--- loncom/interface/resetpw.pm	2020/02/09 04:43:20	1.47
+++ loncom/interface/resetpw.pm	2021/11/30 16:08:44	1.51
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Allow access to password changing via a token sent to user's e-mail. 
 #
-# $Id: resetpw.pm,v 1.47 2020/02/09 04:43:20 raeburn Exp $
+# $Id: resetpw.pm,v 1.51 2021/11/30 16:08:44 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -115,6 +115,7 @@ sub handler {
         }
     }
     my %passwdconf = &Apache::lonnet::get_passwdconf($dom_in_effect);
+    my $clientip = &Apache::lonnet::get_requestor_ip($r);
     my $token = $env{'form.token'};
     my $useremail = $env{'form.useremail'};
     if (($udom ne '') && (!$otherinst) && (!$token)) {
@@ -292,7 +293,7 @@ END
     my $output;
     if ($token) {
         $r->print($header);
-        &reset_passwd($r,$token,$contact_name,$contact_email,\%passwdconf);
+        &reset_passwd($r,$token,$contact_name,$contact_email,$clientip,\%passwdconf);
         $r->print(&Apache::loncommon::end_page());
         return OK;
     } elsif ($udom) {
@@ -300,7 +301,7 @@ END
             $output = &invalid_state('baddomain',$domdesc,
                                      $contact_name,$contact_email); 
         } elsif ($otherinst) {
-            ($header,$output) = &homeserver_redirect($uname,$udom,$domdesc,$brcrum);
+            ($header,$output) = &homeserver_redirect($r,$uname,$udom,$domdesc,$brcrum);
         } elsif (($uname) || ($useremail)) {
             my $earlyout;
             unless ($passwdconf{'captcha'} eq 'unused') {
@@ -327,7 +328,7 @@ END
                 my $authtype = &Apache::lonnet::queryauthenticate($uname,$udom);
                 if ($authtype =~ /^internal/) {
                     my ($blocked,$blocktext) =
-                        &Apache::loncommon::blocking_status('passwd',$uname,$udom);
+                        &Apache::loncommon::blocking_status('passwd',$clientip,$uname,$udom);
                     if ($blocked) {
                         $output = '<p class="LC_warning">'.$blocktext.'</p>'
                                   .&display_actions($contact_email,$domdesc);
@@ -482,7 +483,8 @@ sub send_token {
 
     my $now = time;
     my $temppasswd = &create_passwd();
-    my %info = ('ip'         => $ENV{'REMOTE_ADDR'},
+    my $ip = &Apache::lonnet::get_requestor_ip(); 
+    my %info = ('ip'         => $ip,
 		'time'       => $now,
 		'domain'     => $udom,
 		'username'   => $uname,
@@ -578,7 +580,7 @@ sub invalid_state {
 }
 
 sub homeserver_redirect {
-    my ($uname,$udom,$domdesc,$brcrum) = @_;
+    my ($r,$uname,$udom,$domdesc,$brcrum) = @_;
     my $uhome;
     if (($uname ne '') && ($udom ne '')) {
         $uhome = &Apache::lonnet::homeserver($uname,$udom);
@@ -589,6 +591,8 @@ sub homeserver_redirect {
     my $hostname = &Apache::lonnet::hostname($uhome);
     my $protocol = $Apache::lonnet::protocol{$uhome};
     $protocol = 'http' if ($protocol ne 'https');
+    my $alias = &Apache::lonnet::use_proxy_alias($r,$uhome);
+    $hostname = $alias if ($alias ne '');
     my $url = $protocol.'://'.$hostname.'/adm/resetpw';
     # Breadcrumbs
     my $start_page = &Apache::loncommon::start_page('Switching Server',undef,
@@ -601,7 +605,7 @@ sub homeserver_redirect {
 }
 
 sub reset_passwd {
-    my ($r,$token,$contact_name,$contact_email,$passwdconf) = @_;
+    my ($r,$token,$contact_name,$contact_email,$clientip,$passwdconf) = @_;
     return unless (ref($passwdconf) eq 'HASH');
     my %data = &Apache::lonnet::tmpget($token);
     my $now = time;
@@ -622,7 +626,7 @@ sub reset_passwd {
         }
         my $reqtime = &Apache::lonlocal::locallocaltime($data{'time'});
         my ($blocked,$blocktext) =
-            &Apache::loncommon::blocking_status('passwd',$data{'username'},$data{'domain'});
+            &Apache::loncommon::blocking_status('passwd',$clientip,$data{'username'},$data{'domain'});
         if ($blocked) {
             $r->print('<p class="LC_warning">'.$blocktext.'</p>');
             return;
@@ -723,7 +727,8 @@ sub reset_passwd {
                     my $now = &Apache::lonlocal::locallocaltime(time);
                     my $domdesc = 
 			&Apache::lonnet::domain($data{'domain'},'description');
-                    my $mailmsg = &mt('The password for your LON-CAPA account in the [_1] domain was changed [_2] from IP address: [_3].  If you did not perform this change or authorize it, please contact the [_4] ([_5]).',$domdesc,$now,$ENV{'REMOTE_ADDR'},$contact_name,$contact_email)."\n";
+                    my $ip = &Apache::lonnet::get_requestor_ip();
+                    my $mailmsg = &mt('The password for your LON-CAPA account in the [_1] domain was changed [_2] from IP address: [_3].  If you did not perform this change or authorize it, please contact the [_4] ([_5]).',$domdesc,$now,$ip,$contact_name,$contact_email)."\n";
                     my $result = &send_mail($domdesc,$data{'email'},$mailmsg,
                                             $contact_name,$contact_email);
                     my $confirm_msg;
@@ -753,6 +758,8 @@ sub reset_passwd {
                         my $hostname = &Apache::lonnet::hostname($homeserver);
                         my $protocol = $Apache::lonnet::protocol{$homeserver};
                         $protocol = 'http' if ($protocol ne 'https');
+                        my $alias = &Apache::lonnet::use_proxy_alias($r,$homeserver);
+                        $hostname = $alias if ($alias ne '');
                         my $url = $protocol.'://'.$hostname.'/adm/resetpw';
                         my ($opentag,$closetag);
                         if ($url) {