--- loncom/auth/lonauth.pm	2014/10/04 13:21:48	1.121.2.12
+++ loncom/auth/lonauth.pm	2016/08/11 09:24:13	1.121.2.14
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # User Authentication Module
 #
-# $Id: lonauth.pm,v 1.121.2.12 2014/10/04 13:21:48 raeburn Exp $
+# $Id: lonauth.pm,v 1.121.2.14 2016/08/11 09:24:13 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -103,9 +103,7 @@ sub success {
         if ($destsymb =~ /___/) {
             # FIXME Need to deal with encrypted symbs and urls as needed.
             my ($map,$resid,$desturl)=split(/___/,$destsymb);
-            unless ($desturl=~/^(adm|editupload|public)/) {
-                $desturl = &Apache::lonnet::clutter($desturl);
-            }
+            $desturl = &Apache::lonnet::clutter($desturl);
             $desturl = &HTML::Entities::encode($desturl,'"<>&');
             $destsymb = &HTML::Entities::encode($destsymb,'"<>&');
             $destination .= 'destinationurl='.$desturl.
@@ -358,26 +356,7 @@ sub handler {
         (undef,$form{'iptoken'}) = split('=',$iptokenstr);
     }
 
-    my $keybin=pack("H16",$key);
-
-    my $cipher;
-    if ($Crypt::DES::VERSION>=2.03) {
-	$cipher=new Crypt::DES $keybin;
-    }
-    else {
-	$cipher=new DES $keybin;
-    }
-    my $upass='';
-    for (my $i=0;$i<=2;$i++) {
-	my $chunk=
-	    $cipher->decrypt(unpack("a8",pack("H16",substr($form{'upass'.$i},0,16))));
-
-	$chunk.=
-	    $cipher->decrypt(unpack("a8",pack("H16",substr($form{'upass'.$i},16,16))));
-
-	$chunk=substr($chunk,1,ord(substr($chunk,0,1)));
-	$upass.=$chunk;
-    }
+    my $upass = &Apache::loncommon::des_decrypt($key,$form{'upass0'});
 
 # ---------------------------------------------------------------- Authenticate