--- loncom/auth/lonauth.pm	2011/10/10 21:02:55	1.101.8.9
+++ loncom/auth/lonauth.pm	2014/05/04 15:16:10	1.121.2.11
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # User Authentication Module
 #
-# $Id: lonauth.pm,v 1.101.8.9 2011/10/10 21:02:55 raeburn Exp $
+# $Id: lonauth.pm,v 1.121.2.11 2014/05/04 15:16:10 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -82,9 +82,13 @@ sub success {
         my $now=time;
         my $then=$env{'user.login.time'};
         my $refresh=$env{'user.refresh.time'};
+        my $update=$env{'user.update.time'};
+        if (!$update) {
+            $update = $then;
+        }
         if (exists($env{$envkey})) {
             my ($role,$where,$trolecode,$tstart,$tend,$tremark,$tstatus);
-            &Apache::lonnet::role_status($envkey,$then,$refresh,$now,\$role,\$where,
+            &Apache::lonnet::role_status($envkey,$update,$refresh,$now,\$role,\$where,
                                          \$trolecode,\$tstatus,\$tstart,\$tend);
             if ($tstatus eq 'is') {
                 $destination  .= ($destination =~ /\?/) ? '&' : '?';
@@ -99,18 +103,22 @@ sub success {
         if ($destsymb =~ /___/) {
             # FIXME Need to deal with encrypted symbs and urls as needed.
             my ($map,$resid,$desturl)=split(/___/,$destsymb);
-            unless ($desturl=~/^(adm|uploaded|editupload|public)/) {
+            unless ($desturl=~/^(adm|editupload|public)/) {
                 $desturl = &Apache::lonnet::clutter($desturl);
             }
             $desturl = &HTML::Entities::encode($desturl,'"<>&');
             $destsymb = &HTML::Entities::encode($destsymb,'"<>&');
-            $destination .= '&destinationurl='.$desturl.
+            $destination .= 'destinationurl='.$desturl.
                             '&destsymb='.$destsymb;
         } else {
             $destsymb = &HTML::Entities::encode($destsymb,'"<>&');
-            $destination .= '&destinationurl='.$destsymb;
+            $destination .= 'destinationurl='.$destsymb;
         }
     }
+    if ($destination =~ m{^/adm/roles}) {
+        $destination  .= ($destination =~ /\?/) ? '&' : '?';
+        $destination .= 'source=login';
+    }
 
     my $windowinfo=&Apache::lonmenu::open($env{'browser.os'});
     my $startupremote=&Apache::lonmenu::startupremote($destination);
@@ -138,47 +146,80 @@ sub success {
     my %lt=&Apache::lonlocal::texthash(
 				       'wel' => 'Welcome',
 				       'pro' => 'Login problems?',
-				       'log' => 'loginproblems.html',
 				       );
-    my $welcome = &mt('Welcome to the Learning[_1]Online[_2] Network with CAPA. Please wait while your session is being set up.','<i>','</i>');
+    my $loginhelp = &loginhelpdisplay($domain);
+    if ($loginhelp) {
+        $loginhelp = '<p><a href="'.$loginhelp.'">'.$lt{'pro'}.'</a></p>';
+    }
+
+    my $welcome = &mt('Welcome to the Learning[_1]Online[_2] Network with CAPA. Please wait while your session is being set up.','<i>','</i>'); 
     $r->print(<<ENDSUCCESS);
 $start_page
 $setflags
 $windowinfo
 <h1>$lt{'wel'}</h1>
-$welcome<p>
-<a href="/adm/$lt{'log'}">$lt{'pro'}</a></p>
+$welcome
+$loginhelp
 $remoteinfo
 $maincall
 $continuelink
 $end_page
 ENDSUCCESS
+    return;
 }
 
 # --------------------------------------------------------------- Failed login!
 
 sub failed {
     my ($r,$message,$form) = @_;
-    my $start_page = &Apache::loncommon::start_page('Unsuccessful Login',undef,
-						    {'no_inline_link' => 1,});
-    my $retry = '/adm/login?username='.$form->{'uname'}.
-                '&domain='.$form->{'udom'};
+    (undef,undef,undef,my $clientmathml,my $clientunicode) =
+        &Apache::loncommon::decode_user_agent();
+    my $args = {};
+    if ($clientunicode && !$clientmathml) {
+        $args = {'browser.unicode' => 1};
+    }
+
+    my $start_page = &Apache::loncommon::start_page('Unsuccessful Login',undef,$args);
+    my $uname = &Apache::loncommon::cleanup_html($form->{'uname'});
+    my $udom = &Apache::loncommon::cleanup_html($form->{'udom'});
+    if (&Apache::lonnet::domain($udom,'description') eq '') {
+        undef($udom);
+    }
+    my $retry = '/adm/login';
+    if ($uname eq $form->{'uname'}) {
+        $retry .= '?username='.$uname;
+    }
+    if ($udom) {
+        $retry .= (($retry=~/\?/)?'&amp;':'?').'domain='.$udom;
+    }
     if (exists($form->{role})) {
-        $retry .= '&role='.$form->{role};
+        my $role = &Apache::loncommon::cleanup_html($form->{role});
+        if ($role ne '') {
+            $retry .= (($retry=~/\?/)?'&amp;':'?').'role='.$role;
+        }
     }
     if (exists($form->{symb})) {
-        $retry .= '&symb='.$form->{symb};
+        my $symb = &Apache::loncommon::cleanup_html($form->{symb});
+        if ($symb ne '') {
+            $retry .= (($retry=~/\?/)?'&amp;':'?').'symb='.$symb;
+        }
     }
-    my $end_page   = &Apache::loncommon::end_page();
+    my $end_page = &Apache::loncommon::end_page();
     &Apache::loncommon::content_type($r,'text/html');
     $r->send_http_header;
+    my @actions =
+         (&mt('Please [_1]log in again[_2].','<a href="'.$retry.'">','</a>'));
+    my $loginhelp = &loginhelpdisplay($udom);
+    if ($loginhelp) {
+        push(@actions, '<a href="'.$loginhelp.'">'.&mt('Login problems?').'</a>');
+    }
+    #FIXME: link to helpdesk might be added here
+
     $r->print(
        $start_page
-      .'<h1>'.&mt('Sorry ...').'</h1>'
-      .'<p class="LC_warning">'.&mt($message).'</p>'
-      .'<p>'.&mt('Please [_1]log in again[_2].','<a href="'.$retry.'">','</a>')
-      .'</p>'
-      .'<p><a href="/adm/loginproblems.html">'.&mt('Login problems?').'</a></p>'
+      .'<h2>'.&mt('Sorry ...').'</h2>'
+      .&Apache::lonhtmlcommon::confirm_success(&mt($message),1).'<br /><br />'
+      .&Apache::lonhtmlcommon::actionbox(\@actions)
       .$end_page
     );
  }
@@ -189,18 +230,19 @@ sub reroute {
     my ($r) = @_;
     &Apache::loncommon::content_type($r,'text/html');
     $r->send_http_header;
-    my $msg='<h1>'.&mt('Sorry ...').'</h1>'
+    my $msg='<b>'.&mt('Sorry ...').'</b><br />'
            .&mt('Please [_1]log in again[_2].');
-    &Apache::loncommon::simple_error_page($r,'Rerouting',$msg);
+    &Apache::loncommon::simple_error_page($r,'Rerouting',$msg,{'no_auto_mt_msg' => 1});
 }
 
 # ---------------------------------------------------------------- Main handler
 
 sub handler {
     my $r = shift;
+    my $londocroot = $r->dir_config('lonDocRoot');
     my $form;
 # Are we re-routing?
-    if (-e '/home/httpd/html/lon-status/reroute.txt') {
+    if (-e "$londocroot/lon-status/reroute.txt") {
 	&reroute($r);
 	return OK;
     }
@@ -217,19 +259,19 @@ sub handler {
         } else {
 # Indeed, a valid token is found
             &Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle);
-            &Apache::loncommon::content_type($r,'text/html');
-            $r->send_http_header;
-            my $start_page =
-                &Apache::loncommon::start_page('Already logged in');
-            my $end_page =
-                &Apache::loncommon::end_page();
+	    &Apache::loncommon::content_type($r,'text/html');
+	    $r->send_http_header;
+	    my $start_page = 
+	        &Apache::loncommon::start_page('Already logged in');
+	    my $end_page = 
+	        &Apache::loncommon::end_page();
             my $dest = '/adm/roles';
             if ($env{'form.firsturl'} ne '') {
                 $dest = $env{'form.firsturl'};
             }
             $r->print(
                $start_page
-              .'<h1>'.&mt('You are already logged in!').'</h1>'
+              .'<p class="LC_warning">'.&mt('You are already logged in!').'</p>'
               .'<p>'.&mt('Please either [_1]continue the current session[_2] or [_3]log out[_4].'
                     ,'<a href="'.$dest.'">','</a>','<a href="/adm/logout">','</a>')
               .'</p>'
@@ -252,7 +294,7 @@ sub handler {
        $value =~ tr/+/ /;
        $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
        $form{$name}=$value;
-    } 
+    }
 
     if ((!$form{'uname'}) || (!$form{'upass0'}) || (!$form{'udom'})) {
 	&failed($r,'Username, password and domain need to be specified.',
@@ -277,8 +319,14 @@ sub handler {
     my $tmpinfo=Apache::lonnet::reply('tmpget:'.$form{'logtoken'},
                                       $form{'serverid'});
 
-    if (($tmpinfo=~/^error/) || ($tmpinfo eq 'con_lost') ||
-       ($tmpinfo eq 'no_such_host')) {
+    my %sessiondata;
+    if ($form{'iptoken'}) {
+        %sessiondata = &Apache::lonnet::tmpget($form{'iptoken'});
+        my $delete = &Apache::lonnet::tmpdel($form{'iptoken'});
+    }
+
+    if (($tmpinfo=~/^error/) || ($tmpinfo eq 'con_lost') || 
+        ($tmpinfo eq 'no_such_host')) {
 	&failed($r,'Information needed to verify your login information is missing, inaccessible or expired.',\%form);
         return OK;
     } else {
@@ -368,7 +416,7 @@ sub handler {
                 &Apache::loncommon::build_recipient_list(undef,'helpdeskmail',
                                                         $form{'udom'},$origmail);
             my ($contact_email) = split(',',$contacts); 
-            my $output =
+            my $output = 
                 &Apache::createaccount::username_check($form{'uname'},$form{'udom'},
                                                        $domdesc,'',$lonhost,
                                                        $contact_email,$contact_name,
@@ -390,6 +438,15 @@ sub handler {
 	($firsturl=~/^\/adm\/(logout|remote)/)) {
 	$firsturl='/adm/roles';
     }
+
+    my $hosthere;
+    if ($form{'iptoken'}) {
+        if (($sessiondata{'domain'} eq $form{'udom'}) &&
+            ($sessiondata{'username'} eq $form{'uname'})) {
+            $hosthere = 1;
+        }
+    }
+
 # --------------------------------- Are we attempting to login as somebody else?
     if ($form{'suname'}) {
 # ------------ see if the original user has enough privileges to pull this stunt
@@ -413,15 +470,31 @@ sub handler {
 	}
     }
 
-    if ($r->dir_config("lonBalancer") eq 'yes') {
-        my $otherserver = &Apache::lonnet::spareserver(30000,undef,1,$form{'udom'});
-        if (!$otherserver) {
+    my ($is_balancer,$otherserver);
+
+    unless ($hosthere) {
+        ($is_balancer,$otherserver) =
+            &Apache::lonnet::check_loadbalancing($form{'uname'},$form{'udom'});
+    }
+
+    if ($is_balancer) {
+        if (!$otherserver) { 
             ($otherserver) = &Apache::lonnet::choose_server($form{'udom'});
         }
         if ($otherserver) {
             &success($r,$form{'uname'},$form{'udom'},$authhost,'noredirect',undef,
                      \%form);
-            $r->internal_redirect('/adm/switchserver?otherserver='.$otherserver.'&origurl='.$firsturl);
+            my $switchto = '/adm/switchserver?otherserver='.$otherserver;
+            if (($firsturl) && ($firsturl ne '/adm/switchserver') && ($firsturl ne '/adm/roles')) {
+                $switchto .= '&origurl='.$firsturl;
+            }
+            if ($form{'role'}) {
+                $switchto .= '&role='.$form{'role'};
+            }
+            if ($form{'symb'}) {
+                $switchto .= '&symb='.$form{'symb'};
+            }
+            $r->internal_redirect($switchto);
         } else {
             $r->print(&noswitch());
         }
@@ -432,12 +505,23 @@ sub handler {
             if ($otherserver) {
                 &success($r,$form{'uname'},$form{'udom'},$authhost,'noredirect',undef,
                          \%form);
-                $r->internal_redirect('/adm/switchserver?otherserver='.$otherserver.'&origurl='.$firsturl);
+                my $switchto = '/adm/switchserver?otherserver='.$otherserver;
+                if (($firsturl) && ($firsturl ne '/adm/switchserver') && ($firsturl ne '/adm/roles')) {
+                    $switchto .= '&origurl='.$firsturl;
+                }
+                if ($form{'role'}) {
+                    $switchto .= '&role='.$form{'role'};
+                }
+                if ($form{'symb'}) {
+                    $switchto .= '&symb='.$form{'symb'};
+                }
+                $r->internal_redirect($switchto);
             } else {
                 $r->print(&noswitch());
             }
             return OK;
         }
+
 # ------------------------------------------------------- Do the load balancing
 
 # ---------------------------------------------------------- Determine own load
@@ -503,7 +587,7 @@ sub check_can_host {
     unless ($canhost) {
         if ($authhost eq 'no_account_on_host') {
             my $checkloginvia = 1;
-            my ($login_host,$hostname) =
+            my ($login_host,$hostname) = 
                 &Apache::lonnet::choose_server($udom,$checkloginvia);
             &Apache::loncommon::content_type($r,'text/html');
             $r->send_http_header;
@@ -543,6 +627,33 @@ sub noswitch {
     return $result;
 }
 
+sub loginhelpdisplay {
+    my ($authdomain) = @_;
+    my $login_help = 1;
+    my $lang = &Apache::lonlocal::current_language();
+    if ($login_help) {
+        my $dom = $authdomain;
+        if ($dom eq '') {
+            $dom = &Apache::lonnet::default_login_domain();
+        }
+        my %domconfhash = &Apache::loncommon::get_domainconf($dom);
+        my $loginhelp_url;
+        if ($lang) {
+            $loginhelp_url = $domconfhash{$dom.'.login.helpurl_'.$lang};
+            if ($loginhelp_url ne '') {
+                return $loginhelp_url;
+            }
+        }
+        $loginhelp_url = $domconfhash{$dom.'.login.helpurl_nolang'};
+        if ($loginhelp_url ne '') {
+            return $loginhelp_url;
+        } else {
+            return '/adm/loginproblems.html';
+        }
+    }
+    return;
+}
+
 1;
 __END__