--- loncom/auth/lonacc.pm	2015/03/11 17:27:15	1.159.2.1
+++ loncom/auth/lonacc.pm	2014/12/01 22:52:54	1.160
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Cookie Based Access Handler
 #
-# $Id: lonacc.pm,v 1.159.2.1 2015/03/11 17:27:15 raeburn Exp $
+# $Id: lonacc.pm,v 1.160 2014/12/01 22:52:54 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -290,10 +290,7 @@ sub sso_login {
 	return undef;
     }
 
-    my ($user) = ($r->user =~ m/^($match_username)$/);
-    if ($user eq '') {
-        return undef;
-    }
+    my ($user) = ($r->user =~ m/([a-zA-Z0-9_\-@.]*)/);
 
     my $query = $r->args;
     my %form;
@@ -606,6 +603,12 @@ sub handler {
                             return HTTP_NOT_ACCEPTABLE;
                         }
                     }
+                } elsif (($handle =~ /^publicuser_\d+$/) && (&Apache::lonnet::is_portfolio_url($requrl))) {
+                    my $clientip = $r->get_remote_host();
+                    if (&Apache::lonnet::allowed('bre',$requrl,undef,undef,$clientip) ne 'F') {
+                        $env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
+                        return HTTP_NOT_ACCEPTABLE;
+                    }
                 } else {
 		    $env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
 		    return HTTP_NOT_ACCEPTABLE;
@@ -744,7 +747,8 @@ sub handler {
     }
 # ------------------------------------ See if this is a viewable portfolio file
     if (&Apache::lonnet::is_portfolio_url($requrl)) {
-	my $access=&Apache::lonnet::allowed('bre',$requrl);
+        my $clientip = $r->get_remote_host();
+        my $access=&Apache::lonnet::allowed('bre',$requrl,undef,undef,$clientip);
 	if ($access eq 'A') {
 	    &Apache::restrictedaccess::setup_handler($r);
 	    return OK;