# The LearningOnline Network
# Cookie Based Access Handler
# 5/21/99,5/22,5/29,5/31,6/15,16/11,22/11,
# 01/06,01/13,05/31,06/01,09/06,09/25,09/28,10/30 Gerd Kortemeyer
package Apache::lonacc;
use strict;
use Apache::Constants qw(:common :http :methods);
use Apache::File;
use Apache::lonnet;
use CGI::Cookie();
sub handler {
my $r = shift;
my $requrl=$r->uri;
my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
my $lonid=$cookies{'lonID'};
my $cookie;
if ($lonid) {
my $handle=$lonid->value;
$handle=~s/\W//g;
my $lonidsdir=$r->dir_config('lonIDsDir');
if ((-e "$lonidsdir/$handle.id") && ($handle ne '')) {
# ------------------------------------------- Transfer profile into environment
my @profile;
{
my $idf=Apache::File->new("$lonidsdir/$handle.id");
@profile=<$idf>;
}
my $envi;
for ($envi=0;$envi<=$#profile;$envi++) {
chomp($profile[$envi]);
my ($envname,$envvalue)=split(/=/,$profile[$envi]);
$ENV{$envname} = $envvalue;
}
$ENV{'user.environment'} = "$lonidsdir/$handle.id";
$ENV{'request.state'} = "published";
$ENV{'request.filename'} = $r->filename;
# ---- Figure out referer, first from HTTP_REFERER, then cache, then wild guess
my $referer='';
if ($referer=$r->header_in('Referer')) {
$ENV{'HTTP_REFERER'}=$referer;
} else {
$ENV{'HTTP_REFERER'}=$ENV{'httpref.'.$requrl};
unless($ENV{'HTTP_REFERER'}) {
my $pathpart=$requrl;
$pathpart=~s/\/[\w\.]*$//;
map {
if ($_=~/^httpref.$pathpart/) {
$ENV{'HTTP_REFERER'}=$ENV{$_};
}
} keys %ENV;
}
}
# -------------------------------------------------------- Load POST parameters
my $buffer;
$r->read($buffer,$r->header_in('Content-length'));
my @pairs=split(/&/,$buffer);
my $pair;
foreach $pair (@pairs) {
my ($name,$value) = split(/=/,$pair);
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
$name =~ tr/+/ /;
$name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
$ENV{"form.$name"}=$value;
}
$r->method_number(M_GET);
$r->method('GET');
$r->headers_in->unset('Content-length');
# ---------------------------------------------------------------- Check access
if ($requrl!~/^\/adm\//) {
my $access=&Apache::lonnet::allowed('bre',$requrl);
if ($access eq '1') {
$ENV{'user.error.msg'}="$requrl:bre:0:0:Choose Course";
return HTTP_NOT_ACCEPTABLE;
}
if (($access ne '2') && ($access ne 'F')) {
$ENV{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
return HTTP_NOT_ACCEPTABLE;
}
}
return OK;
} else {
$r->log_reason("Cookie $handle not valid", $r->filename)
};
}
# ----------------------------------------------- Store where they wanted to go
$ENV{'request.firsturl'}=$requrl;
return FORBIDDEN;
}
1;
__END__
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>