Annotation of loncom/auth/lonacc.pm, revision 1.18
1.1 albertel 1: # The LearningOnline Network
2: # Cookie Based Access Handler
1.4 www 3: # 5/21/99,5/22,5/29,5/31,6/15,16/11,22/11,
1.14 www 4: # 01/06,01/13,05/31,06/01,09/06,09/25,09/28,10/30,11/6,
1.17 www 5: # 12/25,12/26,
6: # 01/06/01,05/28 Gerd Kortemeyer
1.1 albertel 7:
8: package Apache::lonacc;
9:
10: use strict;
1.8 www 11: use Apache::Constants qw(:common :http :methods);
1.2 www 12: use Apache::File;
1.6 www 13: use Apache::lonnet;
1.1 albertel 14: use CGI::Cookie();
1.16 www 15: use Fcntl qw(:flock);
1.1 albertel 16:
17: sub handler {
18: my $r = shift;
19: my $requrl=$r->uri;
20: my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
21: my $lonid=$cookies{'lonID'};
22: my $cookie;
23: if ($lonid) {
24: my $handle=$lonid->value;
25: $handle=~s/\W//g;
26: my $lonidsdir=$r->dir_config('lonIDsDir');
27: if ((-e "$lonidsdir/$handle.id") && ($handle ne '')) {
1.6 www 28:
29: # ------------------------------------------- Transfer profile into environment
30:
1.2 www 31: my @profile;
32: {
33: my $idf=Apache::File->new("$lonidsdir/$handle.id");
1.16 www 34: flock($idf,LOCK_SH);
1.2 www 35: @profile=<$idf>;
1.16 www 36: $idf->close();
1.2 www 37: }
38: my $envi;
39: for ($envi=0;$envi<=$#profile;$envi++) {
40: chomp($profile[$envi]);
41: my ($envname,$envvalue)=split(/=/,$profile[$envi]);
1.9 www 42: $ENV{$envname} = $envvalue;
1.2 www 43: }
1.9 www 44: $ENV{'user.environment'} = "$lonidsdir/$handle.id";
1.18 ! www 45: if ($requrl=~/^\/res\//) {
1.17 www 46: $ENV{'request.state'} = "published";
47: } else {
48: $ENV{'request.state'} = 'unknown';
49: }
1.9 www 50: $ENV{'request.filename'} = $r->filename;
1.12 www 51:
1.13 www 52: # --------------------- Figure out referer, first from HTTP_REFERER, then cache
1.12 www 53:
54: my $referer='';
55: if ($referer=$r->header_in('Referer')) {
56: $ENV{'HTTP_REFERER'}=$referer;
57: } else {
58: $ENV{'HTTP_REFERER'}=$ENV{'httpref.'.$requrl};
59: }
1.6 www 60:
61: # -------------------------------------------------------- Load POST parameters
62:
1.8 www 63:
64:
1.14 www 65: my $buffer;
1.6 www 66:
1.14 www 67: $r->read($buffer,$r->header_in('Content-length'));
68:
69: unless ($buffer=~/^(\-+\w+)\s+Content\-Disposition\:\s*form\-data/si) {
1.5 www 70: my @pairs=split(/&/,$buffer);
1.6 www 71: my $pair;
1.5 www 72: foreach $pair (@pairs) {
1.6 www 73: my ($name,$value) = split(/=/,$pair);
74: $value =~ tr/+/ /;
75: $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
1.10 www 76: $name =~ tr/+/ /;
77: $name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
1.9 www 78: $ENV{"form.$name"}=$value;
1.6 www 79: }
1.14 www 80: } else {
81: my $contentsep=$1;
82: my @lines = split (/\n/,$buffer);
83: my $name='';
84: my $value='';
85: my $fname='';
86: my $fmime='';
87: my $i;
88: for ($i=0;$i<=$#lines;$i++) {
89: if ($lines[$i]=~/^$contentsep/) {
90: if ($name) {
91: chomp($value);
92: if ($fname) {
93: $ENV{"form.$name.filename"}=$fname;
94: $ENV{"form.$name.mimetype"}=$fmime;
1.15 www 95: } else {
96: $value=~s/\s+$//s;
1.14 www 97: }
1.15 www 98: $ENV{"form.$name"}=$value;
1.14 www 99: }
100: if ($i<$#lines) {
101: $i++;
102: $lines[$i]=~
103: /Content\-Disposition\:\s*form\-data\;\s*name\=\"([^\"]+)\"/i;
104: $name=$1;
105: $value='';
106: if ($lines[$i]=~/filename\=\"([^\"]+)\"/i) {
107: $fname=$1;
108: if
109: ($lines[$i+1]=~/Content\-Type\:\s*([\w\-\/]+)/i) {
110: $fmime=$1;
111: $i++;
112: } else {
113: $fmime='';
114: }
115: } else {
116: $fname='';
117: $fmime='';
118: }
119: $i++;
120: }
121: } else {
122: $value.=$lines[$i]."\n";
123: }
124: }
125: }
1.8 www 126: $r->method_number(M_GET);
127: $r->method('GET');
128: $r->headers_in->unset('Content-length');
1.6 www 129:
130: # ---------------------------------------------------------------- Check access
131:
132: if ($requrl!~/^\/adm\//) {
1.7 www 133: my $access=&Apache::lonnet::allowed('bre',$requrl);
134: if ($access eq '1') {
135: $ENV{'user.error.msg'}="$requrl:bre:0:0:Choose Course";
136: return HTTP_NOT_ACCEPTABLE;
137: }
138: if (($access ne '2') && ($access ne 'F')) {
139: $ENV{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
140: return HTTP_NOT_ACCEPTABLE;
141: }
1.5 www 142: }
1.2 www 143: return OK;
1.1 albertel 144: } else {
1.5 www 145: $r->log_reason("Cookie $handle not valid", $r->filename)
1.1 albertel 146: };
147: }
1.6 www 148:
149: # ----------------------------------------------- Store where they wanted to go
150:
151: $ENV{'request.firsturl'}=$requrl;
1.1 albertel 152: return FORBIDDEN;
153: }
154:
155: 1;
156: __END__
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to lonacc.pm CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom / auth