--- loncom/interface/loncommon.pm	2017/04/02 03:09:27	1.1075.2.127
+++ loncom/interface/loncommon.pm	2017/06/21 16:26:43	1.1075.2.127.2.1
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # a pile of common routines
 #
-# $Id: loncommon.pm,v 1.1075.2.127 2017/04/02 03:09:27 raeburn Exp $
+# $Id: loncommon.pm,v 1.1075.2.127.2.1 2017/06/21 16:26:43 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -4991,6 +4991,87 @@ sub check_ip_acc {
     }
     return $allowed;
 }
+
+sub check_slotip_acc {
+    my ($acc,$clientip)=@_;
+    &Apache::lonxml::debug("acc is $acc");
+    if (!defined($acc) || $acc =~ /^\s*$/ || $acc =~/^\s*no\s*$/i) {
+        return 1;
+    }
+    my $allowed;
+    my $ip=$ENV{'REMOTE_ADDR'} || $clientip || $env{'request.host'};
+
+    my $name;
+    my %access = (
+                     allowfrom => 1,
+                     denyfrom  => 0,
+                 );
+    my @allows;
+    my @denies;
+    foreach my $item (split(',',$acc)) {
+        $item =~ s/^\s*//;
+        $item =~ s/\s*$//;
+        my $pattern;
+        if ($item =~ /^\!(.+)$/) {
+            push(@denies,$1);
+        } else {
+            push(@allows,$item);
+        }
+   }
+   my $numdenies = scalar(@denies);
+   my $numallows = scalar(@allows);
+   my $count = 0;
+   foreach my $pattern (@denies,@allows) {
+        $count ++;
+        my $acctype = 'allowfrom';
+        if ($count <= $numdenies) {
+            $acctype = 'denyfrom';
+        }
+        if ($pattern =~ /\*$/) {
+            #35.8.*
+            $pattern=~s/\*//;
+            if ($ip =~ /^\Q$pattern\E/) { $allowed=$access{$acctype}; }
+        } elsif ($pattern =~ /(\d+\.\d+\.\d+)\.\[(\d+)-(\d+)\]$/) {
+            #35.8.3.[34-56]
+            my $low=$2;
+            my $high=$3;
+            $pattern=$1;
+            if ($ip =~ /^\Q$pattern\E/) {
+                my $last=(split(/\./,$ip))[3];
+                if ($last <=$high && $last >=$low) { $allowed=$access{$acctype}; }
+            }
+        } elsif ($pattern =~ /^\*/) {
+            #*.msu.edu
+            $pattern=~s/\*//;
+            if (!defined($name)) {
+                use Socket;
+                my $netaddr=inet_aton($ip);
+                ($name)=gethostbyaddr($netaddr,AF_INET);
+            }
+            if ($name =~ /\Q$pattern\E$/i) { $allowed=$access{$acctype}; }
+        } elsif ($pattern =~ /\d+\.\d+\.\d+\.\d+/) {
+            #127.0.0.1
+            if ($ip =~ /^\Q$pattern\E/) { $allowed=$access{$acctype}; }
+        } else {
+            #some.name.com
+            if (!defined($name)) {
+                use Socket;
+                my $netaddr=inet_aton($ip);
+                ($name)=gethostbyaddr($netaddr,AF_INET);
+            }
+            if ($name =~ /\Q$pattern\E$/i) { $allowed=$access{$acctype}; }
+        }
+        if ($allowed =~ /^(0|1)$/) { last; }
+    }
+    if ($allowed eq '') {
+        if ($numdenies && !$numallows) {
+            $allowed = 1;
+        } else {
+            $allowed = 0;
+        }
+    }
+    return $allowed;
+}
 
 ###############################################