--- loncom/auth/lonlogin.pm	2012/04/18 18:57:34	1.151
+++ loncom/auth/lonlogin.pm	2021/01/04 03:49:10	1.158.2.12
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Login Screen
 #
-# $Id: lonlogin.pm,v 1.151 2012/04/18 18:57:34 raeburn Exp $
+# $Id: lonlogin.pm,v 1.158.2.12 2021/01/04 03:49:10 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -37,7 +37,8 @@ use Apache::lonauth();
 use Apache::lonlocal;
 use Apache::migrateuser();
 use lib '/home/httpd/lib/perl/';
-use LONCAPA;
+use LONCAPA qw(:DEFAULT :match);
+use CGI::Cookie();
  
 sub handler {
     my $r = shift;
@@ -46,7 +47,7 @@ sub handler {
 	(join('&',$ENV{'QUERY_STRING'},$env{'request.querystring'},
 	      $ENV{'REDIRECT_QUERY_STRING'}),
 	 ['interface','username','domain','firsturl','localpath','localres',
-	  'token','role','symb']);
+	  'token','role','symb','iptoken','btoken']);
     if (!defined($env{'form.firsturl'})) {
         &Apache::lonacc::get_posted_cgi($r,['firsturl']);
     }
@@ -56,9 +57,39 @@ sub handler {
 	return &Apache::migrateuser::handler($r);
     }
 
+# For "public user" - remove any exising "public" cookie, as user really wants to log-in
+    my ($handle,$lonidsdir,$expirepub,$userdom);
+    $lonidsdir=$r->dir_config('lonIDsDir');
+    unless ($r->header_only) {
+        $handle = &Apache::lonnet::check_for_valid_session($r,'lonID',undef,\$userdom);
+        if ($handle ne '') {
+            if ($handle=~/^publicuser\_/) {
+                unlink($r->dir_config('lonIDsDir')."/$handle.id");
+                undef($handle);
+                undef($userdom);
+                $expirepub = 1;
+            }
+        }
+    }
+
     &Apache::loncommon::no_cache($r);
     &Apache::lonlocal::get_language_handle($r);
     &Apache::loncommon::content_type($r,'text/html');
+    if ($expirepub) {
+        my $c = new CGI::Cookie(-name    => 'lonPubID',
+                                -value   => '',
+                                -expires => '-10y',);
+        $r->header_out('Set-cookie' => $c);
+    } elsif (($handle eq '') && ($userdom ne '')) {
+        my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
+        foreach my $name (keys(%cookies)) {
+            next unless ($name =~ /^lon(|S|Link|Pub)ID$/);
+            my $c = new CGI::Cookie(-name    => $name,
+                                    -value   => '',
+                                    -expires => '-10y',);
+            $r->headers_out->add('Set-cookie' => $c);
+        }
+    }
     $r->send_http_header;
     return OK if $r->header_only;
 
@@ -70,66 +101,137 @@ sub handler {
 	return OK;
     }
 
+    my $lonhost = $r->dir_config('lonHostID');
     $env{'form.firsturl'} =~ s/(`)/'/g;
 
-# -------------------------------- Prevent users from attempting to login twice
-    my $handle = &Apache::lonnet::check_for_valid_session($r);
-    if ($handle ne '') {
-        my $lonidsdir=$r->dir_config('lonIDsDir');
-        if ($handle=~/^publicuser\_/) {
-# For "public user" - remove it, we apparently really want to login
-	    unlink($r->dir_config('lonIDsDir')."/$handle.id");
-        } else {
-# Indeed, a valid token is found
-            &Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle);
-	    my $start_page = 
-	        &Apache::loncommon::start_page('Already logged in');
-	    my $end_page = 
-	        &Apache::loncommon::end_page();
+# Check if browser sent a LON-CAPA load balancer cookie (and this is a balancer)
+
+    my ($found_server,$balancer_cookie) = &Apache::lonnet::check_for_balancer_cookie($r,1);
+    if ($found_server) {
+        my $hostname = &Apache::lonnet::hostname($found_server);
+        if ($hostname ne '') {
+            my $protocol = $Apache::lonnet::protocol{$found_server};
+            $protocol = 'http' if ($protocol ne 'https');
             my $dest = '/adm/roles';
             if ($env{'form.firsturl'} ne '') {
-                $dest = $env{'form.firsturl'}; 
+                $dest = $env{'form.firsturl'};
+            }
+            my %info = (
+                         balcookie => $lonhost.':'.$balancer_cookie,
+                       );
+            my $balancer_token = &Apache::lonnet::tmpput(\%info,$found_server);
+            if ($balancer_token) {
+                $dest .=  (($dest=~/\?/)?'&;':'?') . 'btoken='.$balancer_token;
             }
-	    $r->print(
-                  $start_page
-                 .'<p class="LC_warning">'.&mt('You are already logged in!').'</p>'
-                 .'<p>'.&mt('Please either [_1]continue the current session[_2] or [_3]log out[_4].',
-                  '<a href="'.$dest.'">','</a>','<a href="/adm/logout">','</a>').'</p>'
-                 .$end_page
-                 );
+            my $url = $protocol.'://'.$hostname.$dest;
+            my $start_page =
+                &Apache::loncommon::start_page('Switching Server ...',undef,
+                                               {'redirect'       => [0,$url],});
+            my $end_page   = &Apache::loncommon::end_page();
+            $r->print($start_page.$end_page);
             return OK;
         }
     }
 
+#
+# Check if a LON-CAPA load balancer sent user here because user's browser sent
+# it a balancer cookie for an active session on this server.
+#
+
+    my $balcookie;
+    if ($env{'form.btoken'}) {
+        my %info = &Apache::lonnet::tmpget($env{'form.btoken'});
+        $balcookie = $info{'balcookie'};
+        &Apache::lonnet::tmpdel($env{'form.btoken'});
+        delete($env{'form.btoken'});
+    }
+
+#
+# If browser sent an old cookie for which the session file had been removed
+# check if configuration for user's domain has a portal URL set.  If so
+# switch user's log-in to the portal.
+#
+
+    if (($handle eq '') && ($userdom ne '')) {
+        my %domdefaults = &Apache::lonnet::get_domain_defaults($userdom);
+        if ($domdefaults{'portal_def'} =~ /^https?\:/) {
+            my $start_page = &Apache::loncommon::start_page('Switching Server ...',undef,
+                                          {'redirect' => [0,$domdefaults{'portal_def'}],});
+            my $end_page   = &Apache::loncommon::end_page();
+            $r->print($start_page.$end_page);
+            return OK;
+        }
+    }
+
+    $env{'form.firsturl'} =~ s/(`)/'/g;
+
+# -------------------------------- Prevent users from attempting to login twice
+    if ($handle ne '') {
+        &Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle);
+	my $start_page = 
+	    &Apache::loncommon::start_page('Already logged in');
+	my $end_page = 
+	    &Apache::loncommon::end_page();
+        my $dest = '/adm/roles';
+        if ($env{'form.firsturl'} ne '') {
+            $dest = $env{'form.firsturl'}; 
+        }
+	$r->print(
+              $start_page
+             .'<p class="LC_warning">'.&mt('You are already logged in!').'</p>'
+             .'<p>'.&mt('Please either [_1]continue the current session[_2] or [_3]log out[_4].',
+              '<a href="'.$dest.'">','</a>','<a href="/adm/logout">','</a>').'</p>'
+             .$end_page
+             );
+        return OK;
+    }
+
 # ---------------------------------------------------- No valid token, continue
 
- # ---------------------------- Not possible to really login to domain "public"
+# ---------------------------- Not possible to really login to domain "public"
     if ($env{'form.domain'} eq 'public') {
 	$env{'form.domain'}='';
 	$env{'form.username'}='';
     }
+
+# ------ Is this page requested because /adm/migrateuser detected an IP change?
+    my %sessiondata;
+    if ($env{'form.iptoken'}) {
+        %sessiondata = &Apache::lonnet::tmpget($env{'form.iptoken'});
+        unless ($sessiondata{'sessionserver'}) {
+            my $delete = &Apache::lonnet::tmpdel($env{'form.iptoken'});
+            delete($env{'form.iptoken'});
+        }
+    }
 # ----------------------------------------------------------- Process Interface
     $env{'form.interface'}=~s/\W//g;
 
-    my $httpbrowser=$ENV{"HTTP_USER_AGENT"};
+    (undef,undef,undef,undef,undef,undef,my $clientmobile) =
+        &Apache::loncommon::decode_user_agent();
 
     my $iconpath= 
 	&Apache::loncommon::lonhttpdurl($r->dir_config('lonIconsURL'));
 
-    my $lonhost = $r->dir_config('lonHostID');
     my $domain = &Apache::lonnet::default_login_domain();
+    my $defdom = $domain;
     if ($lonhost ne '') {
-        my $redirect = &check_loginvia($domain,$lonhost);
-        if ($redirect) {
-            $r->print($redirect);
-            return OK;
-        } 
+        unless ($sessiondata{'sessionserver'}) {
+            my $redirect = &check_loginvia($domain,$lonhost,$lonidsdir,$balcookie);
+            if ($redirect) {
+                $r->print($redirect);
+                return OK;
+            }
+        }
     }
 
-    if (($env{'form.domain'}) && 
+    if (($sessiondata{'domain'}) &&
+        (&Apache::lonnet::domain($sessiondata{'domain'},'description'))) {
+        $domain=$sessiondata{'domain'};
+    } elsif (($env{'form.domain'}) && 
 	(&Apache::lonnet::domain($env{'form.domain'},'description'))) {
 	$domain=$env{'form.domain'};
     }
+
     my $role    = $r->dir_config('lonRole');
     my $loadlim = $r->dir_config('lonLoadLim');
     my $uloadlim= $r->dir_config('lonUserLoadLim');
@@ -141,9 +243,20 @@ sub handler {
     my $host_name = &Apache::lonnet::hostname($lonhost);
 
 # --------------------------------------------- Default values for login fields
-
-    my $authusername=($env{'form.username'}?$env{'form.username'}:'');
-    my $authdomain=($env{'form.domain'}?$env{'form.domain'}:$domain);
+    
+    my ($authusername,$authdomain);
+    if ($sessiondata{'username'}) {
+        $authusername=$sessiondata{'username'};
+    } else {
+        $env{'form.username'} = &Apache::loncommon::cleanup_html($env{'form.username'});
+        $authusername=($env{'form.username'}?$env{'form.username'}:'');
+    }
+    if ($sessiondata{'domain'}) {
+        $authdomain=$sessiondata{'domain'};
+    } else {
+        $env{'form.domain'} = &Apache::loncommon::cleanup_html($env{'form.domain'});
+        $authdomain=($env{'form.domain'}?$env{'form.domain'}:$domain);
+    }
 
 # ---------------------------------------------------------- Determine own load
     my $loadavg;
@@ -197,6 +310,12 @@ sub handler {
         }
         $tokenextras .= '&symb='.&escape($env{'form.symb'});
     }
+    if ($env{'form.iptoken'}) {
+        if (!$tokenextras) {
+            $tokenextras = '&&';
+        }
+        $tokenextras .= '&iptoken='.&escape($env{'form.iptoken'});
+    }
     my $logtoken=Apache::lonnet::reply(
        'tmpput:'.$ukey.$lkey.'&'.$firsturl.$tokenextras,
        $lonhost);
@@ -209,22 +328,36 @@ sub handler {
             &Apache::lonnet::logthis('No valid logtoken for log-in page -- unable to determine hostname for hostID: '.$lonhost.'. Check entry in hosts.tab');
         }
         my $spares='';
-	my $last;
-        foreach my $hostid (sort
-			    {
-				&Apache::lonnet::hostname($a) cmp
-				    &Apache::lonnet::hostname($b);
-			    }
-			    keys(%Apache::lonnet::spareid)) {
+        my (@sparehosts,%spareservers);
+        my $sparesref = &Apache::lonnet::this_host_spares($defdom);
+        if (ref($sparesref) eq 'HASH') {
+            foreach my $key (keys(%{$sparesref})) {
+                if (ref($sparesref->{$key}) eq 'ARRAY') {
+                    my @sorted = sort { &Apache::lonnet::hostname($a) cmp
+                                        &Apache::lonnet::hostname($b);
+                                      } @{$sparesref->{$key}};
+                    if (@sorted) {
+                        if ($key eq 'primary') {
+                            unshift(@sparehosts,@sorted);
+                        } elsif ($key eq 'default') {
+                            push(@sparehosts,@sorted);
+                        }
+                    }
+                }
+            }
+        }
+        foreach my $hostid (@sparehosts) {
             next if ($hostid eq $lonhost);
 	    my $hostname = &Apache::lonnet::hostname($hostid);
-	    next if (($last eq $hostname) || ($hostname eq ''));
-            $spares.='<br /><font size="+1"><a href="http://'.
+	    next if (($hostname eq '') || ($spareservers{$hostname}));
+            $spareservers{$hostname} = 1;
+            my $protocol = $Apache::lonnet::protocol{$hostid};
+            $protocol = 'http' if ($protocol ne 'https');
+            $spares.='<br /><span style="font-size: larger;"><a href="'.$protocol.'://'.
                 $hostname.
                 '/adm/login?domain='.$authdomain.'">'.
                 $hostname.'</a>'.
-                ' '.&mt('(preferred)').'</font>'.$/;
-	    $last=$hostname;
+                ' '.&mt('(preferred)').'</span>'.$/;
         }
         if ($spares) {
             $spares.= '<br />';
@@ -236,23 +369,26 @@ sub handler {
 			    &Apache::lonnet::hostname($b);
 		    }
 		    keys(%all_hostnames)) {
-            next if ($hostid eq $lonhost || $Apache::lonnet::spareid{$hostid});
+            next if ($hostid eq $lonhost);
             my $hostname = &Apache::lonnet::hostname($hostid);
-            next if (($last eq $hostname) || ($hostname eq ''));
-            $spares.='<br /><a href="http://'.
+            next if (($hostname eq '') || ($spareservers{$hostname}));
+            $spareservers{$hostname} = 1;
+            my $protocol = $Apache::lonnet::protocol{$hostid};
+            $protocol = 'http' if ($protocol ne 'https');
+            $spares.='<br /><a href="'.$protocol.'://'.
 	             $hostname.
 	             '/adm/login?domain='.$authdomain.'">'.
 	             $hostname.'</a>';
-            $last=$hostname;
          }
          $r->print(
-   '<html>'
-  .'<head><title>'
+   '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">'
+  .'<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">'
+  .'<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>'
   .&mt('The LearningOnline Network with CAPA')
   .'</title></head>'
   .'<body bgcolor="#FFFFFF">'
   .'<h1>'.&mt('The LearningOnline Network with CAPA').'</h1>'
-  .'<img src="/adm/lonKaputt/lonlogo_broken.gif" align="right" />'
+  .'<img src="/adm/lonKaputt/lonlogo_broken.gif" alt="broken icon" align="right" />'
   .'<h3>'.&mt('This LON-CAPA server is temporarily not available for login.').'</h3>');
         if ($spares) {
             $r->print('<p>'.&mt('Please attempt to login to one of the following servers:')
@@ -289,11 +425,17 @@ sub handler {
     if (defined(&Apache::loncommon::designparm('login.showlogo_logo',$domain))) {
         $showmainlogo = &Apache::loncommon::designparm('login.showlogo_logo',$domain);
     }
-    my $showadminmail=&Apache::loncommon::designparm('login.adminmail',$domain);
+    my $showadminmail;
+    my @possdoms = &Apache::lonnet::current_machine_domains();
+    if (grep(/^\Q$domain\E$/,@possdoms)) {
+        $showadminmail=&Apache::loncommon::designparm('login.adminmail',$domain);
+    }
     my $showcoursecat =
         &Apache::loncommon::designparm('login.coursecatalog',$domain);
     my $shownewuserlink = 
         &Apache::loncommon::designparm('login.newuser',$domain);
+    my $showhelpdesk =
+        &Apache::loncommon::designparm('login.helpdesk',$domain);
     my $now=time;
     my $js = (<<ENDSCRIPT);
 
@@ -312,11 +454,7 @@ lextkey=this.document.client.elements.le
 initkeys();
 
 this.document.server.elements.upass0.value
-    =crypted(this.document.client.elements.upass$now.value.substr(0,15));
-this.document.server.elements.upass1.value
-    =crypted(this.document.client.elements.upass$now.value.substr(15,15));
-this.document.server.elements.upass2.value
-    =crypted(this.document.client.elements.upass$now.value.substr(30,15));
+    =getCrypted(this.document.client.elements.upass$now.value);
 
 this.document.client.elements.uname.value='';
 this.document.client.elements.upass$now.value='';
@@ -347,6 +485,40 @@ ENDSCRIPT
 	       alink        => "$alink",
                onload       => 'javascript:enableInput();',);
 
+    my ($lonhost_in_use,$headextra,$headextra_exempt,@hosts,%defaultdomconf);
+    @hosts = &Apache::lonnet::current_machine_ids();
+    $lonhost_in_use = $lonhost;
+    if (@hosts > 1) {
+        foreach my $hostid (@hosts) {
+            if (&Apache::lonnet::host_domain($hostid) eq $defdom) {
+                $lonhost_in_use = $hostid;
+                last;
+            }
+        }
+    }
+    %defaultdomconf = &Apache::loncommon::get_domainconf($defdom);
+    $headextra = $defaultdomconf{$defdom.'.login.headtag_'.$lonhost_in_use};
+    $headextra_exempt = $defaultdomconf{$domain.'.login.headtag_exempt_'.$lonhost_in_use};
+    if ($headextra) {
+        my $omitextra;
+        if ($headextra_exempt ne '') {
+            my @exempt = split(',',$headextra_exempt);
+            my $ip = &Apache::lonnet::get_requestor_ip();
+            if (grep(/^\Q$ip\E$/,@exempt)) {
+                $omitextra = 1;
+            }
+        }
+        unless ($omitextra) {
+            my $confname = $defdom.'-domainconfig';
+            if ($headextra =~ m{^\Q/res/$defdom/$confname/login/headtag/$lonhost_in_use/\E}) {
+                my $extra = &Apache::lonnet::getfile(&Apache::lonnet::filelocation("",$headextra));
+                unless ($extra eq '-1') {
+                    $js .= "\n".$extra."\n";
+                }
+            }
+        }
+    }
+
     $r->print(&Apache::loncommon::start_page('The LearningOnline Network with CAPA Login',$js,
 			       { 'redirect'       => [$expire,'/adm/roles'], 
 				 'add_entries' => \%add_entries,
@@ -374,8 +546,10 @@ ENDSCRIPT
 
     my $forgotpw = &forgotpwdisplay(%lt);
     $forgotpw .= '<br />' if $forgotpw;
-    my $loginhelp = &loginhelpdisplay($authdomain,%lt);
-    $loginhelp .= '<br />' if $loginhelp;
+    my $loginhelp = &Apache::lonauth::loginhelpdisplay($authdomain);
+    if ($loginhelp) {
+        $loginhelp = '<a href="'.$loginhelp.'">'.$lt{'help'}.'</a><br />';
+    }
 
 # ---------------------------------------------------- Serve out DES JavaScript
     {
@@ -395,8 +569,6 @@ ENDSCRIPT
    <input type="hidden" name="serverid" value="$lonhost" />
    <input type="hidden" name="uname" value="" />
    <input type="hidden" name="upass0" value="" />
-   <input type="hidden" name="upass1" value="" />
-   <input type="hidden" name="upass2" value="" />
    <input type="hidden" name="udom" value="" />
    <input type="hidden" name="localpath" value="$env{'form.localpath'}" />
    <input type="hidden" name="localres" value="$env{'form.localres'}" />
@@ -422,18 +594,23 @@ ENDSERVERFORM
                         .'</b></span></noscript>';
     my $helpdeskscript;
     my $contactblock = &contactdisplay(\%lt,$servadm,$showadminmail,
-                                       $authdomain,\$helpdeskscript);
+                                       $authdomain,\$helpdeskscript,
+                                       $showhelpdesk,\@possdoms);
 
+    my $mobileargs;
+    if ($clientmobile) {
+        $mobileargs = 'autocapitalize="off" autocorrect="off"'; 
+    }
     my $loginform=(<<LFORM);
 <form name="client" action="" onsubmit="return(send())">
   <input type="hidden" name="lextkey" value="$lextkey" />
   <input type="hidden" name="uextkey" value="$uextkey" />
   <b><label for="uname">$lt{'un'}</label>:</b><br />
-  <input type="text" name="uname" id="uname" size="15" value="$authusername" readonly="readonly" /><br />
+  <input type="text" name="uname" id="uname" size="15" value="$authusername" readonly="readonly" $mobileargs /><br />
   <b><label for="upass$now">$lt{'pw'}</label>:</b><br />
   <input type="password" name="upass$now" id="upass$now" size="15" readonly="readonly" /><br />
   <b><label for="udom">$lt{'dom'}</label>:</b><br />
-  <input type="text" name="udom" id="udom" size="15" value="$authdomain" readonly="readonly" /><br />
+  <input type="text" name="udom" id="udom" size="15" value="$authdomain" readonly="readonly" $mobileargs /><br />
   <input type="submit" value="$lt{'log'}" />
 </form>
 LFORM
@@ -442,7 +619,7 @@ LFORM
         $r->print(<<HEADER);
 <!-- The LON-CAPA Header -->
 <div style="background:$pgbg;margin:0;width:100%;">
-  <img src="$img" border="0" alt="The Learning Online Network with CAPA" />
+  <img src="$img" border="0" alt="The Learning Online Network with CAPA" class="LC_maxwidth" />
 </div>
 HEADER
     }
@@ -466,7 +643,7 @@ HEADER
 <div>
 ENDTOP
     if ($showmainlogo) {
-        $r->print(' <img src="'.$logo.'" alt="" />'."\n");
+        $r->print(' <img src="'.$logo.'" alt="" class="LC_maxwidth" />'."\n");
     }
 $r->print(<<ENDTOP);
 $announcements
@@ -559,8 +736,8 @@ ENDDOCUMENT
 }
 
 sub check_loginvia {
-    my ($domain,$lonhost) = @_;
-    if ($domain eq '' || $lonhost eq '') {
+    my ($domain,$lonhost,$lonidsdir,$balcookie) = @_;
+    if ($domain eq '' || $lonhost eq '' || $lonidsdir eq '') {
         return;
     }
     my %domconfhash = &Apache::loncommon::get_domainconf($domain);
@@ -569,7 +746,7 @@ sub check_loginvia {
     my $output;
     if ($loginvia ne '') {
         my $noredirect;
-        my $ip = $ENV{'REMOTE_ADDR'};
+        my $ip = &Apache::lonnet::get_requestor_ip();
         if ($ip eq '127.0.0.1') {
             $noredirect = 1;
         } else {
@@ -589,6 +766,36 @@ sub check_loginvia {
             }
             if ($newhost ne $lonhost) {
                 if (&Apache::lonnet::hostname($newhost) ne '') {
+                    if ($balcookie) {
+                        my ($balancer,$cookie) = split(/:/,$balcookie);
+                        if ($cookie =~ /^($match_domain)_($match_username)_([a-f0-9]+)$/) {
+                            my ($udom,$uname,$cookieid) = ($1,$2,$3);
+                            unless (&Apache::lonnet::delbalcookie($cookie,$balancer) eq 'ok') {
+                                if ((-d $lonidsdir) && (opendir(my $dh,$lonidsdir))) {
+                                    while (my $filename=readdir($dh)) {
+                                        if ($filename=~/^(\Q$uname\E_\d+_\Q$udom\E_$match_lonid)\.id$/) {
+                                            my $handle = $1;
+                                            my %hash =
+                                                &Apache::lonnet::get_sessionfile_vars($handle,$lonidsdir,
+                                                                                     ['request.balancercookie',
+                                                                                      'user.linkedenv']);
+                                            if ($hash{'request.balancercookie'} eq "$balancer:$cookieid") {
+                                                if (unlink("$lonidsdir/$filename")) {
+                                                    if (($hash{'user.linkedenv'} =~ /^[a-f0-9]+_linked$/) &&
+                                                        (-l "$lonidsdir/$hash{'user.linkedenv'}.id") &&
+                                                        (readlink("$lonidsdir/$hash{'user.linkedenv'}.id") eq "$lonidsdir/$filename")) {
+                                                        unlink("$lonidsdir/$hash{'user.linkedenv'}.id");
+                                                    }
+                                                }
+                                            }
+                                            last;
+                                        }
+                                    }
+                                    closedir($dh);
+                                }
+                            }
+                        }
+                    }
                     $output = &redirect_page($newhost,$path);
                 }
             }
@@ -599,12 +806,13 @@ sub check_loginvia {
 
 sub redirect_page {
     my ($desthost,$path) = @_;
+    my $hostname = &Apache::lonnet::hostname($desthost);
     my $protocol = $Apache::lonnet::protocol{$desthost};
     $protocol = 'http' if ($protocol ne 'https');
     unless ($path =~ m{^/}) {
         $path = '/'.$path;
     }
-    my $url = $protocol.'://'.&Apache::lonnet::hostname($desthost).$path;
+    my $url = $protocol.'://'.$hostname.$path;
     if ($env{'form.firsturl'} ne '') {
         $url .='?firsturl='.$env{'form.firsturl'};
     }
@@ -615,12 +823,24 @@ sub redirect_page {
 }
 
 sub contactdisplay {
-    my ($lt,$servadm,$showadminmail,$authdomain,$helpdeskscript) = @_;
+    my ($lt,$servadm,$showadminmail,$authdomain,$helpdeskscript,$showhelpdesk,
+        $possdoms) = @_;
     my $contactblock;
-    my $showhelpdesk = 0;
-    my $requestmail = $Apache::lonnet::perlvar{'lonSupportEMail'};
-    if ($requestmail =~ m/^[^\@]+\@[^\@]+$/) {
-        $showhelpdesk = 1;
+    my $origmail;
+    if (ref($possdoms) eq 'ARRAY') {
+        if (grep(/^\Q$authdomain\E$/,@{$possdoms})) { 
+            $origmail = $Apache::lonnet::perlvar{'lonSupportEMail'};
+        }
+    }
+    my $requestmail = 
+        &Apache::loncommon::build_recipient_list(undef,'helpdeskmail',
+                                                 $authdomain,$origmail);
+    unless ($showhelpdesk eq '0') {
+        if ($requestmail =~ m/[^\@]+\@[^\@]+/) {
+            $showhelpdesk = 1;
+        } else {
+            $showhelpdesk = 0;
+        }
     }
     if ($servadm && $showadminmail) {
         $contactblock .= $$lt{'servadm'}.':<br />'.
@@ -633,7 +853,8 @@ sub contactdisplay {
 <script type="text/javascript">
 // <![CDATA[
 function helpdesk() {
-    var codedom = document.client.udom.value;
+    var possdom = document.client.udom.value;
+    var codedom = possdom.replace( new RegExp("[^A-Za-z0-9.\\-]","g"),'');
     if (codedom == '') {
         codedom = "$authdomain";
     }
@@ -656,25 +877,6 @@ sub forgotpwdisplay {
     }
     return;
 }
-
-sub loginhelpdisplay {
-    my ($authdomain,%lt) = @_;
-    my $login_help = 1;
-    if ($login_help) {
-        my $dom = $authdomain;
-        if ($dom eq '') {
-            $dom = &Apache::lonnet::default_login_domain();
-        }
-        my %helpconfig = &Apache::lonnet::get_dom('configuration',['helpsettings'],$dom);
-        my $loginhelp_url = $helpconfig{'helpsettings'}{'loginhelpurl'};
-        if ($loginhelp_url ne '') {
-            return '<a href="'.$loginhelp_url.'">'.$lt{'help'}.'</a>';
-        } else {
-            return '<a href="/adm/loginproblems.html">'.$lt{'help'}.'</a>';
-        }
-    }
-    return;
-}
 
 sub coursecatalog_link {
     my ($linkname) = @_;