'.&mt($message).'
' .''.&mt('Please [_1]log in again[_2].','','') .'
' .'' .$end_page ); } # ------------------------------------------------------------------ Rerouting! sub reroute { my ($r) = @_; &Apache::loncommon::content_type($r,'text/html'); $r->send_http_header; my $msg=''.&mt('Please either [_1]continue the current session[_2] or [_3]log out[_4].' ,'','','','') .'
' .'' .$end_page ); return OK; } # ---------------------------------------------------- No valid token, continue my $buffer; if ($r->header_in('Content-length') > 0) { $r->read($buffer,$r->header_in('Content-length'),0); } my %form; foreach my $pair (split(/&/,$buffer)) { my ($name,$value) = split(/=/,$pair); $value =~ tr/+/ /; $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg; $form{$name}=$value; } if ((!$form{'uname'}) || (!$form{'upass0'}) || (!$form{'udom'})) { &failed($r,'Username, password and domain need to be specified.', \%form); return OK; } # split user logging in and "su"-user ($form{'uname'},$form{'suname'})=split(/\:/,$form{'uname'}); $form{'uname'} = &LONCAPA::clean_username($form{'uname'}); $form{'suname'}= &LONCAPA::clean_username($form{'suname'}); $form{'udom'} = &LONCAPA::clean_domain( $form{'udom'}); my $role = $r->dir_config('lonRole'); my $domain = $r->dir_config('lonDefDomain'); my $prodir = $r->dir_config('lonUsersDir'); my $contact_name = &mt('LON-CAPA helpdesk'); # ---------------------------------------- Get the information from login token my $tmpinfo=Apache::lonnet::reply('tmpget:'.$form{'logtoken'}, $form{'serverid'}); if (($tmpinfo=~/^error/) || ($tmpinfo eq 'con_lost')) { &failed($r,'Information needed to verify your login information is missing, inaccessible or expired.',\%form); return OK; } else { my $reply = &Apache::lonnet::reply('tmpdel:'.$form{'logtoken'}, $form{'serverid'}); if ( $reply ne 'ok' ) { &failed($r,'Session could not be opened.',\%form); &Apache::lonnet::logthis("ERROR got a reply of $reply when trying to contact ". $form{'serverid'}." to get login token"); return OK; } } if (!&Apache::lonnet::domain($form{'udom'})) { &failed($r,'The domain you provided is not a valid LON-CAPA domain.',\%form); return OK; } my ($key,$firsturl,$rolestr,$symbstr)=split(/&/,$tmpinfo); if ($rolestr) { $rolestr = &unescape($rolestr); } if ($symbstr) { $symbstr= &unescape($symbstr); } if ($rolestr =~ /^role=/) { (undef,$form{'role'}) = split('=',$rolestr); } if ($symbstr =~ /^symb=/) { (undef,$form{'symb'}) = split('=',$symbstr); } my $keybin=pack("H16",$key); my $cipher; if ($Crypt::DES::VERSION>=2.03) { $cipher=new Crypt::DES $keybin; } else { $cipher=new DES $keybin; } my $upass=''; for (my $i=0;$i<=2;$i++) { my $chunk= $cipher->decrypt(unpack("a8",pack("H16",substr($form{'upass'.$i},0,16)))); $chunk.= $cipher->decrypt(unpack("a8",pack("H16",substr($form{'upass'.$i},16,16)))); $chunk=substr($chunk,1,ord(substr($chunk,0,1))); $upass.=$chunk; } # ---------------------------------------------------------------- Authenticate my @cancreate; my %domconfig = &Apache::lonnet::get_dom('configuration',['usercreation'],$form{'udom'}); if (ref($domconfig{'usercreation'}) eq 'HASH') { if (ref($domconfig{'usercreation'}{'cancreate'}) eq 'HASH') { if (ref($domconfig{'usercreation'}{'cancreate'}{'selfcreate'}) eq 'ARRAY') { @cancreate = @{$domconfig{'usercreation'}{'cancreate'}{'selfcreate'}}; } elsif (($domconfig{'usercreation'}{'cancreate'}{'selfcreate'} ne 'none') && ($domconfig{'usercreation'}{'cancreate'}{'selfcreate'} ne '')) { @cancreate = ($domconfig{'usercreation'}{'cancreate'}{'selfcreate'}); } } } my $defaultauth; if (grep(/^login$/,@cancreate)) { $defaultauth = 1; } my $uname = $form{'uname'}; my $authhost=Apache::lonnet::authenticate($uname,$upass, $form{'udom'},$defaultauth); # --------------------------------------------------------------------- Failed? if ($authhost eq 'no_host') { my $lc_uname = lc($form{'uname'}); if ($uname eq $lc_uname) { &failed($r,'Username and/or password could not be authenticated.', \%form); return OK; } else { $authhost=Apache::lonnet::authenticate($lc_uname,$upass, $form{'udom'},$defaultauth); if ($authhost eq 'no_host') { &failed($r,'Username (in lower case) and/or password could not be authenticated.', \%form); return OK; } elsif ($authhost eq 'no_account_on_host') { &create_account($r,\%form,\@cancreate,$lc_uname,$contact_name); return OK; } else { $form{'uname'} = $lc_uname; } } } elsif ($authhost eq 'no_account_on_host') { &create_account($r,\%form,\@cancreate,$uname); return OK; } if (($firsturl eq '') || ($firsturl=~/^\/adm\/(logout|remote)/)) { $firsturl='/adm/roles'; } # --------------------------------- Are we attempting to login as somebody else? if ($form{'suname'}) { # ------------ see if the original user has enough privileges to pull this stunt if (&Apache::lonnet::privileged($form{'uname'},$form{'udom'})) { # ---------------------------------------------------- see if the su-user exists unless (&Apache::lonnet::homeserver($form{'suname'},$form{'udom'}) eq 'no_host') { &Apache::lonnet::logthis(&Apache::lonnet::homeserver($form{'suname'},$form{'udom'})); # ------------------------------ see if the su-user is not too highly privileged unless (&Apache::lonnet::privileged($form{'suname'},$form{'udom'})) { # -------------------------------------------------------- actually switch users &Apache::lonnet::logperm('User '.$form{'uname'}.' at '.$form{'udom'}. ' logging in as '.$form{'suname'}); $form{'uname'}=$form{'suname'}; } else { &Apache::lonnet::logthis('Attempted switch user to privileged user'); } } } else { &Apache::lonnet::logthis('Non-privileged user attempting switch user'); } } if ($r->dir_config("lonBalancer") eq 'yes') { &success($r,$form{'uname'},$form{'udom'},$authhost,'noredirect',undef, \%form); $r->internal_redirect('/adm/switchserver'); } else { &success($r,$form{'uname'},$form{'udom'},$authhost,$firsturl,undef, \%form); } return OK; } sub create_account { my ($r,$form,$cancreate,$uname,$contact_name) = @_; return unless((ref($form) eq 'HASH') && (ref($cancreate) eq 'ARRAY')); my %domconfig = &Apache::lonnet::get_dom('configuration',['usercreation'],$form->{'udom'}); if (grep(/^login$/,@{$cancreate})) { my $start_page = &Apache::loncommon::start_page('Create a user account in LON-CAPA', '',{'no_inline_link' => 1,}); my $domdesc = &Apache::lonnet::domain($form->{'udom'},'description'); my $lonhost = $r->dir_config('lonHostID'); my $origmail = $Apache::lonnet::perlvar{'lonSupportEMail'}; my $contacts = &Apache::loncommon::build_recipient_list(undef,'helpdeskmail', $form->{'udom'},$origmail); my ($contact_email) = split(',',$contacts); my $output = &Apache::createaccount::username_check($uname,$form->{'udom'}, $domdesc,'',$lonhost, $contact_email,$contact_name); &Apache::loncommon::content_type($r,'text/html'); $r->send_http_header; &Apache::createaccount::print_header($r,$start_page); $r->print('