--- loncom/lonnet/perl/lonnet.pm	2001/08/17 19:50:28	1.151
+++ loncom/lonnet/perl/lonnet.pm	2001/08/23 22:44:51	1.156
@@ -72,7 +72,12 @@
 # EXT(name)          : value of a variable
 # symblist(map,hash) : Updates symbolic storage links
 # symbread([filename]) : returns the data handle (filename optional)
-# rndseed()          : returns a random seed 
+# rndseed([symb,courseid,domain,uname])
+#                    : returns a random seed, all arguments are optional,
+#                      if they aren't sent it use the environment to derive
+#                      them
+#                      Note: if symb isn't sent and it can't get one from
+#                      &symbread it will use the current time as it's return
 # receipt()          : returns a receipt to be given out to users 
 # getfile(filename)  : returns the contents of filename, or a -1 if it can't
 #                      be found, replicates and subscribes to the file
@@ -122,7 +127,7 @@
 # 5/30 H. K. Ng
 # 6/1 Gerd Kortemeyer
 # July Guy Albertelli
-# 8/4,8/7,8/8,8/9,8/11,8/16,8/17 Gerd Kortemeyer
+# 8/4,8/7,8/8,8/9,8/11,8/16,8/17,8/18,8/20,8/23 Gerd Kortemeyer
 
 package Apache::lonnet;
 
@@ -683,9 +688,9 @@ sub checkout {
     $token=~s/^(\d+)\_.*\_(\d+)$/$1\*$2\*$lonhost/;
     $token=~tr/a-z/A-Z/;
 
-    my %infohash=('outtoken' => $token,
-                  'checkouttime' => $now,
-                  'outremote' => $ENV{'REMOTE_ADDR'});
+    my %infohash=('resource.0.outtoken' => $token,
+                  'resource.0.checkouttime' => $now,
+                  'resource.0.outremote' => $ENV{'REMOTE_ADDR'});
 
     unless (&cstore(\%infohash,$symb,$tcrsid,$tudom,$tuname) eq 'ok') {
        return '';
@@ -719,9 +724,20 @@ sub checkin {
     my ($tuname,$tudom,$tcrsid,$symb,$chtim,$rmaddr)=
                  split(/\&/,&unescape(&reply('tmpget:'.$dtoken,$lonhost)));
 
-    my %infohash=('intoken' => $token,
-                  'checkintime' => $now,
-                  'inremote' => $ENV{'REMOTE_ADDR'});
+    unless (($tuname) && ($tudom)) {
+        &logthis('Check in '.$token.' ('.$dtoken.') failed');
+        return '';
+    }
+    
+    unless (&allowed('mgr',$tcrsid)) {
+        &logthis('Check in '.$token.' ('.$dtoken.') unauthorized: '.
+                 $ENV{'user.name'}.' - '.$ENV{'user.domain'});
+        return '';
+    }
+
+    my %infohash=('resource.0.intoken' => $token,
+                  'resource.0.checkintime' => $now,
+                  'resource.0.inremote' => $ENV{'REMOTE_ADDR'});
 
     unless (&cstore(\%infohash,$symb,$tcrsid,$tudom,$tuname) eq 'ok') {
        return '';
@@ -1111,6 +1127,8 @@ sub eget {
 
 sub allowed {
     my ($priv,$uri)=@_;
+
+    my $orguri=$uri;
     $uri=&declutter($uri);
 
 # Free bre access to adm and meta resources
@@ -1185,27 +1203,27 @@ sub allowed {
        }
        
        if ($checkreferer) {
-	  my $refuri=$ENV{'httpref.'.$uri};
+	  my $refuri=$ENV{'httpref.'.$orguri};
 
             unless ($refuri) {
                 map {
 		    if ($_=~/^httpref\..*\*/) {
 			my $pattern=$_;
+                        $pattern=~s/^httpref\.\/res\///;
                         $pattern=~s/\*/\[\^\/\]\+/g;
                         $pattern=~s/\//\\\//g;
-                        if ($uri=~/$pattern/) {
+                        if ($orguri=~/$pattern/) {
 			    $refuri=$ENV{$_};
                         }
                     }
                 } keys %ENV;
             }
          if ($refuri) { 
+	  $refuri=&declutter($refuri);
           my @uriparts=split(/\//,$refuri);
           my $filename=$uriparts[$#uriparts];
           my $pathname=$refuri;
           $pathname=~s/\/$filename$//;
-          my @filenameparts=split(/\./,$uri);
-          if (&fileembstyle($filenameparts[$#filenameparts]) ne 'ssi') {
             if ($ENV{'acc.res.'.$ENV{'request.course.id'}.'.'.$pathname}=~
               /\&$filename\:([\d\|]+)\&/) {
               my $refstatecond=$1;
@@ -1215,7 +1233,6 @@ sub allowed {
                   $uri=$refuri;
                   $statecond=$refstatecond;
               }
-            }
           }
         }
        }
@@ -2133,16 +2150,21 @@ sub numval {
 }    
 
 sub rndseed {
-    my $symb;
-    unless ($symb=&symbread()) { return time; }
-    { 
+    my ($symb,$courseid,$domain,$username)=@_;
+    if (!$symb) {
+      unless ($symb=&symbread()) { return time; }
+    }
+    if (!$courseid) { $courseid=$ENV{'request.course.id'};}
+    if (!$domain) {$domain=$ENV{'user.domain'};}
+    if (!$username) {$username=$ENV{'user.name'};}
+    {
       use integer;
       my $symbchck=unpack("%32C*",$symb) << 27;
       my $symbseed=numval($symb) << 22;
-      my $namechck=unpack("%32C*",$ENV{'user.name'}) << 17;
-      my $nameseed=numval($ENV{'user.name'}) << 12;
-      my $domainseed=unpack("%32C*",$ENV{'user.domain'}) << 7;
-      my $courseseed=unpack("%32C*",$ENV{'request.course.id'});
+      my $namechck=unpack("%32C*",$username) << 17;
+      my $nameseed=numval($username) << 12;
+      my $domainseed=unpack("%32C*",$domain) << 7;
+      my $courseseed=unpack("%32C*",$courseid);
       my $num=$symbseed+$nameseed+$domainseed+$courseseed+$namechck+$symbchck;
       #uncommenting these lines can break things!
       #&Apache::lonxml::debug("$symbseed:$nameseed;$domainseed|$courseseed;$namechck:$symbchck");
@@ -2264,6 +2286,7 @@ if ($readit ne 'done') {
     my $config=Apache::File->new("$perlvar{'lonTabDir'}/hosts.tab");
 
     while (my $configline=<$config>) {
+       chomp($configline);
        my ($id,$domain,$role,$name,$ip)=split(/:/,$configline);
        $hostname{$id}=$name;
        $hostdom{$id}=$domain;