Annotation of loncom/auth/lonacc.pm, revision 1.14
1.1 albertel 1: # The LearningOnline Network
2: # Cookie Based Access Handler
1.4 www 3: # 5/21/99,5/22,5/29,5/31,6/15,16/11,22/11,
1.14 ! www 4: # 01/06,01/13,05/31,06/01,09/06,09/25,09/28,10/30,11/6,
! 5: # 12/25 Gerd Kortemeyer
1.1 albertel 6:
7: package Apache::lonacc;
8:
9: use strict;
1.8 www 10: use Apache::Constants qw(:common :http :methods);
1.2 www 11: use Apache::File;
1.6 www 12: use Apache::lonnet;
1.1 albertel 13: use CGI::Cookie();
14:
15: sub handler {
16: my $r = shift;
17: my $requrl=$r->uri;
18: my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
19: my $lonid=$cookies{'lonID'};
20: my $cookie;
21: if ($lonid) {
22: my $handle=$lonid->value;
23: $handle=~s/\W//g;
24: my $lonidsdir=$r->dir_config('lonIDsDir');
25: if ((-e "$lonidsdir/$handle.id") && ($handle ne '')) {
1.6 www 26:
27: # ------------------------------------------- Transfer profile into environment
28:
1.2 www 29: my @profile;
30: {
31: my $idf=Apache::File->new("$lonidsdir/$handle.id");
32: @profile=<$idf>;
33: }
34: my $envi;
35: for ($envi=0;$envi<=$#profile;$envi++) {
36: chomp($profile[$envi]);
37: my ($envname,$envvalue)=split(/=/,$profile[$envi]);
1.9 www 38: $ENV{$envname} = $envvalue;
1.2 www 39: }
1.9 www 40: $ENV{'user.environment'} = "$lonidsdir/$handle.id";
41: $ENV{'request.state'} = "published";
42: $ENV{'request.filename'} = $r->filename;
1.12 www 43:
1.13 www 44: # --------------------- Figure out referer, first from HTTP_REFERER, then cache
1.12 www 45:
46: my $referer='';
47: if ($referer=$r->header_in('Referer')) {
48: $ENV{'HTTP_REFERER'}=$referer;
49: } else {
50: $ENV{'HTTP_REFERER'}=$ENV{'httpref.'.$requrl};
51: }
1.6 www 52:
53: # -------------------------------------------------------- Load POST parameters
54:
1.8 www 55:
56:
1.14 ! www 57: my $buffer;
1.6 www 58:
1.14 ! www 59: $r->read($buffer,$r->header_in('Content-length'));
! 60:
! 61: unless ($buffer=~/^(\-+\w+)\s+Content\-Disposition\:\s*form\-data/si) {
1.5 www 62: my @pairs=split(/&/,$buffer);
1.6 www 63: my $pair;
1.5 www 64: foreach $pair (@pairs) {
1.6 www 65: my ($name,$value) = split(/=/,$pair);
66: $value =~ tr/+/ /;
67: $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
1.10 www 68: $name =~ tr/+/ /;
69: $name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
1.9 www 70: $ENV{"form.$name"}=$value;
1.6 www 71: }
1.14 ! www 72: } else {
! 73: my $contentsep=$1;
! 74: my @lines = split (/\n/,$buffer);
! 75: my $name='';
! 76: my $value='';
! 77: my $fname='';
! 78: my $fmime='';
! 79: my $i;
! 80: for ($i=0;$i<=$#lines;$i++) {
! 81: if ($lines[$i]=~/^$contentsep/) {
! 82: if ($name) {
! 83: chomp($value);
! 84: $ENV{"form.$name"}=$value;
! 85: if ($fname) {
! 86: $ENV{"form.$name.filename"}=$fname;
! 87: $ENV{"form.$name.mimetype"}=$fmime;
! 88: }
! 89: }
! 90: if ($i<$#lines) {
! 91: $i++;
! 92: $lines[$i]=~
! 93: /Content\-Disposition\:\s*form\-data\;\s*name\=\"([^\"]+)\"/i;
! 94: $name=$1;
! 95: $value='';
! 96: if ($lines[$i]=~/filename\=\"([^\"]+)\"/i) {
! 97: $fname=$1;
! 98: if
! 99: ($lines[$i+1]=~/Content\-Type\:\s*([\w\-\/]+)/i) {
! 100: $fmime=$1;
! 101: $i++;
! 102: } else {
! 103: $fmime='';
! 104: }
! 105: } else {
! 106: $fname='';
! 107: $fmime='';
! 108: }
! 109: $i++;
! 110: }
! 111: } else {
! 112: $value.=$lines[$i]."\n";
! 113: }
! 114: }
! 115: }
1.8 www 116: $r->method_number(M_GET);
117: $r->method('GET');
118: $r->headers_in->unset('Content-length');
1.6 www 119:
120: # ---------------------------------------------------------------- Check access
121:
122: if ($requrl!~/^\/adm\//) {
1.7 www 123: my $access=&Apache::lonnet::allowed('bre',$requrl);
124: if ($access eq '1') {
125: $ENV{'user.error.msg'}="$requrl:bre:0:0:Choose Course";
126: return HTTP_NOT_ACCEPTABLE;
127: }
128: if (($access ne '2') && ($access ne 'F')) {
129: $ENV{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
130: return HTTP_NOT_ACCEPTABLE;
131: }
1.5 www 132: }
1.2 www 133: return OK;
1.1 albertel 134: } else {
1.5 www 135: $r->log_reason("Cookie $handle not valid", $r->filename)
1.1 albertel 136: };
137: }
1.6 www 138:
139: # ----------------------------------------------- Store where they wanted to go
140:
141: $ENV{'request.firsturl'}=$requrl;
1.1 albertel 142: return FORBIDDEN;
143: }
144:
145: 1;
146: __END__
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>