--- loncom/auth/lonracc.pm	2002/01/17 19:25:31	1.4
+++ loncom/auth/lonracc.pm	2002/10/29 18:34:33	1.7
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Access Handler for File Transfers
 #
-# $Id: lonracc.pm,v 1.4 2002/01/17 19:25:31 harris41 Exp $
+# $Id: lonracc.pm,v 1.7 2002/10/29 18:34:33 matthew Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -34,13 +34,30 @@ package Apache::lonracc;
 
 use strict;
 use Apache::Constants qw(:common :remotehost);
+use Apache::lonnet();
 use Apache::File();
 
+sub subscribed {
+    my ($filename,$id) = @_;
+    my $found=0;
+    my $expr='^'.$id.':'.$Apache::lonnet::hostip{$id}.':';
+    $expr =~ s/\./\\\./g;
+    my $sh;
+    if ($sh=Apache::File->new("$filename.subscription")) {
+	while (my $subline=<$sh>) { if ($subline =~ /$expr/) { $found=1; } }
+	$sh->close();
+    }
+    return $found;
+}
+
 sub handler {
     my $r = shift;
-    my $reqhost;
-    unless ($reqhost=$r->get_remote_host(REMOTE_DOUBLE_REV)) {
-       $r->log_reason("Spoof request");
+    my $reqhost = $r->get_remote_host(REMOTE_DOUBLE_REV);
+    if (!$reqhost && $r->get_remote_host(REMOTE_NOLOOKUP) eq $r->get_server_name()) { 
+        $reqhost = $r->get_server_name();
+    } 
+    unless ($reqhost) {
+       $r->log_reason("Spoof request from ".$ENV{'REMOTE_ADDR'});
        return FORBIDDEN;
     }
     my $readline;
@@ -55,7 +72,9 @@ sub handler {
           my ($id,$domain,$role,$name,$ip)=split(/:/,$readline);
           if ($name =~ /$reqhost/i) {
               my $filename=$r->filename;
-              if ((-e "$filename.$id") || ($filename=~/\.meta$/)) {
+              if ((-e "$filename.$id") ||
+		  &subscribed($filename,$id) ||
+		  ($filename=~/\.meta$/)) {
 	         return OK;
               } else {
                  $r->log_reason("$id not subscribed", $r->filename);