version 1.1, 2006/07/10 03:58:45
|
version 1.5, 2006/07/21 19:42:12
|
Line 30 use strict;
|
Line 30 use strict;
|
use lib '/home/httpd/lib/perl/'; |
use lib '/home/httpd/lib/perl/'; |
use Apache::Constants qw(:common :http REDIRECT); |
use Apache::Constants qw(:common :http REDIRECT); |
use CGI::Cookie(); |
use CGI::Cookie(); |
use Apache::File (); |
|
use Apache::lonnet; |
use Apache::lonnet; |
use Apache::loncommon(); |
use Apache::loncommon(); |
use Apache::lonauth(); |
use Apache::lonauth(); |
Line 42 use LONCAPA;
|
Line 41 use LONCAPA;
|
sub handler { |
sub handler { |
my $r = shift; |
my $r = shift; |
|
|
&Apache::loncommon::get_unprocessed_cgi |
|
($ENV{'QUERY_STRING'}.'&'.$env{'request.querystring'}, |
|
['origurl']); |
|
|
|
&Apache::lonacc::get_posted_cgi($r); |
|
my $origurl = &unescape($env{'form.origurl'}); |
my $origurl = &unescape($env{'form.origurl'}); |
my $msg; |
if (!defined($origurl)) { |
|
$origurl = $r->uri; |
|
} |
|
my $msg=''; |
if (exists($env{'form.pass1'})) { |
if (exists($env{'form.pass1'})) { |
my ($result,$end) = &check_pass($r,$origurl); |
my ($result,$end) = &check_pass($r,$origurl); |
if ($result eq 'ok') { |
if ($result eq 'ok') { |
my $cookie_check = &print_redirect($r,$end,$origurl); |
&Apache::lonnet::allowuploaded('/adm/restrictedaccess', |
if ($cookie_check eq 'ok') { |
$origurl); |
$env{'request.state'} = "published"; |
$env{'request.state'} = "published"; |
$env{'request.filename'} = $origurl; |
$env{'request.filename'} = $origurl; |
$r->header_out(Location => 'http://'.$ENV{'HTTP_HOST'}.$origurl); |
$r->header_out(Location => 'http://'.$ENV{'HTTP_HOST'}.$origurl); |
return REDIRECT; |
return REDIRECT; |
} else { |
|
&print_entryform($r,$origurl,$cookie_check); |
|
} |
|
} else { |
} else { |
$msg = "Invalid passphrase"; |
$msg = 'Invalid passphrase'; |
&print_entryform($r,$origurl,$msg); |
} |
} |
|
} else { |
|
&print_entryform($r,$origurl); |
|
} |
} |
return OK; |
|
} |
|
|
|
sub print_entryform { |
|
my ($r,$origurl,$msg) = @_; |
|
&Apache::lonlocal::get_language_handle($r); |
|
&Apache::loncommon::content_type($r,'text/html'); |
&Apache::loncommon::content_type($r,'text/html'); |
$r->send_http_header; |
$r->send_http_header; |
return OK if $r->header_only; |
return OK if $r->header_only; |
|
|
$r->print(&Apache::loncommon::start_page('Passphrase protected file')); |
$r->print(&Apache::loncommon::start_page('Passphrase protected file')); |
|
&print_entryform($r,$origurl,$msg); |
|
|
|
return OK; |
|
} |
|
|
|
sub setup_handler { |
|
my ($r) = @_; |
|
$r->set_handlers('PerlHandler'=> |
|
\&Apache::restrictedaccess::handler); |
|
$r->content_type('perl-script'); |
|
} |
|
|
|
sub print_entryform { |
|
my ($r,$origurl,$msg) = @_; |
|
|
$r->print('<script type="text/javascript"> |
$r->print('<script type="text/javascript"> |
function verify() { |
function verify() { |
if (document.passform.pass1.value == "") { |
if (document.passform.pass1.value == "") { |
alert("You must enter a passphrase"); |
alert("You must enter a passphrase"); |
return; |
return; |
} |
} |
if (document.passform.pass1.value != document.passform.pass2.value) { |
|
alert("Passphrases do not match"); |
|
return; |
|
} |
|
document.passform.submit(); |
document.passform.submit(); |
} |
} |
</script>'); |
</script>'); |
$r->print('<b>'.$msg.'</b>'); |
if ($msg ne '') { |
|
$r->print('<span class="LC_error">'.$msg.'</span>'); |
|
} |
$r->print('<div align="center"><form name="passform" method="post" '. |
$r->print('<div align="center"><form name="passform" method="post" '. |
'action="/adm/restrictedaccess">'); |
'action="/adm/restrictedaccess">'); |
$r->print('<br /><br /><br />'); |
$r->print('<br /><br /><br />'); |
$r->print(&Apache::loncommon::start_data_table()); |
$r->print(&Apache::loncommon::start_data_table()); |
$r->print(&Apache::loncommon::start_data_table_row()); |
$r->print(&Apache::loncommon::start_data_table_row()); |
$r->print('<td><nobr>'.&mt('Passphrase: ').'</nobr></td>'. |
$r->print('<td><nobr>'.&mt('Passphrase: ').'</nobr></td>'. |
'<td><input type="password" size="20" name="pass1"></td>'); |
'<td><input type="password" size="20" name="pass1" /></td>'); |
$r->print(&Apache::loncommon::end_data_table_row()); |
|
$r->print(&Apache::loncommon::start_data_table_row()); |
|
$r->print('<td><nobr>'.&mt('Confirm passphrase: ').'</nobr></td>'); |
|
$r->print('<td><input type="password" size="20" name="pass2" /></td>'); |
|
$r->print(&Apache::loncommon::end_data_table_row()); |
$r->print(&Apache::loncommon::end_data_table_row()); |
$r->print(&Apache::loncommon::start_data_table_row()); |
$r->print(&Apache::loncommon::start_data_table_row()); |
$r->print('<td align="center" colspan="2"><br />'. |
$r->print('<td align="center" colspan="2"><br />'. |
Line 116 function verify() {
|
Line 111 function verify() {
|
$r->print(&Apache::loncommon::end_page()); |
$r->print(&Apache::loncommon::end_page()); |
} |
} |
|
|
sub print_redirect { |
|
my ($r,$end,$requrl) = @_; |
|
my %cookies=CGI::Cookie->parse($r->header_in('Cookie')); |
|
my $lonid=$cookies{'lonID'}; |
|
my $lonidsdir=$r->dir_config('lonIDsDir'); |
|
my $cookie; |
|
if ($lonid) { |
|
$cookie=$lonid->value; |
|
$cookie=~s/\W//g; |
|
} |
|
if ($cookie) { |
|
my $envkey = 'user.passphrase_access_'.$requrl; |
|
open(my $idf,">>$lonidsdir/$cookie.id"); |
|
if (!flock($idf,LOCK_EX)) { |
|
&Apache::lonnet::logthis("<font color=blue>WARNING: ". |
|
'Could not obtain exclusive lock in restrictedaccess: '.$!); |
|
close($idf); |
|
return 'error: '.$!; |
|
} else { |
|
print $idf (&escape($envkey).'='.&escape($end)."\n"); |
|
close($idf); |
|
return 'ok'; |
|
} |
|
} else { |
|
return 'error: no cookie set'; |
|
} |
|
} |
|
|
|
sub check_pass { |
sub check_pass { |
my ($r,$origurl) = @_; |
my ($r,$origurl) = @_; |
my $password = $env{'form.pass1'}; |
my (undef,$udom,$unum,$file_name,$group) = |
my ($udom,$unum,$group,$file_name,$result,$end); |
&Apache::lonnet::parse_portfolio_url($origurl); |
if ($origurl =~ m-/+uploaded/([^/]+)/([^/]+)/portfolio(/.+)$-) { |
|
$udom = $1; |
|
$unum = $2; |
|
$file_name = $3; |
|
} elsif ($origurl =~ m-/+uploaded/([^/]+)/([^/]+)/groups/([^/]+)/portfolio/(.+)$-) { |
|
$udom = $1; |
|
$unum = $2; |
|
$group = $3; |
|
$file_name = $3.'/'.$4; |
|
} |
|
my $curr_perms = &Apache::lonnet::get_portfile_permissions($udom,$unum); |
my $curr_perms = &Apache::lonnet::get_portfile_permissions($udom,$unum); |
my %acc_controls = &Apache::lonnet::get_access_controls($curr_perms, |
my %acc_controls = &Apache::lonnet::get_access_controls($curr_perms, |
$group,$file_name); |
$group,$file_name); |
my $access_hash = $acc_controls{$file_name}; |
my $access_hash = $acc_controls{$file_name}; |
|
|
|
my ($result,$end); |
foreach my $key (sort(keys(%{$access_hash}))) { |
foreach my $key (sort(keys(%{$access_hash}))) { |
if ($key =~ /^[^:]+:guest_(\d+)/) { |
if ($key =~ /^[^:]+:guest_(\d+)/) { |
$end = $1; |
$end = $1; |
my $content = $$access_hash{$key}; |
if ($env{'form.pass1'} eq $access_hash->{$key}{'password'}) { |
my $passwd = $content->{'password'}; |
|
if ($password eq $passwd) { |
|
$result = 'ok'; |
$result = 'ok'; |
} else { |
} else { |
$result = 'fail'; |
$result = 'fail'; |