--- loncom/auth/lonauth.pm 2010/03/17 17:51:06 1.103 +++ loncom/auth/lonauth.pm 2023/06/02 01:20:26 1.179 @@ -1,416 +1,1228 @@ -# The LearningOnline Network -# User Authentication Module -# -# $Id: lonauth.pm,v 1.103 2010/03/17 17:51:06 raeburn Exp $ -# -# Copyright Michigan State University Board of Trustees -# -# This file is part of the LearningOnline Network with CAPA (LON-CAPA). -# -# LON-CAPA is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# LON-CAPA is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with LON-CAPA; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# -# /home/httpd/html/adm/gpl.txt -# -# http://www.lon-capa.org/ -# - -package Apache::lonauth; - -use strict; -use LONCAPA; -use Apache::Constants qw(:common); -use CGI qw(:standard); -use DynaLoader; # for Crypt::DES version -use Crypt::DES; -use Apache::loncommon(); -use Apache::lonnet; -use Apache::lonmenu(); -use Apache::createaccount; -use Fcntl qw(:flock); -use Apache::lonlocal; -use HTML::Entities; - -# ------------------------------------------------------------ Successful login -sub success { - my ($r, $username, $domain, $authhost, $lowerurl, $extra_env, - $form) = @_; - -# ------------------------------------------------------------ Get cookie ready - my $cookie = - &Apache::loncommon::init_user_environment($r, $username, $domain, - $authhost, $form, - {'extra_env' => $extra_env,}); - - my $public=($username eq 'public' && $domain eq 'public'); - - if ($public or $lowerurl eq 'noredirect') { return $cookie; } - -# -------------------------------------------------------------------- Log this - - &Apache::lonnet::log($domain,$username,$authhost, - "Login $ENV{'REMOTE_ADDR'}"); - -# ------------------------------------------------- Check for critical messages - - my @what=&Apache::lonnet::dump('critical',$domain,$username); - if ($what[0]) { - if (($what[0] ne 'con_lost') && ($what[0]!~/^error\:/)) { - $lowerurl='/adm/email?critical=display'; - } - } - -# ------------------------------------------------------------ Get cookie ready - $cookie="lonID=$cookie; path=/"; -# -------------------------------------------------------- Menu script and info - my $destination = $lowerurl; - - if (defined($form->{role})) { - my $envkey = 'user.role.'.$form->{role}; - my $now=time; - my $then=$env{'user.login.time'}; - my $refresh=$env{'user.refresh.time'}; - if (exists($env{$envkey})) { - my ($role,$where,$trolecode,$tstart,$tend,$tremark,$tstatus); - &Apache::lonnet::role_status($envkey,$then,$refresh,$now,\$role,\$where, - \$trolecode,\$tstatus,\$tstart,\$tend); - if ($tstatus eq 'is') { - $destination .= ($destination =~ /\?/) ? '&' : '?'; - my $newrole = &HTML::Entities::encode($form->{role},'"<>&'); - $destination .= 'selectrole=1&'.$newrole.'=1'; - } - } - } - if (defined($form->{symb})) { - my $destsymb = $form->{symb}; - $destination .= ($destination =~ /\?/) ? '&' : '?'; - if ($destsymb =~ /___/) { - # FIXME Need to deal with encrypted symbs and urls as needed. - my ($map,$resid,$desturl)=split(/___/,$destsymb); - unless ($desturl=~/^(adm|uploaded|editupload|public)/) { - $desturl = &Apache::lonnet::clutter($desturl); - } - $desturl = &HTML::Entities::encode($desturl,'"<>&'); - $destsymb = &HTML::Entities::encode($destsymb,'"<>&'); - $destination .= '&destinationurl='.$desturl. - '&destsymb='.$destsymb; - } else { - $destsymb = &HTML::Entities::encode($destsymb,'"<>&'); - $destination .= '&destinationurl='.$destsymb; - } - } - - my $windowinfo = Apache::lonhtmlcommon::scripttag('self.name="loncapaclient";'); - my $header = ''; - my $brcrum = [{'href' => '', - 'text' => 'Successful Login'},]; - my $start_page=&Apache::loncommon::start_page('Successful Login', - $header, - {'no_inline_link' => 1, - 'bread_crumbs' => $brcrum,}); - my $end_page =&Apache::loncommon::end_page(); - - my $continuelink=''.&mt('Continue').''; -# ------------------------------------------------- Output for successful login - - &Apache::loncommon::content_type($r,'text/html'); - $r->header_out('Set-cookie' => $cookie); - $r->send_http_header; - - my %lt=&Apache::lonlocal::texthash( - 'wel' => 'Welcome', - 'mes' => 'Welcome to the LearningOnline Network with CAPA. Please wait while your session is being set up.', - 'pro' => 'Login problems?', - 'log' => 'loginproblems.html', - ); - $r->print(<$lt{'wel'} -$lt{'mes'}

-$lt{'pro'}

-$continuelink -$end_page -ENDSUCCESS -} - -# --------------------------------------------------------------- Failed login! - -sub failed { - my ($r,$message,$form) = @_; - my $start_page = &Apache::loncommon::start_page('Unsuccessful Login',undef, - {'no_inline_link' => 1,}); - my $retry = '/adm/login?username='.$form->{'uname'}. - '&domain='.$form->{'udom'}; - if (exists($form->{role})) { - $retry .= '&role='.$form->{role}; - } - if (exists($form->{symb})) { - $retry .= '&symb='.$form->{symb}; - } - my $end_page = &Apache::loncommon::end_page(); - &Apache::loncommon::content_type($r,'text/html'); - $r->send_http_header; - $r->print( - $start_page - .'

'.&mt('Sorry ...').'

' - .'

'.&mt($message).'

' - .'

'.&mt('Please [_1]log in again[_2].','','') - .'

' - .'

'.&mt('Login problems?').'

' - .$end_page - ); - } - -# ------------------------------------------------------------------ Rerouting! - -sub reroute { - my ($r) = @_; - &Apache::loncommon::content_type($r,'text/html'); - $r->send_http_header; - my $msg='

'.&mt('Sorry ...').'

' - .&mt('Please [_1]log in again[_2].'); - &Apache::loncommon::simple_error_page($r,'Rerouting',$msg); -} - -# ---------------------------------------------------------------- Main handler - -sub handler { - my $r = shift; - my $form; -# Are we re-routing? - if (-e '/home/httpd/html/lon-status/reroute.txt') { - &reroute($r); - return OK; - } - - &Apache::lonlocal::get_language_handle($r); - -# -------------------------------- Prevent users from attempting to login twice - my $handle = &Apache::lonnet::check_for_valid_session($r); - if ($handle ne '') { - my $lonidsdir=$r->dir_config('lonIDsDir'); - if ($handle=~/^publicuser\_/) { -# For "public user" - remove it, we apparently really want to login - unlink($r->dir_config('lonIDsDir')."/$handle.id"); - } else { -# Indeed, a valid token is found - &Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle); - &Apache::loncommon::content_type($r,'text/html'); - $r->send_http_header; - my $start_page = - &Apache::loncommon::start_page('Already logged in'); - my $end_page = - &Apache::loncommon::end_page(); - $r->print( - $start_page - .'

'.&mt('You are already logged in!').'

' - .'

'.&mt('Please either [_1]continue the current session[_2] or [_3]log out[_4].' - ,'','','','') - .'

' - .$end_page - ); - return OK; - } - } - -# ---------------------------------------------------- No valid token, continue - - - my $buffer; - if ($r->header_in('Content-length') > 0) { - $r->read($buffer,$r->header_in('Content-length'),0); - } - my %form; - foreach my $pair (split(/&/,$buffer)) { - my ($name,$value) = split(/=/,$pair); - $value =~ tr/+/ /; - $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg; - $form{$name}=$value; - } - - if ((!$form{'uname'}) || (!$form{'upass0'}) || (!$form{'udom'})) { - &failed($r,'Username, password and domain need to be specified.', - \%form); - return OK; - } - -# split user logging in and "su"-user - - ($form{'uname'},$form{'suname'})=split(/\:/,$form{'uname'}); - $form{'uname'} = &LONCAPA::clean_username($form{'uname'}); - $form{'suname'}= &LONCAPA::clean_username($form{'suname'}); - $form{'udom'} = &LONCAPA::clean_domain( $form{'udom'}); - - my $role = $r->dir_config('lonRole'); - my $domain = $r->dir_config('lonDefDomain'); - my $prodir = $r->dir_config('lonUsersDir'); - my $contact_name = &mt('LON-CAPA helpdesk'); - -# ---------------------------------------- Get the information from login token - - my $tmpinfo=Apache::lonnet::reply('tmpget:'.$form{'logtoken'}, - $form{'serverid'}); - - if (($tmpinfo=~/^error/) || ($tmpinfo eq 'con_lost')) { - &failed($r,'Information needed to verify your login information is missing, inaccessible or expired.',\%form); - return OK; - } else { - my $reply = &Apache::lonnet::reply('tmpdel:'.$form{'logtoken'}, - $form{'serverid'}); - if ( $reply ne 'ok' ) { - &failed($r,'Session could not be opened.',\%form); - &Apache::lonnet::logthis("ERROR got a reply of $reply when trying to contact ". $form{'serverid'}." to get login token"); - return OK; - } - } - - if (!&Apache::lonnet::domain($form{'udom'})) { - &failed($r,'The domain you provided is not a valid LON-CAPA domain.',\%form); - return OK; - } - - my ($key,$firsturl,$rolestr,$symbstr)=split(/&/,$tmpinfo); - if ($rolestr) { - $rolestr = &unescape($rolestr); - } - if ($symbstr) { - $symbstr= &unescape($symbstr); - } - if ($rolestr =~ /^role=/) { - (undef,$form{'role'}) = split('=',$rolestr); - } - if ($symbstr =~ /^symb=/) { - (undef,$form{'symb'}) = split('=',$symbstr); - } - - my $keybin=pack("H16",$key); - - my $cipher; - if ($Crypt::DES::VERSION>=2.03) { - $cipher=new Crypt::DES $keybin; - } - else { - $cipher=new DES $keybin; - } - my $upass=''; - for (my $i=0;$i<=2;$i++) { - my $chunk= - $cipher->decrypt(unpack("a8",pack("H16",substr($form{'upass'.$i},0,16)))); - - $chunk.= - $cipher->decrypt(unpack("a8",pack("H16",substr($form{'upass'.$i},16,16)))); - - $chunk=substr($chunk,1,ord(substr($chunk,0,1))); - $upass.=$chunk; - } - -# ---------------------------------------------------------------- Authenticate - my @cancreate; - my %domconfig = &Apache::lonnet::get_dom('configuration',['usercreation'],$form{'udom'}); - if (ref($domconfig{'usercreation'}) eq 'HASH') { - if (ref($domconfig{'usercreation'}{'cancreate'}) eq 'HASH') { - if (ref($domconfig{'usercreation'}{'cancreate'}{'selfcreate'}) eq 'ARRAY') { - @cancreate = @{$domconfig{'usercreation'}{'cancreate'}{'selfcreate'}}; - } elsif (($domconfig{'usercreation'}{'cancreate'}{'selfcreate'} ne 'none') && - ($domconfig{'usercreation'}{'cancreate'}{'selfcreate'} ne '')) { - @cancreate = ($domconfig{'usercreation'}{'cancreate'}{'selfcreate'}); - } - } - } - my $defaultauth; - if (grep(/^login$/,@cancreate)) { - $defaultauth = 1; - } - my $authhost=Apache::lonnet::authenticate($form{'uname'},$upass, - $form{'udom'},$defaultauth); - -# --------------------------------------------------------------------- Failed? - - if ($authhost eq 'no_host') { - &failed($r,'Username and/or password could not be authenticated.', - \%form); - return OK; - } elsif ($authhost eq 'no_account_on_host') { - my %domconfig = - &Apache::lonnet::get_dom('configuration',['usercreation'],$form{'udom'}); - if (grep(/^login$/,@cancreate)) { - my $start_page = - &Apache::loncommon::start_page('Create a user account in LON-CAPA', - '',{'no_inline_link' => 1,}); - my $domdesc = &Apache::lonnet::domain($form{'udom'},'description'); - my $lonhost = $r->dir_config('lonHostID'); - my $origmail = $Apache::lonnet::perlvar{'lonSupportEMail'}; - my $contacts = - &Apache::loncommon::build_recipient_list(undef,'helpdeskmail', - $form{'udom'},$origmail); - my ($contact_email) = split(',',$contacts); - my $output = &Apache::createaccount::username_check($form{'uname'}, - $form{'udom'},$domdesc,'', - $lonhost,$contact_email,$contact_name); - &Apache::loncommon::content_type($r,'text/html'); - $r->send_http_header; - &Apache::createaccount::print_header($r,$start_page); - $r->print('

'.&mt('Account creation').'

'. - &mt('Although your username and password were authenticated, you do not currently have a LON-CAPA account at this institution.').'
'. - $output.&Apache::loncommon::end_page()); - return OK; - } else { - &failed($r,'Although your username and password were authenticated, you do not currently have a LON-CAPA account in this domain, and you are not permitted to create one.',\%form); - return OK; - } - } - - if (($firsturl eq '') || - ($firsturl=~/^\/adm\/(logout|remote)/)) { - $firsturl='/adm/roles'; - } -# --------------------------------- Are we attempting to login as somebody else? - if ($form{'suname'}) { -# ------------ see if the original user has enough privileges to pull this stunt - if (&Apache::lonnet::privileged($form{'uname'},$form{'udom'})) { -# ---------------------------------------------------- see if the su-user exists - unless (&Apache::lonnet::homeserver($form{'suname'},$form{'udom'}) - eq 'no_host') { - &Apache::lonnet::logthis(&Apache::lonnet::homeserver($form{'suname'},$form{'udom'})); -# ------------------------------ see if the su-user is not too highly privileged - unless (&Apache::lonnet::privileged($form{'suname'},$form{'udom'})) { -# -------------------------------------------------------- actually switch users - &Apache::lonnet::logperm('User '.$form{'uname'}.' at '.$form{'udom'}. - ' logging in as '.$form{'suname'}); - $form{'uname'}=$form{'suname'}; - } else { - &Apache::lonnet::logthis('Attempted switch user to privileged user'); - } - } - } else { - &Apache::lonnet::logthis('Non-privileged user attempting switch user'); - } - } - - if ($r->dir_config("lonBalancer") eq 'yes') { - &success($r,$form{'uname'},$form{'udom'},$authhost,'noredirect',undef, - \%form); - $r->internal_redirect('/adm/switchserver'); - } else { - &success($r,$form{'uname'},$form{'udom'},$authhost,$firsturl,undef, - \%form); - } - return OK; -} - -1; -__END__ - - +# The LearningOnline Network +# User Authentication Module +# +# $Id: lonauth.pm,v 1.179 2023/06/02 01:20:26 raeburn Exp $ +# +# Copyright Michigan State University Board of Trustees +# +# This file is part of the LearningOnline Network with CAPA (LON-CAPA). +# +# LON-CAPA is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# LON-CAPA is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with LON-CAPA; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# +# /home/httpd/html/adm/gpl.txt +# +# http://www.lon-capa.org/ +# + +package Apache::lonauth; + +use strict; +use LONCAPA qw(:DEFAULT :match); +use Apache::Constants qw(:common); +use CGI qw(:standard); +use Apache::loncommon(); +use Apache::lonnet; +use Apache::lonmenu(); +use Apache::createaccount; +use Apache::ltiauth; +use Fcntl qw(:flock); +use Apache::lonlocal; +use Apache::File(); +use HTML::Entities; +use Digest::MD5; +use CGI::Cookie(); + +# ------------------------------------------------------------ Successful login +sub success { + my ($r, $username, $domain, $authhost, $lowerurl, $extra_env, + $form,$skipcritical,$cid,$expirepub,$write_to_opener) = @_; + +# ------------------------------------------------------------ Get cookie ready + my $cookie = + &Apache::loncommon::init_user_environment($r, $username, $domain, + $authhost, $form, + {'extra_env' => $extra_env,}); + + my $public=($username eq 'public' && $domain eq 'public'); + + if ($public or $lowerurl eq 'noredirect') { return $cookie; } + +# -------------------------------------------------------------------- Log this + + my $ip = &Apache::lonnet::get_requestor_ip(); + &Apache::lonnet::log($domain,$username,$authhost, + "Login $ip"); + +# ------------------------------------------------- Check for critical messages + + unless ($skipcritical) { + my @what=&Apache::lonnet::dump('critical',$domain,$username); + if ($what[0]) { + if (($what[0] ne 'con_lost') && ($what[0]!~/^error\:/)) { + $lowerurl='/adm/email?critical=display'; + } + } + } + +# ----------------------------------------------------------- Get cookies ready + my ($securecookie,$defaultcookie); + my $ssl = $r->subprocess_env('https'); + if ($ssl) { + $securecookie="lonSID=$cookie; path=/; HttpOnly; secure"; + my $lonidsdir=$r->dir_config('lonIDsDir'); + if (($lonidsdir) && (-e "$lonidsdir/$cookie.id")) { + my $linkname=substr(Digest::MD5::md5_hex(Digest::MD5::md5_hex(time(). {}. rand(). $$)), 0, 32).'_linked'; + if (-e "$lonidsdir/$linkname.id") { + unlink("$lonidsdir/$linkname.id"); + } + my $made_symlink = eval { symlink("$lonidsdir/$cookie.id", + "$lonidsdir/$linkname.id"); 1 }; + if ($made_symlink) { + $defaultcookie = "lonLinkID=$linkname; path=/; HttpOnly;"; + &Apache::lonnet::appenv({'user.linkedenv' => $linkname}); + } + } + } else { + $defaultcookie = "lonID=$cookie; path=/; HttpOnly;"; + } +# -------------------------------------------------------- Menu script and info + my $destination = $lowerurl; + if ($env{'request.lti.login'}) { + if (($env{'request.lti.reqcrs'}) && ($env{'request.lti.reqrole'} eq 'cc')) { + &Apache::loncommon::content_type($r,'text/html'); + if ($securecookie) { + $r->headers_out->add('Set-cookie' => $securecookie); + } + if ($defaultcookie) { + $r->headers_out->add('Set-cookie' => $defaultcookie); + } + $r->send_http_header; + if (ref($form) eq 'HASH') { + $form->{'lti.login'} = $env{'request.lti.login'}; + $form->{'lti.reqcrs'} = $env{'request.lti.reqcrs'}; + $form->{'lti.reqrole'} = $env{'request.lti.reqrole'}; + $form->{'lti.sourcecrs'} = $env{'request.lti.sourcecrs'}; + } + &Apache::ltiauth::lti_reqcrs($r,$domain,$form,$username,$domain); + return; + } + if ($env{'request.lti.selfenrollrole'}) { + if (&Apache::ltiauth::lti_enroll($username,$domain, + $env{'request.lti.selfenrollrole'}) eq 'ok') { + $form->{'role'} = $env{'request.lti.selfenrollrole'}; + &Apache::lonnet::delenv('request.lti.selfenrollrole'); + } else { + &Apache::ltiauth::invalid_request($r,24); + } + } + } + if (defined($form->{role})) { + my $envkey = 'user.role.'.$form->{role}; + my $now=time; + my $then=$env{'user.login.time'}; + my $refresh=$env{'user.refresh.time'}; + my $update=$env{'user.update.time'}; + if (!$update) { + $update = $then; + } + if (exists($env{$envkey})) { + my ($role,$where,$trolecode,$tstart,$tend,$tremark,$tstatus); + &Apache::lonnet::role_status($envkey,$update,$refresh,$now,\$role,\$where, + \$trolecode,\$tstatus,\$tstart,\$tend); + if ($tstatus eq 'is') { + $destination .= ($destination =~ /\?/) ? '&' : '?'; + my $newrole = &HTML::Entities::encode($form->{role},'"<>&'); + $destination .= 'selectrole=1&'.$newrole.'=1'; + } + } + } elsif (defined($form->{display})) { + if ($destination =~ m{^/adm/email($|\?)}) { + $destination .= ($destination =~ /\?/) ? '&' : '?' .'display='.&escape($form->{display}); + } + } + if (defined($form->{symb})) { + my $destsymb = $form->{symb}; + my $encrypted; + if ($destsymb =~ m{^/enc/}) { + $encrypted = 1; + if ($cid) { + $destsymb = &Apache::lonenc::unencrypted($destsymb,$cid); + } + } + $destination .= ($destination =~ /\?/) ? '&' : '?'; + if ($destsymb =~ /___/) { + my ($map,$resid,$desturl)=split(/___/,$destsymb); + $desturl = &Apache::lonnet::clutter($desturl); + if ($encrypted) { + $desturl = &Apache::lonenc::encrypted($desturl,1,$cid); + $destsymb = $form->{symb}; + } + $desturl = &HTML::Entities::encode($desturl,'"<>&'); + $destsymb = &HTML::Entities::encode($destsymb,'"<>&'); + $destination .= 'destinationurl='.$desturl. + '&destsymb='.$destsymb; + } elsif (!$encrypted) { + $destsymb = &HTML::Entities::encode($destsymb,'"<>&'); + $destination .= 'destinationurl='.$destsymb; + } + } + if ($destination =~ m{^/adm/roles}) { + $destination .= ($destination =~ /\?/) ? '&' : '?'; + $destination .= 'source=login'; + } + + my $brcrum = [{'href' => '', + 'text' => 'Successful Login'},]; + my $args = {'no_inline_link' => 1, + 'bread_crumbs' => $brcrum,}; + if (($env{'request.deeplink.login'} eq $lowerurl) && + (($env{'request.linkprot'}) || ($env{'request.linkkey'} ne ''))) { + my %info; + if ($env{'request.linkprot'}) { + $info{'linkprot'} = $env{'request.linkprot'}; + foreach my $item ('linkprotuser','linkprotexit','linkprotpbid','linkprotpburl') { + if ($form->{$item}) { + $info{$item} = $form->{$item}; + } + } + $args = {'only_body' => 1,}; + } elsif ($env{'request.linkkey'} ne '') { + $info{'linkkey'} = $env{'request.linkkey'}; + } + $info{'origurl'} = $lowerurl; + my $token = &Apache::lonnet::tmpput(\%info,$r->dir_config('lonHostID'),'link'); + unless (($token eq 'con_lost') || ($token eq 'refused') || + ($token eq 'unknown_cmd') || ($token eq 'no_such_host')) { + $destination .= (($destination =~ /\?/) ? '&' : '?') . 'ttoken='.$token; + } + } + + my $windowname = 'loncapaclient'; + if ($env{'request.lti.login'}) { + $windowname .= 'lti'; + } + my $windowinfo = Apache::lonhtmlcommon::scripttag('self.name="'.$windowname.'";'); + unless ((defined($form->{role})) || (defined($form->{symb}))) { + my $update=$env{'user.update.time'}; + if (!$update) { + $update = $env{'user.login.time'}; + } + my %roles_in_env; + my $showcount = &Apache::lonroles::roles_from_env(\%roles_in_env,$update); + if ($showcount == 1) { + foreach my $rolecode (keys(%roles_in_env)) { + my ($cid) = ($rolecode =~ m{^\Quser.role.st./\E($match_domain/$match_courseid)(?:/|$)}); + if ($cid) { + my %coursedescription = + &Apache::lonnet::coursedescription($cid,{'one_time' => '1'}); + if ($coursedescription{'type'} eq 'Placement') { + $args->{'crstype'} = 'Placement'; + } + last; + } + } + } + } + +# ------------------------------------------------- Output for successful login + + &Apache::loncommon::content_type($r,'text/html'); + if ($securecookie) { + $r->headers_out->add('Set-cookie' => $securecookie); + } + if ($defaultcookie) { + $r->headers_out->add('Set-cookie' => $defaultcookie); + } + if ($expirepub) { + my $c = new CGI::Cookie(-name => 'lonPubID', + -value => '', + -expires => '-10y',); + $r->headers_out->add('Set-cookie' => $c); + } + $r->send_http_header; + + my ($start_page,$js,$pagebody,$end_page); + if ($env{'request.lti.login'}) { + $args = {'only_body' => 1}; + if ($env{'request.lti.target'} eq '') { + my $ltitarget = (($destination =~ /\?/) ? '&' : '?'). + 'ltitarget=iframe'; + &js_escape(\$destination); + $js = <<"ENDJS"; + + + +ENDJS + $args->{'add_entries'} = {'onload' => "javascript:setLTItarget();"}; + $pagebody = ''; + } else { + $args->{'redirect'} = [0,$destination,1]; + } + $start_page=&Apache::loncommon::start_page('',$js,$args); + } else { + $args->{'redirect'} = [0,$destination,'',$write_to_opener]; + $start_page=&Apache::loncommon::start_page('Successful Login', + $js,$args); + unless ($env{'request.linkprot'}) { + my %lt=&Apache::lonlocal::texthash( + 'wel' => 'Welcome', + 'pro' => 'Login problems?', + ); + $pagebody = "

$lt{'wel'}

\n". + &mt('Welcome to the Learning[_1]Online[_2] Network with CAPA. Please wait while your session is being set up.','',''); + my $loginhelp = &loginhelpdisplay($domain); + if ($loginhelp) { + $pagebody .= '

'.$lt{'pro'}.'

'; + } + } + } + $end_page = &Apache::loncommon::end_page(); + $r->print(< 1}; + } + if ($form->{firsturl} =~ m{^/tiny/$match_domain/\w+$}) { + if ($form->{linkprot}) { + $args->{only_body} = 1; + } + } + + my @actions; + my $start_page = &Apache::loncommon::start_page('Unsuccessful Login',undef,$args); + my $uname = &Apache::loncommon::cleanup_html($form->{'uname'}); + my $udom = &Apache::loncommon::cleanup_html($form->{'udom'}); + if (&Apache::lonnet::domain($udom,'description') eq '') { + undef($udom); + } + my $authtype; + if (($udom ne '') && ($uname ne '') && ($authhost eq 'no_host')) { + $authtype = &Apache::lonnet::queryauthenticate($uname,$udom); + } + my $retry = '/adm/login'; + if (($uname eq $form->{'uname'}) && ($authtype !~ /^lti:/)) { + $retry .= '?username='.$uname; + } + if ($udom) { + $retry .= (($retry=~/\?/)?'&':'?').'domain='.$udom; + } + my $lonhost = $r->dir_config('lonHostID'); + my $querystr; + my $result = &set_retry_token($form,$lonhost,\$querystr); + if ($result eq 'fail') { + if (exists($form->{role})) { + my $role = &Apache::loncommon::cleanup_html($form->{role}); + if ($role ne '') { + $retry .= (($retry=~/\?/)?'&':'?').'role='.$role; + } + } + if (exists($form->{symb})) { + my $symb = &Apache::loncommon::cleanup_html($form->{symb}); + if ($symb ne '') { + $retry .= (($retry=~/\?/)?'&':'?').'symb='.$symb; + } + } + if (exists($form->{firsturl})) { + my $firsturl = &Apache::loncommon::cleanup_html($form->{firsturl}); + if ($firsturl ne '') { + $retry .= (($retry=~/\?/)?'&':'?').'firsturl='.$firsturl; + if ($form->{firsturl} =~ m{^/tiny/$match_domain/\w+$}) { + unless (exists($form->{linkprot})) { + if (exists($form->{linkkey})) { + $retry .= 'linkkey='.$form->{linkkey}; + } + } + } + } + } + if (exists($form->{linkprot})) { + my %info = ( + 'linkprot' => $form->{'linkprot'}, + ); + foreach my $item ('linkprotuser','linkprotexit','linkprotpbid','linkprotpburl') { + if ($form->{$item} ne '') { + $info{$item} = $form->{$item}; + } + } + my $ltoken = &Apache::lonnet::tmpput(\%info, + $r->dir_config('lonHostID'),'retry'); + if ($ltoken) { + $retry .= (($retry =~ /\?/) ? '&' : '?').'ltoken='.$ltoken; + } + } + } elsif ($querystr ne '') { + $retry .= (($retry=~/\?/)?'&':'?').$querystr; + } + my $end_page = &Apache::loncommon::end_page(); + &Apache::loncommon::content_type($r,'text/html'); + $r->send_http_header; + if ($authtype =~ /^lti:/) { + $message = &mt('Direct login is not supported with the username you entered.'). + '

'. + &mt('You likely need to launch LON-CAPA from within a course in a different Learning Management System.'). + '
'. + &mt('You can also try to log in with a different username.'); + @actions = + (&mt('Try your [_1]log in again[_2].','','')); + } else { + $message = &mt($message); + @actions = + (&mt('Please [_1]log in again[_2].','','')); + } + my $loginhelp = &loginhelpdisplay($udom); + if ($loginhelp) { + push(@actions, ''.&mt('Login problems?').''); + } + #FIXME: link to helpdesk might be added here + $r->print( + $start_page + .'

'.&mt('Sorry ...').'

' + .&Apache::lonhtmlcommon::confirm_success($message,1).'

' + .&Apache::lonhtmlcommon::actionbox(\@actions) + .$end_page + ); + } + +# ------------------------------------------------------------------ Rerouting! + +sub reroute { + my ($r) = @_; + &Apache::loncommon::content_type($r,'text/html'); + $r->send_http_header; + my $msg=''.&mt('Sorry ...').'
' + .&mt('Please [_1]log in again[_2].'); + &Apache::loncommon::simple_error_page($r,'Rerouting',$msg,{'no_auto_mt_msg' => 1}); +} + +# ---------------------------------------------------------------- Main handler + +sub handler { + my $r = shift; + my $londocroot = $r->dir_config('lonDocRoot'); +# Are we re-routing? + if (-e "$londocroot/lon-status/reroute.txt") { + &reroute($r); + return OK; + } + + &Apache::lonlocal::get_language_handle($r); + +# -------------------------------- Prevent users from attempting to login twice + my $handle = &Apache::lonnet::check_for_valid_session($r); + if ($handle ne '') { + my $lonidsdir=$r->dir_config('lonIDsDir'); + if ($handle=~/^publicuser\_/) { +# For "public user" - remove it, we apparently really want to login + unlink($r->dir_config('lonIDsDir')."/$handle.id"); + } else { +# Indeed, a valid token is found + &Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle); + &Apache::loncommon::content_type($r,'text/html'); + $r->send_http_header; + my $start_page = + &Apache::loncommon::start_page('Already logged in'); + my $end_page = + &Apache::loncommon::end_page(); + my $dest = '/adm/roles'; + my %form = &get_form_items($r); + if ($form{'logtoken'}) { + my $tmpinfo = &Apache::lonnet::reply('tmpget:'.$form{'logtoken'}, + $form{'serverid'}); + unless (($tmpinfo=~/^error/) || ($tmpinfo eq 'con_lost') || + ($tmpinfo eq 'no_such_host')) { + my ($des_key,$firsturl,@rest)=split(/&/,$tmpinfo); + $firsturl = &unescape($firsturl); + my %info; + foreach my $item (@rest) { + my ($key,$value) = split(/=/,$item); + $info{$key} = &unescape($value); + } + if ($firsturl ne '') { + $info{'firsturl'} = $firsturl; + $dest = $firsturl; + my $relogin; + if ($dest =~ m{^/tiny/$match_domain/\w+$}) { + if ($env{'request.course.id'}) { + my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'}; + my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'}; + my $symb = &Apache::loncommon::symb_from_tinyurl($dest,$cnum,$cdom); + if ($symb) { + unless (&set_deeplink_login(%info) eq 'ok') { + $relogin = 1; + } + } + } + if ($relogin) { + $r->print( + $start_page + .'

'.&mt('You are already logged in!').'

' + .'

'.&mt('Please [_1]log out[_2] first, and then try your access again', + '','') + .'

' + .$end_page); + } else { + if (($info{'linkprot'}) || ($info{'linkkey'} ne '')) { + if (($info{'linkprot'}) && ($info{'linkprotuser'} ne '')) { + unless ($info{'linkprotuser'} eq $env{'user.name'}.':'.$env{'user.domain'}) { + $r->print( + $start_page + .'

'.&mt('You are already logged in, but as a different user from the one expected for the link you followed from another system').'

' + .'

'.&mt('Please [_1]log out[_2] first, and then try following the link again from the other system', + '','') + + .'

' + .$end_page); + return OK; + } + } + my $token = &Apache::lonnet::tmpput(\%info,$r->dir_config('lonHostID'),'link'); + unless (($token eq 'con_lost') || ($token eq 'refused') || + ($token eq 'unknown_cmd') || ($token eq 'no_such_host')) { + $dest .= (($dest =~ /\?/) ? '&' : '?') . 'ttoken='.$token; + } + } + $r->print( + $start_page + .'

'.&mt('You are already logged in!').'

' + .'

'.&mt('Please either [_1]continue the current session[_2] or [_3]log out[_4] first, and then try your access again', + '','', + '','') + .'

' + .$end_page); + } + return OK; + } + } + } + } + $r->print( + $start_page + .'

'.&mt('You are already logged in!').'

' + .'

'.&mt('Please either [_1]continue the current session[_2] or [_3]log out[_4].' + ,'','','','') + .'

' + .$end_page + ); + return OK; + } + } + +# ---------------------------------------------------- No valid token, continue + + my %form = &get_form_items($r); + if ((!$form{'uname'}) || (!$form{'upass0'}) || (!$form{'udom'})) { + &failed($r,'Username, password and domain need to be specified.', + \%form); + return OK; + } + +# split user logging in and "su"-user + + ($form{'uname'},$form{'suname'},$form{'sudom'})=split(/\:/,$form{'uname'}); + $form{'uname'} = &LONCAPA::clean_username($form{'uname'}); + $form{'suname'}= &LONCAPA::clean_username($form{'suname'}); + $form{'udom'} = &LONCAPA::clean_domain($form{'udom'}); + $form{'sudom'} = &LONCAPA::clean_domain($form{'sudom'}); + + my $role = $r->dir_config('lonRole'); + my $domain = $r->dir_config('lonDefDomain'); + my $prodir = $r->dir_config('lonUsersDir'); + my $contact_name = &mt('LON-CAPA helpdesk'); + +# ---------------------------------------- Get the information from login token + + my $tmpinfo=Apache::lonnet::reply('tmpget:'.$form{'logtoken'}, + $form{'serverid'}); + + if (($tmpinfo=~/^error/) || ($tmpinfo eq 'con_lost') || + ($tmpinfo eq 'no_such_host')) { + &failed($r,'Information needed to verify your login information is missing, inaccessible or expired.',\%form); + return OK; + } else { + my $reply = &Apache::lonnet::reply('tmpdel:'.$form{'logtoken'}, + $form{'serverid'}); + if ( $reply ne 'ok' ) { + &failed($r,'Session could not be opened.',\%form); + &Apache::lonnet::logthis("ERROR got a reply of $reply when trying to contact ". $form{'serverid'}." to get login token"); + return OK; + } + } + + if (!&Apache::lonnet::domain($form{'udom'})) { + &failed($r,'The domain you provided is not a valid LON-CAPA domain.',\%form); + return OK; + } + + my ($des_key,$firsturl,@rest)=split(/&/,$tmpinfo); + $firsturl = &unescape($firsturl); + foreach my $item (@rest) { + my ($key,$value) = split(/=/,$item); + $form{$key} = &unescape($value); + } + if ($firsturl =~ m{^/tiny/$match_domain/\w+$}) { + $form{'firsturl'} = $firsturl; + } + my $upass = $ENV{HTTPS} ? $form{'upass0'} + : &Apache::loncommon::des_decrypt($des_key,$form{'upass0'}); + +# ---------------------------------------------------------------- Authenticate + + my %domconfig = &Apache::lonnet::get_dom('configuration',['usercreation'],$form{'udom'}); + my ($cancreate,$statustocreate) = + &Apache::createaccount::get_creation_controls($form{'udom'},$domconfig{'usercreation'}); + my $defaultauth; + if (ref($cancreate) eq 'ARRAY') { + if (grep(/^login$/,@{$cancreate})) { + $defaultauth = 1; + } + } + my $clientcancheckhost = 1; + my $authhost=Apache::lonnet::authenticate($form{'uname'},$upass, + $form{'udom'},$defaultauth, + $clientcancheckhost); + +# --------------------------------------------------------------------- Failed? + + if ($authhost eq 'no_host') { + my $pwdverify; + if (&Apache::lonnet::homeserver($form{'uname'},$form{'udom'}) eq 'no_host') { + my %possunames = &alternate_unames_check($form{'uname'},$form{'udom'}); + if (keys(%possunames) > 0) { + foreach my $rulematch (keys(%possunames)) { + my $possuname = $possunames{$rulematch}; + if (($possuname ne '') && ($possuname =~ /^$match_username$/)) { + $authhost=Apache::lonnet::authenticate($possuname,$upass, + $form{'udom'},undef, + $clientcancheckhost); + if (($authhost eq 'no_host') || ($authhost eq 'no_account_on_host')) { + next; + } elsif (($authhost ne '') && (&Apache::lonnet::hostname($authhost) ne '')) { + $pwdverify = 1; + &Apache::lonnet::logthis("Authenticated user: $possuname was submitted as: $form{'uname'}"); + $form{'uname'} = $possuname; + last; + } + } + } + } + } + unless ($pwdverify) { + &failed($r,'Username and/or password could not be authenticated.', + \%form,$authhost); + return OK; + } + } elsif ($authhost eq 'no_account_on_host') { + if ($defaultauth) { + my $domdesc = &Apache::lonnet::domain($form{'udom'},'description'); + unless (&check_can_host($r,\%form,'no_account_on_host',$domdesc)) { + return OK; + } + my $start_page = + &Apache::loncommon::start_page('Create a user account in LON-CAPA', + '',{'no_inline_link' => 1,}); + my $lonhost = $r->dir_config('lonHostID'); + my $origmail = $Apache::lonnet::perlvar{'lonSupportEMail'}; + my $contacts = + &Apache::loncommon::build_recipient_list(undef,'helpdeskmail', + $form{'udom'},$origmail); + my ($contact_email) = split(',',$contacts); + my $output = + &Apache::createaccount::username_check($form{'uname'},$form{'udom'}, + $domdesc,'',$lonhost, + $contact_email,$contact_name, + undef,$statustocreate); + &Apache::loncommon::content_type($r,'text/html'); + $r->send_http_header; + &Apache::createaccount::print_header($r,$start_page); + $r->print('

'.&mt('Account creation').'

'. + &mt('Although your username and password were authenticated, you do not currently have a LON-CAPA account at this institution.').'
'. + $output.&Apache::loncommon::end_page()); + return OK; + } else { + &failed($r,'Although your username and password were authenticated, you do not currently have a LON-CAPA account in this domain, and you are not permitted to create one.',\%form); + return OK; + } + } + + if (($firsturl eq '') || + ($firsturl=~/^\/adm\/(logout|remote)/)) { + $firsturl='/adm/roles'; + } + + my ($hosthere,%sessiondata); + if ($form{'iptoken'}) { + %sessiondata = &Apache::lonnet::tmpget($form{'iptoken'}); + my $delete = &Apache::lonnet::tmpdel($form{'iptoken'}); + if (($sessiondata{'domain'} eq $form{'udom'}) && + ($sessiondata{'username'} eq $form{'uname'})) { + $hosthere = 1; + } + } + +# --------------------------------- Are we attempting to login as somebody else? + if ($form{'suname'}) { + my ($suname,$sudom,$sudomref); + $suname = $form{'suname'}; + $sudom = $form{'udom'}; + if ($form{'sudom'}) { + unless ($sudom eq $form{'sudom'}) { + if (&Apache::lonnet::domain($form{'sudom'})) { + $sudomref = [$form{'sudom'}]; + $sudom = $form{'sudom'}; + } + } + } +# ------------ see if the original user has enough privileges to pull this stunt + if (&Apache::lonnet::privileged($form{'uname'},$form{'udom'},$sudomref)) { +# ---------------------------------------------------- see if the su-user exists + unless (&Apache::lonnet::homeserver($suname,$sudom) eq 'no_host') { +# ------------------------------ see if the su-user is not too highly privileged + if (&Apache::lonnet::privileged($suname,$sudom)) { + &Apache::lonnet::logthis('Attempted switch user to privileged user'); + } else { + my $noprivswitch; +# +# su-user's home server and user's home server must have one of: +# (a) same domain +# (b) same primary library server for the two domains +# (c) same "internet domain" for primary library server(s) for home servers' domains +# + my $suprim = &Apache::lonnet::domain($sudom,'primary'); + my $suintdom = &Apache::lonnet::internet_dom($suprim); + unless ($sudom eq $form{'udom'}) { + my $uprim = &Apache::lonnet::domain($form{'udom'},'primary'); + my $uintdom = &Apache::lonnet::internet_dom($uprim); + unless ($suprim eq $uprim) { + unless ($suintdom eq $uintdom) { + &Apache::lonnet::logthis('Attempted switch user ' + .'to user with different "internet domain".'); + $noprivswitch = 1; + } + } + } + + unless ($noprivswitch) { +# +# server where log-in occurs must have same "internet domain" as su-user's home +# server +# + my $lonhost = $r->dir_config('lonHostID'); + my $hostintdom = &Apache::lonnet::internet_dom($lonhost); + if ($hostintdom ne $suintdom) { + &Apache::lonnet::logthis('Attempted switch user on a ' + .'server with a different "internet domain".'); + } else { + +# -------------------------------------------------------- actually switch users + + &Apache::lonnet::logperm('User '.$form{'uname'}.' at '. + $form{'udom'}.' logging in as '.$suname.':'.$sudom); + $form{'uname'}=$suname; + if ($form{'udom'} ne $sudom) { + $form{'udom'}=$sudom; + } + } + } + } + } + } else { + &Apache::lonnet::logthis('Non-privileged user attempting switch user'); + } + } + + if ($form{'firsturl'} =~ m{^/tiny/$match_domain/\w+$}) { + if (($form{'linkprot'}) && ($form{'linkprotuser'} ne '')) { + unless($form{'linkprotuser'} eq $form{'uname'}.':'.$form{'udom'}) { + delete($form{'udom'}); + delete($form{'uname'}); + &failed($r,'Username and/or domain are different to that expected for the link you followed from another system', + \%form,$authhost); + return OK; + } + } + } + + my ($is_balancer,$otherserver); + + unless ($hosthere) { + ($is_balancer,$otherserver) = + &Apache::lonnet::check_loadbalancing($form{'uname'},$form{'udom'},'login'); + if ($is_balancer) { + # Check if browser sent a LON-CAPA load balancer cookie (and this is a balancer) + my ($found_server,$balancer_cookie) = &Apache::lonnet::check_for_balancer_cookie($r); + if (($found_server) && ($balancer_cookie =~ /^\Q$env{'user.domain'}\E_\Q$env{'user.name'}\E_/)) { + $otherserver = $found_server; + } + if ($otherserver eq '') { + my $lowest_load; + ($otherserver,undef,undef,undef,$lowest_load) = &Apache::lonnet::choose_server($form{'udom'}); + if ($lowest_load > 100) { + $otherserver = &Apache::lonnet::spareserver($r,$lowest_load,$lowest_load,1,$form{'udom'}); + } + } + if ($otherserver ne '') { + my @hosts = &Apache::lonnet::current_machine_ids(); + if (grep(/^\Q$otherserver\E$/,@hosts)) { + $hosthere = $otherserver; + } + } + } + } + + if (($is_balancer) && (!$hosthere)) { + if ($otherserver) { + &success($r,$form{'uname'},$form{'udom'},$authhost,'noredirect',undef, + \%form); + my $switchto = '/adm/switchserver?otherserver='.$otherserver; + if (($firsturl) && ($firsturl ne '/adm/switchserver') && ($firsturl ne '/adm/roles')) { + $switchto .= '&origurl='.$firsturl; + } + if ($form{'role'}) { + $switchto .= '&role='.$form{'role'}; + } + if ($form{'symb'}) { + $switchto .= '&symb='.$form{'symb'}; + } + if ($form{'linkprot'}) { + $env{'request.linkprot'} = $form{'linkprot'}; + foreach my $item ('linkprotuser','linkprotexit','linkprotpbid','linkprotpburl') { + if ($form{$item}) { + $env{'request.'.$item} = $form{$item}; + } + } + } elsif ($form{'linkkey'} ne '') { + $env{'request.linkkey'} = $form{'linkkey'}; + } + if ($form{'firsturl'} =~ m{^/tiny/$match_domain/\w+$}) { + &set_deeplink_login(%form); + } elsif ($firsturl eq '/adm/email') { + if ($form{'display'} && ($form{'mailrecip'} eq "$form{'uname'}:$form{'udom'}")) { + $env{'request.display'} = $form{'display'}; + $env{'request.mailrecip'} = $form{'mailrecip'}; + } + } + $r->internal_redirect($switchto); + } else { + &Apache::loncommon::content_type($r,'text/html'); + $r->send_http_header; + $r->print(&noswitch()); + } + return OK; + } else { + if (!&check_can_host($r,\%form,$authhost)) { + my ($otherserver) = &Apache::lonnet::choose_server($form{'udom'}); + if ($otherserver) { + &success($r,$form{'uname'},$form{'udom'},$authhost,'noredirect',undef, + \%form); + my $switchto = '/adm/switchserver?otherserver='.$otherserver; + if (($firsturl) && ($firsturl ne '/adm/switchserver') && ($firsturl ne '/adm/roles')) { + $switchto .= '&origurl='.$firsturl; + } + if ($form{'role'}) { + $switchto .= '&role='.$form{'role'}; + } + if ($form{'symb'}) { + $switchto .= '&symb='.$form{'symb'}; + } + if ($form{'linkprot'}) { + $env{'request.linkprot'} = $form{'linkprot'}; + foreach my $item ('linkprotuser','linkprotexit','linkprotpbid','linkprotpburl') { + if ($form{$item}) { + $env{'request.'.$item} = $form{$item}; + } + } + } elsif ($form{'linkkey'} ne '') { + $env{'request.linkkey'} = $form{'linkkey'}; + } + if ($form{'firsturl'} =~ m{^/tiny/$match_domain/\w+$}) { + &set_deeplink_login(%form); + } elsif ($firsturl eq '/adm/email') { + if ($form{'display'} && ($form{'mailrecip'} eq "$form{'uname'}:$form{'udom'}")) { + $env{'request.display'} = $form{'display'}; + $env{'request.mailrecip'} = $form{'mailrecip'}; + } + } + $r->internal_redirect($switchto); + } else { + &Apache::loncommon::content_type($r,'text/html'); + $r->send_http_header; + $r->print(&noswitch()); + } + return OK; + } + +# ------------------------------------------------------- Do the load balancing + +# ---------------------------------------------------------- Determine own load + my $loadlim = $r->dir_config('lonLoadLim'); + my $loadavg; + { + my $loadfile=Apache::File->new('/proc/loadavg'); + $loadavg=<$loadfile>; + } + $loadavg =~ s/\s.*//g; + my $loadpercent=sprintf("%.1f",100*$loadavg/$loadlim); + my $userloadpercent=&Apache::lonnet::userload(); + +# ---------------------------------------------------------- Are we overloaded? + if ((($userloadpercent>100.0)||($loadpercent>100.0))) { + my $unloaded=Apache::lonnet::spareserver($r,$loadpercent,$userloadpercent,1,$form{'udom'}); + if (!$unloaded) { + ($unloaded) = &Apache::lonnet::choose_server($form{'udom'}); + } + if ($unloaded) { + &success($r,$form{'uname'},$form{'udom'},$authhost,'noredirect', + undef,\%form); + if ($form{'linkprot'}) { + $env{'request.linkprot'} = $form{'linkprot'}; + } elsif ($form{'linkkey'} ne '') { + $env{'request.linkkey'} = $form{'linkkey'}; + } + if ($form{'firsturl'} =~ m{^/tiny/$match_domain/\w+$}) { + &set_deeplink_login(%form); + } elsif ($firsturl eq '/adm/email') { + if ($form{'display'} && ($form{'mailrecip'} eq "$form{'uname'}:$form{'udom'}")) { + $env{'request.display'} = $form{'display'}; + $env{'request.mailrecip'} = $form{'mailrecip'}; + } + } + $r->internal_redirect('/adm/switchserver?otherserver='.$unloaded.'&origurl='.$firsturl); + return OK; + } + } + if (($is_balancer) && ($hosthere)) { + $form{'noloadbalance'} = $hosthere; + } + my $extra_env; + if (($hosthere) && ($sessiondata{'sessionserver'} ne '')) { + if ($sessiondata{'origurl'} ne '') { + $firsturl = $sessiondata{'origurl'}; + $form{'firsturl'} = $sessiondata{'origurl'}; + my @names = ('role','symb','linkprot','linkkey'); + foreach my $item (@names) { + if ($sessiondata{$item} ne '') { + $form{$item} = $sessiondata{$item}; + } + } + if ($sessiondata{'origurl'} eq '/adm/email') { + if (($sessiondata{'display'}) && ($sessiondata{'mailrecip'})) { + if (&unescape($sessiondata{'mailrecip'}) eq "$form{'uname'}:$form{'udom'}") { + $form{'display'} = &unescape($sessiondata{'display'}); + $form{'mailrecip'} = &unescape($sessiondata{'mailrecip'}); + } + } + } + } + } + if ($form{'linkprot'}) { + my ($linkprotector,$uri) = split(/:/,$form{'linkprot'},2); + if ($linkprotector) { + $extra_env = {'user.linkprotector' => $linkprotector, + 'user.linkproturi' => $uri}; + } + } elsif ($form{'linkkey'} ne '') { + $extra_env = {'user.deeplinkkey' => $form{'linkkey'}, + 'user.keyedlinkuri' => $form{'firsturl'}}; + } + if ($form{'firsturl'} =~ m{^/tiny/$match_domain/\w+$}) { + &set_deeplink_login(%form); + if ($form{'linkprot'}) { + if (ref($extra_env) eq 'HASH') { + %{$extra_env} = ( %{$extra_env}, 'request.linkprot' => $form{'linkprot'} ); + } else { + $extra_env = {'request.linkprot' => $form{'linkprot'}}; + } + if ($form{'linkprotexit'}) { + $extra_env->{'request.linkprotexit'} = $form{'linkprotexit'}; + } + if ($form{'linkprotpbid'}) { + $extra_env->{'request.linkprotpbid'} = $form{'linkprotpbid'}; + } + if ($form{'linkprotpburl'}) { + $extra_env->{'request.linkprotpburl'} = $form{'linkprotpburl'}; + } + } elsif ($form{'linkkey'} ne '') { + if (ref($extra_env) eq 'HASH') { + %{$extra_env} = ( %{$extra_env}, 'request.linkkey' => $form{'linkkey'} ); + } else { + $extra_env = {'request.linkkey' => $form{'linkkey'}}; + } + } + if ($env{'request.deeplink.login'}) { + if (ref($extra_env) eq 'HASH') { + %{$extra_env} = ( %{$extra_env}, 'request.deeplink.login' => $form{'firsturl'} ); + } else { + $extra_env = {'request.deeplink.login' => $form{'firsturl'}}; + } + } + } + &success($r,$form{'uname'},$form{'udom'},$authhost,$firsturl,$extra_env, + \%form); + return OK; + } +} + +sub get_form_items { + my ($r) = @_; + my $buffer; + if ($r->header_in('Content-length') > 0) { + $r->read($buffer,$r->header_in('Content-length'),0); + } + my %form; + foreach my $pair (split(/&/,$buffer)) { + my ($name,$value) = split(/=/,$pair); + $value =~ tr/+/ /; + $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg; + $form{$name}=$value; + } + return %form; +} + +sub set_deeplink_login { + my (%form) = @_; + my $disallow; + if ($form{'firsturl'} =~ m{^/tiny/($match_domain)/\w+$}) { + my $cdom = $1; + my ($cnum,$symb) = &Apache::loncommon::symb_from_tinyurl($form{'firsturl'},'',$cdom); + if ($symb) { + if ($env{'request.course.id'} eq $cdom.'_'.$cnum) { + my $deeplink; + if ($symb =~ /\.(page|sequence)$/) { + my $mapname = &Apache::lonnet::deversion((&Apache::lonnet::decode_symb($symb))[2]); + my $navmap = Apache::lonnavmaps::navmap->new(); + if (ref($navmap)) { + $deeplink = $navmap->get_mapparam(undef,$mapname,'0.deeplink'); + } + } else { + $deeplink = &Apache::lonnet::EXT('resource.0.deeplink',$symb); + } + if ($deeplink ne '') { + my ($state,$others,$listed,$scope,$protect) = split(/,/,$deeplink); + if (($protect ne 'none') && ($protect ne '')) { + my ($acctype,$item) = split(/:/,$protect); + if ($acctype =~ /lti(c|d)$/) { + unless ($form{'linkprot'} eq $item.$1.':'.$env{'request.deeplink.login'}) { + $disallow = 1; + } + } elsif ($acctype eq 'key') { + unless ($form{'linkkey'} eq $item) { + $disallow = 1; + } + } + } + } + unless ($disallow) { + $env{'request.deeplink.login'} = $form{'firsturl'}; + } + } else { + $env{'request.deeplink.login'} = $form{'firsturl'}; + } + } + } + if ($disallow) { + return; + } + return 'ok'; +} + +sub set_retry_token { + my ($form,$lonhost,$querystr) = @_; + if (ref($form) eq 'HASH') { + my ($firsturl,$token,$extras,@names); + @names = ('role','symb','linkprotuser','linkprotexit','linkprot','linkkey','iptoken','linkprotpbid','linkprotpburl'); + foreach my $name (@names) { + if ($form->{$name} ne '') { + $extras .= '&'.$name.'='.&escape($form->{$name}); + last if ($name eq 'linkprot'); + } + } + my $firsturl = $form->{'firsturl'}; + if (($firsturl ne '') || ($extras ne '')) { + $extras .= ':retry'; + $token = &Apache::lonnet::reply('tmpput:'.&escape($firsturl). + $extras,$lonhost); + if (($token eq 'con_lost') || ($token eq 'no_such_host')) { + return 'fail'; + } else { + if (ref($querystr)) { + $$querystr = 'retry='.$token; + } + return 'ok'; + } + } + } + return; +} + +sub check_can_host { + my ($r,$form,$authhost,$domdesc) = @_; + return unless (ref($form) eq 'HASH'); + my $canhost = 1; + my $lonhost = $r->dir_config('lonHostID'); + my $udom = $form->{'udom'}; + my @intdoms; + my $internet_names = &Apache::lonnet::get_internet_names($lonhost); + if (ref($internet_names) eq 'ARRAY') { + @intdoms = @{$internet_names}; + } + my $uprimary_id = &Apache::lonnet::domain($udom,'primary'); + my $uint_dom = &Apache::lonnet::internet_dom($uprimary_id); + unless ($uint_dom ne '' && grep(/^\Q$uint_dom\E$/,@intdoms)) { + my $machine_dom = &Apache::lonnet::host_domain($lonhost); + my $hostname = &Apache::lonnet::hostname($lonhost); + my $serverhomeID = &Apache::lonnet::get_server_homeID($hostname); + my $serverhomedom = &Apache::lonnet::host_domain($serverhomeID); + my %defdomdefaults = &Apache::lonnet::get_domain_defaults($serverhomedom); + my %udomdefaults = &Apache::lonnet::get_domain_defaults($udom); + my $loncaparev; + if ($authhost eq 'no_account_on_host') { + $loncaparev = &Apache::lonnet::get_server_loncaparev($machine_dom); + } else { + $loncaparev = &Apache::lonnet::get_server_loncaparev($machine_dom,$lonhost); + } + $canhost = &Apache::lonnet::can_host_session($udom,$lonhost,$loncaparev, + $udomdefaults{'remotesessions'}, + $defdomdefaults{'hostedsessions'}); + } + unless ($canhost) { + if ($authhost eq 'no_account_on_host') { + my $checkloginvia = 1; + my ($login_host,$hostname) = + &Apache::lonnet::choose_server($udom,$checkloginvia); + &Apache::loncommon::content_type($r,'text/html'); + $r->send_http_header; + if ($login_host ne '') { + my $protocol = $Apache::lonnet::protocol{$login_host}; + $protocol = 'http' if ($protocol ne 'https'); + my $alias = &Apache::lonnet::use_proxy_alias($r,$login_host); + $hostname = $alias if ($alias ne ''); + my $newurl = $protocol.'://'.$hostname.'/adm/createaccount'; +#FIXME Should preserve where user was going and linkprot by setting ltoken at $login_host + $r->print(&Apache::loncommon::start_page('Create a user account in LON-CAPA'). + '

'.&mt('Account creation').'

'. + &mt('You do not currently have a LON-CAPA account at this institution.').'
'. + '

'.&mt('You will be able to create one by logging into a LON-CAPA server within the [_1] domain.',$domdesc).'

'. + '

'.&mt('[_1]Log in[_2]','',''). + &Apache::loncommon::end_page()); + } else { + $r->print(&Apache::loncommon::start_page('Access to LON-CAPA unavailable'). + '

'.&mt('Account creation unavailable').'

'. + &mt('You do not currently have a LON-CAPA account at this institution.').'
'. + '

'.&mt('Currently a LON-CAPA server is not available within the [_1] domain for you to log-in to, to create an account.',$domdesc).'

'. + &Apache::loncommon::end_page()); + } + } else { + &success($r,$form->{'uname'},$udom,$authhost,'noredirect',undef, + $form); + if ($form->{'firsturl'} =~ m{^/tiny/$match_domain/\w+$}) { + $env{'request.deeplink.login'} = $form->{'firsturl'}; + } elsif ($form->{'firsturl'} eq '/adm/email') { + if ($form->{'display'} && ($form->{'mailrecip'} eq $form->{'uname'}.':'.$form->{'udom'})) { + $env{'request.display'} = $form->{'mailrecip'}; + $env{'request.mailrecip'} = $form->{'mailrecip'}; + } + } + if ($form->{'linkprot'}) { + $env{'request.linkprot'} = $form->{'linkprot'}; + } elsif ($form->{'linkkey'} ne '') { + $env{'request.linkkey'} = $form->{'linkkey'}; + } + my ($otherserver) = &Apache::lonnet::choose_server($udom); + $r->internal_redirect('/adm/switchserver?otherserver='.$otherserver); + } + } + return $canhost; +} + +sub noswitch { + my $result = &Apache::loncommon::start_page('Access to LON-CAPA unavailable'). + '

'.&mt('Session unavailable').'

'. + &mt('This LON-CAPA server is unable to host your session.').'
'. + '

'.&mt('Currently no other LON-CAPA server is available to host your session either.').'

'. + &Apache::loncommon::end_page(); + return $result; +} + +sub loginhelpdisplay { + my ($authdomain) = @_; + my $login_help = 1; + my $lang = &Apache::lonlocal::current_language(); + if ($login_help) { + my $dom = $authdomain; + if ($dom eq '') { + $dom = &Apache::lonnet::default_login_domain(); + } + my %domconfhash = &Apache::loncommon::get_domainconf($dom); + my $loginhelp_url; + if ($lang) { + $loginhelp_url = $domconfhash{$dom.'.login.helpurl_'.$lang}; + if ($loginhelp_url ne '') { + return $loginhelp_url; + } + } + $loginhelp_url = $domconfhash{$dom.'.login.helpurl_nolang'}; + if ($loginhelp_url ne '') { + return $loginhelp_url; + } else { + return '/adm/loginproblems.html'; + } + } + return; +} + +sub alternate_unames_check { + my ($uname,$udom) = @_; + my %possunames; + my %domdefs = &Apache::lonnet::get_domain_defaults($udom); + if (ref($domdefs{'unamemap_rule'}) eq 'ARRAY') { + if (@{$domdefs{'unamemap_rule'}} > 0) { + %possunames = + &Apache::lonnet::inst_rulecheck($udom,$uname,undef, + 'unamemap',$domdefs{'unamemap_rule'}); + } + } + return %possunames; +} + +1; +__END__ + + 500 Internal Server Error

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at root@localhost to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.