--- loncom/auth/lonauth.pm 2016/08/11 09:24:13 1.121.2.14
+++ loncom/auth/lonauth.pm 2014/04/06 13:40:19 1.133
@@ -1,7 +1,7 @@
# The LearningOnline Network
# User Authentication Module
#
-# $Id: lonauth.pm,v 1.121.2.14 2016/08/11 09:24:13 raeburn Exp $
+# $Id: lonauth.pm,v 1.133 2014/04/06 13:40:19 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -103,7 +103,9 @@ sub success {
if ($destsymb =~ /___/) {
# FIXME Need to deal with encrypted symbs and urls as needed.
my ($map,$resid,$desturl)=split(/___/,$destsymb);
- $desturl = &Apache::lonnet::clutter($desturl);
+ unless ($desturl=~/^(adm|editupload|public)/) {
+ $desturl = &Apache::lonnet::clutter($desturl);
+ }
$desturl = &HTML::Entities::encode($desturl,'"<>&');
$destsymb = &HTML::Entities::encode($destsymb,'"<>&');
$destination .= 'destinationurl='.$desturl.
@@ -118,23 +120,16 @@ sub success {
$destination .= 'source=login';
}
- my $windowinfo=&Apache::lonmenu::open($env{'browser.os'});
- my $startupremote=&Apache::lonmenu::startupremote($destination);
- my $remoteinfo=&Apache::lonmenu::load_remote_msg($lowerurl);
- my $setflags=&Apache::lonmenu::setflags();
- my $maincall=&Apache::lonmenu::maincall();
+ my $windowinfo = Apache::lonhtmlcommon::scripttag('self.name="loncapaclient";');
+ my $header = '';
my $brcrum = [{'href' => '',
'text' => 'Successful Login'},];
my $start_page=&Apache::loncommon::start_page('Successful Login',
- $startupremote,
- {'no_inline_link' => 1,
- 'bread_crumbs' => $brcrum,});
+ $header,
+ {'bread_crumbs' => $brcrum,});
my $end_page =&Apache::loncommon::end_page();
- my $continuelink;
- if ($env{'environment.remote'} eq 'off') {
- $continuelink=''.&mt('Continue').'';
- }
+ my $continuelink=''.&mt('Continue').'';
# ------------------------------------------------- Output for successful login
&Apache::loncommon::content_type($r,'text/html');
@@ -153,17 +148,13 @@ sub success {
my $welcome = &mt('Welcome to the Learning[_1]Online[_2] Network with CAPA. Please wait while your session is being set up.','','');
$r->print(<$lt{'wel'}
$welcome
$loginhelp
-$remoteinfo
-$maincall
$continuelink
$end_page
ENDSUCCESS
- return;
}
# --------------------------------------------------------------- Failed login!
@@ -317,6 +308,12 @@ sub handler {
my $tmpinfo=Apache::lonnet::reply('tmpget:'.$form{'logtoken'},
$form{'serverid'});
+ my %sessiondata;
+ if ($form{'iptoken'}) {
+ %sessiondata = &Apache::lonnet::tmpget($form{'iptoken'});
+ my $delete = &Apache::lonnet::tmpdel($form{'iptoken'});
+ }
+
if (($tmpinfo=~/^error/) || ($tmpinfo eq 'con_lost') ||
($tmpinfo eq 'no_such_host')) {
&failed($r,'Information needed to verify your login information is missing, inaccessible or expired.',\%form);
@@ -336,27 +333,40 @@ sub handler {
return OK;
}
- my ($key,$firsturl,$rolestr,$symbstr,$iptokenstr)=split(/&/,$tmpinfo);
+ my ($key,$firsturl,$rolestr,$symbstr)=split(/&/,$tmpinfo);
if ($rolestr) {
$rolestr = &unescape($rolestr);
}
if ($symbstr) {
$symbstr= &unescape($symbstr);
}
- if ($iptokenstr) {
- $iptokenstr = &unescape($iptokenstr);
- }
if ($rolestr =~ /^role=/) {
(undef,$form{'role'}) = split('=',$rolestr);
}
if ($symbstr =~ /^symb=/) {
(undef,$form{'symb'}) = split('=',$symbstr);
}
- if ($iptokenstr =~ /^iptoken=/) {
- (undef,$form{'iptoken'}) = split('=',$iptokenstr);
+
+ my $keybin=pack("H16",$key);
+
+ my $cipher;
+ if ($Crypt::DES::VERSION>=2.03) {
+ $cipher=new Crypt::DES $keybin;
+ }
+ else {
+ $cipher=new DES $keybin;
}
+ my $upass='';
+ for (my $i=0;$i<=2;$i++) {
+ my $chunk=
+ $cipher->decrypt(unpack("a8",pack("H16",substr($form{'upass'.$i},0,16))));
- my $upass = &Apache::loncommon::des_decrypt($key,$form{'upass0'});
+ $chunk.=
+ $cipher->decrypt(unpack("a8",pack("H16",substr($form{'upass'.$i},16,16))));
+
+ $chunk=substr($chunk,1,ord(substr($chunk,0,1)));
+ $upass.=$chunk;
+ }
# ---------------------------------------------------------------- Authenticate
@@ -387,8 +397,7 @@ sub handler {
return OK;
}
my $start_page =
- &Apache::loncommon::start_page('Create a user account in LON-CAPA',
- '',{'no_inline_link' => 1,});
+ &Apache::loncommon::start_page('Create a user account in LON-CAPA');
my $lonhost = $r->dir_config('lonHostID');
my $origmail = $Apache::lonnet::perlvar{'lonSupportEMail'};
my $contacts =
@@ -420,8 +429,6 @@ sub handler {
my $hosthere;
if ($form{'iptoken'}) {
- my %sessiondata = &Apache::lonnet::tmpget($form{'iptoken'});
- my $delete = &Apache::lonnet::tmpdel($form{'iptoken'});
if (($sessiondata{'domain'} eq $form{'udom'}) &&
($sessiondata{'username'} eq $form{'uname'})) {
$hosthere = 1;