--- loncom/lonnet/perl/lonnet.pm	2003/03/14 02:26:12	1.338
+++ loncom/lonnet/perl/lonnet.pm	2004/01/31 01:03:56	1.469
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # TCP networking package
 #
-# $Id: lonnet.pm,v 1.338 2003/03/14 02:26:12 www Exp $
+# $Id: lonnet.pm,v 1.469 2004/01/31 01:03:56 www Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -25,73 +25,61 @@
 #
 # http://www.lon-capa.org/
 #
-# 6/1/99,6/2,6/10,6/11,6/12,6/14,6/26,6/28,6/29,6/30,
-# 7/1,7/2,7/9,7/10,7/12,7/14,7/15,7/19,
-# 11/8,11/16,11/18,11/22,11/23,12/22,
-# 01/06,01/13,02/24,02/28,02/29,
-# 03/01,03/02,03/06,03/07,03/13,
-# 04/05,05/29,05/31,06/01,
-# 06/05,06/26 Gerd Kortemeyer
-# 06/26 Ben Tyszka
-# 06/30,07/15,07/17,07/18,07/20,07/21,07/22,07/25 Gerd Kortemeyer
-# 08/14 Ben Tyszka
-# 08/22,08/28,08/31,09/01,09/02,09/04,09/05,09/25,09/28,09/30 Gerd Kortemeyer
-# 10/04 Gerd Kortemeyer
-# 10/04 Guy Albertelli
-# 10/06,10/09,10/10,10/11,10/14,10/20,10/23,10/25,10/26,10/27,10/28,10/29, 
-# 10/30,10/31,
-# 11/2,11/14,11/15,11/16,11/20,11/21,11/22,11/25,11/27,
-# 12/02,12/12,12/13,12/14,12/28,12/29 Gerd Kortemeyer
-# 05/01/01 Guy Albertelli
-# 05/01,06/01,09/01 Gerd Kortemeyer
-# 09/01 Guy Albertelli
-# 09/01,10/01,11/01 Gerd Kortemeyer
-# YEAR=2001
-# 3/2 Gerd Kortemeyer
-# 3/19,3/20 Gerd Kortemeyer
-# 5/26,5/28 Gerd Kortemeyer
-# 5/30 H. K. Ng
-# 6/1 Gerd Kortemeyer
-# July Guy Albertelli
-# 8/4,8/7,8/8,8/9,8/11,8/16,8/17,8/18,8/20,8/23,9/20,9/21,9/26,
-# 10/2 Gerd Kortemeyer
-# 11/17,11/20,11/22,11/29 Gerd Kortemeyer
-# 12/5 Matthew Hall
-# 12/5 Guy Albertelli
-# 12/6,12/7,12/12 Gerd Kortemeyer
-# 12/21,12/22,12/27,12/28 Gerd Kortemeyer
-# YEAR=2002
-# 1/4,2/4,2/7 Gerd Kortemeyer
-#
 ###
 
 package Apache::lonnet;
 
 use strict;
-use Apache::File;
 use LWP::UserAgent();
 use HTTP::Headers;
 use vars 
 qw(%perlvar %hostname %homecache %badServerCache %hostip %iphost %spareid %hostdom 
-   %libserv %pr %prp %metacache %packagetab %titlecache 
-   %courselogs %accesshash $processmarker $dumpcount 
-   %coursedombuf %coursehombuf %courseresdatacache 
-   %domaindescription %domain_auth_def %domain_auth_arg_def $tmpdir);
+   %libserv %pr %prp %metacache %packagetab %titlecache %courseresversioncache %resversioncache
+   %courselogs %accesshash %userrolehash $processmarker $dumpcount 
+   %coursedombuf %coursenumbuf %coursehombuf %coursedescrbuf %courseresdatacache 
+   %userresdatacache %usectioncache %domaindescription %domain_auth_def %domain_auth_arg_def 
+   %domain_lang_def %domain_city %domain_longi %domain_lati $tmpdir);
+
 use IO::Socket;
 use GDBM_File;
 use Apache::Constants qw(:common :http);
 use HTML::LCParser;
 use Fcntl qw(:flock);
 use Apache::loncoursedata;
-
+use Apache::lonlocal;
+use Storable qw(lock_store lock_nstore lock_retrieve freeze thaw);
+use Time::HiRes();
 my $readit;
 
+=pod
+
+=head1 Package Variables
+
+These are largely undocumented, so if you decipher one please note it here.
+
+=over 4
+
+=item $processmarker
+
+Contains the time this process was started and this servers host id.
+
+=item $dumpcount
+
+Counts the number of times a message log flush has been attempted (regardless
+of success) by this process.  Used as part of the filename when messages are
+delayed.
+
+=back
+
+=cut
+
+
 # --------------------------------------------------------------------- Logging
 
 sub logtouch {
     my $execdir=$perlvar{'lonDaemons'};
-    unless (-e "$execdir/logs/lonnet.log") {
-	my $fh=Apache::File->new(">>$execdir/logs/lonnet.log");
+    unless (-e "$execdir/logs/lonnet.log") {	
+	open(my $fh,">>$execdir/logs/lonnet.log");
 	close $fh;
     }
     my ($wwwuid,$wwwgid)=(getpwnam('www'))[2,3];
@@ -103,8 +91,10 @@ sub logthis {
     my $execdir=$perlvar{'lonDaemons'};
     my $now=time;
     my $local=localtime($now);
-    my $fh=Apache::File->new(">>$execdir/logs/lonnet.log");
-    print $fh "$local ($$): $message\n";
+    if (open(my $fh,">>$execdir/logs/lonnet.log")) {
+	print $fh "$local ($$): $message\n";
+	close($fh);
+    }
     return 1;
 }
 
@@ -113,8 +103,10 @@ sub logperm {
     my $execdir=$perlvar{'lonDaemons'};
     my $now=time;
     my $local=localtime($now);
-    my $fh=Apache::File->new(">>$execdir/logs/lonnet.perm.log");
-    print $fh "$now:$message:$local\n";
+    if (open(my $fh,">>$execdir/logs/lonnet.perm.log")) {
+	print $fh "$now:$message:$local\n";
+	close($fh);
+    }
     return 1;
 }
 
@@ -166,7 +158,7 @@ sub reconlonc {
     my $peerfile=shift;
     &logthis("Trying to reconnect for $peerfile");
     my $loncfile="$perlvar{'lonDaemons'}/logs/lonc.pid";
-    if (my $fh=Apache::File->new("$loncfile")) {
+    if (open(my $fh,"<$loncfile")) {
 	my $loncpid=<$fh>;
         chomp($loncpid);
         if (kill 0 => $loncpid) {
@@ -214,18 +206,20 @@ sub critical {
       "$perlvar{'lonSockDir'}/delayed/$now.$dumpcount.$$.$middlename.$server";
             $dumpcount++;
             {
-             my $dfh;
-             if ($dfh=Apache::File->new(">$dfilename")) {
-                print $dfh "$cmd\n";
-	     }
+		my $dfh;
+		if (open($dfh,">$dfilename")) {
+		    print $dfh "$cmd\n"; 
+		    close($dfh);
+		}
             }
             sleep 2;
             my $wcmd='';
             {
-	     my $dfh;
-             if ($dfh=Apache::File->new("$dfilename")) {
-                $wcmd=<$dfh>;
-	     }
+		my $dfh;
+		if (open($dfh,"<$dfilename")) {
+		    $wcmd=<$dfh>; 
+		    close($dfh);
+		}
             }
             chomp($wcmd);
             if ($wcmd eq $cmd) {
@@ -244,6 +238,49 @@ sub critical {
     return $answer;
 }
 
+#
+# -------------- Remove all key from the env that start witha lowercase letter
+#                (Which is always a lon-capa value)
+
+sub cleanenv {
+#    unless (defined(&Apache::exists_config_define("MODPERL2"))) { return; }
+#    unless (&Apache::exists_config_define("MODPERL2")) { return; }
+    foreach my $key (keys(%ENV)) {
+	if ($key =~ /^[a-z]/) {
+	    delete($ENV{$key});
+	}
+    }
+}
+ 
+# ------------------------------------------- Transfer profile into environment
+
+sub transfer_profile_to_env {
+    my ($lonidsdir,$handle)=@_;
+    my @profile;
+    {
+	open(my $idf,"$lonidsdir/$handle.id");
+	flock($idf,LOCK_SH);
+	@profile=<$idf>;
+	close($idf);
+    }
+    my $envi;
+    my %Remove;
+    for ($envi=0;$envi<=$#profile;$envi++) {
+	chomp($profile[$envi]);
+	my ($envname,$envvalue)=split(/=/,$profile[$envi]);
+	$ENV{$envname} = $envvalue;
+        if (my ($key,$time) = ($envname =~ /^(cgi\.(\d+)_\d+\.)/)) {
+            if ($time < time-300) {
+                $Remove{$key}++;
+            }
+        }
+    }
+    $ENV{'user.environment'} = "$lonidsdir/$handle.id";
+    foreach my $expired_key (keys(%Remove)) {
+        &delenv($expired_key);
+    }
+}
+
 # ---------------------------------------------------------- Append Environment
 
 sub appenv {
@@ -260,47 +297,47 @@ sub appenv {
     }
 
     my $lockfh;
-    unless ($lockfh=Apache::File->new("$ENV{'user.environment'}")) {
-       return 'error: '.$!;
+    unless (open($lockfh,"$ENV{'user.environment'}")) {
+	return 'error: '.$!;
     }
     unless (flock($lockfh,LOCK_EX)) {
          &logthis("<font color=blue>WARNING: ".
                   'Could not obtain exclusive lock in appenv: '.$!);
-         $lockfh->close();
+         close($lockfh);
          return 'error: '.$!;
     }
 
     my @oldenv;
     {
-     my $fh;
-     unless ($fh=Apache::File->new("$ENV{'user.environment'}")) {
-	return 'error: '.$!;
-     }
-     @oldenv=<$fh>;
-     $fh->close();
+	my $fh;
+	unless (open($fh,"$ENV{'user.environment'}")) {
+	    return 'error: '.$!;
+	}
+	@oldenv=<$fh>;
+	close($fh);
     }
     for (my $i=0; $i<=$#oldenv; $i++) {
         chomp($oldenv[$i]);
         if ($oldenv[$i] ne '') {
-           my ($name,$value)=split(/=/,$oldenv[$i]);
-           unless (defined($newenv{$name})) {
-	      $newenv{$name}=$value;
-	   }
+	    my ($name,$value)=split(/=/,$oldenv[$i]);
+	    unless (defined($newenv{$name})) {
+		$newenv{$name}=$value;
+	    }
         }
     }
     {
-     my $fh;
-     unless ($fh=Apache::File->new(">$ENV{'user.environment'}")) {
-	return 'error';
-     }
-     my $newname;
-     foreach $newname (keys %newenv) {
-	 print $fh "$newname=$newenv{$newname}\n";
-     }
-     $fh->close();
+	my $fh;
+	unless (open($fh,">$ENV{'user.environment'}")) {
+	    return 'error';
+	}
+	my $newname;
+	foreach $newname (keys %newenv) {
+	    print $fh "$newname=$newenv{$newname}\n";
+	}
+	close($fh);
     }
-
-    $lockfh->close();
+	
+    close($lockfh);
     return 'ok';
 }
 # ----------------------------------------------------- Delete from Environment
@@ -315,38 +352,62 @@ sub delenv {
     }
     my @oldenv;
     {
-     my $fh;
-     unless ($fh=Apache::File->new("$ENV{'user.environment'}")) {
-	return 'error';
-     }
-     unless (flock($fh,LOCK_SH)) {
-         &logthis("<font color=blue>WARNING: ".
-                  'Could not obtain shared lock in delenv: '.$!);
-         $fh->close();
-         return 'error: '.$!;
-     }
-     @oldenv=<$fh>;
-     $fh->close();
+	my $fh;
+	unless (open($fh,"$ENV{'user.environment'}")) {
+	    return 'error';
+	}
+	unless (flock($fh,LOCK_SH)) {
+	    &logthis("<font color=blue>WARNING: ".
+		     'Could not obtain shared lock in delenv: '.$!);
+	    close($fh);
+	    return 'error: '.$!;
+	}
+	@oldenv=<$fh>;
+	close($fh);
     }
     {
-     my $fh;
-     unless ($fh=Apache::File->new(">$ENV{'user.environment'}")) {
-	return 'error';
-     }
-     unless (flock($fh,LOCK_EX)) {
-         &logthis("<font color=blue>WARNING: ".
-                  'Could not obtain exclusive lock in delenv: '.$!);
-         $fh->close();
-         return 'error: '.$!;
-     }
-     foreach (@oldenv) {
-	 unless ($_=~/^$delthis/) { print $fh $_; }
-     }
-     $fh->close();
+	my $fh;
+	unless (open($fh,">$ENV{'user.environment'}")) {
+	    return 'error';
+	}
+	unless (flock($fh,LOCK_EX)) {
+	    &logthis("<font color=blue>WARNING: ".
+		     'Could not obtain exclusive lock in delenv: '.$!);
+	    close($fh);
+	    return 'error: '.$!;
+	}
+	foreach (@oldenv) {
+	    unless ($_=~/^$delthis/) { print $fh $_; }
+	}
+	close($fh);
     }
     return 'ok';
 }
 
+# ------------------------------------------ Find out current server userload
+# there is a copy in lond
+sub userload {
+    my $numusers=0;
+    {
+	opendir(LONIDS,$perlvar{'lonIDsDir'});
+	my $filename;
+	my $curtime=time;
+	while ($filename=readdir(LONIDS)) {
+	    if ($filename eq '.' || $filename eq '..') {next;}
+	    my ($mtime)=(stat($perlvar{'lonIDsDir'}.'/'.$filename))[9];
+	    if ($curtime-$mtime < 1800) { $numusers++; }
+	}
+	closedir(LONIDS);
+    }
+    my $userloadpercent=0;
+    my $maxuserload=$perlvar{'lonUserLoadLim'};
+    if ($maxuserload) {
+	$userloadpercent=100*$numusers/$maxuserload;
+    }
+    $userloadpercent=sprintf("%.2f",$userloadpercent);
+    return $userloadpercent;
+}
+
 # ------------------------------------------ Fight off request when overloaded
 
 sub overloaderror {
@@ -354,10 +415,11 @@ sub overloaderror {
     unless ($checkserver) { $checkserver=$perlvar{'lonHostID'}; }
     my $loadavg;
     if ($checkserver eq $perlvar{'lonHostID'}) {
-       my $loadfile=Apache::File->new('/proc/loadavg');
+       open(my $loadfile,'/proc/loadavg');
        $loadavg=<$loadfile>;
        $loadavg =~ s/\s.*//g;
        $loadavg = 100*$loadavg/$perlvar{'lonLoadLim'};
+       close($loadfile);
     } else {
        $loadavg=&reply('load',$checkserver);
     }
@@ -373,17 +435,35 @@ sub overloaderror {
 # ------------------------------ Find server with least workload from spare.tab
 
 sub spareserver {
-    my $loadpercent = shift;
+    my ($loadpercent,$userloadpercent) = @_;
     my $tryserver;
     my $spareserver='';
-    my $lowestserver=$loadpercent; 
+    if ($userloadpercent !~ /\d/) { $userloadpercent=0; }
+    my $lowestserver=$loadpercent > $userloadpercent?
+	             $loadpercent :  $userloadpercent;
     foreach $tryserver (keys %spareid) {
-       my $answer=reply('load',$tryserver);
-       if (($answer =~ /\d/) && ($answer<$lowestserver)) {
-	   $spareserver="http://$hostname{$tryserver}";
-           $lowestserver=$answer;
-       }
-    }    
+	my $loadans=reply('load',$tryserver);
+	my $userloadans=reply('userload',$tryserver);
+	if ($loadans !~ /\d/ && $userloadans !~ /\d/) {
+	    next; #didn't get a number from the server
+	}
+	my $answer;
+	if ($loadans =~ /\d/) {
+	    if ($userloadans =~ /\d/) {
+		#both are numbers, pick the bigger one
+		$answer=$loadans > $userloadans?
+		    $loadans :  $userloadans;
+	    } else {
+		$answer = $loadans;
+	    }
+	} else {
+	    $answer = $userloadans;
+	}
+	if (($answer =~ /\d/) && ($answer<$lowestserver)) {
+	    $spareserver="http://$hostname{$tryserver}";
+	    $lowestserver=$answer;
+	}
+    }
     return $spareserver;
 }
 
@@ -426,38 +506,16 @@ sub changepass {
 
 sub queryauthenticate {
     my ($uname,$udom)=@_;
-    if (($perlvar{'lonRole'} eq 'library') && 
-        ($udom eq $perlvar{'lonDefDomain'})) {
-	my $answer=reply("encrypt:currentauth:$udom:$uname",
-			 $perlvar{'lonHostID'});
-	unless ($answer eq 'unknown_user' or $answer eq 'refused') {
-	    if (length($answer)) {
-		return $answer;
-	    }
-	    else {
-	&logthis("User $uname at $udom lacks an authentication mechanism");
-		return 'no_host';
-	    }
-	}
-    }
-
-    my $tryserver;
-    foreach $tryserver (keys %libserv) {
-	if ($hostdom{$tryserver} eq $udom) {
-           my $answer=reply("encrypt:currentauth:$udom:$uname",$tryserver);
-	   unless ($answer eq 'unknown_user' or $answer eq 'refused') {
-	       if (length($answer)) {
-		   return $answer;
-	       }
-	       else {
-	   &logthis("User $uname at $udom lacks an authentication mechanism");
-		   return 'no_host';
-	       }
-	   }
-       }
+    my $uhome=&homeserver($uname,$udom);
+    if (!$uhome) {
+	&logthis("User $uname at $udom is unknown when looking for authentication mechanism");
+	return 'no_host';
+    }
+    my $answer=reply("encrypt:currentauth:$udom:$uname",$uhome);
+    if ($answer =~ /^(unknown_user|refused|con_lost)/) {
+	&logthis("User $uname at $udom threw error $answer when checking authentication mechanism");
     }
-    &logthis("User $uname at $udom lacks an authentication mechanism");    
-    return 'no_host';
+    return $answer;
 }
 
 # --------- Try to authenticate user from domain's lib servers (first this one)
@@ -506,9 +564,9 @@ sub authenticate {
 sub homeserver {
     my ($uname,$udom,$ignoreBadCache)=@_;
     my $index="$uname:$udom";
-    if ($homecache{$index}) { 
-        return "$homecache{$index}"; 
-    }
+
+    my ($result,$cached)=&is_cached(\%homecache,$index,'home',86400);
+    if (defined($cached)) { return $result; }
     my $tryserver;
     foreach $tryserver (keys %libserv) {
         next if ($ignoreBadCache ne 'true' && 
@@ -516,8 +574,7 @@ sub homeserver {
 	if ($hostdom{$tryserver} eq $udom) {
            my $answer=reply("home:$udom:$uname",$tryserver);
            if ($answer eq 'found') { 
-              $homecache{$index}=$tryserver;
-              return $tryserver; 
+	       return &do_cache(\%homecache,$index,$tryserver,'home');
            } elsif ($answer eq 'no_host') {
 	       $badServerCache{$tryserver}=1;
            }
@@ -588,6 +645,132 @@ sub idput {
     }
 }
 
+# --------------------------------------------------- Assign a key to a student
+
+sub assign_access_key {
+#
+# a valid key looks like uname:udom#comments
+# comments are being appended
+#
+    my ($ckey,$cdom,$cnum,$udom,$uname,$logentry)=@_;
+    $cdom=
+   $ENV{'course.'.$ENV{'request.course.id'}.'.domain'} unless (defined($cdom));
+    $cnum=
+   $ENV{'course.'.$ENV{'request.course.id'}.'.num'} unless (defined($cnum));
+    $udom=$ENV{'user.name'} unless (defined($udom));
+    $uname=$ENV{'user.domain'} unless (defined($uname));
+    my %existing=&get('accesskeys',[$ckey],$cdom,$cnum);
+    if (($existing{$ckey}=~/^\#(.*)$/) || # - new key
+        ($existing{$ckey}=~/^$uname\:$udom\#(.*)$/)) { 
+                                                  # assigned to this person
+                                                  # - this should not happen,
+                                                  # unless something went wrong
+                                                  # the first time around
+# ready to assign
+        $logentry=$1.'; '.$logentry;
+        if (&put('accesskey',{$ckey=>$uname.':'.$udom.'#'.$logentry},
+                                                 $cdom,$cnum) eq 'ok') {
+# key now belongs to user
+	    my $envkey='key.'.$cdom.'_'.$cnum;
+            if (&put('environment',{$envkey => $ckey}) eq 'ok') {
+                &appenv('environment.'.$envkey => $ckey);
+                return 'ok';
+            } else {
+                return 
+  'error: Count not permanently assign key, will need to be re-entered later.';
+	    }
+        } else {
+            return 'error: Could not assign key, try again later.';
+        }
+    } elsif (!$existing{$ckey}) {
+# the key does not exist
+	return 'error: The key does not exist';
+    } else {
+# the key is somebody else's
+	return 'error: The key is already in use';
+    }
+}
+
+# ------------------------------------------ put an additional comment on a key
+
+sub comment_access_key {
+#
+# a valid key looks like uname:udom#comments
+# comments are being appended
+#
+    my ($ckey,$cdom,$cnum,$logentry)=@_;
+    $cdom=
+   $ENV{'course.'.$ENV{'request.course.id'}.'.domain'} unless (defined($cdom));
+    $cnum=
+   $ENV{'course.'.$ENV{'request.course.id'}.'.num'} unless (defined($cnum));
+    my %existing=&get('accesskeys',[$ckey],$cdom,$cnum);
+    if ($existing{$ckey}) {
+        $existing{$ckey}.='; '.$logentry;
+# ready to assign
+        if (&put('accesskeys',{$ckey=>$existing{$ckey}},
+                                                 $cdom,$cnum) eq 'ok') {
+	    return 'ok';
+        } else {
+	    return 'error: Count not store comment.';
+        }
+    } else {
+# the key does not exist
+	return 'error: The key does not exist';
+    }
+}
+
+# ------------------------------------------------------ Generate a set of keys
+
+sub generate_access_keys {
+    my ($number,$cdom,$cnum,$logentry)=@_;
+    $cdom=
+   $ENV{'course.'.$ENV{'request.course.id'}.'.domain'} unless (defined($cdom));
+    $cnum=
+   $ENV{'course.'.$ENV{'request.course.id'}.'.num'} unless (defined($cnum));
+    unless (&allowed('mky',$cdom)) { return 0; }
+    unless (($cdom) && ($cnum)) { return 0; }
+    if ($number>10000) { return 0; }
+    sleep(2); # make sure don't get same seed twice
+    srand(time()^($$+($$<<15))); # from "Programming Perl"
+    my $total=0;
+    for (my $i=1;$i<=$number;$i++) {
+       my $newkey=sprintf("%lx",int(100000*rand)).'-'.
+                  sprintf("%lx",int(100000*rand)).'-'.
+                  sprintf("%lx",int(100000*rand));
+       $newkey=~s/1/g/g; # folks mix up 1 and l
+       $newkey=~s/0/h/g; # and also 0 and O
+       my %existing=&get('accesskeys',[$newkey],$cdom,$cnum);
+       if ($existing{$newkey}) {
+           $i--;
+       } else {
+	  if (&put('accesskeys',
+              { $newkey => '# generated '.localtime().
+                           ' by '.$ENV{'user.name'}.'@'.$ENV{'user.domain'}.
+                           '; '.$logentry },
+		   $cdom,$cnum) eq 'ok') {
+              $total++;
+	  }
+       }
+    }
+    &log($ENV{'user.domain'},$ENV{'user.name'},$ENV{'user.home'},
+         'Generated '.$total.' keys for '.$cnum.' at '.$cdom);
+    return $total;
+}
+
+# ------------------------------------------------------- Validate an accesskey
+
+sub validate_access_key {
+    my ($ckey,$cdom,$cnum,$udom,$uname)=@_;
+    $cdom=
+   $ENV{'course.'.$ENV{'request.course.id'}.'.domain'} unless (defined($cdom));
+    $cnum=
+   $ENV{'course.'.$ENV{'request.course.id'}.'.num'} unless (defined($cnum));
+    $udom=$ENV{'user.name'} unless (defined($udom));
+    $uname=$ENV{'user.domain'} unless (defined($uname));
+    my %existing=&get('accesskeys',[$ckey],$cdom,$cnum);
+    return ($existing{$ckey}=~/^$uname\:$udom\#/);
+}
+
 # ------------------------------------- Find the section of student in a course
 
 sub getsection {
@@ -643,8 +826,149 @@ sub getsection {
     return '-1';
 }
 
+
+my $disk_caching_disabled=1;
+
+sub devalidate_cache {
+    my ($cache,$id,$name) = @_;
+    delete $$cache{$id.'.time'};
+    delete $$cache{$id};
+    if ($disk_caching_disabled) { return; }
+    my $filename=$perlvar{'lonDaemons'}.'/tmp/lonnet_internal_cache_'.$name.".db";
+    open(DB,"$filename.lock");
+    flock(DB,LOCK_EX);
+    my %hash;
+    if (tie(%hash,'GDBM_File',$filename,&GDBM_WRCREAT(),0640)) {
+	eval <<'EVALBLOCK';
+	    delete($hash{$id});
+	    delete($hash{$id.'.time'});
+EVALBLOCK
+        if ($@) {
+	    &logthis("<font color='red'>devalidate_cache blew up :$@:$name</font>");
+	    unlink($filename);
+	}
+    } else {
+	if (-e $filename) {
+	    &logthis("Unable to tie hash (devalidate cache): $name");
+	    unlink($filename);
+	}
+    }
+    untie(%hash);
+    flock(DB,LOCK_UN);
+    close(DB);
+}
+
+sub is_cached {
+    my ($cache,$id,$name,$time) = @_;
+    if (!$time) { $time=300; }
+    if (!exists($$cache{$id.'.time'})) {
+	&load_cache_item($cache,$name,$id);
+    }
+    if (!exists($$cache{$id.'.time'})) {
+#	&logthis("Didn't find $id");
+	return (undef,undef);
+    } else {
+	if (time-($$cache{$id.'.time'})>$time) {
+#	    &logthis("Devalidating $id - ".time-($$cache{$id.'.time'}));
+	    &devalidate_cache($cache,$id,$name);
+	    return (undef,undef);
+	}
+    }
+    return ($$cache{$id},1);
+}
+
+sub do_cache {
+    my ($cache,$id,$value,$name) = @_;
+    $$cache{$id.'.time'}=time;
+    $$cache{$id}=$value;
+#    &logthis("Caching $id as :$value:");
+    &save_cache_item($cache,$name,$id);
+    # do_cache implictly return the set value
+    $$cache{$id};
+}
+
+sub save_cache_item {
+    my ($cache,$name,$id)=@_;
+    if ($disk_caching_disabled) { return; }
+    my $starttime=&Time::HiRes::time();
+#    &logthis("Saving :$name:$id");
+    my %hash;
+    my $filename=$perlvar{'lonDaemons'}.'/tmp/lonnet_internal_cache_'.$name.".db";
+    open(DB,"$filename.lock");
+    flock(DB,LOCK_EX);
+    if (tie(%hash,'GDBM_File',$filename,&GDBM_WRCREAT(),0640)) {
+	eval <<'EVALBLOCK';
+	    $hash{$id.'.time'}=$$cache{$id.'.time'};
+	    $hash{$id}=freeze({'item'=>$$cache{$id}});
+EVALBLOCK
+        if ($@) {
+	    &logthis("<font color='red'>save_cache blew up :$@:$name</font>");
+	    unlink($filename);
+	}
+    } else {
+	if (-e $filename) {
+	    &logthis("Unable to tie hash (save cache item): $name ($!)");
+	    unlink($filename);
+	}
+    }
+    untie(%hash);
+    flock(DB,LOCK_UN);
+    close(DB);
+#    &logthis("save_cache_item $name took ".(&Time::HiRes::time()-$starttime));
+}
+
+sub load_cache_item {
+    my ($cache,$name,$id)=@_;
+    if ($disk_caching_disabled) { return; }
+    my $starttime=&Time::HiRes::time();
+#    &logthis("Before Loading $name  for $id size is ".scalar(%$cache));
+    my %hash;
+    my $filename=$perlvar{'lonDaemons'}.'/tmp/lonnet_internal_cache_'.$name.".db";
+    open(DB,"$filename.lock");
+    flock(DB,LOCK_SH);
+    if (tie(%hash,'GDBM_File',$filename,&GDBM_READER(),0640)) {
+	eval <<'EVALBLOCK';
+	    if (!%$cache) {
+		my $count;
+		while (my ($key,$value)=each(%hash)) { 
+		    $count++;
+		    if ($key =~ /\.time$/) {
+			$$cache{$key}=$value;
+		    } else {
+			my $hashref=thaw($value);
+			$$cache{$key}=$hashref->{'item'};
+		    }
+		}
+#	    &logthis("Initial load: $count");
+	    } else {
+		my $hashref=thaw($hash{$id});
+		$$cache{$id}=$hashref->{'item'};
+		$$cache{$id.'.time'}=$hash{$id.'.time'};
+	    }
+EVALBLOCK
+        if ($@) {
+	    &logthis("<font color='red'>load_cache blew up :$@:$name</font>");
+	    unlink($filename);
+	}        
+    } else {
+	if (-e $filename) {
+	    &logthis("Unable to tie hash (load cache item): $name ($!)");
+	    unlink($filename);
+	}
+    }
+    untie(%hash);
+    flock(DB,LOCK_UN);
+    close(DB);
+#    &logthis("After Loading $name size is ".scalar(%$cache));
+#    &logthis("load_cache_item $name took ".(&Time::HiRes::time()-$starttime));
+}
+
 sub usection {
     my ($udom,$unam,$courseid)=@_;
+    my $hashid="$udom:$unam:$courseid";
+    
+    my ($result,$cached)=&is_cached(\%usectioncache,$hashid,'usection');
+    if (defined($cached)) { return $result; }
     $courseid=~s/\_/\//g;
     $courseid=~s/^(\w)/\/$1/;
     foreach (split(/\&/,&reply('dump:'.$udom.':'.$unam.':roles',
@@ -663,10 +987,12 @@ sub usection {
             if ($end) {
                 if ($now>$end) { $notactive=1; }
             } 
-            unless ($notactive) { return $section; }
+            unless ($notactive) {
+		return &do_cache(\%usectioncache,$hashid,$section,'usection');
+	    }
         }
     }
-    return '-1';
+    return &do_cache(\%usectioncache,$hashid,'-1','usection');
 }
 
 # ------------------------------------- Read an entry from a user's environment
@@ -706,6 +1032,8 @@ sub getversion {
 
 sub currentversion {
     my $fname=shift;
+    my ($result,$cached)=&is_cached(\%resversioncache,$fname,'resversion',600);
+    if (defined($cached)) { return $result; }
     my $author=$fname;
     $author=~s/\/home\/httpd\/html\/res\/([^\/]*)\/([^\/]*).*/$1\/$2/;
     my ($udom,$uname)=split(/\//,$author);
@@ -717,7 +1045,7 @@ sub currentversion {
     if (($answer eq 'con_lost') || ($answer eq 'rejected')) {
 	return -1;
     }
-    return $answer;
+    return &do_cache(\%resversioncache,$fname,$answer,'resversion');
 }
 
 # ----------------------------- Subscribe to a resource, return URL if possible
@@ -752,7 +1080,7 @@ sub repcopy {
 	   &logthis("Subscribe returned $remoteurl: $filename");
            return HTTP_SERVICE_UNAVAILABLE;
     } elsif ($remoteurl eq 'not_found') {
-	   &logthis("Subscribe returned not_found: $filename");
+	   #&logthis("Subscribe returned not_found: $filename");
 	   return HTTP_NOT_FOUND;
     } elsif ($remoteurl =~ /^rejected by/) {
 	   &logthis("Subscribe returned $remoteurl: $filename");
@@ -806,11 +1134,11 @@ sub repcopy {
 
 # ------------------------------------------------ Get server side include body
 sub ssi_body {
-    my $filelink=shift;
+    my ($filelink,%form)=@_;
     my $output=($filelink=~/^http\:/?&externalssi($filelink):
-                                     &ssi($filelink));
-    $output=~s/^.*\<body[^\>]*\>//si;
-    $output=~s/\<\/body\s*\>.*$//si;
+                                     &ssi($filelink,%form));
+    $output=~s/^.*?\<body[^\>]*\>//si;
+    $output=~s/(.*)\<\/body\s*\>.*?$/$1/si;
     $output=~
             s/\/\/ BEGIN LON\-CAPA Internal.+\/\/ END LON\-CAPA Internal\s//gs;
     return $output;
@@ -914,8 +1242,9 @@ sub finishuserfileupload {
     }
 # Save the file
     {
-       my $fh=Apache::File->new('>'.$filepath.'/'.$fname);
+       open(my $fh,'>'.$filepath.'/'.$fname);
        print $fh $ENV{'form.'.$formname};
+       close($fh);
     }
 # Notify homeserver to grep it
 #
@@ -941,12 +1270,24 @@ sub log {
 }
 
 # ------------------------------------------------------------------ Course Log
+#
+# This routine flushes several buffers of non-mission-critical nature
+#
 
 sub flushcourselogs {
-    &logthis('Flushing course log buffers');
+    &logthis('Flushing log buffers');
+#
+# course logs
+# This is a log of all transactions in a course, which can be used
+# for data mining purposes
+#
+# It also collects the courseid database, which lists last transaction
+# times and course titles for all courseids
+#
+    my %courseidbuffer=();
     foreach (keys %courselogs) {
         my $crsid=$_;
-        if (&reply('log:'.$coursedombuf{$crsid}.':'.
+        if (&reply('log:'.$coursedombuf{$crsid}.':'.$coursenumbuf{$crsid}.':'.
 		          &escape($courselogs{$crsid}),
 		          $coursehombuf{$crsid}) eq 'ok') {
 	    delete $courselogs{$crsid};
@@ -957,15 +1298,69 @@ sub flushcourselogs {
                         " exceeded maximum size, deleting.</font>");
                delete $courselogs{$crsid};
             }
-        }        
+        }
+        if ($courseidbuffer{$coursehombuf{$crsid}}) {
+           $courseidbuffer{$coursehombuf{$crsid}}.='&'.
+			 &escape($crsid).'='.&escape($coursedescrbuf{$crsid});
+        } else {
+           $courseidbuffer{$coursehombuf{$crsid}}=
+			 &escape($crsid).'='.&escape($coursedescrbuf{$crsid});
+        }    
+    }
+#
+# Write course id database (reverse lookup) to homeserver of courses 
+# Is used in pickcourse
+#
+    foreach (keys %courseidbuffer) {
+        &courseidput($hostdom{$_},$courseidbuffer{$_},$_);
+    }
+#
+# File accesses
+# Writes to the dynamic metadata of resources to get hit counts, etc.
+#
+    foreach my $entry (keys(%accesshash)) {
+        if ($entry =~ /___count$/) {
+            my ($dom,$name);
+            ($dom,$name,undef)=($entry=~m:___(\w+)/(\w+)/(.*)___count$:);
+            if (! defined($dom) || $dom eq '' || 
+                ! defined($name) || $name eq '') {
+                my $cid = $ENV{'request.course.id'};
+                $dom  = $ENV{'request.'.$cid.'.domain'};
+                $name = $ENV{'request.'.$cid.'.num'};
+            }
+            my $value = $accesshash{$entry};
+            my (undef,$url,undef) = ($entry =~ /^(.*)___(.*)___count$/);
+            my %temphash=($url => $value);
+            my $result = &inc('nohist_accesscount',\%temphash,$dom,$name);
+            if ($result eq 'ok') {
+                delete $accesshash{$entry};
+            } elsif ($result eq 'unknown_cmd') {
+                # Target server has old code running on it.
+                my %temphash=($entry => $value);
+                if (&put('nohist_resevaldata',\%temphash,$dom,$name) eq 'ok') {
+                    delete $accesshash{$entry};
+                }
+            }
+        } else {
+            my ($dom,$name) = ($entry=~m:___(\w+)/(\w+)/(.*)___(\w+)$:);
+            my %temphash=($entry => $accesshash{$entry});
+            if (&put('nohist_resevaldata',\%temphash,$dom,$name) eq 'ok') {
+                delete $accesshash{$entry};
+            }
+        }
     }
-    &logthis('Flushing access logs');
-    foreach (keys %accesshash) {
+#
+# Roles
+# Reverse lookup of user roles for course faculty/staff and co-authorship
+#
+    foreach (keys %userrolehash) {
         my $entry=$_;
-        $entry=~/\_\_\_(\w+)\/(\w+)\/(.*)\_\_\_(\w+)$/;
-        my %temphash=($entry => $accesshash{$entry});
-        if (&Apache::lonnet::put('nohist_resevaldata',\%temphash,$1,$2) eq 'ok') {
-	    delete $accesshash{$entry};
+        my ($role,$uname,$udom,$runame,$rudom,$rsec)=
+	    split(/\:/,$entry);
+        if (&Apache::lonnet::put('nohist_userroles',
+             { $role.':'.$uname.':'.$udom.':'.$rsec => $userrolehash{$entry} },
+                $rudom,$runame) eq 'ok') {
+	    delete $userrolehash{$entry};
         }
     }
     $dumpcount++;
@@ -976,10 +1371,13 @@ sub courselog {
     $what=time.':'.$what;
     unless ($ENV{'request.course.id'}) { return ''; }
     $coursedombuf{$ENV{'request.course.id'}}=
-       $ENV{'course.'.$ENV{'request.course.id'}.'.domain'}.':'.
+       $ENV{'course.'.$ENV{'request.course.id'}.'.domain'};
+    $coursenumbuf{$ENV{'request.course.id'}}=
        $ENV{'course.'.$ENV{'request.course.id'}.'.num'};
     $coursehombuf{$ENV{'request.course.id'}}=
        $ENV{'course.'.$ENV{'request.course.id'}.'.home'};
+    $coursedescrbuf{$ENV{'request.course.id'}}=
+       $ENV{'course.'.$ENV{'request.course.id'}.'.description'};
     if (defined $courselogs{$ENV{'request.course.id'}}) {
 	$courselogs{$ENV{'request.course.id'}}.='&'.$what;
     } else {
@@ -994,7 +1392,7 @@ sub courseacclog {
     my $fnsymb=shift;
     unless ($ENV{'request.course.id'}) { return ''; }
     my $what=$fnsymb.':'.$ENV{'user.name'}.':'.$ENV{'user.domain'};
-    if ($fnsymb=~/(problem|exam|quiz|assess|survey|form)$/) {
+    if ($fnsymb=~/(problem|exam|quiz|assess|survey|form|page)$/) {
         $what.=':POST';
 	foreach (keys %ENV) {
             if ($_=~/^form\.(.*)/) {
@@ -1007,16 +1405,138 @@ sub courseacclog {
 
 sub countacc {
     my $url=&declutter(shift);
+    return if (! defined($url) || $url eq '');
     unless ($ENV{'request.course.id'}) { return ''; }
     $accesshash{$ENV{'request.course.id'}.'___'.$url.'___course'}=1;
     my $key=$$.$processmarker.'_'.$dumpcount.'___'.$url.'___count';
-    if (defined($accesshash{$key})) {
-	$accesshash{$key}++;
+    $accesshash{$key}++;
+}
+
+sub linklog {
+    my ($from,$to)=@_;
+    $from=&declutter($from);
+    $to=&declutter($to);
+    $accesshash{$from.'___'.$to.'___comefrom'}=1;
+    $accesshash{$to.'___'.$from.'___goto'}=1;
+}
+  
+sub userrolelog {
+    my ($trole,$username,$domain,$area,$tstart,$tend)=@_;
+    if (($trole=~/^ca/) || ($trole=~/^in/) || 
+        ($trole=~/^cc/) || ($trole=~/^ep/) ||
+        ($trole=~/^cr/) || ($trole=~/^ta/)) {
+       my (undef,$rudom,$runame,$rsec)=split(/\//,$area);
+       $userrolehash
+         {$trole.':'.$username.':'.$domain.':'.$runame.':'.$rudom.':'.$rsec}
+                    =$tend.':'.$tstart;
+   }
+}
+
+sub get_course_adv_roles {
+    my $cid=shift;
+    $cid=$ENV{'request.course.id'} unless (defined($cid));
+    my %coursehash=&coursedescription($cid);
+    my %returnhash=();
+    my %dumphash=
+            &dump('nohist_userroles',$coursehash{'domain'},$coursehash{'num'});
+    my $now=time;
+    foreach (keys %dumphash) {
+	my ($tend,$tstart)=split(/\:/,$dumphash{$_});
+        if (($tstart) && ($tstart<0)) { next; }
+        if (($tend) && ($tend<$now)) { next; }
+        if (($tstart) && ($now<$tstart)) { next; }
+        my ($role,$username,$domain,$section)=split(/\:/,$_);
+	if (&privileged($username,$domain)) { next; }
+        my $key=&plaintext($role);
+        if ($section) { $key.=' (Sec/Grp '.$section.')'; }
+        if ($returnhash{$key}) {
+	    $returnhash{$key}.=','.$username.':'.$domain;
+        } else {
+            $returnhash{$key}=$username.':'.$domain;
+        }
+     }
+    return %returnhash;
+}
+
+sub get_my_roles {
+    my ($uname,$udom)=@_;
+    unless (defined($uname)) { $uname=$ENV{'user.name'}; }
+    unless (defined($udom)) { $udom=$ENV{'user.domain'}; }
+    my %dumphash=
+            &dump('nohist_userroles',$udom,$uname);
+    my %returnhash=();
+    my $now=time;
+    foreach (keys %dumphash) {
+	my ($tend,$tstart)=split(/\:/,$dumphash{$_});
+        if (($tstart) && ($tstart<0)) { next; }
+        if (($tend) && ($tend<$now)) { next; }
+        if (($tstart) && ($now<$tstart)) { next; }
+        my ($role,$username,$domain,$section)=split(/\:/,$_);
+	$returnhash{$username.':'.$domain.':'.$role}=$tstart.':'.$tend;
+     }
+    return %returnhash;
+}
+
+# ----------------------------------------------------- Frontpage Announcements
+#
+#
+
+sub postannounce {
+    my ($server,$text)=@_;
+    unless (&allowed('psa',$hostdom{$server})) { return 'refused'; }
+    unless ($text=~/\w/) { $text=''; }
+    return &reply('setannounce:'.&escape($text),$server);
+}
+
+sub getannounce {
+
+    if (open(my $fh,$perlvar{'lonDocRoot'}.'/announcement.txt')) {
+	my $announcement='';
+	while (<$fh>) { $announcement .=$_; }
+	close($fh);
+	if ($announcement=~/\w/) { 
+	    return 
+   '<table bgcolor="#FF5555" cellpadding="5" cellspacing="3">'.
+   '<tr><td bgcolor="#FFFFFF"><pre>'.$announcement.'</pre></td></tr></table>'; 
+	} else {
+	    return '';
+	}
     } else {
-        $accesshash{$key}=1;
+	return '';
     }
 }
-    
+
+# ---------------------------------------------------------- Course ID routines
+# Deal with domain's nohist_courseid.db files
+#
+
+sub courseidput {
+    my ($domain,$what,$coursehome)=@_;
+    return &reply('courseidput:'.$domain.':'.$what,$coursehome);
+}
+
+sub courseiddump {
+    my ($domfilter,$descfilter,$sincefilter)=@_;
+    my %returnhash=();
+    unless ($domfilter) { $domfilter=''; }
+    foreach my $tryserver (keys %libserv) {
+	if ((!$domfilter) || ($hostdom{$tryserver} eq $domfilter)) {
+	    foreach (
+             split(/\&/,&reply('courseiddump:'.$hostdom{$tryserver}.':'.
+			       $sincefilter.':'.&escape($descfilter),
+                               $tryserver))) {
+		my ($key,$value)=split(/\=/,$_);
+                if (($key) && ($value)) {
+		    $returnhash{&unescape($key)}=&unescape($value);
+                }
+            }
+
+        }
+    }
+    return %returnhash;
+}
+
+#
 # ----------------------------------------------------------- Check out an item
 
 sub checkout {
@@ -1127,19 +1647,19 @@ sub devalidate {
     my ($symb,$uname,$udom)=@_;
     my $cid=$ENV{'request.course.id'}; 
     if ($cid) {
-# delete the stored spreadsheets for
-# - the student level sheet of this user in course's homespace
-# - the assessment level sheet for this resource 
-#   for this user in user's homespace
+        # delete the stored spreadsheets for
+        # - the student level sheet of this user in course's homespace
+        # - the assessment level sheet for this resource 
+        #   for this user in user's homespace
 	my $key=$uname.':'.$udom.':';
         my $status=
 	    &del('nohist_calculatedsheets',
-		 [$key.'studentcalc'],
+		 [$key.'studentcalc:'],
 		 $ENV{'course.'.$cid.'.domain'},
 		 $ENV{'course.'.$cid.'.num'})
 		.' '.
 	    &del('nohist_calculatedsheets_'.$cid,
-		 [$key.'assesscalc:'.$symb]);
+		 [$key.'assesscalc:'.$symb],$udom,$uname);
         unless ($status eq 'ok ok') {
            &logthis('Could not devalidate spreadsheet '.
                     $uname.' at '.$udom.' for '.
@@ -1345,7 +1865,7 @@ sub tmpreset {
   my ($symb,$namespace,$domain,$stuname) = @_;
   if (!$symb) {
     $symb=&symbread();
-    if (!$symb) { $symb= $ENV{'REQUEST_URI'}; }
+    if (!$symb) { $symb= $ENV{'request.url'}; }
   }
   $symb=escape($symb);
 
@@ -1486,6 +2006,10 @@ sub store {
        } 
     }
     if (!$home) { $home=$ENV{'user.home'}; }
+
+    $$storehash{'ip'}=$ENV{'REMOTE_ADDR'};
+    $$storehash{'host'}=$perlvar{'lonHostID'};
+
     my $namevalue='';
     foreach (keys %$storehash) {
         $namevalue.=escape($_).'='.escape($$storehash{$_}).'&';
@@ -1519,6 +2043,9 @@ sub cstore {
     }
     if (!$home) { $home=$ENV{'user.home'}; }
 
+    $$storehash{'ip'}=$ENV{'REMOTE_ADDR'};
+    $$storehash{'host'}=$perlvar{'lonHostID'};
+
     my $namevalue='';
     foreach (keys %$storehash) {
         $namevalue.=escape($_).'='.escape($$storehash{$_}).'&';
@@ -1601,6 +2128,36 @@ sub coursedescription {
     return %returnhash;
 }
 
+# -------------------------------------------------See if a user is privileged
+
+sub privileged {
+    my ($username,$domain)=@_;
+    my $rolesdump=&reply("dump:$domain:$username:roles",
+			&homeserver($username,$domain));
+    if (($rolesdump eq 'con_lost') || ($rolesdump eq '')) { return 0; }
+    my $now=time;
+    if ($rolesdump ne '') {
+        foreach (split(/&/,$rolesdump)) {
+	    if ($_!~/^rolesdef\&/) {
+		my ($area,$role)=split(/=/,$_);
+		$area=~s/\_\w\w$//;
+		my ($trole,$tend,$tstart)=split(/_/,$role);
+		if (($trole eq 'dc') || ($trole eq 'su')) {
+		    my $active=1;
+		    if ($tend) {
+			if ($tend<$now) { $active=0; }
+		    }
+		    if ($tstart) {
+			if ($tstart>$now) { $active=0; }
+		    }
+		    if ($active) { return 1; }
+		}
+	    }
+	}
+    }
+    return 0;
+}
+
 # -------------------------------------------------------- Get user privileges
 
 sub rolesinit {
@@ -1621,6 +2178,8 @@ sub rolesinit {
             my ($trole,$tend,$tstart)=split(/_/,$role);
             $userroles.='user.role.'.$trole.'.'.$area.'='.
                         $tstart.'.'.$tend."\n";
+# log the associated role with the area
+            &userrolelog($trole,$username,$domain,$area,$tstart,$tend);
             if ($tend!=0) {
 	        if ($tend<$now) {
 	            $trole='';
@@ -1632,42 +2191,54 @@ sub rolesinit {
                 }
             }
             if (($area ne '') && ($trole ne '')) {
-	       my $spec=$trole.'.'.$area;
-               my ($tdummy,$tdomain,$trest)=split(/\//,$area);
-               if ($trole =~ /^cr\//) {
-		   my ($rdummy,$rdomain,$rauthor,$rrole)=split(/\//,$trole);
-                   my $homsvr=homeserver($rauthor,$rdomain);
-                   if ($hostname{$homsvr} ne '') {
-                      my $roledef=
-			  reply("get:$rdomain:$rauthor:roles:rolesdef_$rrole",
-                                $homsvr);
-                      if (($roledef ne 'con_lost') && ($roledef ne '')) {
-                         my ($syspriv,$dompriv,$coursepriv)=
-			     split(/\_/,unescape($roledef));
- 	                 $allroles{'cm./'}.=':'.$syspriv;
-                         $allroles{$spec.'./'}.=':'.$syspriv;
-                         if ($tdomain ne '') {
-                             $allroles{'cm./'.$tdomain.'/'}.=':'.$dompriv;
-                             $allroles{$spec.'./'.$tdomain.'/'}.=':'.$dompriv;
-                             if ($trest ne '') {
-		                $allroles{'cm.'.$area}.=':'.$coursepriv;
-		                $allroles{$spec.'.'.$area}.=':'.$coursepriv;
-                             }
-	                 }
-                      }
-                   }
-               } else {
-	           $allroles{'cm./'}.=':'.$pr{$trole.':s'};
-	           $allroles{$spec.'./'}.=':'.$pr{$trole.':s'};
-                   if ($tdomain ne '') {
-                     $allroles{'cm./'.$tdomain.'/'}.=':'.$pr{$trole.':d'};
-                     $allroles{$spec.'./'.$tdomain.'/'}.=':'.$pr{$trole.':d'};
-                      if ($trest ne '') {
-		          $allroles{'cm.'.$area}.=':'.$pr{$trole.':c'};
-		          $allroles{$spec.'.'.$area}.=':'.$pr{$trole.':c'};
-                      }
-	           }
-	       }
+		my $spec=$trole.'.'.$area;
+		my ($tdummy,$tdomain,$trest)=split(/\//,$area);
+		if ($trole =~ /^cr\//) {
+		    my ($rdummy,$rdomain,$rauthor,$rrole)=split(/\//,$trole);
+ 		    my $homsvr=homeserver($rauthor,$rdomain);
+		    if ($hostname{$homsvr} ne '') {
+			my ($rdummy,$roledef)=
+			   &get('roles',["rolesdef_$rrole"],$rdomain,$rauthor);
+				
+			if (($rdummy ne 'con_lost') && ($roledef ne '')) {
+			    my ($syspriv,$dompriv,$coursepriv)=
+				split(/\_/,$roledef);
+			    if (defined($syspriv)) {
+				$allroles{'cm./'}.=':'.$syspriv;
+				$allroles{$spec.'./'}.=':'.$syspriv;
+			    }
+			    if ($tdomain ne '') {
+				if (defined($dompriv)) {
+				    $allroles{'cm./'.$tdomain.'/'}.=':'.$dompriv;
+				    $allroles{$spec.'./'.$tdomain.'/'}.=':'.$dompriv;
+				}
+				if ($trest ne '') {
+				    if (defined($coursepriv)) {
+					$allroles{'cm.'.$area}.=':'.$coursepriv;
+					$allroles{$spec.'.'.$area}.=':'.$coursepriv;
+				    }
+				}
+			    }
+			}
+		    }
+		} else {
+		    if (defined($pr{$trole.':s'})) {
+			$allroles{'cm./'}.=':'.$pr{$trole.':s'};
+			$allroles{$spec.'./'}.=':'.$pr{$trole.':s'};
+		    }
+		    if ($tdomain ne '') {
+			if (defined($pr{$trole.':d'})) {
+			    $allroles{'cm./'.$tdomain.'/'}.=':'.$pr{$trole.':d'};
+			    $allroles{$spec.'./'.$tdomain.'/'}.=':'.$pr{$trole.':d'};
+			}
+			if ($trest ne '') {
+			    if (defined($pr{$trole.':c'})) {
+				$allroles{'cm.'.$area}.=':'.$pr{$trole.':c'};
+				$allroles{$spec.'.'.$area}.=':'.$pr{$trole.':c'};
+			    }
+			}
+		    }
+		}
             }
           } 
         }
@@ -1765,6 +2336,21 @@ sub dump {
    return %returnhash;
 }
 
+# -------------------------------------------------------------- keys interface
+
+sub getkeys {
+   my ($namespace,$udomain,$uname)=@_;
+   if (!$udomain) { $udomain=$ENV{'user.domain'}; }
+   if (!$uname) { $uname=$ENV{'user.name'}; }
+   my $uhome=&homeserver($uname,$udomain);
+   my $rep=reply("keys:$udomain:$uname:$namespace",$uhome);
+   my @keyarray=();
+   foreach (split(/\&/,$rep)) {
+      push (@keyarray,&unescape($_));
+   }
+   return @keyarray;
+}
+
 # --------------------------------------------------------------- currentdump
 sub currentdump {
    my ($courseid,$sdom,$sname)=@_;
@@ -1784,27 +2370,7 @@ sub currentdump {
        return if ($tmp[0] =~ /^(error:|no_such_host)/);
        my %hash = @tmp;
        @tmp=();
-       # Code ripped from lond, essentially.  The only difference
-       # here is the unescaping done by lonnet::dump().  Conceivably
-       # we might run in to problems with parameter names =~ /^v\./
-       while (my ($key,$value) = each(%hash)) {
-           my ($v,$symb,$param) = split(/:/,$key);
-           next if ($v eq 'version' || $symb eq 'keys');
-           next if (exists($returnhash{$symb}) &&
-                    exists($returnhash{$symb}->{$param}) &&
-                    $returnhash{$symb}->{'v.'.$param} > $v);
-           $returnhash{$symb}->{$param}=$value;
-           $returnhash{$symb}->{'v.'.$param}=$v;
-       }
-       #
-       # Remove all of the keys in the hashes which keep track of
-       # the version of the parameter.
-       while (my ($symb,$param_hash) = each(%returnhash)) {
-           # use a foreach because we are going to delete from the hash.
-           foreach my $key (keys(%$param_hash)) {
-               delete($param_hash->{$key}) if ($key =~ /^v\./);
-           }
-       }
+       %returnhash = %{&convert_dump_to_currentdump(\%hash)};
    } else {
        my @pairs=split(/\&/,$rep);
        foreach (@pairs) {
@@ -1817,6 +2383,57 @@ sub currentdump {
    return %returnhash;
 }
 
+sub convert_dump_to_currentdump{
+    my %hash = %{shift()};
+    my %returnhash;
+    # Code ripped from lond, essentially.  The only difference
+    # here is the unescaping done by lonnet::dump().  Conceivably
+    # we might run in to problems with parameter names =~ /^v\./
+    while (my ($key,$value) = each(%hash)) {
+        my ($v,$symb,$param) = split(/:/,$key);
+        next if ($v eq 'version' || $symb eq 'keys');
+        next if (exists($returnhash{$symb}) &&
+                 exists($returnhash{$symb}->{$param}) &&
+                 $returnhash{$symb}->{'v.'.$param} > $v);
+        $returnhash{$symb}->{$param}=$value;
+        $returnhash{$symb}->{'v.'.$param}=$v;
+    }
+    #
+    # Remove all of the keys in the hashes which keep track of
+    # the version of the parameter.
+    while (my ($symb,$param_hash) = each(%returnhash)) {
+        # use a foreach because we are going to delete from the hash.
+        foreach my $key (keys(%$param_hash)) {
+            delete($param_hash->{$key}) if ($key =~ /^v\./);
+        }
+    }
+    return \%returnhash;
+}
+
+# --------------------------------------------------------------- inc interface
+
+sub inc {
+    my ($namespace,$store,$udomain,$uname) = @_;
+    if (!$udomain) { $udomain=$ENV{'user.domain'}; }
+    if (!$uname) { $uname=$ENV{'user.name'}; }
+    my $uhome=&homeserver($uname,$udomain);
+    my $items='';
+    if (! ref($store)) {
+        # got a single value, so use that instead
+        $items = &escape($store).'=&';
+    } elsif (ref($store) eq 'SCALAR') {
+        $items = &escape($$store).'=&';        
+    } elsif (ref($store) eq 'ARRAY') {
+        $items = join('=&',map {&escape($_);} @{$store});
+    } elsif (ref($store) eq 'HASH') {
+        while (my($key,$value) = each(%{$store})) {
+            $items.= &escape($key).'='.&escape($value).'&';
+        }
+    }
+    $items=~s/\&$//;
+    return &reply("inc:$udomain:$uname:$namespace:$items",$uhome);
+}
+
 # --------------------------------------------------------------- put interface
 
 sub put {
@@ -1870,14 +2487,49 @@ sub eget {
    return %returnhash;
 }
 
+# ---------------------------------------------- Custom access rule evaluation
+
+sub customaccess {
+    my ($priv,$uri)=@_;
+    my ($urole,$urealm)=split(/\./,$ENV{'request.role'});
+    $urealm=~s/^\W//;
+    my ($udom,$ucrs,$usec)=split(/\//,$urealm);
+    my $access=0;
+    foreach (split(/\s*\,\s*/,&metadata($uri,'rule_rights'))) {
+	my ($effect,$realm,$role)=split(/\:/,$_);
+        if ($role) {
+	   if ($role ne $urole) { next; }
+        }
+        foreach (split(/\s*\,\s*/,$realm)) {
+            my ($tdom,$tcrs,$tsec)=split(/\_/,$_);
+            if ($tdom) {
+		if ($tdom ne $udom) { next; }
+            }
+            if ($tcrs) {
+		if ($tcrs ne $ucrs) { next; }
+            }
+            if ($tsec) {
+		if ($tsec ne $usec) { next; }
+            }
+            $access=($effect eq 'allow');
+            last;
+        }
+	if ($realm eq '' && $role eq '') {
+            $access=($effect eq 'allow');
+	}
+    }
+    return $access;
+}
+
 # ------------------------------------------------- Check for a user privilege
 
 sub allowed {
     my ($priv,$uri)=@_;
-
+    $uri=&deversion($uri);
     my $orguri=$uri;
     $uri=&declutter($uri);
 
+    if (defined($ENV{'allowed.'.$priv})) { return $ENV{'allowed.'.$priv}; }
 # Free bre access to adm and meta resources
 
     if ((($uri=~/^adm\//) || ($uri=~/\.meta$/)) && ($priv eq 'bre')) {
@@ -1908,6 +2560,9 @@ sub allowed {
             # Library role, so allow browsing of resources in this domain.
             return 'F';
         }
+        if ($copyright eq 'custom') {
+	    unless (&customaccess($priv,$uri)) { return ''; }
+        }
     }
     # Domain coordinator is trying to create a course
     if (($priv eq 'ccc') && ($ENV{'request.role'} =~ /^dc\./)) {
@@ -2125,20 +2780,10 @@ sub allowed {
 
    if ($thisallowed=~/R/) {
        my $rolecode=(split(/\./,$ENV{'request.role'}))[0];
-       my $filename=$perlvar{'lonDocRoot'}.'/res/'.$uri.'.meta';
-       if (-e $filename) {
-           my @content;
-           {
-	     my $fh=Apache::File->new($filename);
-             @content=<$fh>;
-	   }
-           if (join('',@content)=~
-                    /\<roledeny[^\>]*\>[^\<]*$rolecode[^\<]*\<\/roledeny\>/) {
-	       &log($ENV{'user.domain'},$ENV{'user.name'},$ENV{'user.host'},
+       if (&metadata($uri,'roledeny')=~/$rolecode/) {
+	  &log($ENV{'user.domain'},$ENV{'user.name'},$ENV{'user.host'},
                     'Denied by role: '.$priv.' for '.$uri.' as '.$rolecode);
-           return '';
-
-           }
+          return '';
        }
    }
 
@@ -2165,6 +2810,7 @@ sub allowed {
 
 sub is_on_map {
     my $uri=&declutter(shift);
+    $uri=~s/\.\d+\.(\w+)$/\.$1/;
     my @uriparts=split(/\//,$uri);
     my $filename=$uriparts[$#uriparts];
     my $pathname=$uri;
@@ -2180,12 +2826,35 @@ sub is_on_map {
     }
 }
 
+# --------------------------------------------------------- Get symb from alias
+
+sub get_symb_from_alias {
+    my $symb=shift;
+    my ($map,$resid,$url)=&decode_symb($symb);
+# Already is a symb
+    if ($url) { return $symb; }
+# Must be an alias
+    my $aliassymb='';
+    my %bighash;
+    if (tie(%bighash,'GDBM_File',$ENV{'request.course.fn'}.'.db',
+                            &GDBM_READER(),0640)) {
+        my $rid=$bighash{'mapalias_'.$symb};
+	if ($rid) {
+	    my ($mapid,$resid)=split(/\./,$rid);
+	    $aliassymb=&encode_symb($bighash{'map_id_'.$mapid},
+				    $resid,$bighash{'src_'.$rid});
+	}
+        untie %bighash;
+    }
+    return $aliassymb;
+}
+
 # ----------------------------------------------------------------- Define Role
 
 sub definerole {
   if (allowed('mcr','/')) {
     my ($rolename,$sysrole,$domrole,$courole)=@_;
-    foreach (split('/',$sysrole)) {
+    foreach (split(':',$sysrole)) {
 	my ($crole,$cqual)=split(/\&/,$_);
         if ($pr{'cr:s'}!~/$crole/) { return "refused:s:$crole"; }
         if ($pr{'cr:s'}=~/$crole\&/) {
@@ -2194,7 +2863,7 @@ sub definerole {
             }
         }
     }
-    foreach (split('/',$domrole)) {
+    foreach (split(':',$domrole)) {
 	my ($crole,$cqual)=split(/\&/,$_);
         if ($pr{'cr:d'}!~/$crole/) { return "refused:d:$crole"; }
         if ($pr{'cr:d'}=~/$crole\&/) {
@@ -2203,7 +2872,7 @@ sub definerole {
             }
         }
     }
-    foreach (split('/',$courole)) {
+    foreach (split(':',$courole)) {
 	my ($crole,$cqual)=split(/\&/,$_);
         if ($pr{'cr:c'}!~/$crole/) { return "refused:c:$crole"; }
         if ($pr{'cr:c'}=~/$crole\&/) {
@@ -2265,9 +2934,9 @@ sub get_query_reply {
     for (1..100) {
 	sleep 2;
         if (-e $replyfile.'.end') {
-	    if (my $fh=Apache::File->new($replyfile)) {
+	    if (open(my $fh,$replyfile)) {
                $reply.=<$fh>;
-               $fh->close;
+               close($fh);
 	   } else { return 'error: reply_file_error'; }
            return &unescape($reply);
 	}
@@ -2306,16 +2975,18 @@ sub userlog_query {
 
 sub plaintext {
     my $short=shift;
-    return $prp{$short};
+    return &mt($prp{$short});
 }
 
 # ----------------------------------------------------------------- Assign Role
 
 sub assignrole {
-    my ($udom,$uname,$url,$role,$end,$start)=@_;
+    my ($udom,$uname,$url,$role,$end,$start,$deleteflag)=@_;
     my $mrole;
     if ($role =~ /^cr\//) {
-	unless (&allowed('ccr',$url)) {
+        my $cwosec=$url;
+        $cwosec=~s/^\/(\w+)\/(\w+)\/.*/$1\/$2/;
+	unless (&allowed('ccr',$cwosec)) {
            &logthis('Refused custom assignrole: '.
              $udom.' '.$uname.' '.$url.' '.$role.' '.$end.' '.$start.' by '.
 		    $ENV{'user.name'}.' at '.$ENV{'user.domain'});
@@ -2325,7 +2996,7 @@ sub assignrole {
     } else {
         my $cwosec=$url;
         $cwosec=~s/^\/(\w+)\/(\w+)\/.*/$1\/$2/;
-        unless (&allowed('c'.$role,$cwosec)) { 
+        unless ((&allowed('c'.$role,$cwosec)) || &allowed('c'.$role,$udom)) { 
            &logthis('Refused assignrole: '.
              $udom.' '.$uname.' '.$url.' '.$role.' '.$end.' '.$start.' by '.
 		    $ENV{'user.name'}.' at '.$ENV{'user.domain'});
@@ -2343,7 +3014,25 @@ sub assignrole {
            $command.='_0_'.$start;
         }
     }
-    return &reply($command,&homeserver($uname,$udom));
+# actually delete
+    if ($deleteflag) {
+	if ((&allowed('dro',$udom)) || (&allowed('dro',$url))) {
+# modify command to delete the role
+           $command="encrypt:rolesdel:$ENV{'user.domain'}:$ENV{'user.name'}:".
+                "$udom:$uname:$url".'_'."$mrole";
+	   &logthis("$ENV{'user.name'} at $ENV{'user.domain'} deletes $mrole in $url for $uname at $udom"); 
+# set start and finish to negative values for userrolelog
+           $start=-1;
+           $end=-1;
+        }
+    }
+# send command
+    my $answer=&reply($command,&homeserver($uname,$udom));
+# log new user role if status is ok
+    if ($answer eq 'ok') {
+	&userrolelog($mrole,$uname,$udom,$url,$start,$end);
+    }
+    return $answer;
 }
 
 # -------------------------------------------------- Modify user authentication
@@ -2378,7 +3067,7 @@ sub modifyuser {
     my ($udom,    $uname, $uid,
         $umode,   $upass, $first,
         $middle,  $last,  $gene,
-        $forceid, $desiredhome)=@_;
+        $forceid, $desiredhome, $email)=@_;
     $udom=~s/\W//g;
     $uname=~s/\W//g;
     &logthis('Call to modify user '.$udom.', '.$uname.', '.$uid.', '.
@@ -2390,7 +3079,8 @@ sub modifyuser {
              ' in domain '.$ENV{'request.role.domain'});
     my $uhome=&homeserver($uname,$udom,'true');
 # ----------------------------------------------------------------- Create User
-    if (($uhome eq 'no_host') && ($umode) && ($upass)) {
+    if (($uhome eq 'no_host') && 
+	(($umode && $upass) || ($umode eq 'localauth'))) {
         my $unhome='';
         if (defined($desiredhome) && $hostdom{$desiredhome} eq $udom) { 
             $unhome = $desiredhome;
@@ -2420,7 +3110,7 @@ sub modifyuser {
         }   
         $uhome=&homeserver($uname,$udom,'true');
         if (($uhome eq '') || ($uhome eq 'no_host') || ($uhome ne $unhome)) {
-	    return 'error: verify home';
+	    return 'error: unable verify users home machine.';
         }
     }   # End of creation of new user
 # ---------------------------------------------------------------------- Add ID
@@ -2430,7 +3120,8 @@ sub modifyuser {
        if (($uidhash{$uname}) && ($uidhash{$uname}!~/error\:/) 
          && (!$forceid)) {
 	  unless ($uid eq $uidhash{$uname}) {
-	      return 'error: mismatch '.$uidhash{$uname}.' versus '.$uid;
+	      return 'error: user id "'.$uid.'" does not match '.
+                  'current user id "'.$uidhash{$uname}.'".';
           }
        } else {
 	  &idput($udom,($uname => $uid));
@@ -2446,10 +3137,17 @@ sub modifyuser {
     } else {
         %names = @tmp;
     }
+#
+# Make sure to not trash student environment if instructor does not bother
+# to supply name and email information
+#
     if ($first)  { $names{'firstname'}  = $first; }
-    if ($middle) { $names{'middlename'} = $middle; }
+    if (defined($middle)) { $names{'middlename'} = $middle; }
     if ($last)   { $names{'lastname'}   = $last; }
-    if ($gene)   { $names{'generation'} = $gene; }
+    if (defined($gene))   { $names{'generation'} = $gene; }
+    if ($email)  { $names{'notification'} = $email;
+                   $names{'critnotification'} = $email; }
+
     my $reply = &put('environment', \%names, $udom,$uname);
     if ($reply ne 'ok') { return 'error: '.$reply; }
     &logthis('Success modifying user '.$udom.', '.$uname.', '.$uid.', '.
@@ -2463,37 +3161,48 @@ sub modifyuser {
 
 sub modifystudent {
     my ($udom,$uname,$uid,$umode,$upass,$first,$middle,$last,$gene,$usec,
-        $end,$start,$forceid,$desiredhome)=@_;
-    my $cid='';
-    unless ($cid=$ENV{'request.course.id'}) {
-	return 'not_in_class';
+        $end,$start,$forceid,$desiredhome,$email,$type,$cid)=@_;
+    if (!$cid) {
+	unless ($cid=$ENV{'request.course.id'}) {
+	    return 'not_in_class';
+	}
     }
 # --------------------------------------------------------------- Make the user
     my $reply=&modifyuser
 	($udom,$uname,$uid,$umode,$upass,$first,$middle,$last,$gene,$forceid,
-         $desiredhome);
+         $desiredhome,$email);
     unless ($reply eq 'ok') { return $reply; }
     # This will cause &modify_student_enrollment to get the uid from the
     # students environment
     $uid = undef if (!$forceid);
-    $reply = &modify_student_enrollment($udom,$uname,$uid,$first,$middle,
-                                        $last,$gene,$usec,$end,$start);
+    $reply = &modify_student_enrollment($udom,$uname,$uid,$first,$middle,$last,
+					$gene,$usec,$end,$start,$type,$cid);
     return $reply;
 }
 
 sub modify_student_enrollment {
-    my ($udom,$uname,$uid,$first,$middle,$last,$gene,$usec,$end,$start) = @_;
-    # Get the course id from the environment
-    my $cid='';
-    unless ($cid=$ENV{'request.course.id'}) {
-	return 'not_in_class';
+    my ($udom,$uname,$uid,$first,$middle,$last,$gene,$usec,$end,$start,$type,
+	$cid) = @_;
+    my ($cdom,$cnum,$chome);
+    if (!$cid) {
+	unless ($cid=$ENV{'request.course.id'}) {
+	    return 'not_in_class';
+	}
+	$cdom=$ENV{'course.'.$cid.'.domain'};
+	$cnum=$ENV{'course.'.$cid.'.num'};
+    } else {
+	($cdom,$cnum)=split(/_/,$cid);
     }
+    $chome=$ENV{'course.'.$cid.'.home'};
+    if (!$chome) {
+	$chome=&homeserver($cnum,$cdom);
+    }
+    if (!$chome) { return 'unknown_course'; }
     # Make sure the user exists
     my $uhome=&homeserver($uname,$udom);
     if (($uhome eq '') || ($uhome eq 'no_host')) { 
 	return 'error: no such user';
     }
-    #
     # Get student data if we were not given enough information
     if (!defined($first)  || $first  eq '' || 
         !defined($last)   || $last   eq '' || 
@@ -2506,9 +3215,9 @@ sub modify_student_enrollment {
                        ['firstname','middlename','lastname', 'generation','id']
                        ,$udom,$uname);
 
-        foreach (keys(%tmp)) {
-            &logthis("key $_ = ".$tmp{$_});
-        }
+        #foreach (keys(%tmp)) {
+        #    &logthis("key $_ = ".$tmp{$_});
+        #}
         $first  = $tmp{'firstname'}  if (!defined($first)  || $first  eq '');
         $middle = $tmp{'middlename'} if (!defined($middle) || $middle eq '');
         $last   = $tmp{'lastname'}   if (!defined($last)   || $last eq '');
@@ -2517,11 +3226,9 @@ sub modify_student_enrollment {
     }
     my $fullname = &Apache::loncoursedata::ProcessFullName($last,$gene,
                                                            $first,$middle);
-    my $reply=critical('put:'.$ENV{'course.'.$cid.'.domain'}.':'.
-	              $ENV{'course.'.$cid.'.num'}.':classlist:'.
-                      &escape($uname.':'.$udom).'='.
-                      &escape(join(':',$end,$start,$uid,$usec,$fullname)),
-	              $ENV{'course.'.$cid.'.home'});
+    my $value=&escape($uname.':'.$udom).'='.
+	&escape(join(':',$end,$start,$uid,$usec,$fullname,$type));
+    my $reply=critical('put:'.$cdom.':'.$cnum.':classlist:'.$value,$chome);
     unless (($reply eq 'ok') || ($reply eq 'delayed')) {
 	return 'error: '.$reply;
     }
@@ -2589,6 +3296,11 @@ sub createcourse {
 	return 'error: no such course';
     }
 # ----------------------------------------------------------------- Course made
+# log existance
+    &courseidput($udom,&escape($udom.'_'.$uname).'='.&escape($description),
+                 $uhome);
+    &flushcourselogs();
+# set toplevel url
     my $topurl=$url;
     unless ($nonstandard) {
 # ------------------------------------------ For standard courses, make top url
@@ -2617,25 +3329,26 @@ ENDINITMAP
 # ---------------------------------------------------------- Assign Custom Role
 
 sub assigncustomrole {
-    my ($udom,$uname,$url,$rdom,$rnam,$rolename,$end,$start)=@_;
+    my ($udom,$uname,$url,$rdom,$rnam,$rolename,$end,$start,$deleteflag)=@_;
     return &assignrole($udom,$uname,$url,'cr/'.$rdom.'/'.$rnam.'/'.$rolename,
-                       $end,$start);
+                       $end,$start,$deleteflag);
 }
 
 # ----------------------------------------------------------------- Revoke Role
 
 sub revokerole {
-    my ($udom,$uname,$url,$role)=@_;
+    my ($udom,$uname,$url,$role,$deleteflag)=@_;
     my $now=time;
-    return &assignrole($udom,$uname,$url,$role,$now);
+    return &assignrole($udom,$uname,$url,$role,$now,$deleteflag);
 }
 
 # ---------------------------------------------------------- Revoke Custom Role
 
 sub revokecustomrole {
-    my ($udom,$uname,$url,$rdom,$rnam,$rolename)=@_;
+    my ($udom,$uname,$url,$rdom,$rnam,$rolename,$deleteflag)=@_;
     my $now=time;
-    return &assigncustomrole($udom,$uname,$url,$rdom,$rnam,$rolename,$now);
+    return &assigncustomrole($udom,$uname,$url,$rdom,$rnam,$rolename,$now,
+           $deleteflag);
 }
 
 # ------------------------------------------------------------ Directory lister
@@ -2700,7 +3413,7 @@ sub dirlist {
         }
         my $alldomstr='';
         foreach (sort keys %alldom) {
-            $alldomstr.=$perlvar{'lonDocRoot'}.'/res/'.$_.'&domain:';
+            $alldomstr.=$perlvar{'lonDocRoot'}.'/res/'.$_.'/&domain:';
         }
         $alldomstr=~s/:$//;
         return split(/:/,$alldomstr);       
@@ -2716,6 +3429,13 @@ sub dirlist {
 # when it was last modified.  It will also return an error of -1
 # if an error occurs
 
+##
+## FIXME: This subroutine assumes its caller knows something about the
+## directory structure of the home server for the student ($root).
+## Not a good assumption to make.  Since this is for looking up files
+## in user directories, the full path should be constructed by lond, not
+## whatever machine we request data from.
+##
 sub GetFileTimestamp {
     my ($studentDomain,$studentName,$filename,$root)=@_;
     $studentDomain=~s/\W//g;
@@ -2724,12 +3444,12 @@ sub GetFileTimestamp {
     $subdir =~ s/(.)(.)(.).*/$1\/$2\/$3/;
     my $proname="$studentDomain/$subdir/$studentName";
     $proname .= '/'.$filename;
-    my @dir = &Apache::lonnet::dirlist($proname, $studentDomain, $studentName,
-                                       $root);
-    my $fileStat = $dir[0];
+    my ($fileStat) = &Apache::lonnet::dirlist($proname, $studentDomain, 
+                                              $studentName, $root);
     my @stats = split('&', $fileStat);
     if($stats[0] ne 'empty' && $stats[0] ne 'no_such_dir') {
-        return $stats[9];
+        # @stats contains first the filename, then the stat output
+        return $stats[10]; # so this is 10 instead of 9.
     } else {
         return -1;
     }
@@ -2792,7 +3512,7 @@ sub condval {
 sub devalidatecourseresdata {
     my ($coursenum,$coursedomain)=@_;
     my $hashid=$coursenum.':'.$coursedomain;
-    delete $courseresdatacache{$hashid.'.time'};
+    &devalidate_cache(\%courseresdatacache,$hashid,'courseres');
 }
 
 # --------------------------------------------------- Course Resourcedata Query
@@ -2801,40 +3521,67 @@ sub courseresdata {
     my ($coursenum,$coursedomain,@which)=@_;
     my $coursehom=&homeserver($coursenum,$coursedomain);
     my $hashid=$coursenum.':'.$coursedomain;
-    my $dodump=0;
-    if (!defined($courseresdatacache{$hashid.'.time'})) {
-	$dodump=1;
-    } else {
-	if (time-$courseresdatacache{$hashid.'.time'}>300) { $dodump=1; }
-    }
-    if ($dodump) {
+    my ($result,$cached)=&is_cached(\%courseresdatacache,$hashid,'courseres');
+    unless (defined($cached)) {
 	my %dumpreply=&dump('resourcedata',$coursedomain,$coursenum);
+	$result=\%dumpreply;
 	my ($tmp) = keys(%dumpreply);
 	if ($tmp !~ /^(con_lost|error|no_such_host)/i) {
-	    $courseresdatacache{$hashid.'.time'}=time;
-	    $courseresdatacache{$hashid}=\%dumpreply;
+	    &do_cache(\%courseresdatacache,$hashid,$result,'courseres');
 	} elsif ($tmp =~ /^(con_lost|no_such_host)/) {
 	    return $tmp;
+	} elsif ($tmp =~ /^(error)/) {
+	    $result=undef;
+	    &do_cache(\%courseresdatacache,$hashid,$result,'courseres');
 	}
     }
     foreach my $item (@which) {
-	if (defined($courseresdatacache{$hashid}->{$item})) {
-	    return $courseresdatacache{$hashid}->{$item};
+	if (defined($result->{$item})) {
+	    return $result->{$item};
 	}
     }
     return undef;
 }
 
-# --------------------------------------------------------- Value of a Variable
+#
+# EXT resource caching routines
+#
+
+sub clear_EXT_cache_status {
+    &delenv('cache.EXT.');
+}
 
+sub EXT_cache_status {
+    my ($target_domain,$target_user) = @_;
+    my $cachename = 'cache.EXT.'.$target_user.'.'.$target_domain;
+    if (exists($ENV{$cachename}) && ($ENV{$cachename}+600) > time) {
+        # We know already the user has no data
+        return 1;
+    } else {
+        return 0;
+    }
+}
+
+sub EXT_cache_set {
+    my ($target_domain,$target_user) = @_;
+    my $cachename = 'cache.EXT.'.$target_user.'.'.$target_domain;
+    &appenv($cachename => time);
+}
+
+# --------------------------------------------------------- Value of a Variable
 sub EXT {
-    my ($varname,$symbparm,$udom,$uname,)=@_;
+    my ($varname,$symbparm,$udom,$uname,$usection,$recurse)=@_;
 
     unless ($varname) { return ''; }
     #get real user name/domain, courseid and symb
     my $courseid;
+    my $publicuser;
+    if ($symbparm) {
+	$symbparm=&get_symb_from_alias($symbparm);
+    }
     if (!($uname && $udom)) {
-      (my $cursymb,$courseid,$udom,$uname)=&Apache::lonxml::whichuser();
+      (my $cursymb,$courseid,$udom,$uname,$publicuser)=
+	  &Apache::lonxml::whichuser($symbparm);
       if (!$symbparm) {	$symbparm=$cursymb; }
     } else {
 	$courseid=$ENV{'request.course.id'};
@@ -2857,7 +3604,12 @@ sub EXT {
 	    if (defined($Apache::lonhomework::parsing_a_problem)) {
 		return $Apache::lonhomework::history{$qualifierrest};
 	    } else {
-		my %restored=&restore($symbparm,$courseid,$udom,$uname);
+		my %restored;
+		if ($publicuser || $ENV{'request.state'} eq 'construct') {
+		    %restored=&tmprestore($symbparm,$courseid,$udom,$uname);
+		} else {
+		    %restored=&restore($symbparm,$courseid,$udom,$uname);
+		}
 		return $restored{$qualifierrest};
 	    }
 # ----------------------------------------------------------------- user.access
@@ -2870,7 +3622,11 @@ sub EXT {
 		($udom eq $ENV{'user.domain'})) {
 		return $ENV{join('.',('environment',$qualifierrest))};
 	    } else {
-		my %returnhash=&userenvironment($udom,$uname,$qualifierrest);
+		my %returnhash;
+		if (!$publicuser) {
+		    %returnhash=&userenvironment($udom,$uname,
+						 $qualifierrest);
+		}
 		return $returnhash{$qualifierrest};
 	    }
 # ----------------------------------------------------------------- user.course
@@ -2894,17 +3650,29 @@ sub EXT {
             return $uname;
 # ---------------------------------------------------- Any other user namespace
         } else {
-            my %reply=&get($space,[$qualifierrest],$udom,$uname);
-            return $reply{$qualifierrest};
+	    my %reply;
+	    if (!$publicuser) {
+		%reply=&get($space,[$qualifierrest],$udom,$uname);
+	    }
+	    return $reply{$qualifierrest};
         }
     } elsif ($realm eq 'query') {
 # ---------------------------------------------- pull stuff out of query string
-        &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},[$space]);
-	return $ENV{'form.'.$space}; 
+        &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},
+						[$spacequalifierrest]);
+	return $ENV{'form.'.$spacequalifierrest}; 
    } elsif ($realm eq 'request') {
 # ------------------------------------------------------------- request.browser
         if ($space eq 'browser') {
-	    return $ENV{'browser.'.$qualifier};
+	    if ($qualifier eq 'textremote') {
+		if (&mt('textual_remote_display') eq 'on') {
+		    return 1;
+		} else {
+		    return 0;
+		}
+	    } else {
+		return $ENV{'browser.'.$qualifier};
+	    }
 # ------------------------------------------------------------ request.filename
         } else {
             return $ENV{'request.'.$spacequalifierrest};
@@ -2914,24 +3682,28 @@ sub EXT {
         return $ENV{'course.'.$courseid.'.'.$spacequalifierrest};
     } elsif ($realm eq 'resource') {
 
-	if ($courseid eq $ENV{'request.course.id'}) {
+	my $section;
+	if (defined($courseid) && $courseid eq $ENV{'request.course.id'}) {
 
 	    #print '<br>'.$space.' - '.$qualifier.' - '.$spacequalifierrest;
 
 # ----------------------------------------------------- Cascading lookup scheme
 	    if (!$symbparm) { $symbparm=&symbread(); }
 	    my $symbp=$symbparm;
-	    my $mapp=(split(/\_\_\_/,$symbp))[0];
+	    my $mapp=(&decode_symb($symbp))[0];
 
 	    my $symbparm=$symbp.'.'.$spacequalifierrest;
 	    my $mapparm=$mapp.'___(all).'.$spacequalifierrest;
 
-	    my $section;
 	    if (($ENV{'user.name'} eq $uname) &&
 		($ENV{'user.domain'} eq $udom)) {
 		$section=$ENV{'request.course.sec'};
 	    } else {
-		$section=&usection($udom,$uname,$courseid);
+                if (! defined($usection)) {
+                    $section=&usection($udom,$uname,$courseid);
+                } else {
+                    $section = $usection;
+                }
 	    }
 
 	    my $seclevel=$courseid.'.['.$section.'].'.$spacequalifierrest;
@@ -2943,32 +3715,33 @@ sub EXT {
 	    my $courselevelm=$courseid.'.'.$mapparm;
 
 # ----------------------------------------------------------- first, check user
-	    #most student don't have any data set, check if there is some data
-            #every thirty minutes
-	    if (!
-		(exists($ENV{'cache.studentresdata'})
-		    && (($ENV{'cache.studentresdata'}+1800) > time))) {
-		my %resourcedata=&get('resourcedata',
-				      [$courselevelr,$courselevelm,$courselevel],
-				      $udom,$uname);
-		my ($tmp)=keys(%resourcedata);
+	    #most student don\'t have any data set, check if there is some data
+	    if (! &EXT_cache_status($udom,$uname)) {
+		my $hashid="$udom:$uname";
+		my ($result,$cached)=&is_cached(\%userresdatacache,$hashid,
+						'userres');
+		if (!defined($cached)) {
+		    my %resourcedata=&dump('resourcedata',$udom,$uname);
+		    $result=\%resourcedata;
+		    &do_cache(\%userresdatacache,$hashid,$result,'userres');
+		}
+		my ($tmp)=keys(%$result);
 		if (($tmp!~/^error\:/) && ($tmp!~/^con_lost/)) {
-		    if ($resourcedata{$courselevelr}) {
-			return $resourcedata{$courselevelr}; }
-		    if ($resourcedata{$courselevelm}) {
-			return $resourcedata{$courselevelm}; }
-		    if ($resourcedata{$courselevel}) {
-			return $resourcedata{$courselevel}; }
+		    if ($$result{$courselevelr}) {
+			return $$result{$courselevelr}; }
+		    if ($$result{$courselevelm}) {
+			return $$result{$courselevelm}; }
+		    if ($$result{$courselevel}) {
+			return $$result{$courselevel}; }
 		} else {
-		    if ($tmp!~/No such file/) {
+		    #error 2 occurs when the .db doesn't exist
+		    if ($tmp!~/error: 2 /) {
 			&logthis("<font color=blue>WARNING:".
 				 " Trying to get resource data for ".
 				 $uname." at ".$udom.": ".
 				 $tmp."</font>");
-		    } elsif ($tmp=~/error:No such file/) {
-			$ENV{'cache.studentresdata'}=time;
-			&appenv(('cache.studentresdata'=>
-				 $ENV{'cache.studentresdata'}));
+		    } elsif ($tmp=~/error: 2 /) {
+                        &EXT_cache_set($udom,$uname);
 		    } elsif ($tmp =~ /^(con_lost|no_such_host)/) {
 			return $tmp;
 		    }
@@ -3001,7 +3774,7 @@ sub EXT {
 	my $filename;
 	if (!$symbparm) { $symbparm=&symbread(); }
 	if ($symbparm) {
-	    $filename=(split(/\_\_\_/,$symbparm))[2];
+	    $filename=(&decode_symb($symbparm))[2];
 	} else {
 	    $filename=$ENV{'request.filename'};
 	}
@@ -3017,9 +3790,12 @@ sub EXT {
 	    my $part=join('_',@parts);
 	    if ($part eq '') { $part='0'; }
 	    my $partgeneral=&EXT('resource.'.$part.'.'.$qualifierrest,
-				 $symbparm,$udom,$uname);
+				 $symbparm,$udom,$uname,$section,1);
 	    if (defined($partgeneral)) { return $partgeneral; }
 	}
+	if ($recurse) { return undef; }
+	my $pack_def=&packages_tab_default($filename,$varname);
+	if (defined($pack_def)) { return $pack_def; }
 
 # ---------------------------------------------------- Any other user namespace
     } elsif ($realm eq 'environment') {
@@ -3040,6 +3816,22 @@ sub EXT {
     return '';
 }
 
+sub packages_tab_default {
+    my ($uri,$varname)=@_;
+    my (undef,$part,$name)=split(/\./,$varname);
+    my $packages=&metadata($uri,'packages');
+    foreach my $package (split(/,/,$packages)) {
+	my ($pack_type,$pack_part)=split(/_/,$package,2);
+	if (defined($packagetab{"$pack_type&$name&default"})) {
+	    return $packagetab{"$pack_type&$name&default"};
+	}
+	if (defined($packagetab{$pack_type."_".$pack_part."&$name&default"})) {
+	    return $packagetab{$pack_type."_".$pack_part."&$name&default"};
+	}
+    }
+    return undef;
+}
+
 sub add_prefix_and_part {
     my ($prefix,$part)=@_;
     my $keyroot;
@@ -3060,12 +3852,12 @@ sub add_prefix_and_part {
 
 sub metadata {
     my ($uri,$what,$liburi,$prefix,$depthcount)=@_;
-
     $uri=&declutter($uri);
     # if it is a non metadata possible uri return quickly
     if (($uri eq '') || (($uri =~ m|^/*adm/|) && ($uri !~ m|^adm/includes|)) ||
-        ($uri =~ m|/$|) || ($uri =~ m|/.meta$|)) {
-	return '';
+        ($uri =~ m|/$|) || ($uri =~ m|/.meta$|) || ($uri =~ /^~/) ||
+	($uri =~ m|home/[^/]+/public_html/|)) {
+	return undef;
     }
     my $filename=$uri;
     $uri=~s/\.meta$//;
@@ -3074,14 +3866,23 @@ sub metadata {
 # Look at timestamp of caching
 # Everything is cached by the main uri, libraries are never directly cached
 #
-    unless (abs($metacache{$uri.':cachedtimestamp'}-time)<600 && !defined($liburi)) {
+    if (!defined($liburi)) {
+	my ($result,$cached)=&is_cached(\%metacache,$uri,'meta');
+	if (defined($cached)) { return $result->{':'.$what}; }
+    }
+    {
 #
 # Is this a recursive call for a library?
 #
+	if (! exists($metacache{$uri})) {
+	    $metacache{$uri}={};
+	}
         if ($liburi) {
 	    $liburi=&declutter($liburi);
             $filename=$liburi;
-        }
+        } else {
+	    &devalidate_cache(\%metacache,$uri,'meta');
+	}
         my %metathesekeys=();
         unless ($filename=~/\.meta$/) { $filename.='.meta'; }
 	my $metastring=&getfile(&filelocation('',&clutter($filename)));
@@ -3089,126 +3890,138 @@ sub metadata {
         my $token;
         undef %metathesekeys;
         while ($token=$parser->get_token) {
-           if ($token->[0] eq 'S') {
-	     if (defined($token->[2]->{'package'})) {
+	    if ($token->[0] eq 'S') {
+		if (defined($token->[2]->{'package'})) {
 #
 # This is a package - get package info
 #
-	      my $package=$token->[2]->{'package'};
-	      my $keyroot=&add_prefix_and_part($prefix,$token->[2]->{'part'});
-              if (defined($token->[2]->{'id'})) { 
-                 $keyroot.='_'.$token->[2]->{'id'}; 
-	      }
-              if ($metacache{$uri.':packages'}) {
-                 $metacache{$uri.':packages'}.=','.$package.$keyroot;
-              } else {
-                 $metacache{$uri.':packages'}=$package.$keyroot;
-	      }
-              foreach (keys %packagetab) {
-		  if ($_=~/^$package\&/) {
-		      my ($pack,$name,$subp)=split(/\&/,$_);
-                      my $value=$packagetab{$_};
-		      my $part=$keyroot;
-                      $part=~s/^\_//;
-                      if ($subp eq 'display') {
-			  $value.=' [Part: '.$part.']';
-                      }
-                      my $unikey='parameter'.$keyroot.'_'.$name;
-                      $metathesekeys{$unikey}=1;
-                      $metacache{$uri.':'.$unikey.'.part'}=$part;
-                      unless (defined($metacache{$uri.':'.$unikey.'.'.$subp})) {
-			  $metacache{$uri.':'.$unikey.'.'.$subp}=$value;
-		      }
-		      if (defined($metacache{$uri.':'.$unikey.'.default'})) {
-			  $metacache{$uri.':'.$unikey}=
-			     $metacache{$uri.':'.$unikey.'.default'}
-		      }
-                  }
-              }
-             } else {
+		    my $package=$token->[2]->{'package'};
+		    my $keyroot=&add_prefix_and_part($prefix,$token->[2]->{'part'});
+		    if (defined($token->[2]->{'id'})) { 
+			$keyroot.='_'.$token->[2]->{'id'}; 
+		    }
+		    if ($metacache{$uri}->{':packages'}) {
+			$metacache{$uri}->{':packages'}.=','.$package.$keyroot;
+		    } else {
+			$metacache{$uri}->{':packages'}=$package.$keyroot;
+		    }
+		    foreach (keys %packagetab) {
+			my $part=$keyroot;
+			$part=~s/^\_//;
+			if ($_=~/^\Q$package\E\&/ || 
+			    $_=~/^\Q$package\E_0\&/) {
+			    my ($pack,$name,$subp)=split(/\&/,$_);
+			    # ignore package.tab specified default values
+                            # here &package_tab_default() will fetch those
+			    if ($subp eq 'default') { next; }
+			    my $value=$packagetab{$_};
+			    my $unikey;
+			    if ($pack =~ /_0$/) {
+				$unikey='parameter_0_'.$name;
+				$part=0;
+			    } else {
+				$unikey='parameter'.$keyroot.'_'.$name;
+			    }
+			    if ($subp eq 'display') {
+				$value.=' [Part: '.$part.']';
+			    }
+			    $metacache{$uri}->{':'.$unikey.'.part'}=$part;
+			    $metathesekeys{$unikey}=1;
+			    unless (defined($metacache{$uri}->{':'.$unikey.'.'.$subp})) {
+				$metacache{$uri}->{':'.$unikey.'.'.$subp}=$value;
+			    }
+			    if (defined($metacache{$uri}->{':'.$unikey.'.default'})) {
+				$metacache{$uri}->{':'.$unikey}=
+				    $metacache{$uri}->{':'.$unikey.'.default'};
+			    }
+			}
+		    }
+		} else {
 #
 # This is not a package - some other kind of start tag
-# 
-              my $entry=$token->[1];
-              my $unikey;
-              if ($entry eq 'import') {
-                 $unikey='';
-              } else {
-                 $unikey=$entry;
-	      }
-	      $unikey.=&add_prefix_and_part($prefix,$token->[2]->{'part'});
+#
+		    my $entry=$token->[1];
+		    my $unikey;
+		    if ($entry eq 'import') {
+			$unikey='';
+		    } else {
+			$unikey=$entry;
+		    }
+		    $unikey.=&add_prefix_and_part($prefix,$token->[2]->{'part'});
 
-              if (defined($token->[2]->{'id'})) { 
-                 $unikey.='_'.$token->[2]->{'id'}; 
-	      }
+		    if (defined($token->[2]->{'id'})) { 
+			$unikey.='_'.$token->[2]->{'id'}; 
+		    }
 
-             if ($entry eq 'import') {
+		    if ($entry eq 'import') {
 #
 # Importing a library here
-#                
-                 if ($depthcount<20) {
-		     my $location=$parser->get_text('/import');
-		     my $dir=$filename;
-		     $dir=~s|[^/]*$||;
-		     $location=&filelocation($dir,$location);
-		     foreach (sort(split(/\,/,&metadata($uri,'keys',
-							$location,$unikey,
-							$depthcount+1)))) {
-                         $metathesekeys{$_}=1;
-		     }
-		 }
-             } else { 
-
-              if (defined($token->[2]->{'name'})) { 
-                 $unikey.='_'.$token->[2]->{'name'}; 
-	      }
-              $metathesekeys{$unikey}=1;
-              foreach (@{$token->[3]}) {
-		  $metacache{$uri.':'.$unikey.'.'.$_}=$token->[2]->{$_};
-              }
-	      my $internaltext=&HTML::Entities::decode($parser->get_text('/'.$entry));
-	      my $default=$metacache{$uri.':'.$unikey.'.default'};
-	      if ( $internaltext =~ /^\s*$/ && $default !~ /^\s*$/) {
-		  # only ws inside the tag, and not in default, so use default
-                  # as value
-		  $metacache{$uri.':'.$unikey}=$default;
-	      } else {
+#
+			if ($depthcount<20) {
+			    my $location=$parser->get_text('/import');
+			    my $dir=$filename;
+			    $dir=~s|[^/]*$||;
+			    $location=&filelocation($dir,$location);
+			    foreach (sort(split(/\,/,&metadata($uri,'keys',
+							       $location,$unikey,
+							       $depthcount+1)))) {
+				$metacache{$uri}->{':'.$_}=$metacache{$uri}->{':'.$_};
+				$metathesekeys{$_}=1;
+			    }
+			}
+		    } else { 
+			
+			if (defined($token->[2]->{'name'})) { 
+			    $unikey.='_'.$token->[2]->{'name'}; 
+			}
+			$metathesekeys{$unikey}=1;
+			foreach (@{$token->[3]}) {
+			    $metacache{$uri}->{':'.$unikey.'.'.$_}=$token->[2]->{$_};
+			}
+			my $internaltext=&HTML::Entities::decode($parser->get_text('/'.$entry));
+			my $default=$metacache{$uri}->{':'.$unikey.'.default'};
+			if ( $internaltext =~ /^\s*$/ && $default !~ /^\s*$/) {
+		 # only ws inside the tag, and not in default, so use default
+		 # as value
+			    $metacache{$uri}->{':'.$unikey}=$default;
+			} else {
 		  # either something interesting inside the tag or default
                   # uninteresting
-		  $metacache{$uri.':'.$unikey}=$internaltext;
-	      }
+			    $metacache{$uri}->{':'.$unikey}=$internaltext;
+			}
 # end of not-a-package not-a-library import
-	   }
+		    }
 # end of not-a-package start tag
-	  }
+		}
 # the next is the end of "start tag"
-	 }
-       }
+	    }
+	}
 # are there custom rights to evaluate
-	if ($metacache{$uri.':copyright'} eq 'custom') {
-        
+	if ($metacache{$uri}->{':copyright'} eq 'custom') {
+
     #
     # Importing a rights file here
-    #                
-                 unless ($depthcount) {
-		     my $location=$metacache{$uri.':customdistributionfile'};
-		     my $dir=$filename;
-		     $dir=~s|[^/]*$||;
-		     $location=&filelocation($dir,$location);
-		     foreach (sort(split(/\,/,&metadata($uri,'keys',
-							$location,'_rights',
-							$depthcount+1)))) {
-                         $metathesekeys{$_}=1;
-		     }
-		 }
-	     }
-   $metacache{$uri.':keys'}=join(',',keys %metathesekeys);
-	&metadata_generate_part0(\%metathesekeys,\%metacache,$uri);
-       $metacache{$uri.':allpossiblekeys'}=join(',',keys %metathesekeys);
-       $metacache{$uri.':cachedtimestamp'}=time;
+    #
+	    unless ($depthcount) {
+		my $location=$metacache{$uri}->{':customdistributionfile'};
+		my $dir=$filename;
+		$dir=~s|[^/]*$||;
+		$location=&filelocation($dir,$location);
+		foreach (sort(split(/\,/,&metadata($uri,'keys',
+						   $location,'_rights',
+						   $depthcount+1)))) {
+		    $metacache{$uri}->{':'.$_}=$metacache{$uri}->{':'.$_};
+		    $metathesekeys{$_}=1;
+		}
+	    }
+	}
+	$metacache{$uri}->{':keys'}=join(',',keys %metathesekeys);
+	&metadata_generate_part0(\%metathesekeys,$metacache{$uri},$uri);
+	$metacache{$uri}->{':allpossiblekeys'}=join(',',keys %metathesekeys);
+	&do_cache(\%metacache,$uri,$metacache{$uri},'meta');
 # this is the end of "was not already recently cached
     }
-    return $metacache{$uri.':'.$what};
+    return $metacache{$uri}->{':'.$what};
 }
 
 sub metadata_generate_part0 {
@@ -3216,22 +4029,22 @@ sub metadata_generate_part0 {
     my %allnames;
     foreach my $metakey (sort keys %$metadata) {
 	if ($metakey=~/^parameter\_(.*)/) {
-	  my $part=$$metacache{$uri.':'.$metakey.'.part'};
-	  my $name=$$metacache{$uri.':'.$metakey.'.name'};
-	  if (! exists($$metadata{'parameter_0_'.$name})) {
+	  my $part=$$metacache{':'.$metakey.'.part'};
+	  my $name=$$metacache{':'.$metakey.'.name'};
+	  if (! exists($$metadata{'parameter_0_'.$name.'.name'})) {
 	    $allnames{$name}=$part;
 	  }
 	}
     }
     foreach my $name (keys(%allnames)) {
       $$metadata{"parameter_0_$name"}=1;
-      my $key="$uri:parameter_0_$name";
+      my $key=":parameter_0_$name";
       $$metacache{"$key.part"}='0';
       $$metacache{"$key.name"}=$name;
-      $$metacache{"$key.type"}=$$metacache{$uri.':parameter_'.
+      $$metacache{"$key.type"}=$$metacache{':parameter_'.
 					   $allnames{$name}.'_'.$name.
 					   '.type'};
-      my $olddis=$$metacache{$uri.':parameter_'.$allnames{$name}.'_'.$name.
+      my $olddis=$$metacache{':parameter_'.$allnames{$name}.'_'.$name.
 			     '.display'};
       my $expr='\\[Part: '.$allnames{$name}.'\\]';
       $olddis=~s/$expr/\[Part: 0\]/;
@@ -3248,8 +4061,9 @@ sub gettitle {
 	unless ($urlsymb) { $urlsymb=$ENV{'request.filename'}; }
         return &metadata($urlsymb,'title'); 
     }
-    if ($titlecache{$symb}) { return $titlecache{$symb}; }
-    my ($map,$resid,$url)=split(/\_\_\_/,$symb);
+    my ($result,$cached)=&is_cached(\%titlecache,$symb,'title',600);
+    if (defined($cached)) { return $result; }
+    my ($map,$resid,$url)=&decode_symb($symb);
     my $title='';
     my %bighash;
     if (tie(%bighash,'GDBM_File',$ENV{'request.course.fn'}.'.db',
@@ -3258,9 +4072,9 @@ sub gettitle {
         $title=$bighash{'title_'.$mapid.'.'.$resid};
         untie %bighash;
     }
+    $title=~s/\&colon\;/\:/gs;
     if ($title) {
-        $titlecache{$symb}=$title;
-        return $title;
+        return &do_cache(\%titlecache,$symb,$title,'title');
     } else {
 	return &metadata($urlsymb,'title');
     }
@@ -3270,13 +4084,13 @@ sub gettitle {
 
 sub symblist {
     my ($mapname,%newhash)=@_;
-    $mapname=declutter($mapname);
+    $mapname=&deversion(&declutter($mapname));
     my %hash;
     if (($ENV{'request.course.fn'}) && (%newhash)) {
         if (tie(%hash,'GDBM_File',$ENV{'request.course.fn'}.'_symb.db',
                       &GDBM_WRCREAT(),0640)) {
 	    foreach (keys %newhash) {
-                $hash{declutter($_)}=$mapname.'___'.$newhash{$_};
+                $hash{declutter($_)}=$mapname.'___'.&deversion($newhash{$_});
             }
             if (untie(%hash)) {
 		return 'ok';
@@ -3294,13 +4108,16 @@ sub symbverify {
 # direct jump to resource in page or to a sequence - will construct own symbs
     if ($thisfn=~/\.(page|sequence)$/) { return 1; }
 # check URL part
-    my ($map,$resid,$url)=split(/\_\_\_/,$symb);
-    unless (&symbclean($url) eq &symbclean($thisfn)) { return 0; }
+    my ($map,$resid,$url)=&decode_symb($symb);
+
+    unless ($url eq $thisfn) { return 0; }
 
     $symb=&symbclean($symb);
+    $thisfn=&deversion($thisfn);
 
     my %bighash;
     my $okay=0;
+
     if (tie(%bighash,'GDBM_File',$ENV{'request.course.fn'}.'.db',
                             &GDBM_READER(),0640)) {
         my $ids=$bighash{'ids_'.&clutter($thisfn)};
@@ -3337,6 +4154,50 @@ sub symbclean {
     return $symb;
 }
 
+# ---------------------------------------------- Split symb to find map and url
+
+sub encode_symb {
+    my ($map,$resid,$url)=@_;
+    return &symbclean(&declutter($map).'___'.$resid.'___'.&declutter($url));
+}
+
+sub decode_symb {
+    my ($map,$resid,$url)=split(/\_\_\_/,shift);
+    return (&fixversion($map),$resid,&fixversion($url));
+}
+
+sub fixversion {
+    my $fn=shift;
+    if ($fn=~/^(adm|uploaded|public)/) { return $fn; }
+    my %bighash;
+    my $uri=&clutter($fn);
+    my $key=$ENV{'request.course.id'}.'_'.$uri;
+# is this cached?
+    my ($result,$cached)=&is_cached(\%courseresversioncache,$key,
+				    'courseresversion',600);
+    if (defined($cached)) { return $result; }
+# unfortunately not cached, or expired
+    if (tie(%bighash,'GDBM_File',$ENV{'request.course.fn'}.'.db',
+	    &GDBM_READER(),0640)) {
+ 	if ($bighash{'version_'.$uri}) {
+ 	    my $version=$bighash{'version_'.$uri};
+ 	    unless (($version eq 'mostrecent') || 
+		    ($version==&getversion($uri))) {
+ 		$uri=~s/\.(\w+)$/\.$version\.$1/;
+ 	    }
+ 	}
+ 	untie %bighash;
+    }
+    return &do_cache
+	(\%courseresversioncache,$key,&declutter($uri),'courseresversion');
+}
+
+sub deversion {
+    my $url=shift;
+    $url=~s/\.\d+\.(\w+)$/\.$1/;
+    return $url;
+}
+
 # ------------------------------------------------------ Return symb list entry
 
 sub symbread {
@@ -3431,29 +4292,116 @@ sub numval {
     $txt=~tr/u-z/0-5/;
     $txt=~s/\D//g;
     return int($txt);
-}    
+}
+
+sub latest_rnd_algorithm_id {
+    return '64bit2';
+}
 
 sub rndseed {
     my ($symb,$courseid,$domain,$username)=@_;
+
+    my ($wsymb,$wcourseid,$wdomain,$wusername)=&Apache::lonxml::whichuser();
     if (!$symb) {
-      unless ($symb=&symbread()) { return time; }
+	unless ($symb=$wsymb) { return time; }
     }
-    if (!$courseid) { $courseid=$ENV{'request.course.id'};}
-    if (!$domain) {$domain=$ENV{'user.domain'};}
-    if (!$username) {$username=$ENV{'user.name'};}
+    if (!$courseid) { $courseid=$wcourseid; }
+    if (!$domain) { $domain=$wdomain; }
+    if (!$username) { $username=$wusername }
+    my $which=$ENV{"course.$courseid.rndseed"};
+    my $CODE=$ENV{'scantron.CODE'};
+    if (defined($CODE)) {
+	&rndseed_CODE_64bit($symb,$courseid,$domain,$username);
+    } elsif ($which eq '64bit2') {
+	return &rndseed_64bit2($symb,$courseid,$domain,$username);
+    } elsif ($which eq '64bit') {
+	return &rndseed_64bit($symb,$courseid,$domain,$username);
+    }
+    return &rndseed_32bit($symb,$courseid,$domain,$username);
+}
+
+sub rndseed_32bit {
+    my ($symb,$courseid,$domain,$username)=@_;
+    {
+	use integer;
+	my $symbchck=unpack("%32C*",$symb) << 27;
+	my $symbseed=numval($symb) << 22;
+	my $namechck=unpack("%32C*",$username) << 17;
+	my $nameseed=numval($username) << 12;
+	my $domainseed=unpack("%32C*",$domain) << 7;
+	my $courseseed=unpack("%32C*",$courseid);
+	my $num=$symbseed+$nameseed+$domainseed+$courseseed+$namechck+$symbchck;
+	#&Apache::lonxml::debug("$symbseed:$nameseed;$domainseed|$courseseed;$namechck:$symbchck");
+	#&Apache::lonxml::debug("rndseed :$num:$symb");
+	return $num;
+    }
+}
+
+sub rndseed_64bit {
+    my ($symb,$courseid,$domain,$username)=@_;
+    {
+	use integer;
+	my $symbchck=unpack("%32S*",$symb) << 21;
+	my $symbseed=numval($symb) << 10;
+	my $namechck=unpack("%32S*",$username);
+	
+	my $nameseed=numval($username) << 21;
+	my $domainseed=unpack("%32S*",$domain) << 10;
+	my $courseseed=unpack("%32S*",$courseid);
+	
+	my $num1=$symbchck+$symbseed+$namechck;
+	my $num2=$nameseed+$domainseed+$courseseed;
+	#&Apache::lonxml::debug("$symbseed:$nameseed;$domainseed|$courseseed;$namechck:$symbchck");
+	#&Apache::lonxml::debug("rndseed :$num:$symb");
+	return "$num1,$num2";
+    }
+}
+
+sub rndseed_64bit2 {
+    my ($symb,$courseid,$domain,$username)=@_;
+    {
+	use integer;
+	# strings need to be an even # of cahracters long, it it is odd the
+        # last characters gets thrown away
+	my $symbchck=unpack("%32S*",$symb.' ') << 21;
+	my $symbseed=numval($symb) << 10;
+	my $namechck=unpack("%32S*",$username.' ');
+	
+	my $nameseed=numval($username) << 21;
+	my $domainseed=unpack("%32S*",$domain.' ') << 10;
+	my $courseseed=unpack("%32S*",$courseid.' ');
+	
+	my $num1=$symbchck+$symbseed+$namechck;
+	my $num2=$nameseed+$domainseed+$courseseed;
+	#&Apache::lonxml::debug("$symbseed:$nameseed;$domainseed|$courseseed;$namechck:$symbchck");
+	#&Apache::lonxml::debug("rndseed :$num:$symb");
+	return "$num1,$num2";
+    }
+}
+
+sub rndseed_CODE_64bit {
+    my ($symb,$courseid,$domain,$username)=@_;
     {
-      use integer;
-      my $symbchck=unpack("%32C*",$symb) << 27;
-      my $symbseed=numval($symb) << 22;
-      my $namechck=unpack("%32C*",$username) << 17;
-      my $nameseed=numval($username) << 12;
-      my $domainseed=unpack("%32C*",$domain) << 7;
-      my $courseseed=unpack("%32C*",$courseid);
-      my $num=$symbseed+$nameseed+$domainseed+$courseseed+$namechck+$symbchck;
-      #uncommenting these lines can break things!
-      #&Apache::lonxml::debug("$symbseed:$nameseed;$domainseed|$courseseed;$namechck:$symbchck");
-      #&Apache::lonxml::debug("rndseed :$num:$symb");
-      return $num;
+	use integer;
+	my $symbchck=unpack("%32S*",$symb.' ') << 16;
+	my $symbseed=numval($symb);
+	my $CODEseed=numval($ENV{'scantron.CODE'}) << 16;
+	my $courseseed=unpack("%32S*",$courseid.' ');
+	my $num1=$symbseed+$CODEseed;
+	my $num2=$courseseed+$symbchck;
+	#&Apache::lonxml::debug("$symbseed:$CODEseed|$courseseed:$symbchck");
+	#&Apache::lonxml::debug("rndseed :$num1:$num2:$symb");
+	return "$num1,$num2";
+    }
+}
+
+sub setup_random_from_rndseed {
+    my ($rndseed)=@_;
+    if ($rndseed =~/,/) {
+	my ($num1,$num2)=split(/,/,$rndseed);
+	&Math::Random::random_set_seed(abs($num1),abs($num2));
+    } else {
+	&Math::Random::random_set_seed_from_phrase($rndseed);
     }
 }
 
@@ -3494,7 +4442,8 @@ sub getfile {
  } else { # normal file from res space
   &repcopy($file);
   if (! -e $file ) { return -1; };
-  my $fh=Apache::File->new($file);
+  my $fh;
+  open($fh,"<$file");
   my $a='';
   while (<$fh>) { $a .=$_; }
   return $a;
@@ -3512,7 +4461,7 @@ sub filelocation {
     $location=$file;
   } else {
     $file=~s/^$perlvar{'lonDocRoot'}//;
-    $file=~s:^/*res::;
+    $file=~s:^/res/:/:;
     if ( !( $file =~ m:^/:) ) {
       $location = $dir. '/'.$file;
     } else {
@@ -3526,14 +4475,41 @@ sub filelocation {
 
 sub hreflocation {
     my ($dir,$file)=@_;
-    unless (($file=~/^http:\/\//i) || ($file=~/^\//)) {
-       my $finalpath=filelocation($dir,$file);
-       $finalpath=~s/^\/home\/httpd\/html//;
-       $finalpath=~s-/home/(\w+)/public_html/-/~$1/-;
-       return $finalpath;
-    } else {
-       return $file;
+    unless (($file=~m-^http://-i) || ($file=~m-^/-)) {
+	my $finalpath=filelocation($dir,$file);
+	$finalpath=~s-^/home/httpd/html--;
+	$finalpath=~s-^/home/(\w+)/public_html/-/~$1/-;
+	return $finalpath;
+    } elsif ($file=~m-^/home-) {
+	$file=~s-^/home/httpd/html--;
+	$file=~s-^/home/(\w+)/public_html/-/~$1/-;
+	return $file;
+    }
+    return $file;
+}
+
+sub current_machine_domains {
+    my $hostname=$hostname{$perlvar{'lonHostID'}};
+    my @domains;
+    while( my($id, $name) = each(%hostname)) {
+#	&logthis("-$id-$name-$hostname-");
+	if ($hostname eq $name) {
+	    push(@domains,$hostdom{$id});
+	}
     }
+    return @domains;
+}
+
+sub current_machine_ids {
+    my $hostname=$hostname{$perlvar{'lonHostID'}};
+    my @ids;
+    while( my($id, $name) = each(%hostname)) {
+#	&logthis("-$id-$name-$hostname-");
+	if ($hostname eq $name) {
+	    push(@ids,$id);
+	}
+    }
+    return @ids;
 }
 
 # ------------------------------------------------------------- Declutters URLs
@@ -3573,19 +4549,44 @@ sub unescape {
     return $str;
 }
 
+sub mod_perl_version {
+    if (defined($perlvar{'MODPERL2'})) {
+	return 2;
+    }
+    return 1;
+}
+
+sub correct_line_ends {
+    my ($result)=@_;
+    $$result =~s/\r\n/\n/mg;
+    $$result =~s/\r/\n/mg;
+}
 # ================================================================ Main Program
 
 sub goodbye {
    &logthis("Starting Shut down");
+#not converted to using infrastruture and probably shouldn't be
+   &logthis(sprintf("%-20s is %s",'%badServerCache',scalar(%badServerCache)));
+#converted
+   &logthis(sprintf("%-20s is %s",'%metacache',scalar(%metacache)));
+   &logthis(sprintf("%-20s is %s",'%homecache',scalar(%homecache)));
+   &logthis(sprintf("%-20s is %s",'%titlecache',scalar(%titlecache)));
+   &logthis(sprintf("%-20s is %s",'%courseresdatacache',scalar(%courseresdatacache)));
+#1.1 only
+   &logthis(sprintf("%-20s is %s",'%userresdatacache',scalar(%userresdatacache)));
+   &logthis(sprintf("%-20s is %s",'%usectioncache',scalar(%usectioncache)));
+   &logthis(sprintf("%-20s is %s",'%courseresversioncache',scalar(%courseresversioncache)));
+   &logthis(sprintf("%-20s is %s",'%resversioncache',scalar(%resversioncache)));
    &flushcourselogs();
    &logthis("Shutting down");
+   return DONE;
 }
 
 BEGIN {
 # ----------------------------------- Read loncapa.conf and loncapa_apache.conf
     unless ($readit) {
 {
-    my $config=Apache::File->new("/etc/httpd/conf/loncapa.conf");
+    open(my $config,"</etc/httpd/conf/loncapa.conf");
 
     while (my $configline=<$config>) {
         if ($configline =~ /^[^\#]*PerlSetVar/) {
@@ -3594,9 +4595,10 @@ BEGIN {
            $perlvar{$varname}=$varvalue;
         }
     }
+    close($config);
 }
 {
-    my $config=Apache::File->new("/etc/httpd/conf/loncapa_apache.conf");
+    open(my $config,"</etc/httpd/conf/loncapa_apache.conf");
 
     while (my $configline=<$config>) {
         if ($configline =~ /^[^\#]*PerlSetVar/) {
@@ -3605,34 +4607,41 @@ BEGIN {
            $perlvar{$varname}=$varvalue;
         }
     }
+    close($config);
 }
 
 # ------------------------------------------------------------ Read domain file
 {
-    my $fh=Apache::File->new($Apache::lonnet::perlvar{'lonTabDir'}.
-                            '/domain.tab');
     %domaindescription = ();
     %domain_auth_def = ();
     %domain_auth_arg_def = ();
-    if ($fh) {
+    my $fh;
+    if (open($fh,"<".$Apache::lonnet::perlvar{'lonTabDir'}.'/domain.tab')) {
        while (<$fh>) {
-           next if /^\#/;
+           next if (/^(\#|\s*$)/);
+#           next if /^\#/;
            chomp;
-           my ($domain, $domain_description, $def_auth, $def_auth_arg)
-               = split(/:/,$_,4);
-           $domain_auth_def{$domain}=$def_auth;
+           my ($domain, $domain_description, $def_auth, $def_auth_arg,
+	       $def_lang, $city, $longi, $lati) = split(/:/,$_);
+	   $domain_auth_def{$domain}=$def_auth;
            $domain_auth_arg_def{$domain}=$def_auth_arg;
-           $domaindescription{$domain}=$domain_description;
-#          &logthis("Domain.tab: $domain, $domain_auth_def{$domain}, $domain_auth_arg_def{$domain},$domaindescription{$domain}");
+	   $domaindescription{$domain}=$domain_description;
+	   $domain_lang_def{$domain}=$def_lang;
+	   $domain_city{$domain}=$city;
+	   $domain_longi{$domain}=$longi;
+	   $domain_lati{$domain}=$lati;
+
+ #         &logthis("Domain.tab: $domain, $domain_auth_def{$domain}, $domain_auth_arg_def{$domain},$domaindescription{$domain}");
 #          &logthis("Domain.tab: $domain ".$domaindescription{$domain} );
-       }
+	}
     }
+    close ($fh);
 }
 
 
 # ------------------------------------------------------------- Read hosts file
 {
-    my $config=Apache::File->new("$perlvar{'lonTabDir'}/hosts.tab");
+    open(my $config,"<$perlvar{'lonTabDir'}/hosts.tab");
 
     while (my $configline=<$config>) {
        next if ($configline =~ /^(\#|\s*$)/);
@@ -3650,11 +4659,12 @@ BEGIN {
 	 }
        }
     }
+    close($config);
 }
 
 # ------------------------------------------------------ Read spare server file
 {
-    my $config=Apache::File->new("$perlvar{'lonTabDir'}/spare.tab");
+    open(my $config,"<$perlvar{'lonTabDir'}/spare.tab");
 
     while (my $configline=<$config>) {
        chomp($configline);
@@ -3662,46 +4672,50 @@ BEGIN {
           $spareid{$configline}=1;
        }
     }
+    close($config);
 }
 # ------------------------------------------------------------ Read permissions
 {
-    my $config=Apache::File->new("$perlvar{'lonTabDir'}/roles.tab");
+    open(my $config,"<$perlvar{'lonTabDir'}/roles.tab");
 
     while (my $configline=<$config>) {
-       chomp($configline);
-      if ($configline) {
-       my ($role,$perm)=split(/ /,$configline);
-       if ($perm ne '') { $pr{$role}=$perm; }
-      }
+	chomp($configline);
+	if ($configline) {
+	    my ($role,$perm)=split(/ /,$configline);
+	    if ($perm ne '') { $pr{$role}=$perm; }
+	}
     }
+    close($config);
 }
 
 # -------------------------------------------- Read plain texts for permissions
 {
-    my $config=Apache::File->new("$perlvar{'lonTabDir'}/rolesplain.tab");
+    open(my $config,"<$perlvar{'lonTabDir'}/rolesplain.tab");
 
     while (my $configline=<$config>) {
-       chomp($configline);
-      if ($configline) {
-       my ($short,$plain)=split(/:/,$configline);
-       if ($plain ne '') { $prp{$short}=$plain; }
-      }
+	chomp($configline);
+	if ($configline) {
+	    my ($short,$plain)=split(/:/,$configline);
+	    if ($plain ne '') { $prp{$short}=$plain; }
+	}
     }
+    close($config);
 }
 
 # ---------------------------------------------------------- Read package table
 {
-    my $config=Apache::File->new("$perlvar{'lonTabDir'}/packages.tab");
+    open(my $config,"<$perlvar{'lonTabDir'}/packages.tab");
 
     while (my $configline=<$config>) {
-       chomp($configline);
-       my ($short,$plain)=split(/:/,$configline);
-       my ($pack,$name)=split(/\&/,$short);
-       if ($plain ne '') {
-          $packagetab{$pack.'&'.$name.'&name'}=$name; 
-          $packagetab{$short}=$plain; 
-       }
+	chomp($configline);
+	my ($short,$plain)=split(/:/,$configline);
+	my ($pack,$name)=split(/\&/,$short);
+	if ($plain ne '') {
+	    $packagetab{$pack.'&'.$name.'&name'}=$name; 
+	    $packagetab{$short}=$plain; 
+	}
     }
+    close($config);
 }
 
 # ------------- set up temporary directory
@@ -3759,45 +4773,125 @@ being set.
 
 =back
 
-=head1 INTRODUCTION
+=head1 OVERVIEW
 
-This module provides subroutines which interact with the
-lonc/lond (TCP) network layer of LON-CAPA. And Can be used to ask about 
-- classes
-- users 
-- resources
+lonnet provides subroutines which interact with the
+lonc/lond (TCP) network layer of LON-CAPA. They can be used to ask
+about classes, users, and resources.
 
 For many of these objects you can also use this to store data about
 them or modify them in various ways.
 
-This is part of the LearningOnline Network with CAPA project
-described at http://www.lon-capa.org.
+=head2 Symbs
 
-=head1 RETURN MESSAGES
+To identify a specific instance of a resource, LON-CAPA uses symbols
+or "symbs"X<symb>. These identifiers are built from the URL of the
+map, the resource number of the resource in the map, and the URL of
+the resource itself. The latter is somewhat redundant, but might help
+if maps change.
 
-=over 4
+An example is
 
-=item *
+ msu/korte/parts/part1.sequence___19___msu/korte/tests/part12.problem
 
-con_lost : unable to contact remote host
+The respective map entry is
 
-=item *
+ <resource id="19" src="/res/msu/korte/tests/part12.problem"
+  title="Problem 2">
+ </resource>
 
-con_delayed : unable to contact remote host, message will be delivered
-when the connection is brought back up
+Symbs are used by the random number generator, as well as to store and
+restore data specific to a certain instance of for example a problem.
 
-=item *
+=head2 Storing And Retrieving Data
 
-con_failed : unable to contact remote host and unable to save message
-for later delivery
+X<store()>X<cstore()>X<restore()>Three of the most important functions
+in C<lonnet.pm> are C<&Apache::lonnet::cstore()>,
+C<&Apache::lonnet:restore()>, and C<&Apache::lonnet::store()>, which
+is is the non-critical message twin of cstore. These functions are for
+handlers to store a perl hash to a user's permanent data space in an
+easy manner, and to retrieve it again on another call. It is expected
+that a handler would use this once at the beginning to retrieve data,
+and then again once at the end to send only the new data back.
 
-=item *
+The data is stored in the user's data directory on the user's
+homeserver under the ID of the course.
 
-error: : an error a occured, a description of the error follows the :
+The hash that is returned by restore will have all of the previous
+value for all of the elements of the hash.
 
-=item *
+Example:
+
+ #creating a hash
+ my %hash;
+ $hash{'foo'}='bar';
+
+ #storing it
+ &Apache::lonnet::cstore(\%hash);
+
+ #changing a value
+ $hash{'foo'}='notbar';
+
+ #adding a new value
+ $hash{'bar'}='foo';
+ &Apache::lonnet::cstore(\%hash);
+
+ #retrieving the hash
+ my %history=&Apache::lonnet::restore();
+
+ #print the hash
+ foreach my $key (sort(keys(%history))) {
+   print("\%history{$key} = $history{$key}");
+ }
+
+Will print out:
 
-no_such_host : unable to fund a host associated with the user/domain
+ %history{1:foo} = bar
+ %history{1:keys} = foo:timestamp
+ %history{1:timestamp} = 990455579
+ %history{2:bar} = foo
+ %history{2:foo} = notbar
+ %history{2:keys} = foo:bar:timestamp
+ %history{2:timestamp} = 990455580
+ %history{bar} = foo
+ %history{foo} = notbar
+ %history{timestamp} = 990455580
+ %history{version} = 2
+
+Note that the special hash entries C<keys>, C<version> and
+C<timestamp> were added to the hash. C<version> will be equal to the
+total number of versions of the data that have been stored. The
+C<timestamp> attribute will be the UNIX time the hash was
+stored. C<keys> is available in every historical section to list which
+keys were added or changed at a specific historical revision of a
+hash.
+
+B<Warning>: do not store the hash that restore returns directly. This
+will cause a mess since it will restore the historical keys as if the
+were new keys. I.E. 1:foo will become 1:1:foo etc.
+
+Calling convention:
+
+ my %record=&Apache::lonnet::restore($symb,$courseid,$domain,$uname,$home);
+ &Apache::lonnet::cstore(\%newrecord,$symb,$courseid,$domain,$uname,$home);
+
+For more detailed information, see lonnet specific documentation.
+
+=head1 RETURN MESSAGES
+
+=over 4
+
+=item * B<con_lost>: unable to contact remote host
+
+=item * B<con_delayed>: unable to contact remote host, message will be delivered
+when the connection is brought back up
+
+=item * B<con_failed>: unable to contact remote host and unable to save message
+for later delivery
+
+=item * B<error:>: an error a occured, a description of the error follows the :
+
+=item * B<no_such_host>: unable to fund a host associated with the user/domain
 that was requested
 
 =back
@@ -3808,15 +4902,18 @@ that was requested
 
 =over 4
 
-=item *
-
-appenv(%hash) : the value of %hash is written to the user envirnoment
-file, and will be restored for each access this user makes during this
-session, also modifies the %ENV for the current process
+=item * 
+X<appenv()>
+B<appenv(%hash)>: the value of %hash is written to
+the user envirnoment file, and will be restored for each access this
+user makes during this session, also modifies the %ENV for the current
+process
 
 =item *
-
-delenv($regexp) : removes all items from the session environment file that matches the regular expression in $regexp. The values are also delted from the current processes %ENV.
+X<delenv()>
+B<delenv($regexp)>: removes all items from the session
+environment file that matches the regular expression in $regexp. The
+values are also delted from the current processes %ENV.
 
 =back
 
@@ -3825,50 +4922,51 @@ delenv($regexp) : removes all items from
 =over 4
 
 =item *
-
-queryauthenticate($uname,$udom) : try to determine user's current
+X<queryauthenticate()>
+B<queryauthenticate($uname,$udom)>: try to determine user's current 
 authentication scheme
 
 =item *
-
-authenticate($uname,$upass,$udom) : try to authenticate user from domain's lib
-servers (first use the current one), $upass should be the users password
+X<authenticate()>
+B<authenticate($uname,$upass,$udom)>: try to
+authenticate user from domain's lib servers (first use the current
+one). C<$upass> should be the users password.
 
 =item *
-
-homeserver($uname,$udom) : find the server which has the user's
-directory and files (there must be only one), this caches the answer,
-and also caches if there is a borken connection.
+X<homeserver()>
+B<homeserver($uname,$udom)>: find the server which has
+the user's directory and files (there must be only one), this caches
+the answer, and also caches if there is a borken connection.
 
 =item *
-
-idget($udom,@ids) : find the usernames behind a list of IDs (IDs are a
-unique resource in a domain, there must be only 1 ID per username, and
-only 1 username per ID in a specific domain) (returns hash:
-id=>name,id=>name)
+X<idget()>
+B<idget($udom,@ids)>: find the usernames behind a list of IDs
+(IDs are a unique resource in a domain, there must be only 1 ID per
+username, and only 1 username per ID in a specific domain) (returns
+hash: id=>name,id=>name)
 
 =item *
-
-idrget($udom,@unames) : find the IDs behind a list of usernames (returns hash:
-name=>id,name=>id)
+X<idrget()>
+B<idrget($udom,@unames)>: find the IDs behind a list of
+usernames (returns hash: name=>id,name=>id)
 
 =item *
-
-idput($udom,%ids) : store away a list of names and associated IDs
+X<idput()>
+B<idput($udom,%ids)>: store away a list of names and associated IDs
 
 =item *
-
-rolesinit($udom,$username,$authhost) : get user privileges
+X<rolesinit()>
+B<rolesinit($udom,$username,$authhost)>: get user privileges
 
 =item *
-
-usection($udom,$uname,$cname) : finds the section of student in the
+X<usection()>
+B<usection($udom,$uname,$cname)>: finds the section of student in the
 course $cname, return section name/number or '' for "not in course"
 and '-1' for "no section"
 
 =item *
-
-userenvironment($udom,$uname,@what) : gets the values of the keys
+X<userenvironment()>
+B<userenvironment($udom,$uname,@what)>: gets the values of the keys
 passed in @what from the requested user's environment, returns a hash
 
 =back
@@ -4236,6 +5334,14 @@ dumps the complete (or key matching rege
 
 =item *
 
+inc($namespace,$store,$udom,$uname) : increments $store in $namespace.
+$store can be a scalar, an array reference, or if the amount to be 
+incremented is > 1, a hash reference.
+
+($udom and $uname are optional)
+
+=item *
+
 put($namespace,$storehash,$udom,$uname) : stores hash in namesp
 ($udom and $uname are optional)