;
     my $uhome;
     if (($uname ne '') && ($udom ne '')) {
         $uhome = &Apache::lonnet::homeserver($uname,$udom);
@@ -590,6 +592,8 @@ sub homeserver_redirect {
     my $hostname = &Apache::lonnet::hostname($uhome);
     my $protocol = $Apache::lonnet::protocol{$uhome};
     $protocol = 'http' if ($protocol ne 'https');
+    my $alias = &Apache::lonnet::use_proxy_alias($r,$uhome);
+    $hostname = $alias if ($alias ne '');
     my $url = $protocol.'://'.$hostname.'/adm/resetpw';
     # Breadcrumbs
     my $start_page = &Apache::loncommon::start_page('Switching Server',undef,
@@ -602,7 +606,7 @@ sub homeserver_redirect {
 }
 
 sub reset_passwd {
-    my ($r,$token,$contact_name,$contact_email,$passwdconf) = @_;
+    my ($r,$token,$contact_name,$contact_email,$clientip,$passwdconf) = @_;
     return unless (ref($passwdconf) eq 'HASH');
     my %data = &Apache::lonnet::tmpget($token);
     my $now = time;
@@ -623,7 +627,7 @@ sub reset_passwd {
         }
         my $reqtime = &Apache::lonlocal::locallocaltime($data{'time'});
         my ($blocked,$blocktext) =
-            &Apache::loncommon::blocking_status('passwd',$data{'username'},$data{'domain'});
+            &Apache::loncommon::blocking_status('passwd',$clientip,$data{'username'},$data{'domain'});
         if ($blocked) {
             $r->print('<p class="LC_warning">'.$blocktext.'</p>');
             return;
@@ -755,6 +759,8 @@ sub reset_passwd {
                         my $hostname = &Apache::lonnet::hostname($homeserver);
                         my $protocol = $Apache::lonnet::protocol{$homeserver};
                         $protocol = 'http' if ($protocol ne 'https');
+                        my $alias = &Apache::lonnet::use_proxy_alias($r,$homeserver);
+                        $hostname = $alias if ($alias ne '');
                         my $url = $protocol.'://'.$hostname.'/adm/resetpw';
                         my ($opentag,$closetag);
                         if ($url) {