--- loncom/interface/domainprefs.pm	2017/01/30 19:18:33	1.160.6.79
+++ loncom/interface/domainprefs.pm	2018/09/14 22:43:14	1.160.6.88
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Handler to set domain-wide configuration settings
 #
-# $Id: domainprefs.pm,v 1.160.6.79 2017/01/30 19:18:33 raeburn Exp $
+# $Id: domainprefs.pm,v 1.160.6.88 2018/09/14 22:43:14 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -262,6 +262,8 @@ sub handler {
                       help => 'Domain_Configuration_LangTZAuth',
                       header => [{col1 => 'Setting',
                                   col2 => 'Value'},
+                                 {col1 => 'Internal Authentication',
+                                  col2 => 'Value'},
                                  {col1 => 'Institutional user types',
                                   col2 => 'Assignable to e-mail usernames'}],
                       print => \&print_defaults,
@@ -618,7 +620,7 @@ sub process_changes {
     } elsif ($action eq 'autocreate') {
         $output = &modify_autocreate($dom,%domconfig);
     } elsif ($action eq 'directorysrch') {
-        $output = &modify_directorysrch($dom,%domconfig);
+        $output = &modify_directorysrch($dom,$lastactref,%domconfig);
     } elsif ($action eq 'usercreation') {
         $output = &modify_usercreation($dom,%domconfig);
     } elsif ($action eq 'selfcreation') {
@@ -744,7 +746,7 @@ sub print_config_box {
         if (($action eq 'autoupdate') || ($action eq 'usercreation') ||
             ($action eq 'selfcreation') || ($action eq 'selfenrollment') ||
             ($action eq 'usersessions') || ($action eq 'coursecategories') ||
-            ($action eq 'contacts')) {
+            ($action eq 'contacts') || ($action eq 'defaults')) {
             if ($action eq 'coursecategories') {
                 $output .= &print_coursecategories('middle',$dom,$item,$settings,\$rowtotal);
                 $colspan = ' colspan="2"';
@@ -1276,7 +1278,7 @@ sub print_login {
             } else {
                 $datatable .= '<input type="file" name="loginheadtag_'.$lonhost.'" />';
             }
-            $datatable .= '</td><td><input type="textbox" name="loginheadtagexempt_'.$lonhost.'" value="'.$exempt.'" /></td></tr>';
+            $datatable .= '</td><td><input type="text" name="loginheadtagexempt_'.$lonhost.'" value="'.$exempt.'" /></td></tr>';
         }
         $datatable .= '</table></td></tr>';
     }
@@ -1436,7 +1438,7 @@ sub display_color_options {
     my $datatable = '<tr'.$css_class.'>'.
         '<td>'.$choices->{'font'}.'</td>';
     if (!$is_custom->{'font'}) {
-        $datatable .=  '<td>'.&mt('Default in use:').'&nbsp;<span id="css_default_'.$role.'_font" style="color: '.$defaults->{'font'}.';">'.$defaults->{'font'}.'</span></td>';
+        $datatable .=  '<td>'.&mt('Default in use:').'&nbsp;<span class="css_default_'.$role.'_font" style="color: '.$defaults->{'font'}.';">'.$defaults->{'font'}.'</span></td>';
     } else {
         $datatable .= '<td>&nbsp;</td>';
     }
@@ -1445,12 +1447,12 @@ sub display_color_options {
     $datatable .= '<td><span class="LC_nobreak">'.
                   '<input type="text" class="colorchooser" size="10" name="'.$role.'_font"'.
                   ' value="'.$current_color.'" />&nbsp;'.
-                  '&nbsp;</td></tr>';
+                  '&nbsp;</span></td></tr>';
     unless ($role eq 'login') { 
         $datatable .= '<tr'.$css_class.'>'.
                       '<td>'.$choices->{'fontmenu'}.'</td>';
         if (!$is_custom->{'fontmenu'}) {
-            $datatable .=  '<td>'.&mt('Default in use:').'&nbsp;<span id="css_default_'.$role.'_font" style="color: '.$defaults->{'fontmenu'}.';">'.$defaults->{'fontmenu'}.'</span></td>';
+            $datatable .=  '<td>'.&mt('Default in use:').'&nbsp;<span class="css_default_'.$role.'_font" style="color: '.$defaults->{'fontmenu'}.';">'.$defaults->{'fontmenu'}.'</span></td>';
         } else {
             $datatable .= '<td>&nbsp;</td>';
         }
@@ -1460,7 +1462,7 @@ sub display_color_options {
                       '<input class="colorchooser" type="text" size="10" name="'
 		      .$role.'_fontmenu"'.
                       ' value="'.$current_color.'" />&nbsp;'.
-                      '&nbsp;</td></tr>';
+                      '&nbsp;</span></td></tr>';
     }
     my $switchserver = &check_switchserver($dom,$confname);
     foreach my $img (@{$images}) {
@@ -1519,7 +1521,8 @@ sub display_color_options {
                         if ($fullwidth ne '' && $fullheight ne '') {
                             if ($fullwidth > $width && $fullheight > $height) { 
                                 my $size = $width.'x'.$height;
-                                system("convert -sample $size $input $output");
+                                my @args = ('convert','-sample',$size,$input,$output);
+                                system({$args[0]} @args);
                                 $showfile = "/$imgdir/tn-".$filename;
                             }
                         }
@@ -1577,7 +1580,7 @@ sub display_color_options {
     my $bgs_def;
     foreach my $item (@{$bgs}) {
         if (!$is_custom->{$item}) {
-            $bgs_def .= '<td><span class="LC_nobreak">'.$choices->{$item}.'</span>&nbsp;<span id="css_default_'.$role.'_'.$item.'" style="background-color: '.$defaults->{'bgs'}{$item}.';">&nbsp;&nbsp;&nbsp;</span><br />'.$defaults->{'bgs'}{$item}.'</td>';
+            $bgs_def .= '<td><span class="LC_nobreak">'.$choices->{$item}.'</span>&nbsp;<span class="css_default_'.$role.'_'.$item.'" style="background-color: '.$defaults->{'bgs'}{$item}.';">&nbsp;&nbsp;&nbsp;</span><br />'.$defaults->{'bgs'}{$item}.'</td>';
         }
     }
     if ($bgs_def) {
@@ -1605,7 +1608,7 @@ sub display_color_options {
     my $links_def;
     foreach my $item (@{$links}) {
         if (!$is_custom->{$item}) {
-            $links_def .= '<td>'.$choices->{$item}.'<br /><span id="css_default_'.$role.'_'.$item.'" style="color: '.$defaults->{'links'}{$item}.';">'.$defaults->{'links'}{$item}.'</span></td>';
+            $links_def .= '<td>'.$choices->{$item}.'<br /><span class="css_default_'.$role.'_'.$item.'" style="color: '.$defaults->{'links'}{$item}.';">'.$defaults->{'links'}{$item}.'</span></td>';
         }
     }
     if ($links_def) {
@@ -1691,17 +1694,15 @@ sub image_changes {
     my ($is_custom,$alt_text,$img_import,$showfile,$fullsize,$role,$img,$imgfile,$logincolors) = @_;
     my $output;
     if ($img eq 'login') {
-            # suppress image for Log-in header
+        $output = '</td><td>'.$logincolors; # suppress image for Log-in header
     } elsif (!$is_custom) {
         if ($img ne 'domlogo') {
-            $output .= &mt('Default image:').'<br />';
+            $output = &mt('Default image:').'<br />';
         } else {
-            $output .= &mt('Default in use:').'<br />';
+            $output = &mt('Default in use:').'<br />';
         }
     }
-    if ($img eq 'login') { # suppress image for Log-in header
-        $output .= '<td>'.$logincolors;
-    } else {
+    if ($img ne 'login') {
         if ($img_import) {
             $output .= '<input type="hidden" name="'.$role.'_import_'.$img.'" value="'.$imgfile.'" />';
         }
@@ -2312,7 +2313,7 @@ sub print_textbookcourses {
         $datatable .= '<option value="'.$k.'"'.$selstr.'>'.$vpos.'</option>';
     }
     $datatable .= '</select>&nbsp;'."\n".
-                  '<input type="checkbox" name="'.$type.'_addbook" value="1" />'.&mt('Add').'</td>'."\n".
+                  '<input type="checkbox" name="'.$type.'_addbook" value="1" />'.&mt('Add').'</span></td>'."\n".
                   '<td colspan="2">'.
                   '<span class="LC_nobreak">'.&mt('Subject:').'<input type="text" size="15" name="'.$type.'_addbook_subject" value="" /></span> '."\n".
                   ('&nbsp;'x2).
@@ -2329,13 +2330,13 @@ sub print_textbookcourses {
         } else {
             $datatable .= '<input type="file" name="'.$type.'_addbook_image" value="" />';
         }
+        $datatable .= '</span>'."\n";
     }
-    $datatable .= '</span>'."\n".
-                  '<span class="LC_nobreak">'.&mt('LON-CAPA course:').'&nbsp;'.
+    $datatable .= '<span class="LC_nobreak">'.&mt('LON-CAPA course:').'&nbsp;'.
                   &Apache::loncommon::select_dom_form($env{'request.role.domain'},$type.'_addbook_cdom').
                   '<input type="text" size="25" name="'.$type.'_addbook_cnum" value="" />'.
                   &Apache::loncommon::selectcourse_link
-                      ('display',$type.'_addbook_cnum',$type.'_addbook_cdom',undef,undef,undef,'Course');
+                      ('display',$type.'_addbook_cnum',$type.'_addbook_cdom',undef,undef,undef,'Course').
                   '</span></td>'."\n".
                   '</tr>'."\n";
     $itemcount ++;
@@ -2514,7 +2515,7 @@ sub print_autoenroll {
                   '<td>'.&mt('Failsafe for no drops when institutional data missing').'</td>'.
                   '<td class="LC_right_item"><span class="LC_nobreak">'.
                   '<input type="text" name="autoenroll_failsafe"'.
-                  ' value="'.$failsafe.'" size="4" /></td></tr>';
+                  ' value="'.$failsafe.'" size="4" /></span></td></tr>';
     $$rowtotal += 4;
     return $datatable;
 }
@@ -2941,7 +2942,7 @@ sub print_contacts {
                               'value="'.$bccemails{$type}.'"  /></fieldset>'.
                               '<fieldset><legend>'.&mt('Optional added text').'</legend>'.
                               &mt('Text automatically added to e-mail:').' '.
-                              '<input type="text" name="'.$type.'_includestr" value="'.$includestr{$type}.'" /><br >'.
+                              '<input type="text" name="'.$type.'_includestr" value="'.$includestr{$type}.'" /><br />'.
                               '<span class="LC_nobreak">'.&mt('Location:').'&nbsp;'.
                               '<label><input type="radio" name="'.$type.'_includeloc" value="s"'.$locchecked{'s'}.' />'.&mt('in subject').'</label>'.
                               ('&nbsp;'x2).
@@ -3002,7 +3003,7 @@ sub print_contacts {
                     if ($currfield{$field} eq 'no') {
                         $display = ' style="display:none"';
                     }
-                    $datatable .= '</td></tr><tr id="help_screenshotsize"'.$display.' />'.
+                    $datatable .= '</td></tr><tr id="help_screenshotsize"'.$display.'>'.
                                   '<td>'.&mt('Maximum size for upload (MB)').'</td><td>'.
                                   '<input type="text" size="5" name="helpform_maxsize" value="'.$maxsize.'" />';
                 }
@@ -3060,8 +3061,10 @@ sub print_helpsettings {
         my $css_class;
         my %existing=&Apache::lonnet::dump('roles',$dom,$confname,'rolesdef_');
         my (%customroles,%ordered,%current);
-        if (ref($settings->{'adhoc'}) eq 'HASH') {
-            %current = %{$settings->{'adhoc'}};
+        if (ref($settings) eq 'HASH') {
+            if (ref($settings->{'adhoc'}) eq 'HASH') {
+                %current = %{$settings->{'adhoc'}};
+            }
         }
         my $count = 0;
         foreach my $key (sort(keys(%existing))) {
@@ -3097,7 +3100,7 @@ sub print_helpsettings {
                 @jsarray = ('bystatus');
             }
         }
-        my %domhelpdesk = &Apache::lonnet::get_active_domroles($dom,['dh'.'da']);
+        my %domhelpdesk = &Apache::lonnet::get_active_domroles($dom,['dh','da']);
         if (keys(%domhelpdesk)) {
             push(@accesstypes,('inc','exc'));
             push(@jsarray,('notinc','notexc'));
@@ -3206,7 +3209,9 @@ sub print_helpsettings {
                                                                 \@templateroles,$newcust).
                       &Apache::lonuserutils::custom_role_table('Course',\%full,\%levels,
                                                                \%levelscurrent,$newcust).
-                      '</fieldset></td></tr>';
+                      '</fieldset>'.
+                      &helpsettings_javascript(\@roles_by_num,$maxnum,$hiddenstr,$formname).
+                      '</td></tr>';
         $count ++;
         $$rowtotal += $count;
     }
@@ -3725,7 +3730,7 @@ sub print_coursedefaults {
         foreach my $type (@types) {
             $datatable .= '<td align="center">'.&mt($type).'<br />'.
                            '<input type="text" name="mysqltables_'.$type.'"'.
-                           ' value="'.$currmysql{$type}.'" size="5" /></td>';
+                           ' value="'.$currmysql{$type}.'" size="8" /></td>';
         }
         $datatable .= '</tr></table></td></tr>'."\n";
         $itemcount ++;
@@ -3923,7 +3928,7 @@ sub print_validation_rows {
                               '</label></span> ';
             }
         } elsif ($item eq 'markup') {
-            $datatable .= '<textarea name="'.$caller.'_validation_markup" cols="50" rows="5" wrap="soft">'.
+            $datatable .= '<textarea name="'.$caller.'_validation_markup" cols="50" rows="5">'.
                            $currvalidation{$item}.
                               '</textarea>';
         }
@@ -3945,7 +3950,7 @@ sub print_validation_rows {
         my ($numdc,$dctable,$rows) = &active_dc_picker($dom,$numinrow,'radio',
                                                        'validationdc',%currhash);
         my $css_class = $itemcount%2 ? ' class="LC_odd_row"' : '';
-        $datatable .= '</td></tr><tr'.$css_class.'><td>';
+        $datatable .= '<tr'.$css_class.'><td>';
         if ($numdc > 1) {
             $datatable .= &mt('Course creation processed as: (choose Dom. Coord.)');
         } else {
@@ -5038,7 +5043,7 @@ sub print_selfcreation {
         $datatable .= '<tr'.$css_class.'>'.
                      '<td class="LC_left_item">'.&mt('Mapping of Shibboleth environment variable names to user data fields (SSO auth)').'</td>'.
                      '<td class="LC_left_item">'."\n".
-                     '<table><tr><td>'."\n";
+                     '<table>'."\n";
         for (my $i=0; $i<@fields; $i++) {
             $rem = $i%($numperrow);
             if ($rem == 0) {
@@ -5402,7 +5407,10 @@ sub print_usermodification {
 sub print_defaults {
     my ($position,$dom,$settings,$rowtotal) = @_;
     my $rownum = 0;
-    my ($datatable,$css_class);
+    my ($datatable,$css_class,$titles);
+    unless ($position eq 'bottom') {
+        $titles = &defaults_titles($dom);
+    }
     if ($position eq 'top') {
         my @items = ('auth_def','auth_arg_def','lang_def','timezone_def',
                      'datelocale_def','portal_def');
@@ -5415,7 +5423,6 @@ sub print_defaults {
                 $defaults{$item} = $domdefaults{$item};
             }
         }
-        my $titles = &defaults_titles($dom);
         foreach my $item (@items) {
             if ($rownum%2) {
                 $css_class = '';
@@ -5463,8 +5470,87 @@ sub print_defaults {
             $datatable .= '</td></tr>';
             $rownum ++;
         }
+    } elsif ($position eq 'middle') {
+        my @items = ('intauth_cost','intauth_check','intauth_switch');
+        my %defaults;
+        if (ref($settings) eq 'HASH') {
+            %defaults = %{$settings};
+            if ($defaults{'intauth_cost'} !~ /^\d+$/) {
+                $defaults{'intauth_cost'} = 10;
+            }
+            if ($defaults{'intauth_check'} !~ /^(0|1|2)$/) {
+                $defaults{'intauth_check'} = 0;
+            }
+            if ($defaults{'intauth_switch'} !~ /^(0|1|2)$/) {
+                $defaults{'intauth_switch'} = 0;
+            }
+        } else {
+            %defaults = (
+                          'intauth_cost'   => 10,
+                          'intauth_check'  => 0,
+                          'intauth_switch' => 0,
+                        );
+        }
+        foreach my $item (@items) {
+            if ($rownum%2) {
+                $css_class = '';
+            } else {
+                $css_class = ' class="LC_odd_row" ';
+            }
+            $datatable .= '<tr'.$css_class.'>'.
+                          '<td><span class="LC_nobreak">'.$titles->{$item}.
+                          '</span></td><td class="LC_left_item" colspan="3">';
+            if ($item eq 'intauth_switch') {
+                my @options = (0,1,2);
+                my %optiondesc = &Apache::lonlocal::texthash (
+                                   0 => 'No',
+                                   1 => 'Yes',
+                                   2 => 'Yes, and copy existing passwd file to passwd.bak file',
+                                 );
+                $datatable .= '<table width="100%">';
+                foreach my $option (@options) {
+                    my $checked = ' ';
+                    if ($defaults{$item} eq $option) {
+                        $checked = ' checked="checked"';
+                    }
+                    $datatable .= '<tr><td class="LC_left_item"><span class="LC_nobreak">'.
+                                  '<label><input type="radio" name="'.$item.
+                                  '" value="'.$option.'"'.$checked.' />'.
+                                  $optiondesc{$option}.'</label></span></td></tr>';
+                }
+                $datatable .= '</table>';
+            } elsif ($item eq 'intauth_check') {
+                my @options = (0,1,2);
+                my %optiondesc = &Apache::lonlocal::texthash (
+                                   0 => 'No',
+                                   1 => 'Yes, allow login then update passwd file using default cost (if higher)',
+                                   2 => 'Yes, disallow login if stored cost is less than domain default',
+                                 );
+                $datatable .= '<table width="100%">';
+                foreach my $option (@options) {
+                    my $checked = ' ';
+                    my $onclick;
+                    if ($defaults{$item} eq $option) {
+                        $checked = ' checked="checked"';
+                    }
+                    if ($option == 2) {
+                        $onclick = ' onclick="javascript:warnIntAuth(this);"';
+                    }
+                    $datatable .= '<tr><td class="LC_left_item"><span class="LC_nobreak">'.
+                                  '<label><input type="radio" name="'.$item.
+                                  '" value="'.$option.'"'.$checked.$onclick.' />'.
+                                  $optiondesc{$option}.'</label></span></td></tr>';
+                }
+                $datatable .= '</table>';
+            } else {
+                $datatable .= '<input type="text" name="'.$item.'" value="'.
+                              $defaults{$item}.'" size="3" onblur="javascript:warnIntAuth(this);" />';
+            }
+            $datatable .= '</td></tr>';
+            $rownum ++;
+        }
     } else {
-        my (%defaults);
+        my %defaults;
         if (ref($settings) eq 'HASH') {
             if ((ref($settings->{'inststatusorder'}) eq 'ARRAY') && (ref($settings->{'inststatustypes'}) eq 'HASH') &&
                 (ref($settings->{'inststatusguest'}) eq 'ARRAY')) {
@@ -5559,6 +5645,9 @@ sub defaults_titles {
                    'timezone_def'  => 'Default timezone',
                    'datelocale_def' => 'Default locale for dates',
                    'portal_def'     => 'Portal/Default URL',
+                   'intauth_cost'   => 'Encryption cost for bcrypt (positive integer)',
+                   'intauth_check'  => 'Check bcrypt cost if authenticated',
+                   'intauth_switch' => 'Existing crypt-based switched to bcrypt on authentication',
                  );
     if ($dom) {
         my $uprimary_id = &Apache::lonnet::domain($dom,'primary');
@@ -5788,7 +5877,7 @@ sub print_coursecategories {
                              '<input type="radio" name="coursecat_'.$item.'" value="'.$type.'"'.$ischecked.
                              ' />'.$lt{$type}.'</label>&nbsp;';
            }
-           $datatable .= '</td></tr>';
+           $datatable .= '</span></td></tr>';
            $itemcount ++;
         }
         $$rowtotal += $itemcount;
@@ -5999,7 +6088,7 @@ sub print_coursecategories {
                 $datatable .= &initialize_categories($itemcount);
             }
         } else {
-            $datatable .= '<td class="LC_right_item">'.$hdritem->{'header'}->[1]->{'col2'}.'</td>'
+            $datatable .= '<tr><td class="LC_right_item">'.$hdritem->{'header'}->[1]->{'col2'}.'</td></tr>'
                           .&initialize_categories($itemcount);
         }
         $$rowtotal += $itemcount;
@@ -6047,7 +6136,7 @@ sub print_serverstatuses {
                       '<span class="LC_nobreak">'.
                       '<input type="text" name="'.$type.'_machines" '.
                       'value="'.$machineaccess{$type}.'" size="10" />'.
-                      '</td></tr>'."\n";
+                      '</span></td></tr>'."\n";
     }
     $$rowtotal += $rownum;
     return $datatable;
@@ -6062,7 +6151,35 @@ sub serverstatus_pages {
 
 sub defaults_javascript {
     my ($settings) = @_;
-    return unless (ref($settings) eq 'HASH');
+    my $intauthcheck = &mt('Warning: disallowing login for an authenticated user if the stored cost is less than the default will require a password reset by/for the user.');
+    my $intauthcost = &mt('Warning: bcrypt encryption cost for internal authentication must be an integer.');
+    &js_escape(\$intauthcheck);
+    &js_escape(\$intauthcost);
+    my $intauthjs = <<"ENDSCRIPT";
+
+function warnIntAuth(field) {
+    if (field.name == 'intauth_check') {
+        if (field.value == '2') {
+            alert('$intauthcheck');
+        }
+    }
+    if (field.name == 'intauth_cost') {
+        field.value.replace(/\s/g,'');
+        if (field.value != '') {
+            var regexdigit=/^\\d+\$/;
+            if (!regexdigit.test(field.value)) {
+                alert('$intauthcost');
+            }
+        }
+    }
+    return;
+}
+
+ENDSCRIPT
+
+    if (ref($settings) ne 'HASH') {
+        return &Apache::lonhtmlcommon::scripttag($intauthjs);
+    }
     if ((ref($settings->{'inststatusorder'}) eq 'ARRAY') && (ref($settings->{'inststatustypes'}) eq 'HASH')) {
         my $maxnum = scalar(@{$settings->{'inststatusorder'}});
         if ($maxnum eq '') {
@@ -6116,10 +6233,14 @@ $jstext
     return;
 }
 
+$intauthjs
+
 // ]]>
 </script>
 
 ENDSCRIPT
+    } else {
+        return &Apache::lonhtmlcommon::scripttag($intauthjs);
     }
 }
 
@@ -6240,7 +6361,7 @@ sub initialize_categories {
     my $select1 = '';
     foreach my $default ('instcode','communities') {
         $css_class = $itemcount%2?' class="LC_odd_row"':'';
-        $chgstr = ' onchange="javascript:reorderCats(this.form,'."'',$default"."_pos','0'".');"';
+        $chgstr = ' onchange="javascript:reorderCats(this.form,'."'','$default"."_pos','0'".');"';
         if ($default eq 'communities') {
             $select1 = $select0;
             $select0 = '';
@@ -6265,8 +6386,9 @@ sub initialize_categories {
                   .'<option value="0">1</option>'
                   .'<option value="1">2</option>'
                   .'<option value="2" selected="selected">3</option></select>&nbsp;'
-                  .&mt('Add category').'</td><td>'.&mt('Name:')
-                  .'&nbsp;<input type="text" size="20" name="addcategory_name" value="" /></td></tr>';
+                  .&mt('Add category').'</span></td><tda<span class="LC_nobreak">>'.&mt('Name:')
+                  .'&nbsp;<input type="text" size="20" name="addcategory_name" value="" /></span>'
+                  .'</td></tr>';
     return $datatable;
 }
 
@@ -6321,7 +6443,7 @@ sub build_category_rows {
                             pop(@{$path});
                         }
                     } else {
-                        $text .= &mt('Add subcategory:').'&nbsp;</span><input type="textbox" size="20" name="addcategory_name_';
+                        $text .= &mt('Add subcategory:').'&nbsp;</span><input type="text" size="20" name="addcategory_name_';
                         if ($j == $numchildren) {
                             $text .= $name;
                         } else {
@@ -6344,7 +6466,7 @@ sub build_category_rows {
                 my $colspan;
                 if ($parent ne 'instcode') {
                     $colspan = $maxdepth - $depth - 1;
-                    $text .= '<td colspan="'.$colspan.'">'.&mt('Add subcategory:').'<input type="textbox" size="20" name="subcat_'.$name.'" value="" /></td>';
+                    $text .= '<td colspan="'.$colspan.'">'.&mt('Add subcategory:').'<input type="text" size="20" name="subcat_'.$name.'" value="" /></td>';
                 }
             }
         }
@@ -6539,7 +6661,7 @@ sub insttypes_row {
         $rem = @{$types}%($numinrow);
     }
     my $colsleft = $numinrow - $rem;
-    if (($rem == 0) && (@{$types} > 0)) {
+    if ($rem == 0) {
         $output .= '<tr>';
     }
     if ($colsleft > 1) {
@@ -7595,14 +7717,14 @@ sub publishlogo {
     } else {
         my $source = $filepath.'/'.$file;
         my $logfile;
-        if (!open($logfile,">>$source".'.log')) {
+        if (!open($logfile,">>",$source.'.log')) {
             return (&mt('No write permission to Authoring Space'));
         }
         print $logfile
 "\n================= Publish ".localtime()." ================\n".
 $env{'user.name'}.':'.$env{'user.domain'}."\n";
 # Save the file
-        if (!open(FH,'>'.$source)) {
+        if (!open(FH,">",$source)) {
             &Apache::lonnet::logthis('Failed to create '.$source);
             return (&mt('Failed to create file'));
         }
@@ -7663,7 +7785,8 @@ $env{'user.name'}.':'.$env{'user.domain'
                 if ($fullwidth ne '' && $fullheight ne '') { 
                     if ($fullwidth > $thumbwidth && $fullheight > $thumbheight) {
                         my $thumbsize = $thumbwidth.'x'.$thumbheight;
-                        system("convert -sample $thumbsize $inputfile $outfile");
+                        my @args = ('convert','-sample',$thumbsize,$inputfile,$outfile);
+                        system({$args[0]} @args);
                         chmod(0660, $filepath.'/tn-'.$file);
                         if (-e $outfile) {
                             my $copyfile=$targetdir.'/tn-'.$file;
@@ -7742,7 +7865,7 @@ sub write_metadata {
     {
         print $logfile "\nWrite metadata file for ".$targetdir.'/'.$file;
         my $mfh;
-        if (open($mfh,'>'.$targetdir.'/'.$file.'.meta')) {
+        if (open($mfh,">",$targetdir.'/'.$file.'.meta')) {
             foreach (sort(keys(%metadatafields))) {
                 unless ($_=~/\./) {
                     my $unikey=$_;
@@ -7776,7 +7899,7 @@ sub notifysubscribed {
         next unless (ref($targetsource) eq 'ARRAY');
         my ($target,$source)=@{$targetsource};
         if ($source ne '') {
-            if (open(my $logfh,'>>'.$source.'.log')) {
+            if (open(my $logfh,">>",$source.'.log')) {
                 print $logfh "\nCleanup phase: Notifications\n";
                 my @subscribed=&subscribed_hosts($target);
                 foreach my $subhost (@subscribed) {
@@ -7802,7 +7925,7 @@ sub notifysubscribed {
 sub subscribed_hosts {
     my ($target) = @_;
     my @subscribed;
-    if (open(my $fh,"<$target.subscription")) {
+    if (open(my $fh,"<","$target.subscription")) {
         while (my $subline=<$fh>) {
             if ($subline =~ /^($match_lonid):/) {
                 my $host = $1;
@@ -8001,16 +8124,20 @@ sub modify_quotas {
                                     #FIXME need to obsolete item in RES space
                                 } elsif ($env{'form.'.$type.'_image_'.$i.'.filename'}) {
                                     my ($cdom,$cnum) = split(/_/,$key);
-                                    my ($imgurl,$error) = &process_textbook_image($r,$dom,$confname,$type.'_image_'.$i,
-                                                                                  $cdom,$cnum,$type,$configuserok,
-                                                                                  $switchserver,$author_ok);
-                                    if ($imgurl) {
-                                        $confhash{$type}{$key}{'image'} = $imgurl;
-                                        $changes{$type}{$key} = 1; 
-                                    }
-                                    if ($error) {
-                                        &Apache::lonnet::logthis($error);
-                                        $errors .= '<li><span class="LC_error">'.$error.'</span></li>';
+                                    if (&Apache::lonnet::homeserver($cnum,$cdom) eq 'no_host') {
+                                        $errors .= '<li><span class="LC_error">'.&mt('Image not saved: could not find textbook course').'</li>';
+                                    } else {
+                                        my ($imgurl,$error) = &process_textbook_image($r,$dom,$confname,$type.'_image_'.$i,
+                                                                                      $cdom,$cnum,$type,$configuserok,
+                                                                                      $switchserver,$author_ok);
+                                        if ($imgurl) {
+                                            $confhash{$type}{$key}{'image'} = $imgurl;
+                                            $changes{$type}{$key} = 1; 
+                                        }
+                                        if ($error) {
+                                            &Apache::lonnet::logthis($error);
+                                            $errors .= '<li><span class="LC_error">'.$error.'</span></li>';
+                                        }
                                     } 
                                 } elsif ($domconfig{$action}{$type}{$key}{'image'}) {
                                     $confhash{$type}{$key}{'image'} = 
@@ -8044,15 +8171,19 @@ sub modify_quotas {
                     if ($type eq 'textbooks') {
                         if ($env{'form.'.$type.'_addbook_image.filename'} ne '') {
                             my ($cdom,$cnum) = split(/_/,$newbook{$type});
-                            my ($imageurl,$error) =
-                                &process_textbook_image($r,$dom,$confname,$type.'_addbook_image',$cdom,$cnum,$type,
-                                                        $configuserok,$switchserver,$author_ok);
-                            if ($imageurl) {
-                                $confhash{$type}{$newbook{$type}}{'image'} = $imageurl;
-                            }
-                            if ($error) {
-                                &Apache::lonnet::logthis($error);
-                                $errors .= '<li><span class="LC_error">'.$error.'</span></li>';
+                            if (&Apache::lonnet::homeserver($cnum,$cdom) eq 'no_host') {
+                                $errors .= '<li><span class="LC_error">'.&mt('Image not saved: could not find textbook course').'</li>';
+                            } else {
+                                my ($imageurl,$error) =
+                                    &process_textbook_image($r,$dom,$confname,$type.'_addbook_image',$cdom,$cnum,$type,
+                                                            $configuserok,$switchserver,$author_ok);
+                                if ($imageurl) {
+                                    $confhash{$type}{$newbook{$type}}{'image'} = $imageurl;
+                                }
+                                if ($error) {
+                                    &Apache::lonnet::logthis($error);
+                                    $errors .= '<li><span class="LC_error">'.$error.'</span></li>';
+                                }
                             }
                         }
                     }
@@ -8544,7 +8675,7 @@ sub process_textbook_image {
         } elsif ($author_ok eq 'ok') {
             my ($result,$imageurl) =
                 &publishlogo($r,'upload',$caller,$dom,$confname,
-                             "$type/$dom/$cnum/cover",$width,$height);
+                             "$type/$cdom/$cnum/cover",$width,$height);
             if ($result eq 'ok') {
                 $url = $imageurl;
             } else {
@@ -8644,9 +8775,9 @@ sub modify_autoenroll {
             }
             if ($changes{'autofailsafe'}) {
                 if ($failsafe ne '') {
-                    $resulttext .= '<li>'.&mt("$title{'failsafe'} set to [_1]",$failsafe).'</li>';
+                    $resulttext .= '<li>'.&mt('Failsafe for no drops if institutional data missing for a section set to: [_1]',$failsafe).'</li>';
                 } else {
-                    $resulttext .= '<li>'.&mt("$title{'failsafe'} deleted");
+                    $resulttext .= '<li>'.&mt('Failsafe for no drops if institutional data missing for a section: deleted');
                 }
                 &Apache::lonnet::get_domain_defaults($dom,1);
                 if (ref($lastactref) eq 'HASH') {
@@ -8925,7 +9056,7 @@ sub modify_autocreate {
 }
 
 sub modify_directorysrch {
-    my ($dom,%domconfig) = @_;
+    my ($dom,$lastactref,%domconfig) = @_;
     my ($resulttext,%changes);
     my %currdirsrch;
     if (ref($domconfig{'directorysrch'}) eq 'HASH') {
@@ -9119,6 +9250,10 @@ sub modify_directorysrch {
                 $resulttext .= '<li>'.&mt($title{'searchtypes'}.' set to: "[_1]"',$chgtext).'</li>';
             }
             $resulttext .= '</ul>';
+            &Apache::lonnet::do_cache_new('directorysrch',$dom,$dirsrch_hash{'directorysrch'},3600);
+            if (ref($lastactref) eq 'HASH') {
+                $lastactref->{'directorysrch'} = 1;
+            }
         } else {
             $resulttext = &mt('No changes made to directory search settings');
         }
@@ -10008,7 +10143,7 @@ sub modify_selfcreation {
         $save_usercreate{'cancreate'}{'shibenv'} = $cancreate{'shibenv'};
     }
     $save_usercreate{'cancreate'}{'emailusername'} = $cancreate{'emailusername'};
-    $save_usercreate{'emailrule'} = \@email_rule;
+    $save_usercreate{'email_rule'} = \@email_rule;
 
     my %userconfig_hash = (
             usercreation     => \%save_usercreate,
@@ -10444,7 +10579,8 @@ sub modify_defaults {
     my ($dom,$lastactref,%domconfig) = @_;
     my ($resulttext,$mailmsgtxt,%newvalues,%changes,@errors);
     my %domdefaults = &Apache::lonnet::get_domain_defaults($dom,1);
-    my @items = ('auth_def','auth_arg_def','lang_def','timezone_def','datelocale_def','portal_def');
+    my @items = ('auth_def','auth_arg_def','lang_def','timezone_def','datelocale_def',
+                 'portal_def','intauth_cost','intauth_check','intauth_switch');
     my @authtypes = ('internal','krb4','krb5','localauth');
     foreach my $item (@items) {
         $newvalues{$item} = $env{'form.'.$item};
@@ -10486,6 +10622,24 @@ sub modify_defaults {
                     push(@errors,$item);
                 }
             }
+        } elsif ($item eq 'intauth_cost') {
+            if ($newvalues{$item} ne '') {
+                if ($newvalues{$item} =~ /\D/) {
+                    push(@errors,$item);
+                }
+            }
+        } elsif ($item eq 'intauth_check') {
+            if ($newvalues{$item} ne '') {
+                unless ($newvalues{$item} =~ /^(0|1|2)$/) {
+                    push(@errors,$item);
+                }
+            }
+        } elsif ($item eq 'intauth_switch') {
+            if ($newvalues{$item} ne '') {
+                unless ($newvalues{$item} =~ /^(0|1|2)$/) {
+                    push(@errors,$item);
+                }
+            }
         }
         if (grep(/^\Q$item\E$/,@errors)) {
             $newvalues{$item} = $domdefaults{$item};
@@ -10640,6 +10794,28 @@ sub modify_defaults {
                                           localauth  => 'loc',
                         );
                         $value = $authnames{$shortauth{$value}};
+                    } elsif ($item eq 'intauth_switch') {
+                        my %optiondesc = &Apache::lonlocal::texthash (
+                                            0 => 'No',
+                                            1 => 'Yes',
+                                            2 => 'Yes, and copy existing passwd file to passwd.bak file',
+                                         );
+                        if ($value =~ /^(0|1|2)$/) {
+                            $value = $optiondesc{$value};
+                        } else {
+                            $value = &mt('none -- defaults to No');
+                        }
+                    } elsif ($item eq 'intauth_check') {
+                        my %optiondesc = &Apache::lonlocal::texthash (
+                                             0 => 'No',
+                                             1 => 'Yes, allow login then update passwd file using default cost (if higher)',
+                                             2 => 'Yes, disallow login if stored cost is less than domain default',
+                                         );
+                        if ($value =~ /^(0|1|2)$/) {
+                            $value = $optiondesc{$value};
+                        } else {
+                            $value = &mt('none -- defaults to No');
+                        }
                     }
                     $resulttext .= '<li>'.&mt('[_1] set to "[_2]"',$title->{$item},$value).'</li>';
                     $mailmsgtext .= "$title->{$item} set to $value\n";  
@@ -11400,7 +11576,7 @@ sub modify_helpsettings {
                                                                    order  => 'Order',
                                                                    desc   => 'Role description',
                                                                    access => 'Role usage',
-                                                                   status => 'Allowed instituional types',
+                                                                   status => 'Allowed institutional types',
                                                                    exc    => 'Allowed personnel',
                                                                    inc    => 'Disallowed personnel',
                         );
@@ -12316,8 +12492,10 @@ sub modify_usersessions {
             }
             my $cachetime = 24*60*60;
             &Apache::lonnet::do_cache_new('domdefaults',$dom,\%domdefaults,$cachetime);
+            &Apache::lonnet::do_cache_new('usersessions',$dom,$defaultshash{'usersessions'},3600);
             if (ref($lastactref) eq 'HASH') {
                 $lastactref->{'domdefaults'} = 1;
+                $lastactref->{'usersessions'} = 1;
             }
             if (keys(%changes) > 0) {
                 my %lt = &usersession_titles();
@@ -13401,7 +13579,7 @@ sub devalidate_remote_domconfs {
     my %servers = &Apache::lonnet::internet_dom_servers($dom);
     my %thismachine;
     map { $thismachine{$_} = 1; } &Apache::lonnet::current_machine_ids();
-    my @posscached = ('domainconfig','domdefaults');
+    my @posscached = ('domainconfig','domdefaults','usersessions','directorysrch');
     if (keys(%servers)) {
         foreach my $server (keys(%servers)) {
             next if ($thismachine{$server});