[BACK]Return to restrictedaccess.pm CVS log [TXT] [DIR] Up to [LON-CAPA] / loncom / auth
File:  [LON-CAPA] / loncom / auth / restrictedaccess.pm
Revision 1.1: download - view: text, annotated - select for diffs
Mon Jul 10 03:58:45 2006 UTC (17 years, 11 months ago) by raeburn
Branches: MAIN
CVS tags: HEAD
Mechanism for user to provide passphrase, and for the server to validate it when user attempts to access a passphrase-protected portfolio file.

    1: # The LearningOnline Network
    2: # Passphrase Entry and Validation for Portfolio files 
    3: #
    4: # Copyright Michigan State University Board of Trustees
    5: #
    6: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
    7: #
    8: # LON-CAPA is free software; you can redistribute it and/or modify
    9: # it under the terms of the GNU General Public License as published by
   10: # the Free Software Foundation; either version 2 of the License, or
   11: # (at your option) any later version.
   12: #
   13: # LON-CAPA is distributed in the hope that it will be useful,
   14: # but WITHOUT ANY WARRANTY; without even the implied warranty of
   15: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   16: # GNU General Public License for more details.
   17: #
   18: # You should have received a copy of the GNU General Public License
   19: # along with LON-CAPA; if not, write to the Free Software
   20: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
   21: #
   22: # /home/httpd/html/adm/gpl.txt
   23: #
   24: # http://www.lon-capa.org/
   25: #
   26: 
   27: package Apache::restrictedaccess;
   28: 
   29: use strict;
   30: use lib '/home/httpd/lib/perl/';
   31: use Apache::Constants qw(:common :http REDIRECT);
   32: use CGI::Cookie();
   33: use Apache::File ();
   34: use Apache::lonnet;
   35: use Apache::loncommon();
   36: use Apache::lonauth();
   37: use Apache::lonlocal;
   38: use Apache::lonacc;
   39: use Fcntl qw(:flock);
   40: use LONCAPA;
   41: 
   42: sub handler {
   43:     my $r = shift;
   44: 
   45:     &Apache::loncommon::get_unprocessed_cgi
   46:         ($ENV{'QUERY_STRING'}.'&'.$env{'request.querystring'},
   47:          ['origurl']);
   48: 
   49:     &Apache::lonacc::get_posted_cgi($r);
   50:     my $origurl = &unescape($env{'form.origurl'});
   51:     my $msg;
   52:     if (exists($env{'form.pass1'})) {
   53:         my ($result,$end) = &check_pass($r,$origurl);
   54:         if ($result eq 'ok') {
   55:             my $cookie_check = &print_redirect($r,$end,$origurl);
   56:             if ($cookie_check eq 'ok') {
   57:                 $env{'request.state'} = "published";
   58:                 $env{'request.filename'} = $origurl;
   59:                 $r->header_out(Location => 'http://'.$ENV{'HTTP_HOST'}.$origurl);
   60:                 return REDIRECT;
   61:             } else {
   62:                 &print_entryform($r,$origurl,$cookie_check);
   63:             }
   64:         } else {
   65:             $msg = "Invalid passphrase";
   66:             &print_entryform($r,$origurl,$msg);
   67:         }
   68:     } else {
   69:         &print_entryform($r,$origurl);
   70:     }
   71:     return OK;
   72: }
   73: 
   74: sub print_entryform {
   75:     my ($r,$origurl,$msg) = @_;
   76:     &Apache::lonlocal::get_language_handle($r);
   77:     &Apache::loncommon::content_type($r,'text/html');
   78:     $r->send_http_header;
   79:     return OK if $r->header_only;
   80: 
   81:     $r->print(&Apache::loncommon::start_page('Passphrase protected file'));
   82:     $r->print('<script type="text/javascript">
   83: function verify() {
   84:     if (document.passform.pass1.value == "") {
   85:         alert("You must enter a passphrase");
   86:         return;
   87:     }
   88:     if (document.passform.pass1.value != document.passform.pass2.value) {
   89:         alert("Passphrases do not match");
   90:         return;
   91:     }
   92:     document.passform.submit();
   93: } 
   94: </script>');
   95:     $r->print('<b>'.$msg.'</b>');
   96:     $r->print('<div align="center"><form name="passform" method="post" '.
   97:               'action="/adm/restrictedaccess">');
   98:     $r->print('<br /><br /><br />');
   99:     $r->print(&Apache::loncommon::start_data_table());
  100:     $r->print(&Apache::loncommon::start_data_table_row());     
  101:     $r->print('<td><nobr>'.&mt('Passphrase: ').'</nobr></td>'.
  102:               '<td><input type="password" size="20" name="pass1"></td>');
  103:     $r->print(&Apache::loncommon::end_data_table_row());
  104:     $r->print(&Apache::loncommon::start_data_table_row());
  105:     $r->print('<td><nobr>'.&mt('Confirm passphrase: ').'</nobr></td>');
  106:     $r->print('<td><input type="password" size="20" name="pass2" /></td>');
  107:     $r->print(&Apache::loncommon::end_data_table_row());
  108:     $r->print(&Apache::loncommon::start_data_table_row());
  109:     $r->print('<td align="center" colspan="2"><br />'.
  110:               '<input type="button" name="sendpass" value="'.
  111:               &mt('Submit passphrase').'" onClick="verify()" /></td>');
  112:     $r->print(&Apache::loncommon::end_data_table_row());
  113:     $r->print(&Apache::loncommon::end_data_table());
  114:     $r->print('<input type="hidden" name="origurl" value="'.
  115:               &escape($origurl).'" /></form></div>');
  116:     $r->print(&Apache::loncommon::end_page());
  117: }
  118: 
  119: sub print_redirect {
  120:     my ($r,$end,$requrl) = @_;
  121:     my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
  122:     my $lonid=$cookies{'lonID'};
  123:     my $lonidsdir=$r->dir_config('lonIDsDir');
  124:     my $cookie;
  125:     if ($lonid) {
  126:         $cookie=$lonid->value;
  127:         $cookie=~s/\W//g;
  128:     }
  129:     if ($cookie) {
  130:         my $envkey = 'user.passphrase_access_'.$requrl;
  131:         open(my $idf,">>$lonidsdir/$cookie.id");
  132:         if (!flock($idf,LOCK_EX)) {
  133:             &Apache::lonnet::logthis("<font color=blue>WARNING: ".
  134:                    'Could not obtain exclusive lock in restrictedaccess: '.$!);
  135:             close($idf);
  136:             return 'error: '.$!;
  137:         } else {
  138:             print $idf (&escape($envkey).'='.&escape($end)."\n");
  139:             close($idf);
  140:             return 'ok';
  141:         }
  142:     } else {
  143:         return 'error: no cookie set';
  144:     }
  145: }
  146: 
  147: sub check_pass {
  148:     my ($r,$origurl) = @_;
  149:     my $password = $env{'form.pass1'};
  150:     my ($udom,$unum,$group,$file_name,$result,$end);
  151:     if ($origurl =~  m-/+uploaded/([^/]+)/([^/]+)/portfolio(/.+)$-) {
  152:         $udom = $1;
  153:         $unum = $2;
  154:         $file_name = $3;
  155:     } elsif ($origurl =~ m-/+uploaded/([^/]+)/([^/]+)/groups/([^/]+)/portfolio/(.+)$-) {
  156:         $udom = $1;
  157:         $unum = $2;
  158:         $group = $3;
  159:         $file_name = $3.'/'.$4;
  160:     }
  161:     my $curr_perms = &Apache::lonnet::get_portfile_permissions($udom,$unum);
  162:     my %acc_controls = &Apache::lonnet::get_access_controls($curr_perms,
  163:                                                             $group,$file_name);
  164:     my $access_hash = $acc_controls{$file_name};
  165:     foreach my $key (sort(keys(%{$access_hash}))) {
  166:         if ($key =~ /^[^:]+:guest_(\d+)/) {
  167:             $end = $1;
  168:             my $content = $$access_hash{$key};
  169:             my $passwd = $content->{'password'};
  170:             if ($password eq $passwd) {
  171:                 $result = 'ok';
  172:             } else {
  173:                 $result = 'fail';
  174:             }
  175:             last;
  176:         }
  177:     }
  178:     return ($result,$end);
  179: }
  180: 
  181: 1;
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>