loncom/lonnet/perl/lonnet.pm - diff

Return to lonnet.pm CVS log

Up to [LON-CAPA] / loncom / lonnet / perl

Diff for /loncom/lonnet/perl/lonnet.pm between versions 1.624 and 1.832

-version 1.624, 2005/04/15 22:03:23
+version 1.832, 2007/02/16 01:04:19
  Line 37  use HTTP::Date;
  use vars
  qw(%perlvar %hostname %badServerCache %iphost %spareid %hostdom
     %libserv %pr %prp $memcache %packagetab
-    %courselogs %accesshash %userrolehash $processmarker $dumpcount
+    %courselogs %accesshash %userrolehash %domainrolehash $processmarker $dumpcount
-    %coursedombuf %coursenumbuf %coursehombuf %coursedescrbuf %courseinstcodebuf %courseownerbuf
+    %coursedombuf %coursenumbuf %coursehombuf %coursedescrbuf %courseinstcodebuf %courseownerbuf %coursetypebuf
     %domaindescription %domain_auth_def %domain_auth_arg_def
-    %domain_lang_def %domain_city %domain_longi %domain_lati $tmpdir $_64bit
+    %domain_lang_def %domain_city %domain_longi %domain_lati %domain_primary
-    %env);
+    $tmpdir $_64bit %env);
  use IO::Socket;
  use GDBM_File;
- use Apache::Constants qw(:common :http);
  use HTML::LCParser;
+ use HTML::Parser;
  use Fcntl qw(:flock);
- use Apache::lonlocal;
  use Storable qw(lock_store lock_nstore lock_retrieve freeze thaw nfreeze);
  use Time::HiRes qw( gettimeofday tv_interval );
  use Cache::Memcached;
+ use Digest::MD5;
+ use Math::Random;
+ use LONCAPA qw(:DEFAULT :match);
+ use LONCAPA::Configuration;
  my $readit;
  my $max_connection_retries = 10;     # Or some such value.
- Line 84  delayed.
+ Line 88  delayed.
  # --------------------------------------------------------------------- Logging
+ {
+     my $logid;
+     sub instructor_log {
+ 	my ($hash_name,$storehash,$delflag,$uname,$udom)=@_;
+ 	$logid++;
+ 	my $id=time().'00000'.$$.'00000'.$logid;
+ 	return &Apache::lonnet::put('nohist_'.$hash_name,
+ 				    { $id => {
+ 					'exe_uname' => $env{'user.name'},
+ 					'exe_udom'  => $env{'user.domain'},
+ 					'exe_time'  => time(),
+ 					'exe_ip'    => $ENV{'REMOTE_ADDR'},
+ 					'delflag'   => $delflag,
+ 					'logentry'  => $storehash,
+ 					'uname'     => $uname,
+ 					'udom'      => $udom,
+ 				    }
+ 				  },
+ 				    $env{'course.'.$env{'request.course.id'}.'.domain'},
+ 				    $env{'course.'.$env{'request.course.id'}.'.num'}
+ 				    );
+     }
+ }
  sub logtouch {
      my $execdir=$perlvar{'lonDaemons'};
- Line 122  sub logperm {
+ Line 149  sub logperm {
  # -------------------------------------------------- Non-critical communication
  sub subreply {
      my ($cmd,$server)=@_;
-     my $peerfile="$perlvar{'lonSockDir'}/$server";
+     my $peerfile="$perlvar{'lonSockDir'}/".$hostname{$server};
      #
      #  With loncnew process trimming, there's a timing hole between lonc server
      #  process exit and the master server picking up the listen on the AF_UNIX
- Line 150  sub subreply {
+ Line 177  sub subreply {
      }
      my $answer;
      if ($client) {
- 	print $client "$cmd\n";
+ 	print $client "sethost:$server:$cmd\n";
  	$answer=<$client>;
  	if (!$answer) { $answer="con_lost"; }
  	chomp($answer);
- Line 165  sub reply {
+ Line 192  sub reply {
      unless (defined($hostname{$server})) { return 'no_such_host'; }
      my $answer=subreply($cmd,$server);
      if (($answer=~/^refused/) || ($answer=~/^rejected/)) {
-        &logthis("<font color=blue>WARNING:".
+        &logthis("<font color=\"blue\">WARNING:".
                  " $cmd to $server returned $answer</font>");
      }
      return $answer;
- Line 189  sub reconlonc {
+ Line 216  sub reconlonc {
              sleep 5;
              if (-e "$peerfile") { return; }
              &logthis(
-   "<font color=blue>WARNING: $peerfile still not there, giving up</font>");
+   "<font color=\"blue\">WARNING: $peerfile still not there, giving up</font>");
          } else {
  	    &logthis(
-                "<font color=blue>WARNING:".
+                "<font color=\"blue\">WARNING:".
                 " lonc at pid $loncpid not responding, giving up</font>");
          }
      } else {
-      &logthis('<font color=blue>WARNING: lonc not running, giving up</font>');
+      &logthis('<font color="blue">WARNING: lonc not running, giving up</font>');
      }
  }
- Line 205  sub reconlonc {
+ Line 232  sub reconlonc {
  sub critical {
      my ($cmd,$server)=@_;
      unless ($hostname{$server}) {
-         &logthis("<font color=blue>WARNING:".
+         &logthis("<font color=\"blue\">WARNING:".
                 " Critical message to unknown server ($server)</font>");
          return 'no_such_host';
      }
- Line 239  sub critical {
+ Line 266  sub critical {
              }
              chomp($wcmd);
              if ($wcmd eq $cmd) {
- 		&logthis("<font color=blue>WARNING: ".
+ 		&logthis("<font color=\"blue\">WARNING: ".
                           "Connection buffer $dfilename: $cmd</font>");
                  &logperm("D:$server:$cmd");
  	        return 'con_delayed';
              } else {
-                 &logthis("<font color=red>CRITICAL:"
+                 &logthis("<font color=\"red\">CRITICAL:"
                          ." Critical connection failed: $server $cmd</font>");
                  &logperm("F:$server:$cmd");
                  return 'con_failed';
- Line 254  sub critical {
+ Line 281  sub critical {
      return $answer;
  }
- # ------------------------------------------- Transfer profile into environment
+ # ------------------------------------------- check if return value is an error
- sub transfer_profile_to_env {
+ sub error {
+     my ($result) = @_;
+     if ($result =~ /^(con_lost|no_such_host|error: (\d+) (.*))/) {
+ 	if ($2 == 2) { return undef; }
+ 	return $1;
+     }
+     return undef;
+ }
+ sub convert_and_load_session_env {
      my ($lonidsdir,$handle)=@_;
      my @profile;
      {
- Line 265  sub transfer_profile_to_env {
+ Line 301  sub transfer_profile_to_env {
  	@profile=<$idf>;
  	close($idf);
      }
-     my $envi;
+     my %temp_env;
-     my %Remove;
+     foreach my $line (@profile) {
-     for ($envi=0;$envi<=$#profile;$envi++) {
+ 	if ($line !~ m/=/) {
- 	chomp($profile[$envi]);
+ 	    return 0;
- 	my ($envname,$envvalue)=split(/=/,$profile[$envi]);
+ 	}
- 	$env{$envname} = $envvalue;
+ 	chomp($line);
+ 	my ($envname,$envvalue)=split(/=/,$line,2);
+ 	$temp_env{&unescape($envname)} = &unescape($envvalue);
+     }
+     unlink("$lonidsdir/$handle.id");
+     if (tie(my %disk_env,'GDBM_File',"$lonidsdir/$handle.id",&GDBM_WRCREAT(),
+)) {
+ 	%disk_env = %temp_env;
+ 	@env{keys(%temp_env)} = @disk_env{keys(%temp_env)};
+ 	untie(%disk_env);
+     }
+     return 1;
+ }
+ # ------------------------------------------- Transfer profile into environment
+ my $env_loaded;
+ sub transfer_profile_to_env {
+     my ($lonidsdir,$handle,$force_transfer) = @_;
+     if (!$force_transfer && $env_loaded) { return; }
+     if (!defined($lonidsdir)) {
+ 	$lonidsdir = $perlvar{'lonIDsDir'};
+     }
+     if (!defined($handle)) {
+         ($handle) = ($env{'user.environment'} =~m|/([^/]+)\.id$| );
+     }
+     my $convert;
+     {
+     	open(my $idf,"$lonidsdir/$handle.id");
+ 	flock($idf,LOCK_SH);
+ 	if (tie(my %disk_env,'GDBM_File',"$lonidsdir/$handle.id",
+ 		&GDBM_READER(),0640)) {
+ 	    @env{keys(%disk_env)} = @disk_env{keys(%disk_env)};
+ 	    untie(%disk_env);
+ 	} else {
+ 	    $convert = 1;
+ 	}
+     }
+     if ($convert) {
+ 	if (!&convert_and_load_session_env($lonidsdir,$handle)) {
+ 	    &logthis("Failed to load session, or convert session.");
+ 	}
+     }
+     my %remove;
+     while ( my $envname = each(%env) ) {
          if (my ($key,$time) = ($envname =~ /^(cgi\.(\d+)_\d+\.)/)) {
              if ($time < time-300) {
-                 $Remove{$key}++;
+                 $remove{$key}++;
              }
          }
      }
      $env{'user.environment'} = "$lonidsdir/$handle.id";
-     foreach my $expired_key (keys(%Remove)) {
+     $env_loaded=1;
+     foreach my $expired_key (keys(%remove)) {
          &delenv($expired_key);
      }
  }
+ sub timed_flock {
+     my ($file,$lock_type) = @_;
+     my $failed=0;
+     eval {
+ 	local $SIG{__DIE__}='DEFAULT';
+ 	local $SIG{ALRM}=sub {
+ 	    $failed=1;
+ 	    die("failed lock");
+ 	};
+ 	alarm(13);
+ 	flock($file,$lock_type);
+ 	alarm(0);
+     };
+     if ($failed) {
+ 	return undef;
+     } else {
+ 	return 1;
+     }
+ }
  # ---------------------------------------------------------- Append Environment
  sub appenv {
      my %newenv=@_;
-     foreach (keys %newenv) {
+     foreach my $key (keys(%newenv)) {
- 	if (($newenv{$_}=~/^user\.role/) || ($newenv{$_}=~/^user\.priv/)) {
+ 	if (($newenv{$key}=~/^user\.role/) || ($newenv{$key}=~/^user\.priv/)) {
-             &logthis("<font color=blue>WARNING: ".
+             &logthis("<font color=\"blue\">WARNING: ".
-                 "Attempt to modify environment ".$_." to ".$newenv{$_}
+                 "Attempt to modify environment ".$key." to ".$newenv{$key}
                  .'</font>');
- 	    delete($newenv{$_});
+ 	    delete($newenv{$key});
          } else {
-             $env{$_}=$newenv{$_};
+             $env{$key}=$newenv{$key};
-         }
-     }
-     my $lockfh;
-     unless (open($lockfh,"$env{'user.environment'}")) {
- 	return 'error: '.$!;
-     }
-     unless (flock($lockfh,LOCK_EX)) {
-          &logthis("<font color=blue>WARNING: ".
-                   'Could not obtain exclusive lock in appenv: '.$!);
-          close($lockfh);
-          return 'error: '.$!;
-     }
-     my @oldenv;
-     {
- 	my $fh;
- 	unless (open($fh,"$env{'user.environment'}")) {
- 	    return 'error: '.$!;
- 	}
- 	@oldenv=<$fh>;
- 	close($fh);
-     }
-     for (my $i=0; $i<=$#oldenv; $i++) {
-         chomp($oldenv[$i]);
-         if ($oldenv[$i] ne '') {
- 	    my ($name,$value)=split(/=/,$oldenv[$i]);
- 	    unless (defined($newenv{$name})) {
- 		$newenv{$name}=$value;
- 	    }
          }
      }
-     {
+     open(my $env_file,$env{'user.environment'});
- 	my $fh;
+     if (&timed_flock($env_file,LOCK_EX)
- 	unless (open($fh,">$env{'user.environment'}")) {
+ 	&&
- 	    return 'error';
+ 	tie(my %disk_env,'GDBM_File',$env{'user.environment'},
- 	}
+ 	    (&GDBM_WRITER()|&GDBM_NOLOCK()),0640)) {
- 	my $newname;
+ 	while (my ($key,$value) = each(%newenv)) {
- 	foreach $newname (keys %newenv) {
+ 	    $disk_env{$key} = $value;
- 	    print $fh "$newname=$newenv{$newname}\n";
  	}
- 	close($fh);
+ 	untie(%disk_env);
      }
-     close($lockfh);
      return 'ok';
  }
  # ----------------------------------------------------- Delete from Environment
  sub delenv {
      my $delthis=shift;
-     my %newenv=();
      if (($delthis=~/user\.role/) || ($delthis=~/user\.priv/)) {
-         &logthis("<font color=blue>WARNING: ".
+         &logthis("<font color=\"blue\">WARNING: ".
                  "Attempt to delete from environment ".$delthis);
          return 'error';
      }
-     my @oldenv;
+     open(my $env_file,$env{'user.environment'});
-     {
+     if (&timed_flock($env_file,LOCK_EX)
- 	my $fh;
+ 	&&
- 	unless (open($fh,"$env{'user.environment'}")) {
+ 	tie(my %disk_env,'GDBM_File',$env{'user.environment'},
- 	    return 'error';
+ 	    (&GDBM_WRITER()|&GDBM_NOLOCK()),0640)) {
- 	}
+ 	foreach my $key (keys(%disk_env)) {
- 	unless (flock($fh,LOCK_SH)) {
+ 	    if ($key=~/^$delthis/) {
- 	    &logthis("<font color=blue>WARNING: ".
- 		     'Could not obtain shared lock in delenv: '.$!);
- 	    close($fh);
- 	    return 'error: '.$!;
- 	}
- 	@oldenv=<$fh>;
- 	close($fh);
-     }
-     {
- 	my $fh;
- 	unless (open($fh,">$env{'user.environment'}")) {
- 	    return 'error';
- 	}
- 	unless (flock($fh,LOCK_EX)) {
- 	    &logthis("<font color=blue>WARNING: ".
- 		     'Could not obtain exclusive lock in delenv: '.$!);
- 	    close($fh);
- 	    return 'error: '.$!;
- 	}
- 	foreach (@oldenv) {
- 	    if ($_=~/^$delthis/) {
-                 my ($key,undef) = split('=',$_);
                  delete($env{$key});
-             } else {
+                 delete($disk_env{$key});
-                 print $fh $_;
              }
  	}
- 	close($fh);
+ 	untie(%disk_env);
      }
      return 'ok';
  }
+ sub get_env_multiple {
+     my ($name) = @_;
+     my @values;
+     if (defined($env{$name})) {
+         # exists is it an array
+         if (ref($env{$name})) {
+             @values=@{ $env{$name} };
+         } else {
+             $values[0]=$env{$name};
+         }
+     }
+     return(@values);
+ }
  # ------------------------------------------ Find out current server userload
  # there is a copy in lond
  sub userload {
- Line 442  sub overloaderror {
+ Line 503  sub overloaderror {
  # ------------------------------ Find server with least workload from spare.tab
  sub spareserver {
-     my ($loadpercent,$userloadpercent) = @_;
+     my ($loadpercent,$userloadpercent,$want_server_name) = @_;
-     my $tryserver;
+     my $spare_server;
-     my $spareserver='';
      if ($userloadpercent !~ /\d/) { $userloadpercent=0; }
-     my $lowestserver=$loadpercent > $userloadpercent?
+     my $lowest_load=($loadpercent > $userloadpercent) ? $loadpercent
- 	             $loadpercent :  $userloadpercent;
+                                                      :  $userloadpercent;
-     foreach $tryserver (keys %spareid) {
- 	my $loadans=reply('load',$tryserver);
+     foreach my $try_server (@{ $spareid{'primary'} }) {
- 	my $userloadans=reply('userload',$tryserver);
+ 	($spare_server, $lowest_load) =
- 	if ($loadans !~ /\d/ && $userloadans !~ /\d/) {
+ 	    &compare_server_load($try_server, $spare_server, $lowest_load);
- 	    next; #didn't get a number from the server
+     }
- 	}
- 	my $answer;
+     my $found_server = ($spare_server ne '' && $lowest_load < 100);
- 	if ($loadans =~ /\d/) {
- 	    if ($userloadans =~ /\d/) {
+     if (!$found_server) {
- 		#both are numbers, pick the bigger one
+ 	foreach my $try_server (@{ $spareid{'default'} }) {
- 		$answer=$loadans > $userloadans?
+ 	    ($spare_server, $lowest_load) =
- 		    $loadans :  $userloadans;
+ 		&compare_server_load($try_server, $spare_server, $lowest_load);
- 	    } else {
- 		$answer = $loadans;
- 	    }
- 	} else {
- 	    $answer = $userloadans;
- 	}
- 	if (($answer =~ /\d/) && ($answer<$lowestserver)) {
- 	    $spareserver="http://$hostname{$tryserver}";
- 	    $lowestserver=$answer;
  	}
      }
-     return $spareserver;
+     if (!$want_server_name) {
+ 	$spare_server="http://$hostname{$spare_server}";
+     }
+     return $spare_server;
  }
+ sub compare_server_load {
+     my ($try_server, $spare_server, $lowest_load) = @_;
+     my $loadans     = &reply('load',    $try_server);
+     my $userloadans = &reply('userload',$try_server);
+     if ($loadans !~ /\d/ && $userloadans !~ /\d/) {
+ 	next; #didn't get a number from the server
+     }
+     my $load;
+     if ($loadans =~ /\d/) {
+ 	if ($userloadans =~ /\d/) {
+ 	    #both are numbers, pick the bigger one
+ 	    $load = ($loadans > $userloadans) ? $loadans
+ 		                              : $userloadans;
+ 	} else {
+ 	    $load = $loadans;
+ 	}
+     } else {
+ 	$load = $userloadans;
+     }
+     if (($load =~ /\d/) && ($load < $lowest_load)) {
+ 	$spare_server = $try_server;
+ 	$lowest_load  = $load;
+     }
+     return ($spare_server,$lowest_load);
+ }
  # --------------------------------------------- Try to change a user's password
  sub changepass {
-     my ($uname,$udom,$currentpass,$newpass,$server)=@_;
+     my ($uname,$udom,$currentpass,$newpass,$server,$context)=@_;
      $currentpass = &escape($currentpass);
      $newpass     = &escape($newpass);
-     my $answer = reply("encrypt:passwd:$udom:$uname:$currentpass:$newpass",
+     my $answer = reply("encrypt:passwd:$udom:$uname:$currentpass:$newpass:$context",
  		       $server);
      if (! $answer) {
  	&logthis("No reply on password change request to $server ".
- Line 529  sub queryauthenticate {
+ Line 613  sub queryauthenticate {
  sub authenticate {
      my ($uname,$upass,$udom)=@_;
-     $upass=escape($upass);
+     $upass=&escape($upass);
-     $uname=~s/\W//g;
+     $uname= &LONCAPA::clean_username($uname);
      my $uhome=&homeserver($uname,$udom);
      if (!$uhome) {
  	&logthis("User $uname at $udom is unknown in authenticate");
- Line 605  sub idget {
+ Line 689  sub idget {
  sub idrget {
      my ($udom,@unames)=@_;
      my %returnhash=();
-     foreach (@unames) {
+     foreach my $uname (@unames) {
-         $returnhash{$_}=(&userenvironment($udom,$_,'id'))[1];
+         $returnhash{$uname}=(&userenvironment($udom,$uname,'id'))[1];
      }
      return %returnhash;
  }
- Line 616  sub idrget {
+ Line 700  sub idrget {
  sub idput {
      my ($udom,%ids)=@_;
      my %servers=();
-     foreach (keys %ids) {
+     foreach my $uname (keys(%ids)) {
- 	&cput('environment',{'id'=>$ids{$_}},$udom,$_);
+ 	&cput('environment',{'id'=>$ids{$uname}},$udom,$uname);
-         my $uhom=&homeserver($_,$udom);
+         my $uhom=&homeserver($uname,$udom);
          if ($uhom ne 'no_host') {
-             my $id=&escape($ids{$_});
+             my $id=&escape($ids{$uname});
              $id=~tr/A-Z/a-z/;
-             my $unam=&escape($_);
+             my $esc_unam=&escape($uname);
  	    if ($servers{$uhom}) {
- 		$servers{$uhom}.='&'.$id.'='.$unam;
+ 		$servers{$uhom}.='&'.$id.'='.$esc_unam;
              } else {
-                 $servers{$uhom}=$id.'='.$unam;
+                 $servers{$uhom}=$id.'='.$esc_unam;
              }
          }
      }
-     foreach (keys %servers) {
+     foreach my $server (keys(%servers)) {
-         &critical('idput:'.$udom.':'.$servers{$_},$_);
+         &critical('idput:'.$udom.':'.$servers{$server},$server);
+     }
+ }
+ # ------------------------------------------- get items from domain db files
+ sub get_dom {
+     my ($namespace,$storearr,$udom)=@_;
+     my $items='';
+     foreach my $item (@$storearr) {
+         $items.=&escape($item).'&';
+     }
+     $items=~s/\&$//;
+     if (!$udom) { $udom=$env{'user.domain'}; }
+     if (exists($domain_primary{$udom})) {
+         my $uhome=$domain_primary{$udom};
+         my $rep=&reply("getdom:$udom:$namespace:$items",$uhome);
+         my @pairs=split(/\&/,$rep);
+         if ( $#pairs==0 && $pairs[0] =~ /^(con_lost|error|no_such_host)/i) {
+             return @pairs;
+         }
+         my %returnhash=();
+         my $i=0;
+         foreach my $item (@$storearr) {
+             $returnhash{$item}=&thaw_unescape($pairs[$i]);
+             $i++;
+         }
+         return %returnhash;
+     } else {
+         &logthis("get_dom failed - no primary domain server for $udom");
+     }
+ }
+ # -------------------------------------------- put items in domain db files
+ sub put_dom {
+     my ($namespace,$storehash,$udom)=@_;
+     if (!$udom) { $udom=$env{'user.domain'}; }
+     if (exists($domain_primary{$udom})) {
+         my $uhome=$domain_primary{$udom};
+         my $items='';
+         foreach my $item (keys(%$storehash)) {
+             $items.=&escape($item).'='.&freeze_escape($$storehash{$item}).'&';
+         }
+         $items=~s/\&$//;
+         return &reply("putdom:$udom:$namespace:$items",$uhome);
+     } else {
+         &logthis("put_dom failed - no primary domain server for $udom");
      }
  }
- Line 766  sub validate_access_key {
+ Line 897  sub validate_access_key {
  }
  # ------------------------------------- Find the section of student in a course
+ sub devalidate_getsection_cache {
+     my ($udom,$unam,$courseid)=@_;
+     my $hashid="$udom:$unam:$courseid";
+     &devalidate_cache_new('getsection',$hashid);
+ }
+ sub courseid_to_courseurl {
+     my ($courseid) = @_;
+     #already url style courseid
+     return $courseid if ($courseid =~ m{^/});
+     if (exists($env{'course.'.$courseid.'.num'})) {
+ 	my $cnum = $env{'course.'.$courseid.'.num'};
+ 	my $cdom = $env{'course.'.$courseid.'.domain'};
+ 	return "/$cdom/$cnum";
+     }
+     my %courseinfo=&Apache::lonnet::coursedescription($courseid);
+     if (exists($courseinfo{'num'})) {
+ 	return "/$courseinfo{'domain'}/$courseinfo{'num'}";
+     }
+     return undef;
+ }
  sub getsection {
      my ($udom,$unam,$courseid)=@_;
      my $cachetime=1800;
-     $courseid=~s/\_/\//g;
-     $courseid=~s/^(\w)/\/$1/;
      my $hashid="$udom:$unam:$courseid";
      my ($result,$cached)=&is_cached_new('getsection',$hashid);
- Line 792  sub getsection {
+ Line 945  sub getsection {
      # If there is more than one expired role, choose the one which ended last.
      # If there is a role which has expired, return it.
      #
-     foreach (split(/\&/,&reply('dump:'.$udom.':'.$unam.':roles',
+     $courseid = &courseid_to_courseurl($courseid);
-                         &homeserver($unam,$udom)))) {
+     my %roleshash = &dump('roles',$udom,$unam,$courseid);
-         my ($key,$value)=split(/\=/,$_);
+     foreach my $key (keys(%roleshash)) {
-         $key=&unescape($key);
          next if ($key !~/^\Q$courseid\E(?:\/)*(\w+)*\_st$/);
          my $section=$1;
          if ($key eq $courseid.'_st') { $section=''; }
-         my ($dummy,$end,$start)=split(/\_/,&unescape($value));
+         my ($dummy,$end,$start)=split(/\_/,&unescape($roleshash{$key}));
          my $now=time;
          if (defined($end) && $end && ($now > $end)) {
              $Expired{$end}=$section;
- Line 828  sub getsection {
+ Line 980  sub getsection {
  sub save_cache {
      &purge_remembered();
+     #&Apache::loncommon::validate_page();
      undef(%env);
+     undef($env_loaded);
  }
  my $to_remember=-1;
- Line 931  sub userenvironment {
+ Line 1085  sub userenvironment {
  sub studentphoto {
      my ($udom,$unam,$ext) = @_;
      my $home=&Apache::lonnet::homeserver($unam,$udom);
-     my $ret=&Apache::lonnet::reply("studentphoto:$udom:$unam:$ext",$home);
+     if (defined($env{'request.course.id'})) {
-     my $url="/uploaded/$udom/$unam/internal/studentphoto.".$ext;
+         if ($env{'course.'.$env{'request.course.id'}.'.internal.showphoto'}) {
-     if ($ret ne 'ok') {
+             if ($udom eq $env{'course.'.$env{'request.course.id'}.'.domain'}) {
- 	return '/adm/lonKaputt/lonlogo_broken.gif';
+                 return(&retrievestudentphoto($udom,$unam,$ext));
+             } else {
+                 my ($result,$perm_reqd)=
+ 		    &Apache::lonnet::auto_photo_permission($unam,$udom);
+                 if ($result eq 'ok') {
+                     if (!($perm_reqd eq 'yes')) {
+                         return(&retrievestudentphoto($udom,$unam,$ext));
+                     }
+                 }
+             }
+         }
+     } else {
+         my ($result,$perm_reqd) =
+ 	    &Apache::lonnet::auto_photo_permission($unam,$udom);
+         if ($result eq 'ok') {
+             if (!($perm_reqd eq 'yes')) {
+                 return(&retrievestudentphoto($udom,$unam,$ext));
+             }
+         }
+     }
+     return '/adm/lonKaputt/lonlogo_broken.gif';
+ }
+ sub retrievestudentphoto {
+     my ($udom,$unam,$ext,$type) = @_;
+     my $home=&Apache::lonnet::homeserver($unam,$udom);
+     my $ret=&Apache::lonnet::reply("studentphoto:$udom:$unam:$ext:$type",$home);
+     if ($ret eq 'ok') {
+         my $url="/uploaded/$udom/$unam/internal/studentphoto.$ext";
+         if ($type eq 'thumbnail') {
+             $url="/uploaded/$udom/$unam/internal/studentphoto_tn.$ext";
+         }
+         my $tokenurl=&Apache::lonnet::tokenwrapper($url);
+         return $tokenurl;
+     } else {
+         if ($type eq 'thumbnail') {
+             return '/adm/lonKaputt/genericstudent_tn.gif';
+         } else {
+             return '/adm/lonKaputt/lonlogo_broken.gif';
+         }
      }
-     my $tokenurl=&Apache::lonnet::tokenwrapper($url);
-     return $tokenurl;
  }
  # -------------------------------------------------------------------- New chat
  sub chatsend {
-     my ($newentry,$anon)=@_;
+     my ($newentry,$anon,$group)=@_;
      my $cnum=$env{'course.'.$env{'request.course.id'}.'.num'};
      my $cdom=$env{'course.'.$env{'request.course.id'}.'.domain'};
      my $chome=$env{'course.'.$env{'request.course.id'}.'.home'};
      &reply('chatsend:'.$cdom.':'.$cnum.':'.
  	   &escape($env{'user.domain'}.':'.$env{'user.name'}.':'.$anon.':'.
- 		   &escape($newentry)),$chome);
+ 		   &escape($newentry)).':'.$group,$chome);
  }
  # ------------------------------------------ Find current version of a resource
- Line 1011  sub repcopy {
+ Line 1202  sub repcopy {
      }
      $filename=~s/[\n\r]//g;
      my $transname="$filename.in.transfer";
+ # FIXME: this should flock
      if ((-e $filename) || (-e $transname)) { return 'ok'; }
      my $remoteurl=subscribe($filename);
      if ($remoteurl =~ /^con_lost by/) {
- Line 1049  sub repcopy {
+ Line 1241  sub repcopy {
             if ($response->is_error()) {
  	       unlink($transname);
                 my $message=$response->status_line;
-                &logthis("<font color=blue>WARNING:"
+                &logthis("<font color=\"blue\">WARNING:"
                         ." LWP get: $message: $filename</font>");
                 return 'unavailable';
             } else {
- Line 1059  sub repcopy {
+ Line 1251  sub repcopy {
                    if ($mresponse->is_error()) {
  		      unlink($filename.'.meta');
                        &logthis(
-                      "<font color=yellow>INFO: No metadata: $filename</font>");
+                      "<font color=\"yellow\">INFO: No metadata: $filename</font>");
                    }
  	       }
                 rename($transname,$filename);
- Line 1077  sub ssi_body {
+ Line 1269  sub ssi_body {
      }
      my $output=($filelink=~/^http\:/?&externalssi($filelink):
                                       &ssi($filelink,%form));
-     $output=~s|//(\s*<!--)? BEGIN LON-CAPA Internal.+// END LON-CAPA Internal\s*(-->)?\s||gs;
+     $output=~s|//(\s*<!--)? BEGIN LON-CAPA Internal.+?// END LON-CAPA Internal\s*(-->)?\s||gs;
      $output=~s/^.*?\<body[^\>]*\>//si;
      $output=~s/(.*)\<\/body\s*\>.*?$/$1/si;
      return $output;
- Line 1085  sub ssi_body {
+ Line 1277  sub ssi_body {
  # --------------------------------------------------------- Server Side Include
+ sub absolute_url {
+     my ($host_name) = @_;
+     my $protocol = ($ENV{'SERVER_PORT'} == 443?'https://':'http://');
+     if ($host_name eq '') {
+ 	$host_name = $ENV{'SERVER_NAME'};
+     }
+     return $protocol.$host_name;
+ }
  sub ssi {
      my ($fn,%form)=@_;
- Line 1092  sub ssi {
+ Line 1293  sub ssi {
      my $ua=new LWP::UserAgent;
      my $request;
+     $form{'no_update_last_known'}=1;
      if (%form) {
-       $request=new HTTP::Request('POST',"http://".$ENV{'HTTP_HOST'}.$fn);
+       $request=new HTTP::Request('POST',&absolute_url().$fn);
        $request->content(join('&',map { &escape($_).'='.&escape($form{$_}) } keys %form));
      } else {
-       $request=new HTTP::Request('GET',"http://".$ENV{'HTTP_HOST'}.$fn);
+       $request=new HTTP::Request('GET',&absolute_url().$fn);
      }
      $request->header(Cookie => $ENV{'HTTP_COOKIE'});
- Line 1128  sub allowuploaded {
+ Line 1331  sub allowuploaded {
  }
  # --------- File operations in /home/httpd/html/userfiles/$domain/1/2/3/$course
- # input: action, courseID, current domain, home server for course, intended
+ # input: action, courseID, current domain, intended
- #        path to file, source of file.
+ #        path to file, source of file, instruction to parse file for objects,
+ #        ref to hash for embedded objects,
+ #        ref to hash for codebase of java objects.
+ #
  # output: url to file (if action was uploaddoc),
  #         ok if successful, or diagnostic message otherwise (if action was propagate or copy)
  #
- Line 1152  sub allowuploaded {
+ Line 1358  sub allowuploaded {
  #         /home/httpd/html/userfiles/$domain/1/2/3/$course/$file
  #         and will then be copied to /home/httpd/lonUsers/1/2/3/$course/userfiles/$file
  #         in course's home server.
+ #
  sub process_coursefile {
-     my ($action,$docuname,$docudom,$docuhome,$file,$source)=@_;
+     my ($action,$docuname,$docudom,$file,$source,$parser,$allfiles,$codebase)=@_;
      my $fetchresult;
+     my $home=&homeserver($docuname,$docudom);
      if ($action eq 'propagate') {
-         $fetchresult= &reply('fetchuserfile:'.$docudom.'/'.$docuname.'/'.$file
+         $fetchresult= &reply('fetchuserfile:'.$docudom.'/'.$docuname.'/'.$file,
-                             ,$docuhome);
+ 			     $home);
      } else {
-         my $fetchresult = '';
          my $fpath = '';
          my $fname = $file;
          ($fpath,$fname) = ($file =~ m|^(.*)/([^/]+)$|);
          $fpath=$docudom.'/'.$docuname.'/'.$fpath;
-         my $filepath=$perlvar{'lonDocRoot'}.'/userfiles';
+         my $filepath = &build_filepath($fpath);
-         unless ($fpath eq '') {
-             my @parts=split('/',$fpath);
-             foreach my $part (@parts) {
-                 $filepath.= '/'.$part;
-                 if ((-e $filepath)!=1) {
-                     mkdir($filepath,0777);
-                 }
-             }
-         }
          if ($action eq 'copy') {
              if ($source eq '') {
                  $fetchresult = 'no source file';
- Line 1184  sub process_coursefile {
+ Line 1381  sub process_coursefile {
                  my $destination = $filepath.'/'.$fname;
                  rename($source,$destination);
                  $fetchresult= &reply('fetchuserfile:'.$docudom.'/'.$docuname.'/'.$file,
-                                  $docuhome);
+                                  $home);
              }
          } elsif ($action eq 'uploaddoc') {
              open(my $fh,'>'.$filepath.'/'.$fname);
              print $fh $env{'form.'.$source};
              close($fh);
+             if ($parser eq 'parse') {
+                 my $parse_result = &extract_embedded_items($filepath,$fname,$allfiles,$codebase);
+                 unless ($parse_result eq 'ok') {
+                     &logthis('Failed to parse '.$filepath.'/'.$fname.' for embedded media: '.$parse_result);
+                 }
+             }
              $fetchresult= &reply('fetchuserfile:'.$docudom.'/'.$docuname.'/'.$file,
-                                  $docuhome);
+                                  $home);
              if ($fetchresult eq 'ok') {
                  return '/uploaded/'.$fpath.'/'.$fname;
              } else {
                  &logthis('Failed to transfer '.$docudom.'/'.$docuname.'/'.$file.
-                         ' to host '.$docuhome.': '.$fetchresult);
+                         ' to host '.$home.': '.$fetchresult);
                  return '/adm/notfound.html';
              }
          }
      }
      unless ( $fetchresult eq 'ok') {
          &logthis('Failed to transfer '.$docudom.'/'.$docuname.'/'.$file.
-              ' to host '.$docuhome.': '.$fetchresult);
+              ' to host '.$home.': '.$fetchresult);
      }
      return $fetchresult;
  }
+ sub build_filepath {
+     my ($fpath) = @_;
+     my $filepath=$perlvar{'lonDocRoot'}.'/userfiles';
+     unless ($fpath eq '') {
+         my @parts=split('/',$fpath);
+         foreach my $part (@parts) {
+             $filepath.= '/'.$part;
+             if ((-e $filepath)!=1) {
+                 mkdir($filepath,0777);
+             }
+         }
+     }
+     return $filepath;
+ }
+ sub store_edited_file {
+     my ($primary_url,$content,$docudom,$docuname,$fetchresult) = @_;
+     my $file = $primary_url;
+     $file =~ s#^/uploaded/$docudom/$docuname/##;
+     my $fpath = '';
+     my $fname = $file;
+     ($fpath,$fname) = ($file =~ m|^(.*)/([^/]+)$|);
+     $fpath=$docudom.'/'.$docuname.'/'.$fpath;
+     my $filepath = &build_filepath($fpath);
+     open(my $fh,'>'.$filepath.'/'.$fname);
+     print $fh $content;
+     close($fh);
+     my $home=&homeserver($docuname,$docudom);
+     $$fetchresult= &reply('fetchuserfile:'.$docudom.'/'.$docuname.'/'.$file,
+ 			  $home);
+     if ($$fetchresult eq 'ok') {
+         return '/uploaded/'.$fpath.'/'.$fname;
+     } else {
+         &logthis('Failed to transfer '.$docudom.'/'.$docuname.'/'.$file.
+ 		 ' to host '.$home.': '.$$fetchresult);
+         return '/adm/notfound.html';
+     }
+ }
  sub clean_filename {
-     my ($fname)=@_;
+     my ($fname,$args)=@_;
  # Replace Windows backslashes by forward slashes
      $fname=~s/\\/\//g;
- # Get rid of everything but the actual filename
+     if (!$args->{'keep_path'}) {
-     $fname=~s/^.*\/([^\/]+)$/$1/;
+         # Get rid of everything but the actual filename
+ 	$fname=~s/^.*\/([^\/]+)$/$1/;
+     }
  # Replace spaces by underscores
      $fname=~s/\s+/\_/g;
  # Replace all other weird characters by nothing
-     $fname=~s/[^\w\.\-]//g;
+     $fname=~s{[^/\w\.\-]}{}g;
  # Replace all .\d. sequences with _\d. so they no longer look like version
  # numbers
      $fname=~s/\.(\d+)(?=\.)/_$1/g;
- Line 1225  sub clean_filename {
+ Line 1469  sub clean_filename {
  }
  # --------------- Take an uploaded file and put it into the userfiles directory
- # input: name of form element, coursedoc=1 means this is for the course
+ # input: $formname - the contents of the file are in $env{"form.$formname"}
- # output: url of file in userspace
+ #                    the desired filenam is in $env{"form.$formname.filename"}
+ #        $coursedoc - if true up to the current course
+ #                     if false
+ #        $subdir - directory in userfile to store the file into
+ #        $parser, $allfiles, $codebase - unknown
+ #
+ # output: url of file in userspace, or error: <message>
+ #             or /adm/notfound.html if failure to upload occurse
  sub userfileupload {
-     my ($formname,$coursedoc,$subdir)=@_;
+     my ($formname,$coursedoc,$subdir,$parser,$allfiles,$codebase,$destuname,$destudom)=@_;
      if (!defined($subdir)) { $subdir='unknown'; }
      my $fname=$env{'form.'.$formname.'.filename'};
      $fname=&clean_filename($fname);
- Line 1251  sub userfileupload {
+ Line 1502  sub userfileupload {
          open(my $fh,'>'.$fullpath.'/'.$fname);
          print $fh $env{'form.'.$formname};
          close($fh);
          return $fullpath.'/'.$fname;
+     } elsif (($formname eq 'coursecreatorxml') && ($subdir eq 'batchupload')) { #files uploaded to create course page are handled differently
+         my $filepath = 'tmp/addcourse/'.$destudom.'/web/'.$env{'user.name'}.
+                        '_'.$env{'user.domain'}.'/pending';
+         my @parts=split(/\//,$filepath);
+         my $fullpath = $perlvar{'lonDaemons'};
+         for (my $i=0;$i<@parts;$i++) {
+             $fullpath .= '/'.$parts[$i];
+             if ((-e $fullpath)!=1) {
+                 mkdir($fullpath,0777);
+             }
+         }
+         open(my $fh,'>'.$fullpath.'/'.$fname);
+         print $fh $env{'form.'.$formname};
+         close($fh);
+         return $fullpath.'/'.$fname;
      }
  # Create the directory if not present
-     my $docuname='';
-     my $docudom='';
-     my $docuhome='';
      $fname="$subdir/$fname";
      if ($coursedoc) {
- 	$docuname=$env{'course.'.$env{'request.course.id'}.'.num'};
+ 	my $docuname=$env{'course.'.$env{'request.course.id'}.'.num'};
- 	$docudom=$env{'course.'.$env{'request.course.id'}.'.domain'};
+ 	my $docudom=$env{'course.'.$env{'request.course.id'}.'.domain'};
- 	$docuhome=$env{'course.'.$env{'request.course.id'}.'.home'};
+         if ($env{'form.folder'} =~ m/^(default|supplemental)/) {
-         if ($env{'form.folder'} =~ m/^default/) {
+             return &finishuserfileupload($docuname,$docudom,
-             return &finishuserfileupload($docuname,$docudom,$docuhome,$formname,$fname);
+ 					 $formname,$fname,$parser,$allfiles,
+ 					 $codebase);
          } else {
              $fname=$env{'form.folder'}.'/'.$fname;
-             return &process_coursefile('uploaddoc',$docuname,$docudom,$docuhome,$fname,$formname);
+             return &process_coursefile('uploaddoc',$docuname,$docudom,
+ 				       $fname,$formname,$parser,
+ 				       $allfiles,$codebase);
+         }
+     } elsif (defined($destuname)) {
+         my $docuname=$destuname;
+         my $docudom=$destudom;
+ 	return &finishuserfileupload($docuname,$docudom,$formname,
+ 				     $fname,$parser,$allfiles,$codebase);
+     } else {
+         my $docuname=$env{'user.name'};
+         my $docudom=$env{'user.domain'};
+         if (exists($env{'form.group'})) {
+             $docuname=$env{'course.'.$env{'request.course.id'}.'.num'};
+             $docudom=$env{'course.'.$env{'request.course.id'}.'.domain'};
          }
-     } else {
+ 	return &finishuserfileupload($docuname,$docudom,$formname,
-         $docuname=$env{'user.name'};
+ 				     $fname,$parser,$allfiles,$codebase);
-         $docudom=$env{'user.domain'};
-         $docuhome=$env{'user.home'};
-         return &finishuserfileupload($docuname,$docudom,$docuhome,$formname,$fname);
      }
  }
  sub finishuserfileupload {
-     my ($docuname,$docudom,$docuhome,$formname,$fname)=@_;
+     my ($docuname,$docudom,$formname,$fname,$parser,$allfiles,$codebase) = @_;
      my $path=$docudom.'/'.$docuname.'/';
      my $filepath=$perlvar{'lonDocRoot'};
      my ($fnamepath,$file);
- Line 1296  sub finishuserfileupload {
+ Line 1573  sub finishuserfileupload {
      }
  # Save the file
      {
- 	open(FH,'>'.$filepath.'/'.$file);
+ 	if (!open(FH,'>'.$filepath.'/'.$file)) {
- 	print FH $env{'form.'.$formname};
+ 	    &logthis('Failed to create '.$filepath.'/'.$file);
+ 	    print STDERR ('Failed to create '.$filepath.'/'.$file."\n");
+ 	    return '/adm/notfound.html';
+ 	}
+ 	if (!print FH ($env{'form.'.$formname})) {
+ 	    &logthis('Failed to write to '.$filepath.'/'.$file);
+ 	    print STDERR ('Failed to write to '.$filepath.'/'.$file."\n");
+ 	    return '/adm/notfound.html';
+ 	}
  	close(FH);
      }
+     if ($parser eq 'parse') {
+         my $parse_result = &extract_embedded_items($filepath,$file,$allfiles,
+ 						   $codebase);
+         unless ($parse_result eq 'ok') {
+             &logthis('Failed to parse '.$filepath.$file.
+ 		     ' for embedded media: '.$parse_result);
+         }
+     }
  # Notify homeserver to grep it
  #
+     my $docuhome=&homeserver($docuname,$docudom);
      my $fetchresult= &reply('fetchuserfile:'.$path.$file,$docuhome);
      if ($fetchresult eq 'ok') {
  #
- Line 1314  sub finishuserfileupload {
+ Line 1608  sub finishuserfileupload {
      }
  }
+ sub extract_embedded_items {
+     my ($filepath,$file,$allfiles,$codebase,$content) = @_;
+     my @state = ();
+     my %javafiles = (
+                       codebase => '',
+                       code => '',
+                       archive => ''
+                     );
+     my %mediafiles = (
+                       src => '',
+                       movie => '',
+                      );
+     my $p;
+     if ($content) {
+         $p = HTML::LCParser->new($content);
+     } else {
+         $p = HTML::LCParser->new($filepath.'/'.$file);
+     }
+     while (my $t=$p->get_token()) {
+ 	if ($t->[0] eq 'S') {
+ 	    my ($tagname, $attr) = ($t->[1],$t->[2]);
+ 	    push (@state, $tagname);
+             if (lc($tagname) eq 'allow') {
+                 &add_filetype($allfiles,$attr->{'src'},'src');
+             }
+ 	    if (lc($tagname) eq 'img') {
+ 		&add_filetype($allfiles,$attr->{'src'},'src');
+ 	    }
+             if (lc($tagname) eq 'script') {
+                 if ($attr->{'archive'} =~ /\.jar$/i) {
+                     &add_filetype($allfiles,$attr->{'archive'},'archive');
+                 } else {
+                     &add_filetype($allfiles,$attr->{'src'},'src');
+                 }
+             }
+             if (lc($tagname) eq 'link') {
+                 if (lc($attr->{'rel'}) eq 'stylesheet') {
+                     &add_filetype($allfiles,$attr->{'href'},'href');
+                 }
+             }
+ 	    if (lc($tagname) eq 'object' ||
+ 		(lc($tagname) eq 'embed' && lc($state[-2]) ne 'object')) {
+ 		foreach my $item (keys(%javafiles)) {
+ 		    $javafiles{$item} = '';
+ 		}
+ 	    }
+ 	    if (lc($state[-2]) eq 'object' && lc($tagname) eq 'param') {
+ 		my $name = lc($attr->{'name'});
+ 		foreach my $item (keys(%javafiles)) {
+ 		    if ($name eq $item) {
+ 			$javafiles{$item} = $attr->{'value'};
+ 			last;
+ 		    }
+ 		}
+ 		foreach my $item (keys(%mediafiles)) {
+ 		    if ($name eq $item) {
+ 			&add_filetype($allfiles, $attr->{'value'}, 'value');
+ 			last;
+ 		    }
+ 		}
+ 	    }
+ 	    if (lc($tagname) eq 'embed' || lc($tagname) eq 'applet') {
+ 		foreach my $item (keys(%javafiles)) {
+ 		    if ($attr->{$item}) {
+ 			$javafiles{$item} = $attr->{$item};
+ 			last;
+ 		    }
+ 		}
+ 		foreach my $item (keys(%mediafiles)) {
+ 		    if ($attr->{$item}) {
+ 			&add_filetype($allfiles,$attr->{$item},$item);
+ 			last;
+ 		    }
+ 		}
+ 	    }
+ 	} elsif ($t->[0] eq 'E') {
+ 	    my ($tagname) = ($t->[1]);
+ 	    if ($javafiles{'codebase'} ne '') {
+ 		$javafiles{'codebase'} .= '/';
+ 	    }
+ 	    if (lc($tagname) eq 'applet' ||
+ 		lc($tagname) eq 'object' ||
+ 		(lc($tagname) eq 'embed' && lc($state[-2]) ne 'object')
+ 		) {
+ 		foreach my $item (keys(%javafiles)) {
+ 		    if ($item ne 'codebase' && $javafiles{$item} ne '') {
+ 			my $file=$javafiles{'codebase'}.$javafiles{$item};
+ 			&add_filetype($allfiles,$file,$item);
+ 		    }
+ 		}
+ 	    }
+ 	    pop @state;
+ 	}
+     }
+     return 'ok';
+ }
+ sub add_filetype {
+     my ($allfiles,$file,$type)=@_;
+     if (exists($allfiles->{$file})) {
+ 	unless (grep/^\Q$type\E$/, @{$allfiles->{$file}}) {
+ 	    push(@{$allfiles->{$file}}, &escape($type));
+ 	}
+     } else {
+ 	@{$allfiles->{$file}} = (&escape($type));
+     }
+ }
  sub removeuploadedurl {
      my ($url)=@_;
      my (undef,undef,$udom,$uname,$fname)=split('/',$url,5);
- Line 1323  sub removeuploadedurl {
+ Line 1725  sub removeuploadedurl {
  sub removeuserfile {
      my ($docuname,$docudom,$fname)=@_;
      my $home=&homeserver($docuname,$docudom);
-     return &reply("removeuserfile:$docudom/$docuname/$fname",$home);
+     my $result = &reply("removeuserfile:$docudom/$docuname/$fname",$home);
+     if ($result eq 'ok') {
+         if (($fname !~ /\.meta$/) && (&is_portfolio_file($fname))) {
+             my $metafile = $fname.'.meta';
+             my $metaresult = &removeuserfile($docuname,$docudom,$metafile);
+ 	    my $url = "/uploaded/$docudom/$docuname/$fname";
+             my ($file,$group) = (&parse_portfolio_url($url))[3,4];
+             my $sqlresult =
+                 &update_portfolio_table($docuname,$docudom,$file,
+                                         'portfolio_metadata',$group,
+                                         'delete');
+         }
+     }
+     return $result;
  }
  sub mkdiruserfile {
- Line 1335  sub mkdiruserfile {
+ Line 1750  sub mkdiruserfile {
  sub renameuserfile {
      my ($docuname,$docudom,$old,$new)=@_;
      my $home=&homeserver($docuname,$docudom);
-     return &reply("renameuserfile:$docudom:$docuname:".&escape("$old").':'.
+     my $result = &reply("renameuserfile:$docudom:$docuname:".
- 		  &escape("$new"),$home);
+                         &escape("$old").':'.&escape("$new"),$home);
+     if ($result eq 'ok') {
+         if (($old !~ /\.meta$/) && (&is_portfolio_file($old))) {
+             my $oldmeta = $old.'.meta';
+             my $newmeta = $new.'.meta';
+             my $metaresult =
+                 &renameuserfile($docuname,$docudom,$oldmeta,$newmeta);
+ 	    my $url = "/uploaded/$docudom/$docuname/$old";
+             my ($file,$group) = (&parse_portfolio_url($url))[3,4];
+             my $sqlresult =
+                 &update_portfolio_table($docuname,$docudom,$file,
+                                         'portfolio_metadata',$group,
+                                         'delete');
+         }
+     }
+     return $result;
  }
  # ------------------------------------------------------------------------- Log
- Line 1362  sub flushcourselogs {
+ Line 1792  sub flushcourselogs {
  # times and course titles for all courseids
  #
      my %courseidbuffer=();
-     foreach (keys %courselogs) {
+     foreach my $crsid (keys %courselogs) {
-         my $crsid=$_;
          if (&reply('log:'.$coursedombuf{$crsid}.':'.$coursenumbuf{$crsid}.':'.
  		          &escape($courselogs{$crsid}),
  		          $coursehombuf{$crsid}) eq 'ok') {
- Line 1371  sub flushcourselogs {
+ Line 1800  sub flushcourselogs {
          } else {
              &logthis('Failed to flush log buffer for '.$crsid);
              if (length($courselogs{$crsid})>40000) {
-                &logthis("<font color=blue>WARNING: Buffer for ".$crsid.
+                &logthis("<font color=\"blue\">WARNING: Buffer for ".$crsid.
                          " exceeded maximum size, deleting.</font>");
                 delete $courselogs{$crsid};
              }
- Line 1379  sub flushcourselogs {
+ Line 1808  sub flushcourselogs {
          if ($courseidbuffer{$coursehombuf{$crsid}}) {
             $courseidbuffer{$coursehombuf{$crsid}}.='&'.
  			 &escape($crsid).'='.&escape($coursedescrbuf{$crsid}).
-                          ':'.&escape($courseinstcodebuf{$crsid}).':'.&escape($courseownerbuf{$crsid});
+                          ':'.&escape($courseinstcodebuf{$crsid}).':'.&escape($courseownerbuf{$crsid}).':'.&escape($coursetypebuf{$crsid});
          } else {
             $courseidbuffer{$coursehombuf{$crsid}}=
  			 &escape($crsid).'='.&escape($coursedescrbuf{$crsid}).
-                          ':'.&escape($courseinstcodebuf{$crsid}).':'.&escape($courseownerbuf{$crsid});
+                          ':'.&escape($courseinstcodebuf{$crsid}).':'.&escape($courseownerbuf{$crsid}).':'.&escape($coursetypebuf{$crsid});
          }
      }
  #
  # Write course id database (reverse lookup) to homeserver of courses
  # Is used in pickcourse
  #
-     foreach (keys %courseidbuffer) {
+     foreach my $crsid (keys(%courseidbuffer)) {
-         &courseidput($hostdom{$_},$courseidbuffer{$_},$_);
+         &courseidput($hostdom{$crsid},$courseidbuffer{$crsid},$crsid);
      }
  #
  # File accesses
- Line 1400  sub flushcourselogs {
+ Line 1829  sub flushcourselogs {
      foreach my $entry (keys(%accesshash)) {
          if ($entry =~ /___count$/) {
              my ($dom,$name);
-             ($dom,$name,undef)=($entry=~m:___(\w+)/(\w+)/(.*)___count$:);
+             ($dom,$name,undef)=
+ 		($entry=~m{___($match_domain)/($match_name)/(.*)___count$});
              if (! defined($dom) || $dom eq '' ||
                  ! defined($name) || $name eq '') {
                  my $cid = $env{'request.course.id'};
- Line 1421  sub flushcourselogs {
+ Line 1851  sub flushcourselogs {
                  }
              }
          } else {
-             my ($dom,$name) = ($entry=~m:___(\w+)/(\w+)/(.*)___(\w+)$:);
+             my ($dom,$name) = ($entry=~m{___($match_domain)/($match_name)/(.*)___(\w+)$});
              my %temphash=($entry => $accesshash{$entry});
              if (&put('nohist_resevaldata',\%temphash,$dom,$name) eq 'ok') {
                  delete $accesshash{$entry};
- Line 1432  sub flushcourselogs {
+ Line 1862  sub flushcourselogs {
  # Roles
  # Reverse lookup of user roles for course faculty/staff and co-authorship
  #
-     foreach (keys %userrolehash) {
+     foreach my $entry (keys(%userrolehash)) {
-         my $entry=$_;
          my ($role,$uname,$udom,$runame,$rudom,$rsec)=
  	    split(/\:/,$entry);
          if (&Apache::lonnet::put('nohist_userroles',
- Line 1442  sub flushcourselogs {
+ Line 1871  sub flushcourselogs {
  	    delete $userrolehash{$entry};
          }
      }
+ #
+ # Reverse lookup of domain roles (dc, ad, li, sc, au)
+ #
+     my %domrolebuffer = ();
+     foreach my $entry (keys %domainrolehash) {
+         my ($role,$uname,$udom,$runame,$rudom,$rsec)=split/:/,$entry;
+         if ($domrolebuffer{$rudom}) {
+             $domrolebuffer{$rudom}.='&'.&escape($entry).
+                       '='.&escape($domainrolehash{$entry});
+         } else {
+             $domrolebuffer{$rudom}.=&escape($entry).
+                       '='.&escape($domainrolehash{$entry});
+         }
+         delete $domainrolehash{$entry};
+     }
+     foreach my $dom (keys(%domrolebuffer)) {
+         foreach my $tryserver (keys %libserv) {
+             if ($hostdom{$tryserver} eq $dom) {
+                 unless (&reply('domroleput:'.$dom.':'.
+                   $domrolebuffer{$dom},$tryserver) eq 'ok') {
+                     &logthis('Put of domain roles failed for '.$dom.' and  '.$tryserver);
+                 }
+             }
+         }
+     }
      $dumpcount++;
  }
- Line 1461  sub courselog {
+ Line 1915  sub courselog {
         $env{'course.'.$env{'request.course.id'}.'.internal.coursecode'};
      $courseownerbuf{$env{'request.course.id'}}=
         $env{'course.'.$env{'request.course.id'}.'.internal.courseowner'};
+     $coursetypebuf{$env{'request.course.id'}}=
+        $env{'course.'.$env{'request.course.id'}.'.type'};
      if (defined $courselogs{$env{'request.course.id'}}) {
  	$courselogs{$env{'request.course.id'}}.='&'.$what;
      } else {
- Line 1475  sub courseacclog {
+ Line 1931  sub courseacclog {
      my $fnsymb=shift;
      unless ($env{'request.course.id'}) { return ''; }
      my $what=$fnsymb.':'.$env{'user.name'}.':'.$env{'user.domain'};
-     if ($fnsymb=~/(problem|exam|quiz|assess|survey|form|page)$/) {
+     if ($fnsymb=~/(problem|exam|quiz|assess|survey|form|task|page)$/) {
          $what.=':POST';
          # FIXME: Probably ought to escape things....
- 	foreach (keys %env) {
+ 	foreach my $key (keys(%env)) {
-             if ($_=~/^form\.(.*)/) {
+             if ($key=~/^form\.(.*)/) {
- 		$what.=':'.$1.'='.$env{$_};
+ 		$what.=':'.$1.'='.$env{$key};
              }
          }
      } elsif ($fnsymb =~ m:^/adm/searchcat:) {
- Line 1517  sub linklog {
+ Line 1973  sub linklog {
  sub userrolelog {
      my ($trole,$username,$domain,$area,$tstart,$tend)=@_;
-     if (($trole=~/^ca/) || ($trole=~/^in/) ||
+     if (($trole=~/^ca/) || ($trole=~/^aa/) ||
-         ($trole=~/^cc/) || ($trole=~/^ep/) ||
+         ($trole=~/^in/) || ($trole=~/^cc/) ||
-         ($trole=~/^cr/) || ($trole=~/^ta/)) {
+         ($trole=~/^ep/) || ($trole=~/^cr/) ||
+         ($trole=~/^ta/)) {
         my (undef,$rudom,$runame,$rsec)=split(/\//,$area);
         $userrolehash
           {$trole.':'.$username.':'.$domain.':'.$runame.':'.$rudom.':'.$rsec}
                      =$tend.':'.$tstart;
-    }
+     }
+     if (($trole=~/^dc/) || ($trole=~/^ad/) ||
+         ($trole=~/^li/) || ($trole=~/^li/) ||
+         ($trole=~/^au/) || ($trole=~/^dg/) ||
+         ($trole=~/^sc/)) {
+        my (undef,$rudom,$runame,$rsec)=split(/\//,$area);
+        $domainrolehash
+          {$trole.':'.$username.':'.$domain.':'.$runame.':'.$rudom.':'.$rsec}
+                     = $tend.':'.$tstart;
+     }
  }
  sub get_course_adv_roles {
- Line 1532  sub get_course_adv_roles {
+ Line 1998  sub get_course_adv_roles {
      $cid=$env{'request.course.id'} unless (defined($cid));
      my %coursehash=&coursedescription($cid);
      my %nothide=();
-     foreach (split(/\s*\,\s*/,$coursehash{'nothideprivileged'})) {
+     foreach my $user (split(/\s*\,\s*/,$coursehash{'nothideprivileged'})) {
- 	$nothide{join(':',split(/[\@\:]/,$_))}=1;
+ 	$nothide{join(':',split(/[\@\:]/,$user))}=1;
      }
      my %returnhash=();
      my %dumphash=
              &dump('nohist_userroles',$coursehash{'domain'},$coursehash{'num'});
      my $now=time;
-     foreach (keys %dumphash) {
+     foreach my $entry (keys %dumphash) {
- 	my ($tend,$tstart)=split(/\:/,$dumphash{$_});
+ 	my ($tend,$tstart)=split(/\:/,$dumphash{$entry});
          if (($tstart) && ($tstart<0)) { next; }
          if (($tend) && ($tend<$now)) { next; }
          if (($tstart) && ($now<$tstart)) { next; }
-         my ($role,$username,$domain,$section)=split(/\:/,$_);
+         my ($role,$username,$domain,$section)=split(/\:/,$entry);
  	if ($username eq '' || $domain eq '') { next; }
  	if ((&privileged($username,$domain)) &&
  	    (!$nothide{$username.':'.$domain})) { next; }
+ 	if ($role eq 'cr') { next; }
          my $key=&plaintext($role);
          if ($section) { $key.=' (Sec/Grp '.$section.')'; }
          if ($returnhash{$key}) {
- Line 1560  sub get_course_adv_roles {
+ Line 2027  sub get_course_adv_roles {
  }
  sub get_my_roles {
-     my ($uname,$udom)=@_;
+     my ($uname,$udom,$types,$roles,$roledoms)=@_;
      unless (defined($uname)) { $uname=$env{'user.name'}; }
      unless (defined($udom)) { $udom=$env{'user.domain'}; }
      my %dumphash=
              &dump('nohist_userroles',$udom,$uname);
      my %returnhash=();
      my $now=time;
-     foreach (keys %dumphash) {
+     foreach my $entry (keys(%dumphash)) {
- 	my ($tend,$tstart)=split(/\:/,$dumphash{$_});
+ 	my ($tend,$tstart)=split(/\:/,$dumphash{$entry});
          if (($tstart) && ($tstart<0)) { next; }
-         if (($tend) && ($tend<$now)) { next; }
+         my $status = 'active';
-         if (($tstart) && ($now<$tstart)) { next; }
+         if (($tend) && ($tend<$now)) {
-         my ($role,$username,$domain,$section)=split(/\:/,$_);
+             $status = 'previous';
+         }
+         if (($tstart) && ($now<$tstart)) {
+             $status = 'future';
+         }
+         if (ref($types) eq 'ARRAY') {
+             if (!grep(/^\Q$status\E$/,@{$types})) {
+                 next;
+             }
+         } else {
+             if ($status ne 'active') {
+                 next;
+             }
+         }
+         my ($role,$username,$domain,$section)=split(/\:/,$entry);
+         if (ref($roledoms) eq 'ARRAY') {
+             if (!grep(/^\Q$domain\E$/,@{$roledoms})) {
+                 next;
+             }
+         }
+         if (ref($roles) eq 'ARRAY') {
+             if (!grep(/^\Q$role\E$/,@{$roles})) {
+                 next;
+             }
+         }
  	$returnhash{$username.':'.$domain.':'.$role}=$tstart.':'.$tend;
-      }
+     }
      return %returnhash;
  }
- Line 1593  sub getannounce {
+ Line 2084  sub getannounce {
      if (open(my $fh,$perlvar{'lonDocRoot'}.'/announcement.txt')) {
  	my $announcement='';
- 	while (<$fh>) { $announcement .=$_; }
+ 	while (my $line = <$fh>) { $announcement .= $line; }
  	close($fh);
  	if ($announcement=~/\w/) {
  	    return
- Line 1617  sub courseidput {
+ Line 2108  sub courseidput {
  }
  sub courseiddump {
-     my ($domfilter,$descfilter,$sincefilter,$instcodefilter,$ownerfilter,$coursefilter,$hostidflag,$hostidref)=@_;
+     my ($domfilter,$descfilter,$sincefilter,$instcodefilter,$ownerfilter,$coursefilter,$hostidflag,$hostidref,$typefilter,$regexp_ok)=@_;
      my %returnhash=();
      unless ($domfilter) { $domfilter=''; }
      foreach my $tryserver (keys %libserv) {
          if ( ($hostidflag == 1 && grep/^$tryserver$/,@{$hostidref}) || (!defined($hostidflag)) ) {
  	    if ((!$domfilter) || ($hostdom{$tryserver} eq $domfilter)) {
- 	        foreach (
+ 	        foreach my $line (
                   split(/\&/,&reply('courseiddump:'.$hostdom{$tryserver}.':'.
  			       $sincefilter.':'.&escape($descfilter).':'.
-                                &escape($instcodefilter).':'.&escape($ownerfilter).':'.&escape($coursefilter),
+                                &escape($instcodefilter).':'.&escape($ownerfilter).':'.&escape($coursefilter).':'.&escape($typefilter).':'.&escape($regexp_ok),
                                 $tryserver))) {
- 		    my ($key,$value)=split(/\=/,$_);
+ 		    my ($key,$value)=split(/\=/,$line,2);
                      if (($key) && ($value)) {
  		        $returnhash{&unescape($key)}=$value;
                      }
- Line 1639  sub courseiddump {
+ Line 2130  sub courseiddump {
      return %returnhash;
  }
- #
+ # ---------------------------------------------------------- DC e-mail
+ sub dcmailput {
+     my ($domain,$msgid,$message,$server)=@_;
+     my $status = &Apache::lonnet::critical(
+        'dcmailput:'.$domain.':'.&escape($msgid).'='.
+        &escape($message),$server);
+     return $status;
+ }
+ sub dcmaildump {
+     my ($dom,$startdate,$enddate,$senders) = @_;
+     my %returnhash=();
+     if (exists($domain_primary{$dom})) {
+         my $cmd='dcmaildump:'.$dom.':'.&escape($startdate).':'.
+                                                          &escape($enddate).':';
+ 	my @esc_senders=map { &escape($_)} @$senders;
+ 	$cmd.=&escape(join('&',@esc_senders));
+ 	foreach my $line (split(/\&/,&reply($cmd,$domain_primary{$dom}))) {
+             my ($key,$value) = split(/\=/,$line,2);
+             if (($key) && ($value)) {
+                 $returnhash{&unescape($key)} = &unescape($value);
+             }
+         }
+     }
+     return %returnhash;
+ }
+ # ---------------------------------------------------------- Domain roles
+ sub get_domain_roles {
+     my ($dom,$roles,$startdate,$enddate)=@_;
+     if (undef($startdate) || $startdate eq '') {
+         $startdate = '.';
+     }
+     if (undef($enddate) || $enddate eq '') {
+         $enddate = '.';
+     }
+     my $rolelist = join(':',@{$roles});
+     my %personnel = ();
+     foreach my $tryserver (keys(%libserv)) {
+         if ($hostdom{$tryserver} eq $dom) {
+             %{$personnel{$tryserver}}=();
+             foreach my $line (
+                 split(/\&/,&reply('domrolesdump:'.$dom.':'.
+                    &escape($startdate).':'.&escape($enddate).':'.
+                    &escape($rolelist), $tryserver))) {
+                 my ($key,$value) = split(/\=/,$line,2);
+                 if (($key) && ($value)) {
+                     $personnel{$tryserver}{&unescape($key)} = &unescape($value);
+                 }
+             }
+         }
+     }
+     return %personnel;
+ }
  # ----------------------------------------------------------- Check out an item
  sub get_first_access {
      my ($type,$argsymb)=@_;
-     my ($symb,$courseid,$udom,$uname)=&Apache::lonxml::whichuser();
+     my ($symb,$courseid,$udom,$uname)=&whichuser();
      if ($argsymb) { $symb=$argsymb; }
      my ($map,$id,$res)=&decode_symb($symb);
      if ($type eq 'map') {
- Line 1658  sub get_first_access {
+ Line 2204  sub get_first_access {
  sub set_first_access {
      my ($type)=@_;
-     my ($symb,$courseid,$udom,$uname)=&Apache::lonxml::whichuser();
+     my ($symb,$courseid,$udom,$uname)=&whichuser();
      my ($map,$id,$res)=&decode_symb($symb);
      if ($type eq 'map') {
  	$res=&symbread($map);
- Line 1685  sub checkout {
+ Line 2231  sub checkout {
  		 $now.'&'.$ENV{'REMOTE_ADDR'});
      my $token=&reply('tmpput:'.$infostr,$lonhost);
      if ($token=~/^error\:/) {
-         &logthis("<font color=blue>WARNING: ".
+         &logthis("<font color=\"blue\">WARNING: ".
                  "Checkout tmpput failed ".$tudom.' - '.$tuname.' - '.$symb.
                   "</font>");
          return '';
- Line 1701  sub checkout {
+ Line 2247  sub checkout {
      unless (&cstore(\%infohash,$symb,$tcrsid,$tudom,$tuname) eq 'ok') {
         return '';
      } else {
-         &logthis("<font color=blue>WARNING: ".
+         &logthis("<font color=\"blue\">WARNING: ".
                  "Checkout cstore failed ".$tudom.' - '.$tuname.' - '.$symb.
                   "</font>");
      }
- Line 1711  sub checkout {
+ Line 2257  sub checkout {
                                                   $token)) ne 'ok') {
  	return '';
      } else {
-         &logthis("<font color=blue>WARNING: ".
+         &logthis("<font color=\"blue\">WARNING: ".
                  "Checkout log failed ".$tudom.' - '.$tuname.' - '.$symb.
                   "</font>");
      }
- Line 1852  sub hash2str {
+ Line 2398  sub hash2str {
  sub hashref2str {
    my ($hashref)=@_;
    my $result='__HASH_REF__';
-   foreach (sort(keys(%$hashref))) {
+   foreach my $key (sort(keys(%$hashref))) {
-     if (ref($_) eq 'ARRAY') {
+     if (ref($key) eq 'ARRAY') {
-       $result.=&arrayref2str($_).'=';
+       $result.=&arrayref2str($key).'=';
-     } elsif (ref($_) eq 'HASH') {
+     } elsif (ref($key) eq 'HASH') {
-       $result.=&hashref2str($_).'=';
+       $result.=&hashref2str($key).'=';
-     } elsif (ref($_)) {
+     } elsif (ref($key)) {
        $result.='=';
-       #print("Got a ref of ".(ref($_))." skipping.");
+       #print("Got a ref of ".(ref($key))." skipping.");
      } else {
- 	if ($_) {$result.=&escape($_).'=';} else { last; }
+ 	if ($key) {$result.=&escape($key).'=';} else { last; }
      }
-     if(ref($hashref->{$_}) eq 'ARRAY') {
+     if(ref($hashref->{$key}) eq 'ARRAY') {
-       $result.=&arrayref2str($hashref->{$_}).'&';
+       $result.=&arrayref2str($hashref->{$key}).'&';
-     } elsif(ref($hashref->{$_}) eq 'HASH') {
+     } elsif(ref($hashref->{$key}) eq 'HASH') {
-       $result.=&hashref2str($hashref->{$_}).'&';
+       $result.=&hashref2str($hashref->{$key}).'&';
-     } elsif(ref($hashref->{$_})) {
+     } elsif(ref($hashref->{$key})) {
         $result.='&';
-       #print("Got a ref of ".(ref($hashref->{$_}))." skipping.");
+       #print("Got a ref of ".(ref($hashref->{$key}))." skipping.");
      } else {
-       $result.=&escape($hashref->{$_}).'&';
+       $result.=&escape($hashref->{$key}).'&';
      }
    }
    $result=~s/\&$//;
- Line 2152  sub store {
+ Line 2698  sub store {
      $$storehash{'host'}=$perlvar{'lonHostID'};
      my $namevalue='';
-     foreach (keys %$storehash) {
+     foreach my $key (keys(%$storehash)) {
-         $namevalue.=&escape($_).'='.&freeze_escape($$storehash{$_}).'&';
+         $namevalue.=&escape($key).'='.&freeze_escape($$storehash{$key}).'&';
      }
      $namevalue=~s/\&$//;
      &courselog($symb.':'.$stuname.':'.$domain.':STORE:'.$namevalue);
- Line 2188  sub cstore {
+ Line 2734  sub cstore {
      $$storehash{'host'}=$perlvar{'lonHostID'};
      my $namevalue='';
-     foreach (keys %$storehash) {
+     foreach my $key (keys(%$storehash)) {
-         $namevalue.=&escape($_).'='.&freeze_escape($$storehash{$_}).'&';
+         $namevalue.=&escape($key).'='.&freeze_escape($$storehash{$key}).'&';
      }
      $namevalue=~s/\&$//;
      &courselog($symb.':'.$stuname.':'.$domain.':CSTORE:'.$namevalue);
- Line 2221  sub restore {
+ Line 2767  sub restore {
      my $answer=&reply("restore:$domain:$stuname:$namespace:$symb","$home");
      my %returnhash=();
-     foreach (split(/\&/,$answer)) {
+     foreach my $line (split(/\&/,$answer)) {
- 	my ($name,$value)=split(/\=/,$_);
+ 	my ($name,$value)=split(/\=/,$line);
          $returnhash{&unescape($name)}=&thaw_unescape($value);
      }
      my $version;
      for ($version=1;$version<=$returnhash{'version'};$version++) {
-        foreach (split(/\:/,$returnhash{$version.':keys'})) {
+        foreach my $item (split(/\:/,$returnhash{$version.':keys'})) {
-           $returnhash{$_}=$returnhash{$version.':'.$_};
+           $returnhash{$item}=$returnhash{$version.':'.$item};
         }
      }
      return %returnhash;
- Line 2237  sub restore {
+ Line 2783  sub restore {
  # ---------------------------------------------------------- Course Description
  sub coursedescription {
-     my $courseid=shift;
+     my ($courseid,$args)=@_;
      $courseid=~s/^\///;
      $courseid=~s/\_/\//g;
      my ($cdomain,$cnum)=split(/\//,$courseid);
- Line 2247  sub coursedescription {
+ Line 2793  sub coursedescription {
      # trying and trying and trying to get the course description.
      my %envhash=();
      my %returnhash=();
-     $envhash{'course.'.$normalid.'.last_cache'}=time;
+     my $expiretime=600;
+     if ($env{'request.course.id'} eq $normalid) {
+ 	$expiretime=120;
+     }
+     my $prefix='course.'.$cdomain.'_'.$cnum.'.';
+     if (!$args->{'freshen_cache'}
+ 	&& ((time-$env{$prefix.'last_cache'}) < $expiretime) ) {
+ 	foreach my $key (keys(%env)) {
+ 	    next if ($key !~ /^\Q$prefix\E(.*)/);
+ 	    my ($setting) = $1;
+ 	    $returnhash{$setting} = $env{$key};
+ 	}
+ 	return %returnhash;
+     }
+     # get the data agin
+     if (!$args->{'one_time'}) {
+ 	$envhash{'course.'.$normalid.'.last_cache'}=time;
+     }
      if ($chome ne 'no_host') {
         %returnhash=&dump('environment',$cdomain,$cnum);
         if (!exists($returnhash{'con_lost'})) {
             $returnhash{'home'}= $chome;
  	   $returnhash{'domain'} = $cdomain;
  	   $returnhash{'num'} = $cnum;
+            if (!defined($returnhash{'type'})) {
+                $returnhash{'type'} = 'Course';
+            }
             while (my ($name,$value) = each %returnhash) {
                 $envhash{'course.'.$normalid.'.'.$name}=$value;
             }
- Line 2265  sub coursedescription {
+ Line 2835  sub coursedescription {
             $envhash{'course.'.$normalid.'.num'}=$cnum;
         }
      }
-     &appenv(%envhash);
+     if (!$args->{'one_time'}) {
+ 	&appenv(%envhash);
+     }
      return %returnhash;
  }
- Line 2278  sub privileged {
+ Line 2850  sub privileged {
      if (($rolesdump eq 'con_lost') || ($rolesdump eq '')) { return 0; }
      my $now=time;
      if ($rolesdump ne '') {
-         foreach (split(/&/,$rolesdump)) {
+         foreach my $entry (split(/&/,$rolesdump)) {
- 	    if ($_!~/^rolesdef_/) {
+ 	    if ($entry!~/^rolesdef_/) {
- 		my ($area,$role)=split(/=/,$_);
+ 		my ($area,$role)=split(/=/,$entry);
  		$area=~s/\_\w\w$//;
  		my ($trole,$tend,$tstart)=split(/_/,$role);
  		if (($trole eq 'dc') || ($trole eq 'su')) {
- Line 2306  sub rolesinit {
+ Line 2878  sub rolesinit {
      my $rolesdump=reply("dump:$domain:$username:roles",$authhost);
      if (($rolesdump eq 'con_lost') || ($rolesdump eq '')) { return ''; }
      my %allroles=();
+     my %allgroups=();
      my $now=time;
-     my $userroles="user.login.time=$now\n";
+     my %userroles = ('user.login.time' => $now);
+     my $group_privs;
      if ($rolesdump ne '') {
-         foreach (split(/&/,$rolesdump)) {
+         foreach my $entry (split(/&/,$rolesdump)) {
- 	  if ($_!~/^rolesdef_/) {
+ 	  if ($entry!~/^rolesdef_/) {
-             my ($area,$role)=split(/=/,$_);
+             my ($area,$role)=split(/=/,$entry);
  	    $area=~s/\_\w\w$//;
+             my ($trole,$tend,$tstart,$group_privs);
-             my ($trole,$tend,$tstart);
  	    if ($role=~/^cr/) {
- 		($trole,my $trest)=($role=~m|^(cr/\w+/\w+/[a-zA-Z0-9]+)_(.*)$|);
+ 		if ($role=~m|^(cr/$match_domain/$match_username/[a-zA-Z0-9]+)_(.*)$|) {
- 		($tend,$tstart)=split('_',$trest);
+ 		    ($trole,my $trest)=($role=~m|^(cr/$match_domain/$match_username/[a-zA-Z0-9]+)_(.*)$|);
+ 		    ($tend,$tstart)=split('_',$trest);
+ 		} else {
+ 		    $trole=$role;
+ 		}
+             } elsif ($role =~ m|^gr/|) {
+                 ($trole,$tend,$tstart) = split(/_/,$role);
+                 ($trole,$group_privs) = split(/\//,$trole);
+                 $group_privs = &unescape($group_privs);
  	    } else {
  		($trole,$tend,$tstart)=split(/_/,$role);
  	    }
-             $userroles.=&set_arearole($trole,$area,$tstart,$tend,$domain,$username);
+ 	    my %new_role = &set_arearole($trole,$area,$tstart,$tend,$domain,
+ 					 $username);
+ 	    @userroles{keys(%new_role)} = @new_role{keys(%new_role)};
              if (($tend!=0) && ($tend<$now)) { $trole=''; }
              if (($tstart!=0) && ($tstart>$now)) { $trole=''; }
              if (($area ne '') && ($trole ne '')) {
- Line 2330  sub rolesinit {
+ Line 2913  sub rolesinit {
  		my ($tdummy,$tdomain,$trest)=split(/\//,$area);
  		if ($trole =~ /^cr\//) {
                      &custom_roleprivs(\%allroles,$trole,$tdomain,$trest,$spec,$area);
+                 } elsif ($trole eq 'gr') {
+                     &group_roleprivs(\%allgroups,$area,$group_privs,$tend,$tstart);
  		} else {
                      &standard_roleprivs(\%allroles,$trole,$tdomain,$spec,$trest,$area);
  		}
              }
            }
          }
-         my ($author,$adv) = &set_userprivs(\$userroles,\%allroles);
+         my ($author,$adv) = &set_userprivs(\%userroles,\%allroles,\%allgroups);
-         $userroles.='user.adv='.$adv."\n".
+         $userroles{'user.adv'}    = $adv;
- 	            'user.author='.$author."\n";
+ 	$userroles{'user.author'} = $author;
          $env{'user.adv'}=$adv;
      }
-     return $userroles;
+     return \%userroles;
  }
  sub set_arearole {
      my ($trole,$area,$tstart,$tend,$domain,$username) = @_;
  # log the associated role with the area
      &userrolelog($trole,$username,$domain,$area,$tstart,$tend);
-     return 'user.role.'.$trole.'.'.$area.'='.$tstart.'.'.$tend."\n";
+     return ('user.role.'.$trole.'.'.$area => $tstart.'.'.$tend);
  }
  sub custom_roleprivs {
- Line 2378  sub custom_roleprivs {
+ Line 2963  sub custom_roleprivs {
      }
  }
+ sub group_roleprivs {
+     my ($allgroups,$area,$group_privs,$tend,$tstart) = @_;
+     my $access = 1;
+     my $now = time;
+     if (($tend!=0) && ($tend<$now)) { $access = 0; }
+     if (($tstart!=0) && ($tstart>$now)) { $access=0; }
+     if ($access) {
+         my ($course,$group) = ($area =~ m|(/$match_domain/$match_courseid)/([^/]+)$|);
+         $$allgroups{$course}{$group} .=':'.$group_privs;
+     }
+ }
  sub standard_roleprivs {
      my ($allroles,$trole,$tdomain,$spec,$trest,$area) = @_;
- Line 2398  sub standard_roleprivs {
+ Line 2994  sub standard_roleprivs {
  }
  sub set_userprivs {
-     my ($userroles,$allroles) = @_;
+     my ($userroles,$allroles,$allgroups) = @_;
      my $author=0;
      my $adv=0;
-     foreach (keys %{$allroles}) {
+     my %grouproles = ();
-         my %thesepriv=();
+     if (keys(%{$allgroups}) > 0) {
-         if (($_=~/^au/) || ($_=~/^ca/)) { $author=1; }
+         foreach my $role (keys %{$allroles}) {
-         foreach (split(/:/,$$allroles{$_})) {
+             my ($trole,$area,$sec,$extendedarea);
-             if ($_ ne '') {
+             if ($role =~ m-^(\w+|cr/$match_domain/$match_username/\w+)\.(/$match_domain/$match_courseid)(/?\w*)-) {
-                 my ($privilege,$restrictions)=split(/&/,$_);
+                 $trole = $1;
+                 $area = $2;
+                 $sec = $3;
+                 $extendedarea = $area.$sec;
+                 if (exists($$allgroups{$area})) {
+                     foreach my $group (keys(%{$$allgroups{$area}})) {
+                         my $spec = $trole.'.'.$extendedarea;
+                         $grouproles{$spec.'.'.$area.'/'.$group} =
+                                                 $$allgroups{$area}{$group};
+                     }
+                 }
+             }
+         }
+     }
+     foreach my $group (keys(%grouproles)) {
+         $$allroles{$group} = $grouproles{$group};
+     }
+     foreach my $role (keys(%{$allroles})) {
+         my %thesepriv;
+         if (($role=~/^au/) || ($role=~/^ca/)) { $author=1; }
+         foreach my $item (split(/:/,$$allroles{$role})) {
+             if ($item ne '') {
+                 my ($privilege,$restrictions)=split(/&/,$item);
                  if ($restrictions eq '') {
                      $thesepriv{$privilege}='F';
                  } elsif ($thesepriv{$privilege} ne 'F') {
- Line 2416  sub set_userprivs {
+ Line 3034  sub set_userprivs {
              }
          }
          my $thesestr='';
-         foreach (keys %thesepriv) { $thesestr.=':'.$_.'&'.$thesepriv{$_}; }
+         foreach my $priv (keys(%thesepriv)) {
-         $$userroles.='user.priv.'.$_.'='.$thesestr."\n";
+ 	    $thesestr.=':'.$priv.'&'.$thesepriv{$priv};
+ 	}
+         $userroles->{'user.priv.'.$role} = $thesestr;
      }
      return ($author,$adv);
  }
- Line 2427  sub set_userprivs {
+ Line 3047  sub set_userprivs {
  sub get {
     my ($namespace,$storearr,$udomain,$uname)=@_;
     my $items='';
-    foreach (@$storearr) {
+    foreach my $item (@$storearr) {
-        $items.=escape($_).'&';
+        $items.=&escape($item).'&';
     }
     $items=~s/\&$//;
     if (!$udomain) { $udomain=$env{'user.domain'}; }
- Line 2442  sub get {
+ Line 3062  sub get {
     }
     my %returnhash=();
     my $i=0;
-    foreach (@$storearr) {
+    foreach my $item (@$storearr) {
-       $returnhash{$_}=&thaw_unescape($pairs[$i]);
+       $returnhash{$item}=&thaw_unescape($pairs[$i]);
        $i++;
     }
     return %returnhash;
- Line 2454  sub get {
+ Line 3074  sub get {
  sub del {
     my ($namespace,$storearr,$udomain,$uname)=@_;
     my $items='';
-    foreach (@$storearr) {
+    foreach my $item (@$storearr) {
-        $items.=escape($_).'&';
+        $items.=&escape($item).'&';
     }
     $items=~s/\&$//;
     if (!$udomain) { $udomain=$env{'user.domain'}; }
- Line 2468  sub del {
+ Line 3088  sub del {
  # -------------------------------------------------------------- dump interface
  sub dump {
-    my ($namespace,$udomain,$uname,$regexp)=@_;
+     my ($namespace,$udomain,$uname,$regexp,$range)=@_;
+     if (!$udomain) { $udomain=$env{'user.domain'}; }
+     if (!$uname) { $uname=$env{'user.name'}; }
+     my $uhome=&homeserver($uname,$udomain);
+     if ($regexp) {
+ 	$regexp=&escape($regexp);
+     } else {
+ 	$regexp='.';
+     }
+     my $rep=&reply("dump:$udomain:$uname:$namespace:$regexp:$range",$uhome);
+     my @pairs=split(/\&/,$rep);
+     my %returnhash=();
+     foreach my $item (@pairs) {
+ 	my ($key,$value)=split(/=/,$item,2);
+ 	$key = &unescape($key);
+ 	next if ($key =~ /^error: 2 /);
+ 	$returnhash{$key}=&thaw_unescape($value);
+     }
+     return %returnhash;
+ }
+ # --------------------------------------------------------- dumpstore interface
+ sub dumpstore {
+    my ($namespace,$udomain,$uname,$regexp,$range)=@_;
     if (!$udomain) { $udomain=$env{'user.domain'}; }
     if (!$uname) { $uname=$env{'user.name'}; }
     my $uhome=&homeserver($uname,$udomain);
- Line 2477  sub dump {
+ Line 3121  sub dump {
     } else {
         $regexp='.';
     }
-    my $rep=reply("dump:$udomain:$uname:$namespace:$regexp",$uhome);
+    my $rep=&reply("dump:$udomain:$uname:$namespace:$regexp:$range",$uhome);
     my @pairs=split(/\&/,$rep);
     my %returnhash=();
-    foreach (@pairs) {
+    foreach my $item (@pairs) {
-       my ($key,$value)=split(/=/,$_);
+        my ($key,$value)=split(/=/,$item,2);
-       $returnhash{unescape($key)}=&thaw_unescape($value);
+        next if ($key =~ /^error: 2 /);
+        $returnhash{$key}=&thaw_unescape($value);
     }
     return %returnhash;
  }
- Line 2496  sub getkeys {
+ Line 3141  sub getkeys {
     my $uhome=&homeserver($uname,$udomain);
     my $rep=reply("keys:$udomain:$uname:$namespace",$uhome);
     my @keyarray=();
-    foreach (split(/\&/,$rep)) {
+    foreach my $key (split(/\&/,$rep)) {
-       push (@keyarray,&unescape($_));
+       next if ($key =~ /^error: 2 /);
+       push(@keyarray,&unescape($key));
     }
     return @keyarray;
  }
- Line 2517  sub currentdump {
+ Line 3163  sub currentdump {
     if ($rep eq "unknown_cmd") {
         # an old lond will not know currentdump
         # Do a dump and make it look like a currentdump
-        my @tmp = &dump($courseid,$sdom,$sname,'.');
+        my @tmp = &dumpstore($courseid,$sdom,$sname,'.');
         return if ($tmp[0] =~ /^(error:|no_such_host)/);
         my %hash = @tmp;
         @tmp=();
         %returnhash = %{&convert_dump_to_currentdump(\%hash)};
     } else {
         my @pairs=split(/\&/,$rep);
-        foreach (@pairs) {
+        foreach my $pair (@pairs) {
-            my ($key,$value)=split(/=/,$_);
+            my ($key,$value)=split(/=/,$pair,2);
             my ($symb,$param) = split(/:/,$key);
             $returnhash{&unescape($symb)}->{&unescape($param)} =
                                                          &thaw_unescape($value);
- Line 2542  sub convert_dump_to_currentdump{
+ Line 3188  sub convert_dump_to_currentdump{
      # we might run in to problems with parameter names =~ /^v\./
      while (my ($key,$value) = each(%hash)) {
          my ($v,$symb,$param) = split(/:/,$key);
+ 	$symb  = &unescape($symb);
+ 	$param = &unescape($param);
          next if ($v eq 'version' || $symb eq 'keys');
          next if (exists($returnhash{$symb}) &&
                   exists($returnhash{$symb}->{$param}) &&
- Line 2561  sub convert_dump_to_currentdump{
+ Line 3209  sub convert_dump_to_currentdump{
      return \%returnhash;
  }
+ # ------------------------------------------------------ critical inc interface
+ sub cinc {
+     return &inc(@_,'critical');
+ }
  # --------------------------------------------------------------- inc interface
  sub inc {
-     my ($namespace,$store,$udomain,$uname) = @_;
+     my ($namespace,$store,$udomain,$uname,$critical) = @_;
      if (!$udomain) { $udomain=$env{'user.domain'}; }
      if (!$uname) { $uname=$env{'user.name'}; }
      my $uhome=&homeserver($uname,$udomain);
- Line 2582  sub inc {
+ Line 3236  sub inc {
          }
      }
      $items=~s/\&$//;
-     return &reply("inc:$udomain:$uname:$namespace:$items",$uhome);
+     if ($critical) {
+ 	return &critical("inc:$udomain:$uname:$namespace:$items",$uhome);
+     } else {
+ 	return &reply("inc:$udomain:$uname:$namespace:$items",$uhome);
+     }
  }
  # --------------------------------------------------------------- put interface
- Line 2593  sub put {
+ Line 3251  sub put {
     if (!$uname) { $uname=$env{'user.name'}; }
     my $uhome=&homeserver($uname,$udomain);
     my $items='';
-    foreach (keys %$storehash) {
+    foreach my $item (keys(%$storehash)) {
-        $items.=&escape($_).'='.&freeze_escape($$storehash{$_}).'&';
+        $items.=&escape($item).'='.&freeze_escape($$storehash{$item}).'&';
     }
     $items=~s/\&$//;
     return &reply("put:$udomain:$uname:$namespace:$items",$uhome);
  }
- # ---------------------------------------------------------- putstore interface
+ # ------------------------------------------------------------ newput interface
- sub putstore {
+ sub newput {
     my ($namespace,$storehash,$udomain,$uname)=@_;
     if (!$udomain) { $udomain=$env{'user.domain'}; }
     if (!$uname) { $uname=$env{'user.name'}; }
     my $uhome=&homeserver($uname,$udomain);
     my $items='';
-    my %allitems = ();
+    foreach my $key (keys(%$storehash)) {
-    foreach (keys %$storehash) {
+        $items.=&escape($key).'='.&freeze_escape($$storehash{$key}).'&';
-        if ($_ =~ m/^([^\:]+):([^\:]+):([^\:]+)$/) {
-            my $key = $1.':keys:'.$2;
-            $allitems{$key} .= $3.':';
-        }
-        $items.=$_.'='.&freeze_escape($$storehash{$_}).'&';
     }
-    foreach (keys %allitems) {
+    $items=~s/\&$//;
-        $allitems{$_} =~ s/\:$//;
+    return &reply("newput:$udomain:$uname:$namespace:$items",$uhome);
-        $items.= $_.'='.$allitems{$_}.'&';
+ }
+ # ---------------------------------------------------------  putstore interface
+ sub putstore {
+    my ($namespace,$symb,$version,$storehash,$udomain,$uname)=@_;
+    if (!$udomain) { $udomain=$env{'user.domain'}; }
+    if (!$uname) { $uname=$env{'user.name'}; }
+    my $uhome=&homeserver($uname,$udomain);
+    my $items='';
+    foreach my $key (keys(%$storehash)) {
+        $items.= &escape($key).'='.&freeze_escape($storehash->{$key}).'&';
     }
     $items=~s/\&$//;
-    return &reply("put:$udomain:$uname:$namespace:$items",$uhome);
+    my $esc_symb=&escape($symb);
+    my $esc_v=&escape($version);
+    my $reply =
+        &reply("putstore:$udomain:$uname:$namespace:$esc_symb:$esc_v:$items",
+ 	      $uhome);
+    if ($reply eq 'unknown_cmd') {
+        # gfall back to way things use to be done
+        return &old_putstore($namespace,$symb,$version,$storehash,$udomain,
+ 			    $uname);
+    }
+    return $reply;
+ }
+ sub old_putstore {
+     my ($namespace,$symb,$version,$storehash,$udomain,$uname)=@_;
+     if (!$udomain) { $udomain=$env{'user.domain'}; }
+     if (!$uname) { $uname=$env{'user.name'}; }
+     my $uhome=&homeserver($uname,$udomain);
+     my %newstorehash;
+     foreach my $item (keys(%$storehash)) {
+ 	my $key = $version.':'.&escape($symb).':'.$item;
+ 	$newstorehash{$key} = $storehash->{$item};
+     }
+     my $items='';
+     my %allitems = ();
+     foreach my $item (keys(%newstorehash)) {
+ 	if ($item =~ m/^([^\:]+):([^\:]+):([^\:]+)$/) {
+ 	    my $key = $1.':keys:'.$2;
+ 	    $allitems{$key} .= $3.':';
+ 	}
+ 	$items.=$item.'='.&freeze_escape($newstorehash{$item}).'&';
+     }
+     foreach my $item (keys(%allitems)) {
+ 	$allitems{$item} =~ s/\:$//;
+ 	$items.= $item.'='.$allitems{$item}.'&';
+     }
+     $items=~s/\&$//;
+     return &reply("put:$udomain:$uname:$namespace:$items",$uhome);
  }
  # ------------------------------------------------------ critical put interface
- Line 2632  sub cput {
+ Line 3333  sub cput {
     if (!$uname) { $uname=$env{'user.name'}; }
     my $uhome=&homeserver($uname,$udomain);
     my $items='';
-    foreach (keys %$storehash) {
+    foreach my $item (keys(%$storehash)) {
-        $items.=escape($_).'='.&freeze_escape($$storehash{$_}).'&';
+        $items.=&escape($item).'='.&freeze_escape($$storehash{$item}).'&';
     }
     $items=~s/\&$//;
     return &critical("put:$udomain:$uname:$namespace:$items",$uhome);
- Line 2644  sub cput {
+ Line 3345  sub cput {
  sub eget {
     my ($namespace,$storearr,$udomain,$uname)=@_;
     my $items='';
-    foreach (@$storearr) {
+    foreach my $item (@$storearr) {
-        $items.=escape($_).'&';
+        $items.=&escape($item).'&';
     }
     $items=~s/\&$//;
     if (!$udomain) { $udomain=$env{'user.domain'}; }
- Line 2655  sub eget {
+ Line 3356  sub eget {
     my @pairs=split(/\&/,$rep);
     my %returnhash=();
     my $i=0;
-    foreach (@$storearr) {
+    foreach my $item (@$storearr) {
-       $returnhash{$_}=&thaw_unescape($pairs[$i]);
+       $returnhash{$item}=&thaw_unescape($pairs[$i]);
        $i++;
     }
     return %returnhash;
  }
+ # ------------------------------------------------------------ tmpput interface
+ sub tmpput {
+     my ($storehash,$server,$context)=@_;
+     my $items='';
+     foreach my $item (keys(%$storehash)) {
+ 	$items.=&escape($item).'='.&freeze_escape($$storehash{$item}).'&';
+     }
+     $items=~s/\&$//;
+     if (defined($context)) {
+         $items .= ':'.&escape($context);
+     }
+     return &reply("tmpput:$items",$server);
+ }
+ # ------------------------------------------------------------ tmpget interface
+ sub tmpget {
+     my ($token,$server)=@_;
+     if (!defined($server)) { $server = $perlvar{'lonHostID'}; }
+     my $rep=&reply("tmpget:$token",$server);
+     my %returnhash;
+     foreach my $item (split(/\&/,$rep)) {
+ 	my ($key,$value)=split(/=/,$item);
+ 	$returnhash{&unescape($key)}=&thaw_unescape($value);
+     }
+     return %returnhash;
+ }
+ # ------------------------------------------------------------ tmpget interface
+ sub tmpdel {
+     my ($token,$server)=@_;
+     if (!defined($server)) { $server = $perlvar{'lonHostID'}; }
+     return &reply("tmpdel:$token",$server);
+ }
+ # -------------------------------------------------- portfolio access checking
+ sub portfolio_access {
+     my ($requrl) = @_;
+     my (undef,$udom,$unum,$file_name,$group) = &parse_portfolio_url($requrl);
+     my $result = &get_portfolio_access($udom,$unum,$file_name,$group);
+     if ($result) {
+         my %setters;
+         if ($env{'user.name'} eq 'public' && $env{'user.domain'} eq 'public') {
+             my ($startblock,$endblock) =
+                 &Apache::loncommon::blockcheck(\%setters,'port',$unum,$udom);
+             if ($startblock && $endblock) {
+                 return 'B';
+             }
+         } else {
+             my ($startblock,$endblock) =
+                 &Apache::loncommon::blockcheck(\%setters,'port');
+             if ($startblock && $endblock) {
+                 return 'B';
+             }
+         }
+     }
+     if ($result eq 'ok') {
+        return 'F';
+     } elsif ($result =~ /^[^:]+:guest_/) {
+        return 'A';
+     }
+     return '';
+ }
+ sub get_portfolio_access {
+     my ($udom,$unum,$file_name,$group,$access_hash) = @_;
+     if (!ref($access_hash)) {
+ 	my $current_perms = &get_portfile_permissions($udom,$unum);
+ 	my %access_controls = &get_access_controls($current_perms,$group,
+ 						   $file_name);
+ 	$access_hash = $access_controls{$file_name};
+     }
+     my ($public,$guest,@domains,@users,@courses,@groups);
+     my $now = time;
+     if (ref($access_hash) eq 'HASH') {
+         foreach my $key (keys(%{$access_hash})) {
+             my ($num,$scope,$end,$start) = ($key =~ /^([^:]+):([a-z]+)_(\d*)_?(\d*)$/);
+             if ($start > $now) {
+                 next;
+             }
+             if ($end && $end<$now) {
+                 next;
+             }
+             if ($scope eq 'public') {
+                 $public = $key;
+                 last;
+             } elsif ($scope eq 'guest') {
+                 $guest = $key;
+             } elsif ($scope eq 'domains') {
+                 push(@domains,$key);
+             } elsif ($scope eq 'users') {
+                 push(@users,$key);
+             } elsif ($scope eq 'course') {
+                 push(@courses,$key);
+             } elsif ($scope eq 'group') {
+                 push(@groups,$key);
+             }
+         }
+         if ($public) {
+             return 'ok';
+         }
+         if ($env{'user.name'} eq 'public' && $env{'user.domain'} eq 'public') {
+             if ($guest) {
+                 return $guest;
+             }
+         } else {
+             if (@domains > 0) {
+                 foreach my $domkey (@domains) {
+                     if (ref($access_hash->{$domkey}{'dom'}) eq 'ARRAY') {
+                         if (grep(/^\Q$env{'user.domain'}\E$/,@{$access_hash->{$domkey}{'dom'}})) {
+                             return 'ok';
+                         }
+                     }
+                 }
+             }
+             if (@users > 0) {
+                 foreach my $userkey (@users) {
+                     if (exists($access_hash->{$userkey}{'users'}{$env{'user.name'}.':'.$env{'user.domain'}})) {
+                         return 'ok';
+                     }
+                 }
+             }
+             my %roleshash;
+             my @courses_and_groups = @courses;
+             push(@courses_and_groups,@groups);
+             if (@courses_and_groups > 0) {
+                 my (%allgroups,%allroles);
+                 my ($start,$end,$role,$sec,$group);
+                 foreach my $envkey (%env) {
+                     if ($envkey =~ m-^user\.role\.(gr|cc|in|ta|ep|st)\./($match_domain)/($match_courseid)/?([^/]*)$-) {
+                         my $cid = $2.'_'.$3;
+                         if ($1 eq 'gr') {
+                             $group = $4;
+                             $allgroups{$cid}{$group} = $env{$envkey};
+                         } else {
+                             if ($4 eq '') {
+                                 $sec = 'none';
+                             } else {
+                                 $sec = $4;
+                             }
+                             $allroles{$cid}{$1}{$sec} = $env{$envkey};
+                         }
+                     } elsif ($envkey =~ m-^user\.role\./cr/($match_domain/$match_username/\w*)./($match_domain)/($match_courseid)/?([^/]*)$-) {
+                         my $cid = $2.'_'.$3;
+                         if ($4 eq '') {
+                             $sec = 'none';
+                         } else {
+                             $sec = $4;
+                         }
+                         $allroles{$cid}{$1}{$sec} = $env{$envkey};
+                     }
+                 }
+                 if (keys(%allroles) == 0) {
+                     return;
+                 }
+                 foreach my $key (@courses_and_groups) {
+                     my %content = %{$$access_hash{$key}};
+                     my $cnum = $content{'number'};
+                     my $cdom = $content{'domain'};
+                     my $cid = $cdom.'_'.$cnum;
+                     if (!exists($allroles{$cid})) {
+                         next;
+                     }
+                     foreach my $role_id (keys(%{$content{'roles'}})) {
+                         my @sections = @{$content{'roles'}{$role_id}{'section'}};
+                         my @groups = @{$content{'roles'}{$role_id}{'group'}};
+                         my @status = @{$content{'roles'}{$role_id}{'access'}};
+                         my @roles = @{$content{'roles'}{$role_id}{'role'}};
+                         foreach my $role (keys(%{$allroles{$cid}})) {
+                             if ((grep/^all$/,@roles) || (grep/^\Q$role\E$/,@roles)) {
+                                 foreach my $sec (keys(%{$allroles{$cid}{$role}})) {
+                                     if (&course_group_datechecker($allroles{$cid}{$role}{$sec},$now,\@status) eq 'ok') {
+                                         if (grep/^all$/,@sections) {
+                                             return 'ok';
+                                         } else {
+                                             if (grep/^$sec$/,@sections) {
+                                                 return 'ok';
+                                             }
+                                         }
+                                     }
+                                 }
+                                 if (keys(%{$allgroups{$cid}}) == 0) {
+                                     if (grep/^none$/,@groups) {
+                                         return 'ok';
+                                     }
+                                 } else {
+                                     if (grep/^all$/,@groups) {
+                                         return 'ok';
+                                     }
+                                     foreach my $group (keys(%{$allgroups{$cid}})) {
+                                         if (grep/^$group$/,@groups) {
+                                             return 'ok';
+                                         }
+                                     }
+                                 }
+                             }
+                         }
+                     }
+                 }
+             }
+             if ($guest) {
+                 return $guest;
+             }
+         }
+     }
+     return;
+ }
+ sub course_group_datechecker {
+     my ($dates,$now,$status) = @_;
+     my ($start,$end) = split(/\./,$dates);
+     if (!$start && !$end) {
+         return 'ok';
+     }
+     if (grep/^active$/,@{$status}) {
+         if (((!$start) || ($start && $start <= $now)) && ((!$end) || ($end && $end >= $now))) {
+             return 'ok';
+         }
+     }
+     if (grep/^previous$/,@{$status}) {
+         if ($end > $now ) {
+             return 'ok';
+         }
+     }
+     if (grep/^future$/,@{$status}) {
+         if ($start > $now) {
+             return 'ok';
+         }
+     }
+     return;
+ }
+ sub parse_portfolio_url {
+     my ($url) = @_;
+     my ($type,$udom,$unum,$group,$file_name);
+     if ($url =~  m-^/*(?:uploaded|editupload)/($match_domain)/($match_username)/portfolio(/.+)$-) {
+ 	$type = 1;
+         $udom = $1;
+         $unum = $2;
+         $file_name = $3;
+     } elsif ($url =~ m-^/*(?:uploaded|editupload)/($match_domain)/($match_courseid)/groups/([^/]+)/portfolio/(.+)$-) {
+ 	$type = 2;
+         $udom = $1;
+         $unum = $2;
+         $group = $3;
+         $file_name = $3.'/'.$4;
+     }
+     if (wantarray) {
+ 	return ($type,$udom,$unum,$file_name,$group);
+     }
+     return $type;
+ }
+ sub is_portfolio_url {
+     my ($url) = @_;
+     return scalar(&parse_portfolio_url($url));
+ }
+ sub is_portfolio_file {
+     my ($file) = @_;
+     if (($file =~ /^portfolio/) || ($file =~ /^groups\/\w+\/portfolio/)) {
+         return 1;
+     }
+     return;
+ }
  # ---------------------------------------------- Custom access rule evaluation
  sub customaccess {
      my ($priv,$uri)=@_;
-     my ($urole,$urealm)=split(/\./,$env{'request.role'});
+     my ($urole,$urealm)=split(/\./,$env{'request.role'},2);
-     $urealm=~s/^\W//;
+     my (undef,$udom,$ucrs,$usec)=split(/\//,$urealm);
-     my ($udom,$ucrs,$usec)=split(/\//,$urealm);
+     $udom = &LONCAPA::clean_domain($udom);
+     $ucrs = &LONCAPA::clean_username($ucrs);
      my $access=0;
-     foreach (split(/\s*\,\s*/,&metadata($uri,'rule_rights'))) {
+     foreach my $right (split(/\s*\,\s*/,&metadata($uri,'rule_rights'))) {
- 	my ($effect,$realm,$role)=split(/\:/,$_);
+ 	my ($effect,$realm,$role)=split(/\:/,$right);
          if ($role) {
  	   if ($role ne $urole) { next; }
          }
-         foreach (split(/\s*\,\s*/,$realm)) {
+         foreach my $scope (split(/\s*\,\s*/,$realm)) {
-             my ($tdom,$tcrs,$tsec)=split(/\_/,$_);
+             my ($tdom,$tcrs,$tsec)=split(/\_/,$scope);
              if ($tdom) {
  		if ($tdom ne $udom) { next; }
              }
- Line 2699  sub customaccess {
+ Line 3672  sub customaccess {
  # ------------------------------------------------- Check for a user privilege
  sub allowed {
-     my ($priv,$uri,$symb)=@_;
+     my ($priv,$uri,$symb,$role)=@_;
+     my $ver_orguri=$uri;
      $uri=&deversion($uri);
      my $orguri=$uri;
      $uri=&declutter($uri);
+     if ($priv eq 'evb') {
+ # Evade communication block restrictions for specified role in a course
+         if ($env{'user.priv.'.$role} =~/evb\&([^\:]*)/) {
+             return $1;
+         } else {
+             return;
+         }
+     }
      if (defined($env{'allowed.'.$priv})) { return $env{'allowed.'.$priv}; }
  # Free bre access to adm and meta resources
-     if (((($uri=~/^adm\//) && ($uri !~ m|/bulletinboard$|))
+     if (((($uri=~/^adm\//) && ($uri !~ m{/(?:smppg|bulletinboard)$}))
- 	 || ($uri=~/\.meta$/)) && ($priv eq 'bre')) {
+ 	 || (($uri=~/\.meta$/) && ($uri!~m|^uploaded/|) ))
+ 	&& ($priv eq 'bre')) {
  	return 'F';
      }
  # Free bre access to user's own portfolio contents
-     my ($space,$domain,$name,$dir)=split('/',$uri);
+     my ($space,$domain,$name,@dir)=split('/',$uri);
-     if (($space=~/^(uploaded|ediupload)$/) && ($env{'user.name'} eq $name) &&
+     if (($space=~/^(uploaded|editupload)$/) && ($env{'user.name'} eq $name) &&
- 	($env{'user.domain'} eq $domain) && ('portfolio' eq $dir)) {
+ 	($env{'user.domain'} eq $domain) && ('portfolio' eq $dir[0])) {
-         return 'F';
+         my %setters;
+         my ($startblock,$endblock) =
+             &Apache::loncommon::blockcheck(\%setters,'port');
+         if ($startblock && $endblock) {
+             return 'B';
+         } else {
+             return 'F';
+         }
+     }
+ # bre access to group portfolio for rgf priv in group, or mdg or vcg in course.
+     if (($space=~/^(uploaded|editupload)$/) && ($dir[0] eq 'groups')
+          && ($dir[2] eq 'portfolio') && ($priv eq 'bre')) {
+         if (exists($env{'request.course.id'})) {
+             my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'};
+             my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'};
+             if (($domain eq $cdom) && ($name eq $cnum)) {
+                 my $courseprivid=$env{'request.course.id'};
+                 $courseprivid=~s/\_/\//;
+                 if ($env{'user.priv.'.$env{'request.role'}.'./'.$courseprivid
+                     .'/'.$dir[1]} =~/rgf\&([^\:]*)/) {
+                     return $1;
+                 } else {
+                     if ($env{'request.course.sec'}) {
+                         $courseprivid.='/'.$env{'request.course.sec'};
+                     }
+                     if ($env{'user.priv.'.$env{'request.role'}.'./'.
+                         $courseprivid} =~/(mdg|vcg)\&([^\:]*)/) {
+                         return $2;
+                     }
+                 }
+             }
+         }
      }
  # Free bre to public access
- Line 2752  sub allowed {
+ Line 3766  sub allowed {
      if (($priv eq 'ccc') && ($env{'request.role'} =~ /^dc\./)) {
          # uri is the requested domain in this case.
          # comparison to 'request.role.domain' shows if the user has selected
          # a role of dc for the domain in question.
          return 'F' if ($uri eq $env{'request.role.domain'});
      }
- Line 2783  sub allowed {
+ Line 3797  sub allowed {
         $thisallowed.=$1;
      }
- # URI is an uploaded document for this course
+ # URI is an uploaded document for this course, default permissions don't matter
  # not allowing 'edit' access (editupload) to uploaded course docs
      if (($priv eq 'bre') && ($uri=~m|^uploaded/|)) {
- 	my $refuri=$env{'httpref.'.$orguri};
+ 	$thisallowed='';
- 	if ($refuri) {
+         my ($match)=&is_on_map($uri);
- 	    if ($refuri =~ m|^/adm/|) {
+         if ($match) {
- 		$thisallowed='F';
+             if ($env{'user.priv.'.$env{'request.role'}.'./'}
- 	    }
+                   =~/\Q$priv\E\&([^\:]*)/) {
- 	}
+                 $thisallowed.=$1;
+             }
+         } else {
+             my $refuri = $env{'httpref.'.$orguri} || $env{'httpref.'.$ver_orguri};
+             if ($refuri) {
+                 if ($refuri =~ m|^/adm/|) {
+                     $thisallowed='F';
+                 } else {
+                     $refuri=&declutter($refuri);
+                     my ($match) = &is_on_map($refuri);
+                     if ($match) {
+                         $thisallowed='F';
+                     }
+                 }
+             }
+         }
      }
+     if ($priv eq 'bre'
+ 	&& $thisallowed ne 'F'
+ 	&& $thisallowed ne '2'
+ 	&& &is_portfolio_url($uri)) {
+ 	$thisallowed = &portfolio_access($uri);
+     }
  # Full access at system, domain or course-wide level? Exit.
      if ($thisallowed=~/F/) {
- Line 2802  sub allowed {
+ Line 3838  sub allowed {
  # If this is generating or modifying users, exit with special codes
-     if (':csu:cdc:ccc:cin:cta:cep:ccr:cst:cad:cli:cau:cdg:cca:'=~/\:\Q$priv\E\:/) {
+     if (':csu:cdc:ccc:cin:cta:cep:ccr:cst:cad:cli:cau:cdg:cca:caa:'=~/\:\Q$priv\E\:/) {
+ 	if (($priv eq 'cca') || ($priv eq 'caa')) {
+ 	    my ($audom,$auname)=split('/',$uri);
+ # no author name given, so this just checks on the general right to make a co-author in this domain
+ 	    unless ($auname) { return $thisallowed; }
+ # an author name is given, so we are about to actually make a co-author for a certain account
+ 	    if (($auname ne $env{'user.name'} && $env{'request.role'} !~ /^dc\./) ||
+ 		(($audom ne $env{'user.domain'} && $env{'request.role'} !~ /^dc\./) &&
+ 		 ($audom ne $env{'request.role.domain'}))) { return ''; }
+ 	}
  	return $thisallowed;
      }
  #
- Line 2832  sub allowed {
+ Line 3877  sub allowed {
         if ($checkreferer) {
  	  my $refuri=$env{'httpref.'.$orguri};
              unless ($refuri) {
-                 foreach (keys %env) {
+                 foreach my $key (keys(%env)) {
- 		    if ($_=~/^httpref\..*\*/) {
+ 		    if ($key=~/^httpref\..*\*/) {
- 			my $pattern=$_;
+ 			my $pattern=$key;
                          $pattern=~s/^httpref\.\/res\///;
                          $pattern=~s/\*/\[\^\/\]\+/g;
                          $pattern=~s/\//\\\//g;
                          if ($orguri=~/$pattern/) {
- 			    $refuri=$env{$_};
+ 			    $refuri=$env{$key};
                          }
                      }
                  }
- Line 2902  sub allowed {
+ Line 3947  sub allowed {
  	       my ($cdom,$cnum,$csec)=split(/\//,$courseid);
                 my $prefix='course.'.$cdom.'_'.$cnum.'.';
                 if ((time-$env{$prefix.'last_cache'})>$expiretime) {
- 		   &coursedescription($courseid);
+ 		   &coursedescription($courseid,{'freshen_cache' => 1});
                 }
                 if (($env{$prefix.'res.'.$uri.'.lock.sections'}=~/\,\Q$csec\E\,/)
                  || ($env{$prefix.'res.'.$uri.'.lock.sections'} eq 'all')) {
- Line 2935  sub allowed {
+ Line 3980  sub allowed {
  #
      unless ($env{'request.course.id'}) {
-        return '1';
+ 	if ($thisallowed eq 'A') {
+ 	    return 'A';
+         } elsif ($thisallowed eq 'B') {
+             return 'B';
+ 	} else {
+ 	    return '1';
+ 	}
      }
  #
- Line 2950  sub allowed {
+ Line 4001  sub allowed {
         my $unamedom=$env{'user.name'}.':'.$env{'user.domain'};
         if ($env{'course.'.$env{'request.course.id'}.'.'.$priv.'.roles.denied'}
  	   =~/\Q$rolecode\E/) {
-            &log($env{'user.domain'},$env{'user.name'},$env{'user.host'},
+ 	   if ($priv ne 'pch') {
-                 'Denied by role: '.$priv.' for '.$uri.' as '.$rolecode.' in '.
+ 	       &logthis($env{'user.domain'}.':'.$env{'user.name'}.':'.$env{'user.home'}.':'.
-                 $env{'request.course.id'});
+ 			'Denied by role: '.$priv.' for '.$uri.' as '.$rolecode.' in '.
+ 			$env{'request.course.id'});
+ 	   }
             return '';
         }
         if ($env{'course.'.$env{'request.course.id'}.'.'.$priv.'.users.denied'}
  	   =~/\Q$unamedom\E/) {
-            &log($env{'user.domain'},$env{'user.name'},$env{'user.host'},
+ 	   if ($priv ne 'pch') {
-                 'Denied by user: '.$priv.' for '.$uri.' as '.$unamedom.' in '.
+ 	       &logthis($env{'user.domain'}.':'.$env{'user.name'}.':'.$env{'user.home'}.
-                 $env{'request.course.id'});
+ 			'Denied by user: '.$priv.' for '.$uri.' as '.$unamedom.' in '.
+ 			$env{'request.course.id'});
+ 	   }
             return '';
         }
     }
- Line 2970  sub allowed {
+ Line 4025  sub allowed {
     if ($thisallowed=~/R/) {
         my $rolecode=(split(/\./,$env{'request.role'}))[0];
         if (&metadata($uri,'roledeny')=~/\Q$rolecode\E/) {
- 	  &log($env{'user.domain'},$env{'user.name'},$env{'user.host'},
+ 	   if ($priv ne 'pch') {
-                     'Denied by role: '.$priv.' for '.$uri.' as '.$rolecode);
+ 	       &logthis($env{'user.domain'}.':'.$env{'user.name'}.':'.$env{'user.home'}.':'.
-           return '';
+ 			'Denied by role: '.$priv.' for '.$uri.' as '.$rolecode);
+ 	   }
+ 	   return '';
         }
     }
- Line 2992  sub allowed {
+ Line 4049  sub allowed {
        }
     }
+     if ($thisallowed eq 'A') {
+ 	return 'A';
+     } elsif ($thisallowed eq 'B') {
+         return 'B';
+     }
     return 'F';
  }
+ sub split_uri_for_cond {
+     my $uri=&deversion(&declutter(shift));
+     my @uriparts=split(/\//,$uri);
+     my $filename=pop(@uriparts);
+     my $pathname=join('/',@uriparts);
+     return ($pathname,$filename);
+ }
  # --------------------------------------------------- Is a resource on the map?
  sub is_on_map {
-     my $uri=&declutter(shift);
+     my ($pathname,$filename) = &split_uri_for_cond(shift);
-     $uri=~s/\.\d+\.(\w+)$/\.$1/;
-     my @uriparts=split(/\//,$uri);
-     my $filename=$uriparts[$#uriparts];
-     my $pathname=$uri;
-     $pathname=~s|/\Q$filename\E$||;
-     $pathname=~s/^adm\/wrapper\///;
      #Trying to find the conditional for the file
      my $match=($env{'acc.res.'.$env{'request.course.id'}.'.'.$pathname}=~
  	       /\&\Q$filename\E\:([\d\|]+)\&/);
- Line 3043  sub get_symb_from_alias {
+ Line 4106  sub get_symb_from_alias {
  sub definerole {
    if (allowed('mcr','/')) {
      my ($rolename,$sysrole,$domrole,$courole)=@_;
-     foreach (split(':',$sysrole)) {
+     foreach my $role (split(':',$sysrole)) {
- 	my ($crole,$cqual)=split(/\&/,$_);
+ 	my ($crole,$cqual)=split(/\&/,$role);
          if ($pr{'cr:s'}!~/\Q$crole\E/) { return "refused:s:$crole"; }
          if ($pr{'cr:s'}=~/\Q$crole\E\&/) {
  	    if ($pr{'cr:s'}!~/\Q$crole\E\&\w*\Q$cqual\E/) {
- Line 3052  sub definerole {
+ Line 4115  sub definerole {
              }
          }
      }
-     foreach (split(':',$domrole)) {
+     foreach my $role (split(':',$domrole)) {
- 	my ($crole,$cqual)=split(/\&/,$_);
+ 	my ($crole,$cqual)=split(/\&/,$role);
          if ($pr{'cr:d'}!~/\Q$crole\E/) { return "refused:d:$crole"; }
          if ($pr{'cr:d'}=~/\Q$crole\E\&/) {
  	    if ($pr{'cr:d'}!~/\Q$crole\W\&\w*\Q$cqual\E/) {
- Line 3061  sub definerole {
+ Line 4124  sub definerole {
              }
          }
      }
-     foreach (split(':',$courole)) {
+     foreach my $role (split(':',$courole)) {
- 	my ($crole,$cqual)=split(/\&/,$_);
+ 	my ($crole,$cqual)=split(/\&/,$role);
          if ($pr{'cr:c'}!~/\Q$crole\E/) { return "refused:c:$crole"; }
          if ($pr{'cr:c'}=~/\Q$crole\E\&/) {
  	    if ($pr{'cr:c'}!~/\Q$crole\E\&\w*\Q$cqual\E/) {
- Line 3109  sub log_query {
+ Line 4172  sub log_query {
      my $uhome=&homeserver($uname,$udom);
      if ($uhome eq 'no_host') { return 'error: no_host'; }
      my $uhost=$hostname{$uhome};
-     my $command=&escape(join(':',map{$_.'='.$filters{$_}} keys %filters));
+     my $command=&escape(join(':',map{$_.'='.$filters{$_}} keys(%filters)));
      my $queryid=&reply("querysend:".$query.':'.$udom.':'.$uname.':'.$command,
                         $uhome);
      unless ($queryid=~/^\Q$uhost\E\_/) { return 'error: '.$queryid; }
      return get_query_reply($queryid);
  }
+ # -------------------------- Update MySQL table for portfolio file
+ sub update_portfolio_table {
+     my ($uname,$udom,$file_name,$query,$group,$action) = @_;
+     my $homeserver = &homeserver($uname,$udom);
+     my $queryid=
+         &reply("querysend:".$query.':'.&escape($uname.':'.$udom.':'.$group).
+                ':'.&escape($file_name).':'.$action,$homeserver);
+     my $reply = &get_query_reply($queryid);
+     return $reply;
+ }
  # ------- Request retrieval of institutional classlists for course(s)
  sub fetch_enrollment_query {
- Line 3130  sub fetch_enrollment_query {
+ Line 4205  sub fetch_enrollment_query {
      }
      my $host=$hostname{$homeserver};
      my $cmd = '';
-     foreach (keys %{$affiliatesref}) {
+     foreach my $affiliate (keys %{$affiliatesref}) {
-         $cmd .= $_.'='.join(",",@{$$affiliatesref{$_}}).'%%';
+         $cmd .= $affiliate.'='.join(",",@{$$affiliatesref{$affiliate}}).'%%';
      }
      $cmd =~ s/%%$//;
      $cmd = &escape($cmd);
- Line 3152  sub fetch_enrollment_query {
+ Line 4227  sub fetch_enrollment_query {
      } else {
          my @responses = split/:/,$reply;
          if ($homeserver eq $perlvar{'lonHostID'}) {
-             foreach (@responses) {
+             foreach my $line (@responses) {
-                 my ($key,$value) = split/=/,$_;
+                 my ($key,$value) = split(/=/,$line,2);
                  $$replyref{$key} = $value;
              }
          } else {
              my $pathname = $perlvar{'lonDaemons'}.'/tmp';
-             foreach (@responses) {
+             foreach my $line (@responses) {
-                 my ($key,$value) = split/=/,$_;
+                 my ($key,$value) = split(/=/,$line);
                  $$replyref{$key} = $value;
                  if ($value > 0) {
-                     foreach (@{$$affiliatesref{$key}}) {
+                     foreach my $item (@{$$affiliatesref{$key}}) {
-                         my $filename = $dom.'_'.$key.'_'.$_.'_classlist.xml';
+                         my $filename = $dom.'_'.$key.'_'.$item.'_classlist.xml';
                          my $destname = $pathname.'/'.$filename;
                          my $xml_classlist = &reply("autoretrieve:".$filename,$homeserver);
                          if ($xml_classlist =~ /^error/) {
- Line 3237  sub auto_run {
+ Line 4312  sub auto_run {
      my $response = &reply('autorun:'.$cdom,$homeserver);
      return $response;
  }
  sub auto_get_sections {
      my ($cnum,$cdom,$inst_coursecode) = @_;
      my $homeserver = &homeserver($cnum,$cdom);
- Line 3248  sub auto_get_sections {
+ Line 4323  sub auto_get_sections {
      }
      return @secs;
  }
  sub auto_new_course {
      my ($cnum,$cdom,$inst_course_id,$owner) = @_;
      my $homeserver = &homeserver($cnum,$cdom);
      my $response=&unescape(&reply('autonewcourse:'.$inst_course_id.':'.$owner.':'.$cdom,$homeserver));
      return $response;
  }
  sub auto_validate_courseID {
      my ($cnum,$cdom,$inst_course_id) = @_;
      my $homeserver = &homeserver($cnum,$cdom);
      my $response=&unescape(&reply('autovalidatecourse:'.$inst_course_id.':'.$cdom,$homeserver));
      return $response;
  }
  sub auto_create_password {
      my ($cnum,$cdom,$authparam) = @_;
      my $homeserver = &homeserver($cnum,$cdom);
- Line 3277  sub auto_create_password {
+ Line 4352  sub auto_create_password {
      return ($authparam,$create_passwd,$authchk);
  }
+ sub auto_photo_permission {
+     my ($cnum,$cdom,$students) = @_;
+     my $homeserver = &homeserver($cnum,$cdom);
+     my ($outcome,$perm_reqd,$conditions) =
+ 	split(/:/,&unescape(&reply('autophotopermission:'.$cdom,$homeserver)),3);
+     if ($outcome =~ /^(con_lost|unknown_cmd|no_such_host)$/) {
+ 	return (undef,undef);
+     }
+     return ($outcome,$perm_reqd,$conditions);
+ }
+ sub auto_checkphotos {
+     my ($uname,$udom,$pid) = @_;
+     my $homeserver = &homeserver($uname,$udom);
+     my ($result,$resulttype);
+     my $outcome = &unescape(&reply('autophotocheck:'.&escape($udom).':'.
+ 				   &escape($uname).':'.&escape($pid),
+ 				   $homeserver));
+     if ($outcome =~ /^(con_lost|unknown_cmd|no_such_host)$/) {
+ 	return (undef,undef);
+     }
+     if ($outcome) {
+         ($result,$resulttype) = split(/:/,$outcome);
+     }
+     return ($result,$resulttype);
+ }
+ sub auto_photochoice {
+     my ($cnum,$cdom) = @_;
+     my $homeserver = &homeserver($cnum,$cdom);
+     my ($update,$comment) = split(/:/,&unescape(&reply('autophotochoice:'.
+ 						       &escape($cdom),
+ 						       $homeserver)));
+     if ($update =~ /^(con_lost|unknown_cmd|no_such_host)$/) {
+ 	return (undef,undef);
+     }
+     return ($update,$comment);
+ }
+ sub auto_photoupdate {
+     my ($affiliatesref,$dom,$cnum,$photo) = @_;
+     my $homeserver = &homeserver($cnum,$dom);
+     my $host=$hostname{$homeserver};
+     my $cmd = '';
+     my $maxtries = 1;
+     foreach my $affiliate (keys(%{$affiliatesref})) {
+         $cmd .= $affiliate.'='.join(",",@{$$affiliatesref{$affiliate}}).'%%';
+     }
+     $cmd =~ s/%%$//;
+     $cmd = &escape($cmd);
+     my $query = 'institutionalphotos';
+     my $queryid=&reply("querysend:".$query.':'.$dom.':'.$cnum.':'.$cmd,$homeserver);
+     unless ($queryid=~/^\Q$host\E\_/) {
+         &logthis('institutionalphotos: invalid queryid: '.$queryid.' for host: '.$host.' and homeserver: '.$homeserver.' and course: '.$cnum);
+         return 'error: '.$queryid;
+     }
+     my $reply = &get_query_reply($queryid);
+     my $tries = 1;
+     while (($reply=~/^timeout/) && ($tries < $maxtries)) {
+         $reply = &get_query_reply($queryid);
+         $tries ++;
+     }
+     if ( ($reply =~/^timeout/) || ($reply =~/^error/) ) {
+         &logthis('institutionalphotos error: '.$reply.' for '.$dom.' '.$env{'user.name'}.' for '.$queryid.' course: '.$cnum.' maxtries: '.$maxtries.' tries: '.$tries);
+     } else {
+         my @responses = split(/:/,$reply);
+         my $outcome = shift(@responses);
+         foreach my $item (@responses) {
+             my ($key,$value) = split(/=/,$item);
+             $$photo{$key} = $value;
+         }
+         return $outcome;
+     }
+     return 'error';
+ }
  sub auto_instcode_format {
-     my ($caller,$codedom,$instcodes,$codes,$codetitles,$cat_titles,$cat_order) = @_;
+     my ($caller,$codedom,$instcodes,$codes,$codetitles,$cat_titles,
+ 	$cat_order) = @_;
      my $courses = '';
-     my $homeserver;
+     my @homeservers;
      if ($caller eq 'global') {
-         foreach my $tryserver (keys %libserv) {
+         foreach my $tryserver (keys(%libserv)) {
              if ($hostdom{$tryserver} eq $codedom) {
-                 $homeserver = $tryserver;
+                 if (!grep(/^\Q$tryserver\E$/,@homeservers)) {
-                 last;
+                     push(@homeservers,$tryserver);
+                 }
              }
          }
-         if (($env{'user.name'}) && ($env{'user.domain'} eq $codedom)) {
-             $homeserver = &homeserver($env{'user.name'},$codedom);
-         }
      } else {
-         $homeserver = &homeserver($caller,$codedom);
+         push(@homeservers,&homeserver($caller,$codedom));
      }
-     foreach (keys %{$instcodes}) {
+     foreach my $code (keys(%{$instcodes})) {
-         $courses .= &escape($_).'='.&escape($$instcodes{$_}).'&';
+         $courses .= &escape($code).'='.&escape($$instcodes{$code}).'&';
      }
      chop($courses);
-     my $response=&reply('autoinstcodeformat:'.$codedom.':'.$courses,$homeserver);
+     my $ok_response = 0;
-     unless ($response =~ /(con_lost|error|no_such_host|refused)/) {
+     my $response;
-         my ($codes_str,$codetitles_str,$cat_titles_str,$cat_order_str) = split/:/,$response;
+     while (@homeservers > 0 && $ok_response == 0) {
-         %{$codes} = &str2hash($codes_str);
+         my $server = shift(@homeservers);
-         @{$codetitles} = &str2array($codetitles_str);
+         $response=&reply('autoinstcodeformat:'.$codedom.':'.$courses,$server);
-         %{$cat_titles} = &str2hash($cat_titles_str);
+         if ($response !~ /(con_lost|error|no_such_host|refused)/) {
-         %{$cat_order} = &str2hash($cat_order_str);
+             my ($codes_str,$codetitles_str,$cat_titles_str,$cat_order_str) =
+ 		split/:/,$response;
+             %{$codes} = (%{$codes},&str2hash($codes_str));
+             push(@{$codetitles},&str2array($codetitles_str));
+             %{$cat_titles} = (%{$cat_titles},&str2hash($cat_titles_str));
+             %{$cat_order} = (%{$cat_order},&str2hash($cat_order_str));
+             $ok_response = 1;
+         }
+     }
+     if ($ok_response) {
          return 'ok';
+     } else {
+         return $response;
      }
+ }
+ sub auto_instcode_defaults {
+     my ($domain,$returnhash,$code_order) = @_;
+     my @homeservers;
+     foreach my $tryserver (keys(%libserv)) {
+         if ($hostdom{$tryserver} eq $domain) {
+             if (!grep(/^\Q$tryserver\E$/,@homeservers)) {
+                 push(@homeservers,$tryserver);
+             }
+         }
+     }
+     my $ok_response = 0;
+     my $response;
+     while (@homeservers > 0 && $ok_response == 0) {
+         my $server = shift(@homeservers);
+         $response=&reply('autoinstcodedefaults:'.$domain,$server);
+         if ($response !~ /(con_lost|error|no_such_host|refused)/) {
+             foreach my $pair (split(/\&/,$response)) {
+                 my ($name,$value)=split(/\=/,$pair);
+                 if ($name eq 'code_order') {
+                     @{$code_order} = split(/\&/,&unescape($value));
+                 } else {
+                     $returnhash->{&unescape($name)}=&unescape($value);
+                 }
+             }
+             $ok_response = 1;
+         }
+     }
+     if ($ok_response) {
+         return 'ok';
+     } else {
+         return $response;
+     }
+ }
+ sub auto_validate_class_sec {
+     my ($cdom,$cnum,$owner,$inst_class) = @_;
+     my $homeserver = &homeserver($cnum,$cdom);
+     my $response=&reply('autovalidateclass_sec:'.$inst_class.':'.
+                         &escape($owner).':'.$cdom,$homeserver);
      return $response;
  }
+ # ------------------------------------------------------- Course Group routines
+ sub get_coursegroups {
+     my ($cdom,$cnum,$group,$namespace) = @_;
+     return(&dump($namespace,$cdom,$cnum,$group));
+ }
+ sub modify_coursegroup {
+     my ($cdom,$cnum,$groupsettings) = @_;
+     return(&put('coursegroups',$groupsettings,$cdom,$cnum));
+ }
+ sub toggle_coursegroup_status {
+     my ($cdom,$cnum,$group,$action) = @_;
+     my ($from_namespace,$to_namespace);
+     if ($action eq 'delete') {
+         $from_namespace = 'coursegroups';
+         $to_namespace = 'deleted_groups';
+     } else {
+         $from_namespace = 'deleted_groups';
+         $to_namespace = 'coursegroups';
+     }
+     my %curr_group = &get_coursegroups($cdom,$cnum,$group,$from_namespace);
+     if (my $tmp = &error(%curr_group)) {
+         &Apache::lonnet::logthis('Error retrieving group: '.$tmp.' in '.$cnum.':'.$cdom);
+         return ('read error',$tmp);
+     } else {
+         my %savedsettings = %curr_group;
+         my $result = &put($to_namespace,\%savedsettings,$cdom,$cnum);
+         my $deloutcome;
+         if ($result eq 'ok') {
+             $deloutcome = &del($from_namespace,[$group],$cdom,$cnum);
+         } else {
+             return ('write error',$result);
+         }
+         if ($deloutcome eq 'ok') {
+             return 'ok';
+         } else {
+             return ('delete error',$deloutcome);
+         }
+     }
+ }
+ sub modify_group_roles {
+     my ($cdom,$cnum,$group_id,$user,$end,$start,$userprivs) = @_;
+     my $url = '/'.$cdom.'/'.$cnum.'/'.$group_id;
+     my $role = 'gr/'.&escape($userprivs);
+     my ($uname,$udom) = split(/:/,$user);
+     my $result = &assignrole($udom,$uname,$url,$role,$end,$start);
+     if ($result eq 'ok') {
+         &devalidate_getgroups_cache($udom,$uname,$cdom,$cnum);
+     }
+     return $result;
+ }
+ sub modify_coursegroup_membership {
+     my ($cdom,$cnum,$membership) = @_;
+     my $result = &put('groupmembership',$membership,$cdom,$cnum);
+     return $result;
+ }
+ sub get_active_groups {
+     my ($udom,$uname,$cdom,$cnum) = @_;
+     my $now = time;
+     my %groups = ();
+     foreach my $key (keys(%env)) {
+         if ($key =~ m-user\.role\.gr\./($match_domain)/($match_courseid)/(\w+)$-) {
+             my ($start,$end) = split(/\./,$env{$key});
+             if (($end!=0) && ($end<$now)) { next; }
+             if (($start!=0) && ($start>$now)) { next; }
+             if ($1 eq $cdom && $2 eq $cnum) {
+                 $groups{$3} = $env{$key} ;
+             }
+         }
+     }
+     return %groups;
+ }
+ sub get_group_membership {
+     my ($cdom,$cnum,$group) = @_;
+     return(&dump('groupmembership',$cdom,$cnum,$group));
+ }
+ sub get_users_groups {
+     my ($udom,$uname,$courseid) = @_;
+     my @usersgroups;
+     my $cachetime=1800;
+     my $hashid="$udom:$uname:$courseid";
+     my ($grouplist,$cached)=&is_cached_new('getgroups',$hashid);
+     if (defined($cached)) {
+         @usersgroups = split(/:/,$grouplist);
+     } else {
+         $grouplist = '';
+         my $courseurl = &courseid_to_courseurl($courseid);
+         my %roleshash = &dump('roles',$udom,$uname,$courseurl);
+         my $access_end = $env{'course.'.$courseid.
+                               '.default_enrollment_end_date'};
+         my $now = time;
+         foreach my $key (keys(%roleshash)) {
+             if ($key =~ /^\Q$courseurl\E\/(\w+)\_gr$/) {
+                 my $group = $1;
+                 if ($roleshash{$key} =~ /_(\d+)_(\d+)$/) {
+                     my $start = $2;
+                     my $end = $1;
+                     if ($start == -1) { next; } # deleted from group
+                     if (($start!=0) && ($start>$now)) { next; }
+                     if (($end!=0) && ($end<$now)) {
+                         if ($access_end && $access_end < $now) {
+                             if ($access_end - $end < 86400) {
+                                 push(@usersgroups,$group);
+                             }
+                         }
+                         next;
+                     }
+                     push(@usersgroups,$group);
+                 }
+             }
+         }
+         @usersgroups = &sort_course_groups($courseid,@usersgroups);
+         $grouplist = join(':',@usersgroups);
+         &do_cache_new('getgroups',$hashid,$grouplist,$cachetime);
+     }
+     return @usersgroups;
+ }
+ sub devalidate_getgroups_cache {
+     my ($udom,$uname,$cdom,$cnum)=@_;
+     my $courseid = $cdom.'_'.$cnum;
+     my $hashid="$udom:$uname:$courseid";
+     &devalidate_cache_new('getgroups',$hashid);
+ }
  # ------------------------------------------------------------------ Plain Text
  sub plaintext {
-     my $short=shift;
+     my ($short,$type,$cid) = @_;
-     return &mt($prp{$short});
+     if ($short =~ /^cr/) {
+ 	return (split('/',$short))[-1];
+     }
+     if (!defined($cid)) {
+         $cid = $env{'request.course.id'};
+     }
+     if (defined($cid) && defined($env{'course.'.$cid.'.'.$short.'.plaintext'})) {
+         return &Apache::lonlocal::mt($env{'course.'.$cid.'.'.$short.
+                                           '.plaintext'});
+     }
+     my %rolenames = (
+                       Course => 'std',
+                       Group => 'alt1',
+                     );
+     if (defined($type) &&
+          defined($rolenames{$type}) &&
+          defined($prp{$short}{$rolenames{$type}})) {
+         return &Apache::lonlocal::mt($prp{$short}{$rolenames{$type}});
+     } else {
+         return &Apache::lonlocal::mt($prp{$short}{'std'});
+     }
  }
  # ----------------------------------------------------------------- Assign Role
- Line 3324  sub assignrole {
+ Line 4680  sub assignrole {
      my $mrole;
      if ($role =~ /^cr\//) {
          my $cwosec=$url;
-         $cwosec=~s/^\/(\w+)\/(\w+)\/.*/$1\/$2/;
+         $cwosec=~s/^\/($match_domain)\/($match_courseid)\/.*/$1\/$2/;
  	unless (&allowed('ccr',$cwosec)) {
             &logthis('Refused custom assignrole: '.
               $udom.' '.$uname.' '.$url.' '.$role.' '.$end.' '.$start.' by '.
- Line 3332  sub assignrole {
+ Line 4688  sub assignrole {
             return 'refused';
          }
          $mrole='cr';
+     } elsif ($role =~ /^gr\//) {
+         my $cwogrp=$url;
+         $cwogrp=~s{^/($match_domain)/($match_courseid)/.*}{$1/$2};
+         unless (&allowed('mdg',$cwogrp)) {
+             &logthis('Refused group assignrole: '.
+               $udom.' '.$uname.' '.$url.' '.$role.' '.$end.' '.$start.' by '.
+                     $env{'user.name'}.' at '.$env{'user.domain'});
+             return 'refused';
+         }
+         $mrole='gr';
      } else {
          my $cwosec=$url;
-         $cwosec=~s/^\/(\w+)\/(\w+)\/.*/$1\/$2/;
+         $cwosec=~s/^\/($match_domain)\/($match_courseid)\/.*/$1\/$2/;
          unless ((&allowed('c'.$role,$cwosec)) || &allowed('c'.$role,$udom)) {
             &logthis('Refused assignrole: '.
               $udom.' '.$uname.' '.$url.' '.$role.' '.$end.' '.$start.' by '.
- Line 3353  sub assignrole {
+ Line 4719  sub assignrole {
             $command.='_0_'.$start;
          }
      }
+     my $origstart = $start;
+     my $origend = $end;
  # actually delete
      if ($deleteflag) {
  	if ((&allowed('dro',$udom)) || (&allowed('dro',$url))) {
- Line 3369  sub assignrole {
+ Line 4737  sub assignrole {
      my $answer=&reply($command,&homeserver($uname,$udom));
  # log new user role if status is ok
      if ($answer eq 'ok') {
- 	&userrolelog($mrole,$uname,$udom,$url,$start,$end);
+ 	&userrolelog($role,$uname,$udom,$url,$start,$end);
+ # for course roles, perform group memberships changes triggered by role change.
+         unless ($role =~ /^gr/) {
+             &Apache::longroup::group_changes($udom,$uname,$url,$role,$origend,
+                                              $origstart);
+         }
      }
      return $answer;
  }
- Line 3407  sub modifyuser {
+ Line 4780  sub modifyuser {
          $umode,   $upass, $first,
          $middle,  $last,  $gene,
          $forceid, $desiredhome, $email)=@_;
-     $udom=~s/\W//g;
+     $udom= &LONCAPA::clean_domain($udom);
-     $uname=~s/\W//g;
+     $uname=&LONCAPA::clean_username($uname);
      &logthis('Call to modify user '.$udom.', '.$uname.', '.$uid.', '.
               $umode.', '.$first.', '.$middle.', '.
  	     $last.', '.$gene.'(forceid: '.$forceid.')'.
- Line 3492  sub modifyuser {
+ Line 4865  sub modifyuser {
      }
      my $reply = &put('environment', \%names, $udom,$uname);
      if ($reply ne 'ok') { return 'error: '.$reply; }
+     &devalidate_cache_new('namescache',$uname.':'.$udom);
      &logthis('Success modifying user '.$udom.', '.$uname.', '.$uid.', '.
               $umode.', '.$first.', '.$middle.', '.
  	     $last.', '.$gene.' by '.
- Line 3556  sub modify_student_enrollment {
+ Line 4930  sub modify_student_enrollment {
                         ['firstname','middlename','lastname', 'generation','id']
                         ,$udom,$uname);
-         #foreach (keys(%tmp)) {
+         #foreach my $key (keys(%tmp)) {
-         #    &logthis("key $_ = ".$tmp{$_});
+         #    &logthis("key $key = ".$tmp{$key});
          #}
          $first  = $tmp{'firstname'}  if (!defined($first)  || $first  eq '');
          $middle = $tmp{'middlename'} if (!defined($middle) || $middle eq '');
- Line 3572  sub modify_student_enrollment {
+ Line 4946  sub modify_student_enrollment {
  		   $cdom,$cnum);
      unless (($reply eq 'ok') || ($reply eq 'delayed')) {
  	return 'error: '.$reply;
+     } else {
+ 	&devalidate_getsection_cache($udom,$uname,$cid);
      }
      # Add student role to user
      my $uurl='/'.$cid;
- Line 3613  sub writecoursepref {
+ Line 4989  sub writecoursepref {
  	return 'error: no such course';
      }
      my $cstring='';
-     foreach (keys %prefs) {
+     foreach my $pref (keys(%prefs)) {
- 	$cstring.=escape($_).'='.escape($prefs{$_}).'&';
+ 	$cstring.=&escape($pref).'='.&escape($prefs{$pref}).'&';
      }
      $cstring=~s/\&$//;
      return reply('put:'.$cdomain.':'.$cnum.':environment:'.$cstring,$chome);
- Line 3623  sub writecoursepref {
+ Line 4999  sub writecoursepref {
  # ---------------------------------------------------------- Make/modify course
  sub createcourse {
-     my ($udom,$description,$url,$course_server,$nonstandard,$inst_code,$course_owner)=@_;
+     my ($udom,$description,$url,$course_server,$nonstandard,$inst_code,
+         $course_owner,$crstype)=@_;
      $url=&declutter($url);
      my $cid='';
      unless (&allowed('ccc',$udom)) {
          return 'refused';
      }
  # ------------------------------------------------------------------- Create ID
-    my $uname=substr($$.time,0,5).unpack("H8",pack("I32",time)).
+    my $uname=int(1+rand(9)).
+        ('a'..'z','A'..'Z','0'..'9')[int(rand(62))].
+        substr($$.time,0,5).unpack("H8",pack("I32",time)).
         unpack("H2",pack("I32",int(rand(255)))).$perlvar{'lonHostID'};
  # ----------------------------------------------- Make sure that does not exist
     my $uhome=&homeserver($uname,$udom,'true');
- Line 3658  sub createcourse {
+ Line 5037  sub createcourse {
  # ----------------------------------------------------------------- Course made
  # log existence
      &courseidput($udom,&escape($udom.'_'.$uname).'='.&escape($description).
-                  ':'.&escape($inst_code).':'.&escape($course_owner),$uhome);
+                  ':'.&escape($inst_code).':'.&escape($course_owner).':'.
+                   &escape($crstype),$uhome);
      &flushcourselogs();
  # set toplevel url
      my $topurl=$url;
- Line 3676  sub createcourse {
+ Line 5056  sub createcourse {
  </map>
  ENDINITMAP
          $topurl=&declutter(
-         &finishuserfileupload($uname,$udom,$uhome,'initmap','default.sequence')
+         &finishuserfileupload($uname,$udom,'initmap','default.sequence')
                            );
      }
  # ----------------------------------------------------------- Write preferences
- Line 3686  ENDINITMAP
+ Line 5066  ENDINITMAP
      return '/'.$udom.'/'.$uname;
  }
+ sub is_course {
+     my ($cdom,$cnum) = @_;
+     my %courses = &courseiddump($cdom,'.',1,'.','.',$cnum,undef,
+ 				undef,'.');
+     if (exists($courses{$cdom.'_'.$cnum})) {
+         return 1;
+     }
+     return 0;
+ }
  # ---------------------------------------------------------- Assign Custom Role
  sub assigncustomrole {
- Line 3728  sub is_locked {
+ Line 5118  sub is_locked {
  		      $env{'user.domain'},$env{'user.name'});
      my ($tmp)=keys(%locked);
      if ($tmp=~/^error:/) { undef(%locked); }
      if (ref($locked{$file_name}) eq 'ARRAY') {
-         $is_locked = 'true';
+         $is_locked = 'false';
+         foreach my $entry (@{$locked{$file_name}}) {
+            if (ref($entry) eq 'ARRAY') {
+                $is_locked = 'true';
+                last;
+            }
+        }
      } else {
          $is_locked = 'false';
      }
  }
+ sub declutter_portfile {
+     my ($file) = @_;
+     &logthis("got $file");
+     $file =~ s-^(/portfolio/|portfolio/)-/-;
+     &logthis("ret $file");
+     return $file;
+ }
  # ------------------------------------------------------------- Mark as Read Only
  sub mark_as_readonly {
- Line 3743  sub mark_as_readonly {
+ Line 5147  sub mark_as_readonly {
      my %current_permissions = &dump('file_permissions',$domain,$user);
      my ($tmp)=keys(%current_permissions);
      if ($tmp=~/^error:/) { undef(%current_permissions); }
      foreach my $file (@{$files}) {
+ 	$file = &declutter_portfile($file);
          push(@{$current_permissions{$file}},$what);
      }
      &put('file_permissions',\%current_permissions,$domain,$user);
- Line 3803  sub files_not_in_path {
+ Line 5207  sub files_not_in_path {
      my $filename = $user."savedfiles";
      my @return_files;
      my $path_part;
-     open (IN, '<'.$Apache::lonnet::perlvar{'lonDaemons'}.'/tmp/'.$filename);
+     open(IN, '<'.$Apache::lonnet::perlvar{'lonDaemons'}.'/tmp/'.$filename);
-     while (<IN>) {
+     while (my $line = <IN>) {
          #ok, I know it's clunky, but I want it to work
-         my @paths_and_file = split m!/!, $_;
+         my @paths_and_file = split(m|/|, $line);
-         my $file_part = pop (@paths_and_file);
+         my $file_part = pop(@paths_and_file);
-         chomp ($file_part);
+         chomp($file_part);
-         my $path_part = join ('/', @paths_and_file);
+         my $path_part = join('/', @paths_and_file);
          $path_part .= '/';
          my $path_and_file = $path_part.$file_part;
          if ($path_part ne $path) {
-             push (@return_files, ($path_and_file));
+             push(@return_files, ($path_and_file));
          }
      }
-     close (OUT);
+     close(OUT);
      return (@return_files);
  }
- #--------------------------------------------------------------Get Marked as Read Only
+ #----------------------------------------------Get portfolio file permissions
- sub get_marked_as_readonly {
+ sub get_portfile_permissions {
-     my ($domain,$user,$what) = @_;
+     my ($domain,$user) = @_;
      my %current_permissions = &dump('file_permissions',$domain,$user);
      my ($tmp)=keys(%current_permissions);
      if ($tmp=~/^error:/) { undef(%current_permissions); }
+     return \%current_permissions;
+ }
+ #---------------------------------------------Get portfolio file access controls
+ sub get_access_controls {
+     my ($current_permissions,$group,$file) = @_;
+     my %access;
+     my $real_file = $file;
+     $file =~ s/\.meta$//;
+     if (defined($file)) {
+         if (ref($$current_permissions{$file."\0".'accesscontrol'}) eq 'HASH') {
+             foreach my $control (keys(%{$$current_permissions{$file."\0".'accesscontrol'}})) {
+                 $access{$real_file}{$control} = $$current_permissions{$file."\0".$control};
+             }
+         }
+     } else {
+         foreach my $key (keys(%{$current_permissions})) {
+             if ($key =~ /\0accesscontrol$/) {
+                 if (defined($group)) {
+                     if ($key !~ m-^\Q$group\E/-) {
+                         next;
+                     }
+                 }
+                 my ($fullpath) = split(/\0/,$key);
+                 if (ref($$current_permissions{$key}) eq 'HASH') {
+                     foreach my $control (keys(%{$$current_permissions{$key}})) {
+                         $access{$fullpath}{$control}=$$current_permissions{$fullpath."\0".$control};
+                     }
+                 }
+             }
+         }
+     }
+     return %access;
+ }
+ sub modify_access_controls {
+     my ($file_name,$changes,$domain,$user)=@_;
+     my ($outcome,$deloutcome);
+     my %store_permissions;
+     my %new_values;
+     my %new_control;
+     my %translation;
+     my @deletions = ();
+     my $now = time;
+     if (exists($$changes{'activate'})) {
+         if (ref($$changes{'activate'}) eq 'HASH') {
+             my @newitems = sort(keys(%{$$changes{'activate'}}));
+             my $numnew = scalar(@newitems);
+             for (my $i=0; $i<$numnew; $i++) {
+                 my $newkey = $newitems[$i];
+                 my $newid = &Apache::loncommon::get_cgi_id();
+                 if ($newkey =~ /^\d+:/) {
+                     $newkey =~ s/^(\d+)/$newid/;
+                     $translation{$1} = $newid;
+                 } elsif ($newkey =~ /^\d+_\d+_\d+:/) {
+                     $newkey =~ s/^(\d+_\d+_\d+)/$newid/;
+                     $translation{$1} = $newid;
+                 }
+                 $new_values{$file_name."\0".$newkey} =
+                                           $$changes{'activate'}{$newitems[$i]};
+                 $new_control{$newkey} = $now;
+             }
+         }
+     }
+     my %todelete;
+     my %changed_items;
+     foreach my $action ('delete','update') {
+         if (exists($$changes{$action})) {
+             if (ref($$changes{$action}) eq 'HASH') {
+                 foreach my $key (keys(%{$$changes{$action}})) {
+                     my ($itemnum) = ($key =~ /^([^:]+):/);
+                     if ($action eq 'delete') {
+                         $todelete{$itemnum} = 1;
+                     } else {
+                         $changed_items{$itemnum} = $key;
+                     }
+                 }
+             }
+         }
+     }
+     # get lock on access controls for file.
+     my $lockhash = {
+                   $file_name."\0".'locked_access_records' => $env{'user.name'}.
+                                                        ':'.$env{'user.domain'},
+                    };
+     my $tries = 0;
+     my $gotlock = &newput('file_permissions',$lockhash,$domain,$user);
+     while (($gotlock ne 'ok') && $tries <3) {
+         $tries ++;
+         sleep 1;
+         $gotlock = &newput('file_permissions',$lockhash,$domain,$user);
+     }
+     if ($gotlock eq 'ok') {
+         my %curr_permissions = &dump('file_permissions',$domain,$user,$file_name);
+         my ($tmp)=keys(%curr_permissions);
+         if ($tmp=~/^error:/) { undef(%curr_permissions); }
+         if (exists($curr_permissions{$file_name."\0".'accesscontrol'})) {
+             my $curr_controls = $curr_permissions{$file_name."\0".'accesscontrol'};
+             if (ref($curr_controls) eq 'HASH') {
+                 foreach my $control_item (keys(%{$curr_controls})) {
+                     my ($itemnum) = ($control_item =~ /^([^:]+):/);
+                     if (defined($todelete{$itemnum})) {
+                         push(@deletions,$file_name."\0".$control_item);
+                     } else {
+                         if (defined($changed_items{$itemnum})) {
+                             $new_control{$changed_items{$itemnum}} = $now;
+                             push(@deletions,$file_name."\0".$control_item);
+                             $new_values{$file_name."\0".$changed_items{$itemnum}} = $$changes{'update'}{$changed_items{$itemnum}};
+                         } else {
+                             $new_control{$control_item} = $$curr_controls{$control_item};
+                         }
+                     }
+                 }
+             }
+         }
+         $deloutcome = &del('file_permissions',\@deletions,$domain,$user);
+         $new_values{$file_name."\0".'accesscontrol'} = \%new_control;
+         $outcome = &put('file_permissions',\%new_values,$domain,$user);
+         #  remove lock
+         my @del_lock = ($file_name."\0".'locked_access_records');
+         my $dellockoutcome = &del('file_permissions',\@del_lock,$domain,$user);
+         my ($file,$group);
+         if (&is_course($domain,$user)) {
+             ($group,$file) = split(/\//,$file_name,2);
+         } else {
+             $file = $file_name;
+         }
+         my $sqlresult =
+             &update_portfolio_table($user,$domain,$file,'portfolio_access',
+                                     $group);
+     } else {
+         $outcome = "error: could not obtain lockfile\n";
+     }
+     return ($outcome,$deloutcome,\%new_values,\%translation);
+ }
+ sub make_public_indefinitely {
+     my ($requrl) = @_;
+     my $now = time;
+     my $action = 'activate';
+     my $aclnum = 0;
+     if (&is_portfolio_url($requrl)) {
+         my (undef,$udom,$unum,$file_name,$group) =
+             &parse_portfolio_url($requrl);
+         my $current_perms = &get_portfile_permissions($udom,$unum);
+         my %access_controls = &get_access_controls($current_perms,
+                                                    $group,$file_name);
+         foreach my $key (keys(%{$access_controls{$file_name}})) {
+             my ($num,$scope,$end,$start) =
+                 ($key =~ /^([^:]+):([a-z]+)_(\d*)_?(\d*)$/);
+             if ($scope eq 'public') {
+                 if ($start <= $now && $end == 0) {
+                     $action = 'none';
+                 } else {
+                     $action = 'update';
+                     $aclnum = $num;
+                 }
+                 last;
+             }
+         }
+         if ($action eq 'none') {
+              return 'ok';
+         } else {
+             my %changes;
+             my $newend = 0;
+             my $newstart = $now;
+             my $newkey = $aclnum.':public_'.$newend.'_'.$newstart;
+             $changes{$action}{$newkey} = {
+                 type => 'public',
+                 time => {
+                     start => $newstart,
+                     end   => $newend,
+                 },
+             };
+             my ($outcome,$deloutcome,$new_values,$translation) =
+                 &modify_access_controls($file_name,\%changes,$udom,$unum);
+             return $outcome;
+         }
+     } else {
+         return 'invalid';
+     }
+ }
+ #------------------------------------------------------Get Marked as Read Only
+ sub get_marked_as_readonly {
+     my ($domain,$user,$what,$group) = @_;
+     my $current_permissions = &get_portfile_permissions($domain,$user);
      my @readonly_files;
-     while (my ($file_name,$value) = each(%current_permissions)) {
+     my $cmp1=$what;
+     if (ref($what)) { $cmp1=join('',@{$what}) };
+     while (my ($file_name,$value) = each(%{$current_permissions})) {
+         if (defined($group)) {
+             if ($file_name !~ m-^\Q$group\E/-) {
+                 next;
+             }
+         }
          if (ref($value) eq "ARRAY"){
              foreach my $stored_what (@{$value}) {
-                 if ($stored_what eq $what) {
+                 my $cmp2=$stored_what;
+                 if (ref($stored_what) eq 'ARRAY') {
+                     $cmp2=join('',@{$stored_what});
+                 }
+                 if ($cmp1 eq $cmp2) {
                      push(@readonly_files, $file_name);
+                     last;
                  } elsif (!defined($what)) {
                      push(@readonly_files, $file_name);
+                     last;
                  }
              }
          }
      }
      return @readonly_files;
  }
  #-----------------------------------------------------------Get Marked as Read Only Hash
  sub get_marked_as_readonly_hash {
-     my ($domain,$user,$what) = @_;
+     my ($current_permissions,$group,$what) = @_;
-     my %current_permissions = &dump('file_permissions',$domain,$user);
-     my ($tmp)=keys(%current_permissions);
-     if ($tmp=~/^error:/) { undef(%current_permissions); }
      my %readonly_files;
-     while (my ($file_name,$value) = each(%current_permissions)) {
+     while (my ($file_name,$value) = each(%{$current_permissions})) {
+         if (defined($group)) {
+             if ($file_name !~ m-^\Q$group\E/-) {
+                 next;
+             }
+         }
          if (ref($value) eq "ARRAY"){
              foreach my $stored_what (@{$value}) {
-                 if ($stored_what eq $what) {
+                 if (ref($stored_what) eq 'ARRAY') {
-                     $readonly_files{$file_name} = 'locked';
+                     foreach my $lock_descriptor(@{$stored_what}) {
-                 } elsif (!defined($what)) {
+                         if ($lock_descriptor eq 'graded') {
-                     $readonly_files{$file_name} = 'locked';
+                             $readonly_files{$file_name} = 'graded';
-                 }
+                         } elsif ($lock_descriptor eq 'handback') {
+                             $readonly_files{$file_name} = 'handback';
+                         } else {
+                             if (!exists($readonly_files{$file_name})) {
+                                 $readonly_files{$file_name} = 'locked';
+                             }
+                         }
+                     }
+                 }
              }
          }
      }
- Line 3867  sub get_marked_as_readonly_hash {
+ Line 5482  sub get_marked_as_readonly_hash {
  # ------------------------------------------------------------ Unmark as Read Only
  sub unmark_as_readonly {
-     # unmarks all files locked by $what
+     # unmarks $file_name (if $file_name is defined), or all files locked by $what
-     # for portfolio submissions, $what contains $crsid and $symb
+     # for portfolio submissions, $what contains [$symb,$crsid]
-     my ($domain,$user,$what) = @_;
+     my ($domain,$user,$what,$file_name,$group) = @_;
-     my %current_permissions = &dump('file_permissions',$domain,$user);
+     $file_name = &declutter_portfile($file_name);
+     my $symb_crs = $what;
+     if (ref($what)) { $symb_crs=join('',@$what); }
+     my %current_permissions = &dump('file_permissions',$domain,$user,$group);
      my ($tmp)=keys(%current_permissions);
      if ($tmp=~/^error:/) { undef(%current_permissions); }
+     my @readonly_files = &get_marked_as_readonly($domain,$user,$what,$group);
-     my @readonly_files = &get_marked_as_readonly($domain,$user,$what);
+     foreach my $file (@readonly_files) {
-     foreach my $file(@readonly_files){
+ 	my $clean_file = &declutter_portfile($file);
-         my $current_locks = $current_permissions{$file};
+ 	if (defined($file_name) && ($file_name ne $clean_file)) { next; }
+ 	my $current_locks = $current_permissions{$file};
          my @new_locks;
          my @del_keys;
          if (ref($current_locks) eq "ARRAY"){
              foreach my $locker (@{$current_locks}) {
-                 unless ($locker eq $what) {
+                 my $compare=$locker;
-                     push(@new_locks, $what);
+                 if (ref($locker) eq 'ARRAY') {
+                     $compare=join('',@{$locker});
+                     if ($compare ne $symb_crs) {
+                         push(@new_locks, $locker);
+                     }
                  }
              }
-             if (@new_locks > 0) {
+             if (scalar(@new_locks) > 0) {
                  $current_permissions{$file} = \@new_locks;
              } else {
                  push(@del_keys, $file);
                  &del('file_permissions',\@del_keys, $domain, $user);
-                 delete $current_permissions{$file};
+                 delete($current_permissions{$file});
              }
          }
      }
- Line 3922  sub dirlist {
+ Line 5545  sub dirlist {
      if($udom) {
          if($uname) {
-             my $listing=reply('ls2:'.$dirRoot.'/'.$uri,
+             my $listing = &reply('ls2:'.$dirRoot.'/'.$uri,
-                               homeserver($uname,$udom));
+ 				 &homeserver($uname,$udom));
              my @listing_results;
              if ($listing eq 'unknown_cmd') {
-                 $listing=reply('ls:'.$dirRoot.'/'.$uri,
+                 $listing = &reply('ls:'.$dirRoot.'/'.$uri,
-                                homeserver($uname,$udom));
+ 				  &homeserver($uname,$udom));
                  @listing_results = split(/:/,$listing);
              } else {
                  @listing_results = map { &unescape($_); } split(/:/,$listing);
              }
              return @listing_results;
          } elsif(!defined($alternateDirectoryRoot)) {
-             my $tryserver;
+             my %allusers;
-             my %allusers=();
+             foreach my $tryserver (keys(%libserv)) {
-             foreach $tryserver (keys %libserv) {
                  if($hostdom{$tryserver} eq $udom) {
-                     my $listing=reply('ls2:'.$perlvar{'lonDocRoot'}.'/res/'.
+                     my $listing = &reply('ls2:'.$perlvar{'lonDocRoot'}.'/res/'.
-                                       $udom, $tryserver);
+ 					 $udom, $tryserver);
                      my @listing_results;
                      if ($listing eq 'unknown_cmd') {
-                         $listing=reply('ls:'.$perlvar{'lonDocRoot'}.'/res/'.
+                         $listing = &reply('ls:'.$perlvar{'lonDocRoot'}.'/res/'.
-                                        $udom, $tryserver);
+ 					  $udom, $tryserver);
                          @listing_results = split(/:/,$listing);
                      } else {
                          @listing_results =
- Line 3952  sub dirlist {
+ Line 5574  sub dirlist {
                      if ($listing_results[0] ne 'no_such_dir' &&
                          $listing_results[0] ne 'empty'       &&
                          $listing_results[0] ne 'con_lost') {
-                         foreach (@listing_results) {
+                         foreach my $line (@listing_results) {
-                             my ($entry,@stat)=split(/&/,$_);
+                             my ($entry) = split(/&/,$line,2);
-                             $allusers{$entry}=1;
+                             $allusers{$entry} = 1;
                          }
                      }
                  }
              }
              my $alluserstr='';
-             foreach (sort keys %allusers) {
+             foreach my $user (sort(keys(%allusers))) {
-                 $alluserstr.=$_.'&user:';
+                 $alluserstr.=$user.'&user:';
              }
              $alluserstr=~s/:$//;
              return split(/:/,$alluserstr);
          } else {
-             my @emptyResults = ();
+             return ('missing user name');
-             push(@emptyResults, 'missing user name');
-             return split(':',@emptyResults);
          }
      } elsif(!defined($alternateDirectoryRoot)) {
          my $tryserver;
          my %alldom=();
-         foreach $tryserver (keys %libserv) {
+         foreach $tryserver (keys(%libserv)) {
              $alldom{$hostdom{$tryserver}}=1;
          }
          my $alldomstr='';
-         foreach (sort keys %alldom) {
+         foreach my $domain (sort(keys(%alldom))) {
-             $alldomstr.=$perlvar{'lonDocRoot'}.'/res/'.$_.'/&domain:';
+             $alldomstr.=$perlvar{'lonDocRoot'}.'/res/'.$domain.'/&domain:';
          }
          $alldomstr=~s/:$//;
          return split(/:/,$alldomstr);
      } else {
-         my @emptyResults = ();
+         return ('missing domain');
-         push(@emptyResults, 'missing domain');
-         return split(':',@emptyResults);
      }
  }
- Line 4003  sub dirlist {
+ Line 5621  sub dirlist {
  ##
  sub GetFileTimestamp {
      my ($studentDomain,$studentName,$filename,$root)=@_;
-     $studentDomain=~s/\W//g;
+     $studentDomain = &LONCAPA::clean_domain($studentDomain);
-     $studentName=~s/\W//g;
+     $studentName   = &LONCAPA::clean_username($studentName);
      my $subdir=$studentName.'__';
      $subdir =~ s/(.)(.)(.).*/$1\/$2\/$3/;
      my $proname="$studentDomain/$subdir/$studentName";
- Line 4020  sub GetFileTimestamp {
+ Line 5638  sub GetFileTimestamp {
      }
  }
+ sub stat_file {
+     my ($uri) = @_;
+     $uri = &clutter_with_no_wrapper($uri);
+     my ($udom,$uname,$file,$dir);
+     if ($uri =~ m-^/(uploaded|editupload)/-) {
+ 	($udom,$uname,$file) =
+ 	    ($uri =~ m-/(?:uploaded|editupload)/?($match_domain)/?($match_name)/?(.*)-);
+ 	$file = 'userfiles/'.$file;
+ 	$dir = &propath($udom,$uname);
+     }
+     if ($uri =~ m-^/res/-) {
+ 	($udom,$uname) =
+ 	    ($uri =~ m-/(?:res)/?($match_domain)/?($match_username)/-);
+ 	$file = $uri;
+     }
+     if (!$udom || !$uname || !$file) {
+ 	# unable to handle the uri
+ 	return ();
+     }
+     my ($result) = &dirlist($file,$udom,$uname,$dir);
+     my @stats = split('&', $result);
+     if($stats[0] ne 'empty' && $stats[0] ne 'no_such_dir') {
+ 	shift(@stats); #filename is first
+ 	return @stats;
+     }
+     return ();
+ }
  # -------------------------------------------------------- Value of a Condition
+ # gets the value of a specific preevaluated condition
+ #    stored in the string  $env{user.state.<cid>}
+ # or looks up a condition reference in the bighash and if if hasn't
+ # already been evaluated recurses into docondval to get the value of
+ # the condition, then memoizing it to
+ #   $env{user.state.<cid>.<condition>}
  sub directcondval {
      my $number=shift;
      if (!defined($env{'user.state.'.$env{'request.course.id'}})) {
  	&Apache::lonuserstate::evalstate();
      }
+     if (exists($env{'user.state.'.$env{'request.course.id'}.".$number"})) {
+ 	return $env{'user.state.'.$env{'request.course.id'}.".$number"};
+     } elsif ($number =~ /^_/) {
+ 	my $sub_condition;
+ 	if (tie(my %bighash,'GDBM_File',$env{'request.course.fn'}.'.db',
+ 		&GDBM_READER(),0640)) {
+ 	    $sub_condition=$bighash{'conditions'.$number};
+ 	    untie(%bighash);
+ 	}
+ 	my $value = &docondval($sub_condition);
+ 	&appenv('user.state.'.$env{'request.course.id'}.".$number" => $value);
+ 	return $value;
+     }
      if ($env{'user.state.'.$env{'request.course.id'}}) {
         return substr($env{'user.state.'.$env{'request.course.id'}},$number,1);
      } else {
- Line 4034  sub directcondval {
+ Line 5703  sub directcondval {
      }
  }
+ # get the collection of conditions for this resource
  sub condval {
      my $condidx=shift;
-     my $result=0;
      my $allpathcond='';
-     foreach (split(/\|/,$condidx)) {
+     foreach my $cond (split(/\|/,$condidx)) {
-        if (defined($env{'acc.cond.'.$env{'request.course.id'}.'.'.$_})) {
+ 	if (defined($env{'acc.cond.'.$env{'request.course.id'}.'.'.$cond})) {
- 	   $allpathcond.=
+ 	    $allpathcond.=
-                '('.$env{'acc.cond.'.$env{'request.course.id'}.'.'.$_}.')|';
+ 		'('.$env{'acc.cond.'.$env{'request.course.id'}.'.'.$cond}.')|';
-        }
+ 	}
      }
      $allpathcond=~s/\|$//;
-     if ($env{'request.course.id'}) {
+     return &docondval($allpathcond);
-        if ($allpathcond) {
+ }
-           my $operand='|';
- 	  my @stack;
+ #evaluates an expression of conditions
-            foreach ($allpathcond=~/(\d+|\(|\)|\&|\|)/g) {
+ sub docondval {
-               if ($_ eq '(') {
+     my ($allpathcond) = @_;
-                  push @stack,($operand,$result)
+     my $result=0;
-               } elsif ($_ eq ')') {
+     if ($env{'request.course.id'}
-                   my $before=pop @stack;
+ 	&& defined($allpathcond)) {
- 		  if (pop @stack eq '&') {
+ 	my $operand='|';
- 		      $result=$result>$before?$before:$result;
+ 	my @stack;
-                   } else {
+ 	foreach my $chunk ($allpathcond=~/(\d+|_\d+\.\d+|\(|\)|\&|\|)/g) {
-                       $result=$result>$before?$result:$before;
+ 	    if ($chunk eq '(') {
-                   }
+ 		push @stack,($operand,$result);
-               } elsif (($_ eq '&') || ($_ eq '|')) {
+ 	    } elsif ($chunk eq ')') {
-                   $operand=$_;
+ 		my $before=pop @stack;
-               } else {
+ 		if (pop @stack eq '&') {
-                   my $new=directcondval($_);
+ 		    $result=$result>$before?$before:$result;
-                   if ($operand eq '&') {
+ 		} else {
-                      $result=$result>$new?$new:$result;
+ 		    $result=$result>$before?$result:$before;
-                   } else {
+ 		}
-                      $result=$result>$new?$result:$new;
+ 	    } elsif (($chunk eq '&') || ($chunk eq '|')) {
-                   }
+ 		$operand=$chunk;
-               }
+ 	    } else {
-           }
+ 		my $new=directcondval($chunk);
-        }
+ 		if ($operand eq '&') {
+ 		    $result=$result>$new?$new:$result;
+ 		} else {
+ 		    $result=$result>$new?$result:$new;
+ 		}
+ 	    }
+ 	}
      }
      return $result;
  }
- Line 4083  sub devalidatecourseresdata {
+ Line 5758  sub devalidatecourseresdata {
      &devalidate_cache_new('courseres',$hashid);
  }
  # --------------------------------------------------- Course Resourcedata Query
  sub get_courseresdata {
- Line 4107  sub get_courseresdata {
+ Line 5783  sub get_courseresdata {
      return $result;
  }
+ sub devalidateuserresdata {
+     my ($uname,$udom)=@_;
+     my $hashid="$udom:$uname";
+     &devalidate_cache_new('userres',$hashid);
+ }
  sub get_userresdata {
      my ($uname,$udom)=@_;
      #most student don\'t have any data set, check if there is some data
- Line 4125  sub get_userresdata {
+ Line 5807  sub get_userresdata {
      }
      #error 2 occurs when the .db doesn't exist
      if ($tmp!~/error: 2 /) {
- 	&logthis("<font color=blue>WARNING:".
+ 	&logthis("<font color=\"blue\">WARNING:".
  		 " Trying to get resource data for ".
  		 $uname." at ".$udom.": ".
  		 $tmp."</font>");
      } elsif ($tmp=~/error: 2 /) {
- 	&EXT_cache_set($udom,$uname);
+ 	#&EXT_cache_set($udom,$uname);
+ 	&do_cache_new('userres',$hashid,undef,600);
+ 	undef($tmp); # not really an error so don't send it back
      }
      return $tmp;
  }
- Line 4174  sub EXT_cache_status {
+ Line 5858  sub EXT_cache_status {
  sub EXT_cache_set {
      my ($target_domain,$target_user) = @_;
      my $cachename = 'cache.EXT.'.$target_user.'.'.$target_domain;
-     &appenv($cachename => time);
+     #&appenv($cachename => time);
  }
  # --------------------------------------------------------- Value of a Variable
  sub EXT {
-     my ($varname,$symbparm,$udom,$uname,$usection,$recurse)=@_;
+     my ($varname,$symbparm,$udom,$uname,$usection,$recurse)=@_;
      unless ($varname) { return ''; }
      #get real user name/domain, courseid and symb
      my $courseid;
- Line 4189  sub EXT {
+ Line 5873  sub EXT {
  	$symbparm=&get_symb_from_alias($symbparm);
      }
      if (!($uname && $udom)) {
-       (my $cursymb,$courseid,$udom,$uname,$publicuser)=
+       (my $cursymb,$courseid,$udom,$uname,$publicuser)= &whichuser($symbparm);
- 	  &Apache::lonxml::whichuser($symbparm);
        if (!$symbparm) {	$symbparm=$cursymb; }
      } else {
  	$courseid=$env{'request.course.id'};
- Line 4210  sub EXT {
+ Line 5893  sub EXT {
      if ($realm eq 'user') {
  # --------------------------------------------------------------- user.resource
  	if ($space eq 'resource') {
- 	    if (defined($Apache::lonhomework::parsing_a_problem) ||
+ 	    if ( (defined($Apache::lonhomework::parsing_a_problem)
- 		defined($Apache::lonhomework::parsing_a_task)) {
+ 		  || defined($Apache::lonhomework::parsing_a_task))
- 		return $Apache::lonhomework::history{$qualifierrest};
+ 		 &&
+ 		 ($symbparm eq &symbread()) ) {
+ 		# if we are in the middle of processing the resource the
+ 		# get the value we are planning on committing
+                 if (defined($Apache::lonhomework::results{$qualifierrest})) {
+                     return $Apache::lonhomework::results{$qualifierrest};
+                 } else {
+                     return $Apache::lonhomework::history{$qualifierrest};
+                 }
  	    } else {
  		my %restored;
  		if ($publicuser || $env{'request.state'} eq 'construct') {
- Line 4275  sub EXT {
+ Line 5966  sub EXT {
  # ------------------------------------------------------------- request.browser
          if ($space eq 'browser') {
  	    if ($qualifier eq 'textremote') {
- 		if (&mt('textual_remote_display') eq 'on') {
+ 		if (&Apache::lonlocal::mt('textual_remote_display') eq 'on') {
  		    return 1;
  		} else {
  		    return 0;
- Line 4292  sub EXT {
+ Line 5983  sub EXT {
          return $env{'course.'.$courseid.'.'.$spacequalifierrest};
      } elsif ($realm eq 'resource') {
- 	my $section;
  	if (defined($courseid) && $courseid eq $env{'request.course.id'}) {
  	    if (!$symbparm) { $symbparm=&symbread(); }
  	}
+ 	if ($space eq 'title') {
+ 	    if (!$symbparm) { $symbparm = $env{'request.filename'}; }
+ 	    return &gettitle($symbparm);
+ 	}
+ 	if ($space eq 'map') {
+ 	    my ($map) = &decode_symb($symbparm);
+ 	    return &symbread($map);
+ 	}
+ 	my ($section, $group, @groups);
  	my ($courselevelm,$courselevel);
  	if ($symbparm && defined($courseid) &&
  	    $courseid eq $env{'request.course.id'}) {
- Line 4304  sub EXT {
+ Line 6006  sub EXT {
  # ----------------------------------------------------- Cascading lookup scheme
  	    my $symbp=$symbparm;
- 	    my $mapp=(&decode_symb($symbp))[0];
+ 	    my $mapp=&deversion((&decode_symb($symbp))[0]);
  	    my $symbparm=$symbp.'.'.$spacequalifierrest;
  	    my $mapparm=$mapp.'___(all).'.$spacequalifierrest;
- Line 4312  sub EXT {
+ Line 6014  sub EXT {
  	    if (($env{'user.name'} eq $uname) &&
  		($env{'user.domain'} eq $udom)) {
  		$section=$env{'request.course.sec'};
+                 @groups = split(/:/,$env{'request.course.groups'});
+                 @groups=&sort_course_groups($courseid,@groups);
  	    } else {
  		if (! defined($usection)) {
  		    $section=&getsection($udom,$uname,$courseid);
  		} else {
  		    $section = $usection;
  		}
+                 @groups = &get_users_groups($udom,$uname,$courseid);
  	    }
  	    my $seclevel=$courseid.'.['.$section.'].'.$spacequalifierrest;
- Line 4333  sub EXT {
+ Line 6038  sub EXT {
  	    my $userreply=&resdata($uname,$udom,'user',
  				       ($courselevelr,$courselevelm,
  					$courselevel));
  	    if (defined($userreply)) { return $userreply; }
  # ------------------------------------------------ second, check some of course
+             my $coursereply;
+             if (@groups > 0) {
+                 $coursereply = &check_group_parms($courseid,\@groups,$symbparm,
+                                        $mapparm,$spacequalifierrest);
+                 if (defined($coursereply)) { return $coursereply; }
+             }
- 	    my $coursereply=&resdata($env{'course.'.$courseid.'.num'},
+ 	    $coursereply=&resdata($env{'course.'.$courseid.'.num'},
  				     $env{'course.'.$courseid.'.domain'},
  				     'course',
  				     ($seclevelr,$seclevelm,$seclevel,
- Line 4400  sub EXT {
+ Line 6110  sub EXT {
  	if (($uname eq $env{'user.name'})&&($udom eq $env{'user.domain'})) {
  	    return $env{'environment.'.$spacequalifierrest};
  	} else {
+ 	    if ($uname eq 'anonymous' && $udom eq '') {
+ 		return '';
+ 	    }
  	    my %returnhash=&userenvironment($udom,$uname,
  					    $spacequalifierrest);
  	    return $returnhash{$spacequalifierrest};
- Line 4409  sub EXT {
+ Line 6122  sub EXT {
  	if ($space eq 'time') {
  	    return time;
          }
+     } elsif ($realm eq 'server') {
+ # ----------------------------------------------------------------- system.time
+ 	if ($space eq 'name') {
+ 	    return $ENV{'SERVER_NAME'};
+         }
      }
      return '';
  }
+ sub check_group_parms {
+     my ($courseid,$groups,$symbparm,$mapparm,$what) = @_;
+     my @groupitems = ();
+     my $resultitem;
+     my @levels = ($symbparm,$mapparm,$what);
+     foreach my $group (@{$groups}) {
+         foreach my $level (@levels) {
+              my $item = $courseid.'.['.$group.'].'.$level;
+              push(@groupitems,$item);
+         }
+     }
+     my $coursereply = &resdata($env{'course.'.$courseid.'.num'},
+                             $env{'course.'.$courseid.'.domain'},
+                                      'course',@groupitems);
+     return $coursereply;
+ }
+ sub sort_course_groups { # Sort groups based on defined rankings. Default is sort().
+     my ($courseid,@groups) = @_;
+     @groups = sort(@groups);
+     return @groups;
+ }
  sub packages_tab_default {
      my ($uri,$varname)=@_;
      my (undef,$part,$name)=split(/\./,$varname);
-     my $packages=&metadata($uri,'packages');
-     foreach my $package (split(/,/,$packages)) {
+     my (@extension,@specifics,$do_default);
+     foreach my $package (split(/,/,&metadata($uri,'packages'))) {
  	my ($pack_type,$pack_part)=split(/_/,$package,2);
+ 	if ($pack_type eq 'default') {
+ 	    $do_default=1;
+ 	} elsif ($pack_type eq 'extension') {
+ 	    push(@extension,[$package,$pack_type,$pack_part]);
+ 	} else {
+ 	    push(@specifics,[$package,$pack_type,$pack_part]);
+ 	}
+     }
+     # first look for a package that matches the requested part id
+     foreach my $package (@specifics) {
+ 	my (undef,$pack_type,$pack_part)=@{$package};
+ 	next if ($pack_part ne $part);
+ 	if (defined($packagetab{"$pack_type&$name&default"})) {
+ 	    return $packagetab{"$pack_type&$name&default"};
+ 	}
+     }
+     # look for any possible matching non extension_ package
+     foreach my $package (@specifics) {
+ 	my (undef,$pack_type,$pack_part)=@{$package};
  	if (defined($packagetab{"$pack_type&$name&default"})) {
  	    return $packagetab{"$pack_type&$name&default"};
  	}
- Line 4427  sub packages_tab_default {
+ Line 6188  sub packages_tab_default {
  	    return $packagetab{$pack_type."_".$pack_part."&$name&default"};
  	}
      }
+     # look for any posible extension_ match
+     foreach my $package (@extension) {
+ 	my ($package,$pack_type)=@{$package};
+ 	if (defined($packagetab{"$pack_type&$name&default"})) {
+ 	    return $packagetab{"$pack_type&$name&default"};
+ 	}
+ 	if (defined($packagetab{$package."&$name&default"})) {
+ 	    return $packagetab{$package."&$name&default"};
+ 	}
+     }
+     # look for a global default setting
+     if ($do_default && defined($packagetab{"default&$name&default"})) {
+ 	return $packagetab{"default&$name&default"};
+     }
      return undef;
  }
- Line 4457  sub metadata {
+ Line 6232  sub metadata {
  	(($uri =~ m|^/*adm/|) &&
  	     ($uri !~ m|^adm/includes|) && ($uri !~ m|/bulletinboard$|)) ||
          ($uri =~ m|/$|) || ($uri =~ m|/.meta$|) || ($uri =~ /^~/) ||
- 	($uri =~ m|home/[^/]+/public_html/|)) {
+ 	($uri =~ m|home/$match_username/public_html/|)) {
  	return undef;
      }
      my $filename=$uri;
- Line 4488  sub metadata {
+ Line 6263  sub metadata {
          my %metathesekeys=();
          unless ($filename=~/\.meta$/) { $filename.='.meta'; }
  	my $metastring;
- 	if ($uri !~ m -^(uploaded|editupload)/-) {
+ 	if ($uri !~ m -^(editupload)/-) {
  	    my $file=&filelocation('',&clutter($filename));
  	    #push(@{$metaentry{$uri.'.file'}},$file);
  	    $metastring=&getfile($file);
- Line 4512  sub metadata {
+ Line 6287  sub metadata {
  		    } else {
  			$metaentry{':packages'}=$package.$keyroot;
  		    }
- 		    foreach (sort keys %packagetab) {
+ 		    foreach my $pack_entry (keys(%packagetab)) {
  			my $part=$keyroot;
  			$part=~s/^\_//;
- 			if ($_=~/^\Q$package\E\&/ ||
+ 			if ($pack_entry=~/^\Q$package\E\&/ ||
- 			    $_=~/^\Q$package\E_0\&/) {
+ 			    $pack_entry=~/^\Q$package\E_0\&/) {
- 			    my ($pack,$name,$subp)=split(/\&/,$_);
+ 			    my ($pack,$name,$subp)=split(/\&/,$pack_entry);
  			    # ignore package.tab specified default values
                              # here &package_tab_default() will fetch those
  			    if ($subp eq 'default') { next; }
- 			    my $value=$packagetab{$_};
+ 			    my $value=$packagetab{$pack_entry};
  			    my $unikey;
  			    if ($pack =~ /_0$/) {
  				$unikey='parameter_0_'.$name;
- Line 4569  sub metadata {
+ Line 6344  sub metadata {
  			    my $dir=$filename;
  			    $dir=~s|[^/]*$||;
  			    $location=&filelocation($dir,$location);
- 			    foreach (sort(split(/\,/,&metadata($uri,'keys',
+ 			    my $metadata =
- 							       $location,$unikey,
+ 				&metadata($uri,'keys', $location,$unikey,
- 							       $depthcount+1)))) {
+ 					  $depthcount+1);
- 				$metaentry{':'.$_}=$metaentry{':'.$_};
+ 			    foreach my $meta (split(',',$metadata)) {
- 				$metathesekeys{$_}=1;
+ 				$metaentry{':'.$meta}=$metaentry{':'.$meta};
+ 				$metathesekeys{$meta}=1;
  			    }
  			}
  		    } else {
- Line 4582  sub metadata {
+ Line 6358  sub metadata {
  			    $unikey.='_'.$token->[2]->{'name'};
  			}
  			$metathesekeys{$unikey}=1;
- 			foreach (@{$token->[3]}) {
+ 			foreach my $param (@{$token->[3]}) {
- 			    $metaentry{':'.$unikey.'.'.$_}=$token->[2]->{$_};
+ 			    $metaentry{':'.$unikey.'.'.$param} =
+ 				$token->[2]->{$param};
  			}
  			my $internaltext=&HTML::Entities::decode($parser->get_text('/'.$entry));
  			my $default=$metaentry{':'.$unikey.'.default'};
- Line 4604  sub metadata {
+ Line 6381  sub metadata {
  	    }
  	}
  	my ($extension) = ($uri =~ /\.(\w+)$/);
- 	foreach my $key (sort(keys(%packagetab))) {
+ 	foreach my $key (keys(%packagetab)) {
- 	    #&logthis("extsion1 $extension $key !!");
  	    #no specific packages #how's our extension
  	    if ($key!~/^extension_\Q$extension\E&/) { next; }
  	    &metadata_create_package_def($uri,$key,'extension_'.$extension,
  					 \%metathesekeys);
  	}
  	if (!exists($metaentry{':packages'})) {
- 	    foreach my $key (sort(keys(%packagetab))) {
+ 	    foreach my $key (keys(%packagetab)) {
  		#no specific packages well let's get default then
  		if ($key!~/^default&/) { next; }
  		&metadata_create_package_def($uri,$key,'default',
- Line 4630  sub metadata {
+ Line 6406  sub metadata {
  		my $dir=$filename;
  		$dir=~s|[^/]*$||;
  		$location=&filelocation($dir,$location);
- 		foreach (sort(split(/\,/,&metadata($uri,'keys',
+ 		my $rights_metadata =
- 						   $location,'_rights',
+ 		    &metadata($uri,'keys',$location,'_rights',
- 						   $depthcount+1)))) {
+ 			      $depthcount+1);
- 		    #$metaentry{':'.$_}=$metacache{$uri}->{':'.$_};
+ 		foreach my $rights (split(',',$rights_metadata)) {
- 		    $metathesekeys{$_}=1;
+ 		    #$metaentry{':'.$rights}=$metacache{$uri}->{':'.$rights};
+ 		    $metathesekeys{$rights}=1;
  		}
  	    }
  	}
- 	$metaentry{':keys'}=join(',',keys %metathesekeys);
+ 	# uniqifiy package listing
+ 	my %seen;
+ 	my @uniq_packages =
+ 	    grep { ! $seen{$_} ++ } (split(',',$metaentry{':packages'}));
+ 	$metaentry{':packages'} = join(',',@uniq_packages);
+ 	$metaentry{':keys'} = join(',',keys(%metathesekeys));
  	&metadata_generate_part0(\%metathesekeys,\%metaentry,$uri);
  	$metaentry{':allpossiblekeys'}=join(',',keys %metathesekeys);
- 	&do_cache_new('meta',$uri,\%metaentry,60*60*24);
+ 	&do_cache_new('meta',$uri,\%metaentry,60*60);
  # this is the end of "was not already recently cached
      }
      return $metaentry{':'.$what};
- Line 4674  sub metadata_create_package_def {
+ Line 6457  sub metadata_create_package_def {
  sub metadata_generate_part0 {
      my ($metadata,$metacache,$uri) = @_;
      my %allnames;
-     foreach my $metakey (sort keys %$metadata) {
+     foreach my $metakey (keys(%$metadata)) {
  	if ($metakey=~/^parameter\_(.*)/) {
  	  my $part=$$metacache{':'.$metakey.'.part'};
  	  my $name=$$metacache{':'.$metakey.'.name'};
- Line 4693  sub metadata_generate_part0 {
+ Line 6476  sub metadata_generate_part0 {
  					   '.type'};
        my $olddis=$$metacache{':parameter_'.$allnames{$name}.'_'.$name.
  			     '.display'};
-       my $expr='\\[Part: '.$allnames{$name}.'\\]';
+       my $expr='[Part: '.$allnames{$name}.']';
        $olddis=~s/\Q$expr\E/\[Part: 0\]/;
        $$metacache{"$key.display"}=$olddis;
      }
  }
+ # ------------------------------------------------------ Devalidate title cache
+ sub devalidate_title_cache {
+     my ($url)=@_;
+     if (!$env{'request.course.id'}) { return; }
+     my $symb=&symbread($url);
+     if (!$symb) { return; }
+     my $key=$env{'request.course.id'}."\0".$symb;
+     &devalidate_cache_new('title',$key);
+ }
  # ------------------------------------------------- Get the title of a resource
  sub gettitle {
- Line 4733  sub gettitle {
+ Line 6527  sub gettitle {
  sub get_slot {
      my ($which,$cnum,$cdom)=@_;
      if (!$cnum || !$cdom) {
- 	(undef,my $courseid)=&Apache::lonxml::whichuser();
+ 	(undef,my $courseid)=&whichuser();
  	$cdom=$env{'course.'.$courseid.'.domain'};
  	$cnum=$env{'course.'.$courseid.'.num'};
      }
-     my %slotinfo=&get('slots',[$which],$cdom,$cnum);
+     my $key=join("\0",'slots',$cdom,$cnum,$which);
-     &Apache::lonhomework::showhash(%slotinfo);
+     my %slotinfo;
-     my ($tmp)=keys(%slotinfo);
+     if (exists($remembered{$key})) {
-     if ($tmp=~/^error:/) { return (); }
+ 	$slotinfo{$which} = $remembered{$key};
+     } else {
+ 	%slotinfo=&get('slots',[$which],$cdom,$cnum);
+ 	&Apache::lonhomework::showhash(%slotinfo);
+ 	my ($tmp)=keys(%slotinfo);
+ 	if ($tmp=~/^error:/) { return (); }
+ 	$remembered{$key} = $slotinfo{$which};
+     }
      if (ref($slotinfo{$which}) eq 'HASH') {
  	return %{$slotinfo{$which}};
      }
- Line 4755  sub symblist {
+ Line 6556  sub symblist {
      if (($env{'request.course.fn'}) && (%newhash)) {
          if (tie(%hash,'GDBM_File',$env{'request.course.fn'}.'_symb.db',
                        &GDBM_WRCREAT(),0640)) {
- 	    foreach (keys %newhash) {
+ 	    foreach my $url (keys %newhash) {
-                 $hash{declutter($_)}=&encode_symb($mapname,$newhash{$_}->[1],
+ 		next if ($url eq 'last_known'
- 						  $newhash{$_}->[0]);
+ 			 && $env{'form.no_update_last_known'});
+ 		$hash{declutter($url)}=&encode_symb($mapname,
+ 						    $newhash{$url}->[1],
+ 						    $newhash{$url}->[0]);
              }
              if (untie(%hash)) {
  		return 'ok';
- Line 4772  sub symblist {
+ Line 6576  sub symblist {
  sub symbverify {
      my ($symb,$thisurl)=@_;
      my $thisfn=$thisurl;
- # wrapper not part of symbs
-     $thisfn=~s/^\/adm\/wrapper//;
      $thisfn=&declutter($thisfn);
  # direct jump to resource in page or to a sequence - will construct own symbs
      if ($thisfn=~/\.(page|sequence)$/) { return 1; }
- Line 4797  sub symbverify {
+ Line 6599  sub symbverify {
          }
          if ($ids) {
  # ------------------------------------------------------------------- Has ID(s)
- 	    foreach (split(/\,/,$ids)) {
+ 	    foreach my $id (split(/\,/,$ids)) {
-                my ($mapid,$resid)=split(/\./,$_);
+ 	       my ($mapid,$resid)=split(/\./,$id);
                 if (
    &symbclean(&declutter($bighash{'map_id_'.$mapid}).'___'.$resid.'___'.$thisfn)
     eq $symb) {
  		   if (($env{'request.role.adv'}) ||
- 		       $bighash{'encrypted_'.$_} eq $env{'request.enc'}) {
+ 		       $bighash{'encrypted_'.$id} eq $env{'request.enc'}) {
  		       $okay=1;
  		   }
  	       }
- Line 4828  sub symbclean {
+ Line 6630  sub symbclean {
  # remove wrapper
      $symb=~s/(\_\_\_\d+\_\_\_)adm\/wrapper\/(res\/)*/$1/;
+     $symb=~s/(\_\_\_\d+\_\_\_)adm\/coursedocs\/showdoc\/(res\/)*/$1/;
      return $symb;
  }
- Line 4904  sub symbread {
+ Line 6707  sub symbread {
          if ( ($thisfn =~ m/^(uploaded|editupload)\//) && ($thisfn !~ m/\.(page|sequence)$/) ) {
              $targetfn = 'adm/wrapper/'.$thisfn;
          }
+ 	if ($targetfn =~ m|^adm/wrapper/(ext/.*)|) {
+ 	    $targetfn=$1;
+ 	}
          if (tie(%hash,'GDBM_File',$env{'request.course.fn'}.'_symb.db',
                        &GDBM_READER(),0640)) {
  	    $syval=$hash{$targetfn};
- Line 4937  sub symbread {
+ Line 6743  sub symbread {
                   if ($#possibilities==0) {
  # ----------------------------------------------- There is only one possibility
  		     my ($mapid,$resid)=split(/\./,$ids);
-                      $syval=declutter($bighash{'map_id_'.$mapid}).'___'.$resid;
+ 		     $syval=&encode_symb($bighash{'map_id_'.$mapid},
+ 						    $resid,$thisfn);
                   } elsif (!$donotrecurse) {
  # ------------------------------------------ There is more than one possibility
                       my $realpossible=0;
-                      foreach (@possibilities) {
+                      foreach my $id (@possibilities) {
- 			 my $file=$bighash{'src_'.$_};
+ 			 my $file=$bighash{'src_'.$id};
                           if (&allowed('bre',$file)) {
-          		    my ($mapid,$resid)=split(/\./,$_);
+          		    my ($mapid,$resid)=split(/\./,$id);
                              if ($bighash{'map_type_'.$mapid} ne 'page') {
  				$realpossible++;
-                                 $syval=declutter($bighash{'map_id_'.$mapid}).
+                                 $syval=&encode_symb($bighash{'map_id_'.$mapid},
-                                        '___'.$resid;
+ 						    $resid,$thisfn);
                              }
  			 }
                       }
- Line 4962  sub symbread {
+ Line 6769  sub symbread {
          }
          if ($syval) {
  	    return $env{$cache_str}=$syval;
- 	    #return $env{$cache_str}=&symbclean($syval.'___'.$thisfn);
          }
      }
      &appenv('request.ambiguous' => $thisfn);
- Line 5017  sub numval3 {
+ Line 6823  sub numval3 {
      return $total;
  }
+ sub digest {
+     my ($data)=@_;
+     my $digest=&Digest::MD5::md5($data);
+     my ($a,$b,$c,$d)=unpack("iiii",$digest);
+     my ($e,$f);
+     {
+         use integer;
+         $e=($a+$b);
+         $f=($c+$d);
+         if ($_64bit) {
+             $e=(($e<<32)>>32);
+             $f=(($f<<32)>>32);
+         }
+     }
+     if (wantarray) {
+ 	return ($e,$f);
+     } else {
+ 	my $g;
+ 	{
+ 	    use integer;
+ 	    $g=($e+$f);
+ 	    if ($_64bit) {
+ 		$g=(($g<<32)>>32);
+ 	    }
+ 	}
+ 	return $g;
+     }
+ }
  sub latest_rnd_algorithm_id {
-     return '64bit4';
+     return '64bit5';
  }
  sub get_rand_alg {
      my ($courseid)=@_;
-     if (!$courseid) { $courseid=(&Apache::lonxml::whichuser())[1]; }
+     if (!$courseid) { $courseid=(&whichuser())[1]; }
      if ($courseid) {
  	return $env{"course.$courseid.rndseed"};
      }
- Line 5049  sub getCODE {
+ Line 6884  sub getCODE {
  sub rndseed {
      my ($symb,$courseid,$domain,$username)=@_;
-     my ($wsymb,$wcourseid,$wdomain,$wusername)=&Apache::lonxml::whichuser();
+     my ($wsymb,$wcourseid,$wdomain,$wusername)=&whichuser();
      if (!$symb) {
  	unless ($symb=$wsymb) { return time; }
      }
- Line 5057  sub rndseed {
+ Line 6892  sub rndseed {
      if (!$domain) { $domain=$wdomain; }
      if (!$username) { $username=$wusername }
      my $which=&get_rand_alg();
      if (defined(&getCODE())) {
- 	if ($which eq '64bit4') {
+ 	if ($which eq '64bit5') {
+ 	    return &rndseed_CODE_64bit5($symb,$courseid,$domain,$username);
+ 	} elsif ($which eq '64bit4') {
  	    return &rndseed_CODE_64bit4($symb,$courseid,$domain,$username);
  	} else {
  	    return &rndseed_CODE_64bit($symb,$courseid,$domain,$username);
  	}
+     } elsif ($which eq '64bit5') {
+ 	return &rndseed_64bit5($symb,$courseid,$domain,$username);
      } elsif ($which eq '64bit4') {
  	return &rndseed_64bit4($symb,$courseid,$domain,$username);
      } elsif ($which eq '64bit3') {
- Line 5086  sub rndseed_32bit {
+ Line 6926  sub rndseed_32bit {
  	my $domainseed=unpack("%32C*",$domain) << 7;
  	my $courseseed=unpack("%32C*",$courseid);
  	my $num=$symbseed+$nameseed+$domainseed+$courseseed+$namechck+$symbchck;
- 	#&Apache::lonxml::debug("$symbseed:$nameseed;$domainseed|$courseseed;$namechck:$symbchck");
+ 	#&logthis("$symbseed:$nameseed;$domainseed|$courseseed;$namechck:$symbchck");
- 	#&Apache::lonxml::debug("rndseed :$num:$symb");
+ 	#&logthis("rndseed :$num:$symb");
  	if ($_64bit) { $num=(($num<<32)>>32); }
  	return $num;
      }
- Line 5107  sub rndseed_64bit {
+ Line 6947  sub rndseed_64bit {
  	my $num1=$symbchck+$symbseed+$namechck;
  	my $num2=$nameseed+$domainseed+$courseseed;
- 	#&Apache::lonxml::debug("$symbseed:$nameseed;$domainseed|$courseseed;$namechck:$symbchck");
+ 	#&logthis("$symbseed:$nameseed;$domainseed|$courseseed;$namechck:$symbchck");
- 	#&Apache::lonxml::debug("rndseed :$num:$symb");
+ 	#&logthis("rndseed :$num:$symb");
- 	if ($_64bit) { $num1=(($num1<<32)>>32); $num2=(($num2<<32)>>32); }
  	if ($_64bit) { $num1=(($num1<<32)>>32); $num2=(($num2<<32)>>32); }
  	return "$num1,$num2";
      }
- Line 5131  sub rndseed_64bit2 {
+ Line 6970  sub rndseed_64bit2 {
  	my $num1=$symbchck+$symbseed+$namechck;
  	my $num2=$nameseed+$domainseed+$courseseed;
- 	#&Apache::lonxml::debug("$symbseed:$nameseed;$domainseed|$courseseed;$namechck:$symbchck");
+ 	#&logthis("$symbseed:$nameseed;$domainseed|$courseseed;$namechck:$symbchck");
- 	#&Apache::lonxml::debug("rndseed :$num:$symb");
+ 	#&logthis("rndseed :$num:$symb");
+ 	if ($_64bit) { $num1=(($num1<<32)>>32); $num2=(($num2<<32)>>32); }
  	return "$num1,$num2";
      }
  }
- Line 5153  sub rndseed_64bit3 {
+ Line 6993  sub rndseed_64bit3 {
  	my $num1=$symbchck+$symbseed+$namechck;
  	my $num2=$nameseed+$domainseed+$courseseed;
- 	#&Apache::lonxml::debug("$symbseed:$nameseed;$domainseed|$courseseed;$namechck:$symbchck");
+ 	#&logthis("$symbseed:$nameseed;$domainseed|$courseseed;$namechck:$symbchck");
- 	#&Apache::lonxml::debug("rndseed :$num1:$num2:$_64bit");
+ 	#&logthis("rndseed :$num1:$num2:$_64bit");
  	if ($_64bit) { $num1=(($num1<<32)>>32); $num2=(($num2<<32)>>32); }
  	return "$num1:$num2";
- Line 5177  sub rndseed_64bit4 {
+ Line 7017  sub rndseed_64bit4 {
  	my $num1=$symbchck+$symbseed+$namechck;
  	my $num2=$nameseed+$domainseed+$courseseed;
- 	#&Apache::lonxml::debug("$symbseed:$nameseed;$domainseed|$courseseed;$namechck:$symbchck");
+ 	#&logthis("$symbseed:$nameseed;$domainseed|$courseseed;$namechck:$symbchck");
- 	#&Apache::lonxml::debug("rndseed :$num1:$num2:$_64bit");
+ 	#&logthis("rndseed :$num1:$num2:$_64bit");
  	if ($_64bit) { $num1=(($num1<<32)>>32); $num2=(($num2<<32)>>32); }
  	return "$num1:$num2";
      }
  }
+ sub rndseed_64bit5 {
+     my ($symb,$courseid,$domain,$username)=@_;
+     my ($num1,$num2)=&digest("$symb,$courseid,$domain,$username");
+     return "$num1:$num2";
+ }
  sub rndseed_CODE_64bit {
      my ($symb,$courseid,$domain,$username)=@_;
      {
- Line 5196  sub rndseed_CODE_64bit {
+ Line 7042  sub rndseed_CODE_64bit {
  	my $courseseed=unpack("%32S*",$courseid.' ');
  	my $num1=$symbseed+$CODEchck;
  	my $num2=$CODEseed+$courseseed+$symbchck;
- 	#&Apache::lonxml::debug("$symbseed:$CODEchck|$CODEseed:$courseseed:$symbchck");
+ 	#&logthis("$symbseed:$CODEchck|$CODEseed:$courseseed:$symbchck");
- 	#&Apache::lonxml::debug("rndseed :$num1:$num2:$symb");
+ 	#&logthis("rndseed :$num1:$num2:$symb");
  	if ($_64bit) { $num1=(($num1<<32)>>32); }
  	if ($_64bit) { $num2=(($num2<<32)>>32); }
  	return "$num1:$num2";
- Line 5215  sub rndseed_CODE_64bit4 {
+ Line 7061  sub rndseed_CODE_64bit4 {
  	my $courseseed=unpack("%32S*",$courseid.' ');
  	my $num1=$symbseed+$CODEchck;
  	my $num2=$CODEseed+$courseseed+$symbchck;
- 	#&Apache::lonxml::debug("$symbseed:$CODEchck|$CODEseed:$courseseed:$symbchck");
+ 	#&logthis("$symbseed:$CODEchck|$CODEseed:$courseseed:$symbchck");
- 	#&Apache::lonxml::debug("rndseed :$num1:$num2:$symb");
+ 	#&logthis("rndseed :$num1:$num2:$symb");
  	if ($_64bit) { $num1=(($num1<<32)>>32); }
  	if ($_64bit) { $num2=(($num2<<32)>>32); }
  	return "$num1:$num2";
      }
  }
+ sub rndseed_CODE_64bit5 {
+     my ($symb,$courseid,$domain,$username)=@_;
+     my $code = &getCODE();
+     my ($num1,$num2)=&digest("$symb,$courseid,$code");
+     return "$num1:$num2";
+ }
  sub setup_random_from_rndseed {
      my ($rndseed)=@_;
      if ($rndseed =~/([,:])/) {
- Line 5270  sub ireceipt {
+ Line 7123  sub ireceipt {
      my $return =&recprefix($fucourseid).'-';
      if ($env{"course.$fucourseid.receiptalg"} eq 'receipt2' ||
  	$env{'request.state'} eq 'construct') {
- 	&Apache::lonxml::debug("doing receipt2  using parts $cpart, uname $cuname and udom $cudom gets  ".($cpart%$cuname).
+ 	#&logthis("doing receipt2  using parts $cpart, uname $cuname and udom $cudom gets  ".($cpart%$cuname)." and ".($cpart%$cudom));
- 			       " and ".($cpart%$cudom));
  	$return.= ($cunique%$cuname+
  		   $cunique%$cudom+
- Line 5294  sub ireceipt {
+ Line 7146  sub ireceipt {
  sub receipt {
      my ($part)=@_;
-     my ($symb,$courseid,$domain,$name) = &Apache::lonxml::whichuser();
+     my ($symb,$courseid,$domain,$name) = &whichuser();
      return &ireceipt($name,$domain,$courseid,$symb,$part);
  }
+ sub whichuser {
+     my ($passedsymb)=@_;
+     my ($symb,$courseid,$domain,$name,$publicuser);
+     if (defined($env{'form.grade_symb'})) {
+ 	my ($tmp_courseid)=&get_env_multiple('form.grade_courseid');
+ 	my $allowed=&allowed('vgr',$tmp_courseid);
+ 	if (!$allowed &&
+ 	    exists($env{'request.course.sec'}) &&
+ 	    $env{'request.course.sec'} !~ /^\s*$/) {
+ 	    $allowed=&allowed('vgr',$tmp_courseid.
+ 			      '/'.$env{'request.course.sec'});
+ 	}
+ 	if ($allowed) {
+ 	    ($symb)=&get_env_multiple('form.grade_symb');
+ 	    $courseid=$tmp_courseid;
+ 	    ($domain)=&get_env_multiple('form.grade_domain');
+ 	    ($name)=&get_env_multiple('form.grade_username');
+ 	    return ($symb,$courseid,$domain,$name,$publicuser);
+ 	}
+     }
+     if (!$passedsymb) {
+ 	$symb=&symbread();
+     } else {
+ 	$symb=$passedsymb;
+     }
+     $courseid=$env{'request.course.id'};
+     $domain=$env{'user.domain'};
+     $name=$env{'user.name'};
+     if ($name eq 'public' && $domain eq 'public') {
+ 	if (!defined($env{'form.username'})) {
+ 	    $env{'form.username'}.=time.rand(10000000);
+ 	}
+ 	$name.=$env{'form.username'};
+     }
+     return ($symb,$courseid,$domain,$name,$publicuser);
+ }
  # ------------------------------------------------------------ Serves up a file
  # returns either the contents of the file or
  # -1 if the file doesn't exist
- Line 5320  sub repcopy_userfile {
+ Line 7210  sub repcopy_userfile {
      if ($file =~ m -^/*(uploaded|editupload)/-) { $file=&filelocation("",$file); }
      if ($file =~ m|^/home/httpd/html/lonUsers/|) { return 'ok'; }
      my ($cdom,$cnum,$filename) =
- 	($file=~m|^\Q$perlvar{'lonDocRoot'}\E/+userfiles/+([^/]+)/+([^/]+)/+(.*)|);
+ 	($file=~m|^\Q$perlvar{'lonDocRoot'}\E/+userfiles/+($match_domain)/+($match_name)/+(.*)|);
-     my ($info,$rtncode);
      my $uri="/uploaded/$cdom/$cnum/$filename";
      if (-e "$file") {
+ # we already have a local copy, check it out
  	my @fileinfo = stat($file);
+ 	my $rtncode;
+ 	my $info;
  	my $lwpresp = &getuploaded('HEAD',$uri,$cdom,$cnum,\$info,\$rtncode);
  	if ($lwpresp ne 'ok') {
+ # there is no such file anymore, even though we had a local copy
  	    if ($rtncode eq '404') {
  		unlink($file);
  	    }
- 	    #my $ua=new LWP::UserAgent;
- 	    #my $request=new HTTP::Request('GET',&tokenwrapper($uri));
- 	    #my $response=$ua->request($request);
- 	    #if ($response->is_success()) {
- 	#	return $response->content;
- 	#    } else {
- 	#	return -1;
- 	#    }
  	    return -1;
  	}
  	if ($info < $fileinfo[9]) {
+ # nice, the file we have is up-to-date, just say okay
  	    return 'ok';
+ 	} else {
+ # the file is outdated, get rid of it
+ 	    unlink($file);
  	}
- 	$info = '';
+     }
- 	$lwpresp = &getuploaded('GET',$uri,$cdom,$cnum,\$info,\$rtncode);
+ # one way or the other, at this point, we don't have the file
- 	if ($lwpresp ne 'ok') {
+ # construct the correct path for the file
- 	    return -1;
+     my @parts = ($cdom,$cnum);
- 	}
+     if ($filename =~ m|^(.+)/[^/]+$|) {
-     } else {
+ 	push @parts, split(/\//,$1);
- 	my $lwpresp = &getuploaded('GET',$uri,$cdom,$cnum,\$info,\$rtncode);
+     }
- 	if ($lwpresp ne 'ok') {
+     my $path = $perlvar{'lonDocRoot'}.'/userfiles';
- 	    my $ua=new LWP::UserAgent;
+     foreach my $part (@parts) {
- 	    my $request=new HTTP::Request('GET',&tokenwrapper($uri));
+ 	$path .= '/'.$part;
- 	    my $response=$ua->request($request);
+ 	if (!-e $path) {
- 	    if ($response->is_success()) {
+ 	    mkdir($path,0770);
- 		$info=$response->content;
- 	    } else {
- 		return -1;
- 	    }
- 	}
- 	my @parts = ($cdom,$cnum);
- 	if ($filename =~ m|^(.+)/[^/]+$|) {
- 	    push @parts, split(/\//,$1);
- 	}
- 	my $path = $perlvar{'lonDocRoot'}.'/userfiles';
- 	foreach my $part (@parts) {
- 	    $path .= '/'.$part;
- 	    if (!-e $path) {
- 		mkdir($path,0770);
- 	    }
  	}
      }
-     open(FILE,">$file");
+ # now the path exists for sure
-     print FILE $info;
+ # get a user agent
-     close(FILE);
+     my $ua=new LWP::UserAgent;
+     my $transferfile=$file.'.in.transfer';
+ # FIXME: this should flock
+     if (-e $transferfile) { return 'ok'; }
+     my $request;
+     $uri=~s/^\///;
+     $request=new HTTP::Request('GET','http://'.$hostname{&homeserver($cnum,$cdom)}.'/raw/'.$uri);
+     my $response=$ua->request($request,$transferfile);
+ # did it work?
+     if ($response->is_error()) {
+ 	unlink($transferfile);
+ 	&logthis("Userfile repcopy failed for $uri");
+ 	return -1;
+     }
+ # worked, rename the transfer file
+     rename($transferfile,$file);
      return 'ok';
  }
- Line 5396  sub tokenwrapper {
+ Line 7285  sub tokenwrapper {
      }
  }
+ # call with reqtype HEAD: get last modification time
+ # call with reqtype GET: get the file contents
+ # Do not call this with reqtype GET for large files! It loads everything into memory
+ #
  sub getuploaded {
      my ($reqtype,$uri,$cdom,$cnum,$info,$rtncode) = @_;
      $uri=~s/^\///;
- Line 5421  sub readfile {
+ Line 7314  sub readfile {
      my $fh;
      open($fh,"<$file");
      my $a='';
-     while (<$fh>) { $a .=$_; }
+     while (my $line = <$fh>) { $a .= $line; }
      return $a;
  }
- Line 5429  sub filelocation {
+ Line 7322  sub filelocation {
      my ($dir,$file) = @_;
      my $location;
      $file=~ s/^\s*(\S+)\s*$/$1/; ## strip off leading and trailing spaces
+     if ($file =~ m-^/adm/-) {
+ 	$file=~s-^/adm/wrapper/-/-;
+ 	$file=~s-^/adm/coursedocs/showdoc/-/-;
+     }
      if ($file=~m:^/~:) { # is a contruction space reference
          $location = $file;
          $location =~ s:/~(.*?)/(.*):/home/$1/public_html/$2:;
+     } elsif ($file=~m{^/home/$match_username/public_html/}) {
+ 	# is a correct contruction space reference
+         $location = $file;
      } elsif ($file=~/^\/*(uploaded|editupload)/) { # is an uploaded file
          my ($udom,$uname,$filename)=
-   	    ($file=~m -^/+(?:uploaded|editupload)/+([^/]+)/+([^/]+)/+(.*)$-);
+   	    ($file=~m -^/+(?:uploaded|editupload)/+($match_domain)/+($match_name)/+(.*)$-);
          my $home=&homeserver($uname,$udom);
          my $is_me=0;
          my @ids=&current_machine_ids();
          foreach my $id (@ids) { if ($id eq $home) { $is_me=1; } }
          if ($is_me) {
-   	    $location=&Apache::loncommon::propath($udom,$uname).
+   	    $location=&propath($udom,$uname).
    	      '/userfiles/'.$filename;
          } else {
    	  $location=$Apache::lonnet::perlvar{'lonDocRoot'}.'/userfiles/'.
- Line 5464  sub filelocation {
+ Line 7365  sub filelocation {
  sub hreflocation {
      my ($dir,$file)=@_;
      unless (($file=~m-^http://-i) || ($file=~m-^/-)) {
- 	my $finalpath=filelocation($dir,$file);
+ 	$file=filelocation($dir,$file);
- 	$finalpath=~s-^/home/httpd/html--;
+     } elsif ($file=~m-^/adm/-) {
- 	$finalpath=~s-^/home/(\w+)/public_html/-/~$1/-;
+ 	$file=~s-^/adm/wrapper/-/-;
- 	return $finalpath;
+ 	$file=~s-^/adm/coursedocs/showdoc/-/-;
-     } elsif ($file=~m-^/home-) {
+     }
- 	$file=~s-^/home/httpd/html--;
+     if ($file=~m-^\Q$perlvar{'lonDocRoot'}\E-) {
- 	$file=~s-^/home/(\w+)/public_html/-/~$1/-;
+ 	$file=~s-^\Q$perlvar{'lonDocRoot'}\E--;
- 	return $file;
+     } elsif ($file=~m-/home/($match_username)/public_html/-) {
+ 	$file=~s-^/home/($match_username)/public_html/-/~$1/-;
+     } elsif ($file=~m-^\Q$perlvar{'lonUsersDir'}\E-) {
+ 	$file=~s-^/home/httpd/lonUsers/($match_domain)/./././($match_name)/userfiles/
+ 	    -/uploaded/$1/$2/-x;
      }
      return $file;
  }
- Line 5500  sub current_machine_ids {
+ Line 7405  sub current_machine_ids {
      return @ids;
  }
+ sub additional_machine_domains {
+     my @domains;
+     open(my $fh,"<$perlvar{'lonTabDir'}/expected_domains.tab");
+     while( my $line = <$fh>) {
+         $line =~ s/\s//g;
+         push(@domains,$line);
+     }
+     return @domains;
+ }
+ sub default_login_domain {
+     my $domain = $perlvar{'lonDefDomain'};
+     my $testdomain=(split(/\./,$ENV{'HTTP_HOST'}))[0];
+     foreach my $posdom (&current_machine_domains(),
+                         &additional_machine_domains()) {
+         if (lc($posdom) eq lc($testdomain)) {
+             $domain=$posdom;
+             last;
+         }
+     }
+     return $domain;
+ }
  # ------------------------------------------------------------- Declutters URLs
  sub declutter {
- Line 5507  sub declutter {
+ Line 7435  sub declutter {
      if ($thisfn=~m|^/enc/|) { $thisfn=&Apache::lonenc::unencrypted($thisfn); }
      $thisfn=~s/^\Q$perlvar{'lonDocRoot'}\E//;
      $thisfn=~s/^\///;
+     $thisfn=~s|^adm/wrapper/||;
+     $thisfn=~s|^adm/coursedocs/showdoc/||;
      $thisfn=~s/^res\///;
      $thisfn=~s/\?.+$//;
      return $thisfn;
- Line 5519  sub clutter {
+ Line 7449  sub clutter {
      unless ($thisfn=~/^\/(uploaded|editupload|adm|userfiles|ext|raw|priv|public)\//) {
         $thisfn='/res'.$thisfn;
      }
+     if ($thisfn !~m|/adm|) {
+ 	if ($thisfn =~ m|/ext/|) {
+ 	    $thisfn='/adm/wrapper'.$thisfn;
+ 	} else {
+ 	    my ($ext) = ($thisfn =~ /\.(\w+)$/);
+ 	    my $embstyle=&Apache::loncommon::fileembstyle($ext);
+ 	    if ($embstyle eq 'ssi'
+ 		|| ($embstyle eq 'hdn')
+ 		|| ($embstyle eq 'rat')
+ 		|| ($embstyle eq 'prv')
+ 		|| ($embstyle eq 'ign')) {
+ 		#do nothing with these
+ 	    } elsif (($embstyle eq 'img')
+ 		|| ($embstyle eq 'emb')
+ 		|| ($embstyle eq 'wrp')) {
+ 		$thisfn='/adm/wrapper'.$thisfn;
+ 	    } elsif ($embstyle eq 'unk'
+ 		     && $thisfn!~/\.(sequence|page)$/) {
+ 		$thisfn='/adm/coursedocs/showdoc'.$thisfn;
+ 	    } else {
+ #		&logthis("Got a blank emb style");
+ 	    }
+ 	}
+     }
      return $thisfn;
  }
+ sub clutter_with_no_wrapper {
+     my $uri = &clutter(shift);
+     if ($uri =~ m-^/adm/-) {
+ 	$uri =~ s-^/adm/wrapper/-/-;
+ 	$uri =~ s-^/adm/coursedocs/showdoc/-/-;
+     }
+     return $uri;
+ }
  sub freeze_escape {
      my ($value)=@_;
      if (ref($value)) {
- Line 5531  sub freeze_escape {
+ Line 7494  sub freeze_escape {
      return &escape($value);
  }
- # -------------------------------------------------------- Escape Special Chars
- sub escape {
-     my $str=shift;
-     $str =~ s/(\W)/"%".unpack('H2',$1)/eg;
-     return $str;
- }
- # ----------------------------------------------------- Un-Escape Special Chars
- sub unescape {
-     my $str=shift;
-     $str =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
-     return $str;
- }
  sub thaw_unescape {
      my ($value)=@_;
- Line 5557  sub thaw_unescape {
+ Line 7505  sub thaw_unescape {
      return &unescape($value);
  }
- sub mod_perl_version {
-     return 1;
-     if (defined($perlvar{'MODPERL2'})) {
- 	return 2;
-     }
- }
  sub correct_line_ends {
      my ($result)=@_;
      $$result =~s/\r\n/\n/mg;
- Line 5590  sub goodbye {
+ Line 7531  sub goodbye {
     &logthis(sprintf("%-20s is %s",'hits',$hits));
     &flushcourselogs();
     &logthis("Shutting down");
-    return DONE;
  }
  BEGIN {
  # ----------------------------------- Read loncapa.conf and loncapa_apache.conf
      unless ($readit) {
  {
-     # FIXME: Use LONCAPA::Configuration::read_conf here and omit next block
+     my $configvars = LONCAPA::Configuration::read_conf('loncapa.conf');
-     open(my $config,"</etc/httpd/conf/loncapa.conf");
+     %perlvar = (%perlvar,%{$configvars});
-     while (my $configline=<$config>) {
-         if ($configline=~/\S/ && $configline =~ /^[^\#]*PerlSetVar/) {
- 	   my ($dummy,$varname,$varvalue)=split(/\s+/,$configline);
-            chomp($varvalue);
-            $perlvar{$varname}=$varvalue;
-         }
-     }
-     close($config);
- }
- {
-     open(my $config,"</etc/httpd/conf/loncapa_apache.conf");
-     while (my $configline=<$config>) {
-         if ($configline =~ /^[^\#]*PerlSetVar/) {
- 	   my ($dummy,$varname,$varvalue)=split(/\s+/,$configline);
-            chomp($varvalue);
-            $perlvar{$varname}=$varvalue;
-         }
-     }
-     close($config);
  }
  # ------------------------------------------------------------ Read domain file
- Line 5629  BEGIN {
+ Line 7548  BEGIN {
      %domain_auth_arg_def = ();
      my $fh;
      if (open($fh,"<".$Apache::lonnet::perlvar{'lonTabDir'}.'/domain.tab')) {
-        while (<$fh>) {
+ 	while (my $line = <$fh>) {
-            next if (/^(\#|\s*$)/);
+            next if ($line =~ /^(\#|\s*$)/);
  #           next if /^\#/;
-            chomp;
+            chomp $line;
             my ($domain, $domain_description, $def_auth, $def_auth_arg,
- 	       $def_lang, $city, $longi, $lati) = split(/:/,$_);
+ 	       $def_lang, $city, $longi, $lati, $primary) = split(/:/,$line,9);
  	   $domain_auth_def{$domain}=$def_auth;
             $domain_auth_arg_def{$domain}=$def_auth_arg;
  	   $domaindescription{$domain}=$domain_description;
- Line 5642  BEGIN {
+ Line 7561  BEGIN {
  	   $domain_city{$domain}=$city;
  	   $domain_longi{$domain}=$longi;
  	   $domain_lati{$domain}=$lati;
+            $domain_primary{$domain}=$primary;
   #         &logthis("Domain.tab: $domain, $domain_auth_def{$domain}, $domain_auth_arg_def{$domain},$domaindescription{$domain}");
  #          &logthis("Domain.tab: $domain ".$domaindescription{$domain} );
- Line 5673  BEGIN {
+ Line 7593  BEGIN {
  sub get_iphost {
      if (%iphost) { return %iphost; }
+     my %name_to_ip;
      foreach my $id (keys(%hostname)) {
  	my $name=$hostname{$id};
- 	my $ip = gethostbyname($name);
+ 	my $ip;
- 	if (!$ip || length($ip) ne 4) {
+ 	if (!exists($name_to_ip{$name})) {
- 	    &logthis("Skipping host $id name $name no IP found\n");
+ 	    $ip = gethostbyname($name);
- 	    next;
+ 	    if (!$ip || length($ip) ne 4) {
+ 		&logthis("Skipping host $id name $name no IP found");
+ 		next;
+ 	    }
+ 	    $ip=inet_ntoa($ip);
+ 	    $name_to_ip{$name} = $ip;
+ 	} else {
+ 	    $ip = $name_to_ip{$name};
  	}
- 	$ip=inet_ntoa($ip);
  	push(@{$iphost{$ip}},$id);
      }
      return %iphost;
- Line 5693  sub get_iphost {
+ Line 7620  sub get_iphost {
      while (my $configline=<$config>) {
         chomp($configline);
         if ($configline) {
-           $spareid{$configline}=1;
+ 	   my ($host,$type) = split(':',$configline,2);
+ 	   if (!defined($type) || $type eq '') { $type = 'default' };
+ 	   push(@{ $spareid{$type} }, $host);
         }
      }
      close($config);
- Line 5719  sub get_iphost {
+ Line 7648  sub get_iphost {
      while (my $configline=<$config>) {
  	chomp($configline);
  	if ($configline) {
- 	    my ($short,$plain)=split(/:/,$configline);
+ 	    my ($short,@plain)=split(/:/,$configline);
- 	    if ($plain ne '') { $prp{$short}=$plain; }
+             %{$prp{$short}} = ();
+ 	    if (@plain > 0) {
+                 $prp{$short}{'std'} = $plain[0];
+                 for (my $i=1; $i<@plain; $i++) {
+                     $prp{$short}{'alt'.$i} = $plain[$i];
+                 }
+             }
  	}
      }
      close($config);
- Line 5749  sub get_iphost {
+ Line 7684  sub get_iphost {
  }
- $memcache=new Cache::Memcached({'servers'=>['127.0.0.1:11211']});
+ $memcache=new Cache::Memcached({'servers'           => ['127.0.0.1:11211'],
+ 				'compress_threshold'=> 20_000,
+  			        });
  $processmarker='_'.time.'_'.$perlvar{'lonHostID'};
  $dumpcount=0;
  &logtouch();
- &logthis('<font color=yellow>INFO: Read configuration</font>');
+ &logthis('<font color="yellow">INFO: Read configuration</font>');
  $readit=1;
      {
  	use integer;
- Line 5946  B<delenv($regexp)>: removes all items fr
+ Line 7883  B<delenv($regexp)>: removes all items fr
  environment file that matches the regular expression in $regexp. The
  values are also delted from the current processes %env.
+ =item * get_env_multiple($name)
+ gets $name from the %env hash, it seemlessly handles the cases where multiple
+ values may be defined and end up as an array ref.
+ returns an array of values
  =back
  =head2 User Information
- Line 6008  passed in @what from the requested user'
+ Line 7952  passed in @what from the requested user'
  =item *
- allowed($priv,$uri) : check for a user privilege; returns codes for allowed
+ allowed($priv,$uri,$symb,$role) : check for a user privilege; returns codes for allowed actions
- actions
   F: full access
   U,I,K: authentication modes (cxx only)
   '': forbidden
 : user needs to choose course
 : browse allowed
+  A: passphrase authentication needed
  =item *
- Line 6027  and course level
+ Line 7971  and course level
  plaintext($short) : return value in %prp hash (rolesplain.tab); plain text
  explanation of a user role term
+ =item *
+ get_my_roles($uname,$udom,$types,$roles,$roledoms) : All arguments are optional.  Returns a hash of a user's roles, with keys set to colon-sparated $uname,$udom,and $role, and value set to colon-separated start and end times for the role. If no username and domain are specified, will default to current user/domain. Types, roles, and roledoms are references to arrays, of role statuses (active, future or previous), roles (e.g., cc,in, st etc.) and domains of the roles which can be used to restrict the list if roles reported. If no array ref is provided for types, will default to return only active roles.
  =back
  =head2 User Modification
- Line 6157  revokecustomrole($udom,$uname,$url,$role
+ Line 8104  revokecustomrole($udom,$uname,$url,$role
  =item *
- coursedescription($courseid) : course description
+ coursedescription($courseid) : returns a hash of information about the
+ specified course id, including all environment settings for the
+ course, the description of the course will be in the hash under the
+ key 'description'
  =item *
- Line 6332  all args are optional
+ Line 8282  all args are optional
  =item *
+ dumpstore($namespace,$udom,$uname,$regexp,$range) :
+ dumps the complete (or key matching regexp) namespace into a hash
+ ($udom, $uname, $regexp, $range are optional) for a namespace that is
+ normally &store()ed into
+ $range should be either an integer '100' (give me the first 100
+                                            matching records)
+               or be  two integers sperated by a - with no spaces
+                  '30-50' (give me the 30th through the 50th matching
+                           records)
+ =item *
+ putstore($namespace,$symb,$version,$storehash,$udomain,$uname) :
+ replaces a &store() version of data with a replacement set of data
+ for a particular resource in a namespace passed in the $storehash hash
+ reference
+ =item *
  tmpstore($storehash,$symb,$namespace,$udom,$uname) : storage that
  works very similar to store/cstore, but all data is stored in a
  temporary location and can be reset using tmpreset, $storehash should
- Line 6361  namesp ($udom and $uname are optional)
+ Line 8332  namesp ($udom and $uname are optional)
  =item *
- dump($namespace,$udom,$uname,$regexp) :
+ dump($namespace,$udom,$uname,$regexp,$range) :
  dumps the complete (or key matching regexp) namespace into a hash
- ($udom, $uname and $regexp are optional)
+ ($udom, $uname, $regexp, $range are optional)
+ $range should be either an integer '100' (give me the first 100
+                                            matching records)
+               or be  two integers sperated by a - with no spaces
+                  '30-50' (give me the 30th through the 50th matching
+                           records)
  =item *
  inc($namespace,$store,$udom,$uname) : increments $store in $namespace.
- Line 6380  put($namespace,$storehash,$udom,$uname)
+ Line 8356  put($namespace,$storehash,$udom,$uname)
  =item *
- putstore($namespace,$storehash,$udomain,$uname) : stores hash in namesp
+ cput($namespace,$storehash,$udom,$uname) : critical put
- keys used in storehash include version information (e.g., 1:$symb:message etc.) as
+ ($udom and $uname are optional)
- used in records written by &store and retrieved by &restore.  This function
- was created for use in editing discussion posts, without incrementing the
- version number included in the key for a particular post. The colon
- separated list of attribute names (e.g., the value associated with the key
-:keys:$symb) is also generated and passed in the ampersand separated
- items sent to lonnet::reply().
  =item *
- cput($namespace,$storehash,$udom,$uname) : critical put
+ newput($namespace,$storehash,$udom,$uname) :
- ($udom and $uname are optional)
+ Attempts to store the items in the $storehash, but only if they don't
+ currently exist, if this succeeds you can be certain that you have
+ successfully created a new key value pair in the $namespace db.
+ Args:
+  $namespace: name of database to store values to
+  $storehash: hashref to store to the db
+  $udom: (optional) domain of user containing the db
+  $uname: (optional) name of user caontaining the db
+ Returns:
+  'ok' -> succeeded in storing all keys of $storehash
+  'key_exists: <key>' -> failed to anything out of $storehash, as at
+                         least <key> already existed in the db (other
+                         requested keys may also already exist)
+  'error: <msg>' -> unable to tie the DB or other erorr occured
+  'con_lost' -> unable to contact request server
+  'refused' -> action was not allowed by remote machine
  =item *
- Line 6405  reference filled in from namesp (encrypt
+ Line 8395  reference filled in from namesp (encrypt
  log($udom,$name,$home,$message) : write to permanent log for user; use
  critical subroutine
+ =item *
+ get_dom($namespace,$storearr,$udomain) : returns hash with keys from array
+ reference filled in from namespace found in domain level on primary domain server ($udomain is optional)
+ =item *
+ put_dom($namespace,$storehash,$udomain) :  stores hash in namespace at domain level on primary domain server ($udomain is optional)
  =back
  =head2 Network Status Functions
- Line 6520  getfile($file,$caller) : two cases - req
+ Line 8519  getfile($file,$caller) : two cases - req
     - returns the entire contents of a file or -1;
     it properly subscribes to and replicates the file if neccessary.
+ =item *
+ stat_file($url) : $url is expected to be a /res/ or /uploaded/ style file
+                   reference
+ returns either a stat() list of data about the file or an empty list
+ if the file doesn't exist or couldn't find out about it (connection
+ problems or user unknown)
  =item *
  filelocation($dir,$file) : returns file system location of a file
- Line 6579  userspace, probably shouldn't be called
+ Line 8588  userspace, probably shouldn't be called
    docuname: username or courseid of destination for the file
    docudom: domain of user/course of destination for the file
-   docuhome: loncapa id of the library server that is getting the file
    formname: same as for userfileupload()
    fname: filename (inculding subdirectories) for the file
- Line 6621  removeuploadedurl(): convience function
+ Line 8629  removeuploadedurl(): convience function
    Args:
     url:  a full /uploaded/... url to delete
+ =item *
+ get_portfile_permissions():
+   Args:
+     domain: domain of user or course contain the portfolio files
+     user: name of user or num of course contain the portfolio files
+   Returns:
+     hashref of a dump of the proper file_permissions.db
+ =item *
+ get_access_controls():
+ Args:
+   current_permissions: the hash ref returned from get_portfile_permissions()
+   group: (optional) the group you want the files associated with
+   file: (optional) the file you want access info on
+ Returns:
+     a hash (keys are file names) of hashes containing
+         keys are: path to file/file_name\0uniqueID:scope_end_start (see below)
+         values are XML containing access control settings (see below)
+ Internal notes:
+  access controls are stored in file_permissions.db as key=value pairs.
+     key -> path to file/file_name\0uniqueID:scope_end_start
+         where scope -> public,guest,course,group,domains or users.
+               end -> UNIX time for end of access (0 -> no end date)
+               start -> UNIX time for start of access
+     value -> XML description of access control
+            <scope type=""> (type =1 of: public,guest,course,group,domains,users">
+             <start></start>
+             <end></end>
+             <password></password>  for scope type = guest
+             <domain></domain>     for scope type = course or group
+             <number></number>
+             <roles id="">
+              <role></role>
+              <access></access>
+              <section></section>
+              <group></group>
+             </roles>
+             <dom></dom>         for scope type = domains
+             <users>             for scope type = users
+              <user>
+               <uname></uname>
+               <udom></udom>
+              </user>
+             </users>
+            </scope>
+  Access data is also aggregated for each file in an additional key=value pair:
+  key -> path to file/file_name\0accesscontrol
+  value -> reference to hash
+           hash contains key = value pairs
+           where key = uniqueID:scope_end_start
+                 value = UNIX time record was last updated
+           Used to improve speed of look-ups of access controls for each file.
+  Locks on files (resulting from submission of portfolio file to a homework problem stored in array of arrays.
+ modify_access_controls():
+ Modifies access controls for a portfolio file
+ Args
+. file name
+. reference to hash of required changes,
+. domain
+. username
+   where domain,username are the domain of the portfolio owner
+   (either a user or a course)
+ Returns:
+. result of additions or updates ('ok' or 'error', with error message).
+. result of deletions ('ok' or 'error', with error message).
+. reference to hash of any new or updated access controls.
+. reference to hash used to map incoming IDs to uniqueIDs assigned to control.
+    key = integer (inbound ID)
+    value = uniqueID
  =back
  =head2 HTTP Helper Routines

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.624
changed lines
	Added in v.1.832