--- loncom/Attic/lchtmldir	2002/05/03 03:43:54	1.3
+++ loncom/Attic/lchtmldir	2004/09/02 18:59:24	1.8
@@ -117,7 +117,7 @@ if($DEBUG) {
 
 if( $authentication ne "unix:"     &&
     $authentication ne "internal:" &&
-    $authentication ne "krb4:"     &&
+    $authentication !~ /^krb(4|5):(.*)/ &&
     $authentication ne "localauth:") {
     if($DEBUG) {
 	print("Invalid authentication parameter: ".$authentication."\n");
@@ -175,7 +175,9 @@ if(!( -e $dirtry1)) {
     if($DEBUG) {
 	print("User's home directory $dirtry1 does not exist\n");
     }
-    exit 6;
+    if ($authentication eq "unix:") {
+        exit 6;
+    }
 }
 &EnableRoot;
 
@@ -187,19 +189,19 @@ if(!( -e $dirtry1)) {
 	<head>
 	<title>$safeuser</title>
         </head>
-        <body>
-        <h1>$safeuser</h1>
+        <body bgcolor="#ccffdd">
+        <h1>$safeuser Construction Space</h1>
+          <h2>
+            The Learning<i>Online</i> Network with Computer-Assisted Personalized Approach
+          </h2>
           <p>
-            Learning Online Network
+This is your construction space within LON-CAPA, where you would construct resources which are meant to be
+used across courses and institutions.
           </p>
           <p>
-            This area provides for:
+Material within this area can only be seen and edited by $safeuser and designated co-authors. To make
+it available to students and other instructors, the material needs to be published.
           </p>
-          <ul>
-             <li>resource construction</li>
-             <li>resource publication</li>
-             <li>record-keeping</li>
-          </ul>
         </body>
        </html>
 END
@@ -212,31 +214,13 @@ END
 # Based on the authentiation mode, set the ownership of the directory.
 
 if($authentication eq "unix:") {	# Unix mode authentication...
-    
-   
-    &System("/bin/chown -R   $username".":".$username." ".$fulldir);
-    &JoinGroup($username);
-
-
-}
-elsif ($authentication eq "internal:") { # Internal authentication.
-
-    &System("/bin/chown -R www:www  $fulldir");
-}
-elsif ($authentication eq "krb4:") { # Kerberos version 4 authentication
-    &System("/bin/chown -R $username".':'.$username." ".$fulldir);
-    &JoinGroup($username);
-}
-elsif ($authentication eq "localauth:") { # Local authentiation
-    &System("/bin/chown -R  $username".':'.$username."  $fulldir");
-}
-else {
-    if($DEBUG) {
-	print("Authentication not legal".$authentication);
-    }
-    &DisableRoot;
-    exit 5;
-
+    &System("/bin/chown -R   $safeuser".":".$safeuser." ".$fulldir);
+    &JoinGroup($safeuser);
+} else {
+    # Internal, Kerberos, and Local authentication are for users
+    # who do not have unix accounts on the system.  Therefore we
+    # will give ownership of their public_html directories to www:www
+    &System("/bin/chown -R www:www  ".$fulldir);
 }
 &DisableRoot;
 
@@ -261,7 +245,7 @@ sub EnableRoot {
 	# root capability is already enabled
     }
     if($DEBUG) {
-	print("Enable Root - id =  $> \n");
+	print("Enable Root - id =  $> $<\n");
     }
     return $>;  
 }
@@ -283,6 +267,9 @@ sub JoinGroup {
     my $usergroup = shift;
 
     my $groups = `/usr/bin/groups www`;
+    # untaint
+    my ($safegroups)=($groups=~/:\s+([\s\w]+)/);
+    $groups=$safegroups;
     chomp $groups; $groups=~s/^\S+\s+\:\s+//;
     my @grouplist=split(/\s+/,$groups);
     my @ugrouplist=grep {!/www|$usergroup/} @grouplist;
@@ -300,11 +287,11 @@ sub JoinGroup {
 
 
 sub System {
-    my $command = shift;
+    my ($command,@args) = @_;
     if($DEBUG) {
-	print("system: $command \n");
+	print("system: $command with args ".join(' ',@args)."\n");
     }
-    system($command);
+    system($command,@args);
 }