--- loncom/auth/publiccheck.pm	2010/03/17 19:41:11	1.19
+++ loncom/auth/publiccheck.pm	2023/12/28 15:57:28	1.28
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Cookie Based Access Handler
 #
-# $Id: publiccheck.pm,v 1.19 2010/03/17 19:41:11 raeburn Exp $
+# $Id: publiccheck.pm,v 1.28 2023/12/28 15:57:28 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -64,13 +64,13 @@ sub handler {
 	|| $requrl=~m|^/adm/help/.*\.hlp$|
 	|| $requrl=~m|^/adm/[^/]+/[^/]+/aboutme/portfolio$|
 	|| (&Apache::lonnet::metadata($requrl,'copyright') eq 'public') 
-    || $requrl=~m|^/adm/blockingstatus/.*$|) { 
+    || $requrl=~m|^/adm/blockingstatus/.*$|) {
         &process_public($r,$requrl);
         return OK;
     } elsif (&Apache::lonnet::is_portfolio_url($requrl)) {
 	my (undef,$udom,$unum,$file_name,$group) = 
 	    &Apache::lonnet::parse_portfolio_url($requrl);
-        my $access = &process_portfolio($udom,$unum,$file_name,$group);
+        my $access = &process_portfolio($r,$udom,$unum,$file_name,$group);
         if ($access) {
             &process_public($r,$requrl,$access);
             return OK;
@@ -92,7 +92,7 @@ sub process_public {
         my $cookie=&Apache::lonauth::success($r,'public','public','public');
         my $lonidsdir=$r->dir_config('lonIDsDir');
         &Apache::lonnet::transfer_profile_to_env($lonidsdir,$cookie);
-	$r->err_header_out('Set-cookie',"lonID=$cookie; path=/");
+	$r->err_header_out('Set-cookie',"lonPubID=$cookie; path=/; HttpOnly");
     }
     &Apache::lonacc::get_posted_cgi($r);
     $env{'request.state'} = "published";
@@ -102,13 +102,19 @@ sub process_public {
 }
 
 sub process_portfolio {
-    my ($udom,$unum,$file_name,$group) = @_;
+    my ($r,$udom,$unum,$file_name,$group) = @_;
     my $current_perms = &Apache::lonnet::get_portfile_permissions($udom,$unum);
     my %access_controls = &Apache::lonnet::get_access_controls($current_perms,$group,$file_name);
+    return unless (ref($access_controls{$file_name}) eq 'HASH');
     my $access = '';
     my $now = time;
+    my $clientip = &Apache::lonnet::get_requestor_ip($r);
+    my $portaccess = &Apache::lonnet::usertools_access($unum,$udom,'portaccess',undef,'tools');
     foreach my $key (keys(%{$access_controls{$file_name}})) {
         my ($num,$scope,$end,$start) = ($key =~ /^([^:]+):([a-z]+)_(\d*)_?(\d*)$/);
+        if (!$portaccess) {
+            next unless ($scope eq 'ip');
+        }
         if ($start > $now) {
             next;
         }
@@ -119,6 +125,16 @@ sub process_portfolio {
             $access = 'public';
             last;
         }
+        if ($scope eq 'ip') {
+            if (ref($access_controls{$file_name}{$key}) eq 'HASH') {
+                if (ref($access_controls{$file_name}{$key}{'ip'}) eq 'ARRAY') {
+                    if (&Apache::loncommon::check_ip_acc(join(',',@{$access_controls{$file_name}{$key}{'ip'}}),$clientip)) {
+                        $access = 'ip';
+                        last;
+                    }
+                }
+            }
+        }
         if ($scope eq 'guest') {
             $access = 'guest';
         }