--- loncom/auth/lonauth.pm 2009/07/22 20:24:07 1.100 +++ loncom/auth/lonauth.pm 2010/09/15 18:28:45 1.101.10.1 @@ -1,7 +1,7 @@ # The LearningOnline Network # User Authentication Module # -# $Id: lonauth.pm,v 1.100 2009/07/22 20:24:07 raeburn Exp $ +# $Id: lonauth.pm,v 1.101.10.1 2010/09/15 18:28:45 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -40,6 +40,7 @@ use Apache::lonmenu(); use Apache::createaccount; use Fcntl qw(:flock); use Apache::lonlocal; +use HTML::Entities; # ------------------------------------------------------------ Successful login sub success { @@ -85,29 +86,30 @@ sub success { &Apache::lonnet::role_status($envkey,$then,$refresh,$now,\$role,\$where, \$trolecode,\$tstatus,\$tstart,\$tend); if ($tstatus eq 'is') { - if ($destination =~ /\?/) { - $destination .= '&'; - } else { - $destination .= '?'; - } - $destination .= 'selectrole=1&'.$form->{role}.'=1'; - if (defined($form->{symb})) { - my $destsymb = $form->{symb}; - if ($destsymb =~ /___/) { - # FIXME Need to deal with encrypted symbs and urls as needed. - my ($map,$resid,$desturl)=split(/___/,$destsymb); - unless ($desturl=~/^(adm|uploaded|editupload|public)/) { - $desturl = &Apache::lonnet::clutter($desturl); - } - $destination .= '&destinationurl='.$desturl. - '&destsymb='.$destsymb; - } else { - $destination .= '&destinationurl='.$destsymb; - } - } + $destination .= ($destination =~ /\?/) ? '&' : '?'; + my $newrole = &HTML::Entities::encode($form->{role},'"<>&'); + $destination .= 'selectrole=1&'.$newrole.'=1'; } } } + if (defined($form->{symb})) { + my $destsymb = $form->{symb}; + $destination .= ($destination =~ /\?/) ? '&' : '?'; + if ($destsymb =~ /___/) { + # FIXME Need to deal with encrypted symbs and urls as needed. + my ($map,$resid,$desturl)=split(/___/,$destsymb); + unless ($desturl=~/^(adm|uploaded|editupload|public)/) { + $desturl = &Apache::lonnet::clutter($desturl); + } + $desturl = &HTML::Entities::encode($desturl,'"<>&'); + $destsymb = &HTML::Entities::encode($destsymb,'"<>&'); + $destination .= '&destinationurl='.$desturl. + '&destsymb='.$destsymb; + } else { + $destsymb = &HTML::Entities::encode($destsymb,'"<>&'); + $destination .= '&destinationurl='.$destsymb; + } + } my $windowinfo=&Apache::lonmenu::open($env{'browser.os'}); my $startupremote=&Apache::lonmenu::startupremote($destination); @@ -334,43 +336,35 @@ sub handler { if (grep(/^login$/,@cancreate)) { $defaultauth = 1; } - my $authhost=Apache::lonnet::authenticate($form{'uname'},$upass, + my $uname = $form{'uname'}; + my $authhost=Apache::lonnet::authenticate($uname,$upass, $form{'udom'},$defaultauth); # --------------------------------------------------------------------- Failed? if ($authhost eq 'no_host') { - &failed($r,'Username and/or password could not be authenticated.', - \%form); - return OK; - } elsif ($authhost eq 'no_account_on_host') { - my %domconfig = - &Apache::lonnet::get_dom('configuration',['usercreation'],$form{'udom'}); - if (grep(/^login$/,@cancreate)) { - my $start_page = - &Apache::loncommon::start_page('Create a user account in LON-CAPA', - '',{'no_inline_link' => 1,}); - my $domdesc = &Apache::lonnet::domain($form{'udom'},'description'); - my $lonhost = $r->dir_config('lonHostID'); - my $origmail = $Apache::lonnet::perlvar{'lonSupportEMail'}; - my $contacts = - &Apache::loncommon::build_recipient_list(undef,'helpdeskmail', - $form{'udom'},$origmail); - my ($contact_email) = split(',',$contacts); - my $output = &Apache::createaccount::username_check($form{'uname'}, - $form{'udom'},$domdesc,'', - $lonhost,$contact_email,$contact_name); - &Apache::loncommon::content_type($r,'text/html'); - $r->send_http_header; - &Apache::createaccount::print_header($r,$start_page); - $r->print('