home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Mastering Internet Develo…oft ActiveX Technologies
/
Mastering Internet Development with ActiveX (1996)(Microsoft).iso
/
labs
/
lab10.3
/
solution
/
emponly.cpp
next >
Wrap
C/C++ Source or Header
|
1996-07-16
|
5KB
|
162 lines
// EMPONLY.CPP - Implementation file for your Internet Server
// EmpOnly ISAPI Filter
#include <afx.h>
#include <afxwin.h>
#include <afxisapi.h>
#include "resource.h"
#include "EmpOnly.h"
///////////////////////////////////////////////////////////////////////
// The one and only CEmpOnlyFilter object
CEmpOnlyFilter theFilter;
///////////////////////////////////////////////////////////////////////
// CEmpOnlyFilter implementation
CEmpOnlyFilter::CEmpOnlyFilter()
{
//Read in employee "database" text file - Employ.dat.
//Employ.dat must be located in Scripts subdirectory.
//Since ctor is only called when EmpOnly.dll is loaded into memory,
//any changes to database demands that web service be restarted.
//Lab 10.3, ex 2 - Implementing EmpOnly
CString buf;
//This next path is specific to the web server installation!
CStdioFile infile("c:\\Winnt351\\System32\\InetSrv\\Scripts\\Employ.dat", CFile::modeRead);
while (infile.ReadString(buf))
{
strAuthUsers += buf + "; ";
buf.Empty();
}
}
CEmpOnlyFilter::~CEmpOnlyFilter()
{
}
BOOL CEmpOnlyFilter::GetFilterVersion(PHTTP_FILTER_VERSION pVer)
{
// Call default implementation for initialization
CHttpFilter::GetFilterVersion(pVer);
// Clear the flags set by base class
pVer->dwFlags &= ~SF_NOTIFY_ORDER_MASK;
// Set the flags we are interested in
pVer->dwFlags |= SF_NOTIFY_ORDER_MEDIUM | SF_NOTIFY_NONSECURE_PORT | SF_NOTIFY_URL_MAP;
// Load description string
TCHAR sz[SF_MAX_FILTER_DESC_LEN+1];
ISAPIVERIFY(::LoadString(AfxGetResourceHandle(),
IDS_FILTER, sz, SF_MAX_FILTER_DESC_LEN));
_tcscpy(pVer->lpszFilterDesc, sz);
return TRUE;
}
DWORD CEmpOnlyFilter::OnUrlMap(CHttpFilterContext* pCtxt,
PHTTP_FILTER_URL_MAP pMapInfo)
{
//Lab 10.3, ex 2 - Implementing EmpOnly
char pstrName[100], pstrIP[20], *pstrSearch;
DWORD dwSize;
BOOL bIsAuth = FALSE;
//Check to see if client is requesting Employees Only page.
//Use of _strlwr is possible because NT does not differentiate on case.
_strlwr(pMapInfo->pszPhysicalPath);
pstrSearch = strstr(pMapInfo->pszPhysicalPath, "emponly.htm");
if (pstrSearch == NULL) //not asking for Employees Only page
return SF_STATUS_REQ_NEXT_NOTIFICATION;
dwSize = sizeof(pstrName);
pCtxt->GetServerVariable("REMOTE_USER", pstrName, &dwSize);
if (dwSize > 5) //check that is valid user (not anonymous)
bIsAuth = IsAuthUserName(pstrName);
if (bIsAuth == FALSE) //if not authorized name, then check IP
{
dwSize = sizeof(pstrIP);
pCtxt->GetServerVariable("REMOTE_ADDR", pstrIP, &dwSize);
if(dwSize > 6) //should always have client's IP, but...
bIsAuth = IsAuthUserIP(pstrIP);
}
if (bIsAuth == TRUE) //if user is an authorized employee
{
return SF_STATUS_REQ_NEXT_NOTIFICATION;
}
else //if not, then redirect to consolation page
{
strcpy(pstrSearch, "Consoltn.htm");
//preclude any other filter processing on this event
return SF_STATUS_REQ_HANDLED_NOTIFICATION;
}
}
///////////////////////////////////////////////////////////////////////
// Implementation member functions section
//Helper functions IsAuthUserName and IsAuthUserIP are simple search
//routines. Note two things:
// - dynamic memory is being accessed through the CString strAuthUsers,
// no locking is necessary is necessary since it is read-only
// (CString::Find is a constant member function).
// - Routines do not guard against positive hits on substrings, such
// as finding "ikeFen" inside "MikeFen".
//Lab 10.3, ex 2 - Implementing EmpOnly
BOOL CEmpOnlyFilter::IsAuthUserName(LPCSTR lpszUserName)
{
int hit = strAuthUsers.Find(lpszUserName);
if (hit == -1)
return FALSE;
else
return TRUE;
}
BOOL CEmpOnlyFilter::IsAuthUserIP(LPCSTR lpszIPAddress)
{
int hit = strAuthUsers.Find(lpszIPAddress);
if (hit == -1)
return FALSE;
else
return TRUE;
}
///////////////////////////////////////////////////////////////////////
// If your extension will not use MFC, you'll need this code to make
// sure the extension objects can find the resource handle for the
// module. If you convert your extension to not be dependent on MFC,
// remove the comments arounn the following AfxGetResourceHandle()
// and DllMain() functions, as well as the g_hInstance global.
/****
static HINSTANCE g_hInstance;
HINSTANCE AFXISAPI AfxGetResourceHandle()
{
return g_hInstance;
}
BOOL WINAPI DllMain(HINSTANCE hInst, ULONG ulReason,
LPVOID lpReserved)
{
if (ulReason == DLL_PROCESS_ATTACH)
{
g_hInstance = hInst;
}
return TRUE;
}
****/