loncom/auth/restrictedaccess.pm - view

File: [LON-CAPA] / loncom / auth / restrictedaccess.pm
Revision 1.1: download - view: text, annotated - select for diffs
Mon Jul 10 03:58:45 2006 UTC (17 years, 9 months ago) by raeburn
Branches: MAIN
CVS tags: HEAD

Mechanism for user to provide passphrase, and for the server to validate it when user attempts to access a passphrase-protected portfolio file.

# The LearningOnline Network # Passphrase Entry and Validation for Portfolio files # # Copyright Michigan State University Board of Trustees # # This file is part of the LearningOnline Network with CAPA (LON-CAPA). # # LON-CAPA is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # LON-CAPA is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with LON-CAPA; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # # /home/httpd/html/adm/gpl.txt # # http://www.lon-capa.org/ # package Apache::restrictedaccess; use strict; use lib '/home/httpd/lib/perl/'; use Apache::Constants qw(:common :http REDIRECT); use CGI::Cookie(); use Apache::File (); use Apache::lonnet; use Apache::loncommon(); use Apache::lonauth(); use Apache::lonlocal; use Apache::lonacc; use Fcntl qw(:flock); use LONCAPA; sub handler { my $r = shift; &Apache::loncommon::get_unprocessed_cgi ($ENV{'QUERY_STRING'}.'&'.$env{'request.querystring'}, ['origurl']); &Apache::lonacc::get_posted_cgi($r); my $origurl = &unescape($env{'form.origurl'}); my $msg; if (exists($env{'form.pass1'})) { my ($result,$end) = &check_pass($r,$origurl); if ($result eq 'ok') { my $cookie_check = &print_redirect($r,$end,$origurl); if ($cookie_check eq 'ok') { $env{'request.state'} = "published"; $env{'request.filename'} = $origurl; $r->header_out(Location => 'http://'.$ENV{'HTTP_HOST'}.$origurl); return REDIRECT; } else { &print_entryform($r,$origurl,$cookie_check); } } else { $msg = "Invalid passphrase"; &print_entryform($r,$origurl,$msg); } } else { &print_entryform($r,$origurl); } return OK; } sub print_entryform { my ($r,$origurl,$msg) = @_; &Apache::lonlocal::get_language_handle($r); &Apache::loncommon::content_type($r,'text/html'); $r->send_http_header; return OK if $r->header_only; $r->print(&Apache::loncommon::start_page('Passphrase protected file')); $r->print('<script type="text/javascript"> function verify() { if (document.passform.pass1.value == "") { alert("You must enter a passphrase"); return; } if (document.passform.pass1.value != document.passform.pass2.value) { alert("Passphrases do not match"); return; } document.passform.submit(); } </script>'); $r->print('<b>'.$msg.'</b>'); $r->print('<div align="center"><form name="passform" method="post" '. 'action="/adm/restrictedaccess">'); $r->print('<br /><br /><br />'); $r->print(&Apache::loncommon::start_data_table()); $r->print(&Apache::loncommon::start_data_table_row()); $r->print('<td><nobr>'.&mt('Passphrase: ').'</nobr></td>'. '<td><input type="password" size="20" name="pass1"></td>'); $r->print(&Apache::loncommon::end_data_table_row()); $r->print(&Apache::loncommon::start_data_table_row()); $r->print('<td><nobr>'.&mt('Confirm passphrase: ').'</nobr></td>'); $r->print('<td><input type="password" size="20" name="pass2" /></td>'); $r->print(&Apache::loncommon::end_data_table_row()); $r->print(&Apache::loncommon::start_data_table_row()); $r->print('<td align="center" colspan="2"><br />'. '<input type="button" name="sendpass" value="'. &mt('Submit passphrase').'" onClick="verify()" /></td>'); $r->print(&Apache::loncommon::end_data_table_row()); $r->print(&Apache::loncommon::end_data_table()); $r->print('<input type="hidden" name="origurl" value="'. &escape($origurl).'" /></form></div>'); $r->print(&Apache::loncommon::end_page()); } sub print_redirect { my ($r,$end,$requrl) = @_; my %cookies=CGI::Cookie->parse($r->header_in('Cookie')); my $lonid=$cookies{'lonID'}; my $lonidsdir=$r->dir_config('lonIDsDir'); my $cookie; if ($lonid) { $cookie=$lonid->value; $cookie=~s/\W//g; } if ($cookie) { my $envkey = 'user.passphrase_access_'.$requrl; open(my $idf,">>$lonidsdir/$cookie.id"); if (!flock($idf,LOCK_EX)) { &Apache::lonnet::logthis("<font color=blue>WARNING: ". 'Could not obtain exclusive lock in restrictedaccess: '.$!); close($idf); return 'error: '.$!; } else { print $idf (&escape($envkey).'='.&escape($end)."\n"); close($idf); return 'ok'; } } else { return 'error: no cookie set'; } } sub check_pass { my ($r,$origurl) = @_; my $password = $env{'form.pass1'}; my ($udom,$unum,$group,$file_name,$result,$end); if ($origurl =~ m-/+uploaded/([^/]+)/([^/]+)/portfolio(/.+)$-) { $udom = $1; $unum = $2; $file_name = $3; } elsif ($origurl =~ m-/+uploaded/([^/]+)/([^/]+)/groups/([^/]+)/portfolio/(.+)$-) { $udom = $1; $unum = $2; $group = $3; $file_name = $3.'/'.$4; } my $curr_perms = &Apache::lonnet::get_portfile_permissions($udom,$unum); my %acc_controls = &Apache::lonnet::get_access_controls($curr_perms, $group,$file_name); my $access_hash = $acc_controls{$file_name}; foreach my $key (sort(keys(%{$access_hash}))) { if ($key =~ /^[^:]+:guest_(\d+)/) { $end = $1; my $content = $$access_hash{$key}; my $passwd = $content->{'password'}; if ($password eq $passwd) { $result = 'ok'; } else { $result = 'fail'; } last; } } return ($result,$end); } 1;