$message
$lt{'please'}
$end_page ENDFAILED } # ------------------------------------------------------------------ Rerouting! sub reroute { my ($r) = @_; &Apache::loncommon::content_type($r,'text/html'); $r->send_http_header; my $msg='Please either continue the current session or logout.
$end_page ENDFAILED return OK; } } # ---------------------------------------------------- No valid token, continue my $buffer; if ($r->header_in('Content-length') > 0) { $r->read($buffer,$r->header_in('Content-length'),0); } my %form; foreach my $pair (split(/&/,$buffer)) { my ($name,$value) = split(/=/,$pair); $value =~ tr/+/ /; $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg; $form{$name}=$value; } if ((!$form{'uname'}) || (!$form{'upass0'}) || (!$form{'udom'})) { &failed($r,'Username, password and domain need to be specified.', \%form); return OK; } # split user logging in and "su"-user ($form{'uname'},$form{'suname'})=split(/\:/,$form{'uname'}); $form{'uname'} = &LONCAPA::clean_username($form{'uname'}); $form{'suname'}= &LONCAPA::clean_username($form{'suname'}); $form{'udom'} = &LONCAPA::clean_domain( $form{'udom'}); my $role = $r->dir_config('lonRole'); my $domain = $r->dir_config('lonDefDomain'); my $prodir = $r->dir_config('lonUsersDir'); # ---------------------------------------- Get the information from login token my $tmpinfo=Apache::lonnet::reply('tmpget:'.$form{'logtoken'}, $form{'serverid'}); if (($tmpinfo=~/^error/) || ($tmpinfo eq 'con_lost')) { &failed($r,'Information needed to verify your login information is missing, inaccessible or expired.',\%form); return OK; } else { my $reply = &Apache::lonnet::reply('tmpdel:'.$form{'logtoken'}, $form{'serverid'}); if ( $reply ne 'ok' ) { &failed($r,'Session could not be opened.',\%form); &Apache::lonnet::logthis("ERROR got a reply of $reply when trying to contact ". $form{'serverid'}." to get login token"); return OK; } } my ($key,$firsturl)=split(/&/,$tmpinfo); my $keybin=pack("H16",$key); my $cipher; if ($Crypt::DES::VERSION>=2.03) { $cipher=new Crypt::DES $keybin; } else { $cipher=new DES $keybin; } my $upass=''; for (my $i=0;$i<=2;$i++) { my $chunk= $cipher->decrypt(unpack("a8",pack("H16",substr($form{'upass'.$i},0,16)))); $chunk.= $cipher->decrypt(unpack("a8",pack("H16",substr($form{'upass'.$i},16,16)))); $chunk=substr($chunk,1,ord(substr($chunk,0,1))); $upass.=$chunk; } # ---------------------------------------------------------------- Authenticate my $authhost=Apache::lonnet::authenticate($form{'uname'}, $upass, $form{'udom'}); # --------------------------------------------------------------------- Failed? if ($authhost eq 'no_host') { &failed($r,'Username and/or password could not be authenticated.', \%form); return OK; } if (($firsturl eq '') || ($firsturl=~/^\/adm\/(logout|remote)/)) { $firsturl='/adm/roles'; } # --------------------------------- Are we attempting to login as somebody else? if ($form{'suname'}) { # ------------ see if the original user has enough privileges to pull this stunt if (&Apache::lonnet::privileged($form{'uname'},$form{'udom'})) { # ---------------------------------------------------- see if the su-user exists unless (&Apache::lonnet::homeserver($form{'suname'},$form{'udom'}) eq 'no_host') { &Apache::lonnet::logthis(&Apache::lonnet::homeserver($form{'suname'},$form{'udom'})); # ------------------------------ see if the su-user is not too highly privileged unless (&Apache::lonnet::privileged($form{'suname'},$form{'udom'})) { # -------------------------------------------------------- actually switch users &Apache::lonnet::logperm('User '.$form{'uname'}.' at '.$form{'udom'}. ' logging in as '.$form{'suname'}); $form{'uname'}=$form{'suname'}; } else { &Apache::lonnet::logthis('Attempted switch user to privileged user'); } } } else { &Apache::lonnet::logthis('Non-privileged user attempting switch user'); } } if ($r->dir_config("lonBalancer") eq 'yes') { &success($r,$form{'uname'},$form{'udom'},$authhost,'noredirect',undef, \%form); $r->internal_redirect('/adm/switchserver'); } else { &success($r,$form{'uname'},$form{'udom'},$authhost,$firsturl,undef, \%form); } return OK; } 1; __END__