Annotation of /branches/rel-2-3-dev/webwork2/lib/WeBWorK/Authen.pm

Revision 4263 - (view) (download) (as text)
Original Path: trunk/webwork2/lib/WeBWorK/Authen.pm

1 :	sh002i	455	################################################################################
2 :	sh002i	1663	# WeBWorK Online Homework Delivery System
3 :	sh002i	3973	# Copyright © 2000-2006 The WeBWorK Project, http://openwebwork.sf.net/
4 :	sh002i	4263	# $CVSHeader: webwork2/lib/WeBWorK/Authen.pm,v 1.56 2006/07/12 04:33:55 sh002i Exp $
5 :	sh002i	1663	#
6 :			# This program is free software; you can redistribute it and/or modify it under
7 :			# the terms of either: (a) the GNU General Public License as published by the
8 :			# Free Software Foundation; either version 2, or (at your option) any later
9 :			# version, or (b) the "Artistic License" which comes with this package.
10 :			#
11 :			# This program is distributed in the hope that it will be useful, but WITHOUT
12 :			# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
13 :			# FOR A PARTICULAR PURPOSE. See either the GNU General Public License or the
14 :			# Artistic License for more details.
15 :	sh002i	455	################################################################################
16 :
17 :	malsyned	305	package WeBWorK::Authen;
18 :
19 :	sh002i	455	=head1 NAME
20 :
21 :			WeBWorK::Authen - Check user identity, manage session keys.
22 :
23 :			=cut
24 :
25 :	malsyned	441	use strict;
26 :			use warnings;
27 :	sh002i	4192	use WeBWorK::Cookie;
28 :	sh002i	1777	use Date::Format;
29 :	sh002i	4045	use Socket qw/unpack_sockaddr_in inet_ntoa/; # for logging
30 :			use WeBWorK::Debug;
31 :	sh002i	3799	use WeBWorK::Utils qw/writeCourseLog/;
32 :	malsyned	335
33 :	sh002i	1777	use constant COOKIE_LIFESPAN => 606024*30; # 30 days
34 :	sh002i	3799	use constant GENERIC_ERROR_MESSAGE => "Invalid user ID or password.";
35 :	sh002i	1777
36 :	sh002i	4192	use mod_perl;
37 :			use constant MP2 => ( exists $ENV{MOD_PERL_API_VERSION} and $ENV{MOD_PERL_API_VERSION} >= 2 );
38 :
39 :	sh002i	4263	BEGIN {
40 :			if (MP2) {
41 :			require APR::SockAddr;
42 :			APR::SockAddr->import();
43 :			require Apache2::Connection;
44 :			Apache2::Connection->import();
45 :			}
46 :			}
47 :
48 :	sh002i	3741	################################################################################
49 :			# Public API
50 :			################################################################################
51 :
52 :			=head1 CONSTRUCTOR
53 :
54 :			=over
55 :
56 :			=item new($r)
57 :
58 :			Instantiates a new WeBWorK::Authen object for the given WeBWorK::Requst ($r).
59 :
60 :			=cut
61 :
62 :	sh002i	1885	sub new {
63 :			my ($invocant, $r) = @_;
64 :	malsyned	323	my $class = ref($invocant) \|\| $invocant;
65 :	sh002i	1885	my $self = {
66 :			r => $r,
67 :			};
68 :	malsyned	305	bless $self, $class;
69 :			return $self;
70 :			}
71 :
72 :	sh002i	3741	=back
73 :	sh002i	817
74 :	sh002i	3741	=cut
75 :	sh002i	3366
76 :	sh002i	3741	=head1 METHODS
77 :	sh002i	817
78 :	sh002i	3741	=over
79 :	malsyned	323
80 :	sh002i	3741	=cut
81 :	sh002i	1683
82 :	sh002i	4045	sub verify {
83 :			debug("BEGIN VERIFY");
84 :	malsyned	305	my $self = shift;
85 :			my $r = $self->{r};
86 :
87 :	sh002i	4045	my $result = $self->do_verify;
88 :			my $error = $self->{error};
89 :			my $user_id = $self->{user_id};
90 :			my $credential_source = $self->{credential_source};
91 :	sh002i	817
92 :	sh002i	4045	$self->{was_verified} = $result ? 1 : 0;
93 :	malsyned	313
94 :	sh002i	4045	if ($self->can("site_fixup")) {
95 :			$self->site_fixup;
96 :	gage	3125	}
97 :	sh002i	817
98 :	sh002i	4045	if ($result) {
99 :			#$self->write_log_entry("LOGIN OK user_id=$user_id credential_source=$credential_source");
100 :			$self->maybe_send_cookie;
101 :			$self->set_params;
102 :	malsyned	313	} else {
103 :	sh002i	4045	#$self->write_log_entry("LOGIN FAILED user_id=$user_id credential_source=$credential_source");
104 :	sh002i	4135	$self->maybe_kill_cookie;
105 :	sh002i	4045	if ($error) {
106 :	sh002i	4192	MP2 ? $r->notes->set(authen_error => $error) : $r->notes("authen_error" => $error);
107 :	sh002i	1683	}
108 :	malsyned	305	}
109 :	sh002i	4045
110 :			debug("END VERIFY");
111 :			return $result;
112 :	malsyned	305	}
113 :
114 :	sh002i	3741	=item was_verified()
115 :
116 :			Returns true if verify() returned true the last time it was called.
117 :
118 :			=cut
119 :
120 :			sub was_verified {
121 :			my ($self) = @_;
122 :
123 :			return 1 if exists $self->{was_verified} and $self->{was_verified};
124 :			return 0;
125 :			}
126 :
127 :			=item forget_verification()
128 :
129 :			Future calls to was_verified() will return false, until verify() is called again and succeeds.
130 :
131 :			=cut
132 :
133 :			sub forget_verification {
134 :			my ($self) = @_;
135 :
136 :			$self->{was_verified} = 0;
137 :			}
138 :
139 :	sh002i	4045	=back
140 :	sh002i	3741
141 :			=cut
142 :
143 :	sh002i	4045	################################################################################
144 :			# Helper functions (called by verify)
145 :			################################################################################
146 :
147 :			sub do_verify {
148 :			my $self = shift;
149 :	sh002i	3688	my $r = $self->{r};
150 :			my $ce = $r->ce;
151 :			my $db = $r->db;
152 :
153 :	sh002i	4045	return 0 unless $db;
154 :	sh002i	3688
155 :	sh002i	4045	return 0 unless $self->get_credentials;
156 :	sh002i	3688
157 :	sh002i	4045	return 0 unless $self->check_user;
158 :	sh002i	3688
159 :	sh002i	4045	my $practiceUserPrefix = $ce->{practiceUserPrefix};
160 :			if ($practiceUserPrefix and $self->{user_id} =~ /^$practiceUserPrefix/){
161 :			return $self->verify_practice_user;
162 :			} else {
163 :			return $self->verify_normal_user;
164 :			}
165 :			}
166 :
167 :			sub get_credentials {
168 :			my ($self) = @_;
169 :			my $r = $self->{r};
170 :			my $ce = $r->ce;
171 :			my $db = $r->db;
172 :	sh002i	3688
173 :	sh002i	4045	# allow guest login: if the "Guest Login" button was clicked, we find an unused
174 :			# practice user and create a session for it.
175 :			if ($r->param("login_practice_user")) {
176 :			my $practiceUserPrefix = $ce->{practiceUserPrefix};
177 :			my @guestUserIDs = grep m/^$practiceUserPrefix/, $db->listUsers;
178 :			my @GuestUsers = $db->getUsers(@guestUserIDs);
179 :			my @allowedGuestUsers = grep { $ce->status_abbrev_has_behavior($_->status, "allow_course_access") } @GuestUsers;
180 :			my @allowedGestUserIDs = map { $_->user_id } @allowedGuestUsers;
181 :	sh002i	3688
182 :	sh002i	4045	foreach my $userID (@allowedGestUserIDs) {
183 :			if (not $self->unexpired_session_exists($userID)) {
184 :			my $newKey = $self->create_session($userID);
185 :
186 :			$self->{user_id} = $userID;
187 :			$self->{session_key} = $newKey;
188 :			$self->{credential_source} = "guest";
189 :			debug("guest user '", $userID. "' key '", $newKey. "'");
190 :			return 1;
191 :			}
192 :	sh002i	3688	}
193 :
194 :	sh002i	4045	$self->write_log_entry("GUEST LOGIN FAILED - no logins availabe");
195 :			$self->{error} = "No practice users are available. Please try again in a few minutes.";
196 :			return 0;
197 :			}
198 :
199 :			# at least the user ID is available in request parameters
200 :			if (defined $r->param("user")) {
201 :			$self->{user_id} = $r->param("user");
202 :			$self->{session_key} = $r->param("key");
203 :			$self->{password} = $r->param("passwd");
204 :			$self->{credential_source} = "params";
205 :			debug("params user '", $self->{user_id}, "' password '", $self->{password}, "' key '", $self->{session_key}, "'");
206 :			return 1;
207 :			}
208 :
209 :			my ($cookieUser, $cookieKey) = $self->fetchCookie;
210 :			if (defined $cookieUser) {
211 :			$self->{user_id} = $cookieUser;
212 :			$self->{session_key} = $cookieKey;
213 :			$self->{credential_source} = "cookie";
214 :			debug("cookie user '", $self->{user_id}, "' key '", $self->{session_key}, "'");
215 :			return 1;
216 :			}
217 :			}
218 :
219 :			sub check_user {
220 :			my $self = shift;
221 :			my $r = $self->{r};
222 :			my $ce = $r->ce;
223 :			my $db = $r->db;
224 :			my $authz = $r->authz;
225 :
226 :			my $user_id = $self->{user_id};
227 :
228 :			if (defined $user_id and $user_id eq "") {
229 :			$self->{error} = "You must specify a user ID.";
230 :			return 0;
231 :			}
232 :
233 :			my $User = $db->getUser($user_id);
234 :
235 :			unless ($User) {
236 :			$self->write_log_entry("LOGIN FAILED $user_id - user unknown");
237 :			$self->{error} = GENERIC_ERROR_MESSAGE;
238 :			return 0;
239 :			}
240 :
241 :			# FIXME "fix invalid status values" used to be here, but it needs to move to $db->getUser
242 :
243 :			unless ($ce->status_abbrev_has_behavior($User->status, "allow_course_access")) {
244 :			$self->write_log_entry("LOGIN FAILED $user_id - course access denied");
245 :			$self->{error} = GENERIC_ERROR_MESSAGE;
246 :			return 0;
247 :			}
248 :
249 :			unless ($authz->hasPermissions($user_id, "login")) {
250 :			$self->write_log_entry("LOGIN FAILED $user_id - no permission to login");
251 :			$self->{error} = GENERIC_ERROR_MESSAGE;
252 :			return 0;
253 :			}
254 :
255 :			return 1;
256 :			}
257 :
258 :			sub verify_practice_user {
259 :			my $self = shift;
260 :			my $r = $self->{r};
261 :			my $ce = $r->ce;
262 :
263 :			my $user_id = $self->{user_id};
264 :			my $session_key = $self->{session_key};
265 :
266 :			my ($sessionExists, $keyMatches, $timestampValid) = $self->check_session($user_id, $session_key, 1);
267 :			debug("sessionExists='", $sessionExists, "' keyMatches='", $keyMatches, "' timestampValid='", $timestampValid, "'");
268 :
269 :			if ($sessionExists) {
270 :			if ($keyMatches) {
271 :			if ($timestampValid) {
272 :			return 1;
273 :	sh002i	3688	} else {
274 :	sh002i	4045	$self->{session_key} = $self->create_session($user_id);
275 :			return 1;
276 :			}
277 :			} else {
278 :			if ($timestampValid) {
279 :			my $debugPracticeUser = $ce->{debugPracticeUser};
280 :			if (defined $debugPracticeUser and $user_id eq $debugPracticeUser) {
281 :			$self->{session_key} = $self->create_session($user_id);
282 :			return 1;
283 :	sh002i	3688	} else {
284 :	sh002i	4045	$self->{error} = "That guest account is in use.";
285 :			return 0;
286 :	sh002i	3688	}
287 :	sh002i	4045	} else {
288 :			$self->{session_key} = $self->create_session($user_id);
289 :			return 1;
290 :	sh002i	3688	}
291 :			}
292 :	sh002i	4045	} else {
293 :			$self->{session_key} = $self->create_session($user_id);
294 :			return 1;
295 :			}
296 :			}
297 :	glarose	4029
298 :	sh002i	4045	sub verify_normal_user {
299 :			my $self = shift;
300 :			my $r = $self->{r};
301 :
302 :			my $user_id = $self->{user_id};
303 :			my $session_key = $self->{session_key};
304 :
305 :			my ($sessionExists, $keyMatches, $timestampValid) = $self->check_session($user_id, $session_key, 1);
306 :			debug("sessionExists='", $sessionExists, "' keyMatches='", $keyMatches, "' timestampValid='", $timestampValid, "'");
307 :
308 :			if ($keyMatches and $timestampValid) {
309 :			return 1;
310 :			} else {
311 :			my $auth_result = $self->authenticate;
312 :
313 :			if ($auth_result > 0) {
314 :			$self->{session_key} = $self->create_session($user_id);
315 :			$self->write_log_entry("LOGIN OK $user_id");
316 :			return 1;
317 :			} elsif ($auth_result == 0) {
318 :			$self->write_log_entry("LOGIN FAILED $user_id - authentication failed");
319 :			$self->{error} = GENERIC_ERROR_MESSAGE;
320 :			return 0;
321 :			} else { # ($auth_result < 0) => required data was not present
322 :			if ($keyMatches and not $timestampValid) {
323 :			$self->{error} = "Your session has timed out due to inactivity. Please log in again.";
324 :	sh002i	3688	}
325 :	sh002i	4045	return 0;
326 :	sh002i	3688	}
327 :			}
328 :	sh002i	4045	}
329 :
330 :			# 1 == authentication succeeded
331 :			# 0 == required data was present, but authentication failed
332 :			# -1 == required data was not present (i.e. password missing)
333 :			sub authenticate {
334 :			my $self = shift;
335 :			my $r = $self->{r};
336 :	sh002i	3688
337 :	sh002i	4045	my $user_id = $self->{user_id};
338 :			my $password = $self->{password};
339 :
340 :			if (defined $password) {
341 :			return $self->checkPassword($user_id, $password);
342 :	sh002i	3688	} else {
343 :	sh002i	4045	return -1;
344 :	sh002i	3688	}
345 :	glarose	3377	}
346 :
347 :	sh002i	4045	sub maybe_send_cookie {
348 :			my $self = shift;
349 :			my $r = $self->{r};
350 :
351 :			my ($cookie_user, $cookie_key) = $self->fetchCookie;
352 :
353 :			# we send a cookie if any of these conditions are met:
354 :
355 :			# (a) a cookie was used for authentication
356 :			my $used_cookie = ($self->{credential_source} eq "cookie");
357 :
358 :			# (b) a cookie was sent but not used for authentication, and the
359 :			# credentials used for authentication were the same as those in
360 :			# the cookie
361 :			my $unused_valid_cookie = ($self->{credential_source} ne "cookie"
362 :			and defined $cookie_user and $self->{user_id} eq $cookie_user
363 :			and defined $cookie_key and $self->{session_key} eq $cookie_key);
364 :
365 :			# (c) the user asked to have a cookie sent and is not a guest user.
366 :			my $user_requests_cookie = ($self->{credential_source} ne "guest"
367 :			and $r->param("send_cookie"));
368 :
369 :			debug("used_cookie='", $used_cookie, "' unused_valid_cookie='", $unused_valid_cookie, "' user_requests_cookie='", $user_requests_cookie, "'");
370 :
371 :			if ($used_cookie or $unused_valid_cookie or $user_requests_cookie) {
372 :			$self->sendCookie($self->{user_id}, $self->{session_key});
373 :			} else {
374 :			$self->killCookie;
375 :			}
376 :			}
377 :	sh002i	3741
378 :	sh002i	4135	sub maybe_kill_cookie {
379 :			my $self = shift;
380 :			$self->killCookie(@_);
381 :			}
382 :
383 :	sh002i	4045	sub set_params {
384 :			my $self = shift;
385 :			my $r = $self->{r};
386 :
387 :	sh002i	4192	# A2 - params are not non-modifiable, with no explanation or workaround given in docs. WTF!
388 :	sh002i	4045	$r->param("user", $self->{user_id});
389 :			$r->param("key", $self->{session_key});
390 :			$r->param("passwd", "");
391 :
392 :			debug("params user='", $r->param("user"), "' key='", $r->param("key"), "' passwd='", $r->param("passwd"), "'");
393 :			}
394 :	sh002i	3741
395 :			################################################################################
396 :			# Password management
397 :			################################################################################
398 :
399 :	sh002i	4045	sub checkPassword {
400 :	sh002i	3741	my ($self, $userID, $possibleClearPassword) = @_;
401 :			my $db = $self->{r}->db;
402 :
403 :			my $Password = $db->getPassword($userID); # checked
404 :			return 0 unless defined $Password;
405 :
406 :			# check against WW password database
407 :			my $possibleCryptPassword = crypt($possibleClearPassword, $Password->password());
408 :			return 1 if $possibleCryptPassword eq $Password->password;
409 :
410 :			# check site-specific verification method
411 :			return 1 if $self->site_checkPassword($userID, $possibleClearPassword);
412 :
413 :			# fail by default
414 :			return 0;
415 :			}
416 :
417 :			# Site-specific password checking
418 :			#
419 :			# The site_checkPassword routine can be used to provide a hook to your institution's
420 :			# authentication system. If authentication against the course's password database, the
421 :			# method $self->site_checkPassword($userID, $clearTextPassword) is called. If this
422 :			# method returns a true value, authentication succeeds.
423 :			#
424 :			# Here is an example site_checkPassword which checks the password against the Ohio State
425 :			# popmail server:
426 :	sh002i	4045	# sub site_checkPassword {
427 :	sh002i	3741	# my ($self, $userID, $clearTextPassword) = @_;
428 :			# use Net::POP3;
429 :			# my $pop = Net::POP3->new('pop.service.ohio-state.edu', Timeout => 60);
430 :			# if ($pop->login($userID, $clearTextPassword)) {
431 :			# return 1;
432 :			# }
433 :			# return 0;
434 :			# }
435 :			#
436 :			# Since you have access to the WeBWorK::Authen object, the possibilities are limitless!
437 :			# This example checks the password against the system password database and updates the
438 :			# user's password in the course database if it succeeds:
439 :			# sub site_checkPassword {
440 :			# my ($self, $userID, $clearTextPassword) = @_;
441 :			# my $realCryptPassword = (getpwnam $userID)[1] or return 0;
442 :			# my $possibleCryptPassword = crypt($possibleClearPassword, $realCryptPassword); # user real PW as salt
443 :			# if ($possibleCryptPassword eq $realCryptPassword) {
444 :			# # update WeBWorK password
445 :			# use WeBWorK::Utils qw(cryptPassword);
446 :			# my $db = $self->{r}->db;
447 :			# my $Password = $db->getPassword($userID);
448 :			# my $pass = cryptPassword($clearTextPassword);
449 :			# $Password->password($pass);
450 :			# $db->putPassword($Password);
451 :			# return 1;
452 :			# } else {
453 :			# return 0;
454 :			# }
455 :			# }
456 :			#
457 :			#
458 :			# The default site_checkPassword always fails:
459 :			sub site_checkPassword {
460 :			my ($self, $userID, $clearTextPassword) = @_;
461 :			return 0;
462 :			}
463 :
464 :			################################################################################
465 :			# Session key management
466 :			################################################################################
467 :
468 :	sh002i	4045	sub unexpired_session_exists {
469 :	sh002i	3741	my ($self, $userID) = @_;
470 :			my $ce = $self->{r}->ce;
471 :			my $db = $self->{r}->db;
472 :
473 :			my $Key = $db->getKey($userID); # checked
474 :			return 0 unless defined $Key;
475 :			if (time <= $Key->timestamp()+$ce->{sessionKeyTimeout}) {
476 :	sh002i	4045	# unexpired, but leave timestamp alone
477 :			return 1;
478 :	sh002i	3741	} else {
479 :			# expired -- delete key
480 :	sh002i	4045	# NEW: no longer delete the key here -- a user re-visiting with a formerly-valid key should
481 :			# always get a "session expired" message. formerly, if they i.e. reload the login screen
482 :			# the message disappears, which is confusing (i claim ;)
483 :			#$db->deleteKey($userID);
484 :	sh002i	3741	return 0;
485 :			}
486 :			}
487 :
488 :	sh002i	4045	# clobbers any existing session for this $userID
489 :			# if $newKey is not specified, a random key is generated
490 :			# the key is returned
491 :			sub create_session {
492 :			my ($self, $userID, $newKey) = @_;
493 :	sh002i	3741	my $ce = $self->{r}->ce;
494 :			my $db = $self->{r}->db;
495 :
496 :	sh002i	4045	my $timestamp = time;
497 :			unless ($newKey) {
498 :			my @chars = @{ $ce->{sessionKeyChars} };
499 :			my $length = $ce->{sessionKeyLength};
500 :
501 :			srand;
502 :			$newKey = join ("", @chars[map rand(@chars), 1 .. $length]);
503 :			}
504 :
505 :			my $Key = $db->newKey(user_id=>$userID, key=>$newKey, timestamp=>$timestamp);
506 :			eval { $db->deleteKey($userID) };
507 :			$db->addKey($Key);
508 :			return $newKey;
509 :			}
510 :
511 :			# returns ($sessionExists, $keyMatches, $timestampValid)
512 :			# if $updateTimestamp is true, the timestamp on a valid session is updated
513 :			sub check_session {
514 :			my ($self, $userID, $possibleKey, $updateTimestamp) = @_;
515 :			my $ce = $self->{r}->ce;
516 :			my $db = $self->{r}->db;
517 :
518 :	sh002i	3741	my $Key = $db->getKey($userID); # checked
519 :			return 0 unless defined $Key;
520 :	sh002i	4045
521 :			my $keyMatches = (defined $possibleKey and $possibleKey eq $Key->key);
522 :			my $timestampValid = (time <= $Key->timestamp()+$ce->{sessionKeyTimeout});
523 :
524 :			if ($keyMatches and $timestampValid and $updateTimestamp) {
525 :			$Key->timestamp(time);
526 :			$db->putKey($Key);
527 :	sh002i	3741	}
528 :	sh002i	4045
529 :			return (1, $keyMatches, $timestampValid);
530 :	sh002i	3741	}
531 :
532 :			################################################################################
533 :			# Cookie management
534 :			################################################################################
535 :
536 :			sub fetchCookie {
537 :	sh002i	4045	my $self = shift;
538 :	sh002i	3741	my $r = $self->{r};
539 :			my $ce = $r->ce;
540 :			my $urlpath = $r->urlpath;
541 :
542 :			my $courseID = $urlpath->arg("courseID");
543 :
544 :	sh002i	4192	# AP2 - Apache2::Cookie needs $r, Apache::Cookie doesn't
545 :			my %cookies = WeBWorK::Cookie->fetch( MP2 ? $r : () );
546 :	sh002i	3741	my $cookie = $cookies{"WeBWorKCourseAuthen.$courseID"};
547 :
548 :			if ($cookie) {
549 :	sh002i	4045	debug("found a cookie for this course: '", $cookie->as_string, "'");
550 :			debug("cookie has this value: '", $cookie->value, "'");
551 :	sh002i	3741	my ($userID, $key) = split "\t", $cookie->value;
552 :			if (defined $userID and defined $key and $userID ne "" and $key ne "") {
553 :	sh002i	4045	debug("looks good, returning userID='$userID' key='$key'");
554 :	sh002i	3741	return $userID, $key;
555 :			} else {
556 :	sh002i	4045	debug("malformed cookie. returning nothing.");
557 :			return;
558 :	sh002i	3741	}
559 :			} else {
560 :	sh002i	4045	debug("found no cookie for this course. returning nothing.");
561 :			return;
562 :	sh002i	3741	}
563 :			}
564 :
565 :			sub sendCookie {
566 :			my ($self, $userID, $key) = @_;
567 :			my $r = $self->{r};
568 :			my $ce = $r->ce;
569 :
570 :			my $courseID = $r->urlpath->arg("courseID");
571 :
572 :			my $expires = time2str("%a, %d-%h-%Y %H:%M:%S %Z", time+COOKIE_LIFESPAN, "GMT");
573 :	sh002i	4192	my $cookie = WeBWorK::Cookie->new($r,
574 :	sh002i	3741	-name => "WeBWorKCourseAuthen.$courseID",
575 :			-value => "$userID\t$key",
576 :			-expires => $expires,
577 :			-domain => $r->hostname,
578 :			-path => $ce->{webworkURLRoot},
579 :			-secure => 0,
580 :			);
581 :
582 :	sh002i	4045	debug("about to add Set-Cookie header with this string: '", $cookie->as_string, "'");
583 :	sh002i	3741	$r->headers_out->set("Set-Cookie" => $cookie->as_string);
584 :			}
585 :
586 :			sub killCookie {
587 :			my ($self) = @_;
588 :			my $r = $self->{r};
589 :			my $ce = $r->ce;
590 :
591 :			my $courseID = $r->urlpath->arg("courseID");
592 :
593 :			my $expires = time2str("%a, %d-%h-%Y %H:%M:%S %Z", time-606024, "GMT");
594 :	sh002i	4192	my $cookie = WeBWorK::Cookie->new($r,
595 :	sh002i	3741	-name => "WeBWorKCourseAuthen.$courseID",
596 :			-value => "\t",
597 :			-expires => $expires,
598 :			-domain => $r->hostname,
599 :			-path => $ce->{webworkURLRoot},
600 :			-secure => 0,
601 :			);
602 :
603 :	sh002i	4045	debug("about to add Set-Cookie header with this string: '", $cookie->as_string, "'");
604 :	sh002i	3741	$r->headers_out->set("Set-Cookie" => $cookie->as_string);
605 :			}
606 :
607 :			################################################################################
608 :			# Utilities
609 :			################################################################################
610 :
611 :	sh002i	3799	sub write_log_entry {
612 :			my ($self, $message) = @_;
613 :
614 :	sh002i	3741	my $r = $self->{r};
615 :			my $ce = $r->ce;
616 :	sh002i	3799
617 :	sh002i	4192	my ($remote_host, $remote_port);
618 :			if (MP2) {
619 :			$remote_host = $r->connection->remote_addr->ip_get \|\| "UNKNOWN";
620 :			$remote_port = $r->connection->remote_addr->port \|\| "UNKNOWN";
621 :			} else {
622 :			($remote_port, $remote_host) = unpack_sockaddr_in($r->connection->remote_addr);
623 :			$remote_host = defined $remote_host ? inet_ntoa($remote_host) : "UNKNOWN";
624 :			$remote_port = "UNKNOWN" unless defined $remote_port;
625 :			}
626 :	sh002i	4238	my $user_agent = $r->headers_in->{"User-Agent"};
627 :	sh002i	3799
628 :	sh002i	4132	my $log_msg = "$message (host=$remote_host port=$remote_port UA=$user_agent";
629 :			debug("Writing to login log: '$log_msg'.\n");
630 :			writeCourseLog($ce, "login_log", $log_msg);
631 :	sh002i	3741	}
632 :
633 :	malsyned	305	1;

aubreyja at gmail dot com	ViewVC Help
Powered by ViewVC 1.0.9