--- loncom/auth/lonuploadedacc.pm	2002/08/02 14:45:04	1.1
+++ loncom/auth/lonuploadedacc.pm	2002/08/08 13:45:21	1.2
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Access Handler for User Files
 #
-# $Id: lonuploadedacc.pm,v 1.1 2002/08/02 14:45:04 www Exp $
+# $Id: lonuploadedacc.pm,v 1.2 2002/08/08 13:45:21 www Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -31,11 +31,25 @@ package Apache::lonuploadedacc;
 use strict;
 use Apache::Constants qw(:common :remotehost);
 use Apache::lonnet();
-use Apache::File();
 
 sub handler {
     my $r = shift;
-    return OK;
+    my $args=$r->args;
+    &Apache::loncommon::get_unprocessed_cgi($args,['token']); 
+    my ($dum1,$dum2,$udom,$uname,$ufile)=split(/\//,$r->uri);
+    $ufile=~s/^[\~\.]+//;
+    my ($server)=($ENV{'form.token'}=~/\_([a-zA-Z0-9]+)$/);
+
+    my $reply=&Apache::lonnet::reply('tokenauthuserfile:'.
+                 $udom.'/'.$uname.'/'.$ufile.':'.$ENV{'form.token'},
+				     $server);
+    if ($reply eq 'ok') {
+       return OK;
+   } else {
+       &Apache::lonnet::logthis(
+"Refused userfile access $uname at $udom for $ufile from $server with $ENV{'form.token'}: $reply");
+       return FORBIDDEN;
+   }
 }
 
 1;