--- loncom/auth/loncacc.pm	2005/06/19 00:41:32	1.39
+++ loncom/auth/loncacc.pm	2007/10/02 01:09:59	1.46
@@ -2,7 +2,7 @@
 # Cookie Based Access Handler for Construction Area
 # (lonacc: 5/21/99,5/22,5/29,5/31 Gerd Kortemeyer)
 #
-# $Id: loncacc.pm,v 1.39 2005/06/19 00:41:32 www Exp $
+# $Id: loncacc.pm,v 1.46 2007/10/02 01:09:59 albertel Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -31,16 +31,15 @@ package Apache::loncacc;
 
 use strict;
 use Apache::Constants qw(:common :http :methods REDIRECT);
-use Apache::File;
-use CGI::Cookie();
 use Fcntl qw(:flock);
 use Apache::lonlocal;
 use Apache::lonnet;
-
+use Apache::lonacc;
+use LONCAPA qw(:DEFAULT :match);
 
 sub constructaccess {
     my ($url,$ownerdomain)=@_;
-    my ($ownername)=($url=~/\/(?:\~|priv\/|home\/)(\w+)\//);
+    my ($ownername)=($url=~/\/(?:\~|priv\/|home\/)($match_username)\//);
     unless (($ownername) && ($ownerdomain)) { return ''; }
     # We do not allow editing of previous versions of files.
     if ($url=~/\.(\d+)\.(\w+)$/) { return ''; }
@@ -54,17 +53,9 @@ sub constructaccess {
     }
     
     foreach my $domain (@possibledomains) {
-	my $capriv='user.priv.ca./'.$domain.'/'.$ownername.'./';
-	foreach (keys %env) {
-	    if ($_ eq $capriv) {
-		return ($ownername,$domain);
-	    }
-	}
-	my $aapriv='user.priv.aa./'.$domain.'/'.$ownername.'./';
-	foreach (keys %env) {
-	    if ($_ eq $aapriv) {
-		return ($ownername,$domain);
-	    }
+	if (exists($env{'user.priv.ca./'.$domain.'/'.$ownername.'./'}) ||
+	    exists($env{'user.priv.aa./'.$domain.'/'.$ownername.'./'}) ) {
+	    return ($ownername,$domain);
 	}
     }
     return '';
@@ -74,41 +65,35 @@ sub handler {
     my $r = shift;
     my $requrl=$r->uri;
     $env{'request.editurl'}=$requrl;
-    my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
-    my $lonid=$cookies{'lonID'};
-    my $cookie;
-    if ($lonid) {
-	my $handle=$lonid->value;
-        $handle=~s/\W//g;
-        my $lonidsdir=$r->dir_config('lonIDsDir');
-        if ((-e "$lonidsdir/$handle.id") && ($handle ne '')) {
 
-# ------------------------------------------------------ Initialize Environment
+    my $handle =  &Apache::lonnet::check_for_valid_session($r);
+    if ($handle ne '') {
 
-            &Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle);
+# ------------------------------------------------------ Initialize Environment
+        my $lonidsdir=$r->dir_config('lonIDsDir');
+	&Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle);
 
 # --------------------------------------------------------- Initialize Language
  
- 	    &Apache::lonlocal::get_language_handle($r);
+	&Apache::lonlocal::get_language_handle($r);
 
 # -------------------------------------------------------------- Resource State
 
-            $env{'request.state'}    = "construct";
-            $env{'request.filename'} = $r->filename;
+	$env{'request.state'}    = "construct";
+	$env{'request.filename'} = $r->filename;
 
-            unless (&constructaccess($requrl,$r->dir_config('lonDefDomain'))) {
-                $r->log_reason("Unauthorized $requrl", $r->filename); 
-	        return HTTP_NOT_ACCEPTABLE;
-            }
+	unless (&constructaccess($requrl,$r->dir_config('lonDefDomain'))) {
+	    $r->log_reason("Unauthorized $requrl", $r->filename); 
+	    return HTTP_NOT_ACCEPTABLE;
+	}
 
 # -------------------------------------------------------- Load POST parameters
 
-	    &Apache::loncommon::get_posted_cgi($r);
+	&Apache::lonacc::get_posted_cgi($r);
 
-            return OK; 
-        } else { 
-            $r->log_reason("Cookie $handle not valid", $r->filename) 
-        };
+	return OK; 
+    } else { 
+	$r->log_reason("Cookie $handle not valid", $r->filename) 
     }
 
 # ----------------------------------------------- Store where they wanted to go