--- loncom/interface/resetpw.pm	2017/08/21 15:25:55	1.40
+++ loncom/interface/resetpw.pm	2017/10/02 16:40:18	1.41
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Allow access to password changing via a token sent to user's e-mail. 
 #
-# $Id: resetpw.pm,v 1.40 2017/08/21 15:25:55 raeburn Exp $
+# $Id: resetpw.pm,v 1.41 2017/10/02 16:40:18 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -452,7 +452,11 @@ sub reset_passwd {
             return;
         } elsif ($now - $data{'time'} < 7200) {
             if ($env{'form.action'} eq 'verify_and_change_pass') {
+                $env{'form.uname'} =~ s/^\s+|\s+$//g;
+                $env{'form.udom'} =~ s/^\s+|\s+$//g;
+                $env{'form.email'} =~ s/^\s+|\s+$//g;
                 unless (($env{'form.uname'} eq $data{'username'}) && ($env{'form.udom'} eq $data{'domain'}) && ($env{'form.email'} eq $data{'email'})) {
+                    &Apache::lonnet::logthis("Forgot Password -- token data: ||$data{'username'}|| ||$data{'domain'}|| ||$data{'email'}|| differs from form: ||$env{'form.uname'}|| ||$env{'form.udom'}|| ||$env{'form.email'}||");
                     $r->print(&generic_failure_msg($contact_name,$contact_email));
                     return;
                 }