Annotation of loncom/auth/restrictedaccess.pm, revision 1.4
1.1 raeburn 1: # The LearningOnline Network
2: # Passphrase Entry and Validation for Portfolio files
3: #
4: # Copyright Michigan State University Board of Trustees
5: #
6: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
7: #
8: # LON-CAPA is free software; you can redistribute it and/or modify
9: # it under the terms of the GNU General Public License as published by
10: # the Free Software Foundation; either version 2 of the License, or
11: # (at your option) any later version.
12: #
13: # LON-CAPA is distributed in the hope that it will be useful,
14: # but WITHOUT ANY WARRANTY; without even the implied warranty of
15: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16: # GNU General Public License for more details.
17: #
18: # You should have received a copy of the GNU General Public License
19: # along with LON-CAPA; if not, write to the Free Software
20: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21: #
22: # /home/httpd/html/adm/gpl.txt
23: #
24: # http://www.lon-capa.org/
25: #
26:
27: package Apache::restrictedaccess;
28:
29: use strict;
30: use lib '/home/httpd/lib/perl/';
31: use Apache::Constants qw(:common :http REDIRECT);
32: use CGI::Cookie();
33: use Apache::lonnet;
34: use Apache::loncommon();
35: use Apache::lonauth();
36: use Apache::lonlocal;
37: use Apache::lonacc;
38: use Fcntl qw(:flock);
39: use LONCAPA;
40:
41: sub handler {
42: my $r = shift;
43:
44: my $origurl = &unescape($env{'form.origurl'});
1.2 albertel 45: if (!defined($origurl)) {
46: $origurl = $r->uri;
47: }
1.1 raeburn 48: if (exists($env{'form.pass1'})) {
49: my ($result,$end) = &check_pass($r,$origurl);
50: if ($result eq 'ok') {
1.2 albertel 51: &Apache::lonnet::appenv(('user.passphrase_access_'.$origurl =>
52: $end));
53: $env{'request.state'} = "published";
54: $env{'request.filename'} = $origurl;
55: $r->header_out(Location => 'http://'.$ENV{'HTTP_HOST'}.$origurl);
56: return REDIRECT;
1.1 raeburn 57: } else {
1.2 albertel 58: &print_entryform($r,$origurl,"Invalid passphrase");
1.1 raeburn 59: }
60: } else {
61: &print_entryform($r,$origurl);
62: }
63: return OK;
64: }
65:
66: sub print_entryform {
67: my ($r,$origurl,$msg) = @_;
68: &Apache::lonlocal::get_language_handle($r);
69: &Apache::loncommon::content_type($r,'text/html');
70: $r->send_http_header;
71: return OK if $r->header_only;
72:
73: $r->print(&Apache::loncommon::start_page('Passphrase protected file'));
74: $r->print('<script type="text/javascript">
75: function verify() {
76: if (document.passform.pass1.value == "") {
77: alert("You must enter a passphrase");
78: return;
79: }
80: document.passform.submit();
81: }
82: </script>');
1.2 albertel 83: $r->print('<span class="LC_error">'.$msg.'</span>');
1.1 raeburn 84: $r->print('<div align="center"><form name="passform" method="post" '.
85: 'action="/adm/restrictedaccess">');
86: $r->print('<br /><br /><br />');
87: $r->print(&Apache::loncommon::start_data_table());
88: $r->print(&Apache::loncommon::start_data_table_row());
89: $r->print('<td><nobr>'.&mt('Passphrase: ').'</nobr></td>'.
90: '<td><input type="password" size="20" name="pass1"></td>');
91: $r->print(&Apache::loncommon::end_data_table_row());
92: $r->print(&Apache::loncommon::start_data_table_row());
93: $r->print('<td align="center" colspan="2"><br />'.
94: '<input type="button" name="sendpass" value="'.
95: &mt('Submit passphrase').'" onClick="verify()" /></td>');
96: $r->print(&Apache::loncommon::end_data_table_row());
97: $r->print(&Apache::loncommon::end_data_table());
98: $r->print('<input type="hidden" name="origurl" value="'.
99: &escape($origurl).'" /></form></div>');
100: $r->print(&Apache::loncommon::end_page());
101: }
102:
103: sub check_pass {
104: my ($r,$origurl) = @_;
1.3 albertel 105: my (undef,$udom,$unum,$file_name,$group) =
1.4 ! albertel 106: &Apache::lonnet::parse_portfolio_url($origurl);
1.3 albertel 107:
1.1 raeburn 108: my $curr_perms = &Apache::lonnet::get_portfile_permissions($udom,$unum);
109: my %acc_controls = &Apache::lonnet::get_access_controls($curr_perms,
110: $group,$file_name);
111: my $access_hash = $acc_controls{$file_name};
1.3 albertel 112:
113: my ($result,$end);
1.1 raeburn 114: foreach my $key (sort(keys(%{$access_hash}))) {
115: if ($key =~ /^[^:]+:guest_(\d+)/) {
116: $end = $1;
1.2 albertel 117: if ($env{'form.pass1'} eq $access_hash->{$key}{'password'}) {
1.1 raeburn 118: $result = 'ok';
119: } else {
120: $result = 'fail';
121: }
122: last;
123: }
124: }
125: return ($result,$end);
126: }
127:
128: 1;
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>