--- loncom/auth/lonauth.pm 2013/08/28 14:12:56 1.121.2.5 +++ loncom/auth/lonauth.pm 2013/09/29 19:31:03 1.121.2.6 @@ -1,7 +1,7 @@ # The LearningOnline Network # User Authentication Module # -# $Id: lonauth.pm,v 1.121.2.5 2013/08/28 14:12:56 raeburn Exp $ +# $Id: lonauth.pm,v 1.121.2.6 2013/09/29 19:31:03 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -269,7 +269,7 @@ sub handler { $value =~ tr/+/ /; $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg; $form{$name}=$value; - } + } if ((!$form{'uname'}) || (!$form{'upass0'}) || (!$form{'udom'})) { &failed($r,'Username, password and domain need to be specified.', @@ -293,6 +293,11 @@ sub handler { my $tmpinfo=Apache::lonnet::reply('tmpget:'.$form{'logtoken'}, $form{'serverid'}); + my %sessiondata; + if ($form{'iptoken'}) { + %sessiondata = &Apache::lonnet::tmpget($form{'iptoken'}); + my $delete = &Apache::lonnet::tmpdel($form{'token'}); + } if (($tmpinfo=~/^error/) || ($tmpinfo eq 'con_lost') || ($tmpinfo eq 'no_such_host')) { @@ -407,6 +412,15 @@ sub handler { ($firsturl=~/^\/adm\/(logout|remote)/)) { $firsturl='/adm/roles'; } + + my $hosthere; + if ($form{'iptoken'}) { + if (($sessiondata{'domain'} eq $form{'udom'}) && + ($sessiondata{'username'} eq $form{'uname'})) { + $hosthere = 1; + } + } + # --------------------------------- Are we attempting to login as somebody else? if ($form{'suname'}) { # ------------ see if the original user has enough privileges to pull this stunt @@ -430,8 +444,12 @@ sub handler { } } - my ($is_balancer,$otherserver) = - &Apache::lonnet::check_loadbalancing($form{'uname'},$form{'udom'}); + my ($is_balancer,$otherserver); + + unless ($hosthere) { + ($is_balancer,$otherserver) = + &Apache::lonnet::check_loadbalancing($form{'uname'},$form{'udom'}); + } if ($is_balancer) { if (!$otherserver) {