--- loncom/auth/lonauth.pm 2013/08/21 16:15:44 1.126 +++ loncom/auth/lonauth.pm 2013/09/29 00:49:24 1.127 @@ -1,7 +1,7 @@ # The LearningOnline Network # User Authentication Module # -# $Id: lonauth.pm,v 1.126 2013/08/21 16:15:44 bisitz Exp $ +# $Id: lonauth.pm,v 1.127 2013/09/29 00:49:24 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -259,7 +259,7 @@ sub handler { $value =~ tr/+/ /; $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg; $form{$name}=$value; - } + } if ((!$form{'uname'}) || (!$form{'upass0'}) || (!$form{'udom'})) { &failed($r,'Username, password and domain need to be specified.', @@ -284,6 +284,12 @@ sub handler { my $tmpinfo=Apache::lonnet::reply('tmpget:'.$form{'logtoken'}, $form{'serverid'}); + my %sessiondata; + if ($form{'iptoken'}) { + %sessiondata = &Apache::lonnet::tmpget($form{'iptoken'}); + my $delete = &Apache::lonnet::tmpdel($form{'token'}); + } + if (($tmpinfo=~/^error/) || ($tmpinfo eq 'con_lost') || ($tmpinfo eq 'no_such_host')) { &failed($r,'Information needed to verify your login information is missing, inaccessible or expired.',\%form); @@ -396,6 +402,15 @@ sub handler { ($firsturl=~/^\/adm\/(logout|remote)/)) { $firsturl='/adm/roles'; } + + my $hosthere; + if ($form{'iptoken'}) { + if (($sessiondata{'domain'} eq $form{'udom'}) && + ($sessiondata{'username'} eq $form{'uname'})) { + $hosthere = 1; + } + } + # --------------------------------- Are we attempting to login as somebody else? if ($form{'suname'}) { # ------------ see if the original user has enough privileges to pull this stunt @@ -419,8 +434,12 @@ sub handler { } } - my ($is_balancer,$otherserver) = - &Apache::lonnet::check_loadbalancing($form{'uname'},$form{'udom'}); + my ($is_balancer,$otherserver); + + unless ($hosthere) { + ($is_balancer,$otherserver) = + &Apache::lonnet::check_loadbalancing($form{'uname'},$form{'udom'}); + } if ($is_balancer) { if (!$otherserver) {