File:
[LON-CAPA] /
loncom /
cgi /
loncgi.pm
Revision
1.16:
download - view:
text,
annotated -
select for diffs
Wed Jul 4 16:58:26 2018 UTC (6 years, 5 months ago) by
raeburn
Branches:
MAIN
CVS tags:
version_2_12_X,
version_2_11_X,
version_2_11_5_msu,
version_2_11_5,
version_2_11_4_uiuc,
version_2_11_4_msu,
version_2_11_4,
version_2_11_3_uiuc,
version_2_11_3_msu,
version_2_11_3,
HEAD
- Use 'secure' attribute for session cookie on servers using Apache/SSL.
#
# LON-CAPA helpers for cgi-bin scripts
#
# $Id: loncgi.pm,v 1.16 2018/07/04 16:58:26 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
# This file is part of the LearningOnline Network with CAPA (LON-CAPA).
#
# LON-CAPA is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# LON-CAPA is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with LON-CAPA; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# /home/httpd/html/adm/gpl.txt
#
# http://www.lon-capa.org/
#
#############################################
#############################################
=pod
=head1 NAME
loncgi
=head1 SYNOPSIS
Provides subroutines for checking a LON-CAPA cookie, loading the user's
environment, and retrieving arguments passed in via a CGI's Query String.
=head1 Subroutines
=over 4
=cut
#############################################
#############################################
package LONCAPA::loncgi;
use strict;
use warnings FATAL=>'all';
no warnings 'uninitialized';
use lib '/home/httpd/lib/perl/';
use CGI qw(:standard);
use CGI::Cookie();
use MIME::Types();
use Fcntl qw(:flock);
use LONCAPA;
use LONCAPA::Configuration();
use GDBM_File;
use Apache::lonlocal;
my $lonidsdir;
BEGIN {
my $perlvar=LONCAPA::Configuration::read_conf('loncapa.conf');
delete $perlvar->{'lonReceipt'};
$lonidsdir = $perlvar->{'lonIDsDir'};
}
#############################################
#############################################
=pod
=item check_cookie_and_load_env()
Inputs: 1 ( optional). When called from a handler in mod_perl,
pass in the request object.
Returns: 1 if the user has a LON-CAPA cookie, 0 if not.
Side effect: Loads the user's environment into the %env hash
if the cookie is correct.
=cut
#############################################
#############################################
sub check_cookie_and_load_env {
my ($r) = @_;
my ($hascookie,$handle) = &check_cookie($r);
if (($hascookie) && ($handle)) {
&transfer_profile_to_env($handle);
}
return $hascookie;
}
#############################################
#############################################
=pod
=item check_cookie()
Inputs: none
Array context:
Returns: (1,$handle) if the user has a LON-CAPA cookie;
(0) if user does not have a LON-CAPA cookie.
Scalar context:
Returns: 1 if the user has a LON-CAPA cookie and 0 if not.
=cut
#############################################
#############################################
sub check_cookie {
my ($r) = @_;
my %cookies;
if (ref($r)) {
%cookies = CGI::Cookie->fetch($r);
} else {
%cookies = CGI::Cookie->fetch();
}
if (keys(%cookies)) {
my $name = 'lonID';
my $secure = 'lonSID';
my $linkname = 'lonLinkID';
my $pubname = 'lonPubID';
my $lonid;
if (exists($cookies{$secure})) {
$lonid=$cookies{$secure};
} elsif (exists($cookies{$name})) {
$lonid=$cookies{$name};
} elsif (exists($cookies{$linkname})) {
$lonid=$cookies{$linkname};
} elsif (exists($cookies{$pubname})) {
$lonid=$cookies{$pubname};
}
if ($lonid) {
my $handle=&LONCAPA::clean_handle($lonid->value);
if ($handle) {
if (-l "$lonidsdir/$handle.id") {
my $link = readlink("$lonidsdir/$handle.id");
if ((-e $link) && ($link =~ m{^\Q$lonidsdir\E/(.+)\.id$})) {
$handle = $1;
}
}
if (-e "$lonidsdir/".$handle.".id") {
# valid cookie found
if (wantarray) {
return (1,$handle);
} else {
return 1;
}
}
}
}
}
# No valid cookie found
if (wantarray) {
return (0);
} else {
return 0;
}
}
#############################################
#############################################
=pod
=item transfer_profile_to_env()
Load the users environment into the %env hash.
Inputs: $handle, the name of the users LON-CAPA cookie.
Returns: undef
=cut
#############################################
#############################################
sub transfer_profile_to_env {
my ($handle)=@_;
if (tie(my %disk_env,'GDBM_File',"$lonidsdir/$handle.id",&GDBM_READER(),
0640)) {
%Apache::lonnet::env = %disk_env;
untie(%disk_env);
}
$Apache::lonnet::env{'user.environment'} = "$lonidsdir/$handle.id";
return undef;
}
#############################################
#############################################
=pod
=item missing_cookie_msg()
Inputs: none
Returns: HTML for a page indicating cookie information absent.
=cut
#############################################
#############################################
sub missing_cookie_msg {
my %lt = &Apache::lonlocal::texthash (
cook => 'Bad Cookie',
your => 'Your cookie information is incorrect.',
);
return <<END;
<html>
<head><title>$lt{'cook'}</title></head>
<body>
$lt{'your'}
</body>
</html>
END
}
#############################################
#############################################
=pod
=cgi_getitems()
Inputs: $query - the CGI query string (required)
$getitems - reference to a hash (required)
$possname - permitted names of keys (optional)
Returns: nothing
Side Effects: populates $getitems hash ref with key => value
where each key is the name of the form item in the query string
and value is an array of corresponding values.
=cut
#############################################
#############################################
sub cgi_getitems {
my ($query,$getitems,$possnames)= @_;
foreach (split(/&/,$query)) {
my ($name, $value) = split(/=/,$_);
$name = &unescape($name);
if (ref($possnames) eq 'ARRAY') {
next unless (grep(/^\Q$name\E$/,@{$possnames}));
}
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
push(@{$$getitems{$name}},$value);
}
return;
}
#############################################
#############################################
=pod
=cgi_header()
Inputs: $contenttype - Content Type (e.g., text/html or text/plain)
$nocache - Boolean 1 = nocache
Returns: HTTP Response headers constructed using CGI.pm
=cut
#############################################
#############################################
sub cgi_header {
my ($contenttype,$nocache) = @_;
my $mimetypes = MIME::Types->new;
my %headers;
if ($contenttype ne '') {
if ($mimetypes->type($contenttype) ne '') {
$headers{'-type'} = $contenttype;
if ($contenttype =~ m{^text/}) {
$headers{'-charset'} = 'utf-8';
}
}
}
if ($nocache) {
$headers{'-expires'} = 'now';
}
if (%headers) {
return CGI::header(%headers);
}
return;
}
=pod
=back
=cut
1;
__END__
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>