--- loncom/auth/publiccheck.pm	2006/06/16 22:37:29	1.3
+++ loncom/auth/publiccheck.pm	2014/12/01 22:52:54	1.24
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Cookie Based Access Handler
 #
-# $Id: publiccheck.pm,v 1.3 2006/06/16 22:37:29 raeburn Exp $
+# $Id: publiccheck.pm,v 1.24 2014/12/01 22:52:54 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -34,53 +34,65 @@ use Apache::Constants qw(:common :http :
 use Apache::lonnet;
 use Apache::loncommon();
 use Apache::lonlocal;
-use CGI::Cookie();
 use Fcntl qw(:flock);
 use Apache::lonacc();
+use LONCAPA();
 
 sub handler {
     my $r = shift;
+
     my $requrl=$r->uri;
-    my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
-    my $lonid=$cookies{'lonID'};
-    if ($lonid) {
-	my $handle=$lonid->value;
-        $handle=~s/\W//g;
+
+    if (&Apache::lonnet::is_domainimage($requrl)) {
+        return OK;
+    }
+
+    if ($requrl =~ m{^/res/adm/pages/[^/]+\.(gif|png)$}) {
+        return OK;
+    }
+
+    my $handle = &Apache::lonnet::check_for_valid_session($r);
+    if ($handle ne '') {
         my $lonidsdir=$r->dir_config('lonIDsDir');
-        if ((-e "$lonidsdir/$handle.id") && ($handle ne '')) {
-	    &Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle);
-	    if ($env{'user.name'} ne 'public'
-		&& $env{'user.domain'} ne 'public') {
-		return OK;
-	    }
+	&Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle);
+	if ($env{'user.name'} ne 'public'
+	    && $env{'user.domain'} ne 'public') {
+	    return OK;
 	}
     }
     if ($requrl=~m|^/public/|
-	|| (&Apache::lonnet::metadata($requrl,'copyright') eq 'public')) {
+	|| $requrl=~m|^/adm/help/.*\.hlp$|
+	|| $requrl=~m|^/adm/[^/]+/[^/]+/aboutme/portfolio$|
+	|| (&Apache::lonnet::metadata($requrl,'copyright') eq 'public') 
+    || $requrl=~m|^/adm/blockingstatus/.*$|) {
         &process_public($r,$requrl);
         return OK;
-    } elsif ($requrl =~ m#/+uploaded/([^/]+)/([^/]+)/portfolio(/.+)$#) {
-        if (&process_portfolio($1,$2,$3)) {
-            &process_public($r,$requrl);
+    } elsif (&Apache::lonnet::is_portfolio_url($requrl)) {
+	my (undef,$udom,$unum,$file_name,$group) = 
+	    &Apache::lonnet::parse_portfolio_url($requrl);
+        my $access = &process_portfolio($r,$udom,$unum,$file_name,$group);
+        if ($access) {
+            &process_public($r,$requrl,$access);
             return OK;
         } 
-    } elsif ($requrl =~ m#/+uploaded/([^/]+)/([^/]+)/groups/([^/]+)/portfolio/(.+)$#) {
-        if (&process_portfolio($1,$2,$3.'/'.$4,$3)) {
-            &process_public($r,$requrl);
-            return OK;
-        }
+    } elsif ($requrl eq '/adm/restrictedaccess') {
+        &process_public($r,$requrl);
+	return OK;
+    } elsif ($requrl eq '/adm/blockedaccess') {
+       &process_public($r,$requrl);
+       return OK;
     }
     return DECLINED;
 }
 
 sub process_public {
-    my ($r,$requrl) = @_;
+    my ($r,$requrl,$access) = @_;
     &Apache::lonnet::logthis('Granting public access: '.$requrl);
     if ($env{'user.name'} ne 'public' && $env{'user.domain'} ne 'public') {
         my $cookie=&Apache::lonauth::success($r,'public','public','public');
         my $lonidsdir=$r->dir_config('lonIDsDir');
         &Apache::lonnet::transfer_profile_to_env($lonidsdir,$cookie);
-        $r->header_out('Set-cookie',"lonID=$cookie; path=/");
+	$r->err_header_out('Set-cookie',"lonID=$cookie; path=/");
     }
     &Apache::lonacc::get_posted_cgi($r);
     $env{'request.state'} = "published";
@@ -90,11 +102,12 @@ sub process_public {
 }
 
 sub process_portfolio {
-    my ($udom,$unum,$file_name,$group) = @_;
+    my ($r,$udom,$unum,$file_name,$group) = @_;
     my $current_perms = &Apache::lonnet::get_portfile_permissions($udom,$unum);
     my %access_controls = &Apache::lonnet::get_access_controls($current_perms,$group,$file_name);
-    my $public_access = 0;
+    my $access = '';
     my $now = time;
+    my $clientip = $r->get_remote_host();
     foreach my $key (keys(%{$access_controls{$file_name}})) {
         my ($num,$scope,$end,$start) = ($key =~ /^([^:]+):([a-z]+)_(\d*)_?(\d*)$/);
         if ($start > $now) {
@@ -104,11 +117,24 @@ sub process_portfolio {
             next;
         }
         if ($scope eq 'public') {
-            $public_access = 1;
+            $access = 'public';
             last;
         }
+        if ($scope eq 'ip') {
+            if (ref($access_controls{$file_name}{$key}) eq 'HASH') {
+                if (ref($access_controls{$file_name}{$key}{'ip'}) eq 'ARRAY') {
+                    if (&Apache::loncommon::check_ip_acc(join(',',@{$access_controls{$file_name}{$key}{'ip'}}),$clientip)) {
+                        $access = 'ip';
+                        last;
+                    }
+                }
+            }
+        }
+        if ($scope eq 'guest') {
+            $access = 'guest';
+        }
     }
-    return $public_access;
+    return $access;
 }
 
 1;