--- loncom/auth/lonauth.pm	2013/11/26 01:19:12	1.128
+++ loncom/auth/lonauth.pm	2014/04/30 21:51:30	1.134
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # User Authentication Module
 #
-# $Id: lonauth.pm,v 1.128 2013/11/26 01:19:12 raeburn Exp $
+# $Id: lonauth.pm,v 1.134 2014/04/30 21:51:30 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -108,11 +108,11 @@ sub success {
             }
             $desturl = &HTML::Entities::encode($desturl,'"<>&');
             $destsymb = &HTML::Entities::encode($destsymb,'"<>&');
-            $destination .= '&destinationurl='.$desturl.
+            $destination .= 'destinationurl='.$desturl.
                             '&destsymb='.$destsymb;
         } else {
             $destsymb = &HTML::Entities::encode($destsymb,'"<>&');
-            $destination .= '&destinationurl='.$destsymb;
+            $destination .= 'destinationurl='.$destsymb;
         }
     }
     if ($destination =~ m{^/adm/roles}) {
@@ -155,6 +155,7 @@ $loginhelp
 $continuelink
 $end_page
 ENDSUCCESS
+    return;
 }
 
 # --------------------------------------------------------------- Failed login!
@@ -169,36 +170,46 @@ sub failed {
     }
 
     my $start_page = &Apache::loncommon::start_page('Unsuccessful Login',undef,$args);
-    my $uname = $form->{'uname'};
-    my $udom;
-    if (&Apache::lonnet::domain($form->{'udom'},'description') ne '') {
-        $udom = $form->{'udom'};
-    }  
-    my $retry = '/adm/login?username='.$form->{'uname'};
+    my $uname = &Apache::loncommon::cleanup_html($form->{'uname'});
+    my $udom = &Apache::loncommon::cleanup_html($form->{'udom'});
+    if (&Apache::lonnet::domain($udom,'description') eq '') {
+        undef($udom);
+    }
+    my $retry = '/adm/login';
+    if ($uname eq $form->{'uname'}) {
+        $retry .= '?username='.$uname;
+    }
     if ($udom) {
-        $retry .= '&amp;domain='.$form->{'udom'}
+        $retry .= (($retry=~/\?/)?'&amp;':'?').'domain='.$udom;
     }
     if (exists($form->{role})) {
-        $retry .= '&amp;role='.$form->{role};
+        my $role = &Apache::loncommon::cleanup_html($form->{role});
+        if ($role ne '') {
+            $retry .= (($retry=~/\?/)?'&amp;':'?').'role='.$role;
+        }
     }
     if (exists($form->{symb})) {
-        $retry .= '&amp;symb='.$form->{symb};
+        my $symb = &Apache::loncommon::cleanup_html($form->{symb});
+        if ($symb ne '') {
+            $retry .= (($retry=~/\?/)?'&amp;':'?').'symb='.$symb;
+        }
     }
-    my $end_page   = &Apache::loncommon::end_page();
+    my $end_page = &Apache::loncommon::end_page();
     &Apache::loncommon::content_type($r,'text/html');
     $r->send_http_header;
+    my @actions =
+         (&mt('Please [_1]log in again[_2].','<a href="'.$retry.'">','</a>'));
     my $loginhelp = &loginhelpdisplay($udom);
     if ($loginhelp) {
-        $loginhelp = '<p><a href="'.$loginhelp.'">'.&mt('Login problems?').'</a></p>';
+        push(@actions, '<a href="'.$loginhelp.'">'.&mt('Login problems?').'</a>');
     }
+    #FIXME: link to helpdesk might be added here
 
     $r->print(
        $start_page
-      .'<h1>'.&mt('Sorry ...').'</h1>'
-      .'<p class="LC_warning">'.&mt($message).'</p>'
-      .'<p>'.&mt('Please [_1]log in again[_2].','<a href="'.$retry.'">','</a>')
-      .'</p>'
-      .$loginhelp
+      .'<h2>'.&mt('Sorry ...').'</h2>'
+      .&Apache::lonhtmlcommon::confirm_success(&mt($message),1).'<br /><br />'
+      .&Apache::lonhtmlcommon::actionbox(\@actions)
       .$end_page
     );
  }
@@ -301,7 +312,7 @@ sub handler {
     my %sessiondata;
     if ($form{'iptoken'}) {
         %sessiondata = &Apache::lonnet::tmpget($form{'iptoken'});
-        my $delete = &Apache::lonnet::tmpdel($form{'token'});
+        my $delete = &Apache::lonnet::tmpdel($form{'iptoken'});
     }
 
     if (($tmpinfo=~/^error/) || ($tmpinfo eq 'con_lost') || 
@@ -462,7 +473,17 @@ sub handler {
         if ($otherserver) {
             &success($r,$form{'uname'},$form{'udom'},$authhost,'noredirect',undef,
                      \%form);
-	    $r->internal_redirect('/adm/switchserver?otherserver='.$otherserver.'&origurl='.$firsturl);
+            my $switchto = '/adm/switchserver?otherserver='.$otherserver;
+            if (($firsturl) && ($firsturl ne '/adm/switchserver') && ($firsturl ne '/adm/roles')) {
+                $switchto .= '&origurl='.$firsturl;
+            }
+            if ($form{'role'}) {
+                $switchto .= '&role='.$form{'role'};
+            }
+            if ($form{'symb'}) {
+                $switchto .= '&symb='.$form{'symb'};
+            }
+            $r->internal_redirect($switchto);
         } else {
             $r->print(&noswitch());
         }
@@ -473,7 +494,17 @@ sub handler {
             if ($otherserver) {
                 &success($r,$form{'uname'},$form{'udom'},$authhost,'noredirect',undef,
                          \%form);
-                $r->internal_redirect('/adm/switchserver?otherserver='.$otherserver.'&origurl='.$firsturl);
+                my $switchto = '/adm/switchserver?otherserver='.$otherserver;
+                if (($firsturl) && ($firsturl ne '/adm/switchserver') && ($firsturl ne '/adm/roles')) {
+                    $switchto .= '&origurl='.$firsturl;
+                }
+                if ($form{'role'}) {
+                    $switchto .= '&role='.$form{'role'};
+                }
+                if ($form{'symb'}) {
+                    $switchto .= '&symb='.$form{'symb'};
+                }
+                $r->internal_redirect($switchto);
             } else {
                 $r->print(&noswitch());
             }