# The LearningOnline Network
# Passphrase Entry and Validation for Portfolio files
#
# Copyright Michigan State University Board of Trustees
#
# This file is part of the LearningOnline Network with CAPA (LON-CAPA).
#
# LON-CAPA is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# LON-CAPA is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with LON-CAPA; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# /home/httpd/html/adm/gpl.txt
#
# http://www.lon-capa.org/
#
package Apache::restrictedaccess;
use strict;
use lib '/home/httpd/lib/perl/';
use Apache::Constants qw(:common :http REDIRECT);
use CGI::Cookie();
use Apache::File ();
use Apache::lonnet;
use Apache::loncommon();
use Apache::lonauth();
use Apache::lonlocal;
use Apache::lonacc;
use Fcntl qw(:flock);
use LONCAPA;
sub handler {
my $r = shift;
&Apache::loncommon::get_unprocessed_cgi
($ENV{'QUERY_STRING'}.'&'.$env{'request.querystring'},
['origurl']);
&Apache::lonacc::get_posted_cgi($r);
my $origurl = &unescape($env{'form.origurl'});
my $msg;
if (exists($env{'form.pass1'})) {
my ($result,$end) = &check_pass($r,$origurl);
if ($result eq 'ok') {
my $cookie_check = &print_redirect($r,$end,$origurl);
if ($cookie_check eq 'ok') {
$env{'request.state'} = "published";
$env{'request.filename'} = $origurl;
$r->header_out(Location => 'http://'.$ENV{'HTTP_HOST'}.$origurl);
return REDIRECT;
} else {
&print_entryform($r,$origurl,$cookie_check);
}
} else {
$msg = "Invalid passphrase";
&print_entryform($r,$origurl,$msg);
}
} else {
&print_entryform($r,$origurl);
}
return OK;
}
sub print_entryform {
my ($r,$origurl,$msg) = @_;
&Apache::lonlocal::get_language_handle($r);
&Apache::loncommon::content_type($r,'text/html');
$r->send_http_header;
return OK if $r->header_only;
$r->print(&Apache::loncommon::start_page('Passphrase protected file'));
$r->print('');
$r->print(''.$msg.'');
$r->print('');
$r->print(&Apache::loncommon::end_page());
}
sub print_redirect {
my ($r,$end,$requrl) = @_;
my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
my $lonid=$cookies{'lonID'};
my $lonidsdir=$r->dir_config('lonIDsDir');
my $cookie;
if ($lonid) {
$cookie=$lonid->value;
$cookie=~s/\W//g;
}
if ($cookie) {
my $envkey = 'user.passphrase_access_'.$requrl;
open(my $idf,">>$lonidsdir/$cookie.id");
if (!flock($idf,LOCK_EX)) {
&Apache::lonnet::logthis("WARNING: ".
'Could not obtain exclusive lock in restrictedaccess: '.$!);
close($idf);
return 'error: '.$!;
} else {
print $idf (&escape($envkey).'='.&escape($end)."\n");
close($idf);
return 'ok';
}
} else {
return 'error: no cookie set';
}
}
sub check_pass {
my ($r,$origurl) = @_;
my $password = $env{'form.pass1'};
my ($udom,$unum,$group,$file_name,$result,$end);
if ($origurl =~ m-/+uploaded/([^/]+)/([^/]+)/portfolio(/.+)$-) {
$udom = $1;
$unum = $2;
$file_name = $3;
} elsif ($origurl =~ m-/+uploaded/([^/]+)/([^/]+)/groups/([^/]+)/portfolio/(.+)$-) {
$udom = $1;
$unum = $2;
$group = $3;
$file_name = $3.'/'.$4;
}
my $curr_perms = &Apache::lonnet::get_portfile_permissions($udom,$unum);
my %acc_controls = &Apache::lonnet::get_access_controls($curr_perms,
$group,$file_name);
my $access_hash = $acc_controls{$file_name};
foreach my $key (sort(keys(%{$access_hash}))) {
if ($key =~ /^[^:]+:guest_(\d+)/) {
$end = $1;
my $content = $$access_hash{$key};
my $passwd = $content->{'password'};
if ($password eq $passwd) {
$result = 'ok';
} else {
$result = 'fail';
}
last;
}
}
return ($result,$end);
}
1;