--- loncom/lonnet/perl/lonnet.pm	2002/01/04 15:38:02	1.196
+++ loncom/lonnet/perl/lonnet.pm	2002/02/04 15:31:22	1.199
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # TCP networking package
 #
-# $Id: lonnet.pm,v 1.196 2002/01/04 15:38:02 www Exp $
+# $Id: lonnet.pm,v 1.199 2002/02/04 15:31:22 www Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -66,7 +66,7 @@
 # 12/18 Scott Harrison
 # 12/21,12/22,12/27,12/28 Gerd Kortemeyer
 # YEAR=2002
-# 1/4 Gerd Kortemeyer
+# 1/4,2/4 Gerd Kortemeyer
 #
 ###
 
@@ -391,6 +391,7 @@ sub queryauthenticate {
 sub authenticate {
     my ($uname,$upass,$udom)=@_;
     $upass=escape($upass);
+    $uname=~s/\W//g;
     if (($perlvar{'lonRole'} eq 'library') && 
         ($udom eq $perlvar{'lonDefDomain'})) {
     my $answer=reply("encrypt:auth:$udom:$uname:$upass",$perlvar{'lonHostID'});
@@ -1706,14 +1707,25 @@ sub assignrole {
 }
 
 # -------------------------------------------------- Modify user authentication
+# Overrides without validation
+
 sub modifyuserauth {
     my ($udom,$uname,$umode,$upass)=@_;
     my $uhome=&homeserver($uname,$udom);
-    &logthis('Call to modify user authentication'.$udom.', '.$uname.', '.
+    unless (&allowed('mau',$udom)) { return 'refused'; }
+    &logthis('Call to modify user authentication '.$udom.', '.$uname.', '.
              $umode.' by '.$ENV{'user.name'}.' at '.$ENV{'user.domain'});  
     my $reply=&reply('encrypt:changeuserauth:'.$udom.':'.$uname.':'.$umode.':'.
 		     &escape($upass),$uhome);
+    &log($ENV{'user.domain'},$ENV{'user.name'},$ENV{'user.home'},
+        'Authentication changed for '.$udom.', '.$uname.', '.$umode.
+         '(Remote '.$ENV{'REMOTE_ADDR'}.'): '.$reply);
+    &log($udom,,$uname,$uhome,
+        'Authentication changed by '.$ENV{'user.domain'}.', '.
+                                     $ENV{'user.name'}.', '.$umode.
+         '(Remote '.$ENV{'REMOTE_ADDR'}.'): '.$reply);
     unless ($reply eq 'ok') {
+        &logthis('Authentication mode error: '.$reply);
 	return 'error: '.$reply;
     }   
     return 'ok';
@@ -1725,6 +1737,8 @@ sub modifyuserauth {
 sub modifyuser {
     my ($udom,$uname,$uid,$umode,$upass,$first,$middle,$last,$gene,
         $forceid)=@_;
+    $udom=~s/\W//g;
+    $uname=~s/\W//g;
     &logthis('Call to modify user '.$udom.', '.$uname.', '.$uid.', '.
              $umode.', '.$first.', '.$middle.', '.
 	     $last.', '.$gene.'(forceid: '.$forceid.') by '.
@@ -1795,14 +1809,14 @@ sub modifyuser {
 
 sub modifystudent {
     my ($udom,$uname,$uid,$umode,$upass,$first,$middle,$last,$gene,$usec,
-        $end,$start)=@_;
+        $end,$start,$forceid)=@_;
     my $cid='';
     unless ($cid=$ENV{'request.course.id'}) {
 	return 'not_in_class';
     }
 # --------------------------------------------------------------- Make the user
     my $reply=&modifyuser
-	($udom,$uname,$uid,$umode,$upass,$first,$middle,$last,$gene);
+	($udom,$uname,$uid,$umode,$upass,$first,$middle,$last,$gene,$forceid);
     unless ($reply eq 'ok') { return $reply; }
     my $uhome=&homeserver($uname,$udom);
     if (($uhome eq '') || ($uhome eq 'no_host')) {