0aeff60fc05530d3afddec03f650f9d6c8909458
chinhli
  Fri Jun 15 13:32:26 2012 -0700
Soft code the domain value in cookies, use central.domain or domain in returnTo URL.
diff --git src/hg/hgLogin/hgLogin.c src/hg/hgLogin/hgLogin.c
index 2bd7cc7..f01d318 100644
--- src/hg/hgLogin/hgLogin.c
+++ src/hg/hgLogin/hgLogin.c
@@ -22,31 +22,44 @@
 #include "gbMembers.h"
 #include "versionInfo.h"
 
 /* ---- Global variables. ---- */
 char msg[4096] = "";
 /* The excludeVars are not saved to the cart. */
 char *excludeVars[] = { "submit", "Submit", "debug", "fixMembers", "update", 
      "hgLogin_password", "hgLogin_password2", "hgLogin_newPassword1",
      "hgLogin_newPassword2", NULL };
 struct cart *cart;	/* This holds cgi and other variables between clicks. */
 char *database;		/* Name of genome database - hg15, mm3, or the like. */
 struct hash *oldCart;	/* Old cart hash. */
 char *errMsg;           /* Error message to show user when form data rejected */
 char signature[256]="\nUCSC Genome Browser\nhttp://www.genome.ucsc.edu ";
 
-/* -------- password functions depend on optionally installed openssl lib ---- */
+/* ---- Global helper functions ---- */
+char *mailSignature()
+/* Return the signature to be used by outbound mail or NULL. Allocd here. */
+{
+return cloneString(cfgOption(CFG_LOGIN_SIGNATURE));
+}
+
+char *mailReturnAddr()
+/* Return the return addr. to be used by outbound mail or NULL. Allocd here. */
+{
+return cloneString(cfgOption(CFG_LOGIN_RETURN_ADDR));
+}
+
+/* ---- password functions depend on optionally installed openssl lib ---- */
 #ifdef USE_SSL
 #include <openssl/md5.h>
 
 
 void cryptWikiWay(char *password, char *salt, char* result)
 /* encrypt password in mediawiki format - 
    ':B:'.$salt.':'. md5($salt.'-'.md5($password ) */
 {
 int i;
 unsigned char result1[MD5_DIGEST_LENGTH];
 unsigned char result2[MD5_DIGEST_LENGTH];
 char firstMD5[MD5_DIGEST_LENGTH*2 + 1];
 char secondMD5[MD5_DIGEST_LENGTH*2 + 1];
 i = MD5_DIGEST_LENGTH;
 MD5((unsigned char *)password, strlen(password), result1);
@@ -1011,50 +1024,69 @@
 return;
 }
 
 boolean usingNewPassword(struct sqlConnection *conn, char *userName)
 /* The user is using  requested new password */
 {
 char query[256];
 safef(query,sizeof(query), "select passwordChangeRequired from gbMembers where userName='%s'", userName);
 char *change = sqlQuickString(conn, query);
 if (change && sameString(change, "Y"))
     return TRUE;
 else
     return FALSE;
 }
 
+char *cookieDomainName()
+/* Return the domain name to be used by the cookies or NULL. Allocd
+ * here. */
+/* Return central.domain if the returnToURL is also in the same domain
+ * */
+/* else return the domain in returnTo URL generated by (remote)
+ * hgSession.*/
+{
+char *centralDomain=cloneString(cfgOption(CFG_CENTRAL_DOMAIN));
+char *returnURL = getReturnToURL();
+char returnToDomain[256];
+sscanf(returnURL, "http://%[^/]", returnToDomain);
+if (endsWith(returnToDomain,centralDomain))
+    return centralDomain;
+else
+    return returnToDomain;
+}
+
 void displayLoginSuccess(char *userName, int userID)
 /* display login success msg, and set cookie */
 {
 hPrintf("<h2>UCSC Genome Browser</h2>"
     "<p align=\"left\">"
     "</p>"
     "<span style='color:red;'></span>"
     "\n");
 /* Set cookies */
+char *domainName=cookieDomainName();
 hPrintf("<script language=\"JavaScript\">"
     " document.write(\"Login successful, setting cookies now...\");"
     "</script>\n"
     "<script language=\"JavaScript\">"
-    "document.cookie =  \"wikidb_mw1_UserName=%s; domain=ucsc.edu; expires=Thu, 31 Dec 2099, 20:47:11 UTC; path=/\"; "
+    "document.cookie =  \"wikidb_mw1_UserName=%s; domain=%s; expires=Thu, 31 Dec 2099, 20:47:11 UTC; path=/\"; "
     "\n"
-    "document.cookie =  \"wikidb_mw1_UserID=%d; domain=ucsc.edu; expires=Thu, 31 Dec 2099, 20:47:11 UTC; path=/\";"
+    "document.cookie =  \"wikidb_mw1_UserID=%d; domain=%s; expires=Thu, 31 Dec 2099, 20:47:11 UTC; path=/\";"
     " </script>"
-    "\n", userName,userID);
+    "\n", userName, domainName, userID, domainName);
 cartRemove(cart,"hgLogin_userName");
-returnToURL(150);
+returnToURL(15);
 }
 
 void displayLogin(struct sqlConnection *conn)
 /* display and process login info */
 {
 struct sqlResult *sr;
 char **row;
 char query[256];
 char *userName = cartUsualString(cart, "hgLogin_userName", "");
 if (sameString(userName,""))
     {
     freez(&errMsg);
     errMsg = cloneString("User name cannot be blank.");
     displayLoginPage(conn);
     return;
@@ -1110,35 +1142,36 @@
     errMsg = cloneString("Invalid user name or password.");
     displayLoginPage(conn);
     return;
     }
 gbMembersFree(&m);
 }
 
 void  displayLogoutSuccess()
 /* display logout success msg, and reset cookie */
 {
 hPrintf("<h2>UCSC Genome Browser Sign Out</h2>"
     "<p align=\"left\">"
     "</p>"
     "<span style='color:red;'></span>"
     "\n");
+char *domainName=cookieDomainName();
 hPrintf("<script language=\"JavaScript\">"
-    "document.cookie =  \"wikidb_mw1_UserName=; domain=ucsc.edu; expires=Thu, 01-Jan-70 00:00:01 GMT; path=/\"; "
+    "document.cookie =  \"wikidb_mw1_UserName=; domain=%s; expires=Thu, 01-Jan-70 00:00:01 GMT; path=/\"; "
     "\n"
-    "document.cookie =  \"wikidb_mw1_UserID=; domain=ucsc.edu; expires=Thu, 01-Jan-70 00:00:01 GMT; path=/\";"
-    "</script>\n");
+    "document.cookie =  \"wikidb_mw1_UserID=; domain=%s; expires=Thu, 01-Jan-70 00:00:01 GMT; path=/\";"
+    "</script>\n", domainName, domainName);
 /* return to "returnto" URL */
 returnToURL(150);
 }
 
 void doMiddle(struct cart *theCart)
 /* Write the middle parts of the HTML page.
  * This routine sets up some globals and then
  * dispatches to the appropriate page-maker. */
 {
 struct sqlConnection *conn = hConnectCentral();
 cart = theCart;
 
 if (cartVarExists(cart, "hgLogin.do.changePasswordPage"))
     changePasswordPage(conn);
 else if (cartVarExists(cart, "hgLogin.do.changePassword"))