--- loncom/auth/lonacc.pm	2003/11/21 21:27:25	1.50
+++ loncom/auth/lonacc.pm	2005/07/07 21:38:35	1.68
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Cookie Based Access Handler
 #
-# $Id: lonacc.pm,v 1.50 2003/11/21 21:27:25 albertel Exp $
+# $Id: lonacc.pm,v 1.68 2005/07/07 21:38:35 albertel Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -25,16 +25,6 @@
 #
 # http://www.lon-capa.org/
 #
-# YEAR=1999
-# 5/21/99,5/22,5/29,5/31,6/15,16/11,22/11,
-# YEAR=2000
-# 01/06,01/13,05/31,06/01,09/06,09/25,09/28,10/30,11/6,
-# 12/25,12/26,
-# YEAR=2001
-# 01/06/01,05/28,8/11,9/26,11/29 Gerd Kortemeyer
-# YEAR=2002
-# 1/4,2/25 Gerd Kortemeyer
-#
 ###
 
 package Apache::lonacc;
@@ -70,13 +60,13 @@ sub handler {
 
 # -------------------------------------------------------------- Resource State
 
-            if ($requrl=~/^\/res\//) {
-               $ENV{'request.state'} = "published";
+            if ($requrl=~/^\/+(res|uploaded)\//) {
+               $env{'request.state'} = "published";
 	    } else {
-	       $ENV{'request.state'} = 'unknown';
+	       $env{'request.state'} = 'unknown';
             }
-            $ENV{'request.filename'} = $r->filename;
-            $ENV{'request.noversionuri'} = &Apache::lonnet::deversion($requrl);
+            $env{'request.filename'} = $r->filename;
+            $env{'request.noversionuri'} = &Apache::lonnet::deversion($requrl);
 # -------------------------------------------------------- Load POST parameters
 
 	    &Apache::loncommon::get_posted_cgi($r);
@@ -86,29 +76,38 @@ sub handler {
             if ($requrl!~/^\/adm|public|prtspool\//) {
 		my $access=&Apache::lonnet::allowed('bre',$requrl);
                 if ($access eq '1') {
-		   $ENV{'user.error.msg'}="$requrl:bre:0:0:Choose Course";
+		   $env{'user.error.msg'}="$requrl:bre:0:0:Choose Course";
 	           return HTTP_NOT_ACCEPTABLE; 
                 }
                 if (($access ne '2') && ($access ne 'F')) {
-		   $ENV{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
+		   $env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
 	           return HTTP_NOT_ACCEPTABLE; 
                 }
             }
 	    if ($requrl =~ m|^/prtspool/|) {
-		my $start='/prtspool/'.$ENV{'user.name'}.'_'.
-		    $ENV{'user.domain'};
+		my $start='/prtspool/'.$env{'user.name'}.'_'.
+		    $env{'user.domain'};
 		if ($requrl !~ /^\Q$start\E/) {
-		    $ENV{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
+		    $env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
 		    return HTTP_NOT_ACCEPTABLE;
 		}
 	    }
+	    if ($env{'user.name'} eq 'public' && 
+		$env{'user.domain'} eq 'public' &&
+		$requrl !~ m{^/+(res|public)/} &&
+		$requrl !~ m{^/+adm/(help|roles|logout|randomlabel\.png)}) {
+		$env{'request.querystring'}=$r->args;
+		$env{'request.firsturl'}=$requrl;
+		return FORBIDDEN;
+	    }
 # ------------------------------------------------------------- This is allowed
-          if ($ENV{'request.course.id'}) {
+          if ($env{'request.course.id'}) {
 	    &Apache::lonnet::countacc($requrl);
             $requrl=~/\.(\w+)$/;
             if ((&Apache::loncommon::fileembstyle($1) eq 'ssi') ||
  ($requrl=~/^\/adm\/.*\/(aboutme|navmaps|smppg|bulletinboard)(\?|$)/) ||
  ($requrl=~/^\/adm\/wrapper\//) ||
+ ($requrl=~m|\.problem/smpedit$|) ||
  ($requrl=~/^\/public\/.*\/syllabus$/)) {
 # ------------------------------------- This is serious stuff, get symb and log
 		my $query=$r->args;
@@ -116,26 +115,42 @@ sub handler {
                 if ($query) {
 		    &Apache::loncommon::get_unprocessed_cgi($query,['symb']);
                 }
-                if ($ENV{'form.symb'}) {
-		    $symb=&Apache::lonnet::symbclean($ENV{'form.symb'});
-                    if (&Apache::lonnet::symbverify($symb,$requrl)) {
+                if ($env{'form.symb'}) {
+		    $symb=&Apache::lonnet::symbclean($env{'form.symb'});
+                    if ($requrl =~ m|^/adm/wrapper/|) {
+                        my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);
+                        &Apache::lonnet::symblist($map,$murl => [$murl,$mid],
+						  'last_known' =>[$murl,$mid]);
+                    } elsif ((&Apache::lonnet::symbverify($symb,$requrl)) ||
+			     (($requrl=~m|(.*)/smpedit$|) &&
+			      &Apache::lonnet::symbverify($symb,$1))) {
                       my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);
-                      &Apache::lonnet::symblist($map,$murl => $mid,
-                                               'last_known' => $murl);
+                      &Apache::lonnet::symblist($map,$murl => [$murl,$mid],
+						'last_known' =>[$murl,$mid]);
 		    } else {
 			$r->log_reason('Invalid symb for '.$requrl.': '.
                                        $symb);
-		        $ENV{'user.error.msg'}=
+		        $env{'user.error.msg'}=
                                 "$requrl:bre:1:1:Invalid Access";
   	                return HTTP_NOT_ACCEPTABLE; 
                     }
                 } else {
 	            $symb=&Apache::lonnet::symbread($requrl);
-                    my ($map,$mid,$murl)=split(/\_\_\_/,$symb);
-		    &Apache::lonnet::symblist($map,$murl => $mid,
-                                              'last_known' => $murl);
+		    if (&Apache::lonnet::is_on_map($requrl) && $symb &&
+			!&Apache::lonnet::symbverify($symb,$requrl)) {
+			$r->log_reason('Invalid symb for '.$requrl.': '.$symb);
+		        $env{'user.error.msg'}=
+                                "$requrl:bre:1:1:Invalid Access";
+  	                return HTTP_NOT_ACCEPTABLE; 
+		    }
+		    if ($symb) {
+			my ($map,$mid,$murl)=
+			    &Apache::lonnet::decode_symb($symb);
+			&Apache::lonnet::symblist($map,$murl =>[$murl,$mid],
+						'last_known' =>[$murl,$mid]);
+		    }
                 }
-                $ENV{'request.symb'}=$symb;
+                $env{'request.symb'}=$symb;
                 &Apache::lonnet::courseacclog($symb);
             } else {
 # ------------------------------------------------------- This is other content
@@ -152,29 +167,34 @@ sub handler {
     if ($requrl=~m|^/public/|
 	|| (&Apache::lonnet::metadata($requrl,'copyright') eq 'public')) {
         &Apache::lonnet::logthis('Granting public access: '.$requrl);
-	my $buffer;
-	$r->read($buffer,$r->header_in('Content-length'),0);
-	&Apache::loncommon::get_unprocessed_cgi($buffer);
-	$ENV{'user.name'}='public';
-        $ENV{'user.domain'}='public';
-        $ENV{'request.state'} = "published";
-        $ENV{'request.publicaccess'} = 1;
-        $ENV{'request.filename'} = $r->filename;
+	my $cookie=
+	    &Apache::lonauth::success($r,'public','public','public');
+        my $lonidsdir=$r->dir_config('lonIDsDir');
+	&Apache::lonnet::transfer_profile_to_env($lonidsdir,$cookie);
+	&Apache::loncommon::get_posted_cgi($r);
+        $env{'request.state'} = "published";
+        $env{'request.publicaccess'} = 1;
+        $env{'request.filename'} = $r->filename;
+
+	$r->header_out('Set-cookie',"lonID=$cookie; path=/");
         return OK;
     }
+    if ($requrl=~m|^/+adm/+help/+|) {
+	return OK;
+    }
 # -------------------------------------------------------------- Not authorized
     $requrl=~/\.(\w+)$/;
-    if ((&Apache::loncommon::fileembstyle($1) eq 'ssi') ||
-        ($requrl=~/^\/adm\/(roles|logout|email|menu|remote)/) ||
-        ($requrl=~m|^/prtspool/|)) {
+#    if ((&Apache::loncommon::fileembstyle($1) eq 'ssi') ||
+#        ($requrl=~/^\/adm\/(roles|logout|email|menu|remote)/) ||
+#        ($requrl=~m|^/prtspool/|)) {
 # -------------------------- Store where they wanted to go and get login screen
-	$ENV{'request.querystring'}=$r->args;
-	$ENV{'request.firsturl'}=$requrl;
+	$env{'request.querystring'}=$r->args;
+	$env{'request.firsturl'}=$requrl;
        return FORBIDDEN;
-   } else {
+#   } else {
 # --------------------------------------------------------------------- Goodbye
-       return HTTP_BAD_REQUEST;
-   }
+#       return HTTP_BAD_REQUEST;
+#   }
 }
 
 1;