Annotation of loncom/auth/loncacc.pm, revision 1.14
1.1 albertel 1: # The LearningOnline Network
2: # Cookie Based Access Handler for Construction Area
3: # (lonacc: 5/21/99,5/22,5/29,5/31 Gerd Kortemeyer)
1.4 www 4: # 6/15,16/11,22/11,
1.14 ! www 5: # 01/06,01/11,6/1,9/25,9/28,11/22,12/25,12/26,06/01 Gerd Kortemeyer
1.1 albertel 6:
7: package Apache::loncacc;
8:
9: use strict;
1.8 www 10: use Apache::Constants qw(:common :http :methods);
1.7 www 11: use Apache::File;
1.1 albertel 12: use CGI::Cookie();
1.14 ! www 13: use Fcntl qw(:flock);
1.1 albertel 14:
15: sub handler {
16: my $r = shift;
17: my $requrl=$r->uri;
18: my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
19: my $lonid=$cookies{'lonID'};
20: my $cookie;
21: if ($lonid) {
22: my $handle=$lonid->value;
23: $handle=~s/\W//g;
24: my $lonidsdir=$r->dir_config('lonIDsDir');
25: if ((-e "$lonidsdir/$handle.id") && ($handle ne '')) {
26: my $ownername=$requrl;
1.11 www 27: $ownername=~s/\/(?:\~|priv\/)(\w+).*/\1/;
1.1 albertel 28: my $ownerdomain=$r->dir_config('lonDefDomain');
29: my @handleparts=split(/\_/,$handle);
30: my $username=$handleparts[0];
31: my $domain=$handleparts[2];
32: if (($username ne $ownername) || ($domain ne $ownerdomain)) {
33: $r->log_reason
34: ("$username at $domain not authorized", $r->filename);
35: return HTTP_NOT_ACCEPTABLE;
36: }
1.2 www 37: my @profile;
38: {
39: my $idf=Apache::File->new("$lonidsdir/$handle.id");
1.14 ! www 40: flock($idf,LOCK_SH);
1.2 www 41: @profile=<$idf>;
1.14 ! www 42: $idf->close();
1.2 www 43: }
44: my $envi;
45: for ($envi=0;$envi<=$#profile;$envi++) {
46: chomp($profile[$envi]);
47: my ($envname,$envvalue)=split(/=/,$profile[$envi]);
1.9 www 48: $ENV{$envname} = $envvalue;
1.2 www 49: }
1.9 www 50: $ENV{'user.environment'} = "$lonidsdir/$handle.id";
51: $ENV{'request.state'} = "construct";
52: $ENV{'request.filename'} = $r->filename;
53:
54: # -------------------------------------------------------- Load POST parameters
55:
56:
1.12 www 57: my $buffer;
1.8 www 58:
1.12 www 59: $r->read($buffer,$r->header_in('Content-length'));
60:
61: unless ($buffer=~/^(\-+\w+)\s+Content\-Disposition\:\s*form\-data/si) {
1.5 www 62: my @pairs=split(/&/,$buffer);
1.9 www 63: my $pair;
1.5 www 64: foreach $pair (@pairs) {
1.9 www 65: my ($name,$value) = split(/=/,$pair);
1.6 www 66: $value =~ tr/+/ /;
67: $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
1.10 www 68: $name =~ tr/+/ /;
69: $name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
1.9 www 70: $ENV{"form.$name"}=$value;
1.5 www 71: }
1.12 www 72: } else {
73: my $contentsep=$1;
74: my @lines = split (/\n/,$buffer);
75: my $name='';
76: my $value='';
77: my $fname='';
78: my $fmime='';
79: my $i;
80: for ($i=0;$i<=$#lines;$i++) {
81: if ($lines[$i]=~/^$contentsep/) {
82: if ($name) {
83: chomp($value);
84: if ($fname) {
85: $ENV{"form.$name.filename"}=$fname;
86: $ENV{"form.$name.mimetype"}=$fmime;
1.13 www 87: } else {
88: $value=~s/\s+$//s;
1.12 www 89: }
1.13 www 90: $ENV{"form.$name"}=$value;
1.12 www 91: }
92: if ($i<$#lines) {
93: $i++;
94: $lines[$i]=~
95: /Content\-Disposition\:\s*form\-data\;\s*name\=\"([^\"]+)\"/i;
96: $name=$1;
97: $value='';
98: if ($lines[$i]=~/filename\=\"([^\"]+)\"/i) {
99: $fname=$1;
100: if
101: ($lines[$i+1]=~/Content\-Type\:\s*([\w\-\/]+)/i) {
102: $fmime=$1;
103: $i++;
104: } else {
105: $fmime='';
106: }
107: } else {
108: $fname='';
109: $fmime='';
110: }
111: $i++;
112: }
113: } else {
114: $value.=$lines[$i]."\n";
115: }
116: }
117: }
1.8 www 118: $r->method_number(M_GET);
119: $r->method('GET');
120: $r->headers_in->unset('Content-length');
121:
1.1 albertel 122: return OK;
123: } else {
124: $r->log_reason("Cookie $handle not valid", $r->filename)
125: };
126: }
1.6 www 127:
128: # ----------------------------------------------- Store where they wanted to go
129:
130: $ENV{'request.firsturl'}=$requrl;
1.1 albertel 131: return FORBIDDEN;
132: }
133:
134: 1;
135: __END__
136:
137:
138:
139:
140:
141:
142:
143:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to loncacc.pm CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom / auth