1: # The LearningOnline Network
2: # Cookie Based Access Handler
3: # 5/21/99,5/22,5/29,5/31,6/15,16/11,22/11,
4: # 01/06,01/13,05/31,06/01,09/06,09/25,09/28,10/30,11/6,
5: # 12/25,12/26,
6: # 01/06/01,05/28,8/11 Gerd Kortemeyer
7:
8: package Apache::lonacc;
9:
10: use strict;
11: use Apache::Constants qw(:common :http :methods);
12: use Apache::File;
13: use Apache::lonnet;
14: use CGI::Cookie();
15: use Fcntl qw(:flock);
16:
17: sub handler {
18: my $r = shift;
19: my $requrl=$r->uri;
20: my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
21: my $lonid=$cookies{'lonID'};
22: my $cookie;
23: if ($lonid) {
24: my $handle=$lonid->value;
25: $handle=~s/\W//g;
26: my $lonidsdir=$r->dir_config('lonIDsDir');
27: if ((-e "$lonidsdir/$handle.id") && ($handle ne '')) {
28:
29: # ------------------------------------------- Transfer profile into environment
30:
31: my @profile;
32: {
33: my $idf=Apache::File->new("$lonidsdir/$handle.id");
34: flock($idf,LOCK_SH);
35: @profile=<$idf>;
36: $idf->close();
37: }
38: my $envi;
39: for ($envi=0;$envi<=$#profile;$envi++) {
40: chomp($profile[$envi]);
41: my ($envname,$envvalue)=split(/=/,$profile[$envi]);
42: $ENV{$envname} = $envvalue;
43: }
44: $ENV{'user.environment'} = "$lonidsdir/$handle.id";
45: if ($requrl=~/^\/res\//) {
46: $ENV{'request.state'} = "published";
47: } else {
48: $ENV{'request.state'} = 'unknown';
49: }
50: $ENV{'request.filename'} = $r->filename;
51:
52: # --------------------- Figure out referer, first from HTTP_REFERER, then cache
53:
54: my $referer='';
55: if ($referer=$r->header_in('Referer')) {
56: $ENV{'HTTP_REFERER'}=$referer;
57: } else {
58: $ENV{'HTTP_REFERER'}=$ENV{'httpref.'.$requrl};
59: }
60:
61: # ------------------------------------------- Still no referer? Check wildcards
62: unless ($ENV{'HTTP_REFERER'}) {
63: map {
64: if ($_=~/^httpref\..*\*/) {
65: my $pattern=$_;
66: $pattern=~s/\*/\[\^\/\]\+/g;
67: $pattern=~s/\//\\\//g;
68: if ($requrl=~/$pattern/) {
69: $ENV{'HTTP_REFERER'}=$ENV{$_};
70: }
71: }
72: } keys %ENV;
73: }
74: # -------------------------------------------------------- Load POST parameters
75:
76:
77:
78: my $buffer;
79:
80: $r->read($buffer,$r->header_in('Content-length'));
81:
82: unless ($buffer=~/^(\-+\w+)\s+Content\-Disposition\:\s*form\-data/si) {
83: my @pairs=split(/&/,$buffer);
84: my $pair;
85: foreach $pair (@pairs) {
86: my ($name,$value) = split(/=/,$pair);
87: $value =~ tr/+/ /;
88: $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
89: $name =~ tr/+/ /;
90: $name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
91: $ENV{"form.$name"}=$value;
92: }
93: } else {
94: my $contentsep=$1;
95: my @lines = split (/\n/,$buffer);
96: my $name='';
97: my $value='';
98: my $fname='';
99: my $fmime='';
100: my $i;
101: for ($i=0;$i<=$#lines;$i++) {
102: if ($lines[$i]=~/^$contentsep/) {
103: if ($name) {
104: chomp($value);
105: if ($fname) {
106: $ENV{"form.$name.filename"}=$fname;
107: $ENV{"form.$name.mimetype"}=$fmime;
108: } else {
109: $value=~s/\s+$//s;
110: }
111: $ENV{"form.$name"}=$value;
112: }
113: if ($i<$#lines) {
114: $i++;
115: $lines[$i]=~
116: /Content\-Disposition\:\s*form\-data\;\s*name\=\"([^\"]+)\"/i;
117: $name=$1;
118: $value='';
119: if ($lines[$i]=~/filename\=\"([^\"]+)\"/i) {
120: $fname=$1;
121: if
122: ($lines[$i+1]=~/Content\-Type\:\s*([\w\-\/]+)/i) {
123: $fmime=$1;
124: $i++;
125: } else {
126: $fmime='';
127: }
128: } else {
129: $fname='';
130: $fmime='';
131: }
132: $i++;
133: }
134: } else {
135: $value.=$lines[$i]."\n";
136: }
137: }
138: }
139: $r->method_number(M_GET);
140: $r->method('GET');
141: $r->headers_in->unset('Content-length');
142:
143: # ---------------------------------------------------------------- Check access
144:
145: if ($requrl!~/^\/adm\//) {
146: my $access=&Apache::lonnet::allowed('bre',$requrl);
147: if ($access eq '1') {
148: $ENV{'user.error.msg'}="$requrl:bre:0:0:Choose Course";
149: return HTTP_NOT_ACCEPTABLE;
150: }
151: if (($access ne '2') && ($access ne 'F')) {
152: $ENV{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
153: return HTTP_NOT_ACCEPTABLE;
154: }
155: }
156: return OK;
157: } else {
158: $r->log_reason("Cookie $handle not valid", $r->filename)
159: };
160: }
161:
162: # ----------------------------------------------- Store where they wanted to go
163:
164: $ENV{'request.firsturl'}=$requrl;
165: return FORBIDDEN;
166: }
167:
168: 1;
169: __END__
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>