Annotation of loncom/auth/lonacc.pm, revision 1.16
1.1 albertel 1: # The LearningOnline Network
2: # Cookie Based Access Handler
1.4 www 3: # 5/21/99,5/22,5/29,5/31,6/15,16/11,22/11,
1.14 www 4: # 01/06,01/13,05/31,06/01,09/06,09/25,09/28,10/30,11/6,
1.16 ! www 5: # 12/25,12/26,06/01 Gerd Kortemeyer
1.1 albertel 6:
7: package Apache::lonacc;
8:
9: use strict;
1.8 www 10: use Apache::Constants qw(:common :http :methods);
1.2 www 11: use Apache::File;
1.6 www 12: use Apache::lonnet;
1.1 albertel 13: use CGI::Cookie();
1.16 ! www 14: use Fcntl qw(:flock);
1.1 albertel 15:
16: sub handler {
17: my $r = shift;
18: my $requrl=$r->uri;
19: my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
20: my $lonid=$cookies{'lonID'};
21: my $cookie;
22: if ($lonid) {
23: my $handle=$lonid->value;
24: $handle=~s/\W//g;
25: my $lonidsdir=$r->dir_config('lonIDsDir');
26: if ((-e "$lonidsdir/$handle.id") && ($handle ne '')) {
1.6 www 27:
28: # ------------------------------------------- Transfer profile into environment
29:
1.2 www 30: my @profile;
31: {
32: my $idf=Apache::File->new("$lonidsdir/$handle.id");
1.16 ! www 33: flock($idf,LOCK_SH);
1.2 www 34: @profile=<$idf>;
1.16 ! www 35: $idf->close();
1.2 www 36: }
37: my $envi;
38: for ($envi=0;$envi<=$#profile;$envi++) {
39: chomp($profile[$envi]);
40: my ($envname,$envvalue)=split(/=/,$profile[$envi]);
1.9 www 41: $ENV{$envname} = $envvalue;
1.2 www 42: }
1.9 www 43: $ENV{'user.environment'} = "$lonidsdir/$handle.id";
44: $ENV{'request.state'} = "published";
45: $ENV{'request.filename'} = $r->filename;
1.12 www 46:
1.13 www 47: # --------------------- Figure out referer, first from HTTP_REFERER, then cache
1.12 www 48:
49: my $referer='';
50: if ($referer=$r->header_in('Referer')) {
51: $ENV{'HTTP_REFERER'}=$referer;
52: } else {
53: $ENV{'HTTP_REFERER'}=$ENV{'httpref.'.$requrl};
54: }
1.6 www 55:
56: # -------------------------------------------------------- Load POST parameters
57:
1.8 www 58:
59:
1.14 www 60: my $buffer;
1.6 www 61:
1.14 www 62: $r->read($buffer,$r->header_in('Content-length'));
63:
64: unless ($buffer=~/^(\-+\w+)\s+Content\-Disposition\:\s*form\-data/si) {
1.5 www 65: my @pairs=split(/&/,$buffer);
1.6 www 66: my $pair;
1.5 www 67: foreach $pair (@pairs) {
1.6 www 68: my ($name,$value) = split(/=/,$pair);
69: $value =~ tr/+/ /;
70: $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
1.10 www 71: $name =~ tr/+/ /;
72: $name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
1.9 www 73: $ENV{"form.$name"}=$value;
1.6 www 74: }
1.14 www 75: } else {
76: my $contentsep=$1;
77: my @lines = split (/\n/,$buffer);
78: my $name='';
79: my $value='';
80: my $fname='';
81: my $fmime='';
82: my $i;
83: for ($i=0;$i<=$#lines;$i++) {
84: if ($lines[$i]=~/^$contentsep/) {
85: if ($name) {
86: chomp($value);
87: if ($fname) {
88: $ENV{"form.$name.filename"}=$fname;
89: $ENV{"form.$name.mimetype"}=$fmime;
1.15 www 90: } else {
91: $value=~s/\s+$//s;
1.14 www 92: }
1.15 www 93: $ENV{"form.$name"}=$value;
1.14 www 94: }
95: if ($i<$#lines) {
96: $i++;
97: $lines[$i]=~
98: /Content\-Disposition\:\s*form\-data\;\s*name\=\"([^\"]+)\"/i;
99: $name=$1;
100: $value='';
101: if ($lines[$i]=~/filename\=\"([^\"]+)\"/i) {
102: $fname=$1;
103: if
104: ($lines[$i+1]=~/Content\-Type\:\s*([\w\-\/]+)/i) {
105: $fmime=$1;
106: $i++;
107: } else {
108: $fmime='';
109: }
110: } else {
111: $fname='';
112: $fmime='';
113: }
114: $i++;
115: }
116: } else {
117: $value.=$lines[$i]."\n";
118: }
119: }
120: }
1.8 www 121: $r->method_number(M_GET);
122: $r->method('GET');
123: $r->headers_in->unset('Content-length');
1.6 www 124:
125: # ---------------------------------------------------------------- Check access
126:
127: if ($requrl!~/^\/adm\//) {
1.7 www 128: my $access=&Apache::lonnet::allowed('bre',$requrl);
129: if ($access eq '1') {
130: $ENV{'user.error.msg'}="$requrl:bre:0:0:Choose Course";
131: return HTTP_NOT_ACCEPTABLE;
132: }
133: if (($access ne '2') && ($access ne 'F')) {
134: $ENV{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
135: return HTTP_NOT_ACCEPTABLE;
136: }
1.5 www 137: }
1.2 www 138: return OK;
1.1 albertel 139: } else {
1.5 www 140: $r->log_reason("Cookie $handle not valid", $r->filename)
1.1 albertel 141: };
142: }
1.6 www 143:
144: # ----------------------------------------------- Store where they wanted to go
145:
146: $ENV{'request.firsturl'}=$requrl;
1.1 albertel 147: return FORBIDDEN;
148: }
149:
150: 1;
151: __END__
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to lonacc.pm CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom / auth