--- loncom/auth/lonauth.pm 2015/01/26 22:11:52 1.137 +++ loncom/auth/lonauth.pm 2015/03/06 21:56:41 1.138 @@ -1,7 +1,7 @@ # The LearningOnline Network # User Authentication Module # -# $Id: lonauth.pm,v 1.137 2015/01/26 22:11:52 raeburn Exp $ +# $Id: lonauth.pm,v 1.138 2015/03/06 21:56:41 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -307,12 +307,6 @@ sub handler { my $tmpinfo=Apache::lonnet::reply('tmpget:'.$form{'logtoken'}, $form{'serverid'}); - my %sessiondata; - if ($form{'iptoken'}) { - %sessiondata = &Apache::lonnet::tmpget($form{'iptoken'}); - my $delete = &Apache::lonnet::tmpdel($form{'iptoken'}); - } - if (($tmpinfo=~/^error/) || ($tmpinfo eq 'con_lost') || ($tmpinfo eq 'no_such_host')) { &failed($r,'Information needed to verify your login information is missing, inaccessible or expired.',\%form); @@ -332,19 +326,25 @@ sub handler { return OK; } - my ($key,$firsturl,$rolestr,$symbstr)=split(/&/,$tmpinfo); + my ($key,$firsturl,$rolestr,$symbstr,$iptokenstr)=split(/&/,$tmpinfo); if ($rolestr) { $rolestr = &unescape($rolestr); } if ($symbstr) { $symbstr= &unescape($symbstr); } + if ($iptokenstr) { + $iptokenstr = &unescape($iptokenstr); + } if ($rolestr =~ /^role=/) { (undef,$form{'role'}) = split('=',$rolestr); } if ($symbstr =~ /^symb=/) { (undef,$form{'symb'}) = split('=',$symbstr); } + if ($iptokenstr =~ /^iptoken=/) { + (undef,$form{'iptoken'}) = split('=',$iptokenstr); + } my $upass = $ENV{HTTPS} ? join("", @form{qw(upass0 upass1 upass2)}) : decrypt($key, @form{qw(upass0 upass1 upass2)}); @@ -410,6 +410,8 @@ sub handler { my $hosthere; if ($form{'iptoken'}) { + my %sessiondata = &Apache::lonnet::tmpget($form{'iptoken'}); + my $delete = &Apache::lonnet::tmpdel($form{'iptoken'}); if (($sessiondata{'domain'} eq $form{'udom'}) && ($sessiondata{'username'} eq $form{'uname'})) { $hosthere = 1;