--- loncom/auth/lonacc.pm	2005/04/07 06:56:20	1.64
+++ loncom/auth/lonacc.pm	2005/07/07 05:53:35	1.67
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Cookie Based Access Handler
 #
-# $Id: lonacc.pm,v 1.64 2005/04/07 06:56:20 albertel Exp $
+# $Id: lonacc.pm,v 1.67 2005/07/07 05:53:35 albertel Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -25,16 +25,6 @@
 #
 # http://www.lon-capa.org/
 #
-# YEAR=1999
-# 5/21/99,5/22,5/29,5/31,6/15,16/11,22/11,
-# YEAR=2000
-# 01/06,01/13,05/31,06/01,09/06,09/25,09/28,10/30,11/6,
-# 12/25,12/26,
-# YEAR=2001
-# 01/06/01,05/28,8/11,9/26,11/29 Gerd Kortemeyer
-# YEAR=2002
-# 1/4,2/25 Gerd Kortemeyer
-#
 ###
 
 package Apache::lonacc;
@@ -102,6 +92,14 @@ sub handler {
 		    return HTTP_NOT_ACCEPTABLE;
 		}
 	    }
+	    if ($env{'user.name'} eq 'public' && 
+		$env{'user.domain'} eq 'public' &&
+		$requrl !~ m{^/+(res|public)/} &&
+		$requrl !~ m{^/+adm/(roles|logout|randomlabel\.png)}) {
+		$env{'request.querystring'}=$r->args;
+		$env{'request.firsturl'}=$requrl;
+		return FORBIDDEN;
+	    }
 # ------------------------------------------------------------- This is allowed
           if ($env{'request.course.id'}) {
 	    &Apache::lonnet::countacc($requrl);
@@ -146,7 +144,8 @@ sub handler {
   	                return HTTP_NOT_ACCEPTABLE; 
 		    }
 		    if ($symb) {
-			my ($map,$mid,$murl)=split(/\_\_\_/,$symb);
+			my ($map,$mid,$murl)=
+			    &Apache::lonnet::decode_symb($symb);
 			&Apache::lonnet::symblist($map,$murl =>[$murl,$mid],
 						'last_known' =>[$murl,$mid]);
 		    }
@@ -168,21 +167,16 @@ sub handler {
     if ($requrl=~m|^/public/|
 	|| (&Apache::lonnet::metadata($requrl,'copyright') eq 'public')) {
         &Apache::lonnet::logthis('Granting public access: '.$requrl);
+	my $cookie=
+	    &Apache::lonauth::success($r,'public','public','public');
+        my $lonidsdir=$r->dir_config('lonIDsDir');
+	&Apache::lonnet::transfer_profile_to_env($lonidsdir,$cookie);
 	&Apache::loncommon::get_posted_cgi($r);
-	$env{'user.name'}='public';
-        $env{'user.domain'}='public';
         $env{'request.state'} = "published";
         $env{'request.publicaccess'} = 1;
         $env{'request.filename'} = $r->filename;
-	my ($httpbrowser,  $clientbrowser, $clientversion,
-	    $clientmathml, $clientunicode, $clientos) =
-		&Apache::loncommon::decode_user_agent($r);
-	$env{'browser.type'}=$clientbrowser;
-        $env{'browser.version'}=$clientversion;
-        $env{'browser.mathml'}=$clientmathml;
-        $env{'browser.unicode'}=$clientunicode;
-        $env{'browser.os'}=$clientos;
 
+	$r->header_out('Set-cookie',"lonID=$cookie; path=/");
         return OK;
     }
 # -------------------------------------------------------------- Not authorized