--- loncom/auth/lonauth.pm	2016/08/11 09:24:13	1.121.2.14
+++ loncom/auth/lonauth.pm	2014/04/30 21:51:30	1.134
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # User Authentication Module
 #
-# $Id: lonauth.pm,v 1.121.2.14 2016/08/11 09:24:13 raeburn Exp $
+# $Id: lonauth.pm,v 1.134 2014/04/30 21:51:30 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -103,7 +103,9 @@ sub success {
         if ($destsymb =~ /___/) {
             # FIXME Need to deal with encrypted symbs and urls as needed.
             my ($map,$resid,$desturl)=split(/___/,$destsymb);
-            $desturl = &Apache::lonnet::clutter($desturl);
+            unless ($desturl=~/^(adm|editupload|public)/) {
+                $desturl = &Apache::lonnet::clutter($desturl);
+            }
             $desturl = &HTML::Entities::encode($desturl,'"<>&');
             $destsymb = &HTML::Entities::encode($destsymb,'"<>&');
             $destination .= 'destinationurl='.$desturl.
@@ -118,23 +120,16 @@ sub success {
         $destination .= 'source=login';
     }
 
-    my $windowinfo=&Apache::lonmenu::open($env{'browser.os'});
-    my $startupremote=&Apache::lonmenu::startupremote($destination);
-    my $remoteinfo=&Apache::lonmenu::load_remote_msg($lowerurl);
-    my $setflags=&Apache::lonmenu::setflags();
-    my $maincall=&Apache::lonmenu::maincall();
+    my $windowinfo = Apache::lonhtmlcommon::scripttag('self.name="loncapaclient";');
+    my $header = '<meta HTTP-EQUIV="Refresh" CONTENT="0; url='.$destination.'" />';
     my $brcrum = [{'href' => '',
                    'text' => 'Successful Login'},];
     my $start_page=&Apache::loncommon::start_page('Successful Login',
-                                                  $startupremote,
-                                                  {'no_inline_link' => 1,
-                                                   'bread_crumbs' => $brcrum,});
+                                                  $header,
+                                                  {'bread_crumbs' => $brcrum,});
     my $end_page  =&Apache::loncommon::end_page();
 
-    my $continuelink;
-    if ($env{'environment.remote'} eq 'off') {
-	$continuelink='<a href="'.$destination.'">'.&mt('Continue').'</a>';
-    }
+	my $continuelink='<a href="'.$destination.'">'.&mt('Continue').'</a>';
 # ------------------------------------------------- Output for successful login
 
     &Apache::loncommon::content_type($r,'text/html');
@@ -153,13 +148,10 @@ sub success {
     my $welcome = &mt('Welcome to the Learning[_1]Online[_2] Network with CAPA. Please wait while your session is being set up.','<i>','</i>'); 
     $r->print(<<ENDSUCCESS);
 $start_page
-$setflags
 $windowinfo
 <h1>$lt{'wel'}</h1>
 $welcome
 $loginhelp
-$remoteinfo
-$maincall
 $continuelink
 $end_page
 ENDSUCCESS
@@ -317,6 +309,12 @@ sub handler {
     my $tmpinfo=Apache::lonnet::reply('tmpget:'.$form{'logtoken'},
                                       $form{'serverid'});
 
+    my %sessiondata;
+    if ($form{'iptoken'}) {
+        %sessiondata = &Apache::lonnet::tmpget($form{'iptoken'});
+        my $delete = &Apache::lonnet::tmpdel($form{'iptoken'});
+    }
+
     if (($tmpinfo=~/^error/) || ($tmpinfo eq 'con_lost') || 
         ($tmpinfo eq 'no_such_host')) {
 	&failed($r,'Information needed to verify your login information is missing, inaccessible or expired.',\%form);
@@ -336,27 +334,40 @@ sub handler {
         return OK;
     }
 
-    my ($key,$firsturl,$rolestr,$symbstr,$iptokenstr)=split(/&/,$tmpinfo);
+    my ($key,$firsturl,$rolestr,$symbstr)=split(/&/,$tmpinfo);
     if ($rolestr) {
         $rolestr = &unescape($rolestr);
     }
     if ($symbstr) {
         $symbstr= &unescape($symbstr);
     }
-    if ($iptokenstr) {
-        $iptokenstr = &unescape($iptokenstr);
-    }
     if ($rolestr =~ /^role=/) {
         (undef,$form{'role'}) = split('=',$rolestr);
     }
     if ($symbstr =~ /^symb=/) { 
         (undef,$form{'symb'}) = split('=',$symbstr);
     }
-    if ($iptokenstr =~ /^iptoken=/) {
-        (undef,$form{'iptoken'}) = split('=',$iptokenstr);
+
+    my $keybin=pack("H16",$key);
+
+    my $cipher;
+    if ($Crypt::DES::VERSION>=2.03) {
+	$cipher=new Crypt::DES $keybin;
+    }
+    else {
+	$cipher=new DES $keybin;
     }
+    my $upass='';
+    for (my $i=0;$i<=2;$i++) {
+	my $chunk=
+	    $cipher->decrypt(unpack("a8",pack("H16",substr($form{'upass'.$i},0,16))));
 
-    my $upass = &Apache::loncommon::des_decrypt($key,$form{'upass0'});
+	$chunk.=
+	    $cipher->decrypt(unpack("a8",pack("H16",substr($form{'upass'.$i},16,16))));
+
+	$chunk=substr($chunk,1,ord(substr($chunk,0,1)));
+	$upass.=$chunk;
+    }
 
 # ---------------------------------------------------------------- Authenticate
 
@@ -387,8 +398,7 @@ sub handler {
                 return OK;
             }
             my $start_page = 
-                &Apache::loncommon::start_page('Create a user account in LON-CAPA',
-                                               '',{'no_inline_link'   => 1,});
+                &Apache::loncommon::start_page('Create a user account in LON-CAPA');
             my $lonhost = $r->dir_config('lonHostID');
             my $origmail = $Apache::lonnet::perlvar{'lonSupportEMail'};
             my $contacts = 
@@ -420,8 +430,6 @@ sub handler {
 
     my $hosthere;
     if ($form{'iptoken'}) {
-        my %sessiondata = &Apache::lonnet::tmpget($form{'iptoken'});
-        my $delete = &Apache::lonnet::tmpdel($form{'iptoken'});
         if (($sessiondata{'domain'} eq $form{'udom'}) &&
             ($sessiondata{'username'} eq $form{'uname'})) {
             $hosthere = 1;