--- loncom/lonnet/perl/lonnet.pm	2004/11/06 21:27:40	1.523.2.12
+++ loncom/lonnet/perl/lonnet.pm	2004/12/22 20:34:49	1.583
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # TCP networking package
 #
-# $Id: lonnet.pm,v 1.523.2.12 2004/11/06 21:27:40 albertel Exp $
+# $Id: lonnet.pm,v 1.583 2004/12/22 20:34:49 matthew Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -38,8 +38,8 @@ use vars
 qw(%perlvar %hostname %homecache %badServerCache %hostip %iphost %spareid %hostdom 
    %libserv %pr %prp %metacache %packagetab %titlecache %courseresversioncache %resversioncache
    %courselogs %accesshash %userrolehash $processmarker $dumpcount 
-   %coursedombuf %coursenumbuf %coursehombuf %coursedescrbuf %courseinstcodebuf %courseresdatacache 
-   %userresdatacache %usectioncache %domaindescription %domain_auth_def %domain_auth_arg_def 
+   %coursedombuf %coursenumbuf %coursehombuf %coursedescrbuf %courseinstcodebuf %courseownerbuf %courseresdatacache 
+   %userresdatacache %getsectioncache %domaindescription %domain_auth_def %domain_auth_arg_def 
    %domain_lang_def %domain_city %domain_longi %domain_lati $tmpdir $_64bit);
 
 use IO::Socket;
@@ -47,11 +47,11 @@ use GDBM_File;
 use Apache::Constants qw(:common :http);
 use HTML::LCParser;
 use Fcntl qw(:flock);
-use Apache::loncoursedata;
 use Apache::lonlocal;
-use Storable qw(lock_store lock_nstore lock_retrieve freeze thaw);
+use Storable qw(lock_store lock_nstore lock_retrieve freeze thaw nfreeze);
 use Time::HiRes qw( gettimeofday tv_interval );
 my $readit;
+my $max_connection_retries = 10;     # Or some such value.
 
 =pod
 
@@ -116,14 +116,40 @@ sub logperm {
 sub subreply {
     my ($cmd,$server)=@_;
     my $peerfile="$perlvar{'lonSockDir'}/$server";
-    my $client=IO::Socket::UNIX->new(Peer    =>"$peerfile",
-                                     Type    => SOCK_STREAM,
-                                     Timeout => 10)
-       or return "con_lost";
-    print $client "$cmd\n";
-    my $answer=<$client>;
-    if (!$answer) { $answer="con_lost"; }
-    chomp($answer);
+    #
+    #  With loncnew process trimming, there's a timing hole between lonc server
+    #  process exit and the master server picking up the listen on the AF_UNIX
+    #  socket.  In that time interval, a lock file will exist:
+
+    my $lockfile=$peerfile.".lock";
+    while (-e $lockfile) {	# Need to wait for the lockfile to disappear.
+	sleep(1);
+    }
+    # At this point, either a loncnew parent is listening or an old lonc
+    # or loncnew child is listening so we can connect or everything's dead.
+    #
+    #   We'll give the connection a few tries before abandoning it.  If
+    #   connection is not possible, we'll con_lost back to the client.
+    #   
+    my $client;
+    for (my $retries = 0; $retries < $max_connection_retries; $retries++) {
+	$client=IO::Socket::UNIX->new(Peer    =>"$peerfile",
+				      Type    => SOCK_STREAM,
+				      Timeout => 10);
+	if($client) {
+	    last;		# Connected!
+	}
+	sleep(1);		# Try again later if failed connection.
+    }
+    my $answer;
+    if ($client) {
+	print $client "$cmd\n";
+	$answer=<$client>;
+	if (!$answer) { $answer="con_lost"; }
+	chomp($answer);
+    } else {
+	$answer = 'con_lost';	# Failed connection.
+    }
     return $answer;
 }
 
@@ -434,7 +460,7 @@ sub overloaderror {
     if ($overload>0) {
 	$r->err_headers_out->{'Retry-After'}=$overload;
         $r->log_error('Overload of '.$overload.' on '.$checkserver);
-        return 409;
+        return 413;
     }    
     return '';
 }
@@ -771,6 +797,11 @@ sub getsection {
     my ($udom,$unam,$courseid)=@_;
     $courseid=~s/\_/\//g;
     $courseid=~s/^(\w)/\/$1/;
+
+    my $hashid="$udom:$unam:$courseid";
+    my ($result,$cached)=&is_cached(\%getsectioncache,$hashid,'getsection');
+    if (defined($cached)) { return $result; }
+
     my %Pending; 
     my %Expired;
     #
@@ -803,21 +834,21 @@ sub getsection {
             $Pending{$start}=$section;
             next;
         }
-        return $section;
+        return &do_cache(\%getsectioncache,$hashid,$section,'getsection');
     }
     #
     # Presumedly there will be few matching roles from the above
     # loop and the sorting time will be negligible.
     if (scalar(keys(%Pending))) {
         my ($time) = sort {$a <=> $b} keys(%Pending);
-        return $Pending{$time};
+        return &do_cache(\%getsectioncache,$hashid,$Pending{$time},'getsection');
     } 
     if (scalar(keys(%Expired))) {
         my @sorted = sort {$a <=> $b} keys(%Expired);
         my $time = pop(@sorted);
-        return $Expired{$time};
+        return &do_cache(\%getsectioncache,$hashid,$Expired{$time},'getsection');
     }
-    return '-1';
+    return &do_cache(\%getsectioncache,$hashid,'-1','getsection');
 }
 
 
@@ -873,7 +904,7 @@ sub is_cached {
 #			&logthis("Upping $mtime - ".$$cache{$id.'.time'}.
 #				 "$id because of $filename");
 		    } else {
-#			&logthis("Devalidating $filename $id - ".(time-($$cache{$id.'.time'})));
+			&logthis("Devalidating $filename $id - ".(time-($$cache{$id.'.time'})));
 			&devalidate_cache($cache,$id,$name);
 			return (undef,undef);
 		    }
@@ -1008,38 +1039,6 @@ EVALBLOCK
 #    &logthis("load_cache_item $name took ".(&Time::HiRes::time()-$starttime));
 }
 
-sub usection {
-    my ($udom,$unam,$courseid)=@_;
-    my $hashid="$udom:$unam:$courseid";
-    
-    my ($result,$cached)=&is_cached(\%usectioncache,$hashid,'usection');
-    if (defined($cached)) { return $result; }
-    $courseid=~s/\_/\//g;
-    $courseid=~s/^(\w)/\/$1/;
-    foreach (split(/\&/,&reply('dump:'.$udom.':'.$unam.':roles',
-                        &homeserver($unam,$udom)))) {
-        my ($key,$value)=split(/\=/,$_);
-        $key=&unescape($key);
-        if ($key=~/^\Q$courseid\E(?:\/)*(\w+)*\_st$/) {
-            my $section=$1;
-            if ($key eq $courseid.'_st') { $section=''; }
-	    my ($dummy,$end,$start)=split(/\_/,&unescape($value));
-            my $now=time;
-            my $notactive=0;
-            if ($start) {
-		if ($now<$start) { $notactive=1; }
-            }
-            if ($end) {
-                if ($now>$end) { $notactive=1; }
-            } 
-            unless ($notactive) {
-		return &do_cache(\%usectioncache,$hashid,$section,'usection');
-	    }
-        }
-    }
-    return &do_cache(\%usectioncache,$hashid,'-1','usection');
-}
-
 # ------------------------------------- Read an entry from a user's environment
 
 sub userenvironment {
@@ -1118,7 +1117,12 @@ sub subscribe {
 sub repcopy {
     my $filename=shift;
     $filename=~s/\/+/\//g;
-    if ($filename=~/^\/home\/httpd\/html\/adm\//) { return OK; }
+    if ($filename=~m|^/home/httpd/html/adm/|) { return OK; }
+    if ($filename=~m|^/home/httpd/html/lonUsers/|) { return OK; }
+    if ($filename=~m|^/home/httpd/html/userfiles/| or
+	$filename=~m|^/*uploaded/|) { 
+	return &repcopy_userfile($filename);
+    }
     $filename=~s/[\n\r]//g;
     my $transname="$filename.in.transfer";
     if ((-e $filename) || (-e $transname)) { return OK; }
@@ -1184,10 +1188,9 @@ sub ssi_body {
     my ($filelink,%form)=@_;
     my $output=($filelink=~/^http\:/?&externalssi($filelink):
                                      &ssi($filelink,%form));
+    $output=~s|//(\s*<!--)? BEGIN LON-CAPA Internal.+// END LON-CAPA Internal\s*(-->)?\s||gs;
     $output=~s/^.*?\<body[^\>]*\>//si;
     $output=~s/(.*)\<\/body\s*\>.*?$/$1/si;
-    $output=~
-            s/\/\/ BEGIN LON\-CAPA Internal.+\/\/ END LON\-CAPA Internal\s//gs;
     return $output;
 }
 
@@ -1320,10 +1323,8 @@ sub process_coursefile {
 # input: name of form element, coursedoc=1 means this is for the course
 # output: url of file in userspace
 
-sub userfileupload {
-    my ($formname,$coursedoc,$subdir)=@_;
-    if (!defined($subdir)) { $subdir='unknown'; }
-    my $fname=$ENV{'form.'.$formname.'.filename'};
+sub clean_filename {
+    my ($fname)=@_;
 # Replace Windows backslashes by forward slashes
     $fname=~s/\\/\//g;
 # Get rid of everything but the actual filename
@@ -1332,6 +1333,17 @@ sub userfileupload {
     $fname=~s/\s+/\_/g;
 # Replace all other weird characters by nothing
     $fname=~s/[^\w\.\-]//g;
+# Replace all .\d. sequences with _\d. so they no longer look like version
+# numbers
+    $fname=~s/\.(\d+)(?=\.)/_$1/g;
+    return $fname;
+}
+
+sub userfileupload {
+    my ($formname,$coursedoc,$subdir)=@_;
+    if (!defined($subdir)) { $subdir='unknown'; }
+    my $fname=$ENV{'form.'.$formname.'.filename'};
+    $fname=&clean_filename($fname);
 # See if there is anything left
     unless ($fname) { return 'error: no uploaded file'; }
     chop($ENV{'form.'.$formname});
@@ -1394,13 +1406,13 @@ sub finishuserfileupload {
     }
 # Save the file
     {
-	#&Apache::lonnet::logthis("Saving to $filepath $file");
-       open(my $fh,'>'.$filepath.'/'.$file);
-       print $fh $ENV{'form.'.$formname};
-       close($fh);
+	open(FH,'>'.$filepath.'/'.$file);
+	print FH $ENV{'form.'.$formname};
+	close(FH);
     }
 # Notify homeserver to grep it
 #
+    &Apache::lonnet::logthis("fetching ".$path.$file);
     my $fetchresult= &reply('fetchuserfile:'.$path.$file,$docuhome);
     if ($fetchresult eq 'ok') {
 #
@@ -1425,6 +1437,19 @@ sub removeuserfile {
     return &reply("removeuserfile:$docudom/$docuname/$fname",$home);
 }
 
+sub mkdiruserfile {
+    my ($docuname,$docudom,$dir)=@_;
+    my $home=&homeserver($docuname,$docudom);
+    return &reply("mkdiruserfile:".&escape("$docudom/$docuname/$dir"),$home);
+}
+
+sub renameuserfile {
+    my ($docuname,$docudom,$old,$new)=@_;
+    my $home=&homeserver($docuname,$docudom);
+    return &reply("renameuserfile:$docudom:$docuname:".&escape("$old").':'.
+		  &escape("$new"),$home);
+}
+
 # ------------------------------------------------------------------------- Log
 
 sub log {
@@ -1465,12 +1490,12 @@ sub flushcourselogs {
         if ($courseidbuffer{$coursehombuf{$crsid}}) {
            $courseidbuffer{$coursehombuf{$crsid}}.='&'.
 			 &escape($crsid).'='.&escape($coursedescrbuf{$crsid}).
-                         '='.&escape($courseinstcodebuf{$crsid});
+                         ':'.&escape($courseinstcodebuf{$crsid}).':'.&escape($courseownerbuf{$crsid});
         } else {
            $courseidbuffer{$coursehombuf{$crsid}}=
 			 &escape($crsid).'='.&escape($coursedescrbuf{$crsid}).
-                         '='.&escape($courseinstcodebuf{$crsid});
-        }    
+                         ':'.&escape($courseinstcodebuf{$crsid}).':'.&escape($courseownerbuf{$crsid});
+        }
     }
 #
 # Write course id database (reverse lookup) to homeserver of courses 
@@ -1545,6 +1570,8 @@ sub courselog {
        $ENV{'course.'.$ENV{'request.course.id'}.'.description'};
     $courseinstcodebuf{$ENV{'request.course.id'}}=
        $ENV{'course.'.$ENV{'request.course.id'}.'.internal.coursecode'};
+    $courseownerbuf{$ENV{'request.course.id'}}=
+       $ENV{'course.'.$ENV{'request.course.id'}.'.internal.courseowner'};
     if (defined $courselogs{$ENV{'request.course.id'}}) {
 	$courselogs{$ENV{'request.course.id'}}.='&'.$what;
     } else {
@@ -1561,11 +1588,23 @@ sub courseacclog {
     my $what=$fnsymb.':'.$ENV{'user.name'}.':'.$ENV{'user.domain'};
     if ($fnsymb=~/(problem|exam|quiz|assess|survey|form|page)$/) {
         $what.=':POST';
+        # FIXME: Probably ought to escape things....
 	foreach (keys %ENV) {
             if ($_=~/^form\.(.*)/) {
 		$what.=':'.$1.'='.$ENV{$_};
             }
         }
+    } elsif ($fnsymb =~ m:^/adm/searchcat:) {
+        # FIXME: We should not be depending on a form parameter that someone
+        # editing lonsearchcat.pm might change in the future.
+        if ($ENV{'form.phase'} eq 'course_search') {
+            $what.= ':POST';
+            # FIXME: Probably ought to escape things....
+            foreach my $element ('courseexp','crsfulltext','crsrelated',
+                                 'crsdiscuss') {
+                $what.=':'.$element.'='.$ENV{'form.'.$element};
+            }
+        }
     }
     &courselog($what);
 }
@@ -1617,6 +1656,7 @@ sub get_course_adv_roles {
         if (($tend) && ($tend<$now)) { next; }
         if (($tstart) && ($now<$tstart)) { next; }
         my ($role,$username,$domain,$section)=split(/\:/,$_);
+	if ($username eq '' || $domain eq '') { next; }
 	if ((&privileged($username,$domain)) && 
 	    (!$nothide{$username.':'.$domain})) { next; }
         my $key=&plaintext($role);
@@ -1688,7 +1728,7 @@ sub courseidput {
 }
 
 sub courseiddump {
-    my ($domfilter,$descfilter,$sincefilter,$hostidflag,$hostidref)=@_;
+    my ($domfilter,$descfilter,$sincefilter,$instcodefilter,$ownerfilter,$hostidflag,$hostidref)=@_;
     my %returnhash=();
     unless ($domfilter) { $domfilter=''; }
     foreach my $tryserver (keys %libserv) {
@@ -1696,7 +1736,8 @@ sub courseiddump {
 	    if ((!$domfilter) || ($hostdom{$tryserver} eq $domfilter)) {
 	        foreach (
                  split(/\&/,&reply('courseiddump:'.$hostdom{$tryserver}.':'.
-			       $sincefilter.':'.&escape($descfilter),
+			       $sincefilter.':'.&escape($descfilter).':'.
+                               &escape($instcodefilter).':'.&escape($ownerfilter),
                                $tryserver))) {
 		    my ($key,$value)=split(/\=/,$_);
                     if (($key) && ($value)) {
@@ -1846,6 +1887,7 @@ sub devalidate {
         # - the student level sheet of this user in course's homespace
         # - the assessment level sheet for this resource 
         #   for this user in user's homespace
+	# - current conditional state info
 	my $key=$uname.':'.$udom.':';
         my $status=
 	    &del('nohist_calculatedsheets',
@@ -1860,6 +1902,7 @@ sub devalidate {
                     $uname.' at '.$udom.' for '.
 		    $symb.': '.$status);
         }
+	&delenv('user.state.'.$cid);
     }
 }
 
@@ -2360,10 +2403,8 @@ sub rolesinit {
     my $rolesdump=reply("dump:$domain:$username:roles",$authhost);
     if (($rolesdump eq 'con_lost') || ($rolesdump eq '')) { return ''; }
     my %allroles=();
-    my %thesepriv=();
     my $now=time;
     my $userroles="user.login.time=$now\n";
-    my $thesestr;
 
     if ($rolesdump ne '') {
         foreach (split(/&/,$rolesdump)) {
@@ -2371,94 +2412,21 @@ sub rolesinit {
             my ($area,$role)=split(/=/,$_);
             $area=~s/\_\w\w$//;
             my ($trole,$tend,$tstart)=split(/_/,$role);
-            $userroles.='user.role.'.$trole.'.'.$area.'='.
-                        $tstart.'.'.$tend."\n";
-# log the associated role with the area
-            &userrolelog($trole,$username,$domain,$area,$tstart,$tend);
-            if ($tend!=0) {
-	        if ($tend<$now) {
-	            $trole='';
-                } 
-            }
-            if ($tstart!=0) {
-                if ($tstart>$now) {
-                   $trole='';        
-                }
-            }
+            $userroles.=&set_arearole($trole,$area,$tstart,$tend,$domain,$username);
+            if (($tend!=0) && ($tend<$now)) { $trole=''; }
+            if (($tstart!=0) && ($tstart>$now)) { $trole=''; }
             if (($area ne '') && ($trole ne '')) {
 		my $spec=$trole.'.'.$area;
 		my ($tdummy,$tdomain,$trest)=split(/\//,$area);
 		if ($trole =~ /^cr\//) {
-		    my ($rdummy,$rdomain,$rauthor,$rrole)=split(/\//,$trole);
- 		    my $homsvr=homeserver($rauthor,$rdomain);
-		    if ($hostname{$homsvr} ne '') {
-			my ($rdummy,$roledef)=
-			   &get('roles',["rolesdef_$rrole"],$rdomain,$rauthor);
-				
-			if (($rdummy ne 'con_lost') && ($roledef ne '')) {
-			    my ($syspriv,$dompriv,$coursepriv)=
-				split(/\_/,$roledef);
-			    if (defined($syspriv)) {
-				$allroles{'cm./'}.=':'.$syspriv;
-				$allroles{$spec.'./'}.=':'.$syspriv;
-			    }
-			    if ($tdomain ne '') {
-				if (defined($dompriv)) {
-				    $allroles{'cm./'.$tdomain.'/'}.=':'.$dompriv;
-				    $allroles{$spec.'./'.$tdomain.'/'}.=':'.$dompriv;
-				}
-				if ($trest ne '') {
-				    if (defined($coursepriv)) {
-					$allroles{'cm.'.$area}.=':'.$coursepriv;
-					$allroles{$spec.'.'.$area}.=':'.$coursepriv;
-				    }
-				}
-			    }
-			}
-		    }
+                    &custom_roleprivs(\%allroles,$trole,$tdomain,$trest,$spec,$area);
 		} else {
-		    if (defined($pr{$trole.':s'})) {
-			$allroles{'cm./'}.=':'.$pr{$trole.':s'};
-			$allroles{$spec.'./'}.=':'.$pr{$trole.':s'};
-		    }
-		    if ($tdomain ne '') {
-			if (defined($pr{$trole.':d'})) {
-			    $allroles{'cm./'.$tdomain.'/'}.=':'.$pr{$trole.':d'};
-			    $allroles{$spec.'./'.$tdomain.'/'}.=':'.$pr{$trole.':d'};
-			}
-			if ($trest ne '') {
-			    if (defined($pr{$trole.':c'})) {
-				$allroles{'cm.'.$area}.=':'.$pr{$trole.':c'};
-				$allroles{$spec.'.'.$area}.=':'.$pr{$trole.':c'};
-			    }
-			}
-		    }
+                    &standard_roleprivs(\%allroles,$trole,$tdomain,$spec,$trest,$area);
 		}
             }
           } 
         }
-        my $adv=0;
-        my $author=0;
-        foreach (keys %allroles) {
-            %thesepriv=();
-            if (($_!~/^st/) && ($_!~/^ta/) && ($_!~/^cm/)) { $adv=1; }
-            if (($_=~/^au/) || ($_=~/^ca/)) { $author=1; }
-            foreach (split(/:/,$allroles{$_})) {
-                if ($_ ne '') {
-		    my ($privilege,$restrictions)=split(/&/,$_);
-                    if ($restrictions eq '') {
-			$thesepriv{$privilege}='F';
-                    } else {
-                        if ($thesepriv{$privilege} ne 'F') {
-			    $thesepriv{$privilege}.=$restrictions;
-                        }
-                    }
-                }
-            }
-            $thesestr='';
-            foreach (keys %thesepriv) { $thesestr.=':'.$_.'&'.$thesepriv{$_}; }
-            $userroles.='user.priv.'.$_.'='.$thesestr."\n";
-        }
+        my ($author,$adv) = &set_userprivs(\$userroles,\%allroles);
         $userroles.='user.adv='.$adv."\n".
 	            'user.author='.$author."\n";
         $ENV{'user.adv'}=$adv;
@@ -2466,6 +2434,84 @@ sub rolesinit {
     return $userroles;  
 }
 
+sub set_arearole {
+    my ($trole,$area,$tstart,$tend,$domain,$username) = @_;
+# log the associated role with the area
+    &userrolelog($trole,$username,$domain,$area,$tstart,$tend);
+    return 'user.role.'.$trole.'.'.$area.'='.$tstart.'.'.$tend."\n";
+}
+
+sub custom_roleprivs {
+    my ($allroles,$trole,$tdomain,$trest,$spec,$area) = @_;
+    my ($rdummy,$rdomain,$rauthor,$rrole)=split(/\//,$trole);
+    my $homsvr=homeserver($rauthor,$rdomain);
+    if ($hostname{$homsvr} ne '') {
+        my ($rdummy,$roledef)=
+            &get('roles',["rolesdef_$rrole"],$rdomain,$rauthor);
+        if (($rdummy ne 'con_lost') && ($roledef ne '')) {
+            my ($syspriv,$dompriv,$coursepriv)=split(/\_/,$roledef);
+            if (defined($syspriv)) {
+                $$allroles{'cm./'}.=':'.$syspriv;
+                $$allroles{$spec.'./'}.=':'.$syspriv;
+            }
+            if ($tdomain ne '') {
+                if (defined($dompriv)) {
+                    $$allroles{'cm./'.$tdomain.'/'}.=':'.$dompriv;
+                    $$allroles{$spec.'./'.$tdomain.'/'}.=':'.$dompriv;
+                }
+                if (($trest ne '') && (defined($coursepriv))) {
+                    $$allroles{'cm.'.$area}.=':'.$coursepriv;
+                    $$allroles{$spec.'.'.$area}.=':'.$coursepriv;
+                }
+            }
+        }
+    }
+}
+
+
+sub standard_roleprivs {
+    my ($allroles,$trole,$tdomain,$spec,$trest,$area) = @_;
+    if (defined($pr{$trole.':s'})) {
+        $$allroles{'cm./'}.=':'.$pr{$trole.':s'};
+        $$allroles{$spec.'./'}.=':'.$pr{$trole.':s'};
+    }
+    if ($tdomain ne '') {
+        if (defined($pr{$trole.':d'})) {
+            $$allroles{'cm./'.$tdomain.'/'}.=':'.$pr{$trole.':d'};
+            $$allroles{$spec.'./'.$tdomain.'/'}.=':'.$pr{$trole.':d'};
+        }
+        if (($trest ne '') && (defined($pr{$trole.':c'}))) {
+            $$allroles{'cm.'.$area}.=':'.$pr{$trole.':c'};
+            $$allroles{$spec.'.'.$area}.=':'.$pr{$trole.':c'};
+        }
+    }
+}
+
+sub set_userprivs {
+    my ($userroles,$allroles) = @_; 
+    my $author=0;
+    my $adv=0;
+    foreach (keys %{$allroles}) {
+        my %thesepriv=();
+        if (($_=~/^au/) || ($_=~/^ca/)) { $author=1; }
+        foreach (split(/:/,$$allroles{$_})) {
+            if ($_ ne '') {
+                my ($privilege,$restrictions)=split(/&/,$_);
+                if ($restrictions eq '') {
+                    $thesepriv{$privilege}='F';
+                } elsif ($thesepriv{$privilege} ne 'F') {
+                    $thesepriv{$privilege}.=$restrictions;
+                }
+                if ($thesepriv{'adv'} eq 'F') { $adv=1; }
+            }
+        }
+        my $thesestr='';
+        foreach (keys %thesepriv) { $thesestr.=':'.$_.'&'.$thesepriv{$_}; }
+        $$userroles.='user.priv.'.$_.'='.$thesestr."\n";
+    }
+    return ($author,$adv);
+}
+
 # --------------------------------------------------------------- get interface
 
 sub get {
@@ -2487,7 +2533,7 @@ sub get {
    my %returnhash=();
    my $i=0;
    foreach (@$storearr) {
-      $returnhash{$_}=unescape($pairs[$i]);
+      $returnhash{$_}=&thaw_unescape($pairs[$i]);
       $i++;
    }
    return %returnhash;
@@ -2526,7 +2572,7 @@ sub dump {
    my %returnhash=();
    foreach (@pairs) {
       my ($key,$value)=split(/=/,$_);
-      $returnhash{unescape($key)}=unescape($value);
+      $returnhash{unescape($key)}=&thaw_unescape($value);
    }
    return %returnhash;
 }
@@ -2572,7 +2618,7 @@ sub currentdump {
            my ($key,$value)=split(/=/,$_);
            my ($symb,$param) = split(/:/,$key);
            $returnhash{&unescape($symb)}->{&unescape($param)} = 
-                                                          &unescape($value);
+                                                        &thaw_unescape($value);
        }
    }
    return %returnhash;
@@ -2638,7 +2684,31 @@ sub put {
    my $uhome=&homeserver($uname,$udomain);
    my $items='';
    foreach (keys %$storehash) {
-       $items.=&escape($_).'='.&escape($$storehash{$_}).'&';
+       $items.=&escape($_).'='.&freeze_escape($$storehash{$_}).'&';
+   }
+   $items=~s/\&$//;
+   return &reply("put:$udomain:$uname:$namespace:$items",$uhome);
+}
+
+# ---------------------------------------------------------- putstore interface
+                                                                                     
+sub putstore {
+   my ($namespace,$storehash,$udomain,$uname)=@_;
+   if (!$udomain) { $udomain=$ENV{'user.domain'}; }
+   if (!$uname) { $uname=$ENV{'user.name'}; }
+   my $uhome=&homeserver($uname,$udomain);
+   my $items='';
+   my %allitems = ();
+   foreach (keys %$storehash) {
+       if ($_ =~ m/^([^\:]+):([^\:]+):([^\:]+)$/) {
+           my $key = $1.':keys:'.$2;
+           $allitems{$key} .= $3.':';
+       }
+       $items.=$_.'='.&escape($$storehash{$_}).'&';
+   }
+   foreach (keys %allitems) {
+       $allitems{$_} =~ s/\:$//;
+       $items.= $_.'='.$allitems{$_}.'&';
    }
    $items=~s/\&$//;
    return &reply("put:$udomain:$uname:$namespace:$items",$uhome);
@@ -2653,7 +2723,7 @@ sub cput {
    my $uhome=&homeserver($uname,$udomain);
    my $items='';
    foreach (keys %$storehash) {
-       $items.=escape($_).'='.escape($$storehash{$_}).'&';
+       $items.=escape($_).'='.&freeze_escape($$storehash{$_}).'&';
    }
    $items=~s/\&$//;
    return &critical("put:$udomain:$uname:$namespace:$items",$uhome);
@@ -2676,7 +2746,7 @@ sub eget {
    my %returnhash=();
    my $i=0;
    foreach (@$storearr) {
-      $returnhash{$_}=unescape($pairs[$i]);
+      $returnhash{$_}=&thaw_unescape($pairs[$i]);
       $i++;
    }
    return %returnhash;
@@ -2719,18 +2789,27 @@ sub customaccess {
 # ------------------------------------------------- Check for a user privilege
 
 sub allowed {
-    my ($priv,$uri)=@_;
+    my ($priv,$uri,$symb)=@_;
     $uri=&deversion($uri);
     my $orguri=$uri;
     $uri=&declutter($uri);
-
+    
+    
+    
     if (defined($ENV{'allowed.'.$priv})) { return $ENV{'allowed.'.$priv}; }
 # Free bre access to adm and meta resources
-
-    if ((($uri=~/^adm\//) || ($uri=~/\.meta$/)) && ($priv eq 'bre')) {
+    if (((($uri=~/^adm\//) && ($uri !~ m|/bulletinboard$|)) 
+	 || ($uri=~/\.meta$/)) && ($priv eq 'bre')) {
 	return 'F';
     }
 
+# Free bre access to user's own portfolio contents
+    my ($space,$domain,$name,$dir)=split('/',$uri);
+    if (('uploaded' eq $space) && ($ENV{'user.name'} eq $name) && 
+	($ENV{'user.domain'} eq $domain) && ('portfolio' eq $dir)) {
+        return 'F';
+    }
+
 # Free bre to public access
 
     if ($priv eq 'bre') {
@@ -2991,7 +3070,7 @@ sub allowed {
 
    if ($thisallowed=~/X/) {
       if ($ENV{'acc.randomout'}) {
-         my $symb=&symbread($uri,1);
+	 if (!$symb) { $symb=&symbread($uri,1); }
          if (($symb) && ($ENV{'acc.randomout'}=~/\&\Q$symb\E\&/)) { 
             return ''; 
          }
@@ -3148,19 +3227,19 @@ sub fetch_enrollment_query {
     $cmd = &escape($cmd);
     my $query = 'fetchenrollment';
     my $queryid=&reply("querysend:".$query.':'.$dom.':'.$ENV{'user.name'}.':'.$cmd,$homeserver);
-    unless ($queryid=~/^\Q$host\E\_/) { return 'error: '.$queryid; }
+    unless ($queryid=~/^\Q$host\E\_/) { 
+        &logthis('fetch_enrollment_query: invalid queryid: '.$queryid.' for host: '.$host.' and homeserver: '.$homeserver.' context: '.$context.' '.$cnum); 
+        return 'error: '.$queryid;
+    }
     my $reply = &get_query_reply($queryid);
     my $tries = 1;
     while (($reply=~/^timeout/) && ($tries < $maxtries)) {
-	$reply = &get_query_reply($queryid);
-	$tries++;
+        $reply = &get_query_reply($queryid);
+        $tries ++;
     }
     if ( ($reply =~/^timeout/) || ($reply =~/^error/) ) {
-	&logthis('fetch_enrollment_query error: '.$reply.' for '.$dom.' '.
-		 $ENV{'user.name'}.' for '.$queryid.' context: '.$context.' '.
-		 $cnum.' maxtries: '.$maxtries.' tries: '.$tries);
-    }
-    unless ( ($reply =~/^timeout/) || ($reply =~/^error/) ) {
+        &logthis('fetch_enrollment_query error: '.$reply.' for '.$dom.' '.$ENV{'user.name'}.' for '.$queryid.' context: '.$context.' '.$cnum.' maxtries: '.$maxtries.' tries: '.$tries);
+    } else {
         my @responses = split/:/,$reply;
         if ($homeserver eq $perlvar{'lonHostID'}) {
             foreach (@responses) {
@@ -3177,10 +3256,14 @@ sub fetch_enrollment_query {
                         my $filename = $dom.'_'.$key.'_'.$_.'_classlist.xml';
                         my $destname = $pathname.'/'.$filename;
                         my $xml_classlist = &reply("autoretrieve:".$filename,$homeserver);
-                        unless ($xml_classlist =~ /^error/) {
+                        if ($xml_classlist =~ /^error/) {
+                            &logthis('fetch_enrollment_query - autoretrieve error: '.$xml_classlist.' for '.$filename.' from server: '.$homeserver.' '.$context.' '.$cnum);
+                        } else {
                             if ( open(FILE,">$destname") ) {
                                 print FILE &unescape($xml_classlist);
                                 close(FILE);
+                            } else {
+                                &logthis('fetch_enrollment_query - error opening classlist file '.$destname.' '.$context.' '.$cnum);
                             }
                         }
                     }
@@ -3562,8 +3645,7 @@ sub modify_student_enrollment {
         $gene   = $tmp{'generation'} if (!defined($gene)   || $gene eq '');
         $uid    = $tmp{'id'}         if (!defined($uid)    || $uid  eq '');
     }
-    my $fullname = &Apache::loncoursedata::ProcessFullName($last,$gene,
-                                                           $first,$middle);
+    my $fullname = &format_name($first,$middle,$last,$gene,'lastname');
     my $reply=cput('classlist',
 		   {"$uname:$udom" => 
 			join(':',$end,$start,$uid,$usec,$fullname,$type,$locktype) },
@@ -3580,6 +3662,25 @@ sub modify_student_enrollment {
     return &assignrole($udom,$uname,$uurl,'st',$end,$start);
 }
 
+sub format_name {
+    my ($firstname,$middlename,$lastname,$generation,$first)=@_;
+    my $name;
+    if ($first ne 'lastname') {
+	$name=$firstname.' '.$middlename.' '.$lastname.' '.$generation;
+    } else {
+	if ($lastname=~/\S/) {
+	    $name.= $lastname.' '.$generation.', '.$firstname.' '.$middlename;
+	    $name=~s/\s+,/,/;
+	} else {
+	    $name.= $firstname.' '.$middlename.' '.$generation;
+	}
+    }
+    $name=~s/^\s+//;
+    $name=~s/\s+$//;
+    $name=~s/\s+/ /g;
+    return $name;
+}
+
 # ------------------------------------------------- Write to course preferences
 
 sub writecoursepref {
@@ -3602,7 +3703,7 @@ sub writecoursepref {
 # ---------------------------------------------------------- Make/modify course
 
 sub createcourse {
-    my ($udom,$description,$url,$course_server,$nonstandard,$inst_code)=@_;
+    my ($udom,$description,$url,$course_server,$nonstandard,$inst_code,$course_owner)=@_;
     $url=&declutter($url);
     my $cid='';
     unless (&allowed('ccc',$udom)) {
@@ -3637,7 +3738,7 @@ sub createcourse {
 # ----------------------------------------------------------------- Course made
 # log existence
     &courseidput($udom,&escape($udom.'_'.$uname).'='.&escape($description).
-                 '='.&escape($inst_code),$uhome);
+                 ':'.&escape($inst_code).':'.&escape($course_owner),$uhome);
     &flushcourselogs();
 # set toplevel url
     my $topurl=$url;
@@ -3690,41 +3791,177 @@ sub revokecustomrole {
            $deleteflag);
 }
 
+# ------------------------------------------------------------ Disk usage
+sub diskusage {
+    my ($udom,$uname,$directoryRoot)=@_;
+    $directoryRoot =~ s/\/$//;
+    my $listing=&reply('du:'.$directoryRoot,homeserver($uname,$udom));
+    return $listing;
+}
 
-# ------------------------------------------------------------ Portfolio Director Lister
-# returns listing of contents of user's /userfiles/portfolio/ directory
-# 
+sub is_locked {
+    my ($file_name, $domain, $user) = @_;
+    my @check;
+    my $is_locked;
+    push @check, $file_name;
+    my %locked = &Apache::lonnet::get('file_permissions',\@check,
+                                        $ENV{'user.domain'},$ENV{'user.name'});
+    if (ref($locked{$file_name}) eq 'ARRAY') {
+        $is_locked = 'true';
+    } else {
+        $is_locked = 'false';
+    }
+}
 
-sub portfoliolist {
-    my ($currentPath, $currentFile) = @_;
-    my ($udom, $uname, $portfolioRoot);
-    $uname=$ENV{'user.name'};
-    $udom=$ENV{'user.domain'};
-    # really should interrogate the system for home directory information, but . . .
-    $portfolioRoot = '/home/httpd/lonUsers/'.$udom.'/';
-    $uname =~ /^(.?)(.?)(.?)/;
-    $portfolioRoot = $portfolioRoot.$1.'/'.$2.'/'.$3.'/'.$uname.'/userfiles/portfolio';
-    my $listing = &reply('ls:'.$portfolioRoot.$currentPath, &homeserver($uname,$udom));
-    return $listing;
+# ------------------------------------------------------------- Mark as Read Only
+
+sub mark_as_readonly {
+    my ($domain,$user,$files,$what) = @_;
+    my %current_permissions = &Apache::lonnet::dump('file_permissions',$domain,$user);
+    foreach my $file (@{$files}) {
+        push(@{$current_permissions{$file}},$what);
+    }
+    &Apache::lonnet::put('file_permissions',\%current_permissions,$domain,$user);
+    return;
 }
 
-sub portfoliomanage {
+# ------------------------------------------------------------Save Selected Files
 
-#FIXME please user the existing remove userfile function instead and
-#add a userfilerename functions.
-#FIXME uhome should never be an argument to any lonnet functions
-
-    # handles deleting and renaming files in user's userfiles/portfolio/ directory
-    # 
-    my ($filename, $fileaction, $filenewname) = @_;
-    my ($udom, $uname, $uhome);
-    $uname=$ENV{'user.name'};
-    $udom=$ENV{'user.domain'};
-    $uhome=$ENV{'user.home'};
-    my $listing = reply('portfoliomanage:'.$uname.':'.$udom.':'.$filename.':'.$fileaction.':'.$filenewname, $uhome);
-    return $listing;
+sub save_selected_files {
+    my ($user, $path, @files) = @_;
+    my $filename = $user."savedfiles";
+    my @other_files = &files_not_in_path($user, $path);
+    open (OUT, '>'.$Apache::lonnet::perlvar{'lonDaemons'}.'/tmp/'.$filename);
+    foreach my $file (@files) {
+        print (OUT $ENV{'form.currentpath'}.$file."\n");
+    }
+    foreach my $file (@other_files) {
+        print (OUT $file."\n");
+    }
+    close (OUT);
+    return 'ok';
 }
 
+sub clear_selected_files {
+    my ($user) = @_;
+    my $filename = $user."savedfiles";
+    open (OUT, '>'.$Apache::lonnet::perlvar{'lonDaemons'}.'/tmp/'.$filename);
+    print (OUT undef);
+    close (OUT);
+    return ("ok");    
+}
+
+sub files_in_path {
+    my ($user, $path) = @_;
+    my $filename = $user."savedfiles";
+    my %return_files;
+    open (IN, '<'.$Apache::lonnet::perlvar{'lonDaemons'}.'/tmp/'.$filename);
+    while (my $line_in = <IN>) {
+        chomp ($line_in);
+        my @paths_and_file = split (m!/!, $line_in);
+        my $file_part = pop (@paths_and_file);
+        my $path_part = join ('/', @paths_and_file);
+        $path_part.='/';
+        my $path_and_file = $path_part.$file_part;
+        if ($path_part eq $path) {
+            $return_files{$file_part}= 'selected';
+        }
+    }
+    close (IN);
+    return (\%return_files);
+}
+
+# called in portfolio select mode, to show files selected NOT in current directory
+sub files_not_in_path {
+    my ($user, $path) = @_;
+    my $filename = $user."savedfiles";
+    my @return_files;
+    my $path_part;
+    open (IN, '<'.$Apache::lonnet::perlvar{'lonDaemons'}.'/tmp/'.$filename);
+    while (<IN>) {
+        #ok, I know it's clunky, but I want it to work
+        my @paths_and_file = split m!/!, $_;
+        my $file_part = pop (@paths_and_file);
+        chomp ($file_part);
+        my $path_part = join ('/', @paths_and_file);
+        $path_part .= '/';
+        my $path_and_file = $path_part.$file_part;
+        if ($path_part ne $path) {
+            push (@return_files, ($path_and_file));
+        }
+    }
+    close (OUT);
+    return (@return_files);
+}
+
+#--------------------------------------------------------------Get Marked as Read Only
+
+sub get_marked_as_readonly {
+    my ($domain,$user,$what) = @_;
+    my %current_permissions = &Apache::lonnet::dump('file_permissions',$domain,$user);
+    my @readonly_files;
+    while (my ($file_name,$value) = each(%current_permissions)) {
+        if (ref($value) eq "ARRAY"){
+            foreach my $stored_what (@{$value}) {
+                if ($stored_what eq $what) {
+                    push(@readonly_files, $file_name);
+                } elsif (!defined($what)) {
+                    push(@readonly_files, $file_name);
+                }
+            }
+        } 
+    }
+    return @readonly_files;
+}
+#-----------------------------------------------------------Get Marked as Read Only Hash
+
+sub get_marked_as_readonly_hash {
+    my ($domain,$user,$what) = @_;
+    my %current_permissions = &Apache::lonnet::dump('file_permissions',$domain,$user);
+    my %readonly_files;
+    while (my ($file_name,$value) = each(%current_permissions)) {
+        if (ref($value) eq "ARRAY"){
+            foreach my $stored_what (@{$value}) {
+                if ($stored_what eq $what) {
+                    $readonly_files{$file_name} = 'locked';
+                } elsif (!defined($what)) {
+                    $readonly_files{$file_name} = 'locked';
+                }
+            }
+        } 
+    }
+    return %readonly_files;
+}
+# ------------------------------------------------------------ Unmark as Read Only
+
+sub unmark_as_readonly {
+    # unmarks all files locked by $what 
+    # for portfolio submissions, $what contains $crsid and $symb
+    my ($domain,$user,$what) = @_;
+    my %current_permissions = &Apache::lonnet::dump('file_permissions',$domain,$user);
+    my @readonly_files = &Apache::lonnet::get_marked_as_readonly($domain,$user,$what);
+    foreach my $file(@readonly_files){
+        my $current_locks = $current_permissions{$file};
+        my @new_locks;
+        my @del_keys;
+        if (ref($current_locks) eq "ARRAY"){
+            foreach my $locker (@{$current_locks}) {
+                unless ($locker eq $what) {
+                    push(@new_locks, $what);
+                }
+            }
+            if (@new_locks > 0) {
+                $current_permissions{$file} = \@new_locks;
+            } else {
+                push(@del_keys, $file);
+                &Apache::lonnet::del('file_permissions',\@del_keys, $domain, $user);
+                delete $current_permissions{$file};
+            }
+        }
+    }
+    &Apache::lonnet::put('file_permissions',\%current_permissions,$domain,$user);
+    return;
+}
 
 # ------------------------------------------------------------ Directory lister
 
@@ -3834,6 +4071,9 @@ sub GetFileTimestamp {
 
 sub directcondval {
     my $number=shift;
+    if (!defined($ENV{'user.state.'.$ENV{'request.course.id'}})) {
+	&Apache::lonuserstate::evalstate();
+    }
     if ($ENV{'user.state.'.$ENV{'request.course.id'}}) {
        return substr($ENV{'user.state.'.$ENV{'request.course.id'}},$number,1);
     } else {
@@ -4078,7 +4318,7 @@ sub EXT {
 		$section=$ENV{'request.course.sec'};
 	    } else {
 		if (! defined($usection)) {
-		    $section=&usection($udom,$uname,$courseid);
+		    $section=&getsection($udom,$uname,$courseid);
 		} else {
 		    $section = $usection;
 		}
@@ -4232,7 +4472,9 @@ sub metadata {
     my ($uri,$what,$liburi,$prefix,$depthcount)=@_;
     $uri=&declutter($uri);
     # if it is a non metadata possible uri return quickly
-    if (($uri eq '') || (($uri =~ m|^/*adm/|) && ($uri !~ m|^adm/includes|)) ||
+    if (($uri eq '') || 
+	(($uri =~ m|^/*adm/|) && 
+	     ($uri !~ m|^adm/includes|) && ($uri !~ m|/bulletinboard$|)) ||
         ($uri =~ m|/$|) || ($uri =~ m|/.meta$|) || ($uri =~ /^~/) ||
 	($uri =~ m|home/[^/]+/public_html/|)) {
 	return undef;
@@ -4480,27 +4722,29 @@ sub metadata_generate_part0 {
 sub gettitle {
     my $urlsymb=shift;
     my $symb=&symbread($urlsymb);
-    unless ($symb) {
-	unless ($urlsymb) { $urlsymb=$ENV{'request.filename'}; }
-        return &metadata($urlsymb,'title'); 
-    }
-    my ($result,$cached)=&is_cached(\%titlecache,$symb,'title',600);
-    if (defined($cached)) { return $result; }
-    my ($map,$resid,$url)=&decode_symb($symb);
-    my $title='';
-    my %bighash;
-    if (tie(%bighash,'GDBM_File',$ENV{'request.course.fn'}.'.db',
-                            &GDBM_READER(),0640)) {
-        my $mapid=$bighash{'map_pc_'.&clutter($map)};
-        $title=$bighash{'title_'.$mapid.'.'.$resid};
-        untie %bighash;
-    }
-    $title=~s/\&colon\;/\:/gs;
-    if ($title) {
-        return &do_cache(\%titlecache,$symb,$title,'title');
-    } else {
-	return &metadata($urlsymb,'title');
-    }
+    if ($symb) {
+	my ($result,$cached)=&is_cached(\%titlecache,$symb,'title',600);
+	if (defined($cached)) { 
+	    return $result;
+	}
+	my ($map,$resid,$url)=&decode_symb($symb);
+	my $title='';
+	my %bighash;
+	if (tie(%bighash,'GDBM_File',$ENV{'request.course.fn'}.'.db',
+		&GDBM_READER(),0640)) {
+	    my $mapid=$bighash{'map_pc_'.&clutter($map)};
+	    $title=$bighash{'title_'.$mapid.'.'.$resid};
+	    untie %bighash;
+	}
+	$title=~s/\&colon\;/\:/gs;
+	if ($title) {
+	    return &do_cache(\%titlecache,$symb,$title,'title');
+	}
+	$urlsymb=$url;
+    }
+    my $title=&metadata($urlsymb,'title');
+    if (!$title) { $title=(split('/',$urlsymb))[-1]; }    
+    return $title;
 }
     
 # ------------------------------------------------- Update symbolic store links
@@ -4558,8 +4802,11 @@ sub symbverify {
                if (
   &symbclean(&declutter($bighash{'map_id_'.$mapid}).'___'.$resid.'___'.$thisfn)
    eq $symb) { 
-                  $okay=1; 
-               }
+		   if (($ENV{'request.role.adv'}) ||
+		       $bighash{'encrypted_'.$_} eq $ENV{'request.enc'}) {
+		       $okay=1; 
+		   }
+	       }
 	   }
         }
 	untie(%bighash);
@@ -4571,7 +4818,7 @@ sub symbverify {
 
 sub symbclean {
     my $symb=shift;
-
+    if ($symb=~m|^/enc/|) { $symb=&Apache::lonenc::unencrypted($symb); }
 # remove version from map
     $symb=~s/\.(\d+)\.(\w+)\_\_\_/\.$2\_\_\_/;
 
@@ -4592,7 +4839,9 @@ sub encode_symb {
 }
 
 sub decode_symb {
-    my ($map,$resid,$url)=split(/\_\_\_/,shift);
+    my $symb=shift;
+    if ($symb=~m|^/enc/|) { $symb=&Apache::lonenc::unencrypted($symb); }
+    my ($map,$resid,$url)=split(/___/,$symb);
     return (&fixversion($map),$resid,&fixversion($url));
 }
 
@@ -4641,6 +4890,7 @@ sub symbread {
 	}
 	$thisfn=$ENV{'request.filename'};
     }
+    if ($thisfn=~m|^/enc/|) { $thisfn=&Apache::lonenc::unencrypted($thisfn); }
 # is that filename actually a symb? Verify, clean, and return
     if ($thisfn=~/\_\_\_\d+\_\_\_(.*)$/) {
 	if (&symbverify($thisfn,$1)) {
@@ -4751,8 +5001,25 @@ sub numval2 {
     return int($total);
 }
 
+sub numval3 {
+    use integer;
+    my $txt=shift;
+    $txt=~tr/A-J/0-9/;
+    $txt=~tr/a-j/0-9/;
+    $txt=~tr/K-T/0-9/;
+    $txt=~tr/k-t/0-9/;
+    $txt=~tr/U-Z/0-5/;
+    $txt=~tr/u-z/0-5/;
+    $txt=~s/\D//g;
+    my @txts=split(/(\d\d\d\d\d\d\d\d\d)/,$txt);
+    my $total;
+    foreach my $val (@txts) { $total+=$val; }
+    if ($_64bit) { $total=(($total<<32)>>32); }
+    return $total;
+}
+
 sub latest_rnd_algorithm_id {
-    return '64bit3';
+    return '64bit4';
 }
 
 sub get_rand_alg {
@@ -4791,7 +5058,13 @@ sub rndseed {
     if (!$username) { $username=$wusername }
     my $which=&get_rand_alg();
     if (defined(&getCODE())) {
-	return &rndseed_CODE_64bit($symb,$courseid,$domain,$username);
+	if ($which eq '64bit4') {
+	    return &rndseed_CODE_64bit4($symb,$courseid,$domain,$username);
+	} else {
+	    return &rndseed_CODE_64bit($symb,$courseid,$domain,$username);
+	}
+    } elsif ($which eq '64bit4') {
+	return &rndseed_64bit4($symb,$courseid,$domain,$username);
     } elsif ($which eq '64bit3') {
 	return &rndseed_64bit3($symb,$courseid,$domain,$username);
     } elsif ($which eq '64bit2') {
@@ -4837,6 +5110,7 @@ sub rndseed_64bit {
 	#&Apache::lonxml::debug("$symbseed:$nameseed;$domainseed|$courseseed;$namechck:$symbchck");
 	#&Apache::lonxml::debug("rndseed :$num:$symb");
 	if ($_64bit) { $num1=(($num1<<32)>>32); $num2=(($num2<<32)>>32); }
+	if ($_64bit) { $num1=(($num1<<32)>>32); $num2=(($num2<<32)>>32); }
 	return "$num1,$num2";
     }
 }
@@ -4859,7 +5133,6 @@ sub rndseed_64bit2 {
 	my $num2=$nameseed+$domainseed+$courseseed;
 	#&Apache::lonxml::debug("$symbseed:$nameseed;$domainseed|$courseseed;$namechck:$symbchck");
 	#&Apache::lonxml::debug("rndseed :$num:$symb");
-	if ($_64bit) { $num1=(($num1<<32)>>32); $num2=(($num2<<32)>>32); }
 	return "$num1,$num2";
     }
 }
@@ -4888,6 +5161,30 @@ sub rndseed_64bit3 {
     }
 }
 
+sub rndseed_64bit4 {
+    my ($symb,$courseid,$domain,$username)=@_;
+    {
+	use integer;
+	# strings need to be an even # of cahracters long, it it is odd the
+        # last characters gets thrown away
+	my $symbchck=unpack("%32S*",$symb.' ') << 21;
+	my $symbseed=numval3($symb) << 10;
+	my $namechck=unpack("%32S*",$username.' ');
+	
+	my $nameseed=numval3($username) << 21;
+	my $domainseed=unpack("%32S*",$domain.' ') << 10;
+	my $courseseed=unpack("%32S*",$courseid.' ');
+	
+	my $num1=$symbchck+$symbseed+$namechck;
+	my $num2=$nameseed+$domainseed+$courseseed;
+	#&Apache::lonxml::debug("$symbseed:$nameseed;$domainseed|$courseseed;$namechck:$symbchck");
+	#&Apache::lonxml::debug("rndseed :$num1:$num2:$_64bit");
+	if ($_64bit) { $num1=(($num1<<32)>>32); $num2=(($num2<<32)>>32); }
+	
+	return "$num1:$num2";
+    }
+}
+
 sub rndseed_CODE_64bit {
     my ($symb,$courseid,$domain,$username)=@_;
     {
@@ -4907,6 +5204,25 @@ sub rndseed_CODE_64bit {
     }
 }
 
+sub rndseed_CODE_64bit4 {
+    my ($symb,$courseid,$domain,$username)=@_;
+    {
+	use integer;
+	my $symbchck=unpack("%32S*",$symb.' ') << 16;
+	my $symbseed=numval3($symb);
+	my $CODEchck=unpack("%32S*",&getCODE().' ') << 16;
+	my $CODEseed=numval3(&getCODE());
+	my $courseseed=unpack("%32S*",$courseid.' ');
+	my $num1=$symbseed+$CODEchck;
+	my $num2=$CODEseed+$courseseed+$symbchck;
+	#&Apache::lonxml::debug("$symbseed:$CODEchck|$CODEseed:$courseseed:$symbchck");
+	#&Apache::lonxml::debug("rndseed :$num1:$num2:$symb");
+	if ($_64bit) { $num1=(($num1<<32)>>32); }
+	if ($_64bit) { $num2=(($num2<<32)>>32); }
+	return "$num1:$num2";
+    }
+}
+
 sub setup_random_from_rndseed {
     my ($rndseed)=@_;
     if ($rndseed =~/([,:])/) {
@@ -4993,30 +5309,32 @@ sub receipt {
 # the local server.   
 
 sub getfile {
-    my ($file,$caller) = @_;
+    my ($file) = @_;
 
-    if ($file !~ m|^/*uploaded/(\w+)/(\w+)/(.+)$|) {
-	# normal file from res space
-	&repcopy($file);
-        return &readfile($file);
-    }
-
-    my $info;
-    my $cdom = $1;
-    my $cnum = $2;
-    my $filename = $3;
-    my $path = $Apache::lonnet::perlvar{'lonDocRoot'}.'/userfiles';
-    my ($lwpresp,$rtncode);
-    my $localfile = $path.'/'.$cdom.'/'.$cnum.'/'.$filename;
-    if (-e "$localfile") {
-	my @fileinfo = stat($localfile);
-	$lwpresp = &getuploaded('HEAD',$file,$cdom,$cnum,\$info,\$rtncode);
+    if ($file =~ m|^/*uploaded/|) { $file=&filelocation("",$file); }
+    &repcopy($file);
+    return &readfile($file);
+}
+
+sub repcopy_userfile {
+    my ($file)=@_;
+
+    if ($file =~ m|^/*uploaded/|) { $file=&filelocation("",$file); }
+    if ($file =~ m|^/home/httpd/html/lonUsers/|) { return OK; }
+
+    my ($cdom,$cnum,$filename) = 
+	($file=~m|^\Q$perlvar{'lonDocRoot'}\E/+userfiles/+([^/]+)/+([^/]+)/+(.*)|);
+    my ($info,$rtncode);
+    my $uri="/uploaded/$cdom/$cnum/$filename";
+    if (-e "$file") {
+	my @fileinfo = stat($file);
+	my $lwpresp = &getuploaded('HEAD',$uri,$cdom,$cnum,\$info,\$rtncode);
 	if ($lwpresp ne 'ok') {
 	    if ($rtncode eq '404') {
-		unlink($localfile);
+		unlink($file);
 	    }
 	    #my $ua=new LWP::UserAgent;
-	    #my $request=new HTTP::Request('GET',&tokenwrapper($file));
+	    #my $request=new HTTP::Request('GET',&tokenwrapper($uri));
 	    #my $response=$ua->request($request);
 	    #if ($response->is_success()) {
 	#	return $response->content;
@@ -5026,21 +5344,21 @@ sub getfile {
 	    return -1;
 	}
 	if ($info < $fileinfo[9]) {
-	    return &readfile($localfile);
+	    return OK;
 	}
 	$info = '';
-	$lwpresp = &getuploaded('GET',$file,$cdom,$cnum,\$info,\$rtncode);
+	$lwpresp = &getuploaded('GET',$uri,$cdom,$cnum,\$info,\$rtncode);
 	if ($lwpresp ne 'ok') {
 	    return -1;
 	}
     } else {
-	$lwpresp = &getuploaded('GET',$file,$cdom,$cnum,\$info,\$rtncode);
+	my $lwpresp = &getuploaded('GET',$uri,$cdom,$cnum,\$info,\$rtncode);
 	if ($lwpresp ne 'ok') {
 	    my $ua=new LWP::UserAgent;
-	    my $request=new HTTP::Request('GET',&tokenwrapper($file));
+	    my $request=new HTTP::Request('GET',&tokenwrapper($uri));
 	    my $response=$ua->request($request);
 	    if ($response->is_success()) {
-		return $response->content;
+		$info=$response->content;
 	    } else {
 		return -1;
 	    }
@@ -5049,6 +5367,7 @@ sub getfile {
 	if ($filename =~ m|^(.+)/[^/]+$|) {
 	    push @parts, split(/\//,$1);
 	}
+	my $path = $perlvar{'lonDocRoot'}.'/userfiles';
 	foreach my $part (@parts) {
 	    $path .= '/'.$part;
 	    if (!-e $path) {
@@ -5056,24 +5375,23 @@ sub getfile {
 	    }
 	}
     }
-    open (FILE,">$localfile");
+    open(FILE,">$file");
     print FILE $info;
     close(FILE);
-    if ($caller eq 'uploadrep') {
-	return 'ok';
-    }
-    return $info;
+    return OK;
 }
 
 sub tokenwrapper {
     my $uri=shift;
-    $uri=~s/^http\:\/\/([^\/]+)//;
-    $uri=~s/^\///;
+    $uri=~s|^http\://([^/]+)||;
+    $uri=~s|^/||;
     $ENV{'user.environment'}=~/\/([^\/]+)\.id/;
     my $token=$1;
-    if ($uri=~/^uploaded\/([^\/]+)\/([^\/]+)\/([^\/]+)(\?\.*)*$/) {
-        &appenv('userfile.'.$1.'/'.$2.'/'.$3 => $ENV{'request.course.id'});
-        return 'http://'.$hostname{ &homeserver($2,$1)}.'/'.$uri.
+    my (undef,$udom,$uname,$file)=split('/',$uri,4);
+    if ($udom && $uname && $file) {
+	$file=~s|(\?\.*)*$||;
+        &appenv("userfile.$udom/$uname/$file" => $ENV{'request.course.id'});
+        return 'http://'.$hostname{ &homeserver($uname,$udom)}.'/'.$uri.
                (($uri=~/\?/)?'&':'?').'token='.$token.
                                '&tokenissued='.$perlvar{'lonHostID'};
     } else {
@@ -5118,7 +5436,19 @@ sub filelocation {
     $location = $file;
     $location =~ s:/~(.*?)/(.*):/home/$1/public_html/$2:;
   } elsif ($file=~/^\/*uploaded/) { # is an uploaded file
-    $location=$file;
+      my ($udom,$uname,$filename)=
+	  ($file=~m|^/+uploaded/+([^/]+)/+([^/]+)/+(.*)$|);
+      my $home=&homeserver($uname,$udom);
+      my $is_me=0;
+      my @ids=&current_machine_ids();
+      foreach my $id (@ids) { if ($id eq $home) { $is_me=1; } }
+      if ($is_me) {
+	  $location=&Apache::loncommon::propath($udom,$uname).
+	      '/userfiles/'.$filename;
+      } else {
+	  $location=$Apache::lonnet::perlvar{'lonDocRoot'}.'/userfiles/'.
+	      $udom.'/'.$uname.'/'.$filename;
+      }
   } else {
     $file=~s/^\Q$perlvar{'lonDocRoot'}\E//;
     $file=~s:^/res/:/:;
@@ -5177,6 +5507,7 @@ sub current_machine_ids {
 
 sub declutter {
     my $thisfn=shift;
+    if ($thisfn=~m|^/enc/|) { $thisfn=&Apache::lonenc::unencrypted($thisfn); }
     $thisfn=~s/^\Q$perlvar{'lonDocRoot'}\E//;
     $thisfn=~s/^\///;
     $thisfn=~s/^res\///;
@@ -5194,6 +5525,15 @@ sub clutter {
     return $thisfn;
 }
 
+sub freeze_escape {
+    my ($value)=@_;
+    if (ref($value)) {
+	$value=&nfreeze($value);
+	return '__FROZEN__'.&escape($value);
+    }
+    return &escape($value);
+}
+
 # -------------------------------------------------------- Escape Special Chars
 
 sub escape {
@@ -5210,11 +5550,21 @@ sub unescape {
     return $str;
 }
 
+sub thaw_unescape {
+    my ($value)=@_;
+    if ($value =~ /^__FROZEN__/) {
+	substr($value,0,10,undef);
+	$value=&unescape($value);
+	return &thaw($value);
+    }
+    return &unescape($value);
+}
+
 sub mod_perl_version {
+    return 1;
     if (defined($perlvar{'MODPERL2'})) {
 	return 2;
     }
-    return 1;
 }
 
 sub correct_line_ends {
@@ -5235,7 +5585,7 @@ sub goodbye {
    &logthis(sprintf("%-20s is %s",'%courseresdatacache',scalar(%courseresdatacache)));
 #1.1 only
    &logthis(sprintf("%-20s is %s",'%userresdatacache',scalar(%userresdatacache)));
-   &logthis(sprintf("%-20s is %s",'%usectioncache',scalar(%usectioncache)));
+   &logthis(sprintf("%-20s is %s",'%getsectioncache',scalar(%getsectioncache)));
    &logthis(sprintf("%-20s is %s",'%courseresversioncache',scalar(%courseresversioncache)));
    &logthis(sprintf("%-20s is %s",'%resversioncache',scalar(%resversioncache)));
    &flushcourselogs();
@@ -5247,6 +5597,7 @@ BEGIN {
 # ----------------------------------- Read loncapa.conf and loncapa_apache.conf
     unless ($readit) {
 {
+    # FIXME: Use LONCAPA::Configuration::read_conf here and omit next block
     open(my $config,"</etc/httpd/conf/loncapa.conf");
 
     while (my $configline=<$config>) {
@@ -5314,10 +5665,6 @@ BEGIN {
 	 $hostip{$id}=$ip;
 	 $iphost{$ip}=$id;
 	 if ($role eq 'library') { $libserv{$id}=$name; }
-       } else {
-	 if ($configline) {
-	   &logthis("Skipping hosts.tab line -$configline-");
-	 }
        }
     }
     close($config);
@@ -5397,7 +5744,7 @@ $readit=1;
     {
 	use integer;
 	my $test=(2**32)+1;
-	if ($test != 0) { $_64bit=1; }
+	if ($test != 0) { $_64bit=1; } else { $_64bit=0; }
 	&logthis(" Detected 64bit platform ($_64bit)");
     }
 }
@@ -5627,8 +5974,8 @@ X<rolesinit()>
 B<rolesinit($udom,$username,$authhost)>: get user privileges
 
 =item *
-X<usection()>
-B<usection($udom,$uname,$cname)>: finds the section of student in the
+X<getsection()>
+B<getsection($udom,$uname,$cname)>: finds the section of student in the
 course $cname, return section name/number or '' for "not in course"
 and '-1' for "no section"
 
@@ -5886,9 +6233,10 @@ returns the data handle
 =item *
 
 symbverify($symb,$thisfn) : verifies that $symb actually exists and is
-a possible symb for the URL in $thisfn, returns a 1 on success, 0 on
-failure, user must be in a course, as it assumes the existance of the
-course initi hash, and uses $ENV('request.course.id'}
+a possible symb for the URL in $thisfn, and if is an encryypted
+resource that the user accessed using /enc/ returns a 1 on success, 0
+on failure, user must be in a course, as it assumes the existance of
+the course initial hash, and uses $ENV('request.course.id'}
 
 
 =item *
@@ -6015,6 +6363,17 @@ put($namespace,$storehash,$udom,$uname)
 
 =item *
 
+putstore($namespace,$storehash,$udomain,$uname) : stores hash in namesp
+keys used in storehash include version information (e.g., 1:$symb:message etc.) as
+used in records written by &store and retrieved by &restore.  This function 
+was created for use in editing discussion posts, without incrementing the
+version number included in the key for a particular post. The colon 
+separated list of attribute names (e.g., the value associated with the key 
+1:keys:$symb) is also generated and passed in the ampersand separated 
+items sent to lonnet::reply().  
+
+=item *
+
 cput($namespace,$storehash,$udom,$uname) : critical put
 ($udom and $uname are optional)