[BACK]Return to restrictedaccess.pm CVS log [TXT] [DIR] Up to [LON-CAPA] / loncom / auth
File:  [LON-CAPA] / loncom / auth / restrictedaccess.pm
Revision 1.4: download - view: text, annotated - select for diffs
Fri Jul 21 18:52:32 2006 UTC (17 years, 10 months ago) by albertel
Branches: MAIN
CVS tags: HEAD
- move portfolio access restriction checking code into lonnet.pm
- some changes to take care of public users access passphrase files

    1: # The LearningOnline Network
    2: # Passphrase Entry and Validation for Portfolio files 
    3: #
    4: # Copyright Michigan State University Board of Trustees
    5: #
    6: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
    7: #
    8: # LON-CAPA is free software; you can redistribute it and/or modify
    9: # it under the terms of the GNU General Public License as published by
   10: # the Free Software Foundation; either version 2 of the License, or
   11: # (at your option) any later version.
   12: #
   13: # LON-CAPA is distributed in the hope that it will be useful,
   14: # but WITHOUT ANY WARRANTY; without even the implied warranty of
   15: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   16: # GNU General Public License for more details.
   17: #
   18: # You should have received a copy of the GNU General Public License
   19: # along with LON-CAPA; if not, write to the Free Software
   20: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
   21: #
   22: # /home/httpd/html/adm/gpl.txt
   23: #
   24: # http://www.lon-capa.org/
   25: #
   26: 
   27: package Apache::restrictedaccess;
   28: 
   29: use strict;
   30: use lib '/home/httpd/lib/perl/';
   31: use Apache::Constants qw(:common :http REDIRECT);
   32: use CGI::Cookie();
   33: use Apache::lonnet;
   34: use Apache::loncommon();
   35: use Apache::lonauth();
   36: use Apache::lonlocal;
   37: use Apache::lonacc;
   38: use Fcntl qw(:flock);
   39: use LONCAPA;
   40: 
   41: sub handler {
   42:     my $r = shift;
   43: 
   44:     my $origurl = &unescape($env{'form.origurl'});
   45:     if (!defined($origurl)) {
   46: 	$origurl = $r->uri;
   47:     }
   48:     if (exists($env{'form.pass1'})) {
   49:         my ($result,$end) = &check_pass($r,$origurl);
   50:         if ($result eq 'ok') {
   51: 	    &Apache::lonnet::appenv(('user.passphrase_access_'.$origurl =>
   52: 					 $end));
   53: 	    $env{'request.state'} = "published";
   54: 	    $env{'request.filename'} = $origurl;
   55: 	    $r->header_out(Location => 'http://'.$ENV{'HTTP_HOST'}.$origurl);
   56: 	    return REDIRECT;
   57:         } else {
   58:             &print_entryform($r,$origurl,"Invalid passphrase");
   59:         }
   60:     } else {
   61:         &print_entryform($r,$origurl);
   62:     }
   63:     return OK;
   64: }
   65: 
   66: sub print_entryform {
   67:     my ($r,$origurl,$msg) = @_;
   68:     &Apache::lonlocal::get_language_handle($r);
   69:     &Apache::loncommon::content_type($r,'text/html');
   70:     $r->send_http_header;
   71:     return OK if $r->header_only;
   72: 
   73:     $r->print(&Apache::loncommon::start_page('Passphrase protected file'));
   74:     $r->print('<script type="text/javascript">
   75: function verify() {
   76:     if (document.passform.pass1.value == "") {
   77:         alert("You must enter a passphrase");
   78:         return;
   79:     }
   80:     document.passform.submit();
   81: } 
   82: </script>');
   83:     $r->print('<span class="LC_error">'.$msg.'</span>');
   84:     $r->print('<div align="center"><form name="passform" method="post" '.
   85:               'action="/adm/restrictedaccess">');
   86:     $r->print('<br /><br /><br />');
   87:     $r->print(&Apache::loncommon::start_data_table());
   88:     $r->print(&Apache::loncommon::start_data_table_row());     
   89:     $r->print('<td><nobr>'.&mt('Passphrase: ').'</nobr></td>'.
   90:               '<td><input type="password" size="20" name="pass1"></td>');
   91:     $r->print(&Apache::loncommon::end_data_table_row());
   92:     $r->print(&Apache::loncommon::start_data_table_row());
   93:     $r->print('<td align="center" colspan="2"><br />'.
   94:               '<input type="button" name="sendpass" value="'.
   95:               &mt('Submit passphrase').'" onClick="verify()" /></td>');
   96:     $r->print(&Apache::loncommon::end_data_table_row());
   97:     $r->print(&Apache::loncommon::end_data_table());
   98:     $r->print('<input type="hidden" name="origurl" value="'.
   99:               &escape($origurl).'" /></form></div>');
  100:     $r->print(&Apache::loncommon::end_page());
  101: }
  102: 
  103: sub check_pass {
  104:     my ($r,$origurl) = @_;
  105:     my (undef,$udom,$unum,$file_name,$group) = 
  106: 	&Apache::lonnet::parse_portfolio_url($origurl);
  107: 
  108:     my $curr_perms = &Apache::lonnet::get_portfile_permissions($udom,$unum);
  109:     my %acc_controls = &Apache::lonnet::get_access_controls($curr_perms,
  110:                                                             $group,$file_name);
  111:     my $access_hash = $acc_controls{$file_name};
  112: 
  113:     my ($result,$end);
  114:     foreach my $key (sort(keys(%{$access_hash}))) {
  115:         if ($key =~ /^[^:]+:guest_(\d+)/) {
  116:             $end = $1;
  117:             if ($env{'form.pass1'} eq $access_hash->{$key}{'password'}) {
  118:                 $result = 'ok';
  119:             } else {
  120:                 $result = 'fail';
  121:             }
  122:             last;
  123:         }
  124:     }
  125:     return ($result,$end);
  126: }
  127: 
  128: 1;
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>