--- loncom/auth/lonauth.pm	2014/12/05 12:03:20	1.136
+++ loncom/auth/lonauth.pm	2016/04/02 04:31:33	1.140
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # User Authentication Module
 #
-# $Id: lonauth.pm,v 1.136 2014/12/05 12:03:20 kruse Exp $
+# $Id: lonauth.pm,v 1.140 2016/04/02 04:31:33 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -29,7 +29,7 @@
 package Apache::lonauth;
 
 use strict;
-use LONCAPA;
+use LONCAPA qw(:DEFAULT :match);
 use Apache::Constants qw(:common);
 use CGI qw(:standard);
 use DynaLoader; # for Crypt::DES version
@@ -103,9 +103,7 @@ sub success {
         if ($destsymb =~ /___/) {
             # FIXME Need to deal with encrypted symbs and urls as needed.
             my ($map,$resid,$desturl)=split(/___/,$destsymb);
-            unless ($desturl=~/^(adm|editupload|public)/) {
-                $desturl = &Apache::lonnet::clutter($desturl);
-            }
+            $desturl = &Apache::lonnet::clutter($desturl);
             $desturl = &HTML::Entities::encode($desturl,'"<>&');
             $destsymb = &HTML::Entities::encode($destsymb,'"<>&');
             $destination .= 'destinationurl='.$desturl.
@@ -124,9 +122,30 @@ sub success {
     my $header = '<meta HTTP-EQUIV="Refresh" CONTENT="0; url='.$destination.'" />';
     my $brcrum = [{'href' => '',
                    'text' => 'Successful Login'},];
+    my $args = {'bread_crumbs' => $brcrum,};
+    unless ((defined($form->{role})) || (defined($form->{symb}))) {
+        my $update=$env{'user.update.time'};
+        if (!$update) {
+            $update = $env{'user.login.time'};
+        }
+        my %roles_in_env;
+        my $showcount = &Apache::lonroles::roles_from_env(\%roles_in_env,$update);
+        if ($showcount == 1) {
+            foreach my $rolecode (keys(%roles_in_env)) {
+                my ($cid) = ($rolecode =~ m{^\Quser.role.st./\E($match_domain/$match_courseid)(?:/|$)});
+                if ($cid) {
+                    my %coursedescription =
+                        &Apache::lonnet::coursedescription($cid,{'one_time' => '1'});
+                    if ($coursedescription{'type'} eq 'Placement') {
+                        $args->{'crstype'} = 'Placement';
+                    }
+                    last;
+                }
+            }
+        }
+    }
     my $start_page=&Apache::loncommon::start_page('Successful Login',
-                                                  $header,
-                                                  {'bread_crumbs' => $brcrum,});
+                                                  $header,$args);
     my $end_page  =&Apache::loncommon::end_page();
 
 	my $continuelink='<a href="'.$destination.'">'.&mt('Continue').'</a>';
@@ -309,12 +328,6 @@ sub handler {
     my $tmpinfo=Apache::lonnet::reply('tmpget:'.$form{'logtoken'},
                                       $form{'serverid'});
 
-    my %sessiondata;
-    if ($form{'iptoken'}) {
-        %sessiondata = &Apache::lonnet::tmpget($form{'iptoken'});
-        my $delete = &Apache::lonnet::tmpdel($form{'iptoken'});
-    }
-
     if (($tmpinfo=~/^error/) || ($tmpinfo eq 'con_lost') || 
         ($tmpinfo eq 'no_such_host')) {
 	&failed($r,'Information needed to verify your login information is missing, inaccessible or expired.',\%form);
@@ -334,22 +347,28 @@ sub handler {
         return OK;
     }
 
-    my ($key,$firsturl,$rolestr,$symbstr)=split(/&/,$tmpinfo);
+    my ($key,$firsturl,$rolestr,$symbstr,$iptokenstr)=split(/&/,$tmpinfo);
     if ($rolestr) {
         $rolestr = &unescape($rolestr);
     }
     if ($symbstr) {
         $symbstr= &unescape($symbstr);
     }
+    if ($iptokenstr) {
+        $iptokenstr = &unescape($iptokenstr);
+    }
     if ($rolestr =~ /^role=/) {
         (undef,$form{'role'}) = split('=',$rolestr);
     }
     if ($symbstr =~ /^symb=/) { 
         (undef,$form{'symb'}) = split('=',$symbstr);
     }
+    if ($iptokenstr =~ /^iptoken=/) {
+        (undef,$form{'iptoken'}) = split('=',$iptokenstr);
+    }
 
-    my $upass = $ENV{HTTPS} ? join("", @form{qw(upass0 upass1 upass2)}) 
-        : decrypt($key, @form{qw(upass0 upass1 upass2)});
+    my $upass = $ENV{HTTPS} ? $form{'upass0'} 
+        : &Apache::loncommon::des_decrypt($key,$form{'upass0'});
 
 # ---------------------------------------------------------------- Authenticate
 
@@ -412,6 +431,8 @@ sub handler {
 
     my $hosthere;
     if ($form{'iptoken'}) {
+        my %sessiondata = &Apache::lonnet::tmpget($form{'iptoken'});
+        my $delete = &Apache::lonnet::tmpdel($form{'iptoken'});
         if (($sessiondata{'domain'} eq $form{'udom'}) &&
             ($sessiondata{'username'} eq $form{'uname'})) {
             $hosthere = 1;
@@ -525,34 +546,6 @@ sub handler {
     }
 }
 
-sub decrypt {
-    my ($key, @chunks) = @_;
-
-    my $keybin = pack("H16",$key);
-
-    my $cipher;
-    if ($Crypt::DES::VERSION >= 2.03) {
-        $cipher = new Crypt::DES $keybin;
-    } else {
-        $cipher = new DES $keybin;
-    }
-
-    my $upass='';
-    for (my $i=0;$i<=2;$i++) {
-        my $chunk =
-            $cipher->decrypt(
-                unpack("a8",pack("H16",substr($chunks[$i],0,16))));
-
-        $chunk .=
-            $cipher->decrypt(
-                unpack("a8",pack("H16",substr($chunks[$i],16,16))));
-
-        $chunk = substr($chunk,1,ord(substr($chunk,0,1)));
-        $upass .= $chunk;
-    }
-    return $upass;
-}
-
 sub check_can_host {
     my ($r,$form,$authhost,$domdesc) = @_;
     return unless (ref($form) eq 'HASH');