--- loncom/interface/resetpw.pm	2021/05/04 18:47:36	1.49
+++ loncom/interface/resetpw.pm	2021/11/30 15:55:37	1.50
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Allow access to password changing via a token sent to user's e-mail. 
 #
-# $Id: resetpw.pm,v 1.49 2021/05/04 18:47:36 raeburn Exp $
+# $Id: resetpw.pm,v 1.50 2021/11/30 15:55:37 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -115,6 +115,7 @@ sub handler {
         }
     }
     my %passwdconf = &Apache::lonnet::get_passwdconf($dom_in_effect);
+    my $clientip = &Apache::lonnet::get_requestor_ip($r);
     my $token = $env{'form.token'};
     my $useremail = $env{'form.useremail'};
     if (($udom ne '') && (!$otherinst) && (!$token)) {
@@ -292,7 +293,7 @@ END
     my $output;
     if ($token) {
         $r->print($header);
-        &reset_passwd($r,$token,$contact_name,$contact_email,\%passwdconf);
+        &reset_passwd($r,$token,$contact_name,$contact_email,$clientip,\%passwdconf);
         $r->print(&Apache::loncommon::end_page());
         return OK;
     } elsif ($udom) {
@@ -327,7 +328,7 @@ END
                 my $authtype = &Apache::lonnet::queryauthenticate($uname,$udom);
                 if ($authtype =~ /^internal/) {
                     my ($blocked,$blocktext) =
-                        &Apache::loncommon::blocking_status('passwd',$uname,$udom);
+                        &Apache::loncommon::blocking_status('passwd',$clentip,$uname,$udom);
                     if ($blocked) {
                         $output = '<p class="LC_warning">'.$blocktext.'</p>'
                                   .&display_actions($contact_email,$domdesc);
@@ -604,7 +605,7 @@ sub homeserver_redirect {
 }
 
 sub reset_passwd {
-    my ($r,$token,$contact_name,$contact_email,$passwdconf) = @_;
+    my ($r,$token,$contact_name,$contact_email,$clientip,$passwdconf) = @_;
     return unless (ref($passwdconf) eq 'HASH');
     my %data = &Apache::lonnet::tmpget($token);
     my $now = time;
@@ -625,7 +626,7 @@ sub reset_passwd {
         }
         my $reqtime = &Apache::lonlocal::locallocaltime($data{'time'});
         my ($blocked,$blocktext) =
-            &Apache::loncommon::blocking_status('passwd',$data{'username'},$data{'domain'});
+            &Apache::loncommon::blocking_status('passwd',$clientip,$data{'username'},$data{'domain'});
         if ($blocked) {
             $r->print('<p class="LC_warning">'.$blocktext.'</p>');
             return;
@@ -792,6 +793,7 @@ sub reset_passwd {
                     delete($env{'form.udom'});
                 }
             } else {
+#FIXME
                 $r->print(&mt('The token included in an e-mail sent to you [_1] has been verified, so you may now proceed to reset the password for your LON-CAPA account.',$reqtime).'<br /><br />');
                 if (keys(%formfields)) {
                     if (($formfields{'username'}) && ($formfields{'email'})) {