--- loncom/auth/lonuploadedacc.pm	2002/08/02 14:45:04	1.1
+++ loncom/auth/lonuploadedacc.pm	2004/02/11 00:10:02	1.10
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Access Handler for User Files
 #
-# $Id: lonuploadedacc.pm,v 1.1 2002/08/02 14:45:04 www Exp $
+# $Id: lonuploadedacc.pm,v 1.10 2004/02/11 00:10:02 albertel Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -28,14 +28,43 @@
 
 package Apache::lonuploadedacc;
 
+#
+# The way this is supposed to work:
+#
+# User A has client machine C
+# User A is logged into LON-CAPA server S
+# needs file from user B
+# homeserver for user B is H
+# 
+# This handler runs on H
+# To access a userfile:
+# Server S generates a token and puts it into the query string of URL for H
+# Client box C asks H for file with token issued by C
+# H now must ask S if token is valid, uses S's lond-command tokenauthuserfile
+
 use strict;
-use Apache::Constants qw(:common :remotehost);
+use Apache::Constants qw(:common :http);
 use Apache::lonnet();
-use Apache::File();
 
 sub handler {
     my $r = shift;
-    return OK;
+    my $args=$r->args;
+    &Apache::loncommon::get_unprocessed_cgi($args,['token','tokenissued']); 
+    my (undef,undef,$udom,$uname,$ufile)=split(/\//,$r->uri);
+    $ufile=~s/^[\~\.]+//;
+    my $remoteserver=$ENV{'form.tokenissued'};
+    my $reply=&Apache::lonnet::reply('tokenauthuserfile:'.
+                 $udom.'/'.$uname.'/'.$ufile.':'.$ENV{'form.token'},
+				     $remoteserver);
+    if ($reply eq 'ok') {
+       return OK;
+   } elsif ($reply eq 'con_lost' || $reply eq 'no_such_host') {
+       &Apache::lonnet::logthis("Server unavailable for userfile access $uname at $udom for $ufile with $remoteserver token $ENV{'form.token'}: $reply");
+       return HTTP_SERVICE_UNAVAILABLE;
+   } else {
+       &Apache::lonnet::logthis("Refused userfile access $uname at $udom for $ufile with $remoteserver token $ENV{'form.token'}: $reply");
+       return FORBIDDEN;
+   }
 }
 
 1;