--- loncom/auth/lonacc.pm	2014/10/04 02:59:32	1.158
+++ loncom/auth/lonacc.pm	2019/02/06 15:14:10	1.159.2.5.2.3
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Cookie Based Access Handler
 #
-# $Id: lonacc.pm,v 1.158 2014/10/04 02:59:32 raeburn Exp $
+# $Id: lonacc.pm,v 1.159.2.5.2.3 2019/02/06 15:14:10 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -109,7 +109,6 @@ sub cleanup {
     my ($r)=@_;
     if (! $r->is_initial_req()) { return DECLINED; }
     &Apache::lonnet::save_cache();
-    &Apache::lontexconvert::jsMath_reset();
     return OK;
 }
 
@@ -160,7 +159,7 @@ sub get_posted_cgi {
                         if (length($value) == 1) {
                             $value=~s/[\r\n]$//;
                         }
-                    } elsif ($fname =~ /\.(xls|doc|ppt)x$/i) {
+                    } elsif ($fname =~ /\.(xls|doc|ppt)(x|m)$/i) {
                         $value=~s/[\r\n]$//;
                     }
                     if (ref($fields) eq 'ARRAY') {
@@ -282,7 +281,6 @@ sub upload_size_allowed {
 sub sso_login {
     my ($r,$handle,$username) = @_;
 
-    my $lonidsdir=$r->dir_config('lonIDsDir');
     if (($r->user eq '') || ($username ne '') || ($r->user eq 'public:public') ||
         (defined($env{'user.name'}) && (defined($env{'user.domain'}))
 	  && ($handle ne ''))) {
@@ -290,7 +288,10 @@ sub sso_login {
 	return undef;
     }
 
-    my ($user) = ($r->user =~ m/([a-zA-Z0-9_\-@.]*)/);
+    my ($user) = ($r->user =~ m/^($match_username)$/);
+    if ($user eq '') {
+        return undef;
+    }
 
     my $query = $r->args;
     my %form;
@@ -329,13 +330,35 @@ sub sso_login {
         }
         unless ($hosthere) {
             ($is_balancer,$otherserver) =
-                &Apache::lonnet::check_loadbalancing($user,$domain);
+                &Apache::lonnet::check_loadbalancing($user,$domain,'login');
+            if ($is_balancer) {
+                if ($otherserver eq '') {
+                    my $lowest_load;
+                    ($otherserver,undef,undef,undef,$lowest_load) = &Apache::lonnet::choose_server($domain);
+                    if ($lowest_load > 100) {
+                        $otherserver = &Apache::lonnet::spareserver($lowest_load,$lowest_load,1,$domain);
+                    }
+                }
+                if ($otherserver ne '') {
+                    my @hosts = &Apache::lonnet::current_machine_ids();
+                    if (grep(/^\Q$otherserver\E$/,@hosts)) {
+                        $hosthere = $otherserver;
+                    }
+                }
+            }
         }
-
-	if ($is_balancer) {
+	if (($is_balancer) && (!$hosthere)) {
 	    # login but immediately go to switch server to find us a new 
 	    # machine
 	    &Apache::lonauth::success($r,$user,$domain,$home,'noredirect');
+            foreach my $item (keys(%form)) {
+                $env{'form.'.$item} = $form{$item};
+            }
+            unless ($form{'symb'}) {
+                unless (($r->uri eq '/adm/roles') || ($r->uri eq '/adm/sso')) {
+                    $env{'form.origurl'} = $r->uri;
+                }
+            }
             $env{'request.sso.login'} = 1;
             if (defined($r->dir_config("lonSSOReloginServer"))) {
                 $env{'request.sso.reloginserver'} =
@@ -350,14 +373,7 @@ sub sso_login {
 	} else {
 	    # need to login them in, so generate the need data that
 	    # migrate expects to do login
-	    my $ip;
-	    my $c = $r->connection;
-	    eval {
-	        $ip = $c->remote_ip();
-	    };
-	    if ($@) {
-	        $ip = $c->client_ip();
-	    }
+            my $ip = $r->get_remote_host();
 	    my %info=('ip'        => $ip,
 		      'domain'    => $domain,
 		      'username'  => $user,
@@ -381,6 +397,9 @@ sub sso_login {
                 $info{'sso.reloginserver'} = 
                     $r->dir_config('lonSSOReloginServer'); 
             }
+            if (($is_balancer) && ($hosthere)) {
+                $info{'noloadbalance'} = $hosthere;
+            }
 	    my $token = 
 		&Apache::lonnet::tmpput(\%info,
 					$r->dir_config('lonHostID'));
@@ -445,7 +464,10 @@ sub handler {
     my ($is_balancer,$otherserver);
 
     if ($handle eq '') {
-        unless (($requrl eq '/adm/switchserver') && (!$r->is_initial_req())) {
+        unless ((($requrl eq '/adm/switchserver') && (!$r->is_initial_req())) ||
+                ($requrl =~ m{^/public/$match_domain/$match_courseid/syllabus}) ||
+                ($requrl =~ m{^/adm/help/}) ||
+                ($requrl =~ m{^/res/$match_domain/$match_username/})) {
 	    $r->log_reason("Cookie not valid", $r->filename);
         }
     } elsif ($handle ne '') {
@@ -502,7 +524,8 @@ sub handler {
             }
         } elsif ($env{'request.course.id'} &&
                  (($requrl =~ m{^/adm/$match_domain/$match_username/aboutme$}) ||
-                  ($requrl =~ m{^/public/$cdom/$cnum/syllabus$}))) {
+                  ($requrl =~ m{^/public/$cdom/$cnum/syllabus$}) ||
+                  ($requrl =~ m{^/adm/$cdom/$cnum/\d+/ext\.tool$}))) {
             my $query = $r->args;
             if ($query) {
                 foreach my $pair (split(/&/,$query)) {
@@ -523,6 +546,7 @@ sub handler {
             my $lonhost = &Apache::lonnet::host_from_dns($hostname);
             if ($lonhost) {
                 my $actual = &Apache::lonnet::absolute_url($hostname);
+                my $exphostname = &Apache::lonnet::hostname($lonhost);
                 my $expected = $Apache::lonnet::protocol{$lonhost}.'://'.$hostname;
                 unless ($actual eq $expected) {
                     $env{'request.use_absolute'} = $expected;
@@ -560,12 +584,22 @@ sub handler {
                 $env{'form.origurl'} = $r->uri;
             }
         }
+        if ($requrl=~m{^/+tiny/+$match_domain/+\w+$}) {
+            return OK;
+        }
 
 # ---------------------------------------------------------------- Check access
 	my $now = time;
 	if ($requrl !~ m{^/(?:adm|public|prtspool)/}
 	    || $requrl =~ /^\/adm\/.*\/(smppg|bulletinboard)(\?|$ )/x) {
 	    my $access=&Apache::lonnet::allowed('bre',$requrl);
+            if ($handle eq '') {
+                unless ($access eq 'F') {
+                    if ($requrl =~ m{^/res/$match_domain/$match_username/}) {
+                        $r->log_reason("Cookie not valid", $r->filename);
+                    }
+                }
+            }
 	    if ($access eq '1') {
 		$env{'user.error.msg'}="$requrl:bre:0:0:Choose Course";
 		return HTTP_NOT_ACCEPTABLE; 
@@ -593,6 +627,12 @@ sub handler {
                             return HTTP_NOT_ACCEPTABLE;
                         }
                     }
+                } elsif (($handle =~ /^publicuser_\d+$/) && (&Apache::lonnet::is_portfolio_url($requrl))) {
+                    my $clientip = $r->get_remote_host();
+                    if (&Apache::lonnet::allowed('bre',$requrl,undef,undef,$clientip) ne 'F') {
+                        $env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
+                        return HTTP_NOT_ACCEPTABLE;
+                    }
                 } else {
 		    $env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
 		    return HTTP_NOT_ACCEPTABLE;
@@ -637,7 +677,8 @@ sub handler {
 		($requrl=~m|\.problem/smpedit$|) ||
 		($requrl=~/^\/public\/.*\/syllabus$/) ||
                 ($requrl=~/^\/adm\/(viewclasslist|navmaps)$/) ||
-                ($requrl=~/^\/adm\/.*\/aboutme\/portfolio(\?|$)/)) {
+                ($requrl=~/^\/adm\/.*\/aboutme\/portfolio(\?|$)/) ||
+                ($requrl=~m{^/adm/$cdom/$cnum/\d+/ext\.tool$})) {
 # ------------------------------------- This is serious stuff, get symb and log
 		my $symb;
 		if ($query) {
@@ -731,7 +772,8 @@ sub handler {
     }
 # ------------------------------------ See if this is a viewable portfolio file
     if (&Apache::lonnet::is_portfolio_url($requrl)) {
-	my $access=&Apache::lonnet::allowed('bre',$requrl);
+        my $clientip = $r->get_remote_host();
+	my $access=&Apache::lonnet::allowed('bre',$requrl,undef,undef,$clientip);
 	if ($access eq 'A') {
 	    &Apache::restrictedaccess::setup_handler($r);
 	    return OK;