[BACK]Return to loncacc.pm CVS log [TXT] [DIR] Up to [LON-CAPA] / loncom / auth

Diff for /loncom/auth/loncacc.pm between versions 1.44 and 1.46

version 1.44, 2007/02/01 07:13:04 version 1.46, 2007/10/02 01:09:59
Line 31  package Apache::loncacc; Line 31  package Apache::loncacc;
   
 use strict;  use strict;
 use Apache::Constants qw(:common :http :methods REDIRECT);  use Apache::Constants qw(:common :http :methods REDIRECT);
 use CGI::Cookie();  use Fcntl qw(:flock);
 use Apache::lonlocal;  use Apache::lonlocal;
 use Apache::lonnet;  use Apache::lonnet;
 use Apache::lonacc();  use Apache::lonacc;
 use LONCAPA qw(:DEFAULT :match);  use LONCAPA qw(:DEFAULT :match);
   
 sub constructaccess {  sub constructaccess {
     my ($url,$ownerdomain)=@_;      my ($url,$ownerdomain)=@_;
     my ($ownername)=($url=~m{/(?:\~|priv/|home/)($match_username)/});      my ($ownername)=($url=~/\/(?:\~|priv\/|home\/)($match_username)\//);
     unless (($ownername) && ($ownerdomain)) { return ''; }      unless (($ownername) && ($ownerdomain)) { return ''; }
     # We do not allow editing of previous versions of files.      # We do not allow editing of previous versions of files.
     if ($url=~/\.(\d+)\.(\w+)$/) { return ''; }      if ($url=~/\.(\d+)\.(\w+)$/) { return ''; }
Line 47  sub constructaccess { Line 47  sub constructaccess {
     if ($ownername eq $env{'user.name'}) {      if ($ownername eq $env{'user.name'}) {
  foreach my $domain (@possibledomains) {   foreach my $domain (@possibledomains) {
     if ($domain eq $env{'user.domain'}) {      if ($domain eq $env{'user.domain'}) {
     &Apache::lonnet::logthis("good1!");  
  return ($ownername,$domain);   return ($ownername,$domain);
     }      }
  }   }
     }      }
       
     foreach my $domain (@possibledomains) {      foreach my $domain (@possibledomains) {
  if (exists($env{'user.priv.ca./'.$domain.'/'.$ownername.'./'}) ||   if (exists($env{'user.priv.ca./'.$domain.'/'.$ownername.'./'}) ||
     exists($env{'user.priv.aa./'.$domain.'/'.$ownername.'./'}) ) {      exists($env{'user.priv.aa./'.$domain.'/'.$ownername.'./'}) ) {
     &Apache::lonnet::logthis("good2!");  
     return ($ownername,$domain);      return ($ownername,$domain);
  }   }
     }      }
     &Apache::lonnet::logthis("boo! hiss!");  
     return '';      return '';
 }  }
   
 sub handler {  sub handler {
     my $r = shift;      my $r = shift;
   
     my $requrl=$r->uri;      my $requrl=$r->uri;
     $env{'request.editurl'}=$requrl;      $env{'request.editurl'}=$requrl;
     my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));  
     my $lonid=$cookies{'lonID'};  
     my $cookie;  
     if ($lonid) {  
       my $handle=&LONCAPA::clean_handle($lonid->value);  
         my $lonidsdir=$r->dir_config('lonIDsDir');  
         if ((-e "$lonidsdir/$handle.id") && ($handle ne '')) {  
   
 # ------------------------------------------------------ Initialize Environment      my $handle =  &Apache::lonnet::check_for_valid_session($r);
       if ($handle ne '') {
   
             &Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle);  # ------------------------------------------------------ Initialize Environment
           my $lonidsdir=$r->dir_config('lonIDsDir');
    &Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle);
   
 # --------------------------------------------------------- Initialize Language  # --------------------------------------------------------- Initialize Language
     
      &Apache::lonlocal::get_language_handle($r);   &Apache::lonlocal::get_language_handle($r);
   
 # -------------------------------------------------------------- Resource State  # -------------------------------------------------------------- Resource State
   
             $env{'request.state'}    = "construct";   $env{'request.state'}    = "construct";
             $env{'request.filename'} = $r->filename;   $env{'request.filename'} = $r->filename;
   
             unless (&constructaccess($requrl,$r->dir_config('lonDefDomain'))) {   unless (&constructaccess($requrl,$r->dir_config('lonDefDomain'))) {
                 $r->log_reason("Unauthorized $requrl", $r->filename);       $r->log_reason("Unauthorized $requrl", $r->filename); 
         return HTTP_NOT_ACCEPTABLE;      return HTTP_NOT_ACCEPTABLE;
             }   }
   
 # -------------------------------------------------------- Load POST parameters  # -------------------------------------------------------- Load POST parameters
   
     &Apache::lonacc::get_posted_cgi($r);   &Apache::lonacc::get_posted_cgi($r);
   
             return OK;    return OK; 
         } else {       } else { 
             $r->log_reason("Cookie $handle not valid", $r->filename)    $r->log_reason("Cookie $handle not valid", $r->filename) 
         };  
     }      }
   
 # ----------------------------------------------- Store where they wanted to go  # ----------------------------------------------- Store where they wanted to go
Removed from v.1.44  
changed lines
  Added in v.1.46

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>