--- loncom/lonnet/perl/lonnet.pm	2004/04/29 07:18:10	1.490
+++ loncom/lonnet/perl/lonnet.pm	2005/03/31 15:55:47	1.618
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # TCP networking package
 #
-# $Id: lonnet.pm,v 1.490 2004/04/29 07:18:10 albertel Exp $
+# $Id: lonnet.pm,v 1.618 2005/03/31 15:55:47 albertel Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -35,23 +35,24 @@ use HTTP::Headers;
 use HTTP::Date;
 # use Date::Parse;
 use vars 
-qw(%perlvar %hostname %homecache %badServerCache %hostip %iphost %spareid %hostdom 
-   %libserv %pr %prp %metacache %packagetab %titlecache %courseresversioncache %resversioncache
+qw(%perlvar %hostname %badServerCache %iphost %spareid %hostdom 
+   %libserv %pr %prp $memcache %packagetab 
    %courselogs %accesshash %userrolehash $processmarker $dumpcount 
-   %coursedombuf %coursenumbuf %coursehombuf %coursedescrbuf %courseresdatacache 
-   %userresdatacache %usectioncache %domaindescription %domain_auth_def %domain_auth_arg_def 
-   %domain_lang_def %domain_city %domain_longi %domain_lati $tmpdir);
+   %coursedombuf %coursenumbuf %coursehombuf %coursedescrbuf %courseinstcodebuf %courseownerbuf
+   %domaindescription %domain_auth_def %domain_auth_arg_def 
+   %domain_lang_def %domain_city %domain_longi %domain_lati $tmpdir $_64bit);
 
 use IO::Socket;
 use GDBM_File;
 use Apache::Constants qw(:common :http);
 use HTML::LCParser;
 use Fcntl qw(:flock);
-use Apache::loncoursedata;
 use Apache::lonlocal;
-use Storable qw(lock_store lock_nstore lock_retrieve freeze thaw);
-use Time::HiRes();
+use Storable qw(lock_store lock_nstore lock_retrieve freeze thaw nfreeze);
+use Time::HiRes qw( gettimeofday tv_interval );
+use Cache::Memcached;
 my $readit;
+my $max_connection_retries = 10;     # Or some such value.
 
 =pod
 
@@ -116,14 +117,40 @@ sub logperm {
 sub subreply {
     my ($cmd,$server)=@_;
     my $peerfile="$perlvar{'lonSockDir'}/$server";
-    my $client=IO::Socket::UNIX->new(Peer    =>"$peerfile",
-                                     Type    => SOCK_STREAM,
-                                     Timeout => 10)
-       or return "con_lost";
-    print $client "$cmd\n";
-    my $answer=<$client>;
-    if (!$answer) { $answer="con_lost"; }
-    chomp($answer);
+    #
+    #  With loncnew process trimming, there's a timing hole between lonc server
+    #  process exit and the master server picking up the listen on the AF_UNIX
+    #  socket.  In that time interval, a lock file will exist:
+
+    my $lockfile=$peerfile.".lock";
+    while (-e $lockfile) {	# Need to wait for the lockfile to disappear.
+	sleep(1);
+    }
+    # At this point, either a loncnew parent is listening or an old lonc
+    # or loncnew child is listening so we can connect or everything's dead.
+    #
+    #   We'll give the connection a few tries before abandoning it.  If
+    #   connection is not possible, we'll con_lost back to the client.
+    #   
+    my $client;
+    for (my $retries = 0; $retries < $max_connection_retries; $retries++) {
+	$client=IO::Socket::UNIX->new(Peer    =>"$peerfile",
+				      Type    => SOCK_STREAM,
+				      Timeout => 10);
+	if($client) {
+	    last;		# Connected!
+	}
+	sleep(1);		# Try again later if failed connection.
+    }
+    my $answer;
+    if ($client) {
+	print $client "$cmd\n";
+	$answer=<$client>;
+	if (!$answer) { $answer="con_lost"; }
+	chomp($answer);
+    } else {
+	$answer = 'con_lost';	# Failed connection.
+    }
     return $answer;
 }
 
@@ -131,22 +158,6 @@ sub reply {
     my ($cmd,$server)=@_;
     unless (defined($hostname{$server})) { return 'no_such_host'; }
     my $answer=subreply($cmd,$server);
-    if ($answer eq 'con_lost') {
-        #sleep 5; 
-        #$answer=subreply($cmd,$server);
-        #if ($answer eq 'con_lost') {
-	#   &logthis("Second attempt con_lost on $server");
-        #   my $peerfile="$perlvar{'lonSockDir'}/$server";
-        #   my $client=IO::Socket::UNIX->new(Peer    =>"$peerfile",
-        #                                    Type    => SOCK_STREAM,
-        #                                    Timeout => 10)
-        #              or return "con_lost";
-        #   &logthis("Killing socket");
-        #   print $client "close_connection_exit\n";
-           #sleep 5;
-        #   $answer=subreply($cmd,$server);       
-       #}   
-    }
     if (($answer=~/^refused/) || ($answer=~/^rejected/)) {
        &logthis("<font color=blue>WARNING:".
                 " $cmd to $server returned $answer</font>");
@@ -194,11 +205,8 @@ sub critical {
     }
     my $answer=reply($cmd,$server);
     if ($answer eq 'con_lost') {
-        my $pingreply=reply('ping',$server);
 	&reconlonc("$perlvar{'lonSockDir'}/$server");
-        my $pongreply=reply('pong',$server);
-        &logthis("Ping/Pong for $server: $pingreply/$pongreply");
-        $answer=reply($cmd,$server);
+	my $answer=reply($cmd,$server);
         if ($answer eq 'con_lost') {
             my $now=time;
             my $middlename=$cmd;
@@ -551,12 +559,12 @@ sub authenticate {
 
 # ---------------------- Find the homebase for a user from domain's lib servers
 
+my %homecache;
 sub homeserver {
     my ($uname,$udom,$ignoreBadCache)=@_;
     my $index="$uname:$udom";
 
-    my ($result,$cached)=&is_cached(\%homecache,$index,'home',86400);
-    if (defined($cached)) { return $result; }
+    if (exists($homecache{$index})) { return $homecache{$index}; }
     my $tryserver;
     foreach $tryserver (keys %libserv) {
         next if ($ignoreBadCache ne 'true' && 
@@ -564,7 +572,7 @@ sub homeserver {
 	if ($hostdom{$tryserver} eq $udom) {
            my $answer=reply("home:$udom:$uname",$tryserver);
            if ($answer eq 'found') { 
-	       return &do_cache(\%homecache,$index,$tryserver,'home');
+	       return $homecache{$index}=$tryserver;
            } elsif ($answer eq 'no_host') {
 	       $badServerCache{$tryserver}=1;
            }
@@ -642,14 +650,18 @@ sub assign_access_key {
 # a valid key looks like uname:udom#comments
 # comments are being appended
 #
-    my ($ckey,$cdom,$cnum,$udom,$uname,$logentry)=@_;
+    my ($ckey,$kdom,$knum,$cdom,$cnum,$udom,$uname,$logentry)=@_;
+    $kdom=
+   $ENV{'course.'.$ENV{'request.course.id'}.'.domain'} unless (defined($kdom));
+    $knum=
+   $ENV{'course.'.$ENV{'request.course.id'}.'.num'} unless (defined($knum));
     $cdom=
    $ENV{'course.'.$ENV{'request.course.id'}.'.domain'} unless (defined($cdom));
     $cnum=
    $ENV{'course.'.$ENV{'request.course.id'}.'.num'} unless (defined($cnum));
     $udom=$ENV{'user.name'} unless (defined($udom));
     $uname=$ENV{'user.domain'} unless (defined($uname));
-    my %existing=&get('accesskeys',[$ckey],$cdom,$cnum);
+    my %existing=&get('accesskeys',[$ckey],$kdom,$knum);
     if (($existing{$ckey}=~/^\#(.*)$/) || # - new key
         ($existing{$ckey}=~/^\Q$uname\E\:\Q$udom\E\#(.*)$/)) { 
                                                   # assigned to this person
@@ -658,8 +670,8 @@ sub assign_access_key {
                                                   # the first time around
 # ready to assign
         $logentry=$1.'; '.$logentry;
-        if (&put('accesskey',{$ckey=>$uname.':'.$udom.'#'.$logentry},
-                                                 $cdom,$cnum) eq 'ok') {
+        if (&put('accesskeys',{$ckey=>$uname.':'.$udom.'#'.$logentry},
+                                                 $kdom,$knum) eq 'ok') {
 # key now belongs to user
 	    my $envkey='key.'.$cdom.'_'.$cnum;
             if (&put('environment',{$envkey => $ckey}) eq 'ok') {
@@ -755,8 +767,8 @@ sub validate_access_key {
    $ENV{'course.'.$ENV{'request.course.id'}.'.domain'} unless (defined($cdom));
     $cnum=
    $ENV{'course.'.$ENV{'request.course.id'}.'.num'} unless (defined($cnum));
-    $udom=$ENV{'user.name'} unless (defined($udom));
-    $uname=$ENV{'user.domain'} unless (defined($uname));
+    $udom=$ENV{'user.domain'} unless (defined($udom));
+    $uname=$ENV{'user.name'} unless (defined($uname));
     my %existing=&get('accesskeys',[$ckey],$cdom,$cnum);
     return ($existing{$ckey}=~/^\Q$uname\E\:\Q$udom\E\#/);
 }
@@ -765,8 +777,14 @@ sub validate_access_key {
 
 sub getsection {
     my ($udom,$unam,$courseid)=@_;
+    my $cachetime=1800;
     $courseid=~s/\_/\//g;
     $courseid=~s/^(\w)/\/$1/;
+
+    my $hashid="$udom:$unam:$courseid";
+    my ($result,$cached)=&is_cached_new('getsection',$hashid);
+    if (defined($cached)) { return $result; }
+
     my %Pending; 
     my %Expired;
     #
@@ -791,200 +809,113 @@ sub getsection {
         if ($key eq $courseid.'_st') { $section=''; }
         my ($dummy,$end,$start)=split(/\_/,&unescape($value));
         my $now=time;
-        if (defined($end) && ($now > $end)) {
+        if (defined($end) && $end && ($now > $end)) {
             $Expired{$end}=$section;
             next;
         }
-        if (defined($start) && ($now < $start)) {
+        if (defined($start) && $start && ($now < $start)) {
             $Pending{$start}=$section;
             next;
         }
-        return $section;
+        return &do_cache_new('getsection',$hashid,$section,$cachetime);
     }
     #
     # Presumedly there will be few matching roles from the above
     # loop and the sorting time will be negligible.
     if (scalar(keys(%Pending))) {
         my ($time) = sort {$a <=> $b} keys(%Pending);
-        return $Pending{$time};
+        return &do_cache_new('getsection',$hashid,$Pending{$time},$cachetime);
     } 
     if (scalar(keys(%Expired))) {
         my @sorted = sort {$a <=> $b} keys(%Expired);
         my $time = pop(@sorted);
-        return $Expired{$time};
+        return &do_cache_new('getsection',$hashid,$Expired{$time},$cachetime);
     }
-    return '-1';
+    return &do_cache_new('getsection',$hashid,'-1',$cachetime);
 }
 
-
-my $disk_caching_disabled=1;
-
-sub devalidate_cache {
-    my ($cache,$id,$name) = @_;
-    delete $$cache{$id.'.time'};
-    delete $$cache{$id};
-    if ($disk_caching_disabled) { return; }
-    my $filename=$perlvar{'lonDaemons'}.'/tmp/lonnet_internal_cache_'.$name.".db";
-    open(DB,"$filename.lock");
-    flock(DB,LOCK_EX);
-    my %hash;
-    if (tie(%hash,'GDBM_File',$filename,&GDBM_WRCREAT(),0640)) {
-	eval <<'EVALBLOCK';
-	    delete($hash{$id});
-	    delete($hash{$id.'.time'});
-EVALBLOCK
-        if ($@) {
-	    &logthis("<font color='red'>devalidate_cache blew up :$@:$name</font>");
-	    unlink($filename);
-	}
-    } else {
-	if (-e $filename) {
-	    &logthis("Unable to tie hash (devalidate cache): $name");
-	    unlink($filename);
-	}
-    }
-    untie(%hash);
-    flock(DB,LOCK_UN);
-    close(DB);
-}
-
-sub is_cached {
-    my ($cache,$id,$name,$time) = @_;
-    if (!$time) { $time=300; }
-    if (!exists($$cache{$id.'.time'})) {
-	&load_cache_item($cache,$name,$id);
-    }
-    if (!exists($$cache{$id.'.time'})) {
-#	&logthis("Didn't find $id");
-	return (undef,undef);
-    } else {
-	if (time-($$cache{$id.'.time'})>$time) {
-#	    &logthis("Devalidating $id - ".time-($$cache{$id.'.time'}));
-	    &devalidate_cache($cache,$id,$name);
-	    return (undef,undef);
-	}
-    }
-    return ($$cache{$id},1);
-}
-
-sub do_cache {
-    my ($cache,$id,$value,$name) = @_;
-    $$cache{$id.'.time'}=time;
-    $$cache{$id}=$value;
-#    &logthis("Caching $id as :$value:");
-    &save_cache_item($cache,$name,$id);
-    # do_cache implictly return the set value
-    $$cache{$id};
-}
-
-sub save_cache_item {
-    my ($cache,$name,$id)=@_;
-    if ($disk_caching_disabled) { return; }
-    my $starttime=&Time::HiRes::time();
-#    &logthis("Saving :$name:$id");
-    my %hash;
-    my $filename=$perlvar{'lonDaemons'}.'/tmp/lonnet_internal_cache_'.$name.".db";
-    open(DB,"$filename.lock");
-    flock(DB,LOCK_EX);
-    if (tie(%hash,'GDBM_File',$filename,&GDBM_WRCREAT(),0640)) {
-	eval <<'EVALBLOCK';
-	    $hash{$id.'.time'}=$$cache{$id.'.time'};
-	    $hash{$id}=freeze({'item'=>$$cache{$id}});
-EVALBLOCK
-        if ($@) {
-	    &logthis("<font color='red'>save_cache blew up :$@:$name</font>");
-	    unlink($filename);
-	}
-    } else {
-	if (-e $filename) {
-	    &logthis("Unable to tie hash (save cache item): $name ($!)");
-	    unlink($filename);
-	}
-    }
-    untie(%hash);
-    flock(DB,LOCK_UN);
-    close(DB);
-#    &logthis("save_cache_item $name took ".(&Time::HiRes::time()-$starttime));
-}
-
-sub load_cache_item {
-    my ($cache,$name,$id)=@_;
-    if ($disk_caching_disabled) { return; }
-    my $starttime=&Time::HiRes::time();
-#    &logthis("Before Loading $name  for $id size is ".scalar(%$cache));
-    my %hash;
-    my $filename=$perlvar{'lonDaemons'}.'/tmp/lonnet_internal_cache_'.$name.".db";
-    open(DB,"$filename.lock");
-    flock(DB,LOCK_SH);
-    if (tie(%hash,'GDBM_File',$filename,&GDBM_READER(),0640)) {
-	eval <<'EVALBLOCK';
-	    if (!%$cache) {
-		my $count;
-		while (my ($key,$value)=each(%hash)) { 
-		    $count++;
-		    if ($key =~ /\.time$/) {
-			$$cache{$key}=$value;
-		    } else {
-			my $hashref=thaw($value);
-			$$cache{$key}=$hashref->{'item'};
-		    }
-		}
-#	    &logthis("Initial load: $count");
-	    } else {
-		my $hashref=thaw($hash{$id});
-		$$cache{$id}=$hashref->{'item'};
-		$$cache{$id.'.time'}=$hash{$id.'.time'};
-	    }
-EVALBLOCK
-        if ($@) {
-	    &logthis("<font color='red'>load_cache blew up :$@:$name</font>");
-	    unlink($filename);
-	}        
-    } else {
-	if (-e $filename) {
-	    &logthis("Unable to tie hash (load cache item): $name ($!)");
-	    unlink($filename);
-	}
-    }
-    untie(%hash);
-    flock(DB,LOCK_UN);
-    close(DB);
-#    &logthis("After Loading $name size is ".scalar(%$cache));
-#    &logthis("load_cache_item $name took ".(&Time::HiRes::time()-$starttime));
+sub save_cache {
+    &purge_remembered();
 }
 
-sub usection {
-    my ($udom,$unam,$courseid)=@_;
-    my $hashid="$udom:$unam:$courseid";
-    
-    my ($result,$cached)=&is_cached(\%usectioncache,$hashid,'usection');
-    if (defined($cached)) { return $result; }
-    $courseid=~s/\_/\//g;
-    $courseid=~s/^(\w)/\/$1/;
-    foreach (split(/\&/,&reply('dump:'.$udom.':'.$unam.':roles',
-                        &homeserver($unam,$udom)))) {
-        my ($key,$value)=split(/\=/,$_);
-        $key=&unescape($key);
-        if ($key=~/^\Q$courseid\E(?:\/)*(\w+)*\_st$/) {
-            my $section=$1;
-            if ($key eq $courseid.'_st') { $section=''; }
-	    my ($dummy,$end,$start)=split(/\_/,&unescape($value));
-            my $now=time;
-            my $notactive=0;
-            if ($start) {
-		if ($now<$start) { $notactive=1; }
-            }
-            if ($end) {
-                if ($now>$end) { $notactive=1; }
-            } 
-            unless ($notactive) {
-		return &do_cache(\%usectioncache,$hashid,$section,'usection');
-	    }
-        }
+my $to_remember=-1;
+my %remembered;
+my %accessed;
+my $kicks=0;
+my $hits=0;
+sub devalidate_cache_new {
+    my ($name,$id,$debug) = @_;
+    if ($debug) { &Apache::lonnet::logthis("deleting $name:$id"); }
+    $id=&escape($name.':'.$id);
+    $memcache->delete($id);
+    delete($remembered{$id});
+    delete($accessed{$id});
+}
+
+sub is_cached_new {
+    my ($name,$id,$debug) = @_;
+    $id=&escape($name.':'.$id);
+    if (exists($remembered{$id})) {
+	if ($debug) { &Apache::lonnet::logthis("Earyl return $id of $remembered{$id} "); }
+	$accessed{$id}=[&gettimeofday()];
+	$hits++;
+	return ($remembered{$id},1);
+    }
+    my $value = $memcache->get($id);
+    if (!(defined($value))) {
+	if ($debug) { &Apache::lonnet::logthis("getting $id is not defined"); }
+	return (undef,undef);
     }
-    return &do_cache(\%usectioncache,$hashid,'-1','usection');
+    if ($value eq '__undef__') {
+	if ($debug) { &Apache::lonnet::logthis("getting $id is __undef__"); }
+	$value=undef;
+    }
+    &make_room($id,$value,$debug);
+    if ($debug) { &Apache::lonnet::logthis("getting $id is $value"); }
+    return ($value,1);
+}
+
+sub do_cache_new {
+    my ($name,$id,$value,$time,$debug) = @_;
+    $id=&escape($name.':'.$id);
+    my $setvalue=$value;
+    if (!defined($setvalue)) {
+	$setvalue='__undef__';
+    }
+    if ($debug) { &Apache::lonnet::logthis("Setting $id to $value"); }
+    $memcache->set($id,$setvalue,$time);
+    # need to make a copy of $value
+    #&make_room($id,$value,$debug);
+    return $value;
+}
+
+sub make_room {
+    my ($id,$value,$debug)=@_;
+    $remembered{$id}=$value;
+    if ($to_remember<0) { return; }
+    $accessed{$id}=[&gettimeofday()];
+    if (scalar(keys(%remembered)) <= $to_remember) { return; }
+    my $to_kick;
+    my $max_time=0;
+    foreach my $other (keys(%accessed)) {
+	if (&tv_interval($accessed{$other}) > $max_time) {
+	    $to_kick=$other;
+	    $max_time=&tv_interval($accessed{$other});
+	}
+    }
+    delete($remembered{$to_kick});
+    delete($accessed{$to_kick});
+    $kicks++;
+    if ($debug) { &logthis("kicking $to_kick $max_time $kicks\n"); }
+    return;
+}
+
+sub purge_remembered {
+    #&logthis("Tossing ".scalar(keys(%remembered)));
+    #&logthis(sprintf("%-20s is %s",'%remembered',length(&freeze(\%remembered))));
+    undef(%remembered);
+    undef(%accessed);
 }
-
 # ------------------------------------- Read an entry from a user's environment
 
 sub userenvironment {
@@ -1000,6 +931,19 @@ sub userenvironment {
     return %returnhash;
 }
 
+# ---------------------------------------------------------- Get a studentphoto
+sub studentphoto {
+    my ($udom,$unam,$ext) = @_;
+    my $home=&Apache::lonnet::homeserver($unam,$udom);
+    my $ret=&Apache::lonnet::reply("studentphoto:$udom:$unam:$ext",$home);
+    my $url="/uploaded/$udom/$unam/internal/studentphoto.".$ext;
+    if ($ret ne 'ok') {
+	return '/adm/lonKaputt/lonlogo_broken.gif';
+    }
+    my $tokenurl=&Apache::lonnet::tokenwrapper($url);
+    return $tokenurl;
+}
+
 # -------------------------------------------------------------------- New chat
 
 sub chatsend {
@@ -1022,7 +966,7 @@ sub getversion {
 
 sub currentversion {
     my $fname=shift;
-    my ($result,$cached)=&is_cached(\%resversioncache,$fname,'resversion',600);
+    my ($result,$cached)=&is_cached_new('resversion',$fname);
     if (defined($cached)) { return $result; }
     my $author=$fname;
     $author=~s/\/home\/httpd\/html\/res\/([^\/]*)\/([^\/]*).*/$1\/$2/;
@@ -1035,7 +979,7 @@ sub currentversion {
     if (($answer eq 'con_lost') || ($answer eq 'rejected')) {
 	return -1;
     }
-    return &do_cache(\%resversioncache,$fname,$answer,'resversion');
+    return &do_cache_new('resversion',$fname,$answer,600);
 }
 
 # ----------------------------- Subscribe to a resource, return URL if possible
@@ -1043,6 +987,7 @@ sub currentversion {
 sub subscribe {
     my $fname=shift;
     if ($fname=~/\/(aboutme|syllabus|bulletinboard|smppg)$/) { return ''; }
+    $fname=~s/[\n\r]//g;
     my $author=$fname;
     $author=~s/\/home\/httpd\/html\/res\/([^\/]*)\/([^\/]*).*/$1\/$2/;
     my ($udom,$uname)=split(/\//,$author);
@@ -1062,21 +1007,27 @@ sub subscribe {
 sub repcopy {
     my $filename=shift;
     $filename=~s/\/+/\//g;
-    if ($filename=~/^\/home\/httpd\/html\/adm\//) { return OK; }
+    if ($filename=~m|^/home/httpd/html/adm/|) { return 'ok'; }
+    if ($filename=~m|^/home/httpd/html/lonUsers/|) { return 'ok'; }
+    if ($filename=~m|^/home/httpd/html/userfiles/| or
+	$filename=~m -^/*(uploaded|editupload)/-) { 
+	return &repcopy_userfile($filename);
+    }
+    $filename=~s/[\n\r]//g;
     my $transname="$filename.in.transfer";
-    if ((-e $filename) || (-e $transname)) { return OK; }
+    if ((-e $filename) || (-e $transname)) { return 'ok'; }
     my $remoteurl=subscribe($filename);
     if ($remoteurl =~ /^con_lost by/) {
 	   &logthis("Subscribe returned $remoteurl: $filename");
-           return HTTP_SERVICE_UNAVAILABLE;
+           return 'unavailable';
     } elsif ($remoteurl eq 'not_found') {
 	   #&logthis("Subscribe returned not_found: $filename");
-	   return HTTP_NOT_FOUND;
+	   return 'not_found';
     } elsif ($remoteurl =~ /^rejected by/) {
 	   &logthis("Subscribe returned $remoteurl: $filename");
-           return FORBIDDEN;
+           return 'forbidden';
     } elsif ($remoteurl eq 'directory') {
-           return OK;
+           return 'ok';
     } else {
         my $author=$filename;
         $author=~s/\/home\/httpd\/html\/res\/([^\/]*)\/([^\/]*).*/$1\/$2/;
@@ -1087,7 +1038,7 @@ sub repcopy {
            my $path="/$parts[1]/$parts[2]/$parts[3]/$parts[4]";
            if ($path ne "$perlvar{'lonDocRoot'}/res") {
                &logthis("Malconfiguration for replication: $filename");
-	       return HTTP_BAD_REQUEST;
+	       return 'bad_request';
            }
            my $count;
            for ($count=5;$count<$#parts;$count++) {
@@ -1104,7 +1055,7 @@ sub repcopy {
                my $message=$response->status_line;
                &logthis("<font color=blue>WARNING:"
                        ." LWP get: $message: $filename</font>");
-               return HTTP_SERVICE_UNAVAILABLE;
+               return 'unavailable';
            } else {
 	       if ($remoteurl!~/\.meta$/) {
                   my $mrequest=new HTTP::Request('GET',$remoteurl.'.meta');
@@ -1116,7 +1067,7 @@ sub repcopy {
                   }
 	       }
                rename($transname,$filename);
-               return OK;
+               return 'ok';
            }
        }
     }
@@ -1125,12 +1076,14 @@ sub repcopy {
 # ------------------------------------------------ Get server side include body
 sub ssi_body {
     my ($filelink,%form)=@_;
+    if (! exists($form{'LONCAPA_INTERNAL_no_discussion'})) {
+        $form{'LONCAPA_INTERNAL_no_discussion'}='true';
+    }
     my $output=($filelink=~/^http\:/?&externalssi($filelink):
                                      &ssi($filelink,%form));
+    $output=~s|//(\s*<!--)? BEGIN LON-CAPA Internal.+// END LON-CAPA Internal\s*(-->)?\s||gs;
     $output=~s/^.*?\<body[^\>]*\>//si;
     $output=~s/(.*)\<\/body\s*\>.*?$/$1/si;
-    $output=~
-            s/\/\/ BEGIN LON\-CAPA Internal.+\/\/ END LON\-CAPA Internal\s//gs;
     return $output;
 }
 
@@ -1165,23 +1118,17 @@ sub externalssi {
     return $response->content;
 }
 
-# ------- Add a token to a remote URI's query string to vouch for access rights
+# -------------------------------- Allow a /uploaded/ URI to be vouched for
 
-sub tokenwrapper {
-    my $uri=shift;
-    $uri=~s/^http\:\/\/([^\/]+)//;
-    $uri=~s/^\///;
-    $ENV{'user.environment'}=~/\/([^\/]+)\.id/;
-    my $token=$1;
-#    if ($uri=~/^uploaded\/([^\/]+)\/([^\/]+)\/([^\/]+)(\?\.*)*$/) {
-    if ($uri=~m|^uploaded/([^/]+)/([^/]+)/(.+)(\?\.*)*$|) {
-	&appenv('userfile.'.$1.'/'.$2.'/'.$3 => $ENV{'request.course.id'});
-        return 'http://'.$hostname{ &homeserver($2,$1)}.'/'.$uri.
-               (($uri=~/\?/)?'&':'?').'token='.$token.
-                               '&tokenissued='.$perlvar{'lonHostID'};
-    } else {
-	return '/adm/notfound.html';
-    }
+sub allowuploaded {
+    my ($srcurl,$url)=@_;
+    $url=&clutter(&declutter($url));
+    my $dir=$url;
+    $dir=~s/\/[^\/]+$//;
+    my %httpref=();
+    my $httpurl=&hreflocation('',$url);
+    $httpref{'httpref.'.$httpurl}=$srcurl;
+    &Apache::lonnet::appenv(%httpref);
 }
 
 # --------- File operations in /home/httpd/html/userfiles/$domain/1/2/3/$course
@@ -1265,13 +1212,8 @@ sub process_coursefile {
     return $fetchresult;
 }
 
-# --------------- Take an uploaded file and put it into the userfiles directory
-# input: name of form element, coursedoc=1 means this is for the course
-# output: url of file in userspace
-
-sub userfileupload {
-    my ($formname,$coursedoc)=@_;
-    my $fname=$ENV{'form.'.$formname.'.filename'};
+sub clean_filename {
+    my ($fname)=@_;
 # Replace Windows backslashes by forward slashes
     $fname=~s/\\/\//g;
 # Get rid of everything but the actual filename
@@ -1280,13 +1222,46 @@ sub userfileupload {
     $fname=~s/\s+/\_/g;
 # Replace all other weird characters by nothing
     $fname=~s/[^\w\.\-]//g;
+# Replace all .\d. sequences with _\d. so they no longer look like version
+# numbers
+    $fname=~s/\.(\d+)(?=\.)/_$1/g;
+    return $fname;
+}
+
+# --------------- Take an uploaded file and put it into the userfiles directory
+# input: name of form element, coursedoc=1 means this is for the course
+# output: url of file in userspace
+
+
+sub userfileupload {
+    my ($formname,$coursedoc,$subdir)=@_;
+    if (!defined($subdir)) { $subdir='unknown'; }
+    my $fname=$ENV{'form.'.$formname.'.filename'};
+    $fname=&clean_filename($fname);
 # See if there is anything left
     unless ($fname) { return 'error: no uploaded file'; }
     chop($ENV{'form.'.$formname});
+    if (($formname eq 'screenshot') && ($subdir eq 'helprequests')) { #files uploaded to help request form are handled differently
+        my $now = time;
+        my $filepath = 'tmp/helprequests/'.$now;
+        my @parts=split(/\//,$filepath);
+        my $fullpath = $perlvar{'lonDaemons'};
+        for (my $i=0;$i<@parts;$i++) {
+            $fullpath .= '/'.$parts[$i];
+            if ((-e $fullpath)!=1) {
+                mkdir($fullpath,0777);
+            }
+        }
+        open(my $fh,'>'.$fullpath.'/'.$fname);
+        print $fh $ENV{'form.'.$formname};
+        close($fh);
+        return $fullpath.'/'.$fname; 
+    }
 # Create the directory if not present
     my $docuname='';
     my $docudom='';
     my $docuhome='';
+    $fname="$subdir/$fname";
     if ($coursedoc) {
 	$docuname=$ENV{'course.'.$ENV{'request.course.id'}.'.num'};
 	$docudom=$ENV{'course.'.$ENV{'request.course.id'}.'.domain'};
@@ -1309,6 +1284,12 @@ sub finishuserfileupload {
     my ($docuname,$docudom,$docuhome,$formname,$fname)=@_;
     my $path=$docudom.'/'.$docuname.'/';
     my $filepath=$perlvar{'lonDocRoot'};
+    my ($fnamepath,$file);
+    $file=$fname;
+    if ($fname=~m|/|) {
+        ($fnamepath,$file) = ($fname =~ m|^(.*)/([^/]+)$|);
+	$path.=$fnamepath.'/';
+    }
     my @parts=split(/\//,$filepath.'/userfiles/'.$path);
     my $count;
     for ($count=4;$count<=$#parts;$count++) {
@@ -1319,31 +1300,49 @@ sub finishuserfileupload {
     }
 # Save the file
     {
-       open(my $fh,'>'.$filepath.'/'.$fname);
-       print $fh $ENV{'form.'.$formname};
-       close($fh);
+	open(FH,'>'.$filepath.'/'.$file);
+	print FH $ENV{'form.'.$formname};
+	close(FH);
     }
 # Notify homeserver to grep it
 #
-    my $fetchresult= &reply('fetchuserfile:'.$docudom.'/'.$docuname.'/'.$fname,
-			    $docuhome);
+    my $fetchresult= &reply('fetchuserfile:'.$path.$file,$docuhome);
     if ($fetchresult eq 'ok') {
 #
 # Return the URL to it
-        return '/uploaded/'.$path.$fname;
+        return '/uploaded/'.$path.$file;
     } else {
-        &logthis('Failed to transfer '.$docudom.'/'.$docuname.'/'.$fname.
-         ' to host '.$docuhome.': '.$fetchresult);
+        &logthis('Failed to transfer '.$path.$file.' to host '.$docuhome.
+		 ': '.$fetchresult);
         return '/adm/notfound.html';
     }    
 }
 
+sub removeuploadedurl {
+    my ($url)=@_;
+    my (undef,undef,$udom,$uname,$fname)=split('/',$url,5);
+    return &removeuserfile($uname,$udom,$fname);
+}
+
 sub removeuserfile {
     my ($docuname,$docudom,$fname)=@_;
     my $home=&homeserver($docuname,$docudom);
     return &reply("removeuserfile:$docudom/$docuname/$fname",$home);
 }
 
+sub mkdiruserfile {
+    my ($docuname,$docudom,$dir)=@_;
+    my $home=&homeserver($docuname,$docudom);
+    return &reply("mkdiruserfile:".&escape("$docudom/$docuname/$dir"),$home);
+}
+
+sub renameuserfile {
+    my ($docuname,$docudom,$old,$new)=@_;
+    my $home=&homeserver($docuname,$docudom);
+    return &reply("renameuserfile:$docudom:$docuname:".&escape("$old").':'.
+		  &escape("$new"),$home);
+}
+
 # ------------------------------------------------------------------------- Log
 
 sub log {
@@ -1383,11 +1382,13 @@ sub flushcourselogs {
         }
         if ($courseidbuffer{$coursehombuf{$crsid}}) {
            $courseidbuffer{$coursehombuf{$crsid}}.='&'.
-			 &escape($crsid).'='.&escape($coursedescrbuf{$crsid});
+			 &escape($crsid).'='.&escape($coursedescrbuf{$crsid}).
+                         ':'.&escape($courseinstcodebuf{$crsid}).':'.&escape($courseownerbuf{$crsid});
         } else {
            $courseidbuffer{$coursehombuf{$crsid}}=
-			 &escape($crsid).'='.&escape($coursedescrbuf{$crsid});
-        }    
+			 &escape($crsid).'='.&escape($coursedescrbuf{$crsid}).
+                         ':'.&escape($courseinstcodebuf{$crsid}).':'.&escape($courseownerbuf{$crsid});
+        }
     }
 #
 # Write course id database (reverse lookup) to homeserver of courses 
@@ -1460,6 +1461,10 @@ sub courselog {
        $ENV{'course.'.$ENV{'request.course.id'}.'.home'};
     $coursedescrbuf{$ENV{'request.course.id'}}=
        $ENV{'course.'.$ENV{'request.course.id'}.'.description'};
+    $courseinstcodebuf{$ENV{'request.course.id'}}=
+       $ENV{'course.'.$ENV{'request.course.id'}.'.internal.coursecode'};
+    $courseownerbuf{$ENV{'request.course.id'}}=
+       $ENV{'course.'.$ENV{'request.course.id'}.'.internal.courseowner'};
     if (defined $courselogs{$ENV{'request.course.id'}}) {
 	$courselogs{$ENV{'request.course.id'}}.='&'.$what;
     } else {
@@ -1476,11 +1481,23 @@ sub courseacclog {
     my $what=$fnsymb.':'.$ENV{'user.name'}.':'.$ENV{'user.domain'};
     if ($fnsymb=~/(problem|exam|quiz|assess|survey|form|page)$/) {
         $what.=':POST';
+        # FIXME: Probably ought to escape things....
 	foreach (keys %ENV) {
             if ($_=~/^form\.(.*)/) {
 		$what.=':'.$1.'='.$ENV{$_};
             }
         }
+    } elsif ($fnsymb =~ m:^/adm/searchcat:) {
+        # FIXME: We should not be depending on a form parameter that someone
+        # editing lonsearchcat.pm might change in the future.
+        if ($ENV{'form.phase'} eq 'course_search') {
+            $what.= ':POST';
+            # FIXME: Probably ought to escape things....
+            foreach my $element ('courseexp','crsfulltext','crsrelated',
+                                 'crsdiscuss') {
+                $what.=':'.$element.'='.$ENV{'form.'.$element};
+            }
+        }
     }
     &courselog($what);
 }
@@ -1532,6 +1549,7 @@ sub get_course_adv_roles {
         if (($tend) && ($tend<$now)) { next; }
         if (($tstart) && ($now<$tstart)) { next; }
         my ($role,$username,$domain,$section)=split(/\:/,$_);
+	if ($username eq '' || $domain eq '') { next; }
 	if ((&privileged($username,$domain)) && 
 	    (!$nothide{$username.':'.$domain})) { next; }
         my $key=&plaintext($role);
@@ -1584,7 +1602,7 @@ sub getannounce {
 	if ($announcement=~/\w/) { 
 	    return 
    '<table bgcolor="#FF5555" cellpadding="5" cellspacing="3">'.
-   '<tr><td bgcolor="#FFFFFF"><pre>'.$announcement.'</pre></td></tr></table>'; 
+   '<tr><td bgcolor="#FFFFFF"><tt>'.$announcement.'</tt></td></tr></table>'; 
 	} else {
 	    return '';
 	}
@@ -1603,21 +1621,23 @@ sub courseidput {
 }
 
 sub courseiddump {
-    my ($domfilter,$descfilter,$sincefilter)=@_;
+    my ($domfilter,$descfilter,$sincefilter,$instcodefilter,$ownerfilter,$hostidflag,$hostidref)=@_;
     my %returnhash=();
     unless ($domfilter) { $domfilter=''; }
     foreach my $tryserver (keys %libserv) {
-	if ((!$domfilter) || ($hostdom{$tryserver} eq $domfilter)) {
-	    foreach (
-             split(/\&/,&reply('courseiddump:'.$hostdom{$tryserver}.':'.
-			       $sincefilter.':'.&escape($descfilter),
+        if ( ($hostidflag == 1 && grep/^$tryserver$/,@{$hostidref}) || (!defined($hostidflag)) ) {
+	    if ((!$domfilter) || ($hostdom{$tryserver} eq $domfilter)) {
+	        foreach (
+                 split(/\&/,&reply('courseiddump:'.$hostdom{$tryserver}.':'.
+			       $sincefilter.':'.&escape($descfilter).':'.
+                               &escape($instcodefilter).':'.&escape($ownerfilter),
                                $tryserver))) {
-		my ($key,$value)=split(/\=/,$_);
-                if (($key) && ($value)) {
-		    $returnhash{&unescape($key)}=&unescape($value);
+		    my ($key,$value)=split(/\=/,$_);
+                    if (($key) && ($value)) {
+		        $returnhash{&unescape($key)}=$value;
+                    }
                 }
             }
-
         }
     }
     return %returnhash;
@@ -1626,6 +1646,36 @@ sub courseiddump {
 #
 # ----------------------------------------------------------- Check out an item
 
+sub get_first_access {
+    my ($type,$argsymb)=@_;
+    my ($symb,$courseid,$udom,$uname)=&Apache::lonxml::whichuser();
+    if ($argsymb) { $symb=$argsymb; }
+    my ($map,$id,$res)=&decode_symb($symb);
+    if ($type eq 'map') {
+	$res=&symbread($map);
+    } else {
+	$res=$symb;
+    }
+    my %times=&get('firstaccesstimes',["$courseid\0$res"],$udom,$uname);
+    return $times{"$courseid\0$res"};
+}
+
+sub set_first_access {
+    my ($type)=@_;
+    my ($symb,$courseid,$udom,$uname)=&Apache::lonxml::whichuser();
+    my ($map,$id,$res)=&decode_symb($symb);
+    if ($type eq 'map') {
+	$res=&symbread($map);
+    } else {
+	$res=$symb;
+    }
+    my $firstaccess=&get_first_access($type,$symb);
+    if (!$firstaccess) {
+	return &put('firstaccesstimes',{"$courseid\0$res"=>time},$udom,$uname);
+    }
+    return 'already_set';
+}
+
 sub checkout {
     my ($symb,$tuname,$tudom,$tcrsid)=@_;
     my $now=time;
@@ -1679,7 +1729,7 @@ sub checkin {
     my $now=time;
     my ($ta,$tb,$lonhost)=split(/\*/,$token);
     $lonhost=~tr/A-Z/a-z/;
-    my $dtoken=$ta.'_'.$hostip{$lonhost}.'_'.$tb;
+    my $dtoken=$ta.'_'.$hostname{$lonhost}.'_'.$tb;
     $dtoken=~s/\W/\_/g;
     my ($dummy,$tuname,$tudom,$tcrsid,$symb,$chtim,$rmaddr)=
                  split(/\&/,&unescape(&reply('tmpget:'.$dtoken,$lonhost)));
@@ -1738,6 +1788,7 @@ sub devalidate {
         # - the student level sheet of this user in course's homespace
         # - the assessment level sheet for this resource 
         #   for this user in user's homespace
+	# - current conditional state info
 	my $key=$uname.':'.$udom.':';
         my $status=
 	    &del('nohist_calculatedsheets',
@@ -1752,6 +1803,7 @@ sub devalidate {
                     $uname.' at '.$udom.' for '.
 		    $symb.': '.$status);
         }
+	&delenv('user.state.'.$cid);
     }
 }
 
@@ -1804,7 +1856,7 @@ sub hash2str {
 sub hashref2str {
   my ($hashref)=@_;
   my $result='__HASH_REF__';
-  foreach (keys(%$hashref)) {
+  foreach (sort(keys(%$hashref))) {
     if (ref($_) eq 'ARRAY') {
       $result.=&arrayref2str($_).'=';
     } elsif (ref($_) eq 'HASH') {
@@ -1960,9 +2012,11 @@ sub tmpreset {
   $namespace=~s/\//\_/g;
   $namespace=~s/\W//g;
 
-  #FIXME needs to do something for /pub resources
   if (!$domain) { $domain=$ENV{'user.domain'}; }
   if (!$stuname) { $stuname=$ENV{'user.name'}; }
+  if ($domain eq 'public' && $stuname eq 'public') {
+      $stuname=$ENV{'REMOTE_ADDR'};
+  }
   my $path=$perlvar{'lonDaemons'}.'/tmp';
   my %hash;
   if (tie(%hash,'GDBM_File',
@@ -1995,9 +2049,11 @@ sub tmpstore {
   }
   $namespace=~s/\//\_/g;
   $namespace=~s/\W//g;
-#FIXME needs to do something for /pub resources
   if (!$domain) { $domain=$ENV{'user.domain'}; }
   if (!$stuname) { $stuname=$ENV{'user.name'}; }
+  if ($domain eq 'public' && $stuname eq 'public') {
+      $stuname=$ENV{'REMOTE_ADDR'};
+  }
   my $now=time;
   my %hash;
   my $path=$perlvar{'lonDaemons'}.'/tmp';
@@ -2009,7 +2065,7 @@ sub tmpstore {
     my $allkeys=''; 
     foreach my $key (keys(%$storehash)) {
       $allkeys.=$key.':';
-      $hash{"$version:$symb:$key"}=$$storehash{$key};
+      $hash{"$version:$symb:$key"}=&freeze_escape($$storehash{$key});
     }
     $hash{"$version:$symb:timestamp"}=$now;
     $allkeys.='timestamp';
@@ -2036,10 +2092,12 @@ sub tmprestore {
   $symb=escape($symb);
 
   if (!$namespace) { $namespace=$ENV{'request.state'}; }
-  #FIXME needs to do something for /pub resources
+
   if (!$domain) { $domain=$ENV{'user.domain'}; }
   if (!$stuname) { $stuname=$ENV{'user.name'}; }
-
+  if ($domain eq 'public' && $stuname eq 'public') {
+      $stuname=$ENV{'REMOTE_ADDR'};
+  }
   my %returnhash;
   $namespace=~s/\//\_/g;
   $namespace=~s/\W//g;
@@ -2057,8 +2115,8 @@ sub tmprestore {
       my $key;
       $returnhash{"$scope:keys"}=$vkeys;
       foreach $key (@keys) {
-	$returnhash{"$scope:$key"}=$hash{"$scope:$symb:$key"};
-	$returnhash{"$key"}=$hash{"$scope:$symb:$key"};
+	$returnhash{"$scope:$key"}=&thaw_unescape($hash{"$scope:$symb:$key"});
+	$returnhash{"$key"}=&thaw_unescape($hash{"$scope:$symb:$key"});
       }
     }
     if (!(untie(%hash))) {
@@ -2099,7 +2157,7 @@ sub store {
 
     my $namevalue='';
     foreach (keys %$storehash) {
-        $namevalue.=escape($_).'='.escape($$storehash{$_}).'&';
+        $namevalue.=&escape($_).'='.&freeze_escape($$storehash{$_}).'&';
     }
     $namevalue=~s/\&$//;
     &courselog($symb.':'.$stuname.':'.$domain.':STORE:'.$namevalue);
@@ -2135,7 +2193,7 @@ sub cstore {
 
     my $namevalue='';
     foreach (keys %$storehash) {
-        $namevalue.=escape($_).'='.escape($$storehash{$_}).'&';
+        $namevalue.=&escape($_).'='.&freeze_escape($$storehash{$_}).'&';
     }
     $namevalue=~s/\&$//;
     &courselog($symb.':'.$stuname.':'.$domain.':CSTORE:'.$namevalue);
@@ -2169,7 +2227,7 @@ sub restore {
     my %returnhash=();
     foreach (split(/\&/,$answer)) {
 	my ($name,$value)=split(/\=/,$_);
-        $returnhash{&unescape($name)}=&unescape($value);
+        $returnhash{&unescape($name)}=&thaw_unescape($value);
     }
     my $version;
     for ($version=1;$version<=$returnhash{'version'};$version++) {
@@ -2225,7 +2283,7 @@ sub privileged {
     my $now=time;
     if ($rolesdump ne '') {
         foreach (split(/&/,$rolesdump)) {
-	    if ($_!~/^rolesdef\&/) {
+	    if ($_!~/^rolesdef_/) {
 		my ($area,$role)=split(/=/,$_);
 		$area=~s/\_\w\w$//;
 		my ($trole,$tend,$tstart)=split(/_/,$role);
@@ -2252,105 +2310,37 @@ sub rolesinit {
     my $rolesdump=reply("dump:$domain:$username:roles",$authhost);
     if (($rolesdump eq 'con_lost') || ($rolesdump eq '')) { return ''; }
     my %allroles=();
-    my %thesepriv=();
     my $now=time;
     my $userroles="user.login.time=$now\n";
-    my $thesestr;
 
     if ($rolesdump ne '') {
         foreach (split(/&/,$rolesdump)) {
-	  if ($_!~/^rolesdef\&/) {
+	  if ($_!~/^rolesdef_/) {
             my ($area,$role)=split(/=/,$_);
-            $area=~s/\_\w\w$//;
-            my ($trole,$tend,$tstart)=split(/_/,$role);
-            $userroles.='user.role.'.$trole.'.'.$area.'='.
-                        $tstart.'.'.$tend."\n";
-# log the associated role with the area
-            &userrolelog($trole,$username,$domain,$area,$tstart,$tend);
-            if ($tend!=0) {
-	        if ($tend<$now) {
-	            $trole='';
-                } 
-            }
-            if ($tstart!=0) {
-                if ($tstart>$now) {
-                   $trole='';        
-                }
-            }
+	    $area=~s/\_\w\w$//;
+	    
+            my ($trole,$tend,$tstart);
+	    if ($role=~/^cr/) { 
+		($trole,my $trest)=($role=~m|^(cr/\w+/\w+/[a-zA-Z0-9]+)_(.*)$|);
+		($tend,$tstart)=split('_',$trest);
+	    } else {
+		($trole,$tend,$tstart)=split(/_/,$role);
+	    }
+            $userroles.=&set_arearole($trole,$area,$tstart,$tend,$domain,$username);
+            if (($tend!=0) && ($tend<$now)) { $trole=''; }
+            if (($tstart!=0) && ($tstart>$now)) { $trole=''; }
             if (($area ne '') && ($trole ne '')) {
 		my $spec=$trole.'.'.$area;
 		my ($tdummy,$tdomain,$trest)=split(/\//,$area);
 		if ($trole =~ /^cr\//) {
-		    my ($rdummy,$rdomain,$rauthor,$rrole)=split(/\//,$trole);
- 		    my $homsvr=homeserver($rauthor,$rdomain);
-		    if ($hostname{$homsvr} ne '') {
-			my ($rdummy,$roledef)=
-			   &get('roles',["rolesdef_$rrole"],$rdomain,$rauthor);
-				
-			if (($rdummy ne 'con_lost') && ($roledef ne '')) {
-			    my ($syspriv,$dompriv,$coursepriv)=
-				split(/\_/,$roledef);
-			    if (defined($syspriv)) {
-				$allroles{'cm./'}.=':'.$syspriv;
-				$allroles{$spec.'./'}.=':'.$syspriv;
-			    }
-			    if ($tdomain ne '') {
-				if (defined($dompriv)) {
-				    $allroles{'cm./'.$tdomain.'/'}.=':'.$dompriv;
-				    $allroles{$spec.'./'.$tdomain.'/'}.=':'.$dompriv;
-				}
-				if ($trest ne '') {
-				    if (defined($coursepriv)) {
-					$allroles{'cm.'.$area}.=':'.$coursepriv;
-					$allroles{$spec.'.'.$area}.=':'.$coursepriv;
-				    }
-				}
-			    }
-			}
-		    }
+                    &custom_roleprivs(\%allroles,$trole,$tdomain,$trest,$spec,$area);
 		} else {
-		    if (defined($pr{$trole.':s'})) {
-			$allroles{'cm./'}.=':'.$pr{$trole.':s'};
-			$allroles{$spec.'./'}.=':'.$pr{$trole.':s'};
-		    }
-		    if ($tdomain ne '') {
-			if (defined($pr{$trole.':d'})) {
-			    $allroles{'cm./'.$tdomain.'/'}.=':'.$pr{$trole.':d'};
-			    $allroles{$spec.'./'.$tdomain.'/'}.=':'.$pr{$trole.':d'};
-			}
-			if ($trest ne '') {
-			    if (defined($pr{$trole.':c'})) {
-				$allroles{'cm.'.$area}.=':'.$pr{$trole.':c'};
-				$allroles{$spec.'.'.$area}.=':'.$pr{$trole.':c'};
-			    }
-			}
-		    }
+                    &standard_roleprivs(\%allroles,$trole,$tdomain,$spec,$trest,$area);
 		}
             }
           } 
         }
-        my $adv=0;
-        my $author=0;
-        foreach (keys %allroles) {
-            %thesepriv=();
-            if (($_!~/^st/) && ($_!~/^ta/) && ($_!~/^cm/)) { $adv=1; }
-            if (($_=~/^au/) || ($_=~/^ca/)) { $author=1; }
-            foreach (split(/:/,$allroles{$_})) {
-                if ($_ ne '') {
-		    my ($privilege,$restrictions)=split(/&/,$_);
-                    if ($restrictions eq '') {
-			$thesepriv{$privilege}='F';
-                    } else {
-                        if ($thesepriv{$privilege} ne 'F') {
-			    $thesepriv{$privilege}.=$restrictions;
-                        }
-                    }
-                }
-            }
-            $thesestr='';
-            foreach (keys %thesepriv) { $thesestr.=':'.$_.'&'.$thesepriv{$_}; }
-            $userroles.='user.priv.'.$_.'='.$thesestr."\n";
-        }
+        my ($author,$adv) = &set_userprivs(\$userroles,\%allroles);
         $userroles.='user.adv='.$adv."\n".
 	            'user.author='.$author."\n";
         $ENV{'user.adv'}=$adv;
@@ -2358,6 +2348,84 @@ sub rolesinit {
     return $userroles;  
 }
 
+sub set_arearole {
+    my ($trole,$area,$tstart,$tend,$domain,$username) = @_;
+# log the associated role with the area
+    &userrolelog($trole,$username,$domain,$area,$tstart,$tend);
+    return 'user.role.'.$trole.'.'.$area.'='.$tstart.'.'.$tend."\n";
+}
+
+sub custom_roleprivs {
+    my ($allroles,$trole,$tdomain,$trest,$spec,$area) = @_;
+    my ($rdummy,$rdomain,$rauthor,$rrole)=split(/\//,$trole);
+    my $homsvr=homeserver($rauthor,$rdomain);
+    if ($hostname{$homsvr} ne '') {
+        my ($rdummy,$roledef)=
+            &get('roles',["rolesdef_$rrole"],$rdomain,$rauthor);
+        if (($rdummy ne 'con_lost') && ($roledef ne '')) {
+            my ($syspriv,$dompriv,$coursepriv)=split(/\_/,$roledef);
+            if (defined($syspriv)) {
+                $$allroles{'cm./'}.=':'.$syspriv;
+                $$allroles{$spec.'./'}.=':'.$syspriv;
+            }
+            if ($tdomain ne '') {
+                if (defined($dompriv)) {
+                    $$allroles{'cm./'.$tdomain.'/'}.=':'.$dompriv;
+                    $$allroles{$spec.'./'.$tdomain.'/'}.=':'.$dompriv;
+                }
+                if (($trest ne '') && (defined($coursepriv))) {
+                    $$allroles{'cm.'.$area}.=':'.$coursepriv;
+                    $$allroles{$spec.'.'.$area}.=':'.$coursepriv;
+                }
+            }
+        }
+    }
+}
+
+
+sub standard_roleprivs {
+    my ($allroles,$trole,$tdomain,$spec,$trest,$area) = @_;
+    if (defined($pr{$trole.':s'})) {
+        $$allroles{'cm./'}.=':'.$pr{$trole.':s'};
+        $$allroles{$spec.'./'}.=':'.$pr{$trole.':s'};
+    }
+    if ($tdomain ne '') {
+        if (defined($pr{$trole.':d'})) {
+            $$allroles{'cm./'.$tdomain.'/'}.=':'.$pr{$trole.':d'};
+            $$allroles{$spec.'./'.$tdomain.'/'}.=':'.$pr{$trole.':d'};
+        }
+        if (($trest ne '') && (defined($pr{$trole.':c'}))) {
+            $$allroles{'cm.'.$area}.=':'.$pr{$trole.':c'};
+            $$allroles{$spec.'.'.$area}.=':'.$pr{$trole.':c'};
+        }
+    }
+}
+
+sub set_userprivs {
+    my ($userroles,$allroles) = @_; 
+    my $author=0;
+    my $adv=0;
+    foreach (keys %{$allroles}) {
+        my %thesepriv=();
+        if (($_=~/^au/) || ($_=~/^ca/)) { $author=1; }
+        foreach (split(/:/,$$allroles{$_})) {
+            if ($_ ne '') {
+                my ($privilege,$restrictions)=split(/&/,$_);
+                if ($restrictions eq '') {
+                    $thesepriv{$privilege}='F';
+                } elsif ($thesepriv{$privilege} ne 'F') {
+                    $thesepriv{$privilege}.=$restrictions;
+                }
+                if ($thesepriv{'adv'} eq 'F') { $adv=1; }
+            }
+        }
+        my $thesestr='';
+        foreach (keys %thesepriv) { $thesestr.=':'.$_.'&'.$thesepriv{$_}; }
+        $$userroles.='user.priv.'.$_.'='.$thesestr."\n";
+    }
+    return ($author,$adv);
+}
+
 # --------------------------------------------------------------- get interface
 
 sub get {
@@ -2379,7 +2447,7 @@ sub get {
    my %returnhash=();
    my $i=0;
    foreach (@$storearr) {
-      $returnhash{$_}=unescape($pairs[$i]);
+      $returnhash{$_}=&thaw_unescape($pairs[$i]);
       $i++;
    }
    return %returnhash;
@@ -2418,7 +2486,7 @@ sub dump {
    my %returnhash=();
    foreach (@pairs) {
       my ($key,$value)=split(/=/,$_);
-      $returnhash{unescape($key)}=unescape($value);
+      $returnhash{unescape($key)}=&thaw_unescape($value);
    }
    return %returnhash;
 }
@@ -2464,7 +2532,7 @@ sub currentdump {
            my ($key,$value)=split(/=/,$_);
            my ($symb,$param) = split(/:/,$key);
            $returnhash{&unescape($symb)}->{&unescape($param)} = 
-                                                          &unescape($value);
+                                                        &thaw_unescape($value);
        }
    }
    return %returnhash;
@@ -2530,7 +2598,31 @@ sub put {
    my $uhome=&homeserver($uname,$udomain);
    my $items='';
    foreach (keys %$storehash) {
-       $items.=&escape($_).'='.&escape($$storehash{$_}).'&';
+       $items.=&escape($_).'='.&freeze_escape($$storehash{$_}).'&';
+   }
+   $items=~s/\&$//;
+   return &reply("put:$udomain:$uname:$namespace:$items",$uhome);
+}
+
+# ---------------------------------------------------------- putstore interface
+                                                                                     
+sub putstore {
+   my ($namespace,$storehash,$udomain,$uname)=@_;
+   if (!$udomain) { $udomain=$ENV{'user.domain'}; }
+   if (!$uname) { $uname=$ENV{'user.name'}; }
+   my $uhome=&homeserver($uname,$udomain);
+   my $items='';
+   my %allitems = ();
+   foreach (keys %$storehash) {
+       if ($_ =~ m/^([^\:]+):([^\:]+):([^\:]+)$/) {
+           my $key = $1.':keys:'.$2;
+           $allitems{$key} .= $3.':';
+       }
+       $items.=$_.'='.&freeze_escape($$storehash{$_}).'&';
+   }
+   foreach (keys %allitems) {
+       $allitems{$_} =~ s/\:$//;
+       $items.= $_.'='.$allitems{$_}.'&';
    }
    $items=~s/\&$//;
    return &reply("put:$udomain:$uname:$namespace:$items",$uhome);
@@ -2545,7 +2637,7 @@ sub cput {
    my $uhome=&homeserver($uname,$udomain);
    my $items='';
    foreach (keys %$storehash) {
-       $items.=escape($_).'='.escape($$storehash{$_}).'&';
+       $items.=escape($_).'='.&freeze_escape($$storehash{$_}).'&';
    }
    $items=~s/\&$//;
    return &critical("put:$udomain:$uname:$namespace:$items",$uhome);
@@ -2568,7 +2660,7 @@ sub eget {
    my %returnhash=();
    my $i=0;
    foreach (@$storearr) {
-      $returnhash{$_}=unescape($pairs[$i]);
+      $returnhash{$_}=&thaw_unescape($pairs[$i]);
       $i++;
    }
    return %returnhash;
@@ -2611,18 +2703,27 @@ sub customaccess {
 # ------------------------------------------------- Check for a user privilege
 
 sub allowed {
-    my ($priv,$uri)=@_;
+    my ($priv,$uri,$symb)=@_;
     $uri=&deversion($uri);
     my $orguri=$uri;
     $uri=&declutter($uri);
-
+    
+    
+    
     if (defined($ENV{'allowed.'.$priv})) { return $ENV{'allowed.'.$priv}; }
 # Free bre access to adm and meta resources
-
-    if ((($uri=~/^adm\//) || ($uri=~/\.meta$/)) && ($priv eq 'bre')) {
+    if (((($uri=~/^adm\//) && ($uri !~ m|/bulletinboard$|)) 
+	 || ($uri=~/\.meta$/)) && ($priv eq 'bre')) {
 	return 'F';
     }
 
+# Free bre access to user's own portfolio contents
+    my ($space,$domain,$name,$dir)=split('/',$uri);
+    if (($space=~/^(uploaded|ediupload)$/) && ($ENV{'user.name'} eq $name) && 
+	($ENV{'user.domain'} eq $domain) && ('portfolio' eq $dir)) {
+        return 'F';
+    }
+
 # Free bre to public access
 
     if ($priv eq 'bre') {
@@ -2687,11 +2788,16 @@ sub allowed {
     }
 
 # URI is an uploaded document for this course
-
-    if (($priv eq 'bre') && 
-        ($uri=~/^uploaded\/$ENV{'course.'.$ENV{'request.course.id'}.'.domain'}\/$ENV{'course.'.$ENV{'request.course.id'}.'.num'}/)) {
-        return 'F';
+# not allowing 'edit' access (editupload) to uploaded course docs
+    if (($priv eq 'bre') && ($uri=~m|^uploaded/|)) {
+	my $refuri=$ENV{'httpref.'.$orguri};
+	if ($refuri) {
+	    if ($refuri =~ m|^/adm/|) {
+		$thisallowed='F';
+	    }
+	}
     }
+
 # Full access at system, domain or course-wide level? Exit.
 
     if ($thisallowed=~/F/) {
@@ -2878,7 +2984,7 @@ sub allowed {
 
    if ($thisallowed=~/X/) {
       if ($ENV{'acc.randomout'}) {
-         my $symb=&symbread($uri,1);
+	 if (!$symb) { $symb=&symbread($uri,1); }
          if (($symb) && ($ENV{'acc.randomout'}=~/\&\Q$symb\E\&/)) { 
             return ''; 
          }
@@ -3014,6 +3120,75 @@ sub log_query {
     return get_query_reply($queryid);
 }
 
+# ------- Request retrieval of institutional classlists for course(s)
+
+sub fetch_enrollment_query {
+    my ($context,$affiliatesref,$replyref,$dom,$cnum) = @_;
+    my $homeserver;
+    my $maxtries = 1;
+    if ($context eq 'automated') {
+        $homeserver = $perlvar{'lonHostID'};
+        $maxtries = 10; # will wait for up to 2000s for retrieval of classlist data before timeout
+    } else {
+        $homeserver = &homeserver($cnum,$dom);
+    }
+    my $host=$hostname{$homeserver};
+    my $cmd = '';
+    foreach (keys %{$affiliatesref}) {
+        $cmd .= $_.'='.join(",",@{$$affiliatesref{$_}}).'%%';
+    }
+    $cmd =~ s/%%$//;
+    $cmd = &escape($cmd);
+    my $query = 'fetchenrollment';
+    my $queryid=&reply("querysend:".$query.':'.$dom.':'.$ENV{'user.name'}.':'.$cmd,$homeserver);
+    unless ($queryid=~/^\Q$host\E\_/) { 
+        &logthis('fetch_enrollment_query: invalid queryid: '.$queryid.' for host: '.$host.' and homeserver: '.$homeserver.' context: '.$context.' '.$cnum); 
+        return 'error: '.$queryid;
+    }
+    my $reply = &get_query_reply($queryid);
+    my $tries = 1;
+    while (($reply=~/^timeout/) && ($tries < $maxtries)) {
+        $reply = &get_query_reply($queryid);
+        $tries ++;
+    }
+    if ( ($reply =~/^timeout/) || ($reply =~/^error/) ) {
+        &logthis('fetch_enrollment_query error: '.$reply.' for '.$dom.' '.$ENV{'user.name'}.' for '.$queryid.' context: '.$context.' '.$cnum.' maxtries: '.$maxtries.' tries: '.$tries);
+    } else {
+        my @responses = split/:/,$reply;
+        if ($homeserver eq $perlvar{'lonHostID'}) {
+            foreach (@responses) {
+                my ($key,$value) = split/=/,$_;
+                $$replyref{$key} = $value;
+            }
+        } else {
+            my $pathname = $perlvar{'lonDaemons'}.'/tmp';
+            foreach (@responses) {
+                my ($key,$value) = split/=/,$_;
+                $$replyref{$key} = $value;
+                if ($value > 0) {
+                    foreach (@{$$affiliatesref{$key}}) {
+                        my $filename = $dom.'_'.$key.'_'.$_.'_classlist.xml';
+                        my $destname = $pathname.'/'.$filename;
+                        my $xml_classlist = &reply("autoretrieve:".$filename,$homeserver);
+                        if ($xml_classlist =~ /^error/) {
+                            &logthis('fetch_enrollment_query - autoretrieve error: '.$xml_classlist.' for '.$filename.' from server: '.$homeserver.' '.$context.' '.$cnum);
+                        } else {
+                            if ( open(FILE,">$destname") ) {
+                                print FILE &unescape($xml_classlist);
+                                close(FILE);
+                            } else {
+                                &logthis('fetch_enrollment_query - error opening classlist file '.$destname.' '.$context.' '.$cnum);
+                            }
+                        }
+                    }
+                }
+            }
+        }
+        return 'ok';
+    }
+    return 'error';
+}
+
 sub get_query_reply {
     my $queryid=shift;
     my $replyfile=$perlvar{'lonDaemons'}.'/tmp/'.$queryid;
@@ -3058,6 +3233,87 @@ sub userlog_query {
     return &log_query($uname,$udom,'userlog',%filters);
 }
 
+#--------- Call auto-enrollment subs in localenroll.pm for homeserver for course 
+
+sub auto_run {
+    my ($cnum,$cdom) = @_;
+    my $homeserver = &homeserver($cnum,$cdom);
+    my $response = &reply('autorun:'.$cdom,$homeserver);
+    return $response;
+}
+                                                                                   
+sub auto_get_sections {
+    my ($cnum,$cdom,$inst_coursecode) = @_;
+    my $homeserver = &homeserver($cnum,$cdom);
+    my @secs = ();
+    my $response=&unescape(&reply('autogetsections:'.$inst_coursecode.':'.$cdom,$homeserver));
+    unless ($response eq 'refused') {
+        @secs = split/:/,$response;
+    }
+    return @secs;
+}
+                                                                                   
+sub auto_new_course {
+    my ($cnum,$cdom,$inst_course_id,$owner) = @_;
+    my $homeserver = &homeserver($cnum,$cdom);
+    my $response=&unescape(&reply('autonewcourse:'.$inst_course_id.':'.$owner.':'.$cdom,$homeserver));
+    return $response;
+}
+                                                                                   
+sub auto_validate_courseID {
+    my ($cnum,$cdom,$inst_course_id) = @_;
+    my $homeserver = &homeserver($cnum,$cdom);
+    my $response=&unescape(&reply('autovalidatecourse:'.$inst_course_id.':'.$cdom,$homeserver));
+    return $response;
+}
+                                                                                   
+sub auto_create_password {
+    my ($cnum,$cdom,$authparam) = @_;
+    my $homeserver = &homeserver($cnum,$cdom); 
+    my $create_passwd = 0;
+    my $authchk = '';
+    my $response=&unescape(&reply('autocreatepassword:'.$authparam.':'.$cdom,$homeserver));
+    if ($response eq 'refused') {
+        $authchk = 'refused';
+    } else {
+        ($authparam,$create_passwd,$authchk) = split/:/,$response;
+    }
+    return ($authparam,$create_passwd,$authchk);
+}
+
+sub auto_instcode_format {
+    my ($caller,$codedom,$instcodes,$codes,$codetitles,$cat_titles,$cat_order) = @_;
+    my $courses = '';
+    my $homeserver;
+    if ($caller eq 'global') {
+        foreach my $tryserver (keys %libserv) {
+            if ($hostdom{$tryserver} eq $codedom) {
+                $homeserver = $tryserver;
+                last;
+            }
+        }
+        if (($ENV{'user.name'}) && ($ENV{'user.domain'} eq $codedom)) {
+            $homeserver = &homeserver($ENV{'user.name'},$codedom);
+        }
+    } else {
+        $homeserver = &homeserver($caller,$codedom);
+    }
+    foreach (keys %{$instcodes}) {
+        $courses .= &escape($_).'='.&escape($$instcodes{$_}).'&';
+    }
+    chop($courses);
+    my $response=&reply('autoinstcodeformat:'.$codedom.':'.$courses,$homeserver);
+    unless ($response =~ /(con_lost|error|no_such_host|refused)/) {
+        my ($codes_str,$codetitles_str,$cat_titles_str,$cat_order_str) = split/:/,$response;
+        %{$codes} = &str2hash($codes_str);
+        @{$codetitles} = &str2array($codetitles_str);
+        %{$cat_titles} = &str2hash($cat_titles_str);
+        %{$cat_order} = &str2hash($cat_order_str);
+        return 'ok';
+    }
+    return $response;
+}
+
 # ------------------------------------------------------------------ Plain Text
 
 sub plaintext {
@@ -3232,9 +3488,12 @@ sub modifyuser {
     if (defined($middle)) { $names{'middlename'} = $middle; }
     if ($last)   { $names{'lastname'}   = $last; }
     if (defined($gene))   { $names{'generation'} = $gene; }
-    if ($email)  { $names{'notification'} = $email;
-                   $names{'critnotification'} = $email; }
-
+    if ($email) {
+       $email=~s/[^\w\@\.\-\,]//gs;
+       if ($email=~/\@/) { $names{'notification'} = $email;
+			   $names{'critnotification'} = $email;
+			   $names{'permanentemail'} = $email; }
+    }
     my $reply = &put('environment', \%names, $udom,$uname);
     if ($reply ne 'ok') { return 'error: '.$reply; }
     &logthis('Success modifying user '.$udom.', '.$uname.', '.$uid.', '.
@@ -3248,7 +3507,7 @@ sub modifyuser {
 
 sub modifystudent {
     my ($udom,$uname,$uid,$umode,$upass,$first,$middle,$last,$gene,$usec,
-        $end,$start,$forceid,$desiredhome,$email,$type,$cid)=@_;
+        $end,$start,$forceid,$desiredhome,$email,$type,$locktype,$cid)=@_;
     if (!$cid) {
 	unless ($cid=$ENV{'request.course.id'}) {
 	    return 'not_in_class';
@@ -3263,13 +3522,12 @@ sub modifystudent {
     # students environment
     $uid = undef if (!$forceid);
     $reply = &modify_student_enrollment($udom,$uname,$uid,$first,$middle,$last,
-					$gene,$usec,$end,$start,$type,$cid);
+					$gene,$usec,$end,$start,$type,$locktype,$cid);
     return $reply;
 }
 
 sub modify_student_enrollment {
-    my ($udom,$uname,$uid,$first,$middle,$last,$gene,$usec,$end,$start,$type,
-	$cid) = @_;
+    my ($udom,$uname,$uid,$first,$middle,$last,$gene,$usec,$end,$start,$type,$locktype,$cid) = @_;
     my ($cdom,$cnum,$chome);
     if (!$cid) {
 	unless ($cid=$ENV{'request.course.id'}) {
@@ -3311,11 +3569,10 @@ sub modify_student_enrollment {
         $gene   = $tmp{'generation'} if (!defined($gene)   || $gene eq '');
         $uid    = $tmp{'id'}         if (!defined($uid)    || $uid  eq '');
     }
-    my $fullname = &Apache::loncoursedata::ProcessFullName($last,$gene,
-                                                           $first,$middle);
+    my $fullname = &format_name($first,$middle,$last,$gene,'lastname');
     my $reply=cput('classlist',
 		   {"$uname:$udom" => 
-			join(':',$end,$start,$uid,$usec,$fullname,$type) },
+			join(':',$end,$start,$uid,$usec,$fullname,$type,$locktype) },
 		   $cdom,$cnum);
     unless (($reply eq 'ok') || ($reply eq 'delayed')) {
 	return 'error: '.$reply;
@@ -3329,6 +3586,25 @@ sub modify_student_enrollment {
     return &assignrole($udom,$uname,$uurl,'st',$end,$start);
 }
 
+sub format_name {
+    my ($firstname,$middlename,$lastname,$generation,$first)=@_;
+    my $name;
+    if ($first ne 'lastname') {
+	$name=$firstname.' '.$middlename.' '.$lastname.' '.$generation;
+    } else {
+	if ($lastname=~/\S/) {
+	    $name.= $lastname.' '.$generation.', '.$firstname.' '.$middlename;
+	    $name=~s/\s+,/,/;
+	} else {
+	    $name.= $firstname.' '.$middlename.' '.$generation;
+	}
+    }
+    $name=~s/^\s+//;
+    $name=~s/\s+$//;
+    $name=~s/\s+/ /g;
+    return $name;
+}
+
 # ------------------------------------------------- Write to course preferences
 
 sub writecoursepref {
@@ -3351,7 +3627,7 @@ sub writecoursepref {
 # ---------------------------------------------------------- Make/modify course
 
 sub createcourse {
-    my ($udom,$description,$url,$course_server,$nonstandard)=@_;
+    my ($udom,$description,$url,$course_server,$nonstandard,$inst_code,$course_owner)=@_;
     $url=&declutter($url);
     my $cid='';
     unless (&allowed('ccc',$udom)) {
@@ -3384,9 +3660,9 @@ sub createcourse {
 	return 'error: no such course';
     }
 # ----------------------------------------------------------------- Course made
-# log existance
-    &courseidput($udom,&escape($udom.'_'.$uname).'='.&escape($description),
-                 $uhome);
+# log existence
+    &courseidput($udom,&escape($udom.'_'.$uname).'='.&escape($description).
+                 ':'.&escape($inst_code).':'.&escape($course_owner),$uhome);
     &flushcourselogs();
 # set toplevel url
     my $topurl=$url;
@@ -3439,6 +3715,193 @@ sub revokecustomrole {
            $deleteflag);
 }
 
+# ------------------------------------------------------------ Disk usage
+sub diskusage {
+    my ($udom,$uname,$directoryRoot)=@_;
+    $directoryRoot =~ s/\/$//;
+    my $listing=&reply('du:'.$directoryRoot,homeserver($uname,$udom));
+    return $listing;
+}
+
+sub is_locked {
+    my ($file_name, $domain, $user) = @_;
+    my @check;
+    my $is_locked;
+    push @check, $file_name;
+    my %locked = &get('file_permissions',\@check,
+		      $ENV{'user.domain'},$ENV{'user.name'});
+    my ($tmp)=keys(%locked);
+    if ($tmp=~/^error:/) { undef(%locked); }
+
+    if (ref($locked{$file_name}) eq 'ARRAY') {
+        $is_locked = 'true';
+    } else {
+        $is_locked = 'false';
+    }
+}
+
+# ------------------------------------------------------------- Mark as Read Only
+
+sub mark_as_readonly {
+    my ($domain,$user,$files,$what) = @_;
+    my %current_permissions = &dump('file_permissions',$domain,$user);
+    my ($tmp)=keys(%current_permissions);
+    if ($tmp=~/^error:/) { undef(%current_permissions); }
+
+    foreach my $file (@{$files}) {
+        push(@{$current_permissions{$file}},$what);
+    }
+    &put('file_permissions',\%current_permissions,$domain,$user);
+    return;
+}
+
+# ------------------------------------------------------------Save Selected Files
+
+sub save_selected_files {
+    my ($user, $path, @files) = @_;
+    my $filename = $user."savedfiles";
+    my @other_files = &files_not_in_path($user, $path);
+    open (OUT, '>'.$Apache::lonnet::perlvar{'lonDaemons'}.'/tmp/'.$filename);
+    foreach my $file (@files) {
+        print (OUT $ENV{'form.currentpath'}.$file."\n");
+    }
+    foreach my $file (@other_files) {
+        print (OUT $file."\n");
+    }
+    close (OUT);
+    return 'ok';
+}
+
+sub clear_selected_files {
+    my ($user) = @_;
+    my $filename = $user."savedfiles";
+    open (OUT, '>'.$Apache::lonnet::perlvar{'lonDaemons'}.'/tmp/'.$filename);
+    print (OUT undef);
+    close (OUT);
+    return ("ok");    
+}
+
+sub files_in_path {
+    my ($user, $path) = @_;
+    my $filename = $user."savedfiles";
+    my %return_files;
+    open (IN, '<'.$Apache::lonnet::perlvar{'lonDaemons'}.'/tmp/'.$filename);
+    while (my $line_in = <IN>) {
+        chomp ($line_in);
+        my @paths_and_file = split (m!/!, $line_in);
+        my $file_part = pop (@paths_and_file);
+        my $path_part = join ('/', @paths_and_file);
+        $path_part.='/';
+        my $path_and_file = $path_part.$file_part;
+        if ($path_part eq $path) {
+            $return_files{$file_part}= 'selected';
+        }
+    }
+    close (IN);
+    return (\%return_files);
+}
+
+# called in portfolio select mode, to show files selected NOT in current directory
+sub files_not_in_path {
+    my ($user, $path) = @_;
+    my $filename = $user."savedfiles";
+    my @return_files;
+    my $path_part;
+    open (IN, '<'.$Apache::lonnet::perlvar{'lonDaemons'}.'/tmp/'.$filename);
+    while (<IN>) {
+        #ok, I know it's clunky, but I want it to work
+        my @paths_and_file = split m!/!, $_;
+        my $file_part = pop (@paths_and_file);
+        chomp ($file_part);
+        my $path_part = join ('/', @paths_and_file);
+        $path_part .= '/';
+        my $path_and_file = $path_part.$file_part;
+        if ($path_part ne $path) {
+            push (@return_files, ($path_and_file));
+        }
+    }
+    close (OUT);
+    return (@return_files);
+}
+
+#--------------------------------------------------------------Get Marked as Read Only
+
+sub get_marked_as_readonly {
+    my ($domain,$user,$what) = @_;
+    my %current_permissions = &dump('file_permissions',$domain,$user);
+    my ($tmp)=keys(%current_permissions);
+    if ($tmp=~/^error:/) { undef(%current_permissions); }
+
+    my @readonly_files;
+    while (my ($file_name,$value) = each(%current_permissions)) {
+        if (ref($value) eq "ARRAY"){
+            foreach my $stored_what (@{$value}) {
+                if ($stored_what eq $what) {
+                    push(@readonly_files, $file_name);
+                } elsif (!defined($what)) {
+                    push(@readonly_files, $file_name);
+                }
+            }
+        } 
+    }
+    return @readonly_files;
+}
+#-----------------------------------------------------------Get Marked as Read Only Hash
+
+sub get_marked_as_readonly_hash {
+    my ($domain,$user,$what) = @_;
+    my %current_permissions = &dump('file_permissions',$domain,$user);
+    my ($tmp)=keys(%current_permissions);
+    if ($tmp=~/^error:/) { undef(%current_permissions); }
+
+    my %readonly_files;
+    while (my ($file_name,$value) = each(%current_permissions)) {
+        if (ref($value) eq "ARRAY"){
+            foreach my $stored_what (@{$value}) {
+                if ($stored_what eq $what) {
+                    $readonly_files{$file_name} = 'locked';
+                } elsif (!defined($what)) {
+                    $readonly_files{$file_name} = 'locked';
+                }
+            }
+        } 
+    }
+    return %readonly_files;
+}
+# ------------------------------------------------------------ Unmark as Read Only
+
+sub unmark_as_readonly {
+    # unmarks all files locked by $what 
+    # for portfolio submissions, $what contains $crsid and $symb
+    my ($domain,$user,$what) = @_;
+    my %current_permissions = &dump('file_permissions',$domain,$user);
+    my ($tmp)=keys(%current_permissions);
+    if ($tmp=~/^error:/) { undef(%current_permissions); }
+
+    my @readonly_files = &get_marked_as_readonly($domain,$user,$what);
+    foreach my $file(@readonly_files){
+        my $current_locks = $current_permissions{$file};
+        my @new_locks;
+        my @del_keys;
+        if (ref($current_locks) eq "ARRAY"){
+            foreach my $locker (@{$current_locks}) {
+                unless ($locker eq $what) {
+                    push(@new_locks, $what);
+                }
+            }
+            if (@new_locks > 0) {
+                $current_permissions{$file} = \@new_locks;
+            } else {
+                push(@del_keys, $file);
+                &del('file_permissions',\@del_keys, $domain, $user);
+                delete $current_permissions{$file};
+            }
+        }
+    }
+    &put('file_permissions',\%current_permissions,$domain,$user);
+    return;
+}
+
 # ------------------------------------------------------------ Directory lister
 
 sub dirlist {
@@ -3463,19 +3926,37 @@ sub dirlist {
 
     if($udom) {
         if($uname) {
-            my $listing=reply('ls:'.$dirRoot.'/'.$uri,
+            my $listing=reply('ls2:'.$dirRoot.'/'.$uri,
                               homeserver($uname,$udom));
-            return split(/:/,$listing);
+            my @listing_results;
+            if ($listing eq 'unknown_cmd') {
+                $listing=reply('ls:'.$dirRoot.'/'.$uri,
+                               homeserver($uname,$udom));
+                @listing_results = split(/:/,$listing);
+            } else {
+                @listing_results = map { &unescape($_); } split(/:/,$listing);
+            }
+            return @listing_results;
         } elsif(!defined($alternateDirectoryRoot)) {
             my $tryserver;
             my %allusers=();
             foreach $tryserver (keys %libserv) {
                 if($hostdom{$tryserver} eq $udom) {
-                    my $listing=reply('ls:'.$perlvar{'lonDocRoot'}.'/res/'.
+                    my $listing=reply('ls2:'.$perlvar{'lonDocRoot'}.'/res/'.
                                       $udom, $tryserver);
-                    if (($listing ne 'no_such_dir') && ($listing ne 'empty')
-                        && ($listing ne 'con_lost')) {
-                        foreach (split(/:/,$listing)) {
+                    my @listing_results;
+                    if ($listing eq 'unknown_cmd') {
+                        $listing=reply('ls:'.$perlvar{'lonDocRoot'}.'/res/'.
+                                       $udom, $tryserver);
+                        @listing_results = split(/:/,$listing);
+                    } else {
+                        @listing_results =
+                            map { &unescape($_); } split(/:/,$listing);
+                    }
+                    if ($listing_results[0] ne 'no_such_dir' && 
+                        $listing_results[0] ne 'empty'       &&
+                        $listing_results[0] ne 'con_lost') {
+                        foreach (@listing_results) {
                             my ($entry,@stat)=split(/&/,$_);
                             $allusers{$entry}=1;
                         }
@@ -3547,6 +4028,9 @@ sub GetFileTimestamp {
 
 sub directcondval {
     my $number=shift;
+    if (!defined($ENV{'user.state.'.$ENV{'request.course.id'}})) {
+	&Apache::lonuserstate::evalstate();
+    }
     if ($ENV{'user.state.'.$ENV{'request.course.id'}}) {
        return substr($ENV{'user.state.'.$ENV{'request.course.id'}},$number,1);
     } else {
@@ -3600,7 +4084,7 @@ sub condval {
 sub devalidatecourseresdata {
     my ($coursenum,$coursedomain)=@_;
     my $hashid=$coursenum.':'.$coursedomain;
-    &devalidate_cache(\%courseresdatacache,$hashid,'courseres');
+    &devalidate_cache_new('courseres',$hashid);
 }
 
 # --------------------------------------------------- Course Resourcedata Query
@@ -3609,18 +4093,18 @@ sub courseresdata {
     my ($coursenum,$coursedomain,@which)=@_;
     my $coursehom=&homeserver($coursenum,$coursedomain);
     my $hashid=$coursenum.':'.$coursedomain;
-    my ($result,$cached)=&is_cached(\%courseresdatacache,$hashid,'courseres');
+    my ($result,$cached)=&is_cached_new('courseres',$hashid);
     unless (defined($cached)) {
 	my %dumpreply=&dump('resourcedata',$coursedomain,$coursenum);
 	$result=\%dumpreply;
 	my ($tmp) = keys(%dumpreply);
 	if ($tmp !~ /^(con_lost|error|no_such_host)/i) {
-	    &do_cache(\%courseresdatacache,$hashid,$result,'courseres');
+	    &do_cache_new('courseres',$hashid,$result,600);
 	} elsif ($tmp =~ /^(con_lost|no_such_host)/) {
 	    return $tmp;
 	} elsif ($tmp =~ /^(error)/) {
 	    $result=undef;
-	    &do_cache(\%courseresdatacache,$hashid,$result,'courseres');
+	    &do_cache_new('courseres',$hashid,$result,600);
 	}
     }
     foreach my $item (@which) {
@@ -3689,7 +4173,8 @@ sub EXT {
     if ($realm eq 'user') {
 # --------------------------------------------------------------- user.resource
 	if ($space eq 'resource') {
-	    if (defined($Apache::lonhomework::parsing_a_problem)) {
+	    if (defined($Apache::lonhomework::parsing_a_problem) ||
+		defined($Apache::lonhomework::parsing_a_task)) {
 		return $Apache::lonhomework::history{$qualifierrest};
 	    } else {
 		my %restored;
@@ -3772,11 +4257,15 @@ sub EXT {
 
 	my $section;
 	if (defined($courseid) && $courseid eq $ENV{'request.course.id'}) {
+	    if (!$symbparm) { $symbparm=&symbread(); }
+	}
+	my ($courselevelm,$courselevel);
+	if ($symbparm && defined($courseid) && 
+	    $courseid eq $ENV{'request.course.id'}) {
 
 	    #print '<br>'.$space.' - '.$qualifier.' - '.$spacequalifierrest;
 
 # ----------------------------------------------------- Cascading lookup scheme
-	    if (!$symbparm) { $symbparm=&symbread(); }
 	    my $symbp=$symbparm;
 	    my $mapp=(&decode_symb($symbp))[0];
 
@@ -3787,31 +4276,30 @@ sub EXT {
 		($ENV{'user.domain'} eq $udom)) {
 		$section=$ENV{'request.course.sec'};
 	    } else {
-                if (! defined($usection)) {
-                    $section=&usection($udom,$uname,$courseid);
-                } else {
-                    $section = $usection;
-                }
+		if (! defined($usection)) {
+		    $section=&getsection($udom,$uname,$courseid);
+		} else {
+		    $section = $usection;
+		}
 	    }
 
 	    my $seclevel=$courseid.'.['.$section.'].'.$spacequalifierrest;
 	    my $seclevelr=$courseid.'.['.$section.'].'.$symbparm;
 	    my $seclevelm=$courseid.'.['.$section.'].'.$mapparm;
 
-	    my $courselevel=$courseid.'.'.$spacequalifierrest;
+	    $courselevel=$courseid.'.'.$spacequalifierrest;
 	    my $courselevelr=$courseid.'.'.$symbparm;
-	    my $courselevelm=$courseid.'.'.$mapparm;
+	    $courselevelm=$courseid.'.'.$mapparm;
 
 # ----------------------------------------------------------- first, check user
 	    #most student don\'t have any data set, check if there is some data
 	    if (! &EXT_cache_status($udom,$uname)) {
 		my $hashid="$udom:$uname";
-		my ($result,$cached)=&is_cached(\%userresdatacache,$hashid,
-						'userres');
+		my ($result,$cached)=&is_cached_new('userres',$hashid);
 		if (!defined($cached)) {
 		    my %resourcedata=&dump('resourcedata',$udom,$uname);
 		    $result=\%resourcedata;
-		    &do_cache(\%userresdatacache,$hashid,$result,'userres');
+		    &do_cache_new('userres',$hashid,$result);
 		}
 		my ($tmp)=keys(%$result);
 		if (($tmp!~/^error\:/) && ($tmp!~/^con_lost/)) {
@@ -3829,20 +4317,19 @@ sub EXT {
 				 $uname." at ".$udom.": ".
 				 $tmp."</font>");
 		    } elsif ($tmp=~/error: 2 /) {
-                        &EXT_cache_set($udom,$uname);
+			&EXT_cache_set($udom,$uname);
 		    } elsif ($tmp =~ /^(con_lost|no_such_host)/) {
 			return $tmp;
 		    }
 		}
 	    }
 
-# -------------------------------------------------------- second, check course
+# ------------------------------------------------ second, check some of course
 
 	    my $coursereply=&courseresdata($ENV{'course.'.$courseid.'.num'},
-					  $ENV{'course.'.$courseid.'.domain'},
-					  ($seclevelr,$seclevelm,$seclevel,
-					   $courselevelr,$courselevelm,
-					   $courselevel));
+					   $ENV{'course.'.$courseid.'.domain'},
+					   ($seclevelr,$seclevelm,$seclevel,
+					    $courselevelr));
 	    if (defined($coursereply)) { return $coursereply; }
 
 # ------------------------------------------------------ third, check map parms
@@ -3856,7 +4343,7 @@ sub EXT {
 	    }
 	    if ($thisparm) { return $thisparm; }
 	}
-# --------------------------------------------- last, look in resource metadata
+# ------------------------------------------ fourth, look in resource metadata
 
 	$spacequalifierrest=~s/\./\_/;
 	my $filename;
@@ -3871,6 +4358,14 @@ sub EXT {
 	$metadata=&metadata($filename,'parameter_'.$spacequalifierrest);
 	if (defined($metadata)) { return $metadata; }
 
+# ---------------------------------------------- fourth, look in rest pf course
+	if ($symbparm && defined($courseid) && 
+	    $courseid eq $ENV{'request.course.id'}) {
+	    my $coursereply=&courseresdata($ENV{'course.'.$courseid.'.num'},
+					   $ENV{'course.'.$courseid.'.domain'},
+					   ($courselevelm,$courselevel));
+	    if (defined($coursereply)) { return $coursereply; }
+	}
 # ------------------------------------------------------------------ Cascade up
 	unless ($space eq '0') {
 	    my @parts=split(/_/,$space);
@@ -3913,6 +4408,7 @@ sub packages_tab_default {
 	if (defined($packagetab{"$pack_type&$name&default"})) {
 	    return $packagetab{"$pack_type&$name&default"};
 	}
+	if ($pack_type eq 'part') { $pack_part='0'; }
 	if (defined($packagetab{$pack_type."_".$pack_part."&$name&default"})) {
 	    return $packagetab{$pack_type."_".$pack_part."&$name&default"};
 	}
@@ -3938,11 +4434,14 @@ sub add_prefix_and_part {
 
 # ---------------------------------------------------------------- Get metadata
 
+my %metaentry;
 sub metadata {
     my ($uri,$what,$liburi,$prefix,$depthcount)=@_;
     $uri=&declutter($uri);
     # if it is a non metadata possible uri return quickly
-    if (($uri eq '') || (($uri =~ m|^/*adm/|) && ($uri !~ m|^adm/includes|)) ||
+    if (($uri eq '') || 
+	(($uri =~ m|^/*adm/|) && 
+	     ($uri !~ m|^adm/includes|) && ($uri !~ m|/bulletinboard$|)) ||
         ($uri =~ m|/$|) || ($uri =~ m|/.meta$|) || ($uri =~ /^~/) ||
 	($uri =~ m|home/[^/]+/public_html/|)) {
 	return undef;
@@ -3955,27 +4454,30 @@ sub metadata {
 # Everything is cached by the main uri, libraries are never directly cached
 #
     if (!defined($liburi)) {
-	my ($result,$cached)=&is_cached(\%metacache,$uri,'meta');
+	my ($result,$cached)=&is_cached_new('meta',$uri);
 	if (defined($cached)) { return $result->{':'.$what}; }
     }
     {
 #
 # Is this a recursive call for a library?
 #
-	if (! exists($metacache{$uri})) {
-	    $metacache{$uri}={};
-	}
+#	if (! exists($metacache{$uri})) {
+#	    $metacache{$uri}={};
+#	}
         if ($liburi) {
 	    $liburi=&declutter($liburi);
             $filename=$liburi;
         } else {
-	    &devalidate_cache(\%metacache,$uri,'meta');
+	    &devalidate_cache_new('meta',$uri);
+	    undef(%metaentry);
 	}
         my %metathesekeys=();
         unless ($filename=~/\.meta$/) { $filename.='.meta'; }
 	my $metastring;
-	if ($uri !~ m|^uploaded/|) {
-	    $metastring=&getfile(&filelocation('',&clutter($filename)));
+	if ($uri !~ m -^(uploaded|editupload)/-) {
+	    my $file=&filelocation('',&clutter($filename));
+	    #push(@{$metaentry{$uri.'.file'}},$file);
+	    $metastring=&getfile($file);
 	}
         my $parser=HTML::LCParser->new(\$metastring);
         my $token;
@@ -3991,12 +4493,12 @@ sub metadata {
 		    if (defined($token->[2]->{'id'})) { 
 			$keyroot.='_'.$token->[2]->{'id'}; 
 		    }
-		    if ($metacache{$uri}->{':packages'}) {
-			$metacache{$uri}->{':packages'}.=','.$package.$keyroot;
+		    if ($metaentry{':packages'}) {
+			$metaentry{':packages'}.=','.$package.$keyroot;
 		    } else {
-			$metacache{$uri}->{':packages'}=$package.$keyroot;
+			$metaentry{':packages'}=$package.$keyroot;
 		    }
-		    foreach (keys %packagetab) {
+		    foreach (sort keys %packagetab) {
 			my $part=$keyroot;
 			$part=~s/^\_//;
 			if ($_=~/^\Q$package\E\&/ || 
@@ -4016,14 +4518,14 @@ sub metadata {
 			    if ($subp eq 'display') {
 				$value.=' [Part: '.$part.']';
 			    }
-			    $metacache{$uri}->{':'.$unikey.'.part'}=$part;
+			    $metaentry{':'.$unikey.'.part'}=$part;
 			    $metathesekeys{$unikey}=1;
-			    unless (defined($metacache{$uri}->{':'.$unikey.'.'.$subp})) {
-				$metacache{$uri}->{':'.$unikey.'.'.$subp}=$value;
+			    unless (defined($metaentry{':'.$unikey.'.'.$subp})) {
+				$metaentry{':'.$unikey.'.'.$subp}=$value;
 			    }
-			    if (defined($metacache{$uri}->{':'.$unikey.'.default'})) {
-				$metacache{$uri}->{':'.$unikey}=
-				    $metacache{$uri}->{':'.$unikey.'.default'};
+			    if (defined($metaentry{':'.$unikey.'.default'})) {
+				$metaentry{':'.$unikey}=
+				    $metaentry{':'.$unikey.'.default'};
 			    }
 			}
 		    }
@@ -4056,7 +4558,7 @@ sub metadata {
 			    foreach (sort(split(/\,/,&metadata($uri,'keys',
 							       $location,$unikey,
 							       $depthcount+1)))) {
-				$metacache{$uri}->{':'.$_}=$metacache{$uri}->{':'.$_};
+				$metaentry{':'.$_}=$metaentry{':'.$_};
 				$metathesekeys{$_}=1;
 			    }
 			}
@@ -4067,18 +4569,18 @@ sub metadata {
 			}
 			$metathesekeys{$unikey}=1;
 			foreach (@{$token->[3]}) {
-			    $metacache{$uri}->{':'.$unikey.'.'.$_}=$token->[2]->{$_};
+			    $metaentry{':'.$unikey.'.'.$_}=$token->[2]->{$_};
 			}
 			my $internaltext=&HTML::Entities::decode($parser->get_text('/'.$entry));
-			my $default=$metacache{$uri}->{':'.$unikey.'.default'};
+			my $default=$metaentry{':'.$unikey.'.default'};
 			if ( $internaltext =~ /^\s*$/ && $default !~ /^\s*$/) {
 		 # only ws inside the tag, and not in default, so use default
 		 # as value
-			    $metacache{$uri}->{':'.$unikey}=$default;
+			    $metaentry{':'.$unikey}=$default;
 			} else {
 		  # either something interesting inside the tag or default
                   # uninteresting
-			    $metacache{$uri}->{':'.$unikey}=$internaltext;
+			    $metaentry{':'.$unikey}=$internaltext;
 			}
 # end of not-a-package not-a-library import
 		    }
@@ -4095,7 +4597,7 @@ sub metadata {
 	    &metadata_create_package_def($uri,$key,'extension_'.$extension,
 					 \%metathesekeys);
 	}
-	if (!exists($metacache{$uri}->{':packages'})) {
+	if (!exists($metaentry{':packages'})) {
 	    foreach my $key (sort(keys(%packagetab))) {
 		#no specific packages well let's get default then
 		if ($key!~/^default&/) { next; }
@@ -4104,31 +4606,31 @@ sub metadata {
 	    }
 	}
 # are there custom rights to evaluate
-	if ($metacache{$uri}->{':copyright'} eq 'custom') {
+	if ($metaentry{':copyright'} eq 'custom') {
 
     #
     # Importing a rights file here
     #
 	    unless ($depthcount) {
-		my $location=$metacache{$uri}->{':customdistributionfile'};
+		my $location=$metaentry{':customdistributionfile'};
 		my $dir=$filename;
 		$dir=~s|[^/]*$||;
 		$location=&filelocation($dir,$location);
 		foreach (sort(split(/\,/,&metadata($uri,'keys',
 						   $location,'_rights',
 						   $depthcount+1)))) {
-		    $metacache{$uri}->{':'.$_}=$metacache{$uri}->{':'.$_};
+		    #$metaentry{':'.$_}=$metacache{$uri}->{':'.$_};
 		    $metathesekeys{$_}=1;
 		}
 	    }
 	}
-	$metacache{$uri}->{':keys'}=join(',',keys %metathesekeys);
-	&metadata_generate_part0(\%metathesekeys,$metacache{$uri},$uri);
-	$metacache{$uri}->{':allpossiblekeys'}=join(',',keys %metathesekeys);
-	&do_cache(\%metacache,$uri,$metacache{$uri},'meta');
+	$metaentry{':keys'}=join(',',keys %metathesekeys);
+	&metadata_generate_part0(\%metathesekeys,\%metaentry,$uri);
+	$metaentry{':allpossiblekeys'}=join(',',keys %metathesekeys);
+	&do_cache_new('meta',$uri,\%metaentry);
 # this is the end of "was not already recently cached
     }
-    return $metacache{$uri}->{':'.$what};
+    return $metaentry{':'.$what};
 }
 
 sub metadata_create_package_def {
@@ -4136,22 +4638,22 @@ sub metadata_create_package_def {
     my ($pack,$name,$subp)=split(/\&/,$key);
     if ($subp eq 'default') { next; }
     
-    if (defined($metacache{$uri}->{':packages'})) {
-	$metacache{$uri}->{':packages'}.=','.$package;
+    if (defined($metaentry{':packages'})) {
+	$metaentry{':packages'}.=','.$package;
     } else {
-	$metacache{$uri}->{':packages'}=$package;
+	$metaentry{':packages'}=$package;
     }
     my $value=$packagetab{$key};
     my $unikey;
     $unikey='parameter_0_'.$name;
-    $metacache{$uri}->{':'.$unikey.'.part'}=0;
+    $metaentry{':'.$unikey.'.part'}=0;
     $$metathesekeys{$unikey}=1;
-    unless (defined($metacache{$uri}->{':'.$unikey.'.'.$subp})) {
-	$metacache{$uri}->{':'.$unikey.'.'.$subp}=$value;
+    unless (defined($metaentry{':'.$unikey.'.'.$subp})) {
+	$metaentry{':'.$unikey.'.'.$subp}=$value;
     }
-    if (defined($metacache{$uri}->{':'.$unikey.'.default'})) {
-	$metacache{$uri}->{':'.$unikey}=
-	    $metacache{$uri}->{':'.$unikey.'.default'};
+    if (defined($metaentry{':'.$unikey.'.default'})) {
+	$metaentry{':'.$unikey}=
+	    $metaentry{':'.$unikey.'.default'};
     }
 }
 
@@ -4188,29 +4690,48 @@ sub metadata_generate_part0 {
 sub gettitle {
     my $urlsymb=shift;
     my $symb=&symbread($urlsymb);
-    unless ($symb) {
-	unless ($urlsymb) { $urlsymb=$ENV{'request.filename'}; }
-        return &metadata($urlsymb,'title'); 
-    }
-    my ($result,$cached)=&is_cached(\%titlecache,$symb,'title',600);
-    if (defined($cached)) { return $result; }
-    my ($map,$resid,$url)=&decode_symb($symb);
-    my $title='';
-    my %bighash;
-    if (tie(%bighash,'GDBM_File',$ENV{'request.course.fn'}.'.db',
-                            &GDBM_READER(),0640)) {
-        my $mapid=$bighash{'map_pc_'.&clutter($map)};
-        $title=$bighash{'title_'.$mapid.'.'.$resid};
-        untie %bighash;
-    }
-    $title=~s/\&colon\;/\:/gs;
-    if ($title) {
-        return &do_cache(\%titlecache,$symb,$title,'title');
-    } else {
-	return &metadata($urlsymb,'title');
+    if ($symb) {
+	my $key=$ENV{'request.course.id'}."\0".$symb;
+	my ($result,$cached)=&is_cached_new('title',$key);
+	if (defined($cached)) { 
+	    return $result;
+	}
+	my ($map,$resid,$url)=&decode_symb($symb);
+	my $title='';
+	my %bighash;
+	if (tie(%bighash,'GDBM_File',$ENV{'request.course.fn'}.'.db',
+		&GDBM_READER(),0640)) {
+	    my $mapid=$bighash{'map_pc_'.&clutter($map)};
+	    $title=$bighash{'title_'.$mapid.'.'.$resid};
+	    untie %bighash;
+	}
+	$title=~s/\&colon\;/\:/gs;
+	if ($title) {
+	    return &do_cache_new('title',$key,$title,600);
+	}
+	$urlsymb=$url;
+    }
+    my $title=&metadata($urlsymb,'title');
+    if (!$title) { $title=(split('/',$urlsymb))[-1]; }    
+    return $title;
+}
+
+sub get_slot {
+    my ($which,$cnum,$cdom)=@_;
+    if (!$cnum || !$cdom) {
+	(undef,my $courseid)=&Apache::lonxml::whichuser();
+	$cdom=$ENV{'course.'.$courseid.'.domain'};
+	$cnum=$ENV{'course.'.$courseid.'.num'};
+    }
+    my %slotinfo=&get('slots',[$which],$cdom,$cnum);
+    &Apache::lonhomework::showhash(%slotinfo);
+    my ($tmp)=keys(%slotinfo);
+    if ($tmp=~/^error:/) { return (); }
+    if (ref($slotinfo{$which}) eq 'HASH') {
+	return %{$slotinfo{$which}};
     }
+    return $slotinfo{$which};
 }
-    
 # ------------------------------------------------- Update symbolic store links
 
 sub symblist {
@@ -4221,7 +4742,8 @@ sub symblist {
         if (tie(%hash,'GDBM_File',$ENV{'request.course.fn'}.'_symb.db',
                       &GDBM_WRCREAT(),0640)) {
 	    foreach (keys %newhash) {
-                $hash{declutter($_)}=$mapname.'___'.&deversion($newhash{$_});
+                $hash{declutter($_)}=&encode_symb($mapname,$newhash{$_}->[1],
+						  $newhash{$_}->[0]);
             }
             if (untie(%hash)) {
 		return 'ok';
@@ -4234,7 +4756,10 @@ sub symblist {
 # --------------------------------------------------------------- Verify a symb
 
 sub symbverify {
-    my ($symb,$thisfn)=@_;
+    my ($symb,$thisurl)=@_;
+    my $thisfn=$thisurl;
+# wrapper not part of symbs
+    $thisfn=~s/^\/adm\/wrapper//;
     $thisfn=&declutter($thisfn);
 # direct jump to resource in page or to a sequence - will construct own symbs
     if ($thisfn=~/\.(page|sequence)$/) { return 1; }
@@ -4244,6 +4769,7 @@ sub symbverify {
     unless ($url eq $thisfn) { return 0; }
 
     $symb=&symbclean($symb);
+    $thisurl=&deversion($thisurl);
     $thisfn=&deversion($thisfn);
 
     my %bighash;
@@ -4251,9 +4777,9 @@ sub symbverify {
 
     if (tie(%bighash,'GDBM_File',$ENV{'request.course.fn'}.'.db',
                             &GDBM_READER(),0640)) {
-        my $ids=$bighash{'ids_'.&clutter($thisfn)};
+        my $ids=$bighash{'ids_'.&clutter($thisurl)};
         unless ($ids) { 
-           $ids=$bighash{'ids_/'.$thisfn};
+           $ids=$bighash{'ids_/'.$thisurl};
         }
         if ($ids) {
 # ------------------------------------------------------------------- Has ID(s)
@@ -4262,8 +4788,11 @@ sub symbverify {
                if (
   &symbclean(&declutter($bighash{'map_id_'.$mapid}).'___'.$resid.'___'.$thisfn)
    eq $symb) { 
-                  $okay=1; 
-               }
+		   if (($ENV{'request.role.adv'}) ||
+		       $bighash{'encrypted_'.$_} eq $ENV{'request.enc'}) {
+		       $okay=1; 
+		   }
+	       }
 	   }
         }
 	untie(%bighash);
@@ -4275,13 +4804,16 @@ sub symbverify {
 
 sub symbclean {
     my $symb=shift;
-
+    if ($symb=~m|^/enc/|) { $symb=&Apache::lonenc::unencrypted($symb); }
 # remove version from map
     $symb=~s/\.(\d+)\.(\w+)\_\_\_/\.$2\_\_\_/;
 
 # remove version from URL
     $symb=~s/\.(\d+)\.(\w+)$/\.$2/;
 
+# remove wrapper
+
+    $symb=~s/(\_\_\_\d+\_\_\_)adm\/wrapper\/(res\/)*/$1/;
     return $symb;
 }
 
@@ -4293,19 +4825,20 @@ sub encode_symb {
 }
 
 sub decode_symb {
-    my ($map,$resid,$url)=split(/\_\_\_/,shift);
+    my $symb=shift;
+    if ($symb=~m|^/enc/|) { $symb=&Apache::lonenc::unencrypted($symb); }
+    my ($map,$resid,$url)=split(/___/,$symb);
     return (&fixversion($map),$resid,&fixversion($url));
 }
 
 sub fixversion {
     my $fn=shift;
-    if ($fn=~/^(adm|uploaded|public)/) { return $fn; }
+    if ($fn=~/^(adm|uploaded|editupload|public)/) { return $fn; }
     my %bighash;
     my $uri=&clutter($fn);
     my $key=$ENV{'request.course.id'}.'_'.$uri;
 # is this cached?
-    my ($result,$cached)=&is_cached(\%courseresversioncache,$key,
-				    'courseresversion',600);
+    my ($result,$cached)=&is_cached_new('courseresversion',$key);
     if (defined($cached)) { return $result; }
 # unfortunately not cached, or expired
     if (tie(%bighash,'GDBM_File',$ENV{'request.course.fn'}.'.db',
@@ -4319,8 +4852,7 @@ sub fixversion {
  	}
  	untie %bighash;
     }
-    return &do_cache
-	(\%courseresversioncache,$key,&declutter($uri),'courseresversion');
+    return &do_cache_new('courseresversion',$key,&declutter($uri),600);
 }
 
 sub deversion {
@@ -4333,14 +4865,21 @@ sub deversion {
 
 sub symbread {
     my ($thisfn,$donotrecurse)=@_;
+    my $cache_str='request.symbread.cached.'.$thisfn;
+    if (defined($ENV{$cache_str})) { return $ENV{$cache_str}; }
 # no filename provided? try from environment
     unless ($thisfn) {
-        if ($ENV{'request.symb'}) { return &symbclean($ENV{'request.symb'}); }
+        if ($ENV{'request.symb'}) {
+	    return $ENV{$cache_str}=&symbclean($ENV{'request.symb'});
+	}
 	$thisfn=$ENV{'request.filename'};
     }
+    if ($thisfn=~m|^/enc/|) { $thisfn=&Apache::lonenc::unencrypted($thisfn); }
 # is that filename actually a symb? Verify, clean, and return
     if ($thisfn=~/\_\_\_\d+\_\_\_(.*)$/) {
-	if (&symbverify($thisfn,$1)) { return &symbclean($thisfn); }
+	if (&symbverify($thisfn,$1)) {
+	    return $ENV{$cache_str}=&symbclean($thisfn);
+	}
     }
     $thisfn=declutter($thisfn);
     my %hash;
@@ -4348,7 +4887,7 @@ sub symbread {
     my $syval='';
     if (($ENV{'request.course.fn'}) && ($thisfn)) {
         my $targetfn = $thisfn;
-        if ( ($thisfn =~ m/^uploaded\//) && ($thisfn !~ m/\.(page|sequence)$/) ) {
+        if ( ($thisfn =~ m/^(uploaded|editupload)\//) && ($thisfn !~ m/\.(page|sequence)$/) ) {
             $targetfn = 'adm/wrapper/'.$thisfn;
         }
         if (tie(%hash,'GDBM_File',$ENV{'request.course.fn'}.'_symb.db',
@@ -4358,13 +4897,13 @@ sub symbread {
         }
 # ---------------------------------------------------------- There was an entry
         if ($syval) {
-           unless ($syval=~/\_\d+$/) {
-	       unless ($ENV{'form.request.prefix'}=~/\.(\d+)\_$/) {
-                  &appenv('request.ambiguous' => $thisfn);
-                  return '';
-               }    
-               $syval.=$1;
-	   }
+	    #unless ($syval=~/\_\d+$/) {
+		#unless ($ENV{'form.request.prefix'}=~/\.(\d+)\_$/) {
+		    #&appenv('request.ambiguous' => $thisfn);
+		    #return $ENV{$cache_str}='';
+		#}    
+		#$syval.=$1;
+	    #}
         } else {
 # ------------------------------------------------------- Was not in symb table
            if (tie(%bighash,'GDBM_File',$ENV{'request.course.fn'}.'.db',
@@ -4408,11 +4947,12 @@ sub symbread {
            }
         }
         if ($syval) {
-           return &symbclean($syval.'___'.$thisfn); 
+	    return $ENV{$cache_str}=$syval;
+	    #return $ENV{$cache_str}=&symbclean($syval.'___'.$thisfn);
         }
     }
     &appenv('request.ambiguous' => $thisfn);
-    return '';
+    return $ENV{$cache_str}='';
 }
 
 # ---------------------------------------------------------- Return random seed
@@ -4426,6 +4966,7 @@ sub numval {
     $txt=~tr/U-Z/0-5/;
     $txt=~tr/u-z/0-5/;
     $txt=~s/\D//g;
+    if ($_64bit) { if ($txt > 2**32) { return -1; } }
     return int($txt);
 }
 
@@ -4441,11 +4982,54 @@ sub numval2 {
     my @txts=split(/(\d\d\d\d\d\d\d\d\d)/,$txt);
     my $total;
     foreach my $val (@txts) { $total+=$val; }
+    if ($_64bit) { if ($total > 2**32) { return -1; } }
     return int($total);
 }
 
+sub numval3 {
+    use integer;
+    my $txt=shift;
+    $txt=~tr/A-J/0-9/;
+    $txt=~tr/a-j/0-9/;
+    $txt=~tr/K-T/0-9/;
+    $txt=~tr/k-t/0-9/;
+    $txt=~tr/U-Z/0-5/;
+    $txt=~tr/u-z/0-5/;
+    $txt=~s/\D//g;
+    my @txts=split(/(\d\d\d\d\d\d\d\d\d)/,$txt);
+    my $total;
+    foreach my $val (@txts) { $total+=$val; }
+    if ($_64bit) { $total=(($total<<32)>>32); }
+    return $total;
+}
+
 sub latest_rnd_algorithm_id {
-    return '64bit2';
+    return '64bit4';
+}
+
+sub get_rand_alg {
+    my ($courseid)=@_;
+    if (!$courseid) { $courseid=(&Apache::lonxml::whichuser())[1]; }
+    if ($courseid) {
+	return $ENV{"course.$courseid.rndseed"};
+    }
+    return &latest_rnd_algorithm_id();
+}
+
+sub validCODE {
+    my ($CODE)=@_;
+    if (defined($CODE) && $CODE ne '' && $CODE =~ /^\w+$/) { return 1; }
+    return 0;
+}
+
+sub getCODE {
+    if (&validCODE($ENV{'form.CODE'})) { return $ENV{'form.CODE'}; }
+    if ( (defined($Apache::lonhomework::parsing_a_problem) ||
+	  defined($Apache::lonhomework::parsing_a_task) ) &&
+	 &validCODE($Apache::lonhomework::history{'resource.CODE'})) {
+	return $Apache::lonhomework::history{'resource.CODE'};
+    }
+    return undef;
 }
 
 sub rndseed {
@@ -4458,10 +5042,17 @@ sub rndseed {
     if (!$courseid) { $courseid=$wcourseid; }
     if (!$domain) { $domain=$wdomain; }
     if (!$username) { $username=$wusername }
-    my $which=$ENV{"course.$courseid.rndseed"};
-    my $CODE=$ENV{'form.CODE'};
-    if (defined($CODE)) {
-	return &rndseed_CODE_64bit($symb,$courseid,$domain,$username);
+    my $which=&get_rand_alg();
+    if (defined(&getCODE())) {
+	if ($which eq '64bit4') {
+	    return &rndseed_CODE_64bit4($symb,$courseid,$domain,$username);
+	} else {
+	    return &rndseed_CODE_64bit($symb,$courseid,$domain,$username);
+	}
+    } elsif ($which eq '64bit4') {
+	return &rndseed_64bit4($symb,$courseid,$domain,$username);
+    } elsif ($which eq '64bit3') {
+	return &rndseed_64bit3($symb,$courseid,$domain,$username);
     } elsif ($which eq '64bit2') {
 	return &rndseed_64bit2($symb,$courseid,$domain,$username);
     } elsif ($which eq '64bit') {
@@ -4483,6 +5074,7 @@ sub rndseed_32bit {
 	my $num=$symbseed+$nameseed+$domainseed+$courseseed+$namechck+$symbchck;
 	#&Apache::lonxml::debug("$symbseed:$nameseed;$domainseed|$courseseed;$namechck:$symbchck");
 	#&Apache::lonxml::debug("rndseed :$num:$symb");
+	if ($_64bit) { $num=(($num<<32)>>32); }
 	return $num;
     }
 }
@@ -4503,6 +5095,8 @@ sub rndseed_64bit {
 	my $num2=$nameseed+$domainseed+$courseseed;
 	#&Apache::lonxml::debug("$symbseed:$nameseed;$domainseed|$courseseed;$namechck:$symbchck");
 	#&Apache::lonxml::debug("rndseed :$num:$symb");
+	if ($_64bit) { $num1=(($num1<<32)>>32); $num2=(($num2<<32)>>32); }
+	if ($_64bit) { $num1=(($num1<<32)>>32); $num2=(($num2<<32)>>32); }
 	return "$num1,$num2";
     }
 }
@@ -4529,27 +5123,96 @@ sub rndseed_64bit2 {
     }
 }
 
+sub rndseed_64bit3 {
+    my ($symb,$courseid,$domain,$username)=@_;
+    {
+	use integer;
+	# strings need to be an even # of cahracters long, it it is odd the
+        # last characters gets thrown away
+	my $symbchck=unpack("%32S*",$symb.' ') << 21;
+	my $symbseed=numval2($symb) << 10;
+	my $namechck=unpack("%32S*",$username.' ');
+	
+	my $nameseed=numval2($username) << 21;
+	my $domainseed=unpack("%32S*",$domain.' ') << 10;
+	my $courseseed=unpack("%32S*",$courseid.' ');
+	
+	my $num1=$symbchck+$symbseed+$namechck;
+	my $num2=$nameseed+$domainseed+$courseseed;
+	#&Apache::lonxml::debug("$symbseed:$nameseed;$domainseed|$courseseed;$namechck:$symbchck");
+	#&Apache::lonxml::debug("rndseed :$num1:$num2:$_64bit");
+	if ($_64bit) { $num1=(($num1<<32)>>32); $num2=(($num2<<32)>>32); }
+	
+	return "$num1:$num2";
+    }
+}
+
+sub rndseed_64bit4 {
+    my ($symb,$courseid,$domain,$username)=@_;
+    {
+	use integer;
+	# strings need to be an even # of cahracters long, it it is odd the
+        # last characters gets thrown away
+	my $symbchck=unpack("%32S*",$symb.' ') << 21;
+	my $symbseed=numval3($symb) << 10;
+	my $namechck=unpack("%32S*",$username.' ');
+	
+	my $nameseed=numval3($username) << 21;
+	my $domainseed=unpack("%32S*",$domain.' ') << 10;
+	my $courseseed=unpack("%32S*",$courseid.' ');
+	
+	my $num1=$symbchck+$symbseed+$namechck;
+	my $num2=$nameseed+$domainseed+$courseseed;
+	#&Apache::lonxml::debug("$symbseed:$nameseed;$domainseed|$courseseed;$namechck:$symbchck");
+	#&Apache::lonxml::debug("rndseed :$num1:$num2:$_64bit");
+	if ($_64bit) { $num1=(($num1<<32)>>32); $num2=(($num2<<32)>>32); }
+	
+	return "$num1:$num2";
+    }
+}
+
 sub rndseed_CODE_64bit {
     my ($symb,$courseid,$domain,$username)=@_;
     {
 	use integer;
 	my $symbchck=unpack("%32S*",$symb.' ') << 16;
 	my $symbseed=numval2($symb);
-	my $CODEchck=unpack("%32S*",$ENV{'form.CODE'}.' ') << 16;
-	my $CODEseed=numval($ENV{'form.CODE'});
+	my $CODEchck=unpack("%32S*",&getCODE().' ') << 16;
+	my $CODEseed=numval(&getCODE());
 	my $courseseed=unpack("%32S*",$courseid.' ');
 	my $num1=$symbseed+$CODEchck;
 	my $num2=$CODEseed+$courseseed+$symbchck;
 	#&Apache::lonxml::debug("$symbseed:$CODEchck|$CODEseed:$courseseed:$symbchck");
 	#&Apache::lonxml::debug("rndseed :$num1:$num2:$symb");
-	return "$num1,$num2";
+	if ($_64bit) { $num1=(($num1<<32)>>32); }
+	if ($_64bit) { $num2=(($num2<<32)>>32); }
+	return "$num1:$num2";
+    }
+}
+
+sub rndseed_CODE_64bit4 {
+    my ($symb,$courseid,$domain,$username)=@_;
+    {
+	use integer;
+	my $symbchck=unpack("%32S*",$symb.' ') << 16;
+	my $symbseed=numval3($symb);
+	my $CODEchck=unpack("%32S*",&getCODE().' ') << 16;
+	my $CODEseed=numval3(&getCODE());
+	my $courseseed=unpack("%32S*",$courseid.' ');
+	my $num1=$symbseed+$CODEchck;
+	my $num2=$CODEseed+$courseseed+$symbchck;
+	#&Apache::lonxml::debug("$symbseed:$CODEchck|$CODEseed:$courseseed:$symbchck");
+	#&Apache::lonxml::debug("rndseed :$num1:$num2:$symb");
+	if ($_64bit) { $num1=(($num1<<32)>>32); }
+	if ($_64bit) { $num2=(($num2<<32)>>32); }
+	return "$num1:$num2";
     }
 }
 
 sub setup_random_from_rndseed {
     my ($rndseed)=@_;
-    if ($rndseed =~/,/) {
-	my ($num1,$num2)=split(/,/,$rndseed);
+    if ($rndseed =~/([,:])/) {
+	my ($num1,$num2)=split(/[,:]/,$rndseed);
 	&Math::Random::random_set_seed(abs($num1),abs($num2));
     } else {
 	&Math::Random::random_set_seed_from_phrase($rndseed);
@@ -4632,47 +5295,62 @@ sub receipt {
 # the local server.   
 
 sub getfile {
-    my ($file,$caller) = @_;
-
-    if ($file !~ m|^/*uploaded/(\w+)/(\w+)/(.+)$|) {
-	# normal file from res space
-	&repcopy($file);
-        return &readfile($file);
-    }
-
-    my $info;
-    my $cdom = $1;
-    my $cnum = $2;
-    my $filename = $3;
-    my $path = $Apache::lonnet::perlvar{'lonDocRoot'}.'/userfiles';
-    my ($lwpresp,$rtncode);
-    my $localfile = $path.'/'.$cdom.'/'.$cnum.'/'.$filename;
-    if (-e "$localfile") {
-	my @fileinfo = stat($localfile);
-	$lwpresp = &getuploaded('HEAD',$file,$cdom,$cnum,\$info,\$rtncode);
+    my ($file) = @_;
+    if ($file =~ m -^/*(uploaded|editupload)/-) { $file=&filelocation("",$file); }
+    &repcopy($file);
+    return &readfile($file);
+}
+
+sub repcopy_userfile {
+    my ($file)=@_;
+    if ($file =~ m -^/*(uploaded|editupload)/-) { $file=&filelocation("",$file); }
+    if ($file =~ m|^/home/httpd/html/lonUsers/|) { return 'ok'; }
+    my ($cdom,$cnum,$filename) = 
+	($file=~m|^\Q$perlvar{'lonDocRoot'}\E/+userfiles/+([^/]+)/+([^/]+)/+(.*)|);
+    my ($info,$rtncode);
+    my $uri="/uploaded/$cdom/$cnum/$filename";
+    if (-e "$file") {
+	my @fileinfo = stat($file);
+	my $lwpresp = &getuploaded('HEAD',$uri,$cdom,$cnum,\$info,\$rtncode);
 	if ($lwpresp ne 'ok') {
 	    if ($rtncode eq '404') {
-		unlink($localfile);
+		unlink($file);
 	    }
+	    #my $ua=new LWP::UserAgent;
+	    #my $request=new HTTP::Request('GET',&tokenwrapper($uri));
+	    #my $response=$ua->request($request);
+	    #if ($response->is_success()) {
+	#	return $response->content;
+	#    } else {
+	#	return -1;
+	#    }
 	    return -1;
 	}
 	if ($info < $fileinfo[9]) {
-	    return &readfile($localfile);
+	    return 'ok';
 	}
 	$info = '';
-	$lwpresp = &getuploaded('GET',$file,$cdom,$cnum,\$info,\$rtncode);
+	$lwpresp = &getuploaded('GET',$uri,$cdom,$cnum,\$info,\$rtncode);
 	if ($lwpresp ne 'ok') {
 	    return -1;
 	}
     } else {
-	$lwpresp = &getuploaded('GET',$file,$cdom,$cnum,\$info,\$rtncode);
+	my $lwpresp = &getuploaded('GET',$uri,$cdom,$cnum,\$info,\$rtncode);
 	if ($lwpresp ne 'ok') {
-	    return -1;
+	    my $ua=new LWP::UserAgent;
+	    my $request=new HTTP::Request('GET',&tokenwrapper($uri));
+	    my $response=$ua->request($request);
+	    if ($response->is_success()) {
+		$info=$response->content;
+	    } else {
+		return -1;
+	    }
 	}
 	my @parts = ($cdom,$cnum); 
 	if ($filename =~ m|^(.+)/[^/]+$|) {
 	    push @parts, split(/\//,$1);
-	    }
+	}
+	my $path = $perlvar{'lonDocRoot'}.'/userfiles';
 	foreach my $part (@parts) {
 	    $path .= '/'.$part;
 	    if (!-e $path) {
@@ -4680,13 +5358,28 @@ sub getfile {
 	    }
 	}
     }
-    open (FILE,">$localfile");
+    open(FILE,">$file");
     print FILE $info;
     close(FILE);
-    if ($caller eq 'uploadrep') {
-	return 'ok';
+    return 'ok';
+}
+
+sub tokenwrapper {
+    my $uri=shift;
+    $uri=~s|^http\://([^/]+)||;
+    $uri=~s|^/||;
+    $ENV{'user.environment'}=~/\/([^\/]+)\.id/;
+    my $token=$1;
+    my (undef,$udom,$uname,$file)=split('/',$uri,4);
+    if ($udom && $uname && $file) {
+	$file=~s|(\?\.*)*$||;
+        &appenv("userfile.$udom/$uname/$file" => $ENV{'request.course.id'});
+        return 'http://'.$hostname{ &homeserver($uname,$udom)}.'/'.$uri.
+               (($uri=~/\?/)?'&':'?').'token='.$token.
+                               '&tokenissued='.$perlvar{'lonHostID'};
+    } else {
+        return '/adm/notfound.html';
     }
-    return $info;
 }
 
 sub getuploaded {
@@ -4719,27 +5412,39 @@ sub readfile {
 }
 
 sub filelocation {
-  my ($dir,$file) = @_;
-  my $location;
-  $file=~ s/^\s*(\S+)\s*$/$1/; ## strip off leading and trailing spaces
-  if ($file=~m:^/~:) { # is a contruction space reference
-    $location = $file;
-    $location =~ s:/~(.*?)/(.*):/home/$1/public_html/$2:;
-  } elsif ($file=~/^\/*uploaded/) { # is an uploaded file
-    $location=$file;
-  } else {
-    $file=~s/^\Q$perlvar{'lonDocRoot'}\E//;
-    $file=~s:^/res/:/:;
-    if ( !( $file =~ m:^/:) ) {
-      $location = $dir. '/'.$file;
+    my ($dir,$file) = @_;
+    my $location;
+    $file=~ s/^\s*(\S+)\s*$/$1/; ## strip off leading and trailing spaces
+    if ($file=~m:^/~:) { # is a contruction space reference
+        $location = $file;
+        $location =~ s:/~(.*?)/(.*):/home/$1/public_html/$2:;
+    } elsif ($file=~/^\/*(uploaded|editupload)/) { # is an uploaded file
+        my ($udom,$uname,$filename)=
+  	    ($file=~m -^/+(?:uploaded|editupload)/+([^/]+)/+([^/]+)/+(.*)$-);
+        my $home=&homeserver($uname,$udom);
+        my $is_me=0;
+        my @ids=&current_machine_ids();
+        foreach my $id (@ids) { if ($id eq $home) { $is_me=1; } }
+        if ($is_me) {
+  	    $location=&Apache::loncommon::propath($udom,$uname).
+  	      '/userfiles/'.$filename;
+        } else {
+  	  $location=$Apache::lonnet::perlvar{'lonDocRoot'}.'/userfiles/'.
+  	      $udom.'/'.$uname.'/'.$filename;
+        }
     } else {
-      $location = '/home/httpd/html/res'.$file;
+        $file=~s/^\Q$perlvar{'lonDocRoot'}\E//;
+        $file=~s:^/res/:/:;
+        if ( !( $file =~ m:^/:) ) {
+            $location = $dir. '/'.$file;
+        } else {
+            $location = '/home/httpd/html/res'.$file;
+        }
     }
-  }
-  $location=~s://+:/:g; # remove duplicate /
-  while ($location=~m:/\.\./:) {$location=~ s:/[^/]+/\.\./:/:g;} #remove dir/..
-  while ($location=~m:/\./:) {$location=~ s:/\./:/:g;} #remove /./
-  return $location;
+    $location=~s://+:/:g; # remove duplicate /
+    while ($location=~m:/\.\./:) {$location=~ s:/[^/]+/\.\./:/:g;} #remove dir/..
+    while ($location=~m:/\./:) {$location=~ s:/\./:/:g;} #remove /./
+    return $location;
 }
 
 sub hreflocation {
@@ -4785,6 +5490,7 @@ sub current_machine_ids {
 
 sub declutter {
     my $thisfn=shift;
+    if ($thisfn=~m|^/enc/|) { $thisfn=&Apache::lonenc::unencrypted($thisfn); }
     $thisfn=~s/^\Q$perlvar{'lonDocRoot'}\E//;
     $thisfn=~s/^\///;
     $thisfn=~s/^res\///;
@@ -4796,12 +5502,21 @@ sub declutter {
 
 sub clutter {
     my $thisfn='/'.&declutter(shift);
-    unless ($thisfn=~/^\/(uploaded|adm|userfiles|ext|raw|priv)\//) { 
+    unless ($thisfn=~/^\/(uploaded|editupload|adm|userfiles|ext|raw|priv|public)\//) { 
        $thisfn='/res'.$thisfn; 
     }
     return $thisfn;
 }
 
+sub freeze_escape {
+    my ($value)=@_;
+    if (ref($value)) {
+	$value=&nfreeze($value);
+	return '__FROZEN__'.&escape($value);
+    }
+    return &escape($value);
+}
+
 # -------------------------------------------------------- Escape Special Chars
 
 sub escape {
@@ -4818,11 +5533,21 @@ sub unescape {
     return $str;
 }
 
+sub thaw_unescape {
+    my ($value)=@_;
+    if ($value =~ /^__FROZEN__/) {
+	substr($value,0,10,undef);
+	$value=&unescape($value);
+	return &thaw($value);
+    }
+    return &unescape($value);
+}
+
 sub mod_perl_version {
+    return 1;
     if (defined($perlvar{'MODPERL2'})) {
 	return 2;
     }
-    return 1;
 }
 
 sub correct_line_ends {
@@ -4835,17 +5560,20 @@ sub correct_line_ends {
 sub goodbye {
    &logthis("Starting Shut down");
 #not converted to using infrastruture and probably shouldn't be
-   &logthis(sprintf("%-20s is %s",'%badServerCache',scalar(%badServerCache)));
+   &logthis(sprintf("%-20s is %s",'%badServerCache',length(&freeze(\%badServerCache))));
 #converted
-   &logthis(sprintf("%-20s is %s",'%metacache',scalar(%metacache)));
-   &logthis(sprintf("%-20s is %s",'%homecache',scalar(%homecache)));
-   &logthis(sprintf("%-20s is %s",'%titlecache',scalar(%titlecache)));
-   &logthis(sprintf("%-20s is %s",'%courseresdatacache',scalar(%courseresdatacache)));
+#   &logthis(sprintf("%-20s is %s",'%metacache',scalar(%metacache)));
+   &logthis(sprintf("%-20s is %s",'%homecache',length(&freeze(\%homecache))));
+#   &logthis(sprintf("%-20s is %s",'%titlecache',length(&freeze(\%titlecache))));
+#   &logthis(sprintf("%-20s is %s",'%courseresdatacache',length(&freeze(\%courseresdatacache))));
 #1.1 only
-   &logthis(sprintf("%-20s is %s",'%userresdatacache',scalar(%userresdatacache)));
-   &logthis(sprintf("%-20s is %s",'%usectioncache',scalar(%usectioncache)));
-   &logthis(sprintf("%-20s is %s",'%courseresversioncache',scalar(%courseresversioncache)));
-   &logthis(sprintf("%-20s is %s",'%resversioncache',scalar(%resversioncache)));
+#   &logthis(sprintf("%-20s is %s",'%userresdatacache',length(&freeze(\%userresdatacache))));
+#   &logthis(sprintf("%-20s is %s",'%getsectioncache',length(&freeze(\%getsectioncache))));
+#   &logthis(sprintf("%-20s is %s",'%courseresversioncache',length(&freeze(\%courseresversioncache))));
+#   &logthis(sprintf("%-20s is %s",'%resversioncache',length(&freeze(\%resversioncache))));
+   &logthis(sprintf("%-20s is %s",'%remembered',length(&freeze(\%remembered))));
+   &logthis(sprintf("%-20s is %s",'kicks',$kicks));
+   &logthis(sprintf("%-20s is %s",'hits',$hits));
    &flushcourselogs();
    &logthis("Shutting down");
    return DONE;
@@ -4855,6 +5583,7 @@ BEGIN {
 # ----------------------------------- Read loncapa.conf and loncapa_apache.conf
     unless ($readit) {
 {
+    # FIXME: Use LONCAPA::Configuration::read_conf here and omit next block
     open(my $config,"</etc/httpd/conf/loncapa.conf");
 
     while (my $configline=<$config>) {
@@ -4915,22 +5644,32 @@ BEGIN {
     while (my $configline=<$config>) {
        next if ($configline =~ /^(\#|\s*$)/);
        chomp($configline);
-       my ($id,$domain,$role,$name,$ip,$domdescr)=split(/:/,$configline);
-       if ($id && $domain && $role && $name && $ip) {
+       my ($id,$domain,$role,$name)=split(/:/,$configline);
+       $name=~s/\s//g;
+       if ($id && $domain && $role && $name) {
 	 $hostname{$id}=$name;
 	 $hostdom{$id}=$domain;
-	 $hostip{$id}=$ip;
-	 $iphost{$ip}=$id;
 	 if ($role eq 'library') { $libserv{$id}=$name; }
-       } else {
-	 if ($configline) {
-	   &logthis("Skipping hosts.tab line -$configline-");
-	 }
        }
     }
     close($config);
 }
 
+sub get_iphost {
+    if (%iphost) { return %iphost; }
+    foreach my $id (keys(%hostname)) {
+	my $name=$hostname{$id};
+	my $ip = gethostbyname($name);
+	if (!$ip || length($ip) ne 4) {
+	    &logthis("Skipping host $id name $name no IP found\n");
+	    next;
+	}
+	$ip=inet_ntoa($ip);
+	push(@{$iphost{$ip}},$id);
+    }
+    return %iphost;
+}
+
 # ------------------------------------------------------ Read spare server file
 {
     open(my $config,"<$perlvar{'lonTabDir'}/spare.tab");
@@ -4994,7 +5733,7 @@ BEGIN {
 
 }
 
-%metacache=();
+$memcache=new Cache::Memcached({'servers'=>['127.0.0.1:11211']});
 
 $processmarker='_'.time.'_'.$perlvar{'lonHostID'};
 $dumpcount=0;
@@ -5002,6 +5741,12 @@ $dumpcount=0;
 &logtouch();
 &logthis('<font color=yellow>INFO: Read configuration</font>');
 $readit=1;
+    {
+	use integer;
+	my $test=(2**32)+1;
+	if ($test != 0) { $_64bit=1; } else { $_64bit=0; }
+	&logthis(" Detected 64bit platform ($_64bit)");
+    }
 }
 }
 
@@ -5229,8 +5974,8 @@ X<rolesinit()>
 B<rolesinit($udom,$username,$authhost)>: get user privileges
 
 =item *
-X<usection()>
-B<usection($udom,$uname,$cname)>: finds the section of student in the
+X<getsection()>
+B<getsection($udom,$uname,$cname)>: finds the section of student in the
 course $cname, return section name/number or '' for "not in course"
 and '-1' for "no section"
 
@@ -5433,8 +6178,8 @@ subscribe($fname) : subscribe to a resou
 
 repcopy($filename) : subscribes to the requested file, and attempts to
 replicate from the owning library server, Might return
-HTTP_SERVICE_UNAVAILABLE, HTTP_NOT_FOUND, FORBIDDEN, OK, or
-HTTP_BAD_REQUEST, also attempts to grab the metadata for the
+'unavailable', 'not_found', 'forbidden', 'ok', or
+'bad_request', also attempts to grab the metadata for the
 resource. Expects the local filesystem pathname
 (/home/httpd/html/res/....)
 
@@ -5488,9 +6233,10 @@ returns the data handle
 =item *
 
 symbverify($symb,$thisfn) : verifies that $symb actually exists and is
-a possible symb for the URL in $thisfn, returns a 1 on success, 0 on
-failure, user must be in a course, as it assumes the existance of the
-course initi hash, and uses $ENV('request.course.id'}
+a possible symb for the URL in $thisfn, and if is an encryypted
+resource that the user accessed using /enc/ returns a 1 on success, 0
+on failure, user must be in a course, as it assumes the existance of
+the course initial hash, and uses $ENV('request.course.id'}
 
 
 =item *
@@ -5617,6 +6363,17 @@ put($namespace,$storehash,$udom,$uname)
 
 =item *
 
+putstore($namespace,$storehash,$udomain,$uname) : stores hash in namesp
+keys used in storehash include version information (e.g., 1:$symb:message etc.) as
+used in records written by &store and retrieved by &restore.  This function 
+was created for use in editing discussion posts, without incrementing the
+version number included in the key for a particular post. The colon 
+separated list of attribute names (e.g., the value associated with the key 
+1:keys:$symb) is also generated and passed in the ampersand separated 
+items sent to lonnet::reply().  
+
+=item *
+
 cput($namespace,$storehash,$udom,$uname) : critical put
 ($udom and $uname are optional)
 
@@ -5764,6 +6521,91 @@ declutter() : declutters URLs (remove do
 
 =back
 
+=head2 Usererfile file routines (/uploaded*)
+
+=over 4
+
+=item *
+
+userfileupload(): main rotine for putting a file in a user or course's
+                  filespace, arguments are,
+
+ formname - required - this is the name of the element in $ENV where the
+           filename, and the contents of the file to create/modifed exist
+           the filename is in $ENV{'form.'.$formname.'.filename'} and the
+           contents of the file is located in $ENV{'form.'.$formname}
+ coursedoc - if true, store the file in the course of the active role
+             of the current user
+ subdir - required - subdirectory to put the file in under ../userfiles/
+         if undefined, it will be placed in "unknown"
+
+ (This routine calls clean_filename() to remove any dangerous
+ characters from the filename, and then calls finuserfileupload() to
+ complete the transaction)
+
+ returns either the url of the uploaded file (/uploaded/....) if successful
+ and /adm/notfound.html if unsuccessful
+
+=item *
+
+clean_filename(): routine for cleaing a filename up for storage in
+                 userfile space, argument is:
+
+ filename - proposed filename
+
+returns: the new clean filename
+
+=item *
+
+finishuserfileupload(): routine that creaes and sends the file to
+userspace, probably shouldn't be called directly
+
+  docuname: username or courseid of destination for the file
+  docudom: domain of user/course of destination for the file
+  docuhome: loncapa id of the library server that is getting the file
+  formname: same as for userfileupload()
+  fname: filename (inculding subdirectories) for the file
+
+ returns either the url of the uploaded file (/uploaded/....) if successful
+ and /adm/notfound.html if unsuccessful
+
+=item *
+
+renameuserfile(): renames an existing userfile to a new name
+
+  Args:
+   docuname: username or courseid of destination for the file
+   docudom: domain of user/course of destination for the file
+   old: current file name (including any subdirs under userfiles)
+   new: desired file name (including any subdirs under userfiles)
+
+=item *
+
+mkdiruserfile(): creates a directory is a userfiles dir
+
+  Args:
+   docuname: username or courseid of destination for the file
+   docudom: domain of user/course of destination for the file
+   dir: dir to create (including any subdirs under userfiles)
+
+=item *
+
+removeuserfile(): removes a file that exists in userfiles
+
+  Args:
+   docuname: username or courseid of destination for the file
+   docudom: domain of user/course of destination for the file
+   fname: filname to delete (including any subdirs under userfiles)
+
+=item *
+
+removeuploadedurl(): convience function for removeuserfile()
+
+  Args:
+   url:  a full /uploaded/... url to delete
+
+=back
+
 =head2 HTTP Helper Routines
 
 =over 4