--- loncom/lonsql	2015/08/05 18:47:12	1.94
+++ loncom/lonsql	2019/04/24 01:44:38	1.98
@@ -3,7 +3,7 @@
 # The LearningOnline Network
 # lonsql - LON TCP-MySQL-Server Daemon for handling database requests.
 #
-# $Id: lonsql,v 1.94 2015/08/05 18:47:12 raeburn Exp $
+# $Id: lonsql,v 1.98 2019/04/24 01:44:38 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -231,7 +231,7 @@ unless ($dbh = DBI->connect("DBI:mysql:l
     my $emailto="$perlvar{'lonAdmEMail'},$perlvar{'lonSysEMail'}";
     my $subj="LON: $perlvar{'lonHostID'} Cannot connect to database!";
     system("echo 'Cannot connect to MySQL database!' |".
-           " mailto $emailto -s '$subj' > /dev/null");
+           " mail -s '$subj' $emailto > /dev/null");
 
     open(SMP,">$perlvar{'lonDocRoot'}/lon-status/mysql.txt");
     print SMP 'time='.time.'&mysql=defunct'."\n";
@@ -490,6 +490,7 @@ sub make_new_child {
                 $userdata{'domain'} = $udom;
                 $result = &allusers_table_update($query,$uname,$udom,\%userdata);
             } else {
+                # Sanity checking of $query needed.
                 # Do an sql query
                 $result = &do_sql_query($query,$arg1,$arg2,$arg3,$searchdomain);
             }
@@ -539,15 +540,23 @@ sub do_user_search {
         }
     } else {
         my %srchfield = (
+                          uname_ci => 'username collate latin1_general_ci',
                           uname    => 'username',
                           lastname => 'lastname',
+                          email    => 'permanentemail',
                         );
-        if ($srchtype eq 'exact') {
-            $query .= $srchfield{$srchby}.' = '.$dbh->quote($srchterm);
-        } elsif ($srchtype eq 'begins') {
-             $query .= $srchfield{$srchby}.' LIKE '.$dbh->quote($srchterm.'%');
+        if (exists($srchfield{$srchby})) {
+            if ($srchtype eq 'exact') {
+                $query .= $srchfield{$srchby}.' = '.$dbh->quote($srchterm);
+            } elsif ($srchtype eq 'begins') {
+                $query .= $srchfield{$srchby}.' LIKE '.$dbh->quote($srchterm.'%');
+            } else {
+                $query .= $srchfield{$srchby}.' LIKE '.$dbh->quote('%'.$srchterm.'%');
+            }
         } else {
-             $query .= $srchfield{$srchby}.' LIKE '.$dbh->quote('%'.$srchterm.'%');
+            &logthis('<font color="blue">'.
+                     'WARNING: Invalid srchby: '.$srchby.'</font>');  
+            return $result;
         }
     }
     $query .= ") ORDER BY username ";
@@ -637,11 +646,12 @@ sub get_multiple_instusers {
         if ($@) {
             $response = 'error';
         } elsif ($result eq 'ok') {
+            $response = $result;
             if (keys(%instusers)) {
-                $response = $result.':'.&Apache::lonnet::freeze_escape(\%instusers); 
+                $response .= '='.&Apache::lonnet::freeze_escape(\%instusers);
             }
-        } else {
-            $response = 'unavailable';
+        } elsif ($result eq 'unavailable') {
+            $response = $result;
         }
     } else {
         $response = 'invalid';