--- loncom/auth/lonuploadedacc.pm	2002/11/12 22:28:48	1.5
+++ loncom/auth/lonuploadedacc.pm	2004/10/26 15:03:08	1.11
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Access Handler for User Files
 #
-# $Id: lonuploadedacc.pm,v 1.5 2002/11/12 22:28:48 albertel Exp $
+# $Id: lonuploadedacc.pm,v 1.11 2004/10/26 15:03:08 albertel Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -28,29 +28,41 @@
 
 package Apache::lonuploadedacc;
 
+#
+# The way this is supposed to work:
+#
+# User A has client machine C
+# User A is logged into LON-CAPA server S
+# needs file from user B
+# homeserver for user B is H
+# 
+# This handler runs on H
+# To access a userfile:
+# Server S generates a token and puts it into the query string of URL for H
+# Client box C asks H for file with token issued by C
+# H now must ask S if token is valid, uses S's lond-command tokenauthuserfile
+
 use strict;
-use Apache::Constants qw(:common :remotehost);
+use Apache::Constants qw(:common :http);
 use Apache::lonnet();
 
 sub handler {
     my $r = shift;
     my $args=$r->args;
-    &Apache::loncommon::get_unprocessed_cgi($args,['token']); 
-    my (undef,undef,$udom,$uname,$ufile)=split(/\//,$r->uri);
+    &Apache::loncommon::get_unprocessed_cgi($args,['token','tokenissued']); 
+    my (undef,undef,$udom,$uname,$ufile)=split(/\//,$r->uri,5);
     $ufile=~s/^[\~\.]+//;
-    my ($homeserver)=($ENV{'form.token'}=~/\_([a-zA-Z0-9]+)$/);
-    my $remoteip=$ENV{'REMOTE_ADDR'};
-    my $remoteserver=$Apache::lonnet::iphost{$remoteip};
-    &Apache::lonnet::logthis("remote server $remoteip $remoteserver");
-
+    my $remoteserver=$ENV{'form.tokenissued'};
     my $reply=&Apache::lonnet::reply('tokenauthuserfile:'.
                  $udom.'/'.$uname.'/'.$ufile.':'.$ENV{'form.token'},
 				     $remoteserver);
     if ($reply eq 'ok') {
        return OK;
+   } elsif ($reply eq 'con_lost' || $reply eq 'no_such_host') {
+       &Apache::lonnet::logthis("Server unavailable for userfile access $uname at $udom for $ufile with $remoteserver token $ENV{'form.token'}: $reply");
+       return HTTP_SERVICE_UNAVAILABLE;
    } else {
-       &Apache::lonnet::logthis(
-"Refused userfile access $uname at $udom for $ufile from $remoteip -> $remoteserver home $homeserver with $ENV{'form.token'}: $reply");
+       &Apache::lonnet::logthis("Refused userfile access $uname at $udom for $ufile with $remoteserver token $ENV{'form.token'}: $reply");
        return FORBIDDEN;
    }
 }