--- loncom/auth/restrictedaccess.pm	2006/07/10 03:58:45	1.1
+++ loncom/auth/restrictedaccess.pm	2009/02/13 17:20:26	1.8
@@ -1,6 +1,8 @@
 # The LearningOnline Network
 # Passphrase Entry and Validation for Portfolio files 
 #
+# $Id: restrictedaccess.pm,v 1.8 2009/02/13 17:20:26 bisitz Exp $
+#
 # Copyright Michigan State University Board of Trustees
 #
 # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
@@ -30,7 +32,6 @@ use strict;
 use lib '/home/httpd/lib/perl/';
 use Apache::Constants qw(:common :http REDIRECT);
 use CGI::Cookie();
-use Apache::File ();
 use Apache::lonnet;
 use Apache::loncommon();
 use Apache::lonauth();
@@ -42,68 +43,64 @@ use LONCAPA;
 sub handler {
     my $r = shift;
 
-    &Apache::loncommon::get_unprocessed_cgi
-        ($ENV{'QUERY_STRING'}.'&'.$env{'request.querystring'},
-         ['origurl']);
-
-    &Apache::lonacc::get_posted_cgi($r);
     my $origurl = &unescape($env{'form.origurl'});
-    my $msg;
+    if (!defined($origurl)) {
+	$origurl = $r->uri;
+    }
+    my $msg='';
     if (exists($env{'form.pass1'})) {
         my ($result,$end) = &check_pass($r,$origurl);
         if ($result eq 'ok') {
-            my $cookie_check = &print_redirect($r,$end,$origurl);
-            if ($cookie_check eq 'ok') {
-                $env{'request.state'} = "published";
-                $env{'request.filename'} = $origurl;
-                $r->header_out(Location => 'http://'.$ENV{'HTTP_HOST'}.$origurl);
-                return REDIRECT;
-            } else {
-                &print_entryform($r,$origurl,$cookie_check);
-            }
+	    &Apache::lonnet::allowuploaded('/adm/restrictedaccess',
+					   $origurl);
+	    $env{'request.state'} = "published";
+	    $env{'request.filename'} = $origurl;
+	    $r->header_out(Location => 'http://'.$ENV{'HTTP_HOST'}.$origurl);
+	    return REDIRECT;
         } else {
-            $msg = "Invalid passphrase";
-            &print_entryform($r,$origurl,$msg);
-        }
-    } else {
-        &print_entryform($r,$origurl);
+	    $msg = 'Invalid passphrase';
+	}
     }
-    return OK;
-}
 
-sub print_entryform {
-    my ($r,$origurl,$msg) = @_;
-    &Apache::lonlocal::get_language_handle($r);
     &Apache::loncommon::content_type($r,'text/html');
     $r->send_http_header;
     return OK if $r->header_only;
 
     $r->print(&Apache::loncommon::start_page('Passphrase protected file'));
+    &print_entryform($r,$origurl,$msg);
+
+    return OK;
+}
+
+sub setup_handler {
+    my ($r) = @_;
+    $r->set_handlers('PerlHandler'=> 
+		     [\&Apache::restrictedaccess::handler]);
+    $r->handler('perl-script');		    
+}
+
+sub print_entryform {
+    my ($r,$origurl,$msg) = @_;
+
     $r->print('<script type="text/javascript">
 function verify() {
     if (document.passform.pass1.value == "") {
         alert("You must enter a passphrase");
         return;
     }
-    if (document.passform.pass1.value != document.passform.pass2.value) {
-        alert("Passphrases do not match");
-        return;
-    }
     document.passform.submit();
 } 
 </script>');
-    $r->print('<b>'.$msg.'</b>');
+    if ($msg ne '') {
+	$r->print('<span class="LC_error">'.$msg.'</span>');
+    }
     $r->print('<div align="center"><form name="passform" method="post" '.
               'action="/adm/restrictedaccess">');
     $r->print('<br /><br /><br />');
     $r->print(&Apache::loncommon::start_data_table());
     $r->print(&Apache::loncommon::start_data_table_row());     
-    $r->print('<td><nobr>'.&mt('Passphrase: ').'</nobr></td>'.
-              '<td><input type="password" size="20" name="pass1"></td>');
-    $r->print(&Apache::loncommon::end_data_table_row());
-    $r->print(&Apache::loncommon::start_data_table_row());
-    $r->print('<td><nobr>'.&mt('Confirm passphrase: ').'</nobr></td>');
-    $r->print('<td><input type="password" size="20" name="pass2" /></td>');
+    $r->print('<td><span class="LC_nobreak">'.&mt('Passphrase: ').'</span></td>'.
+              '<td><input type="password" size="20" name="pass1" /></td>');
     $r->print(&Apache::loncommon::end_data_table_row());
     $r->print(&Apache::loncommon::start_data_table_row());
     $r->print('<td align="center" colspan="2"><br />'.
@@ -116,58 +113,21 @@ function verify() {
     $r->print(&Apache::loncommon::end_page());
 }
 
-sub print_redirect {
-    my ($r,$end,$requrl) = @_;
-    my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
-    my $lonid=$cookies{'lonID'};
-    my $lonidsdir=$r->dir_config('lonIDsDir');
-    my $cookie;
-    if ($lonid) {
-        $cookie=$lonid->value;
-        $cookie=~s/\W//g;
-    }
-    if ($cookie) {
-        my $envkey = 'user.passphrase_access_'.$requrl;
-        open(my $idf,">>$lonidsdir/$cookie.id");
-        if (!flock($idf,LOCK_EX)) {
-            &Apache::lonnet::logthis("<font color=blue>WARNING: ".
-                   'Could not obtain exclusive lock in restrictedaccess: '.$!);
-            close($idf);
-            return 'error: '.$!;
-        } else {
-            print $idf (&escape($envkey).'='.&escape($end)."\n");
-            close($idf);
-            return 'ok';
-        }
-    } else {
-        return 'error: no cookie set';
-    }
-}
-
 sub check_pass {
     my ($r,$origurl) = @_;
-    my $password = $env{'form.pass1'};
-    my ($udom,$unum,$group,$file_name,$result,$end);
-    if ($origurl =~  m-/+uploaded/([^/]+)/([^/]+)/portfolio(/.+)$-) {
-        $udom = $1;
-        $unum = $2;
-        $file_name = $3;
-    } elsif ($origurl =~ m-/+uploaded/([^/]+)/([^/]+)/groups/([^/]+)/portfolio/(.+)$-) {
-        $udom = $1;
-        $unum = $2;
-        $group = $3;
-        $file_name = $3.'/'.$4;
-    }
+    my (undef,$udom,$unum,$file_name,$group) = 
+	&Apache::lonnet::parse_portfolio_url($origurl);
+
     my $curr_perms = &Apache::lonnet::get_portfile_permissions($udom,$unum);
     my %acc_controls = &Apache::lonnet::get_access_controls($curr_perms,
                                                             $group,$file_name);
     my $access_hash = $acc_controls{$file_name};
+
+    my ($result,$end);
     foreach my $key (sort(keys(%{$access_hash}))) {
         if ($key =~ /^[^:]+:guest_(\d+)/) {
             $end = $1;
-            my $content = $$access_hash{$key};
-            my $passwd = $content->{'password'};
-            if ($password eq $passwd) {
+            if ($env{'form.pass1'} eq $access_hash->{$key}{'password'}) {
                 $result = 'ok';
             } else {
                 $result = 'fail';