--- loncom/auth/lonacc.pm 2007/10/02 01:09:59 1.111 +++ loncom/auth/lonacc.pm 2008/11/16 02:46:19 1.118 @@ -1,7 +1,7 @@ # The LearningOnline Network # Cookie Based Access Handler # -# $Id: lonacc.pm,v 1.111 2007/10/02 01:09:59 albertel Exp $ +# $Id: lonacc.pm,v 1.118 2008/11/16 02:46:19 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -57,13 +57,14 @@ sub goodbye { ############################################### sub get_posted_cgi { - my ($r) = @_; + my ($r,$fields) = @_; my $buffer; if ($r->header_in('Content-length')) { $r->read($buffer,$r->header_in('Content-length'),0); } - unless ($buffer=~/^(\-+\w+)\s+Content\-Disposition\:\s*form\-data/si) { + my $content_type = $r->header_in('Content-type'); + if ($content_type !~ m{^multipart/form-data}) { my @pairs=split(/&/,$buffer); my $pair; foreach $pair (@pairs) { @@ -72,10 +73,13 @@ sub get_posted_cgi { $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg; $name =~ tr/+/ /; $name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg; + if (ref($fields) eq 'ARRAY') { + next if (!grep(/^\Q$name\E$/,@{$fields})); + } &Apache::loncommon::add_to_env("form.$name",$value); } } else { - my $contentsep=$1; + my ($contentsep) = ($content_type =~ /boundary=\"?([^\";,]+)\"?/); my @lines = split (/\n/,$buffer); my $name=''; my $value=''; @@ -83,16 +87,29 @@ sub get_posted_cgi { my $fmime=''; my $i; for ($i=0;$i<=$#lines;$i++) { - if ($lines[$i]=~/^$contentsep/) { + if ($lines[$i]=~/^--\Q$contentsep\E/) { if ($name) { chomp($value); - if ($fname) { - $env{"form.$name.filename"}=$fname; - $env{"form.$name.mimetype"}=$fmime; - } else { - $value=~s/\s+$//s; - } - &Apache::loncommon::add_to_env("form.$name",$value); + if (ref($fields) eq 'ARRAY') { + next if (!grep(/^\Q$name\E$/,@{$fields})); + } + if ($fname) { + if ($env{'form.symb'} ne '') { + my $size = (length($value))/(1024.0 * 1024.0); + if (&upload_size_allowed($name,$size,$fname) eq 'ok') { + $env{"form.$name.filename"}=$fname; + $env{"form.$name.mimetype"}=$fmime; + &Apache::loncommon::add_to_env("form.$name",$value); + } + } else { + $env{"form.$name.filename"}=$fname; + $env{"form.$name.mimetype"}=$fmime; + &Apache::loncommon::add_to_env("form.$name",$value); + } + } else { + $value=~s/\s+$//s; + &Apache::loncommon::add_to_env("form.$name",$value); + } } if ($i<$#lines) { $i++; @@ -138,11 +155,38 @@ sub get_posted_cgi { $r->headers_in->unset('Content-length'); } +# +# Perform size checks for file uploads to essayresponse items in course context. +# +# Add form.HWFILESIZE.$part_$id to %env with file size (MB) +# If file exceeds maximum allowed size, add form.HWFILETOOBIG.$part_$id to %env. +# + +sub upload_size_allowed { + my ($name,$size,$fname) = @_; + if ($name =~ /^HWFILE(\w+)$/) { + my $ident = $1; + my $item = 'HWFILESIZE'.$ident; + &Apache::loncommon::add_to_env("form.$item",$size); + my $maxsize= &Apache::lonnet::EXT("resource.$ident.maxfilesize"); + if (!$maxsize) { + $maxsize = 100.0; + } + if ($size > $maxsize) { + my $warn = 'HWFILETOOBIG'.$ident; + &Apache::loncommon::add_to_env("form.$warn",$fname); + return; + } + } + return 'ok'; +} + # handle the case of the single sign on user, at this point $r->user # will be set and valid now need to find the loncapa user info and possibly # balance them # returns OK if it was a SSO and user was handled # undef if not SSO or no means to hanle the user + sub sso_login { my ($r,$handle) = @_; @@ -180,6 +224,9 @@ sub sso_login { 'server' => $r->dir_config('lonHostID'), 'sso.login' => 1 ); + if ($r->dir_config("ssodirecturl") == 1) { + $info{'origurl'} = $r->uri; + } if (defined($r->dir_config("lonSSOReloginServer"))) { $info{'sso.reloginserver'} = $r->dir_config('lonSSOReloginServer'); @@ -196,7 +243,24 @@ sub sso_login { &Apache::lonnet::logthis(" SSO authorized unknown user $user "); $r->subprocess_env->set('SSOUserUnknown' => $user); $r->subprocess_env->set('SSOUserDomain' => $domain); - $r->internal_redirect($r->dir_config('lonSSOUserUnknownRedirect')); + my @cancreate; + my %domconfig = + &Apache::lonnet::get_dom('configuration',['usercreation'],$domain); + if (ref($domconfig{'usercreation'}) eq 'HASH') { + if (ref($domconfig{'usercreation'}{'cancreate'}) eq 'HASH') { + if (ref($domconfig{'usercreation'}{'cancreate'}{'selfcreate'}) eq 'ARRAY') { + @cancreate = @{$domconfig{'usercreation'}{'cancreate'}{'selfcreate'}}; + } elsif (($domconfig{'usercreation'}{'cancreate'}{'selfcreate'} ne 'none') && + ($domconfig{'usercreation'}{'cancreate'}{'selfcreate'} ne '')) { + @cancreate = ($domconfig{'usercreation'}{'cancreate'}{'selfcreate'}); + } + } + } + if (grep(/^sso$/,@cancreate)) { + $r->internal_redirect('/adm/createaccount'); + } else { + $r->internal_redirect($r->dir_config('lonSSOUserUnknownRedirect')); + } $r->set_handlers('PerlHandler'=> undef); return OK; } @@ -215,7 +279,7 @@ sub handler { my $result = &sso_login($r,$handle); if (defined($result)) { - return $result + return $result; }