--- loncom/auth/lonacc.pm	2006/09/07 20:57:04	1.97
+++ loncom/auth/lonacc.pm	2008/11/20 14:37:52	1.120
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Cookie Based Access Handler
 #
-# $Id: lonacc.pm,v 1.97 2006/09/07 20:57:04 albertel Exp $
+# $Id: lonacc.pm,v 1.120 2008/11/20 14:37:52 jms Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -27,6 +27,7 @@
 #
 ###
 
+
 package Apache::lonacc;
 
 use strict;
@@ -36,7 +37,7 @@ use Apache::lonnet;
 use Apache::loncommon();
 use Apache::lonlocal;
 use Apache::restrictedaccess();
-use CGI::Cookie();
+use Apache::blockedaccess(); 
 use Fcntl qw(:flock);
 use LONCAPA;
 
@@ -57,13 +58,14 @@ sub goodbye {
 ###############################################
 
 sub get_posted_cgi {
-    my ($r) = @_;
+    my ($r,$fields) = @_;
 
     my $buffer;
     if ($r->header_in('Content-length')) {
 	$r->read($buffer,$r->header_in('Content-length'),0);
     }
-    unless ($buffer=~/^(\-+\w+)\s+Content\-Disposition\:\s*form\-data/si) {
+    my $content_type = $r->header_in('Content-type');
+    if ($content_type !~ m{^multipart/form-data}) {
 	my @pairs=split(/&/,$buffer);
 	my $pair;
 	foreach $pair (@pairs) {
@@ -72,10 +74,13 @@ sub get_posted_cgi {
 	    $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
 	    $name  =~ tr/+/ /;
 	    $name  =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
+            if (ref($fields) eq 'ARRAY') {
+                next if (!grep(/^\Q$name\E$/,@{$fields}));
+            }
 	    &Apache::loncommon::add_to_env("form.$name",$value);
 	}
     } else {
-	my $contentsep=$1;
+	my ($contentsep) = ($content_type =~ /boundary=\"?([^\";,]+)\"?/);
 	my @lines = split (/\n/,$buffer);
 	my $name='';
 	my $value='';
@@ -83,16 +88,29 @@ sub get_posted_cgi {
 	my $fmime='';
 	my $i;
 	for ($i=0;$i<=$#lines;$i++) {
-	    if ($lines[$i]=~/^$contentsep/) {
+	    if ($lines[$i]=~/^--\Q$contentsep\E/) {
 		if ($name) {
 		    chomp($value);
-		    if ($fname) {
-			$env{"form.$name.filename"}=$fname;
-			$env{"form.$name.mimetype"}=$fmime;
-		    } else {
-			$value=~s/\s+$//s;
-		    }
-		    &Apache::loncommon::add_to_env("form.$name",$value);
+                    if (ref($fields) eq 'ARRAY') {
+                        next if (!grep(/^\Q$name\E$/,@{$fields}));
+                    }
+                    if ($fname) {
+                        if ($env{'form.symb'} ne '') {
+                            my $size = (length($value))/(1024.0 * 1024.0);
+                            if (&upload_size_allowed($name,$size,$fname) eq 'ok') {
+                                $env{"form.$name.filename"}=$fname;
+                                $env{"form.$name.mimetype"}=$fmime;
+                                &Apache::loncommon::add_to_env("form.$name",$value);
+                            }
+                        } else {
+                            $env{"form.$name.filename"}=$fname;
+                            $env{"form.$name.mimetype"}=$fmime;
+                            &Apache::loncommon::add_to_env("form.$name",$value);
+                        }
+                    } else {
+                        $value=~s/\s+$//s;
+                        &Apache::loncommon::add_to_env("form.$name",$value);
+                    }
 		}
 		if ($i<$#lines) {
 		    $i++;
@@ -138,18 +156,45 @@ sub get_posted_cgi {
     $r->headers_in->unset('Content-length');
 }
 
+#
+# Perform size checks for file uploads to essayresponse items in course context.
+#
+# Add form.HWFILESIZE.$part_$id to %env with file size (MB)
+# If file exceeds maximum allowed size, add form.HWFILETOOBIG.$part_$id to %env.
+#
+ 
+sub upload_size_allowed {
+    my ($name,$size,$fname) = @_;
+    if ($name =~ /^HWFILE(\w+)$/) {
+        my $ident = $1;
+        my $item = 'HWFILESIZE'.$ident;
+        &Apache::loncommon::add_to_env("form.$item",$size);
+        my $maxsize= &Apache::lonnet::EXT("resource.$ident.maxfilesize");
+        if (!$maxsize) {
+            $maxsize = 100.0;
+        }
+        if ($size > $maxsize) {
+            my $warn = 'HWFILETOOBIG'.$ident;
+            &Apache::loncommon::add_to_env("form.$warn",$fname);
+            return;
+        }
+    }
+    return 'ok';
+}
+
 # handle the case of the single sign on user, at this point $r->user 
 # will be set and valid now need to find the loncapa user info and possibly
 # balance them
 # returns OK if it was a SSO and user was handled
 #         undef if not SSO or no means to hanle the user
+
 sub sso_login {
-    my ($r,$lonid,$handle) = @_;
+    my ($r,$handle) = @_;
 
     my $lonidsdir=$r->dir_config('lonIDsDir');
     if (!($r->user 
 	  && (!defined($env{'user.name'}) && !defined($env{'user.domain'}))
-	  && (!$lonid || !-e "$lonidsdir/$handle.id" || $handle eq ''))) {
+	  && ($handle eq ''))) {
 	# not an SSO case or already logged in
 	return undef;
     }
@@ -159,11 +204,18 @@ sub sso_login {
     my $domain = $r->dir_config('lonDefDomain');
     my $home=&Apache::lonnet::homeserver($user,$domain);
     if ($home !~ /(con_lost|no_host|no_such_host)/) {
+	&Apache::lonnet::logthis(" SSO authorized user $user ");
 	if ($r->dir_config("lonBalancer") eq 'yes') {
 	    # login but immeaditly go to switch server to find us a new 
 	    # machine
 	    &Apache::lonauth::success($r,$user,$domain,$home,'noredirect');
+            $env{'request.sso.login'} = 1;
+            if (defined($r->dir_config("lonSSOReloginServer"))) {
+                $env{'request.sso.reloginserver'} =
+                    $r->dir_config('lonSSOReloginServer');
+            }
 	    $r->internal_redirect('/adm/switchserver');
+	    $r->set_handlers('PerlHandler'=> undef);
 	} else {
 	    # need to login them in, so generate the need data that
 	    # migrate expects to do login
@@ -173,15 +225,44 @@ sub sso_login {
 		      'server'    => $r->dir_config('lonHostID'),
 		      'sso.login' => 1
 		      );
+            if ($r->dir_config("ssodirecturl") == 1) {
+                $info{'origurl'} = $r->uri;
+            }
+            if (defined($r->dir_config("lonSSOReloginServer"))) {
+                $info{'sso.reloginserver'} = 
+                    $r->dir_config('lonSSOReloginServer'); 
+            }
 	    my $token = 
 		&Apache::lonnet::tmpput(\%info,
 					$r->dir_config('lonHostID'));
 	    $env{'form.token'} = $token;
 	    $r->internal_redirect('/adm/migrateuser');
+	    $r->set_handlers('PerlHandler'=> undef);
 	}
 	return OK;
-    } elsif (defined($r->dir_config('lonSSOUserUnkownRedirect'))) {
-	$r->internal_redirect($r->dir_config('lonSSOUserUnkownRedirect'));
+    } elsif (defined($r->dir_config('lonSSOUserUnknownRedirect'))) {
+	&Apache::lonnet::logthis(" SSO authorized unknown user $user ");
+        $r->subprocess_env->set('SSOUserUnknown' => $user);
+        $r->subprocess_env->set('SSOUserDomain' => $domain);
+        my @cancreate;
+        my %domconfig =
+            &Apache::lonnet::get_dom('configuration',['usercreation'],$domain);
+        if (ref($domconfig{'usercreation'}) eq 'HASH') {
+            if (ref($domconfig{'usercreation'}{'cancreate'}) eq 'HASH') {
+                if (ref($domconfig{'usercreation'}{'cancreate'}{'selfcreate'}) eq 'ARRAY') {
+                    @cancreate = @{$domconfig{'usercreation'}{'cancreate'}{'selfcreate'}};
+                } elsif (($domconfig{'usercreation'}{'cancreate'}{'selfcreate'} ne 'none') && 
+                         ($domconfig{'usercreation'}{'cancreate'}{'selfcreate'} ne '')) {
+                    @cancreate = ($domconfig{'usercreation'}{'cancreate'}{'selfcreate'});
+                }
+            }
+        }
+        if (grep(/^sso$/,@cancreate)) {
+            $r->internal_redirect('/adm/createaccount');
+        } else {
+	    $r->internal_redirect($r->dir_config('lonSSOUserUnknownRedirect'));
+        }
+	$r->set_handlers('PerlHandler'=> undef);
 	return OK;
     }
     return undef;
@@ -190,19 +271,16 @@ sub sso_login {
 sub handler {
     my $r = shift;
     my $requrl=$r->uri;
-    my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
-    my $lonid=$cookies{'lonID'};
-    my $cookie;
-    my $lonidsdir=$r->dir_config('lonIDsDir');
-
-    my $handle;
-    if ($lonid) {
-	$handle=$lonid->value;
-        $handle=~s/\W//g;
+    if (&Apache::lonnet::is_domainimage($requrl)) {
+        return OK;
     }
 
-    if (my $result = &sso_login($r,$lonid,$handle)) {
-	return $result
+    
+    my $handle = &Apache::lonnet::check_for_valid_session($r);
+
+    my $result = &sso_login($r,$handle);
+    if (defined($result)) {
+	return $result;
     }
 
 
@@ -213,10 +291,10 @@ sub handler {
     
     if ($handle eq '') {
 	$r->log_reason("Cookie $handle not valid", $r->filename); 
-    } elsif ((-e "$lonidsdir/$handle.id") && ($handle ne '')) {
+    } elsif ($handle ne '') {
 
 # ------------------------------------------------------ Initialize Environment
-
+	my $lonidsdir=$r->dir_config('lonIDsDir');
 	&Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle);
 
 # --------------------------------------------------------- Initialize Language
@@ -253,6 +331,10 @@ sub handler {
 		&Apache::restrictedaccess::setup_handler($r);
 		return OK;
 	    }
+            if ($access eq 'B') {
+                &Apache::blockedaccess::setup_handler($r);
+                return OK;
+            }
 	    if (($access ne '2') && ($access ne 'F')) {
 		$env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
 		return HTTP_NOT_ACCEPTABLE; 
@@ -266,6 +348,14 @@ sub handler {
 		return HTTP_NOT_ACCEPTABLE;
 	    }
 	}
+	if ($requrl =~ m|^/zipspool/|) {
+	    my $start='/zipspool/zipout/'.$env{'user.name'}.":".
+		$env{'user.domain'};
+	    if ($requrl !~ /^\Q$start\E/) {
+		$env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
+		return HTTP_NOT_ACCEPTABLE;
+	    }
+	}
 	if ($env{'user.name'} eq 'public' && 
 	    $env{'user.domain'} eq 'public' &&
 	    $requrl !~ m{^/+(res|public|uploaded)/} &&
@@ -371,6 +461,7 @@ sub handler {
 1;
 __END__
 
+
 =head1 NAME
 
 Apache::lonacc - Cookie Based Access Handler
@@ -431,4 +522,4 @@ store attempted access
 
 =back
 
-=cut
+=cut
\ No newline at end of file