[LON-CAPA-cvs] cvs: modules /raeburn/register AuthzLogin.pm

raeburn lon-capa-cvs@mail.lon-capa.org
Sat, 04 Feb 2006 01:13:46 -0000 

raeburn		Fri Feb  3 20:13:46 2006 EDT

  Modified files:              
    /modules/raeburn/register	AuthzLogin.pm 
  Log:
  Changes to make this work with Apache2. Also add routine to check authorization for users retrieving excel files of registration data.  Users need to have their user_id in the event_admin table in the loncapasupport database for the event_id to which the excel data pertain. 
  
  
Index: modules/raeburn/register/AuthzLogin.pm
diff -u modules/raeburn/register/AuthzLogin.pm:1.1 modules/raeburn/register/AuthzLogin.pm:1.2
--- modules/raeburn/register/AuthzLogin.pm:1.1	Thu Oct  7 20:24:43 2004
+++ modules/raeburn/register/AuthzLogin.pm	Fri Feb  3 20:13:45 2006
@@ -1,6 +1,8 @@
 package Apache::LON::AuthzLogin;
 
-use Apache::Constants qw(OK SERVER_ERROR FORBIDDEN);
+use Apache::Const qw(OK SERVER_ERROR FORBIDDEN);
+use Apache::RequestRec();
+use DBI;
 use Storable qw(store retrieve dclone);
 use MD5;
 use strict;
@@ -8,9 +10,9 @@
 sub handler {
     my $r = shift;
     my $login = $r->dir_config('Login');
-    my $authstatus = $r->notes('_AUTHFAIL');
+    my $authstatus = $r->notes->get('_AUTHFAIL');
     if ($authstatus) {
-        my $message = $r->notes('_RejectAuth');
+        my $message = $r->notes->get('_RejectAuth');
         if ($message) {
             my $token = MD5->hexhash(MD5->hexhash(time.{}.rand().$$));
             my ($tempHash,$hashid);
@@ -25,7 +27,55 @@
         $r->custom_response(FORBIDDEN, $login);
         return FORBIDDEN;
     } else {
+        my $uri = $r->uri;
+        if ($uri =~ m|^/events/\w+/excel/([^/]+)$|) {
+            my $tail = $1;
+            if ($tail =~ /^(\d*)\-/) {
+                if (&check_authorization($r,$1)) {
+                    return OK;
+                } else {
+                    return FORBIDDEN;
+                }
+            } else {
+                return FORBIDDEN;
+            }
+        }
         return OK;
     }
 }
+
+sub check_authorization {
+    my ($r,$event_id) = @_;
+    my $dbpwd;
+    my $authkeydir = "/home/helpdesk/admindata";
+    my $authkeyfile = $authkeydir.'/mysql.dat';
+    if (open (my $fh, "<$authkeyfile") ) {
+        $dbpwd = <$fh>;
+        close($fh);
+        chomp($dbpwd);
+    }
+    my %attr = (
+                data_source => 'dbi:mysql:loncapasupport',
+                username => 'support',
+                password => $dbpwd
+               );
+# connect to database
+    my $dbh = DBI->connect($attr{data_source}, $attr{username},
+                        $attr{password});
+    unless ($dbh) {
+        return SERVER_ERROR;
+    }
+    my $user = $r->connection->user();
+    if ($user eq '') {
+        return SERVER_ERROR;
+    }
+    my $admincount = 0;
+    unless (($user eq '') || ($event_id eq '')) {
+        my $quoted_user = $dbh->quote( $user );
+        my $quoted_event_id = $dbh->quote( $event_id );
+        my $statement = "SELECT COUNT(event_id) FROM event_admin WHERE (user_id = $quoted_user AND event_id = $quoted_event_id)";
+        $admincount  = $dbh->selectrow_array("$statement");
+    }
+    return $admincount;
+}
 1;