--- loncom/cgi/decompress.pl	2003/10/20 22:38:28	1.4
+++ loncom/cgi/decompress.pl	2003/11/17 23:12:12	1.5
@@ -31,6 +31,7 @@
 use lib '/home/httpd/lib/perl';
 use LONCAPA::Configuration;
 use LONCAPA::loncgi();
+use Apache::lonnet;
 
 if(! &LONCAPA::loncgi::check_cookie_and_load_env()){
     print "Content-type: text/html\n\n";
@@ -38,50 +39,63 @@ if(! &LONCAPA::loncgi::check_cookie_and_
 	 <html><body>NO COOKIE!</body></html>
 END
 } else {
-    $url = $ENV{'HTTP_REFERER'};
-    $url =~ m|/{2}|;
-    $url = $'; #' stupid emacs
-    $url =~ m|/{1}|;
-    $referer = $`;
-    if($referer ne $ENV{'SERVER_NAME'}) {
-	print "Content-type: text/html\n\n";
-	print "<html><body>You are trying something that is not allowed, go to the real homeserver and try again</body></html>";
-    } else {
-	$url = $'; #' stupid emacs	
-	$url =~ m|$ENV{'user.name'}/{1}|;
-	$url = $'; #' stupid emacs
-	$url =~ m|\?{1}|;
-	$url = $`;
-	$path ="/home/$ENV{'user.name'}/public_html/";
-	$back_path = "";
-	while($url =~ m|/|) {
-	    $path .= $`;
+    print "Content-type: text/html\n\n";
+print "<html><head></head><body>";
+print "$ENV{'cgi.path'}";
+print "<br>$ENV{'cgi.file'}";
+print "<br>$ENV{'user.name'}<br>";
+$path = $ENV{'cgi.path'};
+$path =~ m|/{1}|;
+$path = $'; #' stupid emacs
+$path =~ m|/{1}|;
+$path = $';
+$username = $`; #Hmm, can't use the enviroment for this, if you are a co-author.. so we work around it.
+$path2 = "/home/$username/public_html/";
+$path2 .=$path;
+$back_path = "";
+	while($path =~ m|/|) {
 	    $back_path .= $`;
-	    $path .= "/";
 	    $back_path .= "/";
-	    $url = $'; #' stupid emacs
+	    $path = $'; #' stupid emacs
 	}
-	chdir $path;
-	$filename=$url;
-	if      ($url =~ m|zip|) {
-	    system "unzip -qq $filename &> /dev/null";
-	} elsif ($url =~ m|tar.gz|) {
-	    system "tar -zxpvf $filename &> /dev/null";
-	} elsif ($url =~ m|tar.bz2|){
-	    system "tar -jxpvf $filename &> /dev/null";
-	} elsif ($url =~ m|bz2|){
-	    system "bunzip2 $filename &> /dev/null";
-	} elsif ($url =~ m|tgz|){
-	    system "tar -zxpvf $filename &> /dev/null";
-	} elsif ($url =~ m|gz|){
-	    system "gunzip $filename &> /dev/null";
-	} elsif ($url =~ m|tar|){
-	    system "tar -xpvf $filename &> /dev/null";
+$path = "/home/$username/public_html";
+$path .= '/';
+$path .= $back_path;
+print "<br>path: $path<br>";
+print "back_path: $back_path <br>";
+print "path2: $path2 <br>";
+print "$path2<br>";
+if ( -r $path2){
+print "Good read access is allowed";
+print "<br><br>";
+$right = $ENV{'request.role'};
+$right =~ m|\.|;
+$right = $`;
+$filename = $ENV{'cgi.file'};
+if($right eq "ca" || $right eq "au") {
+chdir $path;
+if      ($filename =~ m|zip|) {
+	    system "unzip -qq $path2 &> /dev/null";
+	} elsif ($filename =~ m|tar.gz|) {
+	    system "tar -zxpvf $path2 &> /dev/null";
+	} elsif ($filename =~ m|tar.bz2|){
+	   system "tar -jxpvf $path2 &> /dev/null";
+	} elsif ($filename =~ m|bz2|){
+	    system "bunzip2 $path2 &> /dev/null";
+	} elsif ($filename =~ m|tgz|){
+	    system "tar -zxpvf $path2 &> /dev/null";
+	} elsif ($filename =~ m|gz|){
+	    system "gunzip $path2 &> /dev/null";
+	} elsif ($filename =~ m|tar|){
+	    system "tar -xpvf $path2 &> /dev/null";
 	}
-    }
+} 
+else {print "You don't have proper privledges";}
 }
-print "Content-type: text/html\n\n";
-print '<html><head>';
+else { print "Read access not allowed!"; }
 print '<meta http-equiv="refresh" content="0; URL=';
-print "http://$ENV{'SERVER_NAME'}/~$ENV{'user.name'}/$back_path"; print '" />';
-print '</head></html>';
+print "http://$ENV{'SERVER_NAME'}/~$username'}/$back_path"; print '" />';
+print '</body></html>';
+&Apache::lonnet::delenv(cgi.file);
+&Apache::lonnet::delenv(cgi.path);
+}