--- loncom/auth/lonacc.pm	1999/11/22 17:23:13	1.3
+++ loncom/auth/lonacc.pm	2000/09/28 17:01:17	1.10
@@ -1,12 +1,14 @@
 # The LearningOnline Network
 # Cookie Based Access Handler
-# 5/21/99,5/22,5/29,5/31,6/15,16/11 Gerd Kortemeyer
+# 5/21/99,5/22,5/29,5/31,6/15,16/11,22/11,
+# 01/06,01/13,05/31,06/01,09/06,09/25,09/28 Gerd Kortemeyer
 
 package Apache::lonacc;
 
 use strict;
-use Apache::Constants qw(:common);
+use Apache::Constants qw(:common :http :methods);
 use Apache::File;
+use Apache::lonnet;
 use CGI::Cookie();
 
 sub handler {
@@ -20,6 +22,9 @@ sub handler {
         $handle=~s/\W//g;
         my $lonidsdir=$r->dir_config('lonIDsDir');
         if ((-e "$lonidsdir/$handle.id") && ($handle ne '')) {
+
+# ------------------------------------------- Transfer profile into environment
+
             my @profile;
 	    {
              my $idf=Apache::File->new("$lonidsdir/$handle.id");
@@ -29,29 +34,58 @@ sub handler {
             for ($envi=0;$envi<=$#profile;$envi++) {
 		chomp($profile[$envi]);
 		my ($envname,$envvalue)=split(/=/,$profile[$envi]);
-                $r->subprocess_env("profile.$envname" => "$envvalue");
+                $ENV{$envname} = $envvalue;
             }
-            $r->subprocess_env("user.environment" => "$lonidsdir/$handle.id");
-            $r->subprocess_env("request.state" => "published");
+            $ENV{'user.environment'} = "$lonidsdir/$handle.id";
+            $ENV{'request.state'}    = "published";
+            $ENV{'request.filename'} = $r->filename;
+
+# -------------------------------------------------------- Load POST parameters
+
+
+           
+            my $buffer;
+
+            $r->read($buffer,$r->header_in('Content-length'));
+            my @pairs=split(/&/,$buffer);
+            my $pair;
+            foreach $pair (@pairs) {
+               my ($name,$value) = split(/=/,$pair);
+               $value =~ tr/+/ /;
+               $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
+               $name  =~ tr/+/ /;
+               $name  =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
+               $ENV{"form.$name"}=$value;
+            }
+
+            $r->method_number(M_GET);
+	    $r->method('GET');
+            $r->headers_in->unset('Content-length');
+
+# ---------------------------------------------------------------- Check access
+
+            if ($requrl!~/^\/adm\//) {
+		my $access=&Apache::lonnet::allowed('bre',$requrl);
+                if ($access eq '1') {
+		   $ENV{'user.error.msg'}="$requrl:bre:0:0:Choose Course";
+	           return HTTP_NOT_ACCEPTABLE; 
+                }
+                if (($access ne '2') && ($access ne 'F')) {
+		   $ENV{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
+	           return HTTP_NOT_ACCEPTABLE; 
+                }
+            } 
             return OK; 
         } else { 
-           $r->log_reason("Cookie $handle not valid", $r->filename) 
+            $r->log_reason("Cookie $handle not valid", $r->filename) 
         };
     }
-    $cookie=CGI::Cookie->new(-name  => 'lonURL',
-                             -value => $requrl, 
-                             -path  => '/');
-    $r->err_headers_out->add('Set-Cookie' => $cookie);
+
+# ----------------------------------------------- Store where they wanted to go
+
+    $ENV{'request.firsturl'}=$requrl;
     return FORBIDDEN;
 }
 
 1;
 __END__
-
-
-
-
-
-
-
-