--- loncom/interface/domainprefs.pm	2017/05/19 20:03:42	1.160.6.82
+++ loncom/interface/domainprefs.pm	2017/08/25 00:04:29	1.311
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Handler to set domain-wide configuration settings
 #
-# $Id: domainprefs.pm,v 1.160.6.82 2017/05/19 20:03:42 raeburn Exp $
+# $Id: domainprefs.pm,v 1.311 2017/08/25 00:04:29 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -27,7 +27,7 @@
 #
 #
 ###############################################################
-##############################################################
+###############################################################
 
 =pod
 
@@ -104,8 +104,8 @@ $datatable  - HTML containing form eleme
 
 In the case of course requests, radio buttons are displayed for each institutional
 affiliate type (and also default, and _LC_adv) for each of the course types 
-(official, unofficial, community, and textbook).  In each case the radio buttons 
-allow the selection of one of four values:
+(official, unofficial, community, textbook, and placement).  
+In each case the radio buttons allow the selection of one of four values:  
 
 0, approval, validate, autolimit=N (where N is blank, or a positive integer).
 which have the following effects:
@@ -170,10 +170,12 @@ use Apache::loncoursequeueadmin();
 use LONCAPA qw(:DEFAULT :match);
 use LONCAPA::Enrollment;
 use LONCAPA::lonauthcgi();
+use LONCAPA::SSL;
 use File::Copy;
 use Locale::Language;
 use DateTime::TimeZone;
 use DateTime::Locale;
+use Time::HiRes qw( sleep );
 
 my $registered_cleanup;
 my $modified_urls;
@@ -216,13 +218,27 @@ sub handler {
                 'contacts','defaults','scantron','coursecategories',
                 'serverstatuses','requestcourses','helpsettings',
                 'coursedefaults','usersessions','loadbalancing',
-                'requestauthor','selfenrollment','inststatus'],$dom);
+                'requestauthor','selfenrollment','inststatus',
+                'ltitools','ssl','trust'],$dom);
+    if (ref($domconfig{'ltitools'}) eq 'HASH') {
+        my %encconfig =
+            &Apache::lonnet::get_dom('encconfig',['ltitools'],$dom);
+        if (ref($encconfig{'ltitools'}) eq 'HASH') {
+            foreach my $id (keys(%{$domconfig{'ltitools'}})) {
+                if (ref($domconfig{'ltitools'}{$id}) eq 'HASH') {
+                    foreach my $item ('key','secret') {
+                        $domconfig{'ltitools'}{$id}{$item} = $encconfig{'ltitools'}{$id}{$item};
+                    }
+                }
+            }
+        }
+    }
     my @prefs_order = ('rolecolors','login','defaults','quotas','autoenroll',
                        'autoupdate','autocreate','directorysrch','contacts',
                        'usercreation','selfcreation','usermodification','scantron',
                        'requestcourses','requestauthor','coursecategories',
                        'serverstatuses','helpsettings','coursedefaults',
-                       'selfenrollment','usersessions');
+                       'ltitools','selfenrollment','usersessions','ssl','trust');
     my %existing;
     if (ref($domconfig{'loadbalancing'}) eq 'HASH') {
         %existing = %{$domconfig{'loadbalancing'}};
@@ -265,7 +281,7 @@ sub handler {
                                  {col1 => 'Internal Authentication',
                                   col2 => 'Value'},
                                  {col1 => 'Institutional user types',
-                                  col2 => 'Assignable to e-mail usernames'}],
+                                  col2 => 'Name displayed'}],
                       print => \&print_defaults,
                       modify => \&modify_defaults,
                     },
@@ -347,7 +363,7 @@ sub handler {
                                 col2 => 'Enabled?'},
                                {col1 => 'Institutional user type (login/SSO self-creation)',
                                 col2 => 'Information user can enter'},
-                               {col1 => 'Self-creation with e-mail as username',
+                               {col1 => 'Self-creation with e-mail verification',
                                 col2 => 'Settings'}],
                     print => \&print_selfcreation,
                     modify => \&modify_selfcreation,
@@ -452,6 +468,14 @@ sub handler {
                   print => \&print_selfenrollment,
                   modify => \&modify_selfenrollment,
                  },
+        'privacy' => 
+                 {text   => 'User Privacy',
+                  help   => 'Domain_Configuration_User_Privacy',
+                  header => [{col1 => 'Setting',
+                              col2 => 'Value',}],
+                  print => \&print_privacy,
+                  modify => \&modify_privacy,
+                 },
         'usersessions' =>
                  {text  => 'User session hosting/offloading',
                   help  => 'Domain_Configuration_User_Sessions',
@@ -475,6 +499,52 @@ sub handler {
                   print => \&print_loadbalancing,
                   modify => \&modify_loadbalancing,
                  },
+        'ltitools' => 
+                 {text => 'External Tools (LTI)',
+                  help => 'Domain_Configuration_LTI_Tools',
+                  header => [{col1 => 'Setting',
+                              col2 => 'Value',}],
+                  print => \&print_ltitools,
+                  modify => \&modify_ltitools,
+                 },
+        'ssl' =>
+                 {text  => 'LON-CAPA Network (SSL)',
+                  help  => 'Domain_Configuration_Network_SSL',
+                  header => [{col1 => 'Server',
+                              col2 => 'Certificate Status'},
+                             {col1 => 'Connections to other servers',
+                              col2 => 'Rules'},
+                             {col1 => 'Connections from other servers',
+                              col2 => 'Rules'},
+                             {col1 => "Replicating domain's published content",
+                              col2 => 'Rules'}],
+                  print => \&print_ssl,
+                  modify => \&modify_ssl,
+                 },
+        'trust' =>
+                 {text   => 'Trust Settings',
+                  help   => 'Domain_Configuration_Trust',
+                  header => [{col1 => "Access to this domain's content by others",
+                              col2 => 'Rules'},
+                             {col1 => "Access to other domain's content by this domain",
+                              col2 => 'Rules'},
+                             {col1 => "Enrollment in this domain's courses by others",
+                              col2 => 'Rules',},
+                             {col1 => "Co-author roles in this domain for others",
+                              col2 => 'Rules',},
+                             {col1 => "Co-author roles for this domain's users elsewhere",
+                              col2 => 'Rules',},
+                             {col1 => "Domain roles in this domain assignable to others",
+                              col2 => 'Rules'},
+                             {col1 => "Course catalog for this domain displayed elsewhere",
+                              col2 => 'Rules'},
+                             {col1 => "Requests for creation of courses in this domain by others",
+                              col2 => 'Rules'},
+                             {col1 => "Users in other domains can send messages to this domain",
+                              col2 => 'Rules'},],
+                  print => \&print_trust,
+                  modify => \&modify_trust,
+                 },
     );
     if (keys(%servers) > 1) {
         $prefs{'login'}  = { text   => 'Log-in page options',
@@ -528,6 +598,9 @@ $javascript_validations
 $coursebrowserjs
 END
         }
+        if (grep(/^selfcreation$/,@actions)) {
+            $js .= &selfcreate_javascript();
+        }
         if (grep(/^contacts$/,@actions)) {
             $js .= &contacts_javascript();
         }
@@ -624,7 +697,7 @@ sub process_changes {
     } elsif ($action eq 'usercreation') {
         $output = &modify_usercreation($dom,%domconfig);
     } elsif ($action eq 'selfcreation') {
-        $output = &modify_selfcreation($dom,%domconfig);
+        $output = &modify_selfcreation($dom,$lastactref,%domconfig);
     } elsif ($action eq 'usermodification') {
         $output = &modify_usermodification($dom,%domconfig);
     } elsif ($action eq 'contacts') {
@@ -651,6 +724,12 @@ sub process_changes {
         $output = &modify_usersessions($dom,$lastactref,%domconfig);
     } elsif ($action eq 'loadbalancing') {
         $output = &modify_loadbalancing($dom,%domconfig);
+    } elsif ($action eq 'ltitools') {
+        $output = &modify_ltitools($r,$dom,$action,$lastactref,%domconfig);
+    } elsif ($action eq 'ssl') {
+        $output = &modify_ssl($dom,$lastactref,%domconfig);
+    } elsif ($action eq 'trust') {
+        $output = &modify_trust($dom,$lastactref,%domconfig);
     }
     return $output;
 }
@@ -677,13 +756,13 @@ sub print_config_box {
         &Apache::lonuserutils::custom_role_privs(\%privs,\%full,\%levels,\%levelscurrent);
         my @templateroles = &Apache::lonuserutils::custom_template_roles($context,$crstype);
         $output =
-            &Apache::lonuserutils::custom_roledefs_js($context,$crstype,$formname,\%full,
+            &Apache::lonuserutils::custom_roledefs_js($context,$crstype,$formname,\%full, 
                                                       \@templateroles);
     }
     $output .=
          '<table class="LC_nested_outer">
           <tr>
-           <th align="left" valign="middle"><span class="LC_nobreak">'.
+           <th class="LC_left_item LC_middle"><span class="LC_nobreak">'.
            &mt($item->{text}).'&nbsp;'.
            &Apache::loncommon::help_open_topic($item->{'help'}).'</span></th>'."\n".
           '</tr>';
@@ -714,8 +793,9 @@ sub print_config_box {
         $rowtotal ++;
         if (($action eq 'autoupdate') || ($action eq 'usercreation') || ($action eq 'selfcreation') ||
             ($action eq 'usermodification') || ($action eq 'defaults') || ($action eq 'coursedefaults') ||
-            ($action eq 'selfenrollment') || ($action eq 'usersessions') || ($action eq 'directorysrch') ||
-            ($action eq 'helpsettings') || ($action eq 'contacts')) {
+            ($action eq 'selfenrollment') || ($action eq 'usersessions') || ($action eq 'ssl') ||
+            ($action eq 'directorysrch') || ($action eq 'trust') || ($action eq 'helpsettings') ||
+            ($action eq 'contacts')) {
             $output .= $item->{'print'}->('top',$dom,$settings,\$rowtotal);
         } elsif ($action eq 'coursecategories') {
             $output .= $item->{'print'}->('top',$dom,$item,$settings,\$rowtotal);
@@ -745,15 +825,46 @@ sub print_config_box {
             $rowtotal ++;
         if (($action eq 'autoupdate') || ($action eq 'usercreation') ||
             ($action eq 'selfcreation') || ($action eq 'selfenrollment') ||
-            ($action eq 'usersessions') || ($action eq 'coursecategories') ||
-            ($action eq 'contacts') || ($action eq 'defaults')) {
+            ($action eq 'usersessions') || ($action eq 'coursecategories') || 
+            ($action eq 'trust') || ($action eq 'contacts') || ($action eq 'defaults')) {
             if ($action eq 'coursecategories') {
                 $output .= &print_coursecategories('middle',$dom,$item,$settings,\$rowtotal);
                 $colspan = ' colspan="2"';
+            } elsif ($action eq 'trust') {
+                $output .= $item->{'print'}->('shared',$dom,$settings,\$rowtotal);
             } else {
                 $output .= $item->{'print'}->('middle',$dom,$settings,\$rowtotal);
             }
-            $output .= '
+            if ($action eq 'trust') {
+                $output .= '
+            </table>
+          </td>
+         </tr>';
+                my @trusthdrs = qw(2 3 4 5 6 7);
+                my @prefixes = qw(enroll othcoau coaurem domroles catalog reqcrs);
+                for (my $i=0; $i<@trusthdrs; $i++) {
+                    $output .= '
+         <tr>
+           <td>
+            <table class="LC_nested">
+             <tr class="LC_info_row">
+              <td class="LC_left_item"'.$colspan.'>'.&mt($item->{'header'}->[$trusthdrs[$i]]->{'col1'}).'</td>
+              <td class="LC_right_item"'.$colspan.'>'.&mt($item->{'header'}->[$trusthdrs[$i]]->{'col2'}).'</td></tr>'.
+                           $item->{'print'}->($prefixes[$i],$dom,$settings,\$rowtotal).'
+            </table>
+          </td>
+         </tr>';
+                }
+                $output .= '
+         <tr>
+           <td>
+            <table class="LC_nested">
+             <tr class="LC_info_row">
+              <td class="LC_left_item"'.$colspan.'>'.&mt($item->{'header'}->[8]->{'col1'}).'</td>
+              <td class="LC_right_item"'.$colspan.'>'.&mt($item->{'header'}->[8]->{'col2'}).'</td></tr>'.
+                           $item->{'print'}->('bottom',$dom,$settings,\$rowtotal);
+            } else {
+                $output .= '
            </table>
           </td>
          </tr>
@@ -764,16 +875,39 @@ sub print_config_box {
               <td class="LC_left_item"'.$colspan.'>'.&mt($item->{'header'}->[2]->{'col1'}).'</td>
               <td class="LC_right_item">'.&mt($item->{'header'}->[2]->{'col2'}).'</td>
              </tr>'."\n";
-            if ($action eq 'coursecategories') {
-                $output .= &print_coursecategories('bottom',$dom,$item,$settings,\$rowtotal);
-            } else {
-                $output .= $item->{'print'}->('bottom',$dom,$settings,\$rowtotal);
+                if ($action eq 'coursecategories') {
+                    $output .= &print_coursecategories('bottom',$dom,$item,$settings,\$rowtotal);
+                } else {
+                    $output .= $item->{'print'}->('bottom',$dom,$settings,\$rowtotal);
+                }
             }
             $rowtotal ++;
         } elsif (($action eq 'usermodification') || ($action eq 'coursedefaults') ||
                  ($action eq 'defaults') || ($action eq 'directorysrch') ||
                  ($action eq 'helpsettings')) {
             $output .= $item->{'print'}->('bottom',$dom,$settings,\$rowtotal);
+        } elsif ($action eq 'ssl') {
+            $output .= $item->{'print'}->('connto',$dom,$settings,\$rowtotal).'
+            </table>
+          </td>
+         </tr>
+         <tr>
+           <td>
+            <table class="LC_nested">
+             <tr class="LC_info_row">
+              <td class="LC_left_item"'.$colspan.'>'.&mt($item->{'header'}->[2]->{'col1'}).'</td>
+              <td class="LC_right_item"'.$colspan.'>'.&mt($item->{'header'}->[2]->{'col2'}).'</td></tr>'.
+                           $item->{'print'}->('connfrom',$dom,$settings,\$rowtotal).'
+            </table>
+          </td>
+         </tr>
+         <tr>
+           <td>
+            <table class="LC_nested">
+             <tr class="LC_info_row">
+              <td class="LC_left_item"'.$colspan.'>'.&mt($item->{'header'}->[3]->{'col1'}).'</td>
+              <td class="LC_right_item"'.$colspan.'>'.&mt($item->{'header'}->[3]->{'col2'}).'</td></tr>'.
+                           $item->{'print'}->('bottom',$dom,$settings,\$rowtotal);
         } elsif ($action eq 'login') {
             if ($numheaders == 4) {
                 $output .= &print_login('page',$dom,$confname,$phase,$settings,\$rowtotal).'
@@ -844,8 +978,8 @@ sub print_config_box {
            <td>
             <table class="LC_nested">
              <tr class="LC_info_row">
-              <td class="LC_left_item"'.$colspan.' valign="top">'.&mt($item->{'header'}->[4]->{'col1'}).'</td>
-              <td class="LC_right_item" valign="top">'.&mt($item->{'header'}->[4]->{'col2'}).'</td>
+              <td class="LC_left_item"'.$colspan.' style="vertical-align: top">'.&mt($item->{'header'}->[4]->{'col1'}).'</td>
+              <td class="LC_right_item" style="vertical-align: top">'.&mt($item->{'header'}->[4]->{'col2'}).'</td>
              </tr>'.
             &print_validation_rows('requestcourses',$dom,$settings,\$rowtotal);
         } elsif ($action eq 'requestauthor') {
@@ -860,9 +994,9 @@ sub print_config_box {
            <td>
             <table class="LC_nested">
              <tr class="LC_info_row">
-              <td class="LC_left_item"'.$colspan.' valign="top">'.
+              <td class="LC_left_item"'.$colspan.' style="vertical-align: top">'.
                &mt($item->{'header'}->[2]->{'col1'}).'</td>
-              <td class="LC_right_item" valign="top">'.
+              <td class="LC_right_item" style="vertical-align: top">'.
                &mt($item->{'header'}->[2]->{'col2'}).'</td>
              </tr>'.
             &print_rolecolors($phase,'author',$dom,$confname,$settings,\$rowtotal).'
@@ -890,30 +1024,30 @@ sub print_config_box {
               <td class="LC_left_item" colspan="2">'.&mt($item->{'header'}->[0]->{'col1'}).'</td>';
         } elsif ($action eq 'serverstatuses') {
             $output .= '
-              <td class="LC_left_item" valign="top">'.&mt($item->{'header'}->[0]->{'col1'}).
+              <td class="LC_left_item" style="vertical-align: top">'.&mt($item->{'header'}->[0]->{'col1'}).
               '<br />('.&mt('Automatic access for Dom. Coords.').')</td>';
 
         } else {
             $output .= '
-              <td class="LC_left_item" valign="top">'.&mt($item->{'header'}->[0]->{'col1'}).'</td>';
+              <td class="LC_left_item" style="vertical-align: top">'.&mt($item->{'header'}->[0]->{'col1'}).'</td>';
         }
         if (defined($item->{'header'}->[0]->{'col3'})) {
-            $output .= '<td class="LC_left_item" valign="top">'.
+            $output .= '<td class="LC_left_item" style="vertical-align: top">'.
                        &mt($item->{'header'}->[0]->{'col2'});
             if ($action eq 'serverstatuses') {
                 $output .= '<br />(<tt>'.&mt('user1:domain1,user2:domain2 etc.').'</tt>)';
             } 
         } else {
-            $output .= '<td class="LC_right_item" valign="top">'.
+            $output .= '<td class="LC_right_item" style="vertical-align: top">'.
                        &mt($item->{'header'}->[0]->{'col2'});
         }
         $output .= '</td>';
         if ($item->{'header'}->[0]->{'col3'}) {
             if (defined($item->{'header'}->[0]->{'col4'})) {
-                $output .= '<td class="LC_left_item" valign="top">'.
+                $output .= '<td class="LC_left_item" style="vertical-align: top">'.
                             &mt($item->{'header'}->[0]->{'col3'});
             } else {
-                $output .= '<td class="LC_right_item" valign="top">'.
+                $output .= '<td class="LC_right_item" style="vertical-align: top">'.
                            &mt($item->{'header'}->[0]->{'col3'});
             }
             if ($action eq 'serverstatuses') {
@@ -922,7 +1056,7 @@ sub print_config_box {
             $output .= '</td>';
         }
         if ($item->{'header'}->[0]->{'col4'}) {
-            $output .= '<td class="LC_right_item" valign="top">'.
+            $output .= '<td class="LC_right_item" style="vertical-align: top">'.
                        &mt($item->{'header'}->[0]->{'col4'});
         }
         $output .= '</tr>';
@@ -930,7 +1064,8 @@ sub print_config_box {
         if ($action eq 'quotas') {
             $output .= &print_quotas($dom,$settings,\$rowtotal,$action);
         } elsif (($action eq 'autoenroll') || ($action eq 'autocreate') || 
-                 ($action eq 'serverstatuses') || ($action eq 'loadbalancing')) {
+                 ($action eq 'serverstatuses') || ($action eq 'loadbalancing') || 
+                 ($action eq 'ltitools')) {
             $output .= $item->{'print'}->($dom,$settings,\$rowtotal);
         } elsif ($action eq 'scantron') {
             $output .= &print_scantronformat($r,$dom,$confname,$settings,\$rowtotal);
@@ -954,7 +1089,7 @@ sub print_login {
         my $choice = $choices{'disallowlogin'};
         $css_class = ' class="LC_odd_row"';
         $datatable .= '<tr'.$css_class.'><td>'.$choice.'</td>'.
-                      '<td align="right"><table><tr><th>'.$choices{'hostid'}.'</th>'.
+                      '<td style="text-align: right"><table><tr><th>'.$choices{'hostid'}.'</th>'.
                       '<th>'.$choices{'server'}.'</th>'.
                       '<th>'.$choices{'serverpath'}.'</th>'.
                       '<th>'.$choices{'custompath'}.'</th>'.
@@ -1235,7 +1370,7 @@ sub print_login {
         my $choice = $choices{'headtag'};
         $css_class = ' class="LC_odd_row"';
         $datatable .= '<tr'.$css_class.'><td colspan="2">'.$choice.'</td>'.
-                      '<td align="left"><table><tr><th>'.$choices{'hostid'}.'</th>'.
+                      '<td style="text-align: left"><table><tr><th>'.$choices{'hostid'}.'</th>'.
                       '<th>'.$choices{'current'}.'</th>'.
                       '<th>'.$choices{'action'}.'</th>'.
                       '<th>'.$choices{'exempt'}.'</th></tr>'."\n";
@@ -1591,7 +1726,7 @@ sub display_color_options {
                   '<table border="0"><tr>';
 
     foreach my $item (@{$bgs}) {
-        $datatable .= '<td align="center">'.$choices->{$item};
+        $datatable .= '<td style="text-align: center">'.$choices->{$item};
 	my $color = $designs->{'bgs'}{$item} ? $designs->{'bgs'}{$item} : $defaults->{'bgs'}{$item};
         if ($designs->{'bgs'}{$item}) {
             $datatable .= '&nbsp;';
@@ -1619,7 +1754,7 @@ sub display_color_options {
                   '<table border="0"><tr>';
     foreach my $item (@{$links}) {
 	my $color = $designs->{'links'}{$item} ? $designs->{'links'}{$item} : $defaults->{'links'}{$item};
-        $datatable .= '<td align="center">'.$choices->{$item}."\n";
+        $datatable .= '<td style="text-align: center">'.$choices->{$item}."\n";
         if ($designs->{'links'}{$item}) {
             $datatable.='&nbsp;';
         }
@@ -1680,7 +1815,7 @@ sub login_text_colors {
     my ($img,$role,$logintext,$phase,$choices,$designs,$defaults) = @_;
     my $color_menu = '<table border="0"><tr>';
     foreach my $item (@{$logintext}) {
-        $color_menu .= '<td align="center">'.$choices->{$item};
+        $color_menu .= '<td style="text-align: center">'.$choices->{$item};
         my $color = $designs->{'logintext'}{$item} ? $designs->{'logintext'}{$item} : $defaults->{'logintext'}{$item};
         $color_menu .= '<br /><input type="text" class="colorchooser" size="8" name="'.$role.'_'.$item.'" value="'.$color.
                       '" onblur = "javascript:colchg_span('."'css_".$role.'_'.$item."'".',this);" /></td>';
@@ -1715,7 +1850,7 @@ sub image_changes {
                        $role.'_del_'.$img.'" value="1" />'.&mt('Delete?').
                        '</label>&nbsp;'.&mt('Replace:').'</span><br />';
         } else {
-            $output .= '<td valign="middle">'.$logincolors.&mt('Upload:').'<br />';
+            $output .= '<td class="LC_middle">'.$logincolors.&mt('Upload:').'<br />';
         }
     }
     return $output;
@@ -1734,7 +1869,7 @@ sub print_quotas {
     my $typecount = 0;
     my ($css_class,%titles);
     if ($context eq 'requestcourses') {
-        @usertools = ('official','unofficial','community','textbook');
+        @usertools = ('official','unofficial','community','textbook','placement');
         @options =('norequest','approval','validate','autolimit');
         %validations = &Apache::lonnet::auto_courserequest_checks($dom);
         %titles = &courserequest_titles();
@@ -2147,7 +2282,7 @@ sub print_quotas {
 }
 
 sub print_requestmail {
-    my ($dom,$action,$settings,$rowtotal) = @_;
+    my ($dom,$action,$settings,$rowtotal,$customcss,$rowstyle) = @_;
     my ($now,$datatable,%currapp);
     $now = time;
     if (ref($settings) eq 'HASH') {
@@ -2159,7 +2294,19 @@ sub print_requestmail {
     }
     my $numinrow = 2;
     my $css_class;
-    $css_class = ($$rowtotal%2? ' class="LC_odd_row"':'');
+    if ($$rowtotal%2) {
+        $css_class = 'LC_odd_row';
+    }
+    if ($customcss) {
+        $css_class .= " $customcss";
+    }
+    $css_class =~ s/^\s+//;
+    if ($css_class) {
+        $css_class = ' class="'.$css_class.'"';
+    }
+    if ($rowstyle) {
+        $css_class .= ' style="'.$rowstyle.'"';
+    }
     my $text;
     if ($action eq 'requestcourses') {
         $text = &mt('Receive notification of course requests requiring approval');
@@ -2186,7 +2333,7 @@ sub print_studentcode {
     my ($settings,$rowtotal) = @_;
     my $rownum = 0; 
     my ($output,%current);
-    my @crstypes = ('official','unofficial','community','textbook');
+    my @crstypes = ('official','unofficial','community','textbook','placement');
     if (ref($settings) eq 'HASH') {
         if (ref($settings->{'uniquecode'}) eq 'HASH') {
             foreach my $type (@crstypes) {
@@ -2282,8 +2429,7 @@ sub print_textbookcourses {
                               ('&nbsp;'x2).
                               '<span class="LC_nobreak">'.&mt('Thumbnail:');
                 if ($image) {
-                    $datatable .= '<span class="LC_nobreak">'.
-                                  $imgsrc.
+                    $datatable .= $imgsrc.
                                   '<label><input type="checkbox" name="'.$type.'_image_del"'.
                                   ' value="'.$key.'" />'.&mt('Delete?').'</label></span> '.
                                   '<span class="LC_nobreak">&nbsp;'.&mt('Replace:').'&nbsp;';
@@ -2437,6 +2583,74 @@ $jstext{'templates'};
 ENDSCRIPT
 }
 
+sub ltitools_javascript {
+    my ($settings) = @_;
+    return unless(ref($settings) eq 'HASH');
+    my (%ordered,$total,%jstext);
+    $total = 0;
+    foreach my $item (keys(%{$settings})) {
+        if (ref($settings->{$item}) eq 'HASH') {
+            my $num = $settings->{$item}{'order'};
+            $ordered{$num} = $item;
+        }
+    }
+    $total = scalar(keys(%{$settings}));
+    my @jsarray = ();
+    foreach my $item (sort {$a <=> $b } (keys(%ordered))) {
+        push(@jsarray,$ordered{$item});
+    }
+    my $jstext = '    var ltitools = Array('."'".join("','",@jsarray)."'".');'."\n";
+    return <<"ENDSCRIPT";
+<script type="text/javascript">
+// <![CDATA[
+function reorderLTI(form,item) {
+    var changedVal;
+$jstext
+    var newpos = 'ltitools_add_pos';
+    var maxh = 1 + $total;
+    var current = new Array;
+    var newitemVal = form.elements[newpos].options[form.elements[newpos].selectedIndex].value;
+    if (item == newpos) {
+        changedVal = newitemVal;
+    } else {
+        changedVal = form.elements[item].options[form.elements[item].selectedIndex].value;
+        current[newitemVal] = newpos;
+    }
+    for (var i=0; i<ltitools.length; i++) {
+        var elementName = 'ltitools_'+ltitools[i];
+        if (elementName != item) {
+            if (form.elements[elementName]) {
+                var currVal = form.elements[elementName].options[form.elements[elementName].selectedIndex].value;
+                current[currVal] = elementName;
+            }
+        }
+    }
+    var oldVal;
+    for (var j=0; j<maxh; j++) {
+        if (current[j] == undefined) {
+            oldVal = j;
+        }
+    }
+    if (oldVal < changedVal) {
+        for (var k=oldVal+1; k<=changedVal ; k++) {
+           var elementName = current[k];
+           form.elements[elementName].selectedIndex = form.elements[elementName].selectedIndex - 1;
+        }
+    } else {
+        for (var k=changedVal; k<oldVal; k++) {
+            var elementName = current[k];
+            form.elements[elementName].selectedIndex = form.elements[elementName].selectedIndex + 1;
+        }
+    }
+    return;
+}
+
+// ]]>
+</script>
+
+ENDSCRIPT
+}
+
 sub print_autoenroll {
     my ($dom,$settings,$rowtotal) = @_;
     my $autorun = &Apache::lonnet::auto_run(undef,$dom),
@@ -2565,7 +2779,7 @@ sub print_autoupdate {
         my $locknamesettings;
         $datatable .= &insttypes_row($settings,$types,$usertypes,
                                      $dom,$numinrow,$othertitle,
-                                    'lockablenames');
+                                    'lockablenames',$rowtotal);
         $$rowtotal ++;
     } else {
         my ($othertitle,$usertypes,$types) = &Apache::loncommon::sorted_inst_types($dom);
@@ -2708,7 +2922,8 @@ sub print_directorysrch {
         if (ref($usertypes) eq 'HASH') {
             if (keys(%{$usertypes}) > 0) {
                 $datatable .= &insttypes_row($settings,$types,$usertypes,$dom,
-                                             $numinrow,$othertitle,'cansearch');
+                                             $numinrow,$othertitle,'cansearch',
+                                             $rowtotal);
                 $cansrchrow = 1;
             }
         }
@@ -3062,8 +3277,10 @@ sub print_helpsettings {
         my $css_class;
         my %existing=&Apache::lonnet::dump('roles',$dom,$confname,'rolesdef_');
         my (%customroles,%ordered,%current);
-        if (ref($settings->{'adhoc'}) eq 'HASH') {
-            %current = %{$settings->{'adhoc'}};
+        if (ref($settings) eq 'HASH') {
+            if (ref($settings->{'adhoc'}) eq 'HASH') {
+                %current = %{$settings->{'adhoc'}};
+            }
         }
         my $count = 0;
         foreach my $key (sort(keys(%existing))) {
@@ -3099,7 +3316,7 @@ sub print_helpsettings {
                 @jsarray = ('bystatus');
             }
         }
-        my %domhelpdesk = &Apache::lonnet::get_active_domroles($dom,['dh'.'da']);
+        my %domhelpdesk = &Apache::lonnet::get_active_domroles($dom,['dh','da']);
         if (keys(%domhelpdesk)) {
             push(@accesstypes,('inc','exc'));
             push(@jsarray,('notinc','notexc'));
@@ -3139,7 +3356,7 @@ sub print_helpsettings {
             my @templateroles = &Apache::lonuserutils::custom_template_roles($context,$crstype);
             $css_class = $itemcount%2?' class="LC_odd_row"':'';
             my $chgstr = ' onchange="javascript:reorderHelpRoles(this.form,'."'helproles_".$num."_pos'".');"';
-            $datatable .= '<tr '.$css_class.'><td valign="top"><b>'.$role.'</b><br />'.
+            $datatable .= '<tr '.$css_class.'><td style="vertical-align: top"><b>'.$role.'</b><br />'.
                           '<select name="helproles_'.$num.'_pos"'.$chgstr.'>';
             for (my $k=0; $k<=$maxnum; $k++) {
                 my $vpos = $k+1;
@@ -3178,7 +3395,7 @@ sub print_helpsettings {
         &Apache::lonuserutils::custom_role_privs(\%privs,\%full,\%levels,\%levelscurrent);
         my @templateroles = &Apache::lonuserutils::custom_template_roles($context,$crstype);
         my $chgstr = ' onchange="javascript:reorderHelpRoles(this.form,'."'helproles_".$count."_pos'".');"';
-        $datatable .= '<tr '.$css_class.'><td valign="top"><span class="LC_nobreak"><label>'.
+        $datatable .= '<tr '.$css_class.'><td style="vertical-align: top"><span class="LC_nobreak"><label>'.
                       '<input type="hidden" name="helproles_maxnum" value="'.$maxnum.'" />'."\n".
                       '<select name="helproles_'.$count.'_pos"'.$chgstr.'>';
         for (my $k=0; $k<$maxnum+1; $k++) {
@@ -3457,7 +3674,7 @@ sub radiobutton_prefs {
     foreach my $item (@{$toggles}) {
         $css_class = $itemcount%2?' class="LC_odd_row"':'';
         $datatable .=
-            '<tr'.$css_class.'><td valign="top">'.
+            '<tr'.$css_class.'><td style="vertical-align: top">'.
             '<span class="LC_nobreak">'.$choices->{$item}.
             '</span></td>';
         if ($align eq 'left') {
@@ -3479,11 +3696,378 @@ sub radiobutton_prefs {
     return ($datatable,$itemcount);
 }
 
+sub print_ltitools {
+    my ($dom,$settings,$rowtotal) = @_;
+    my $rownum = 0;
+    my $css_class;
+    my $itemcount = 1;
+    my $maxnum = 0;
+    my %ordered;
+    if (ref($settings) eq 'HASH') {
+        foreach my $item (keys(%{$settings})) {
+            if (ref($settings->{$item}) eq 'HASH') {
+                my $num = $settings->{$item}{'order'};
+                $ordered{$num} = $item;
+            }
+        }
+    }
+    my $confname = $dom.'-domainconfig';
+    my $switchserver = &check_switchserver($dom,$confname);
+    my $maxnum = scalar(keys(%ordered));
+    my $datatable = &ltitools_javascript($settings);
+    my %lt = &ltitools_names();
+    my @courseroles = ('cc','in','ta','ep','st');
+    my @ltiroles = qw(Instructor ContentDeveloper TeachingAssistant Learner);
+    my @fields = ('fullname','firstname','lastname','email','user','roles');
+    if (keys(%ordered)) {
+        my @items = sort { $a <=> $b } keys(%ordered);
+        for (my $i=0; $i<@items; $i++) {
+            $css_class = $itemcount%2?' class="LC_odd_row"':'';
+            my $item = $ordered{$items[$i]};
+            my ($title,$key,$secret,$url,$imgsrc,$version);
+            if (ref($settings->{$item}) eq 'HASH') {
+                $title = $settings->{$item}->{'title'};
+                $url = $settings->{$item}->{'url'};
+                $key = $settings->{$item}->{'key'};
+                $secret = $settings->{$item}->{'secret'};
+                my $image = $settings->{$item}->{'image'};
+                if ($image ne '') {
+                    $imgsrc = '<img src="'.$image.'" alt="'.&mt('Tool Provider icon').'" />';
+                }
+            }
+            my $chgstr = ' onchange="javascript:reorderLTI(this.form,'."'ltitools_".$item."'".');"';
+            $datatable .= '<tr '.$css_class.'><td><span class="LC_nobreak">'
+                         .'<select name="ltitools_'.$item.'"'.$chgstr.'>';
+            for (my $k=0; $k<=$maxnum; $k++) {
+                my $vpos = $k+1;
+                my $selstr;
+                if ($k == $i) {
+                    $selstr = ' selected="selected" ';
+                }
+                $datatable .= '<option value="'.$k.'"'.$selstr.'>'.$vpos.'</option>';
+            }
+            $datatable .= '</select>'.('&nbsp;'x2).
+                '<label><input type="checkbox" name="ltitools_del" value="'.$item.'" />'.
+                &mt('Delete?').'</label></span></td>'.
+                '<td colspan="2">'.
+                '<fieldset><legend>'.&mt('Required settings').'</legend>'.
+                '<span class="LC_nobreak">'.$lt{'title'}.':<input type="text" size="30" name="ltitools_title_'.$i.'" value="'.$title.'" /></span> '.
+                ('&nbsp;'x2).
+                '<span class="LC_nobreak">'.$lt{'version'}.':<select name="ltitools_version_'.$i.'">'.
+                '<option value="LTI-1p0" selected="selected">1.1</option></select></span> '.
+                ('&nbsp;'x2).
+                '<span class="LC_nobreak">'.$lt{'msgtype'}.':<select name="ltitools_msgtype_'.$i.'">'.
+                '<option value="basic-lti-launch-request" selected="selected">Launch</option></select></span> '.
+                '<br /><br />'.
+                '<span class="LC_nobreak">'.$lt{'url'}.':<input type="text" size="30" name="ltitools_url_'.$i.'"'.
+                ' value="'.$url.'" /></span>'.
+                ('&nbsp;'x2).
+                '<span class="LC_nobreak">'.$lt{'key'}.
+                '<input type="text" size="25" name="ltitools_key_'.$i.'" value="'.$key.'" /></span> '.
+                ('&nbsp;'x2).
+                '<span class="LC_nobreak">'.$lt{'secret'}.':'.
+                '<input type="password" size="20" name="ltitools_secret_'.$i.'" value="'.$secret.'" />'.
+                '<label><input type="checkbox" name="visible" onclick="if (this.checked) { this.form.ltitools_secret_'.$i.'.type='."'text'".' } else { this.form.ltitools_secret_'.$i.'.type='."'password'".' }" />'.&mt('Visible input').'</label>'.
+                '<input type="hidden" name="ltitools_id_'.$i.'" value="'.$item.'" /></span>'.
+                '</fieldset>'.
+                '<fieldset><legend>'.&mt('Optional settings').'</legend>'.
+                '<span class="LC_nobreak">'.&mt('Display target:');
+            my %currdisp;
+            if (ref($settings->{$item}->{'display'}) eq 'HASH') {
+                if ($settings->{$item}->{'display'}->{'target'} eq 'window') {
+                    $currdisp{'window'} = ' checked="checked"';
+                } elsif ($settings->{$item}->{'display'}->{'target'} eq 'tab') {
+                    $currdisp{'tab'} = ' checked="checked"';
+                } else {
+                    $currdisp{'iframe'} = ' checked="checked"';
+                }
+                if ($settings->{$item}->{'display'}->{'width'} =~ /^(\d+)$/) {
+                    $currdisp{'width'} = $1;
+                }
+                if ($settings->{$item}->{'display'}->{'height'} =~ /^(\d+)$/) {
+                     $currdisp{'height'} = $1;
+                }
+                $currdisp{'linktext'} = $settings->{$item}->{'display'}->{'linktext'};
+                $currdisp{'explanation'} = $settings->{$item}->{'display'}->{'explanation'};
+            } else {
+                $currdisp{'iframe'} = ' checked="checked"';
+            }
+            foreach my $disp ('iframe','tab','window') {
+                $datatable .= '<label><input type="radio" name="ltitools_target_'.$i.'" value="'.$disp.'"'.$currdisp{$disp}.' />'.
+                              $lt{$disp}.'</label>'.('&nbsp;'x2);
+            }
+            $datatable .= ('&nbsp;'x4);
+            foreach my $dimen ('width','height') {
+                $datatable .= '<label>'.$lt{$dimen}.'&nbsp;'.
+                              '<input type="text" name="ltitools_'.$dimen.'_'.$i.'" size="5" value="'.$currdisp{$dimen}.'" /></label>'.
+                              ('&nbsp;'x2);
+            }
+            $datatable .= '<br />'.
+                          '<div class="LC_left_float">'.$lt{'linktext'}.'<br />'.
+                          '<input type="text" name="ltitools_linktext_'.$i.'" size="25" value="'.$currdisp{'linktext'}.'" /></label></div>'.
+                          '<div class="LC_left_float">'.$lt{'explanation'}.'<br />'.
+                          '<textarea name="ltitools_explanation_'.$i.'" rows="5" cols="40">'.$currdisp{'explanation'}.
+                          '</textarea></div><div style=""></div><br />';
+            $datatable .= '<br />';
+            foreach my $extra ('passback','roster') {
+                my $checkedon = '';
+                my $checkedoff = ' checked="checked"';
+                if ($settings->{$item}->{$extra}) {
+                    $checkedon = $checkedoff;
+                    $checkedoff = '';
+                }
+                $datatable .= $lt{$extra}.'&nbsp;'.
+                              '<label><input type="radio" name="ltitools_'.$extra.'_'.$i.'" value="1"'.$checkedon.' />'.
+                              &mt('Yes').'</label>'.('&nbsp;'x2).
+                              '<label><input type="radio" name="ltitools_'.$extra.'_'.$i.'" value="0"'.$checkedoff.' />'.
+                              &mt('No').'</label>'.('&nbsp;'x4);
+            }
+            $datatable .= '<br /><br /><span class="LC_nobreak">'.$lt{'icon'}.':&nbsp;';
+            if ($imgsrc) {
+                $datatable .= $imgsrc.
+                              '<label><input type="checkbox" name="ltitools_image_del"'.
+                              ' value="'.$item.'" />'.&mt('Delete?').'</label></span> '.
+                              '<span class="LC_nobreak">&nbsp;'.&mt('Replace:').'&nbsp;';
+            } else {
+                $datatable .= '('.&mt('if larger than 21x21 pixels, image will be scaled').')&nbsp;';
+            }
+            if ($switchserver) {
+                $datatable .= &mt('Upload to library server: [_1]',$switchserver);
+            } else {
+                $datatable .= '<input type="file" name="ltitools_image_'.$i.'" value="" />';
+            }
+            $datatable .= '</span></fieldset>';
+            my (%checkedfields,%rolemaps);
+            if (ref($settings->{$item}) eq 'HASH') {
+                if (ref($settings->{$item}->{'fields'}) eq 'HASH') {
+                    %checkedfields = %{$settings->{$item}->{'fields'}};
+                }
+                if (ref($settings->{$item}->{'roles'}) eq 'HASH') {
+                    %rolemaps = %{$settings->{$item}->{'roles'}};
+                    $checkedfields{'roles'} = 1;
+                }
+            }
+            $datatable .= '<fieldset><legend>'.&mt('User data sent on launch').'</legend>'.
+                          '<span class="LC_nobreak">';
+            foreach my $field (@fields) {
+                my $checked;
+                if ($checkedfields{$field}) {
+                    $checked = ' checked="checked"';
+                }
+                $datatable .= '<label>'.
+                              '<input type="checkbox" name="ltitools_fields_'.$i.'" value="'.$field.'"'.$checked.' />'.
+                              $lt{$field}.'</label>'.('&nbsp;' x2);
+            }
+            $datatable .= '</span></fieldset>'.
+                          '<fieldset><legend>'.&mt('Role mapping').'</legend><table><tr>';
+            foreach my $role (@courseroles) {
+                my ($selected,$selectnone);
+                if (!$rolemaps{$role}) {
+                    $selectnone = ' selected="selected"';
+                }
+                $datatable .= '<td style="text-align: center">'. 
+                              &Apache::lonnet::plaintext($role,'Course').'<br />'.
+                              '<select name="ltitools_roles_'.$role.'_'.$i.'">'.
+                              '<option value=""'.$selectnone.'>'.&mt('Select').'</option>';
+                foreach my $ltirole (@ltiroles) {
+                    unless ($selectnone) {
+                        if ($rolemaps{$role} eq $ltirole) {
+                            $selected = ' selected="selected"';
+                        } else {
+                            $selected = '';
+                        }
+                    }
+                    $datatable .= '<option value="'.$ltirole.'"'.$selected.'>'.$ltirole.'</option>';
+                }
+                $datatable .= '</select></td>';
+            }
+            $datatable .= '</tr></table></fieldset>';
+            my %courseconfig;
+            if (ref($settings->{$item}) eq 'HASH') {
+                if (ref($settings->{$item}->{'crsconf'}) eq 'HASH') {
+                    %courseconfig = %{$settings->{$item}->{'crsconf'}};
+                }
+            }
+            $datatable .= '<fieldset><legend>'.&mt('Configurable in course').'</legend><span class="LC_nobreak">';
+            foreach my $item ('label','title','target','linktext','explanation') {
+                my $checked;
+                if ($courseconfig{$item}) {
+                    $checked = ' checked="checked"';
+                }
+                $datatable .= '<label>'.
+                       '<input type="checkbox" name="ltitools_courseconfig_'.$i.'" value="'.$item.'"'.$checked.' />'.
+                       $lt{'crs'.$item}.'</label>'.('&nbsp;' x2)."\n";
+            }
+            $datatable .= '</span></fieldset>'.
+                          '<fieldset><legend>'.&mt('Custom items sent on launch').'</legend>'.
+                          '<table><tr><th>'.&mt('Action').'</th><th>'.&mt('Name').'</th><th>'.&mt('Value').'</th></tr>';
+            if (ref($settings->{$item}->{'custom'}) eq 'HASH') {
+                my %custom = %{$settings->{$item}->{'custom'}};
+                if (keys(%custom) > 0) {
+                    foreach my $key (sort(keys(%custom))) {
+                        $datatable .= '<tr><td><span class="LC_nobreak">'.
+                                      '<label><input type="checkbox" name="ltitools_customdel_'.$i.'" value="'.
+                                      $key.'" />'.&mt('Delete').'</label></span></td><td>'.$key.'</td>'.
+                                      '<td><input type="text" name="ltitools_customval_'.$key.'_'.$i.'"'.
+                                      ' value="'.$custom{$key}.'" /></td></tr>';
+                    }
+                }
+            }
+            $datatable .= '<tr><td><span class="LC_nobreak">'.
+                          '<label><input type="checkbox" name="ltitools_customadd" value="'.$i.'" />'.
+                          &mt('Add').'</label></span></td><td><input type="text" name="ltitools_custom_name_'.$i.'" />'.
+                          '</td><td><input type="text" name="ltitools_custom_value_'.$i.'" /></td></tr>';
+            $datatable .= '</table></fieldset></td></tr>'."\n";
+            $itemcount ++;
+        }
+    }
+    $css_class = $itemcount%2?' class="LC_odd_row"':'';
+    my $chgstr = ' onchange="javascript:reorderLTI(this.form,'."'ltitools_add_pos'".');"';
+    $datatable .= '<tr '.$css_class.'><td><span class="LC_nobreak">'."\n".
+                  '<input type="hidden" name="ltitools_maxnum" value="'.$maxnum.'" />'."\n".
+                  '<select name="ltitools_add_pos"'.$chgstr.'>';
+    for (my $k=0; $k<$maxnum+1; $k++) {
+        my $vpos = $k+1;
+        my $selstr;
+        if ($k == $maxnum) {
+            $selstr = ' selected="selected" ';
+        }
+        $datatable .= '<option value="'.$k.'"'.$selstr.'>'.$vpos.'</option>';
+    }
+    $datatable .= '</select>&nbsp;'."\n".
+                  '<input type="checkbox" name="ltitools_add" value="1" />'.&mt('Add').'</td>'."\n".
+                  '<td colspan="2">'.
+                  '<fieldset><legend>'.&mt('Required settings').'</legend>'.
+                  '<span class="LC_nobreak">'.$lt{'title'}.':<input type="text" size="30" name="ltitools_add_title" value="" /></span> '."\n".
+                  ('&nbsp;'x2).
+                  '<span class="LC_nobreak">'.$lt{'version'}.':<select name="ltitools_add_version">'.
+                  '<option value="LTI-1p0" selected="selected">1.1</option></select></span> '."\n".
+                  ('&nbsp;'x2).
+                  '<span class="LC_nobreak">'.$lt{'msgtype'}.':<select name="ltitools_add_msgtype">'.
+                  '<option value="basic-lti-launch-request" selected="selected">Launch</option></select></span> '.
+                  '<br />'.
+                  '<span class="LC_nobreak">'.$lt{'url'}.':<input type="text" size="30" name="ltitools_add_url" value="" /></span> '."\n".
+                  ('&nbsp;'x2).
+                  '<span class="LC_nobreak">'.$lt{'key'}.':<input type="text" size="25" name="ltitools_add_key" value="" /></span> '."\n".
+                  ('&nbsp;'x2).
+                  '<span class="LC_nobreak">'.$lt{'secret'}.':<input type="password" size="20" name="ltitools_add_secret" value="" />'.
+                  '<label><input type="checkbox" name="visible" onclick="if (this.checked) { this.form.ltitools_add_secret.type='."'text'".' } else { this.form.ltitools_add_secret.type='."'password'".' }" />'.&mt('Visible input').'</label></span> '."\n".
+                  '</fieldset>'.
+                  '<fieldset><legend>'.&mt('Optional settings').'</legend>'.
+                  '<span class="LC_nobreak">'.&mt('Display target:');
+    my %defaultdisp;
+    $defaultdisp{'iframe'} = ' checked="checked"';
+    foreach my $disp ('iframe','tab','window') {
+        $datatable .= '<label><input type="radio" name="ltitools_add_target" value="'.$disp.'"'.$defaultdisp{$disp}.' />'.
+                      $lt{$disp}.'</label>'.('&nbsp;'x2);
+    }
+    $datatable .= ('&nbsp;'x4);
+    foreach my $dimen ('width','height') {
+        $datatable .= '<label>'.$lt{$dimen}.'&nbsp;'.
+                      '<input type="text" name="ltitools_add_'.$dimen.'" size="5" /></label>'.
+                      ('&nbsp;'x2);
+    }
+    $datatable .= '<br />'.
+                  '<div class="LC_left_float">'.$lt{'linktext'}.'<br />'.
+                  '<input type="text" name="ltitools_add_linktext" size="5" /></label></div>'.
+                  '<div class="LC_left_float">'.$lt{'explanation'}.'<br />'.
+                  '<textarea name=ltitools_add_explanation" rows="5" cols="40"></textarea>'.
+                  '</div><div style=""></div><br />';
+    foreach my $extra ('passback','roster') {
+        $datatable .= $lt{$extra}.'&nbsp;'.
+                      '<label><input type="radio" name="ltitools_add_'.$extra.'" value="1" />'.
+                      &mt('Yes').'</label>'.('&nbsp;'x2).
+                      '<label><input type="radio" name="ltitools_add_'.$extra.'" value="0" checked="checked" />'.
+                      &mt('No').'</label>'.('&nbsp;'x4);
+    }
+    $datatable .= '<br /><br /><span class="LC_nobreak">'.$lt{'icon'}.':&nbsp;'.
+                  '('.&mt('if larger than 21x21 pixels, image will be scaled').')&nbsp;';
+    if ($switchserver) {
+        $datatable .= &mt('Upload to library server: [_1]',$switchserver);
+    } else {
+        $datatable .= '<input type="file" name="ltitools_add_image" value="" />';
+    }
+    $datatable .= '</span></fieldset>'.
+                  '<fieldset><legend>'.&mt('User data sent on launch').'</legend>'.
+                  '<span class="LC_nobreak">';
+    foreach my $field (@fields) {
+        $datatable .= '<label>'.
+                      '<input type="checkbox" name="ltitools_add_fields" value="'.$field.'" />'.
+                      $lt{$field}.'</label>'.('&nbsp;' x2);
+    }
+    $datatable .= '</span></fieldset>'.
+                  '<fieldset><legend>'.&mt('Role mapping').'</legend><table><tr>';
+    foreach my $role (@courseroles) {
+        my ($checked,$checkednone);
+        $datatable .= '<td style="text-align: center">'.
+                      &Apache::lonnet::plaintext($role,'Course').'<br />'.
+                      '<select name="ltitools_add_roles_'.$role.'">'.
+                      '<option value="" selected="selected">'.&mt('Select').'</option>';
+        foreach my $ltirole (@ltiroles) {
+            $datatable .= '<option value="'.$ltirole.'">'.$ltirole.'</option>';
+        }
+        $datatable .= '</select></td>';
+    }
+    $datatable .= '</tr></table></fieldset>'.
+                  '<fieldset><legend>'.&mt('Configurable in course').'</legend><span class="LC_nobreak">';
+    foreach my $item ('label','title','target','linktext','explanation') {
+        $datatable .= '<label>'.
+                      '<input type="checkbox" name="ltitools_courseconfig" value="'.$item.'" checked="checked" />'.
+                      $lt{'crs'.$item}.'</label>'.('&nbsp;' x2)."\n";
+    }
+    $datatable .= '</span></fieldset>'.
+                  '<fieldset><legend>'.&mt('Custom items sent on launch').'</legend>'.
+                  '<table><tr><th>'.&mt('Action').'</th><th>'.&mt('Name').'</th><th>'.&mt('Value').'</th></tr>'.
+                  '<tr><td><span class="LC_nobreak">'.
+                  '<label><input type="checkbox" name="ltitools_add_custom" value="1" />'.
+                  &mt('Add').'</label></span></td><td><input type="text" name="ltitools_add_custom_name" />'.
+                  '</td><td><input type="text" name="ltitools_add_custom_value" /></td></tr>'.
+                  '</table></fieldset></td></tr>'."\n".
+                  '</td>'."\n".
+                  '</tr>'."\n";
+    $itemcount ++;
+    return $datatable;
+}
+
+sub ltitools_names {
+    my %lt = &Apache::lonlocal::texthash(
+                                          'title'          => 'Title',
+                                          'version'        => 'Version',
+                                          'msgtype'        => 'Message Type',
+                                          'url'            => 'URL',
+                                          'key'            => 'Key',
+                                          'secret'         => 'Secret',
+                                          'icon'           => 'Icon',   
+                                          'user'           => 'Username:domain',
+                                          'fullname'       => 'Full Name',
+                                          'firstname'      => 'First Name',
+                                          'lastname'       => 'Last Name',
+                                          'email'          => 'E-mail',
+                                          'roles'          => 'Role',
+                                          'window'         => 'Window',
+                                          'tab'            => 'Tab',
+                                          'iframe'         => 'iFrame',
+                                          'height'         => 'Height',
+                                          'width'          => 'Width',
+                                          'linktext'       => 'Default Link Text',
+                                          'explanation'    => 'Default Explanation',
+                                          'passback'       => 'Tool can return grades:',
+                                          'roster'         => 'Tool can retrieve roster:',
+                                          'crstarget'      => 'Display target',
+                                          'crslabel'       => 'Course label',
+                                          'crstitle'       => 'Course title', 
+                                          'crslinktext'    => 'Link Text',
+                                          'crsexplanation' => 'Explanation',
+                                        );
+    return %lt;
+}
+
 sub print_coursedefaults {
     my ($position,$dom,$settings,$rowtotal) = @_;
     my ($css_class,$datatable,%checkedon,%checkedoff,%defaultchecked,@toggles);
     my $itemcount = 1;
     my %choices =  &Apache::lonlocal::texthash (
+        canuse_pdfforms      => 'Course/Community users can create/upload PDF forms',
         uploadquota          => 'Default quota for files uploaded directly to course/community using Course Editor (MB)',
         anonsurvey_threshold => 'Responder count needed before showing submissions for anonymous surveys',
         coursecredits        => 'Credits can be specified for courses',
@@ -3501,16 +4085,17 @@ sub print_coursedefaults {
                          );
     if ($position eq 'top') {
         %defaultchecked = (
+                            'canuse_pdfforms' => 'off',
                             'uselcmath'       => 'on',
                             'usejsme'         => 'on',
                             'canclone'        => 'none',
                           );
-        @toggles = ('uselcmath','usejsme');
+        @toggles = ('canuse_pdfforms','uselcmath','usejsme');
         ($datatable,$itemcount) = &radiobutton_prefs($settings,\@toggles,\%defaultchecked,
                                                      \%choices,$itemcount);
         $css_class = $itemcount%2?' class="LC_odd_row"':'';
         $datatable .=
-            '<tr'.$css_class.'><td valign="top">'.
+            '<tr'.$css_class.'><td style="vertical-align: top">'.
             '<span class="LC_nobreak">'.$choices{'canclone'}.
             '</span></td><td class="LC_left_item">';
         my $currcanclone = 'none';
@@ -3584,7 +4169,7 @@ sub print_coursedefaults {
         my ($currdefresponder,%defcredits,%curruploadquota,%deftimeout,%currmysql);
         my $currusecredits = 0;
         my $postsubmitclient = 1;
-        my @types = ('official','unofficial','community','textbook');
+        my @types = ('official','unofficial','community','textbook','placement');
         if (ref($settings) eq 'HASH') {
             $currdefresponder = $settings->{'anonsurvey_threshold'};
             if (ref($settings->{'uploadquota'}) eq 'HASH') {
@@ -3662,10 +4247,10 @@ sub print_coursedefaults {
         $datatable .= '<tr'.$css_class.'><td><span class="LC_nobreak">'.
                       $choices{'uploadquota'}.
                       '</span></td>'.
-                      '<td align="right" class="LC_right_item">'.
+                      '<td style="text-align: right" class="LC_right_item">'.
                       '<table><tr>';
         foreach my $type (@types) {
-            $datatable .= '<td align="center">'.&mt($type).'<br />'.
+            $datatable .= '<td style="text-align: center">'.&mt($type).'<br />'.
                            '<input type="text" name="uploadquota_'.$type.'"'.
                            ' value="'.$curruploadquota{$type}.'" size="5" /></td>';
         }
@@ -3680,7 +4265,7 @@ sub print_coursedefaults {
                          '<i>'.&mt('Default credits').'</i><br /><table><tr>';
         foreach my $type (@types) {
             next if ($type eq 'community');
-            $additional .= '<td align="center">'.&mt($type).'<br />'.
+            $additional .= '<td style="text-align: center">'.&mt($type).'<br />'.
                            '<input type="text" name="'.$type.'_credits"'.
                            ' value="'.$defcredits{$type}.'" size="3" /></td>';
         }
@@ -3704,7 +4289,7 @@ sub print_coursedefaults {
                       '<i>'.&mt('Enter 0 to remain disabled until page reload.').'</i><br />'.
                       '<table><tr>';
         foreach my $type (@types) {
-            $additional .= '<td align="center">'.&mt($type).'<br />'.
+            $additional .= '<td style="text-align: center">'.&mt($type).'<br />'.
                            '<input type="text" name="'.$type.'_timeout" value="'.
                            $deftimeout{$type}.'" size="5" /></td>';
         }
@@ -3722,10 +4307,10 @@ sub print_coursedefaults {
         $datatable .= '<tr'.$css_class.'><td><span class="LC_nobreak">'.
                       $choices{'mysqltables'}.
                       '</span></td>'.
-                      '<td align="right" class="LC_right_item">'.
+                      '<td style="text-align: right" class="LC_right_item">'.
                       '<table><tr>';
         foreach my $type (@types) {
-            $datatable .= '<td align="center">'.&mt($type).'<br />'.
+            $datatable .= '<td style="text-align: center">'.&mt($type).'<br />'.
                            '<input type="text" name="mysqltables_'.$type.'"'.
                            ' value="'.$currmysql{$type}.'" size="8" /></td>';
         }
@@ -3741,7 +4326,7 @@ sub print_selfenrollment {
     my ($position,$dom,$settings,$rowtotal) = @_;
     my ($css_class,$datatable);
     my $itemcount = 1;
-    my @types = ('official','unofficial','community','textbook');
+    my @types = ('official','unofficial','community','textbook','placement');
     if (($position eq 'top') || ($position eq 'middle')) {
         my ($rowsref,$titlesref) = &Apache::lonuserutils::get_selfenroll_titles();
         my %descs = &Apache::lonuserutils::selfenroll_default_descs();
@@ -3964,15 +4549,14 @@ sub print_validation_rows {
 
 sub print_usersessions {
     my ($position,$dom,$settings,$rowtotal) = @_;
-    my ($css_class,$datatable,%checked,%choices);
-    my (%by_ip,%by_location,@intdoms);
-    &build_location_hashes(\@intdoms,\%by_ip,\%by_location);
+    my ($css_class,$datatable,$itemcount,%checked,%choices);
+    my (%by_ip,%by_location,@intdoms,@instdoms);
+    &build_location_hashes(\@intdoms,\%by_ip,\%by_location,\@instdoms);
 
     my @alldoms = &Apache::lonnet::all_domains();
     my %serverhomes = %Apache::lonnet::serverhomeIDs;
     my %servers = &Apache::lonnet::internet_dom_servers($dom);
     my %altids = &id_for_thisdom(%servers);
-    my $itemcount = 1;
     if ($position eq 'top') {
         if (keys(%serverhomes) > 1) {
             my %spareid = &current_offloads_to($dom,$settings,\%servers);
@@ -3985,118 +4569,256 @@ sub print_usersessions {
             $datatable .= &spares_row($dom,\%servers,\%spareid,\%serverhomes,\%altids,$curroffloadnow,$rowtotal);
         } else {
             $datatable .= '<tr'.$css_class.'><td colspan="2">'.
-                          &mt('Nothing to set here, as the cluster to which this domain belongs only contains one server.');
+                          &mt('Nothing to set here, as the cluster to which this domain belongs only contains one server.').
+                          '</td></tr>';
         }
     } else {
-        if (keys(%by_location) == 0) {
-            $datatable .= '<tr'.$css_class.'><td colspan="2">'.
-                          &mt('Nothing to set here, as the cluster to which this domain belongs only contains one institution.');
+        my %titles = &usersession_titles();
+        my ($prefix,@types);
+        if ($position eq 'bottom') {
+            $prefix = 'remote';
+            @types = ('version','excludedomain','includedomain');
         } else {
-            my %lt = &usersession_titles();
-            my $numinrow = 5;
-            my $prefix;
-            my @types;
-            if ($position eq 'bottom') {
-                $prefix = 'remote';
-                @types = ('version','excludedomain','includedomain');
-            } else {
-                $prefix = 'hosted';
-                @types = ('excludedomain','includedomain');
-            }
-            my (%current,%checkedon,%checkedoff);
-            my @lcversions = &Apache::lonnet::all_loncaparevs();
-            my @locations = sort(keys(%by_location));
-            foreach my $type (@types) {
-                $checkedon{$type} = '';
-                $checkedoff{$type} = ' checked="checked"';
-            }
-            if (ref($settings) eq 'HASH') {
-                if (ref($settings->{$prefix}) eq 'HASH') {
-                    foreach my $key (keys(%{$settings->{$prefix}})) {
-                        $current{$key} = $settings->{$prefix}{$key};
-                        if ($key eq 'version') {
-                            if ($current{$key} ne '') {
-                                $checkedon{$key} = ' checked="checked"';
-                                $checkedoff{$key} = '';
-                            }
-                        } elsif (ref($current{$key}) eq 'ARRAY') {
+            $prefix = 'hosted';
+            @types = ('excludedomain','includedomain');
+        }
+        ($datatable,$itemcount) = &rules_by_location($settings,$prefix,\%by_location,\%by_ip,\@types,\%titles);
+    }
+    $$rowtotal += $itemcount;
+    return $datatable;
+}
+
+sub rules_by_location {
+    my ($settings,$prefix,$by_location,$by_ip,$types,$titles) = @_; 
+    my ($datatable,$itemcount,$css_class);
+    if (keys(%{$by_location}) == 0) {
+        $css_class = $itemcount%2 ? ' class="LC_odd_row"' : '';
+        $datatable = '<tr'.$css_class.'><td colspan="2">'.
+                     &mt('Nothing to set here, as the cluster to which this domain belongs only contains one institution.').
+                     '</td></tr>';
+        $itemcount = 1;
+    } else {
+        $itemcount = 0;
+        my $numinrow = 5;
+        my (%current,%checkedon,%checkedoff);
+        my @locations = sort(keys(%{$by_location}));
+        foreach my $type (@{$types}) {
+            $checkedon{$type} = '';
+            $checkedoff{$type} = ' checked="checked"';
+        }
+        if (ref($settings) eq 'HASH') {
+            if (ref($settings->{$prefix}) eq 'HASH') {
+                foreach my $key (keys(%{$settings->{$prefix}})) {
+                    $current{$key} = $settings->{$prefix}{$key};
+                    if ($key eq 'version') {
+                        if ($current{$key} ne '') {
                             $checkedon{$key} = ' checked="checked"';
                             $checkedoff{$key} = '';
                         }
+                    } elsif (ref($current{$key}) eq 'ARRAY') {
+                        $checkedon{$key} = ' checked="checked"';
+                        $checkedoff{$key} = '';
                     }
                 }
             }
-            foreach my $type (@types) {
-                next if ($type ne 'version' && !@locations);
-                $css_class = $itemcount%2 ? ' class="LC_odd_row"' : '';
-                $datatable .= '<tr'.$css_class.'>
-                               <td><span class="LC_nobreak">'.$lt{$type}.'</span><br />
-                               <span class="LC_nobreak">&nbsp;
-                               <label><input type="radio" name="'.$prefix.'_'.$type.'_inuse" '.$checkedoff{$type}.' value="0" />'.&mt('Not in use').'</label>&nbsp;
-                               <label><input type="radio" name="'.$prefix.'_'.$type.'_inuse" '.$checkedon{$type}.' value="1" />'.&mt('In use').'</label></span></td><td>';
-                if ($type eq 'version') {
-                    my $selector = '<select name="'.$prefix.'_version">';
-                    foreach my $version (@lcversions) {
-                        my $selected = '';
-                        if ($current{'version'} eq $version) {
-                            $selected = ' selected="selected"';
-                        }
-                        $selector .= ' <option value="'.$version.'"'.
-                                     $selected.'>'.$version.'</option>';
+        }
+        foreach my $type (@{$types}) {
+            next if ($type ne 'version' && !@locations);
+            $css_class = $itemcount%2 ? ' class="LC_odd_row"' : '';
+            $datatable .= '<tr'.$css_class.'>
+                           <td><span class="LC_nobreak">'.$titles->{$type}.'</span><br />
+                           <span class="LC_nobreak">&nbsp;
+                           <label><input type="radio" name="'.$prefix.'_'.$type.'_inuse" '.$checkedoff{$type}.' value="0" />'.&mt('Not in use').'</label>&nbsp;
+                           <label><input type="radio" name="'.$prefix.'_'.$type.'_inuse" '.$checkedon{$type}.' value="1" />'.&mt('In use').'</label></span></td><td>';
+            if ($type eq 'version') {
+                my @lcversions = &Apache::lonnet::all_loncaparevs();
+                my $selector = '<select name="'.$prefix.'_version">';
+                foreach my $version (@lcversions) {
+                    my $selected = '';
+                    if ($current{'version'} eq $version) {
+                        $selected = ' selected="selected"';
                     }
-                    $selector .= '</select> ';
-                    $datatable .= &mt('remote server must be version: [_1] or later',$selector);
-                } else {
-                    $datatable.= '<div><input type="button" value="'.&mt('check all').'" '.
-                                 'onclick="javascript:checkAll(document.display.'.$prefix.'_'.$type.')"'.
-                                 ' />'.('&nbsp;'x2).
-                                 '<input type="button" value="'.&mt('uncheck all').'" '.
-                                 'onclick="javascript:uncheckAll(document.display.'.$prefix.'_'.$type.')" />'.
-                                 "\n".
-                                 '</div><div><table>';
-                    my $rem;
-                    for (my $i=0; $i<@locations; $i++) {
-                        my ($showloc,$value,$checkedtype);
-                        if (ref($by_location{$locations[$i]}) eq 'ARRAY') {
-                            my $ip = $by_location{$locations[$i]}->[0];
-                            if (ref($by_ip{$ip}) eq 'ARRAY') {
-                                 $value = join(':',@{$by_ip{$ip}});
-                                $showloc = join(', ',@{$by_ip{$ip}});
-                                if (ref($current{$type}) eq 'ARRAY') {
-                                    foreach my $loc (@{$by_ip{$ip}}) {  
-                                        if (grep(/^\Q$loc\E$/,@{$current{$type}})) {
-                                            $checkedtype = ' checked="checked"';
-                                            last;
-                                        }
+                    $selector .= ' <option value="'.$version.'"'.
+                                 $selected.'>'.$version.'</option>';
+                }
+                $selector .= '</select> ';
+                $datatable .= &mt('remote server must be version: [_1] or later',$selector);
+            } else {
+                $datatable.= '<div><input type="button" value="'.&mt('check all').'" '.
+                             'onclick="javascript:checkAll(document.display.'.$prefix.'_'.$type.')"'.
+                             ' />'.('&nbsp;'x2).
+                             '<input type="button" value="'.&mt('uncheck all').'" '.
+                             'onclick="javascript:uncheckAll(document.display.'.$prefix.'_'.$type.')" />'.
+                             "\n".
+                             '</div><div><table>';
+                my $rem;
+                for (my $i=0; $i<@locations; $i++) {
+                    my ($showloc,$value,$checkedtype);
+                    if (ref($by_location->{$locations[$i]}) eq 'ARRAY') {
+                        my $ip = $by_location->{$locations[$i]}->[0];
+                        if (ref($by_ip->{$ip}) eq 'ARRAY') {
+                            $value = join(':',@{$by_ip->{$ip}});
+                            $showloc = join(', ',@{$by_ip->{$ip}});
+                            if (ref($current{$type}) eq 'ARRAY') {
+                                foreach my $loc (@{$by_ip->{$ip}}) {
+                                    if (grep(/^\Q$loc\E$/,@{$current{$type}})) {
+                                        $checkedtype = ' checked="checked"';
+                                        last;
                                     }
                                 }
                             }
                         }
-                        $rem = $i%($numinrow);
-                        if ($rem == 0) {
-                            if ($i > 0) {
-                                $datatable .= '</tr>';
-                            }
-                            $datatable .= '<tr>';
-                        }
-                        $datatable .= '<td class="LC_left_item">'.
-                                      '<span class="LC_nobreak"><label>'.
-                                      '<input type="checkbox" name="'.$prefix.'_'.$type.
-                                      '" value="'.$value.'"'.$checkedtype.' />'.$showloc.
-                                      '</label></span></td>';
                     }
-                    $rem = @locations%($numinrow);
-                    my $colsleft = $numinrow - $rem;
-                    if ($colsleft > 1 ) {
-                        $datatable .= '<td colspan="'.$colsleft.'" class="LC_left_item">'.
-                                      '&nbsp;</td>';
-                    } elsif ($colsleft == 1) {
-                        $datatable .= '<td class="LC_left_item">&nbsp;</td>';
+                    $rem = $i%($numinrow);
+                    if ($rem == 0) {
+                        if ($i > 0) {
+                            $datatable .= '</tr>';
+                        }
+                        $datatable .= '<tr>';
+                    }
+                    $datatable .= '<td class="LC_left_item">'.
+                                  '<span class="LC_nobreak"><label>'.
+                                  '<input type="checkbox" name="'.$prefix.'_'.$type.
+                                  '" value="'.$value.'"'.$checkedtype.' />'.$showloc.
+                                  '</label></span></td>';
+                }
+                $rem = @locations%($numinrow);
+                my $colsleft = $numinrow - $rem;
+                if ($colsleft > 1 ) {
+                    $datatable .= '<td colspan="'.$colsleft.'" class="LC_left_item">'.
+                                  '&nbsp;</td>';
+                } elsif ($colsleft == 1) {
+                    $datatable .= '<td class="LC_left_item">&nbsp;</td>';
+                }
+                $datatable .= '</tr></table>';
+            }
+            $datatable .= '</td></tr>';
+            $itemcount ++;
+        }
+    }
+    return ($datatable,$itemcount);
+}
+
+sub print_ssl {
+    my ($position,$dom,$settings,$rowtotal) = @_;
+    my ($css_class,$datatable);
+    my $itemcount = 1;
+    if ($position eq 'top') {
+        my $primary_id = &Apache::lonnet::domain($dom,'primary');
+        my $intdom = &Apache::lonnet::internet_dom($primary_id);
+        my $same_institution;
+        if ($intdom ne '') {
+            my $internet_names = &Apache::lonnet::get_internet_names($Apache::lonnet::perlvar{'lonHostID'});
+            if (ref($internet_names) eq 'ARRAY') {
+                if (grep(/^\Q$intdom\E$/,@{$internet_names})) {
+                    $same_institution = 1;
+                }
+            }
+        }
+        $css_class = $itemcount%2?' class="LC_odd_row"':'';
+        $datatable = '<tr'.$css_class.'><td colspan="2">';
+        if ($same_institution) {
+            my %domservers = &Apache::lonnet::get_servers($dom);
+            $datatable .= &LONCAPA::SSL::print_certstatus(\%domservers,'web','domprefs');
+        } else {
+            $datatable .= &mt("You need to be logged into one of your own domain's servers to display information about the status of LON-CAPA SSL certificates.");
+        }
+        $datatable .= '</td></tr>';
+        $itemcount ++;
+    } else {
+        my %titles = &ssl_titles();
+        my (%by_ip,%by_location,@intdoms,@instdoms);
+        &build_location_hashes(\@intdoms,\%by_ip,\%by_location,\@instdoms);
+        my @alldoms = &Apache::lonnet::all_domains();
+        my %serverhomes = %Apache::lonnet::serverhomeIDs;
+        my @domservers = &Apache::lonnet::get_servers($dom);
+        my %servers = &Apache::lonnet::internet_dom_servers($dom);
+        my %altids = &id_for_thisdom(%servers);
+        if (($position eq 'connto') || ($position eq 'connfrom')) {
+            my $legacy;
+            unless (ref($settings) eq 'HASH') {
+                my $name;
+                if ($position eq 'connto') {
+                    $name = 'loncAllowInsecure';
+                } else {
+                    $name = 'londAllowInsecure';
+                }
+                my $primarylibserv = &Apache::lonnet::domain($dom,'primary');
+                my @ids=&Apache::lonnet::current_machine_ids();
+                if (($primarylibserv ne '') && (!grep(/^\Q$primarylibserv\E$/,@ids))) {
+                    my %what = (
+                                   $name => 1,
+                               );
+                    my ($result,$returnhash) =
+                        &Apache::lonnet::get_remote_globals($primarylibserv,\%what);
+                    if ($result eq 'ok') {
+                        if (ref($returnhash) eq 'HASH') {
+                            $legacy = $returnhash->{$name};
+                        }
+                    }
+                } else {
+                    $legacy = $Apache::lonnet::perlvar{$name};
+                }
+            }
+            foreach my $type ('dom','intdom','other') {
+                my %checked;
+                $css_class = $itemcount%2?' class="LC_odd_row"':'';
+                $datatable .= '<tr'.$css_class.'><td>'.$titles{$type}.'</td>'.
+                              '<td class="LC_right_item">';
+                my $skip; 
+                if ($type eq 'dom') {
+                    unless (keys(%servers) > 1) {
+                        $datatable .= &mt('Nothing to set here, as there are no other servers/VMs');    
+                        $skip = 1;
+                    }
+                }
+                if ($type eq 'intdom') {
+                    unless (@instdoms > 1) {
+                        $datatable .= &mt('Nothing to set here, as there are no other domains for this institution');
+                        $skip = 1;
+                    } 
+                } elsif ($type eq 'other') {
+                    if (keys(%by_location) == 0) {
+                        $datatable .= &mt('Nothing to set here, as there are no other institutions');
+                        $skip = 1;
+                    }
+                }
+                unless ($skip) {
+                    $checked{'yes'} = ' checked="checked"'; 
+                    if (ref($settings) eq 'HASH') {
+                        if (ref($settings->{$position}) eq 'HASH') {
+                            if ($settings->{$position}->{$type} =~ /^(no|req)$/) {
+                                $checked{$1} = $checked{'yes'};
+                                delete($checked{'yes'}); 
+                            }
+                        }
+                    } else {
+                        if ($legacy == 0) {
+                            $checked{'req'} = $checked{'yes'};
+                            delete($checked{'yes'});    
+                        }
+                    }
+                    foreach my $option ('no','yes','req') {
+                        $datatable .= '<span class="LC_nobreak"><label>'.
+                                      '<input type="radio" name="'.$position.'_'.$type.'" '.
+                                      'value="'.$option.'"'.$checked{$option}.' />'.$titles{$option}.
+                                      '</label></span>'.('&nbsp;'x2);
                     }
-                    $datatable .= '</tr></table>';
                 }
                 $datatable .= '</td></tr>';
+                $itemcount ++; 
+            }
+        } else {
+            my $prefix = 'replication';
+            my @types = ('certreq','nocertreq');
+            if (keys(%by_location) == 0) {
+                $datatable .= '<tr'.$css_class.'><td>'.
+                              &mt('Nothing to set here, as there are no other institutions').
+                              '</td></tr>';
                 $itemcount ++;
+            } else {
+                ($datatable,$itemcount) = 
+                    &rules_by_location($settings,$prefix,\%by_location,\%by_ip,\@types,\%titles);
             }
         }
     }
@@ -4104,10 +4826,60 @@ sub print_usersessions {
     return $datatable;
 }
 
+sub ssl_titles {
+    return &Apache::lonlocal::texthash (
+               dom           => 'LON-CAPA servers/VMs from same domain',
+               intdom        => 'LON-CAPA servers/VMs from same "internet" domain',
+               other         => 'External LON-CAPA servers/VMs',
+               connto        => 'Connections to other servers',
+               connfrom      => 'Connections from other servers',
+               replication   => 'Replicating content to other institutions',
+               certreq       => 'Client certificate required, but specific domains exempt',
+               nocertreq     => 'No client certificate required, except for specific domains',
+               no            => 'SSL not used',
+               yes           => 'SSL Optional (used if available)',
+               req           => 'SSL Required',
+    );
+}
+
+sub print_trust {
+    my ($prefix,$dom,$settings,$rowtotal) = @_;
+    my ($css_class,$datatable,%checked,%choices);
+    my (%by_ip,%by_location,@intdoms,@instdoms);
+    &build_location_hashes(\@intdoms,\%by_ip,\%by_location,\@instdoms);
+    my $itemcount = 1;
+    my %titles = &trust_titles();
+    my @types = ('exc','inc');
+    if ($prefix eq 'top') {
+        $prefix = 'content';
+    } elsif ($prefix eq 'bottom') {
+        $prefix = 'msg';
+    }
+    ($datatable,$itemcount) = &rules_by_location($settings,$prefix,\%by_location,\%by_ip,\@types,\%titles);
+    $$rowtotal += $itemcount;
+    return $datatable;
+}
+
+sub trust_titles {
+    return &Apache::lonlocal::texthash(
+               content  => "Access to this domain's content by others",
+               shared   => "Access to other domain's content by this domain",
+               enroll   => "Enrollment in this domain's courses by others", 
+               othcoau  => "Co-author roles in this domain for others",
+               coaurem  => "Co-author roles for this domain's users elsewhere", 
+               domroles => "Domain roles in this domain assignable to others",
+               catalog  => "Course Catalog for this domain displayed elsewhere",
+               reqcrs   => "Requests for creation of courses in this domain by others",
+               msg      => "Users in other domains can send messages to this domain",
+               exc      => "Allow all, but exclude specific domains",
+               inc      => "Deny all, but include specific domains",
+           );
+} 
+
 sub build_location_hashes {
-    my ($intdoms,$by_ip,$by_location) = @_;
+    my ($intdoms,$by_ip,$by_location,$instdoms) = @_;
     return unless((ref($intdoms) eq 'ARRAY') && (ref($by_ip) eq 'HASH') &&
-                  (ref($by_location) eq 'HASH')); 
+                  (ref($by_location) eq 'HASH') && (ref($instdoms) eq 'ARRAY'));
     my %iphost = &Apache::lonnet::get_iphost();
     my $primary_id = &Apache::lonnet::domain($env{'request.role.domain'},'primary');
     my $primary_ip = &Apache::lonnet::get_host_ip($primary_id);
@@ -4124,7 +4896,13 @@ sub build_location_hashes {
             foreach my $id (@{$iphost{$ip}}) {
                 my $location = &Apache::lonnet::internet_dom($id);
                 if ($location) {
-                    next if (grep(/^\Q$location\E$/,@{$intdoms}));
+                    if (grep(/^\Q$location\E$/,@{$intdoms})) {
+                        my $dom = &Apache::lonnet::host_domain($id);
+                        unless (grep(/^\Q$dom\E/,@{$instdoms})) {
+                            push(@{$instdoms},$dom);
+                        }
+                        next;
+                    }
                     if (ref($by_ip->{$ip}) eq 'ARRAY') {
                         unless(grep(/^\Q$location\E$/,@{$by_ip->{$ip}})) {
                             push(@{$by_ip->{$ip}},$location);
@@ -4431,7 +5209,7 @@ sub print_loadbalancing {
         my $disabled_div_style = 'display: block';
         my $homedom_div_style = 'display: none';
         $datatable .= '<tr class="'.$css_class[$cssidx].'">'.
-                      '<td rowspan="'.$rownum.'" valign="top">'.
+                      '<td rowspan="'.$rownum.'" style="vertical-align: top">'.
                       '<p>';
         if ($lonhost eq '') {
             $datatable .= '<span class="LC_nobreak">';
@@ -4464,7 +5242,7 @@ sub print_loadbalancing {
                 $homedom_div_style = 'display: block';
             }
         }
-        $datatable .= '</p></td><td rowspan="'.$rownum.'" valign="top">'.
+        $datatable .= '</p></td><td rowspan="'.$rownum.'" style="vertical-align: top">'.
                   '<div id="loadbalancing_disabled_'.$balnum.'" style="'.
                   $disabled_div_style.'">'.$disabledtext.'</div>'."\n".
                   '<div id="loadbalancing_targets_'.$balnum.'" style="'.$targets_div_style.'">'.&mt('Offloads to:').'<br />';
@@ -4628,9 +5406,14 @@ sub loadbalancing_titles {
            '_LC_ipchange'    => &mt('Non-SSO users with IP mismatch'),
                      );
     my @alltypes = ('_LC_adv','_LC_author','_LC_internetdom','_LC_external','_LC_ipchangesso','_LC_ipchange');
+    my @available;
     if (ref($types) eq 'ARRAY') {
-        unshift(@alltypes,@{$types},'default');
+        @available = @{$types};
+    }
+    unless (grep(/^default$/,@available)) {
+        push(@available,'default');
     }
+    unshift(@alltypes,@available);
     my %titles;
     foreach my $type (@alltypes) {
         if ($type =~ /^_LC_/) {
@@ -4674,7 +5457,7 @@ sub loadbalance_rule_row {
         $space = '<div display="inline-block">&nbsp;</div>';
     }
     my $output =
-        '<tr class="'.$css_class.'" id="balanceruletr_'.$balnum.'_'.$num.'"><td valign="top">'.$space.
+        '<tr class="'.$css_class.'" id="balanceruletr_'.$balnum.'_'.$num.'"><td style="vertical-align: top">'.$space.
         '<div id="balanceruletitle_'.$balnum.'_'.$type.'" style="'.$style.'">'.$title.'</div></td>'."\n".
         '<td valaign="top">'.$space.
         '<div id="balancerule_'.$balnum.'_'.$type.'" style="'.$style.'">'."\n";
@@ -4809,6 +5592,7 @@ sub tool_titles {
                      unofficial => 'Unofficial courses',
                      community  => 'Communities',
                      textbook   => 'Textbook courses',
+                     placement  => 'Placement tests',
                  );
     return %titles;
 }
@@ -4819,6 +5603,7 @@ sub courserequest_titles {
                                    unofficial => 'Unofficial',
                                    community  => 'Communities',
                                    textbook   => 'Textbook',
+                                   placement  => 'Placement tests',
                                    norequest  => 'Not allowed',
                                    approval   => 'Approval by Dom. Coord.',
                                    validate   => 'With validation',
@@ -4909,7 +5694,7 @@ sub print_usercreation {
             }
             $datatable .= '<tr'.$css_class.'>'.
                          '<td><span class="LC_nobreak">'.$lt{$item}.
-                         '</span></td><td align="right">';
+                         '</span></td><td style="text-align: right">';
             my @options = ('any');
             if (ref($rules) eq 'HASH') {
                 if (keys(%{$rules}) > 0) {
@@ -4983,7 +5768,8 @@ sub print_usercreation {
 
 sub print_selfcreation {
     my ($position,$dom,$settings,$rowtotal) = @_;
-    my (@selfcreate,$createsettings,$processing,$datatable);
+    my (@selfcreate,$createsettings,$processing,$emailoptions,$emailverified,
+        $emaildomain,$datatable);
     if (ref($settings) eq 'HASH') {
         if (ref($settings->{'cancreate'}) eq 'HASH') {
             $createsettings = $settings->{'cancreate'};
@@ -5000,12 +5786,22 @@ sub print_selfcreation {
                 if (ref($createsettings->{'selfcreateprocessing'}) eq 'HASH') {
                     $processing = $createsettings->{'selfcreateprocessing'};
                 }
+                if (ref($createsettings->{'emailoptions'}) eq 'HASH') {
+                    $emailoptions = $createsettings->{'emailoptions'};
+                }
+                if (ref($createsettings->{'emailverified'}) eq 'HASH') {
+                    $emailverified = $createsettings->{'emailverified'};
+                }
+                if (ref($createsettings->{'emaildomain'}) eq 'HASH') {
+                    $emaildomain = $createsettings->{'emaildomain'};
+                }
             }
         }
     }
     my %radiohash;
     my $numinrow = 4;
     map { $radiohash{'cancreate_'.$_} = 1; } @selfcreate;
+    my ($othertitle,$usertypes,$types) = &Apache::loncommon::sorted_inst_types($dom);
     if ($position eq 'top') {
         my %choices = &Apache::lonlocal::texthash (
                                                       cancreate_login      => 'Institutional Login',
@@ -5021,13 +5817,11 @@ sub print_selfcreation {
                                                      \%choices,$itemcount,$onclick);
         $$rowtotal += $itemcount;
         
-        my ($othertitle,$usertypes,$types) = &Apache::loncommon::sorted_inst_types($dom);
-
         if (ref($usertypes) eq 'HASH') {
             if (keys(%{$usertypes}) > 0) {
                 $datatable .= &insttypes_row($createsettings,$types,$usertypes,
                                              $dom,$numinrow,$othertitle,
-                                             'statustocreate',$$rowtotal);
+                                             'statustocreate',$rowtotal);
                 $$rowtotal ++;
             }
         }
@@ -5072,144 +5866,420 @@ sub print_selfcreation {
         $$rowtotal ++;
     } elsif ($position eq 'middle') {
         my %domconf = &Apache::lonnet::get_dom('configuration',['usermodification'],$dom);
-        my ($othertitle,$usertypes,$types) = &Apache::loncommon::sorted_inst_types($dom);
-        $usertypes->{'default'} = $othertitle;
+        my @posstypes;
         if (ref($types) eq 'ARRAY') {
-            push(@{$types},'default');
-            $usertypes->{'default'} = $othertitle;
-            foreach my $status (@{$types}) {
-                $datatable .= &modifiable_userdata_row('selfcreate',$status,$domconf{'usermodification'},
-                                                       $numinrow,$$rowtotal,$usertypes);
-                $$rowtotal ++;
-            }
+            @posstypes = @{$types};
+        }
+        unless (grep(/^default$/,@posstypes)) {
+            push(@posstypes,'default');
+        }
+        my %usertypeshash;
+        if (ref($usertypes) eq 'HASH') {
+            %usertypeshash = %{$usertypes};
+        }
+        $usertypeshash{'default'} = $othertitle;
+        foreach my $status (@posstypes) {
+            $datatable .= &modifiable_userdata_row('selfcreate',$status,$domconf{'usermodification'},
+                                                   $numinrow,$$rowtotal,\%usertypeshash);
+            $$rowtotal ++;
         }
     } else {
         my %choices = &Apache::lonlocal::texthash (
-                                                      cancreate_email => 'E-mail address as username',
+                          'cancreate_email' => 'Non-institutional username (via e-mail verification)',
                                                   );
         my @toggles = sort(keys(%choices));
         my %defaultchecked = (
                                'cancreate_email' => 'off',
                              );
-        my $itemcount = 0;
+        my $customclass = 'LC_selfcreate_email';
+        my $classprefix = 'LC_canmodify_emailusername_';
+        my $optionsprefix = 'LC_options_emailusername_';
         my $display = 'none';
+        my $rowstyle = 'display:none';
         if (grep(/^\Qemail\E$/,@selfcreate)) {
             $display = 'block';
+            $rowstyle = 'display:table-row';
         }
-        my $onclick = "toggleDisplay(this.form,'emailoptions');";
-        my $additional = '<div id="emailoptions" style="display: '.$display.'">';
+        my $onclick = "toggleRows(this.form,'cancreate_email','selfassign','$customclass','$classprefix','$optionsprefix');";
+        ($datatable,$$rowtotal) = &radiobutton_prefs(\%radiohash,\@toggles,\%defaultchecked,
+                                                     \%choices,$$rowtotal,$onclick);
+        $datatable .= &print_requestmail($dom,'selfcreation',$createsettings,$rowtotal,$customclass,
+                                         $rowstyle);
+        $$rowtotal ++;
+        $datatable .= &captcha_choice('cancreate',$createsettings,$$rowtotal,$customclass,
+                                      $rowstyle);
+        $$rowtotal ++;
+        my (@ordered,@posstypes,%usertypeshash);
         my %domdefaults = &Apache::lonnet::get_domain_defaults($dom);
-        my $usertypes = {};
-        my $order = [];
-        if ((ref($domdefaults{'inststatustypes'}) eq 'HASH') && (ref($domdefaults{'inststatusguest'}) eq 'ARRAY')) {
-            $usertypes = $domdefaults{'inststatustypes'};
-            $order = $domdefaults{'inststatusguest'};
-        }
-        if (ref($order) eq 'ARRAY') {
-            push(@{$order},'default');
-            if (@{$order} > 1) {
-                $usertypes->{'default'} = &mt('Other users');
-                $additional .= '<table><tr>';
-                foreach my $status (@{$order}) {
-                    $additional .= '<th>'.$usertypes->{$status}.'</th>';
-                }
-                $additional .= '</tr><tr>';
-                foreach my $status (@{$order}) {
-                    $additional .= '<td>'.&email_as_username($rowtotal,$processing,$status).'</td>';
+        my ($emailrules,$emailruleorder) =
+            &Apache::lonnet::inst_userrules($dom,'email');
+        my $primary_id = &Apache::lonnet::domain($dom,'primary');
+        my $intdom = &Apache::lonnet::internet_dom($primary_id);
+        if (ref($types) eq 'ARRAY') {
+            @posstypes = @{$types};
+        }
+        if (@posstypes) {
+            unless (grep(/^default$/,@posstypes)) {
+                push(@posstypes,'default');
+            }
+            if (ref($usertypes) eq 'HASH') {
+                %usertypeshash = %{$usertypes};
+            }
+            my $currassign;
+            if (ref($domdefaults{'inststatusguest'}) eq 'ARRAY') {
+                $currassign = {
+                                  selfassign => $domdefaults{'inststatusguest'},
+                              };
+                @ordered = @{$domdefaults{'inststatusguest'}};
+            } else {
+                $currassign = { selfassign => [] };
+            }
+            my $onclicktypes = "toggleDataRow(this.form,'selfassign','$customclass','$optionsprefix',);".
+                               "toggleDataRow(this.form,'selfassign','$customclass','$classprefix',1);";
+            $datatable .= &insttypes_row($currassign,$types,$usertypes,$dom,
+                                         $numinrow,$othertitle,'selfassign',
+                                         $rowtotal,$onclicktypes,$customclass,
+                                         $rowstyle);
+            $$rowtotal ++;
+            $usertypeshash{'default'} = $othertitle;
+            foreach my $status (@posstypes) {
+                my $css_class;
+                if ($$rowtotal%2) {
+                    $css_class = 'LC_odd_row ';
+                }
+                $css_class .= $customclass;
+                my $rowid = $optionsprefix.$status;
+                my $hidden = 1;
+                my $currstyle = 'display:none';
+                if (grep(/^\Q$status\E$/,@ordered)) {
+                    $currstyle = $rowstyle;
+                    $hidden = 0; 
+                }
+                $datatable .= &noninst_users($processing,$emailverified,$emailoptions,$emaildomain,
+                                             $emailrules,$emailruleorder,$settings,$status,$rowid,
+                                             $usertypeshash{$status},$css_class,$currstyle,$intdom);
+                unless ($hidden) {
+                    $$rowtotal ++;
                 }
-                $additional .= '</tr></table>';
-            } else {
-                $usertypes->{'default'} = &mt('All users');
-                $additional .= &email_as_username($rowtotal,$processing);
             }
+        } else {
+            my $css_class;
+            if ($$rowtotal%2) {
+                $css_class = 'LC_odd_row ';
+            }
+            $css_class .= $customclass;
+            $usertypeshash{'default'} = $othertitle;
+            $datatable .= &noninst_users($processing,$emailverified,$emailoptions,$emaildomain,
+                                         $emailrules,$emailruleorder,$settings,'default','',
+                                         $othertitle,$css_class,$rowstyle,$intdom);
+            $$rowtotal ++;
         }
-        $additional .= '</div>'."\n";
-
-        ($datatable,$itemcount) = &radiobutton_prefs(\%radiohash,\@toggles,\%defaultchecked,
-                                                     \%choices,$$rowtotal,$onclick,$additional);
-        $$rowtotal ++;
-        $datatable .= &print_requestmail($dom,'selfcreation',$createsettings,$rowtotal);
-        $$rowtotal ++;
         my ($infofields,$infotitles) = &Apache::loncommon::emailusername_info();
         $numinrow = 1;
-        if (ref($order) eq 'ARRAY') {
-            foreach my $status (@{$order}) {
+        if (@posstypes) {
+            foreach my $status (@posstypes) {
+                my $rowid = $classprefix.$status;
+                my $datarowstyle = 'display:none';
+                if (grep(/^\Q$status\E$/,@ordered)) { 
+                    $datarowstyle = $rowstyle; 
+                }
                 $datatable .= &modifiable_userdata_row('cancreate','emailusername_'.$status,$settings,
-                                                       $numinrow,$$rowtotal,$usertypes,$infofields,$infotitles);
-                $$rowtotal ++;
+                                                       $numinrow,$$rowtotal,\%usertypeshash,$infofields,
+                                                       $infotitles,$rowid,$customclass,$datarowstyle);
+                unless ($datarowstyle eq 'display:none') {
+                    $$rowtotal ++;
+                }
             }
+        } else {
+            $datatable .= &modifiable_userdata_row('cancreate','emailusername_default',$settings,
+                                                   $numinrow,$$rowtotal,\%usertypeshash,$infofields,
+                                                   $infotitles,'',$customclass,$rowstyle);
         }
-        my ($emailrules,$emailruleorder) =
-            &Apache::lonnet::inst_userrules($dom,'email');
-        if (ref($emailrules) eq 'HASH') {
-            if (keys(%{$emailrules}) > 0) {
-                $datatable .= &user_formats_row('email',$settings,$emailrules,
-                                                $emailruleorder,$numinrow,$$rowtotal);
-                $$rowtotal ++;
+    }
+    return $datatable;
+}
+
+sub selfcreate_javascript {
+    return <<"ENDSCRIPT";
+
+<script type="text/javascript">
+// <![CDATA[
+
+function toggleRows(form,radio,checkbox,target,prefix,altprefix) {
+    var x = document.getElementsByClassName(target);
+    var insttypes = 0;
+    var insttypeRegExp = new RegExp(prefix);
+    if ((x.length != undefined) && (x.length > 0)) {
+        if (form.elements[radio].length != undefined) {
+            for (var i=0; i<form.elements[radio].length; i++) {
+                if (form.elements[radio][i].checked) {
+                    if (form.elements[radio][i].value == 1) {
+                        for (var j=0; j<x.length; j++) {
+                            if (x[j].id == 'undefined') {
+                                x[j].style.display = 'table-row';
+                            } else if (insttypeRegExp.test(x[j].id)) {
+                                insttypes ++;
+                            } else {
+                                x[j].style.display = 'table-row';
+                            }
+                        }
+                    } else {
+                        for (var j=0; j<x.length; j++) {
+                            x[j].style.display = 'none';
+                        }
+                    }
+                    break;
+                }
+            }
+            if (insttypes > 0) {
+                toggleDataRow(form,checkbox,target,altprefix);
+                toggleDataRow(form,checkbox,target,prefix,1);
             }
         }
-        $datatable .= &captcha_choice('cancreate',$createsettings,$$rowtotal);
     }
-    return $datatable;
+    return;
 }
 
-sub email_as_username {
-    my ($rowtotal,$processing,$type) = @_;
-    my %choices =
-        &Apache::lonlocal::texthash (
-                                      automatic => 'Automatic approval',
-                                      approval  => 'Queued for approval',
-                                    );
-    my $output;
-    foreach my $option ('automatic','approval') {
-        my $checked;
-        if (ref($processing) eq 'HASH') {
-            if ($type eq '') {   
-                if (!exists($processing->{'default'})) {
-                    if ($option eq 'automatic') {
-                        $checked = ' checked="checked"';
+function toggleDataRow(form,checkbox,target,prefix,docount) {
+    if (form.elements[checkbox].length != undefined) {
+        var count = 0;
+        if (docount) {
+            for (var i=0; i<form.elements[checkbox].length; i++) {
+                if (form.elements[checkbox][i].checked) {
+                    count ++;
+                }
+            }
+        }
+        for (var i=0; i<form.elements[checkbox].length; i++) {
+            var type = form.elements[checkbox][i].value;
+            if (document.getElementById(prefix+type)) {
+                if (form.elements[checkbox][i].checked) {
+                    document.getElementById(prefix+type).style.display = 'table-row';
+                    if (count % 2 == 1) {
+                        document.getElementById(prefix+type).className = target+' LC_odd_row';
+                    } else {
+                        document.getElementById(prefix+type).className = target;
                     }
+                    count ++;
                 } else {
-                    if ($processing->{'default'} eq $option) {
-                        $checked = ' checked="checked"';
+                    document.getElementById(prefix+type).style.display = 'none';
+                }
+            }
+        }
+    }
+    return;
+}
+
+function toggleEmailOptions(form,radio,prefix,altprefix,status) {
+    var caller = radio+'_'+status;
+    if (form.elements[caller].length != undefined) {
+        for (var i=0; i<form.elements[caller].length; i++) {
+            if (form.elements[caller][i].checked) {
+                if (document.getElementById(altprefix+'_inst_'+status)) {
+                    var curr = form.elements[caller][i].value;
+                    if (prefix) {
+                        document.getElementById(prefix+'_'+status).style.display = 'none';
+                    }
+                    document.getElementById(altprefix+'_inst_'+status).style.display = 'none';
+                    document.getElementById(altprefix+'_noninst_'+status).style.display = 'none';
+                    if (curr == 'custom') {
+                        if (prefix) { 
+                            document.getElementById(prefix+'_'+status).style.display = 'inline';
+                        }
+                    } else if (curr == 'inst') {
+                        document.getElementById(altprefix+'_inst_'+status).style.display = 'inline';
+                    } else if (curr == 'noninst') {
+                        document.getElementById(altprefix+'_noninst_'+status).style.display = 'inline';
                     }
+                    break;
                 }
-            } else {
-                if (!exists($processing->{$type})) {
-                    if ($option eq 'automatic') {
-                        $checked = ' checked="checked"';
+            }
+        }
+    }
+}
+
+// ]]>
+</script>
+
+ENDSCRIPT
+}
+
+sub noninst_users {
+    my ($processing,$emailverified,$emailoptions,$emaildomain,$emailrules,
+        $emailruleorder,$settings,$type,$rowid,$typetitle,$css_class,$rowstyle,$intdom) = @_; 
+    my $class = 'LC_left_item';
+    if ($css_class) {
+        $css_class = ' class="'.$css_class.'"'; 
+    }
+    if ($rowid) {
+        $rowid = ' id="'.$rowid.'"';
+    }
+    if ($rowstyle) {
+        $rowstyle = ' style="'.$rowstyle.'"';
+    }
+    my ($output,$description);
+    if ($type eq 'default') {
+        $description = &mt('Requests for: [_1]',$typetitle);
+    } else {
+        $description = &mt('Requests for: [_1] (status self-reported)',$typetitle);
+    }
+    $output = '<tr'.$css_class.$rowid.$rowstyle.'>'.
+              "<td>$description</td>\n".           
+              '<td class="'.$class.'" colspan="2">'.
+              '<table><tr>';
+    my %headers = &Apache::lonlocal::texthash( 
+              approve  => 'Processing',
+              email    => 'E-mail',
+              username => 'Username',
+    );
+    foreach my $item ('approve','email','username') {
+        $output .= '<th>'.$headers{$item}.'</th>';
+    }
+    $output .= '</tr><tr>';
+    foreach my $item ('approve','email','username') {
+        $output .= '<td style="vertical-align: top">';
+        my (%choices,@options,$hashref,$defoption,$name,$onclick,$hascustom);
+        if ($item eq 'approve') {
+            %choices = &Apache::lonlocal::texthash (
+                                                     automatic => 'Automatically approved',
+                                                     approval  => 'Queued for approval',
+                                                   );
+            @options = ('automatic','approval');
+            $hashref = $processing;
+            $defoption = 'automatic';
+            $name = 'cancreate_emailprocess_'.$type;
+        } elsif ($item eq 'email') {
+            %choices = &Apache::lonlocal::texthash (
+                                                     any     => 'Any e-mail',
+                                                     inst    => 'Institutional only',
+                                                     noninst => 'Non-institutional only',
+                                                     custom  => 'Custom restrictions',
+                                                   );
+            @options = ('any','inst','noninst');
+            my $showcustom;
+            if (ref($emailrules) eq 'HASH') {
+                if (keys(%{$emailrules}) > 0) {
+                    push(@options,'custom');
+                    $showcustom = 'cancreate_emailrule';
+                    if (ref($settings) eq 'HASH') {
+                        if (ref($settings->{'email_rule'}) eq 'ARRAY') {
+                            foreach my $rule (@{$settings->{'email_rule'}}) {
+                                if (exists($emailrules->{$rule})) {
+                                    $hascustom ++;
+                                }
+                            }
+                        } elsif (ref($settings->{'email_rule'}) eq 'HASH') {
+                            if (ref($settings->{'email_rule'}{$type}) eq 'ARRAY') {
+                                foreach my $rule (@{$settings->{'email_rule'}{$type}}) {
+                                    if (exists($emailrules->{$rule})) {
+                                        $hascustom ++;
+                                    }
+                                }
+                            }
+                        }
+                    }
+                }
+            }
+            $onclick = ' onclick="toggleEmailOptions(this.form,'."'cancreate_emailoptions','$showcustom',".
+                                                     "'cancreate_emaildomain','$type'".');"';
+            $hashref = $emailoptions;
+            $defoption = 'any';
+            $name = 'cancreate_emailoptions_'.$type;
+        } elsif ($item eq 'username') {
+            %choices = &Apache::lonlocal::texthash (
+                                                     all    => 'Same as e-mail',
+                                                     first  => 'Omit @domain',
+                                                     free   => 'Free to choose',
+                                                   );
+            @options = ('all','first','free');
+            $hashref = $emailverified;
+            $defoption = 'all';
+            $name = 'cancreate_usernameoptions_'.$type;
+        }
+        foreach my $option (@options) {
+            my $checked;
+            if (ref($hashref) eq 'HASH') {
+                if ($type eq '') {
+                    if (!exists($hashref->{'default'})) {
+                        if ($option eq $defoption) {
+                            $checked = ' checked="checked"';
+                        }
+                    } else {
+                        if ($hashref->{'default'} eq $option) {
+                            $checked = ' checked="checked"';
+                        }
                     }
                 } else {
-                    if ($processing->{$type} eq $option) {
-                        $checked = ' checked="checked"';
+                    if (!exists($hashref->{$type})) {
+                        if ($option eq $defoption) {
+                            $checked = ' checked="checked"';
+                        }
+                    } else {
+                        if ($hashref->{$type} eq $option) {
+                            $checked = ' checked="checked"';
+                        }
                     }
                 }
+            } elsif (($item eq 'email') && ($hascustom)) {
+                if ($option eq 'custom') {
+                    $checked = ' checked="checked"';
+                }
+            } elsif ($option eq $defoption) {
+                $checked = ' checked="checked"';
+            }
+            $output .= '<span class="LC_nobreak"><label>'.
+                       '<input type="radio" name="'.$name.'"'.
+                       $checked.' value="'.$option.'"'.$onclick.' />'.
+                       $choices{$option}.'</label></span><br />';
+            if ($item eq 'email') {
+                if ($option eq 'custom') {
+                    my $id = 'cancreate_emailrule_'.$type;
+                    my $display = 'none';
+                    if ($checked) {
+                        $display = 'inline';
+                    }
+                    my $numinrow = 2;
+                    $output .= '<fieldset id="'.$id.'" style="display:'.$display.';">'.
+                               '<legend>'.&mt('Disallow').'</legend><table>'.
+                               &user_formats_row('email',$settings,$emailrules,
+                                                 $emailruleorder,$numinrow,'',$type);
+                              '</table></fieldset>';
+                } elsif (($option eq 'inst') || ($option eq 'noninst')) {
+                    my %text = &Apache::lonlocal::texthash (
+                                                             inst    => 'must end:',
+                                                             noninst => 'cannot end:',
+                                                           );
+                    my $value;
+                    if (ref($emaildomain) eq 'HASH') {
+                        if (ref($emaildomain->{$type}) eq 'HASH') {
+                            $value = $emaildomain->{$type}->{$option}; 
+                        }
+                    }
+                    if ($value eq '') {
+                        $value = '@'.$intdom;
+                    }
+                    my $condition = 'cancreate_emaildomain_'.$option.'_'.$type;
+                    my $display = 'none';
+                    if ($checked) {
+                        $display = 'inline';
+                    }
+                    $output .= '<div id="'.$condition.'" style="display:'.$display.';">'.
+                               '<span class="LC_domprefs_email">'.$text{$option}.'</span> '.
+                               '<input type="text" name="'.$condition.'" value="'.$value.'" size="10" />'.
+                               '</div>';
+                }
             }
-        } elsif ($option eq 'automatic') {
-            $checked = ' checked="checked"'; 
-        }
-        my $name = 'cancreate_emailprocess';
-        if (($type ne '') && ($type ne 'default')) {
-            $name .= '_'.$type;
-        }
-        $output .= '<span class="LC_nobreak"><label>'.
-                   '<input type="radio" name="'.$name.'"'.
-                   $checked.' value="'.$option.'" />'.
-                   $choices{$option}.'</label></span>';
-        if ($type eq '') {
-            $output .= '&nbsp;';
-        } else {
-            $output .= '<br />';
         }
+        $output .= '</td>'."\n";
     }
-    $$rowtotal ++;
+    $output .= "</tr></table></td></tr>\n";
     return $output;
 }
 
 sub captcha_choice {
-    my ($context,$settings,$itemcount) = @_;
+    my ($context,$settings,$itemcount,$customcss,$rowstyle) = @_;
     my ($keyentry,$currpub,$currpriv,%checked,$rowname,$pubtext,$privtext,
-        $vertext,$currver); 
+        $vertext,$currver);
     my %lt = &captcha_phrases();
     $keyentry = 'hidden';
     if ($context eq 'cancreate') {
@@ -5240,7 +6310,20 @@ sub captcha_choice {
     } else {
         $checked{'original'} = ' checked="checked"';
     }
-    my $css_class = $itemcount%2?' class="LC_odd_row"':'';
+    my $css_class;
+    if ($itemcount%2) {
+        $css_class = 'LC_odd_row';
+    }
+    if ($customcss) {
+        $css_class .= " $customcss";
+    }
+    $css_class =~ s/^\s+//;
+    if ($css_class) {
+        $css_class = ' class="'.$css_class.'"';
+    }
+    if ($rowstyle) {
+        $css_class .= ' style="'.$rowstyle.'"';
+    }
     my $output = '<tr'.$css_class.'>'.
                  '<td class="LC_left_item">'.$rowname.'</td><td class="LC_left_item" colspan="2">'."\n".
                  '<table><tr><td>'."\n";
@@ -5259,7 +6342,7 @@ sub captcha_choice {
 # specified for use with the key should be broad enough to accommodate all servers in the LON-CAPA domain.
 #
     $output .= '</td></tr>'."\n".
-               '<tr><td>'."\n".
+               '<tr><td class="LC_zero_height">'."\n".
                '<span class="LC_nobreak"><span id="'.$context.'_recaptchapubtxt">'.$pubtext.'</span>&nbsp;'."\n".
                '<input type="'.$keyentry.'" id="'.$context.'_recaptchapub" name="'.$context.'_recaptchapub" value="'.
                $currpub.'" size="40" /></span><br />'."\n".
@@ -5275,23 +6358,19 @@ sub captcha_choice {
 }
 
 sub user_formats_row {
-    my ($type,$settings,$rules,$ruleorder,$numinrow,$rowcount) = @_;
+    my ($type,$settings,$rules,$ruleorder,$numinrow,$rowcount,$status) = @_;
     my $output;
     my %text = (
                    'username' => 'new usernames',
                    'id'       => 'IDs',
-                   'email'    => 'self-created accounts (e-mail)',
                );
-    my $css_class = $rowcount%2?' class="LC_odd_row"':'';
-    $output = '<tr '.$css_class.'>'.
-              '<td><span class="LC_nobreak">';
-    if ($type eq 'email') {
-        $output .= &mt("Formats disallowed for $text{$type}: ");
-    } else {
-        $output .= &mt("Format rules to check for $text{$type}: ");
+    unless ($type eq 'email') {
+        my $css_class = $rowcount%2?' class="LC_odd_row"':'';
+        $output = '<tr '.$css_class.'>'.
+                  '<td><span class="LC_nobreak">'.
+                  &mt("Format rules to check for $text{$type}: ").
+                  '</td><td class="LC_left_item" colspan="2"><table>';
     }
-    $output .= '</span></td>'.
-               '<td class="LC_left_item" colspan="2"><table>';
     my $rem;
     if (ref($ruleorder) eq 'ARRAY') {
         for (my $i=0; $i<@{$ruleorder}; $i++) {
@@ -5309,25 +6388,41 @@ sub user_formats_row {
                         if (grep(/^\Q$ruleorder->[$i]\E$/,@{$settings->{$type.'_rule'}})) {
                             $check = ' checked="checked" ';
                         }
+                    } elsif ((ref($settings->{$type.'_rule'}) eq 'HASH') && ($status ne '')) {
+                        if (ref($settings->{$type.'_rule'}->{$status}) eq 'ARRAY') {
+                            if (grep(/^\Q$ruleorder->[$i]\E$/,@{$settings->{$type.'_rule'}->{$status}})) {
+                                $check = ' checked="checked" ';
+                            }
+                        }
                     }
                 }
+                my $name = $type.'_rule';
+                if ($type eq 'email') {
+                    $name .= '_'.$status;
+                }
                 $output .= '<td class="LC_left_item">'.
                            '<span class="LC_nobreak"><label>'.
-                           '<input type="checkbox" name="'.$type.'_rule" '.
+                           '<input type="checkbox" name="'.$name.'" '.
                            'value="'.$ruleorder->[$i].'"'.$check.'/>'.
                            $rules->{$ruleorder->[$i]}{'name'}.'</label></span></td>';
             }
         }
         $rem = @{$ruleorder}%($numinrow);
     }
-    my $colsleft = $numinrow - $rem;
+    my $colsleft;
+    if ($rem) {
+        $colsleft = $numinrow - $rem;
+    }
     if ($colsleft > 1 ) {
         $output .= '<td colspan="'.$colsleft.'" class="LC_left_item">'.
                    '&nbsp;</td>';
     } elsif ($colsleft == 1) {
         $output .= '<td class="LC_left_item">&nbsp;</td>';
     }
-    $output .= '</tr></table></td></tr>';
+    $output .= '</tr></table>';
+    unless ($type eq 'email') {
+        $output .= '</td></tr>';
+    }
     return $output;
 }
 
@@ -5541,7 +6636,7 @@ sub print_defaults {
                 $datatable .= '</table>';
             } else {
                 $datatable .= '<input type="text" name="'.$item.'" value="'.
-                              $defaults{$item}.'" size="3" onblur="javascript:warnIntAuth(this);" />';
+                              $defaults{$item}.'" size="3" onblur="javascript:warnIntAuth(this);" />'; 
             }
             $datatable .= '</td></tr>';
             $rownum ++;
@@ -5549,17 +6644,12 @@ sub print_defaults {
     } else {
         my %defaults;
         if (ref($settings) eq 'HASH') {
-            if ((ref($settings->{'inststatusorder'}) eq 'ARRAY') && (ref($settings->{'inststatustypes'}) eq 'HASH') &&
-                (ref($settings->{'inststatusguest'}) eq 'ARRAY')) {
+            if ((ref($settings->{'inststatusorder'}) eq 'ARRAY') && (ref($settings->{'inststatustypes'}) eq 'HASH')) {
                 my $maxnum = @{$settings->{'inststatusorder'}};
                 for (my $i=0; $i<$maxnum; $i++) {
                     $css_class = $rownum%2?' class="LC_odd_row"':'';
                     my $item = $settings->{'inststatusorder'}->[$i];
                     my $title = $settings->{'inststatustypes'}->{$item};
-                    my $guestok;
-                    if (grep(/^\Q$item\E$/,@{$settings->{'inststatusguest'}})) {
-                        $guestok = 1;
-                    }
                     my $chgstr = ' onchange="javascript:reorderTypes(this.form,'."'$item'".');"';
                     $datatable .= '<tr'.$css_class.'>'.
                                   '<td><span class="LC_nobreak">'.
@@ -5572,23 +6662,12 @@ sub print_defaults {
                         }
                         $datatable .= '<option value="'.$k.'"'.$selstr.'>'.$vpos.'</option>';
                     }
-                    my ($checkedon,$checkedoff);
-                    $checkedoff = ' checked="checked"';
-                    if ($guestok) {
-                        $checkedon = $checkedoff;
-                        $checkedoff = ''; 
-                    }
                     $datatable .= '</select>&nbsp;'.&mt('Internal ID:').'&nbsp;<b>'.$item.'</b>&nbsp;'.
                                   '<input type="checkbox" name="inststatus_delete" value="'.$item.'" />'.
                                   &mt('delete').'</span></td>'.
-                                  '<td class="LC_left_item"><span class="LC_nobreak">'.&mt('Name displayed:').
+                                  '<td class="LC_left_item" colspan="2"><span class="LC_nobreak">'.&mt('Name displayed:').
                                   '<input type="text" size="20" name="inststatus_title_'.$item.'" value="'.$title.'" />'.
-                                  '</span></td>'.
-                                  '<td class="LC_right_item"><span class="LC_nobreak">'.
-                                  '<label><input type="radio" value="1" name="inststatus_guest_'.$item.'"'.$checkedon.' />'.
-                                  &mt('Yes').'</label>'.('&nbsp;'x2).
-                                  '<label><input type="radio" value="0" name="inststatus_guest_'.$item.'"'.$checkedoff.' />'.
-                                  &mt('No').'</label></span></td></tr>';
+                                  '</span></td></tr>';
                 }
                 $css_class = $rownum%2?' class="LC_odd_row"':'';
                 my $chgstr = ' onchange="javascript:reorderTypes(this.form,'."'addinststatus_pos'".');"';
@@ -5605,14 +6684,9 @@ sub print_defaults {
                 $datatable .= '</select>&nbsp;'.&mt('Internal ID:').
                               '<input type="text" size="10" name="addinststatus" value="" />'.
                               '&nbsp;'.&mt('(new)').
-                              '</span></td><td class="LC_left_item"><span class="LC_nobreak">'.
+                              '</span></td><td class="LC_left_item" colspan="2"><span class="LC_nobreak">'.
                               &mt('Name displayed:').
                               '<input type="text" size="20" name="addinststatus_title" value="" /></span></td>'.
-                              '<td class="LC_right_item"><span class="LC_nobreak">'.
-                              '<label><input type="radio" value="1" name="addinststatus_guest" />'.
-                              &mt('Yes').'</label>'.('&nbsp;'x2).
-                              '<label><input type="radio" value="0" name="addinststatus_guest" />'.
-                              &mt('No').'</label></span></td></tr>';
                               '</tr>'."\n";
                 $rownum ++;
             }
@@ -5775,7 +6849,7 @@ sub print_scantronformat {
         }
         $datatable .= '</span></td>';
         if (keys(%error) == 0) { 
-            $datatable .= '<td valign="bottom">';
+            $datatable .= '<td style="vertical-align: bottom">';
             if (!$switchserver) {
                 $datatable .= &mt('Upload:').'<br />';
             }
@@ -5887,6 +6961,10 @@ sub print_coursecategories {
         my $toggle_catscomm_dom = ' checked="checked" ';
         my $can_catcomm_comm = ' ';
         my $can_catcomm_dom = ' checked="checked" ';
+        my $toggle_catsplace_place = ' ';
+        my $toggle_catsplace_dom = ' checked="checked" ';
+        my $can_catplace_place = ' ';
+        my $can_catplace_dom = ' checked="checked" ';
 
         if (ref($settings) eq 'HASH') {
             if ($settings->{'togglecats'} eq 'crs') {
@@ -5905,17 +6983,28 @@ sub print_coursecategories {
                 $can_catcomm_comm = $can_catcomm_dom;
                 $can_catcomm_dom = ' ';
             }
+            if ($settings->{'togglecatsplace'} eq 'place') {
+                $toggle_catsplace_place = $toggle_catsplace_dom;
+                $toggle_catsplace_dom = ' ';
+            }
+            if ($settings->{'categorizeplace'} eq 'place') {
+                $can_catplace_place = $can_catplace_dom;
+                $can_catplace_dom = ' ';
+            }
         }
         my %title = &Apache::lonlocal::texthash (
-                     togglecats     => 'Show/Hide a course in catalog',
-                     togglecatscomm => 'Show/Hide a community in catalog',
-                     categorize     => 'Assign a category to a course',
-                     categorizecomm => 'Assign a category to a community',
+                     togglecats      => 'Show/Hide a course in catalog',
+                     togglecatscomm  => 'Show/Hide a community in catalog',
+                     togglecatsplace => 'Show/Hide a placement test in catalog',
+                     categorize      => 'Assign a category to a course',
+                     categorizecomm  => 'Assign a category to a community',
+                     categorizeplace => 'Assign a category to a placement test',
                     );
         my %level = &Apache::lonlocal::texthash (
-                     dom  => 'Set in Domain',
-                     crs  => 'Set in Course',
-                     comm => 'Set in Community',
+                     dom   => 'Set in Domain',
+                     crs   => 'Set in Course',
+                     comm  => 'Set in Community',
+                     place => 'Set in Placement Test',
                     );
         $datatable = '<tr class="LC_odd_row">'.
                   '<td>'.$title{'togglecats'}.'</td>'.
@@ -5945,8 +7034,22 @@ sub print_coursecategories {
                   $can_catcomm_dom.' value="dom" />'.$level{'dom'}.'</label>&nbsp;'.
                   '<label><input type="radio" name="categorizecomm"'.
                   $can_catcomm_comm.'value="comm" />'.$level{'comm'}.'</label></span></td>'.
+                  '</tr><tr>'.
+                  '<td>'.$title{'togglecatsplace'}.'</td>'.
+                  '<td class="LC_right_item"><span class="LC_nobreak"><label>'.
+                  '<input type="radio" name="togglecatsplace"'.
+                  $toggle_catsplace_dom.' value="dom" />'.$level{'dom'}.'</label>&nbsp;'.
+                  '<label><input type="radio" name="togglecatscomm"'.
+                  $toggle_catsplace_place.' value="comm" />'.$level{'place'}.'</label></span></td>'.
+                  '</tr><tr>'.
+                  '<td>'.$title{'categorizeplace'}.'</td>'.
+                  '<td class="LC_right_item"><span class="LC_nobreak">'.
+                  '<label><input type="radio" name="categorizeplace"'.
+                  $can_catplace_dom.' value="dom" />'.$level{'dom'}.'</label>&nbsp;'.
+                  '<label><input type="radio" name="categorizeplace"'.
+                  $can_catplace_place.'value="place" />'.$level{'place'}.'</label></span></td>'.
                   '</tr>';
-        $$rowtotal += 4;
+        $$rowtotal += 6;
     } else {
         my $css_class;
         my $itemcount = 1;
@@ -5971,12 +7074,15 @@ sub print_coursecategories {
                     my %default_names = (
                           instcode    => &mt('Official courses'),
                           communities => &mt('Communities'),
+                          placement   => &mt('Placement Tests'),
                     );
 
                     if ((!grep(/^instcode$/,@{$cats[0]})) || 
                         ($cathash->{'instcode::0'} eq '') ||
                         (!grep(/^communities$/,@{$cats[0]})) || 
-                        ($cathash->{'communities::0'} eq '')) {
+                        ($cathash->{'communities::0'} eq '') ||
+                        (!grep(/^placement$/,@{$cats[0]})) ||
+                        ($cathash->{'placement::0'} eq '')) {
                         $maxnum ++;
                     }
                     my $lastidx;
@@ -5997,7 +7103,7 @@ sub print_coursecategories {
                             $datatable .= '<option value="'.$k.'"'.$selstr.'>'.$vpos.'</option>';
                         }
                         $datatable .= '</select></span></td><td>';
-                        if ($parent eq 'instcode' || $parent eq 'communities') {
+                        if ($parent eq 'instcode' || $parent eq 'communities' || $parent eq 'placement') {
                             $datatable .=  '<span class="LC_nobreak">'
                                            .$default_names{$parent}.'</span>';
                             if ($parent eq 'instcode') {
@@ -6020,7 +7126,7 @@ sub print_coursecategories {
                             $datatable .= '<label><input type="radio" name="'
                                           .$parent.'" value="0" />'
                                           .&mt('Do not display').'</label></span>';
-                            if ($parent eq 'communities') {
+                            if (($parent eq 'communities') || ($parent eq 'placement')) {
                                 $datatable .= '</td></tr></table>';
                             }
                             $datatable .= '</td>';
@@ -6052,7 +7158,7 @@ sub print_coursecategories {
                                   .'<input type="text" size="20" name="addcategory_name" value="" /></td>'
                                   .'</tr>'."\n";
                     $itemcount ++;
-                    foreach my $default ('instcode','communities') {
+                    foreach my $default ('instcode','communities','placement') {
                         if ((!grep(/^\Q$default\E$/,@{$cats[0]})) || ($cathash->{$default.'::0'} eq '')) {
                             $css_class = $itemcount%2?' class="LC_odd_row"':'';
                             my $chgstr = ' onchange="javascript:reorderCats(this.form,'."'','$default"."_pos','$lastidx'".');"';
@@ -6141,9 +7247,9 @@ sub print_serverstatuses {
 
 sub serverstatus_pages {
     return ('userstatus','lonstatus','loncron','server-status','codeversions',
-            'checksums','clusterstatus','metadata_keywords','metadata_harvest',
-            'takeoffline','takeonline','showenv','toggledebug','ping','domconf',
-            'uniquecodes','diskusage','coursecatalog');
+            'checksums','clusterstatus','certstatus','metadata_keywords',
+            'metadata_harvest','takeoffline','takeonline','showenv','toggledebug',
+            'ping','domconf','uniquecodes','diskusage','coursecatalog');
 }
 
 sub defaults_javascript {
@@ -6265,9 +7371,11 @@ sub coursecategories_javascript {
     }
     my $instcode_reserved = &mt('The name: [_1] is a reserved category.','"instcode"');
     my $communities_reserved = &mt('The name: [_1] is a reserved category.','"communities"');
+    my $placement_reserved = &mt('The name: [_1] is a reserved category.','"placement"');
     my $choose_again = "\n".&mt('Please use a different name for the new top level category.'); 
     &js_escape(\$instcode_reserved);
     &js_escape(\$communities_reserved);
+    &js_escape(\$placement_reserved);
     &js_escape(\$choose_again);
     $output = <<"ENDSCRIPT";
 <script type="text/javascript">
@@ -6337,6 +7445,10 @@ function categoryCheck(form) {
         alert('$communities_reserved\\n$choose_again');
         return false;
     }
+    if (form.elements['addcategory_name'].value == 'placement') {
+        alert('$placement_reserved\\n$choose_again');
+        return false;
+    }
     return true;
 }
 
@@ -6353,13 +7465,14 @@ sub initialize_categories {
     my %default_names = (
                       instcode    => 'Official courses (with institutional codes)',
                       communities => 'Communities',
+                      placement   => 'Placement Tests',
                         );
     my $select0 = ' selected="selected"';
     my $select1 = '';
-    foreach my $default ('instcode','communities') {
+    foreach my $default ('instcode','communities','placement') {
         $css_class = $itemcount%2?' class="LC_odd_row"':'';
         $chgstr = ' onchange="javascript:reorderCats(this.form,'."'',$default"."_pos','0'".');"';
-        if ($default eq 'communities') {
+        if (($default eq 'communities') || ($default eq 'placement')) {
             $select1 = $select0;
             $select0 = '';
         }
@@ -6471,13 +7584,14 @@ sub build_category_rows {
 }
 
 sub modifiable_userdata_row {
-    my ($context,$item,$settings,$numinrow,$rowcount,$usertypes,$fieldsref,$titlesref) = @_;
+    my ($context,$item,$settings,$numinrow,$rowcount,$usertypes,$fieldsref,$titlesref,
+        $rowid,$customcss,$rowstyle) = @_;
     my ($role,$rolename,$statustype);
     $role = $item;
     if ($context eq 'cancreate') {
-        if ($item =~ /^emailusername_(.+)$/) {
-            $statustype = $1;
-            $role = 'emailusername';
+        if ($item =~ /^(emailusername)_(.+)$/) {
+            $role = $1;
+            $statustype = $2;
             if (ref($usertypes) eq 'HASH') {
                 if ($usertypes->{$statustype}) {
                     $rolename = &mt('Data provided by [_1]',$usertypes->{$statustype});
@@ -6512,8 +7626,24 @@ sub modifiable_userdata_row {
         %fieldtitles = &Apache::loncommon::personal_data_fieldtitles();
     }
     my $output;
-    my $css_class = $rowcount%2?' class="LC_odd_row"':'';
-    $output = '<tr '.$css_class.'>'.
+    my $css_class;
+    if ($rowcount%2) {
+        $css_class = 'LC_odd_row';
+    }
+    if ($customcss) {
+        $css_class .= " $customcss";
+    }
+    $css_class =~ s/^\s+//;
+    if ($css_class) {
+        $css_class = ' class="'.$css_class.'"';
+    }
+    if ($rowstyle) {
+        $css_class .= ' style="'.$rowstyle.'"';
+    }
+    if ($rowid) {
+        $rowid = ' id="'.$rowid.'"';
+    }
+    $output = '<tr '.$css_class.$rowid.'>'.
               '<td><span class="LC_nobreak">'.$rolename.'</span></td>'.
               '<td class="LC_left_item" colspan="2"><table>';
     my $rem;
@@ -6547,9 +7677,10 @@ sub modifiable_userdata_row {
             }
         }
     }
-     
-    for (my $i=0; $i<@fields; $i++) {
-        my $rem = $i%($numinrow);
+ 
+    my $total = scalar(@fields);
+    for (my $i=0; $i<$total; $i++) {
+        $rem = $i%($numinrow);
         if ($rem == 0) {
             if ($i > 0) {
                 $output .= '</tr>';
@@ -6591,10 +7722,13 @@ sub modifiable_userdata_row {
                        '</label>';
         }
         $output .= '</span></td>';
-        $rem = @fields%($numinrow);
     }
-    my $colsleft = $numinrow - $rem;
-    if ($colsleft > 1 ) {
+    $rem = $total%$numinrow;
+    my $colsleft;
+    if ($rem) {
+        $colsleft = $numinrow - $rem;
+    }
+    if ($colsleft > 1) {
         $output .= '<td colspan="'.$colsleft.'" class="LC_left_item">'.
                    '&nbsp;</td>';
     } elsif ($colsleft == 1) {
@@ -6605,11 +7739,13 @@ sub modifiable_userdata_row {
 }
 
 sub insttypes_row {
-    my ($settings,$types,$usertypes,$dom,$numinrow,$othertitle,$context,$rownum) = @_;
+    my ($settings,$types,$usertypes,$dom,$numinrow,$othertitle,$context,$rowtotal,$onclick,
+        $customcss,$rowstyle) = @_;
     my %lt = &Apache::lonlocal::texthash (
                       cansearch => 'Users allowed to search',
                       statustocreate => 'Institutional affiliation(s) able to create own account (login/SSO)',
                       lockablenames => 'User preference to lock name',
+                      selfassign    => 'Self-reportable affiliations',
              );
     my $showdom;
     if ($context eq 'cansearch') {
@@ -6619,9 +7755,22 @@ sub insttypes_row {
     if ($context eq 'statustocreate') {
         $class = 'LC_right_item';
     }
-    my $css_class = ' class="LC_odd_row"';
-    if ($rownum ne '') { 
-        $css_class = ($rownum%2? ' class="LC_odd_row"':'');
+    my $css_class;
+    if ($$rowtotal%2) {
+        $css_class = 'LC_odd_row';
+    }
+    if ($customcss) {
+        $css_class .= ' '.$customcss;
+    }
+    $css_class =~ s/^\s+//;
+    if ($css_class) {
+        $css_class = ' class="'.$css_class.'"';
+    }
+    if ($rowstyle) {
+        $css_class .= ' style="'.$rowstyle.'"';
+    }
+    if ($onclick) {
+        $onclick = 'onclick="'.$onclick.'" ';
     }
     my $output = '<tr'.$css_class.'>'.
                  '<td>'.$lt{$context}.$showdom.
@@ -6650,7 +7799,7 @@ sub insttypes_row {
                 $output .= '<td class="LC_left_item">'.
                            '<span class="LC_nobreak"><label>'.
                            '<input type="checkbox" name="'.$context.'" '.
-                           'value="'.$types->[$i].'"'.$check.'/>'.
+                           'value="'.$types->[$i].'"'.$check.$onclick.' />'.
                            $usertypes->{$types->[$i]}.'</label></span></td>';
             }
         }
@@ -6677,7 +7826,7 @@ sub insttypes_row {
     }
     $output .= '<span class="LC_nobreak"><label>'.
                '<input type="checkbox" name="'.$context.'" '.
-               'value="default"'.$defcheck.'/>'.
+               'value="default"'.$defcheck.$onclick.' />'.
                $othertitle.'</label></span></td>'.
                '</tr></table></td></tr>';
     return $output;
@@ -7586,7 +8735,7 @@ sub display_colorchgs {
                         } else {
                             my $newitem = $confhash->{$role}{$item};
                             if ($key eq 'images') {
-                                $newitem = '<img src="'.$confhash->{$role}{$item}.'" alt="'.$choices{$item}.'" valign="bottom" />';
+                                $newitem = '<img src="'.$confhash->{$role}{$item}.'" alt="'.$choices{$item}.'" style="vertical-align: bottom" />';
                             }
                             $resulttext .= '<li>'.&mt("$choices{$item} set to [_1]",$newitem).'</li>';
                         }
@@ -7668,7 +8817,7 @@ sub check_authorstatus {
 
 sub publishlogo {
     my ($r,$action,$formname,$dom,$confname,$subdir,$thumbwidth,$thumbheight,$savefileas) = @_;
-    my ($output,$fname,$logourl);
+    my ($output,$fname,$logourl,$madethumb);
     if ($action eq 'upload') {
         $fname=$env{'form.'.$formname.'.filename'};
         chop($env{'form.'.$formname});
@@ -7796,6 +8945,7 @@ $env{'user.name'}.':'.$env{'user.domain'
                                     $r->set_handlers('PerlCleanupHandler' => [\&notifysubscribed,@{$handlers}]);
                                     $registered_cleanup=1;
                                 }
+                                $madethumb = 1;
                             } else {
                                 print $logfile "\nUnable to write ".$copyfile.
                                                ':'.$!."\n";
@@ -7808,7 +8958,7 @@ $env{'user.name'}.':'.$env{'user.domain'
             $output = $versionresult;
         }
     }
-    return ($output,$logourl);
+    return ($output,$logourl,$madethumb);
 }
 
 sub logo_versioning {
@@ -7962,7 +9112,7 @@ sub modify_quotas {
         $context = $action;
     }
     if ($context eq 'requestcourses') {
-        @usertools = ('official','unofficial','community','textbook');
+        @usertools = ('official','unofficial','community','textbook','placement');
         @options =('norequest','approval','validate','autolimit');
         %validations = &Apache::lonnet::auto_courserequest_checks($dom);
         %titles = &courserequest_titles();
@@ -8011,7 +9161,7 @@ sub modify_quotas {
         my @approvalnotify = &Apache::loncommon::get_env_multiple('form.'.$context.'notifyapproval');
         @approvalnotify = sort(@approvalnotify);
         $confhash{'notify'}{'approval'} = join(',',@approvalnotify);
-        my @crstypes = ('official','unofficial','community','textbook');
+        my @crstypes = ('official','unofficial','community','textbook','placement');
         my @hasuniquecode = &Apache::loncommon::get_env_multiple('form.uniquecode');
         foreach my $type (@hasuniquecode) {
             if (grep(/^\Q$type\E$/,@crstypes)) {
@@ -8677,6 +9827,590 @@ sub process_textbook_image {
     return ($url,$error);
 }
 
+sub modify_ltitools {
+    my ($r,$dom,$action,$lastactref,%domconfig) = @_;
+    my %domdefaults = &Apache::lonnet::get_domain_defaults($dom,1);
+    my ($newid,@allpos,%changes,%confhash,%encconfig,$errors,$resulttext);
+    my $confname = $dom.'-domainconfig';
+    my $servadm = $r->dir_config('lonAdmEMail');
+    my ($configuserok,$author_ok,$switchserver) = &config_check($dom,$confname,$servadm);
+    my (%posslti,%possfield);
+    my @courseroles = ('cc','in','ta','ep','st');
+    my @ltiroles = qw(Instructor ContentDeveloper TeachingAssistant Learner);
+    map { $posslti{$_} = 1; } @ltiroles;
+    my @allfields = ('fullname','firstname','lastname','email','user','roles');
+    map { $possfield{$_} = 1; } @allfields;
+    my %lt = &ltitools_names(); 
+    if ($env{'form.ltitools_add'}) {
+        my $title = $env{'form.ltitools_add_title'};
+        $title =~ s/(`)/'/g;
+        ($newid,my $error) = &get_ltitools_id($dom,$title);
+        if ($newid) {
+            my $position = $env{'form.ltitools_add_pos'};
+            $position =~ s/\D+//g;
+            if ($position ne '') {
+                $allpos[$position] = $newid;
+            }
+            $changes{$newid} = 1;
+            foreach my $item ('title','url','key','secret') {
+                $env{'form.ltitools_add_'.$item} =~ s/(`)/'/g;
+                if ($env{'form.ltitools_add_'.$item}) {
+                    if (($item eq 'key') || ($item eq 'secret')) {
+                        $encconfig{$newid}{$item} = $env{'form.ltitools_add_'.$item};
+                    } else {
+                        $confhash{$newid}{$item} = $env{'form.ltitools_add_'.$item};
+                    }
+                }
+            }
+            if ($env{'form.ltitools_add_version'} eq 'LTI-1p0') {
+                $confhash{$newid}{'version'} = $env{'form.ltitools_add_version'};
+            }
+            if ($env{'form.ltitools_add_msgtype'} eq 'basic-lti-launch-request') {
+                $confhash{$newid}{'msgtype'} = $env{'form.ltitools_add_msgtype'};
+            }
+            foreach my $item ('width','height','linktext','explanation') {
+                $env{'form.ltitools_add_'.$item} =~ s/^\s+//;
+                $env{'form.ltitools_add_'.$item} =~ s/\s+$//;
+                if (($item eq 'width') || ($item eq 'height')) {
+                    if ($env{'form.ltitools_add_'.$item} =~ /^\d+$/) {
+                        $confhash{$newid}{'display'}{$item} = $env{'form.ltitools_add_'.$item};
+                    }
+                } else {
+                    if ($env{'form.ltitools_add_'.$item} ne '') {
+                        $confhash{$newid}{'display'}{$item} = $env{'form.ltitools_add_'.$item}; 
+                    }
+                }
+            }
+            if ($env{'form.ltitools_add_target'} eq 'window') {
+                $confhash{$newid}{'display'}{'target'} = $env{'form.ltitools_add_target'};
+            } elsif ($env{'form.ltitools_add_target'} eq 'tab') {
+                $confhash{$newid}{'display'}{'target'} = $env{'form.ltitools_add_target'};
+            } else {
+                $confhash{$newid}{'display'}{'target'} = 'iframe';
+            }
+            foreach my $item ('passback','roster') {
+                if ($env{'form.ltitools_add_'.$item}) {
+                    $confhash{$newid}{$item} = 1;
+                }
+            }
+            if ($env{'form.ltitools_add_image.filename'} ne '') {
+                my ($imageurl,$error) =
+                    &process_ltitools_image($r,$dom,$confname,'ltitools_add_image',$newid,
+                                            $configuserok,$switchserver,$author_ok);
+                if ($imageurl) {
+                    $confhash{$newid}{'image'} = $imageurl;
+                }
+                if ($error) {
+                    &Apache::lonnet::logthis($error);
+                    $errors .= '<li><span class="LC_error">'.$error.'</span></li>';
+                }
+            }
+            my @fields = &Apache::loncommon::get_env_multiple('form.ltitools_add_fields');
+            foreach my $field (@fields) {
+                if ($possfield{$field}) {
+                    if ($field eq 'roles') {
+                        foreach my $role (@courseroles) {
+                            my $choice = $env{'form.ltitools_add_roles_'.$role};
+                            if (($choice ne '') && ($posslti{$choice})) {
+                                $confhash{$newid}{'roles'}{$role} = $choice;
+                                if ($role eq 'cc') {
+                                    $confhash{$newid}{'roles'}{'co'} = $choice; 
+                                }
+                            }
+                        }
+                    } else {
+                        $confhash{$newid}{'fields'}{$field} = 1;
+                    }
+                }
+            }
+            my @courseconfig = &Apache::loncommon::get_env_multiple('form.ltitools_courseconfig');
+            foreach my $item (@courseconfig) {
+                $confhash{$newid}{'crsconf'}{$item} = 1;
+            }
+            if ($env{'form.ltitools_add_custom'}) {
+                my $name = $env{'form.ltitools_add_custom_name'};
+                my $value = $env{'form.ltitools_add_custom_value'};
+                $value =~ s/(`)/'/g;
+                $name =~ s/(`)/'/g;
+                $confhash{$newid}{'custom'}{$name} = $value;
+            }
+        } else {
+            my $error = &mt('Failed to acquire unique ID for new external tool');   
+            $errors .= '<li><span class="LC_error">'.$error.'</span></li>';
+        }
+    }
+    if (ref($domconfig{$action}) eq 'HASH') {
+        my %deletions;
+        my @todelete = &Apache::loncommon::get_env_multiple('form.ltitools_del');
+        if (@todelete) {
+            map { $deletions{$_} = 1; } @todelete;
+        }
+        my %customadds;
+        my @newcustom = &Apache::loncommon::get_env_multiple('form.ltitools_customadd');
+        if (@newcustom) {
+            map { $customadds{$_} = 1; } @newcustom;
+        } 
+        my %imgdeletions;
+        my @todeleteimages = &Apache::loncommon::get_env_multiple('form.ltitools_image_del');
+        if (@todeleteimages) {
+            map { $imgdeletions{$_} = 1; } @todeleteimages;
+        }
+        my $maxnum = $env{'form.ltitools_maxnum'};
+        for (my $i=0; $i<=$maxnum; $i++) {
+            my $itemid = $env{'form.ltitools_id_'.$i};
+            $itemid =~ s/\D+//g;
+            if (ref($domconfig{$action}{$itemid}) eq 'HASH') {
+                if ($deletions{$itemid}) {
+                    if ($domconfig{$action}{$itemid}{'image'}) {
+                        #FIXME need to obsolete item in RES space
+                    }
+                    $changes{$itemid} = $domconfig{$action}{$itemid}{'title'};
+                    next;
+                } else {
+                    my $newpos = $env{'form.ltitools_'.$itemid};
+                    $newpos =~ s/\D+//g;
+                    foreach my $item ('title','url') {
+                        $confhash{$itemid}{$item} = $env{'form.ltitools_'.$item.'_'.$i};
+                        if ($domconfig{$action}{$itemid}{$item} ne $confhash{$itemid}{$item}) {
+                            $changes{$itemid} = 1;
+                        }
+                    }
+                    foreach my $item ('key','secret') {
+                        $encconfig{$itemid}{$item} = $env{'form.ltitools_'.$item.'_'.$i};
+                        if ($domconfig{$action}{$itemid}{$item} ne $encconfig{$itemid}{$item}) {
+                            $changes{$itemid} = 1;
+                        }
+                    }
+                    if ($env{'form.ltitools_version_'.$i} eq 'LTI-1p0') {
+                        $confhash{$itemid}{'version'} = $env{'form.ltitools_version_'.$i};
+                    }
+                    if ($env{'form.ltitools_msgtype_'.$i} eq 'basic-lti-launch-request') {
+                        $confhash{$itemid}{'msgtype'} = $env{'form.ltitools_msgtype_'.$i};
+                    }
+                    foreach my $size ('width','height') {
+                        $env{'form.ltitools_'.$size.'_'.$i} =~ s/^\s+//;
+                        $env{'form.ltitools_'.$size.'_'.$i} =~ s/\s+$//;
+                        if ($env{'form.ltitools_'.$size.'_'.$i} =~ /^\d+$/) {
+                            $confhash{$itemid}{'display'}{$size} = $env{'form.ltitools_'.$size.'_'.$i};
+                            if (ref($domconfig{$action}{$itemid}{'display'}) eq 'HASH') {
+                                if ($domconfig{$action}{$itemid}{'display'}{$size} ne $confhash{$itemid}{'display'}{$size}) {
+                                    $changes{$itemid} = 1;
+                                }
+                            } else {
+                                $changes{$itemid} = 1;
+                            }
+                        } elsif (ref($domconfig{$action}{$itemid}{'display'}) eq 'HASH') {
+                            if ($domconfig{$action}{$itemid}{'display'}{$size} ne '') {
+                                $changes{$itemid} = 1;
+                            }
+                        }
+                    }
+                    foreach my $item ('linktext','explanation') {
+                        $env{'form.ltitools_'.$item.'_'.$i} =~ s/^\s+//;
+                        $env{'form.ltitools_'.$item.'_'.$i} =~ s/\s+$//;
+                        if ($env{'form.ltitools_'.$item.'_'.$i} ne '') {
+                            $confhash{$itemid}{'display'}{$item} = $env{'form.ltitools_'.$item.'_'.$i};
+                            if (ref($domconfig{$action}{$itemid}{'display'}) eq 'HASH') {
+                                if ($domconfig{$action}{$itemid}{'display'}{$item} ne $confhash{$itemid}{'display'}{$item}) {
+                                    $changes{$itemid} = 1;
+                                }
+                            } else {
+                                $changes{$itemid} = 1;
+                            }
+                        } elsif (ref($domconfig{$action}{$itemid}{'display'}) eq 'HASH') {
+                            if ($domconfig{$action}{$itemid}{'display'}{$item} ne '') {
+                                $changes{$itemid} = 1;
+                            }
+                        }
+                    }
+                    if ($env{'form.ltitools_target_'.$i} eq 'window') {
+                        $confhash{$itemid}{'display'}{'target'} = $env{'form.ltitools_target_'.$i};
+                    } elsif ($env{'form.ltitools_target_'.$i} eq 'tab') {
+                        $confhash{$itemid}{'display'}{'target'} = $env{'form.ltitools_target_'.$i};
+                    } else {
+                        $confhash{$itemid}{'display'}{'target'} = 'iframe';
+                    }
+                    if (ref($domconfig{$action}{$itemid}{'display'}) eq 'HASH') {
+                        if ($domconfig{$action}{$itemid}{'display'}{'target'} ne $confhash{$itemid}{'display'}{'target'}) {
+                            $changes{$itemid} = 1;
+                        }
+                    } else {
+                        $changes{$itemid} = 1;
+                    }
+                    foreach my $extra ('passback','roster') {
+                        if ($env{'form.ltitools_'.$extra.'_'.$i}) {
+                            $confhash{$itemid}{$extra} = 1;
+                        }
+                        if ($domconfig{$action}{$itemid}{$extra} ne $confhash{$itemid}{$extra}) {
+                            $changes{$itemid} = 1;
+                        }
+                    }
+                    my @courseconfig = &Apache::loncommon::get_env_multiple('form.ltitools_courseconfig_'.$i);
+                    foreach my $item ('label','title','target','linktext','explanation') {
+                        if (grep(/^\Q$item\E$/,@courseconfig)) {
+                            $confhash{$itemid}{'crsconf'}{$item} = 1;
+                            if (ref($domconfig{$action}{$itemid}{'crsconf'}) eq 'HASH') {
+                                if ($domconfig{$action}{$itemid}{'crsconf'}{$item} ne $confhash{$itemid}{'crsconf'}{$item}) {
+                                    $changes{$itemid} = 1;
+                                }
+                            } else {
+                                $changes{$itemid} = 1;
+                            }
+                        }
+                    }
+                    my @fields = &Apache::loncommon::get_env_multiple('form.ltitools_fields_'.$i);
+                    foreach my $field (@fields) {
+                        if ($possfield{$field}) {
+                            if ($field eq 'roles') {
+                                foreach my $role (@courseroles) {
+                                    my $choice = $env{'form.ltitools_roles_'.$role.'_'.$i};
+                                    if (($choice ne '') && ($posslti{$choice})) {
+                                        $confhash{$itemid}{'roles'}{$role} = $choice;
+                                        if ($role eq 'cc') {
+                                            $confhash{$itemid}{'roles'}{'co'} = $choice;
+                                        }
+                                    }
+                                    if (ref($domconfig{$action}{$itemid}{'roles'}) eq 'HASH') {
+                                        if ($domconfig{$action}{$itemid}{'roles'}{$role} ne $confhash{$itemid}{'roles'}{$role}) {
+                                            $changes{$itemid} = 1;
+                                        }
+                                    } elsif ($confhash{$itemid}{'roles'}{$role}) {
+                                        $changes{$itemid} = 1;
+                                    }
+                                }
+                            } else {
+                                $confhash{$itemid}{'fields'}{$field} = 1;
+                                if (ref($domconfig{$action}{$itemid}{'fields'}) eq 'HASH') {
+                                    if ($domconfig{$action}{$itemid}{'fields'}{$field} ne $confhash{$itemid}{'fields'}{$field}) {
+                                        $changes{$itemid} = 1;
+                                    }
+                                } else {
+                                    $changes{$itemid} = 1;
+                                }
+                            }
+                        }
+                    }
+                    $allpos[$newpos] = $itemid;
+                }
+                if ($imgdeletions{$itemid}) {
+                    $changes{$itemid} = 1;
+                    #FIXME need to obsolete item in RES space
+                } elsif ($env{'form.ltitools_image_'.$i.'.filename'}) {
+                    my ($imgurl,$error) = &process_ltitools_image($r,$dom,$confname,'ltitools_image_'.$i,
+                                                                 $itemid,$configuserok,$switchserver,
+                                                                 $author_ok);
+                    if ($imgurl) {
+                        $confhash{$itemid}{'image'} = $imgurl;
+                        $changes{$itemid} = 1;
+                    }
+                    if ($error) {
+                        &Apache::lonnet::logthis($error);
+                        $errors .= '<li><span class="LC_error">'.$error.'</span></li>';
+                    }
+                } elsif ($domconfig{$action}{$itemid}{'image'}) {
+                    $confhash{$itemid}{'image'} =
+                       $domconfig{$action}{$itemid}{'image'};
+                }
+                if ($customadds{$i}) {
+                    my $name = $env{'form.ltitools_custom_name_'.$i};
+                    $name =~ s/(`)/'/g;
+                    $name =~ s/^\s+//;
+                    $name =~ s/\s+$//;
+                    my $value = $env{'form.ltitools_custom_value_'.$i};
+                    $value =~ s/(`)/'/g;
+                    $value =~ s/^\s+//;
+                    $value =~ s/\s+$//;
+                    if ($name ne '') {
+                        $confhash{$itemid}{'custom'}{$name} = $value;
+                        $changes{$itemid} = 1;
+                    }
+                }
+                my %customdels;
+                my @customdeletions = &Apache::loncommon::get_env_multiple('form.ltitools_customdel_'.$i); 
+                if (@customdeletions) {
+                    $changes{$itemid} = 1;
+                }
+                map { $customdels{$_} = 1; } @customdeletions;
+                if (ref($domconfig{$action}{$itemid}{'custom'}) eq 'HASH') {
+                    foreach my $key (keys(%{$domconfig{$action}{$itemid}{'custom'}})) {
+                        unless ($customdels{$key}) {
+                            if ($env{'form.ltitools_customval_'.$key.'_'.$i} ne '') {
+                                $confhash{$itemid}{'custom'}{$key} = $env{'form.ltitools_customval_'.$key.'_'.$i}; 
+                            }
+                            if ($domconfig{$action}{$itemid}{'custom'}{$key} ne $env{'form.ltitools_customval_'.$key.'_'.$i}) {
+                                $changes{$itemid} = 1;
+                            }
+                        }
+                    }
+                }
+                unless ($changes{$itemid}) {
+                    foreach my $key (keys(%{$domconfig{$action}{$itemid}})) {
+                        if (ref($domconfig{$action}{$itemid}{$key}) eq 'HASH') {
+                            if (ref($confhash{$itemid}{$key}) eq 'HASH') {
+                                foreach my $innerkey (keys(%{$domconfig{$action}{$itemid}{$key}})) {
+                                    unless (exists($confhash{$itemid}{$key}{$innerkey})) {
+                                        $changes{$itemid} = 1;
+                                        last;
+                                    }
+                                }
+                            } elsif (keys(%{$domconfig{$action}{$itemid}{$key}}) > 0) {
+                                $changes{$itemid} = 1;
+                            }
+                        }
+                        last if ($changes{$itemid});
+                    }
+                }
+            }
+        }
+    }
+    if (@allpos > 0) {
+        my $idx = 0;
+        foreach my $itemid (@allpos) {
+            if ($itemid ne '') {
+                $confhash{$itemid}{'order'} = $idx;
+                if (ref($domconfig{$action}) eq 'HASH') {
+                    if (ref($domconfig{$action}{$itemid}) eq 'HASH') {
+                        if ($domconfig{$action}{$itemid}{'order'} ne $idx) {
+                            $changes{$itemid} = 1;
+                        }
+                    }
+                }
+                $idx ++;
+            }
+        }
+    }
+    my %ltitoolshash = (
+                          $action => { %confhash }
+                       );
+    my $putresult = &Apache::lonnet::put_dom('configuration',\%ltitoolshash,
+                                             $dom);
+    if ($putresult eq 'ok') {
+        my %ltienchash = (
+                             $action => { %encconfig }
+                         );
+        &Apache::lonnet::put_dom('encconfig',\%ltienchash,$dom);
+        if (keys(%changes) > 0) {
+            my $cachetime = 24*60*60;
+            my %ltiall = %confhash;
+            foreach my $id (keys(%ltiall)) {
+                if (ref($encconfig{$id}) eq 'HASH') {
+                    foreach my $item ('key','secret') {
+                        $ltiall{$id}{$item} = $encconfig{$id}{$item};
+                    }
+                }
+            }
+            &Apache::lonnet::do_cache_new('ltitools',$dom,\%ltiall,$cachetime);
+            if (ref($lastactref) eq 'HASH') {
+                $lastactref->{'ltitools'} = 1;
+            }
+            $resulttext = &mt('Changes made:').'<ul>';
+            my %bynum;
+            foreach my $itemid (sort(keys(%changes))) {
+                my $position = $confhash{$itemid}{'order'};
+                $bynum{$position} = $itemid;
+            }
+            foreach my $pos (sort { $a <=> $b } keys(%bynum)) {
+                my $itemid = $bynum{$pos}; 
+                if (ref($confhash{$itemid}) ne 'HASH') {
+                    $resulttext .= '<li>'.&mt('Deleted: [_1]',$changes{$itemid}).'</li>';
+                } else {
+                    $resulttext .= '<li><b>'.$confhash{$itemid}{'title'}.'</b>';
+                    if ($confhash{$itemid}{'image'}) {
+                        $resulttext .= '&nbsp;'.
+                                       '<img src="'.$confhash{$itemid}{'image'}.'"'.
+                                       ' alt="'.&mt('Tool Provider icon').'" />';
+                    }
+                    $resulttext .= '</li><ul>';
+                    my $position = $pos + 1;
+                    $resulttext .= '<li>'.&mt('Order: [_1]',$position).'</li>';
+                    foreach my $item ('version','msgtype','url') {
+                        if ($confhash{$itemid}{$item} ne '') {
+                            $resulttext .= '<li>'.$lt{$item}.':&nbsp;'.$confhash{$itemid}{$item}.'</li>';
+                        }
+                    }
+                    if ($encconfig{$itemid}{'key'} ne '') {
+                        $resulttext .= '<li>'.$lt{'key'}.':&nbsp;'.$encconfig{$itemid}{'key'}.'</li>';
+                    }
+                    if ($encconfig{$itemid}{'secret'} ne '') {
+                        $resulttext .= '<li>'.$lt{'secret'}.':&nbsp;';
+                        my $num = length($encconfig{$itemid}{'secret'});
+                        $resulttext .= ('*'x$num).'</li>';
+                    }
+                    $resulttext .= '<li>'.&mt('Configurable in course:');
+                    my @possconfig = ('label','title','target','linktext','explanation');
+                    my $numconfig = 0; 
+                    if (ref($confhash{$itemid}{'crsconf'}) eq 'HASH') { 
+                        foreach my $item (@possconfig) {
+                            if ($confhash{$itemid}{'crsconf'}{$item}) {
+                                $numconfig ++;
+                                $resulttext .= ' "'.$lt{'crs'.$item}.'"';
+                            }
+                        }
+                    }
+                    if (!$numconfig) {
+                        $resulttext .= &mt('None');
+                    }
+                    $resulttext .= '</li>';
+                    foreach my $item ('passback','roster') {
+                        $resulttext .= '<li>'.$lt{$item}.'&nbsp;';
+                        if ($confhash{$itemid}{$item}) {
+                            $resulttext .= &mt('Yes');
+                        } else {
+                            $resulttext .= &mt('No');
+                        }
+                        $resulttext .= '</li>';
+                    }
+                    if (ref($confhash{$itemid}{'display'}) eq 'HASH') {
+                        my $displaylist;
+                        if ($confhash{$itemid}{'display'}{'target'}) {
+                            $displaylist = &mt('Display target').':&nbsp;'.
+                                           $confhash{$itemid}{'display'}{'target'}.',';
+                        }
+                        foreach my $size ('width','height') { 
+                            if ($confhash{$itemid}{'display'}{$size}) {
+                                $displaylist .= ('&nbsp;'x2).$lt{$size}.':&nbsp;'.
+                                                $confhash{$itemid}{'display'}{$size}.',';
+                            }
+                        }
+                        if ($displaylist) {
+                            $displaylist =~ s/,$//;
+                            $resulttext .= '<li>'.$displaylist.'</li>';
+                        }
+                        foreach my $item ('linktext','explanation') {
+                            if ($confhash{$itemid}{'display'}{$item}) {
+                                $resulttext .= '<li>'.$lt{$item}.':&nbsp;'.$confhash{$itemid}{'display'}{$item}.'</li>';
+                            }
+                        }
+                    }
+                    if (ref($confhash{$itemid}{'fields'}) eq 'HASH') {
+                        my $fieldlist;
+                        foreach my $field (@allfields) {
+                            if ($confhash{$itemid}{'fields'}{$field}) {
+                                $fieldlist .= ('&nbsp;'x2).$lt{$field}.',';
+                            }
+                        }
+                        if ($fieldlist) {
+                            $fieldlist =~ s/,$//;
+                            $resulttext .= '<li>'.&mt('Data sent').':'.$fieldlist.'</li>';
+                        }
+                    }
+                    if (ref($confhash{$itemid}{'roles'}) eq 'HASH') {
+                        my $rolemaps;
+                        foreach my $role (@courseroles) {
+                            if ($confhash{$itemid}{'roles'}{$role}) {
+                                $rolemaps .= ('&nbsp;'x2).&Apache::lonnet::plaintext($role,'Course').'='.
+                                             $confhash{$itemid}{'roles'}{$role}.',';
+                            }
+                        }
+                        if ($rolemaps) {
+                            $rolemaps =~ s/,$//; 
+                            $resulttext .= '<li>'.&mt('Role mapping:').$rolemaps.'</li>';
+                        }
+                    }
+                    if (ref($confhash{$itemid}{'custom'}) eq 'HASH') {
+                        my $customlist;
+                        if (keys(%{$confhash{$itemid}{'custom'}})) {
+                            foreach my $key (sort(keys(%{$confhash{$itemid}{'custom'}}))) {
+                                $customlist .= $key.':'.$confhash{$itemid}{'custom'}{$key}.('&nbsp;'x2);
+                            } 
+                        }
+                        if ($customlist) {
+                            $resulttext .= '<li>'.&mt('Custom items').':'.$customlist.'</li>';
+                        }
+                    } 
+                    $resulttext .= '</ul></li>';
+                }
+            }
+            $resulttext .= '</ul>';
+        } else {
+            $resulttext = &mt('No changes made.');
+        }
+    } else {
+        $errors .= '<li><span class="LC_error">'.&mt('Failed to save changes').'</span></li>';
+    }
+    if ($errors) {
+        $resulttext .= &mt('The following errors occurred: ').'<ul>'.
+                       $errors.'</ul>';
+    }
+    return $resulttext;
+}
+
+sub process_ltitools_image {
+    my ($r,$dom,$confname,$caller,$itemid,$configuserok,$switchserver,$author_ok) = @_;
+    my $filename = $env{'form.'.$caller.'.filename'};
+    my ($error,$url);
+    my ($width,$height) = (21,21);
+    if ($configuserok eq 'ok') {
+        if ($switchserver) {
+            $error = &mt('Upload of Tool Provider (LTI) icon is not permitted to this server: [_1]',
+                         $switchserver);
+        } elsif ($author_ok eq 'ok') {
+            my ($result,$imageurl,$madethumb) =
+                &publishlogo($r,'upload',$caller,$dom,$confname,
+                             "ltitools/$itemid/icon",$width,$height);
+            if ($result eq 'ok') {
+                if ($madethumb) {
+                    my ($path,$imagefile) = ($imageurl =~ m{^(.+)/([^/]+)$});
+                    my $imagethumb = "$path/tn-".$imagefile;
+                    $url = $imagethumb;
+                } else {
+                    $url = $imageurl;
+                }
+            } else {
+                $error = &mt("Upload of [_1] failed because an error occurred publishing the file in RES space. Error was: [_2].",$filename,$result);
+            }
+        } else {
+            $error = &mt("Upload of [_1] failed because an author role could not be assigned to a Domain Configuration user ([_2]) in domain: [_3].  Error was: [_4].",$filename,$confname,$dom,$author_ok);
+        }
+    } else {
+        $error = &mt("Upload of [_1] failed because a Domain Configuration user ([_2]) could not be created in domain: [_3].  Error was: [_4].",$filename,$confname,$dom,$configuserok);
+    }
+    return ($url,$error);
+}
+
+sub get_ltitools_id {
+    my ($cdom,$title) = @_;
+    # get lock on ltitools db
+    my $lockhash = {
+                      lock => $env{'user.name'}.
+                              ':'.$env{'user.domain'},
+                   };
+    my $tries = 0;
+    my $gotlock = &Apache::lonnet::newput_dom('ltitools',$lockhash,$cdom);
+    my ($id,$error);
+ 
+    while (($gotlock ne 'ok') && ($tries<10)) {
+        $tries ++;
+        sleep (0.1);
+        $gotlock = &Apache::lonnet::newput_dom('ltitools',$lockhash,$cdom);
+    }
+    if ($gotlock eq 'ok') {
+        my %currids = &Apache::lonnet::dump_dom('ltitools',$cdom);
+        if ($currids{'lock'}) {
+            delete($currids{'lock'});
+            if (keys(%currids)) {
+                my @curr = sort { $a <=> $b } keys(%currids);
+                if ($curr[-1] =~ /^\d+$/) {
+                    $id = 1 + $curr[-1];
+                }
+            } else {
+                $id = 1;
+            }
+            if ($id) {
+                unless (&Apache::lonnet::newput_dom('ltitools',{ $id => $title },$cdom) eq 'ok') {
+                    $error = 'nostore';
+                }
+            } else {
+                $error = 'nonumber';
+            }
+        }
+        my $dellockoutcome = &Apache::lonnet::del_dom('ltitools',['lock'],$cdom);
+    } else {
+        $error = 'nolock';
+    }
+    return ($id,$error);
+}
+
 sub modify_autoenroll {
     my ($dom,$lastactref,%domconfig) = @_;
     my ($resulttext,%changes);
@@ -9467,7 +11201,7 @@ sub modify_contacts {
                             $resulttext .= $bcctext.': <span class="LC_cusr_emph">'.$bcc{$type}.'</span>';
                         } elsif (!@text) {
                             $resulttext .= &mt('No one');
-                        }
+                        }   
                         if ($includestr{$type} ne '') {
                             if ($includeloc{$type} eq 'b') {
                                 $resulttext .= '<br />'.&mt('Text automatically added to e-mail body:').' '.$includestr{$type};
@@ -9559,12 +11293,10 @@ sub modify_usercreation {
             if ($key eq 'cancreate') {
                 if (ref($domconfig{'usercreation'}{$key}) eq 'HASH') {
                     foreach my $item (keys(%{$domconfig{'usercreation'}{$key}})) {
-                        if (($item eq 'selfcreate') || ($item eq 'statustocreate') ||
-                            ($item eq 'captcha') || ($item eq 'recaptchakeys') ||
-                            ($item eq 'recaptchaversion')) {
-                            $save_usercreate{$key}{$item} = $domconfig{'usercreation'}{$key}{$item};
-                        } else {
+                        if (($item eq 'requestcrs') || ($item eq 'course') || ($item eq 'author')) {
                             $curr_usercreation{$key}{$item} = $domconfig{'usercreation'}{$key}{$item};
+                        } else {
+                            $save_usercreate{$key}{$item} = $domconfig{'usercreation'}{$key}{$item};
                         }
                     }
                 }
@@ -9767,14 +11499,18 @@ sub modify_usercreation {
 }
 
 sub modify_selfcreation {
-    my ($dom,%domconfig) = @_;
-    my ($resulttext,$warningmsg,%curr_usercreation,%curr_usermodify,%changes,%cancreate);
-    my (%save_usercreate,%save_usermodify);
-    my ($othertitle,$usertypes,$types) = &Apache::loncommon::sorted_inst_types($dom);
-    if (ref($types) eq 'ARRAY') {
-        $usertypes->{'default'} = $othertitle;
-        push(@{$types},'default');
+    my ($dom,$lastactref,%domconfig) = @_;
+    my ($resulttext,$warningmsg,%curr_usercreation,%curr_usermodify,%curr_inststatus,%changes,%cancreate);
+    my (%save_usercreate,%save_usermodify,%save_inststatus,@types,%usertypes);
+    my %domdefaults = &Apache::lonnet::get_domain_defaults($dom,1);
+    my ($othertitle,$usertypesref,$typesref) = &Apache::loncommon::sorted_inst_types($dom);
+    if (ref($typesref) eq 'ARRAY') {
+        @types = @{$typesref};
+    }
+    if (ref($usertypesref) eq 'HASH') {
+        %usertypes = %{$usertypesref};
     }
+    $usertypes{'default'} = $othertitle;
 #
 # Retrieve current domain configuration for self-creation of usernames from $domconfig{'usercreation'}.
 #
@@ -9784,10 +11520,11 @@ sub modify_selfcreation {
                 if (ref($domconfig{'usercreation'}{$key}) eq 'HASH') {
                     foreach my $item (keys(%{$domconfig{'usercreation'}{$key}})) {
                         if (($item eq 'selfcreate') || ($item eq 'statustocreate') ||
-                            ($item eq 'captcha') || ($item eq 'recaptchakeys') || 
-                            ($item eq 'recaptchaversion') ||
-                            ($item eq 'emailusername') || ($item eq 'notify') ||
-                            ($item eq 'selfcreateprocessing') || ($item eq 'shibenv')) {
+                            ($item eq 'captcha') || ($item eq 'recaptchakeys') ||
+                            ($item eq 'recaptchaversion') || ($item eq 'notify') ||
+                            ($item eq 'emailusername') || ($item eq 'shibenv') ||
+                            ($item eq 'selfcreateprocessing') || ($item eq 'emailverified') ||
+                            ($item eq 'emailoptions') || ($item eq 'emaildomain')) {
                             $curr_usercreation{$key}{$item} = $domconfig{'usercreation'}{$key}{$item};
                         } else {
                             $save_usercreate{$key}{$item} = $domconfig{'usercreation'}{$key}{$item};
@@ -9813,41 +11550,160 @@ sub modify_selfcreation {
             }
         }
     }
+#
+# Retrieve current domain configuration for institutional status types from $domconfig{'inststatus'}.
+#
+    if (ref($domconfig{'inststatus'}) eq 'HASH') {
+        foreach my $key (keys(%{$domconfig{'inststatus'}})) {
+            if ($key eq 'inststatusguest') {
+                $curr_inststatus{$key} = $domconfig{'inststatus'}{$key};
+            } else {
+                $save_inststatus{$key} = $domconfig{'inststatus'}{$key};
+            }
+        }
+    }
 
     my @contexts = ('selfcreate');
     @{$cancreate{'selfcreate'}} = ();
     %{$cancreate{'emailusername'}} = ();
-    @{$cancreate{'statustocreate'}} = ();
+    if (@types) {
+        @{$cancreate{'statustocreate'}} = ();
+    }
     %{$cancreate{'selfcreateprocessing'}} = ();
     %{$cancreate{'shibenv'}} = ();
+    %{$cancreate{'emailverified'}} = ();
+    %{$cancreate{'emailoptions'}} = ();
+    %{$cancreate{'emaildomain'}} = ();
     my %selfcreatetypes = (
                              sso   => 'users authenticated by institutional single sign on',
                              login => 'users authenticated by institutional log-in',
-                             email => 'users who provide a valid e-mail address for use as username',
+                             email => 'users verified by e-mail',
                           );
 #
 # Populate $cancreate{'selfcreate'} array reference with types of user, for which self-creation of user accounts
 # is permitted.
 #
+    my ($emailrules,$emailruleorder) = &Apache::lonnet::inst_userrules($dom,'email');
 
-    my @statuses;
-    if (ref($domconfig{'inststatus'}) eq 'HASH') {
-        if (ref($domconfig{'inststatus'}{'inststatusguest'}) eq 'ARRAY') {
-            @statuses = @{$domconfig{'inststatus'}{'inststatusguest'}};
-        }
-    }
-    push(@statuses,'default');
-
+    my (@statuses,%email_rule);
     foreach my $item ('login','sso','email') {
         if ($item eq 'email') {
             if ($env{'form.cancreate_email'}) {
-                push(@{$cancreate{'selfcreate'}},'email');
-                push(@contexts,'selfcreateprocessing');
-                foreach my $type (@statuses) {
-                    if ($type eq 'default') {
-                        $cancreate{'selfcreateprocessing'}{$type} = $env{'form.cancreate_emailprocess'};
-                    } else { 
-                        $cancreate{'selfcreateprocessing'}{$type} = $env{'form.cancreate_emailprocess_'.$type};
+                if (@types) {
+                    my @poss_statuses = &Apache::loncommon::get_env_multiple('form.selfassign');
+                    foreach my $status (@poss_statuses) {
+                        if (grep(/^\Q$status\E$/,(@types,'default'))) {
+                            push(@statuses,$status);
+                        }
+                    }
+                    $save_inststatus{'inststatusguest'} = \@statuses;
+                } else {
+                    push(@statuses,'default');
+                }
+                if (@statuses) {
+                    my %curr_rule;
+                    if (ref($curr_usercreation{'email_rule'}) eq 'ARRAY') {
+                        foreach my $type (@statuses) {
+                            $curr_rule{$type} = $curr_usercreation{'email_rule'};
+                        }
+                    } elsif (ref($curr_usercreation{'email_rule'}) eq 'HASH') {
+                        foreach my $type (@statuses) {
+                            $curr_rule{$type} = $curr_usercreation{'email_rule'}{$type};
+                        }
+                    }
+                    push(@{$cancreate{'selfcreate'}},'email');
+                    push(@contexts,('selfcreateprocessing','emailverified','emailoptions'));
+                    my %curremaildom;
+                    if (ref($curr_usercreation{'cancreate'}{'emaildomain'}) eq 'HASH') {
+                        %curremaildom = %{$curr_usercreation{'cancreate'}{'emaildomain'}};
+                    }
+                    foreach my $type (@statuses) {
+                        if ($env{'form.cancreate_emailprocess_'.$type} =~ /^(?:approval|automatic)$/) {
+                            $cancreate{'selfcreateprocessing'}{$type} = $env{'form.cancreate_emailprocess_'.$type};
+                        }
+                        if ($env{'form.cancreate_usernameoptions_'.$type} =~ /^(?:all|first|free)$/) {
+                            $cancreate{'emailverified'}{$type} = $env{'form.cancreate_usernameoptions_'.$type};
+                        }
+                        if ($env{'form.cancreate_emailoptions_'.$type} =~ /^(any|inst|noninst|custom)$/) {
+#
+# Retrieve rules (if any) governing types of e-mail address which may be used to verify a username.
+#
+                            my $chosen = $1;
+                            if (($chosen eq 'inst') || ($chosen eq 'noninst')) {
+                                my $emaildom;
+                                if ($env{'form.cancreate_emaildomain_'.$chosen.'_'.$type} =~ /^\@[^\@]+$/) {
+                                    $emaildom = $env{'form.cancreate_emaildomain_'.$chosen.'_'.$type}; 
+                                    $cancreate{'emaildomain'}{$type}{$chosen} = $emaildom;
+                                    if (ref($curremaildom{$type}) eq 'HASH') {
+                                        if (exists($curremaildom{$type}{$chosen})) {
+                                            if ($curremaildom{$type}{$chosen} ne $emaildom) {
+                                                push(@{$changes{'cancreate'}},'emaildomain');
+                                            }
+                                        } elsif ($emaildom ne '') {
+                                            push(@{$changes{'cancreate'}},'emaildomain');
+                                        }
+                                    } elsif ($emaildom ne '') {
+                                        push(@{$changes{'cancreate'}},'emaildomain');
+                                    } 
+                                }
+                                $cancreate{'emailoptions'}{$type} = $env{'form.cancreate_emailoptions_'.$type};
+                            } elsif ($chosen eq 'custom') {
+                                my @possemail_rules = &Apache::loncommon::get_env_multiple('form.email_rule_'.$type);
+                                $email_rule{$type} = [];
+                                if (ref($emailrules) eq 'HASH') {
+                                    foreach my $rule (@possemail_rules) {
+                                        if (exists($emailrules->{$rule})) {
+                                            push(@{$email_rule{$type}},$rule);
+                                        }
+                                    }
+                                }
+                                if (@{$email_rule{$type}}) {
+                                    $cancreate{'emailoptions'}{$type} = 'custom';
+                                    if (ref($curr_rule{$type}) eq 'ARRAY') {
+                                        if (@{$curr_rule{$type}} > 0) {
+                                            foreach my $rule (@{$curr_rule{$type}}) {
+                                                if (!grep(/^\Q$rule\E$/,@{$email_rule{$type}})) {
+                                                    push(@{$changes{'email_rule'}},$type);
+                                                }
+                                            }
+                                        }
+                                        foreach my $type (@{$email_rule{$type}}) {
+                                            if (!grep(/^\Q$type\E$/,@{$curr_rule{$type}})) {
+                                                push(@{$changes{'email_rule'}},$type);
+                                            }
+                                        }
+                                    } else {
+                                        push(@{$changes{'email_rule'}},$type);
+                                    }
+                                }
+                            } else {
+                                $cancreate{'emailoptions'}{$type} = $env{'form.cancreate_emailoptions_'.$type};
+                            }
+                        }
+                    }
+                    if (@types) {
+                        if (ref($curr_inststatus{'inststatusguest'}) eq 'ARRAY') {
+                            my @changed = &Apache::loncommon::compare_arrays(\@statuses,$curr_inststatus{'inststatusguest'});
+                            if (@changed) {
+                                push(@{$changes{'inststatus'}},'inststatusguest');
+                            }
+                        } else {
+                            push(@{$changes{'inststatus'}},'inststatusguest');
+                        }
+                    }
+                } else {
+                    delete($env{'form.cancreate_email'});
+                    if (ref($curr_inststatus{'inststatusguest'}) eq 'ARRAY') {
+                        if (@{$curr_inststatus{'inststatusguest'}} > 0) {
+                            push(@{$changes{'inststatus'}},'inststatusguest');
+                        }
+                    }
+                }
+            } else {
+                $save_inststatus{'inststatusguest'} = [];
+                if (ref($curr_inststatus{'inststatusguest'}) eq 'ARRAY') {
+                    if (@{$curr_inststatus{'inststatusguest'}} > 0) {
+                        push(@{$changes{'inststatus'}},'inststatusguest');
                     }
                 }
             }
@@ -9857,7 +11713,7 @@ sub modify_selfcreation {
             }
         }
     }
-    my (@email_rule,%userinfo,%savecaptcha);
+    my (%userinfo,%savecaptcha);
     my ($infofields,$infotitles) = &Apache::loncommon::emailusername_info();
 #
 # Populate $cancreate{'emailusername'}{$type} hash ref with information fields (if new user will provide data
@@ -9866,8 +11722,8 @@ sub modify_selfcreation {
 
     if ($env{'form.cancreate_email'}) {
         push(@contexts,'emailusername');
-        if (ref($types) eq 'ARRAY') {
-            foreach my $type (@{$types}) {
+        if (@statuses) {
+            foreach my $type (@statuses) {
                 if (ref($infofields) eq 'ARRAY') {
                     foreach my $field (@{$infofields}) {
                         if ($env{'form.canmodify_emailusername_'.$type.'_'.$field} =~ /^(required|optional)$/) {
@@ -9879,7 +11735,7 @@ sub modify_selfcreation {
         }
 #
 # Populate $cancreate{'notify'} hash ref with names of Domain Coordinators who are to be notified of
-# queued requests for self-creation of account using e-mail address as username
+# queued requests for self-creation of account verified by e-mail.
 #
 
         my @approvalnotify = &Apache::loncommon::get_env_multiple('form.selfcreationnotifyapproval');
@@ -9899,36 +11755,13 @@ sub modify_selfcreation {
             push(@{$changes{'cancreate'}},'notify');
         }
 
-#
-# Retrieve rules (if any) governing types of e-mail address which may be used as a username
-#
-        @email_rule = &Apache::loncommon::get_env_multiple('form.email_rule');
         &process_captcha('cancreate',\%changes,\%savecaptcha,$curr_usercreation{'cancreate'});
-        if (ref($curr_usercreation{'email_rule'}) eq 'ARRAY') {
-            if (@{$curr_usercreation{'email_rule'}} > 0) {
-                foreach my $type (@{$curr_usercreation{'email_rule'}}) {
-                    if (!grep(/^\Q$type\E$/,@email_rule)) {
-                        push(@{$changes{'email_rule'}},$type);
-                    }
-                }
-            }
-            if (@email_rule > 0) {
-                foreach my $type (@email_rule) {
-                    if (!grep(/^\Q$type\E$/,@{$curr_usercreation{'email_rule'}})) {
-                        push(@{$changes{'email_rule'}},$type);
-                    }
-                }
-            }
-        } elsif (@email_rule > 0) {
-            push(@{$changes{'email_rule'}},@email_rule);
-        }
     }
 #  
 # Check if domain default is set appropriately, if self-creation of accounts is to be available for
 # institutional log-in.
 #
     if (grep(/^login$/,@{$cancreate{'selfcreate'}})) {
-        my %domdefaults = &Apache::lonnet::get_domain_defaults($dom,1);
         if (!((($domdefaults{'auth_def'} =~/^krb/) && ($domdefaults{'auth_arg_def'} ne '')) || 
                ($domdefaults{'auth_def'} eq 'localauth'))) {
             $warningmsg = &mt('Although account creation has been set to be available for institutional logins, currently default authentication in this domain has not been set to support this.').' '.
@@ -9947,14 +11780,10 @@ sub modify_selfcreation {
 # which the user may supply, if institutional data is unavailable.
 #
     if (($env{'form.cancreate_login'}) || ($env{'form.cancreate_sso'})) {
-        if (ref($types) eq 'ARRAY') {
-            if (@{$types} > 1) {
-                @{$cancreate{'statustocreate'}} = &Apache::loncommon::get_env_multiple('form.statustocreate');
-                push(@contexts,'statustocreate');
-            } else {
-                undef($cancreate{'statustocreate'});
-            } 
-            foreach my $type (@{$types}) {
+        if (@types) {
+            @{$cancreate{'statustocreate'}} = &Apache::loncommon::get_env_multiple('form.statustocreate');
+            push(@contexts,'statustocreate');
+            foreach my $type (@types) {
                 my @modifiable =  &Apache::loncommon::get_env_multiple('form.canmodify_'.$type);
                 foreach my $field (@fields) {
                     if (grep(/^\Q$field\E$/,@modifiable)) {
@@ -9965,7 +11794,7 @@ sub modify_selfcreation {
                 }
             }
             if (ref($curr_usermodify{'selfcreate'}) eq 'HASH') {
-                foreach my $type (@{$types}) {
+                foreach my $type (@types) {
                     if (ref($curr_usermodify{'selfcreate'}{$type}) eq 'HASH') {
                         foreach my $field (@fields) {
                             if ($save_usermodify{'selfcreate'}{$type}{$field} ne
@@ -9977,7 +11806,7 @@ sub modify_selfcreation {
                     }
                 }
             } else {
-                foreach my $type (@{$types}) {
+                foreach my $type (@types) {
                     push(@{$changes{'selfcreate'}},$type);
                 }
             }
@@ -10026,34 +11855,28 @@ sub modify_selfcreation {
             }
         } elsif (ref($curr_usercreation{'cancreate'}{$item}) eq 'HASH') {
             if (ref($cancreate{$item}) eq 'HASH') {
-                foreach my $curr (keys(%{$curr_usercreation{'cancreate'}{$item}})) {
-                    if (ref($curr_usercreation{'cancreate'}{$item}{$curr}) eq 'HASH') {
-                        foreach my $field (keys(%{$curr_usercreation{'cancreate'}{$item}{$curr}})) {
-                            unless ($curr_usercreation{'cancreate'}{$item}{$curr}{$field} eq $cancreate{$item}{$curr}{$field}) {
+                foreach my $type (keys(%{$curr_usercreation{'cancreate'}{$item}})) {
+                    if (ref($curr_usercreation{'cancreate'}{$item}{$type}) eq 'HASH') {
+                        foreach my $field (keys(%{$curr_usercreation{'cancreate'}{$item}{$type}})) {
+                            unless ($curr_usercreation{'cancreate'}{$item}{$type}{$field} eq $cancreate{$item}{$type}{$field}) {
                                 if (!grep(/^$item$/,@{$changes{'cancreate'}})) {
                                     push(@{$changes{'cancreate'}},$item);
                                 }
                             }
                         }
-                    } elsif ($item eq 'selfcreateprocessing') {
-                        if ($cancreate{$item}{$curr} ne $curr_usercreation{'cancreate'}{$item}{$curr}) {
-                            if (!grep(/^$item$/,@{$changes{'cancreate'}})) {
-                                push(@{$changes{'cancreate'}},$item);
-                            }
-                        }
-                    } else {
-                        if (!$cancreate{$item}{$curr}) {
+                    } elsif (($item eq 'selfcreateprocessing') || ($item eq 'emailverified') || ($item eq 'emailoptions')) {
+                        if ($cancreate{$item}{$type} ne $curr_usercreation{'cancreate'}{$item}{$type}) {
                             if (!grep(/^$item$/,@{$changes{'cancreate'}})) {
                                 push(@{$changes{'cancreate'}},$item);
                             }
                         }
                     }
                 }
-                foreach my $field (keys(%{$cancreate{$item}})) {
-                    if (ref($cancreate{$item}{$field}) eq 'HASH') {
-                        foreach my $inner (keys(%{$cancreate{$item}{$field}})) {
-                            if (ref($curr_usercreation{'cancreate'}{$item}{$field}) eq 'HASH') {
-                                unless ($curr_usercreation{'cancreate'}{$item}{$field}{$inner} eq $cancreate{$item}{$field}{$inner}) {
+                foreach my $type (keys(%{$cancreate{$item}})) {
+                    if (ref($cancreate{$item}{$type}) eq 'HASH') {
+                        foreach my $field (keys(%{$cancreate{$item}{$type}})) {
+                            if (ref($curr_usercreation{'cancreate'}{$item}{$type}) eq 'HASH') {
+                                unless ($curr_usercreation{'cancreate'}{$item}{$type}{$field} eq $cancreate{$item}{$type}{$field}) {
                                     if (!grep(/^$item$/,@{$changes{'cancreate'}})) {
                                         push(@{$changes{'cancreate'}},$item);
                                     }
@@ -10064,14 +11887,8 @@ sub modify_selfcreation {
                                 }
                             }
                         }
-                    } elsif ($item eq 'selfcreateprocessing') {
-                        if ($cancreate{$item}{$field} ne $curr_usercreation{'cancreate'}{$item}{$field}) {
-                            if (!grep(/^$item$/,@{$changes{'cancreate'}})) {
-                                push(@{$changes{'cancreate'}},$item);
-                            }
-                        }
-                    } else {
-                        if (!$curr_usercreation{'cancreate'}{$item}{$field}) {
+                    } elsif (($item eq 'selfcreateprocessing') || ($item eq 'emailverified') || ($item eq 'emailoptions')) {
+                        if ($cancreate{$item}{$type} ne $curr_usercreation{'cancreate'}{$item}{$type}) {
                             if (!grep(/^$item$/,@{$changes{'cancreate'}})) {
                                 push(@{$changes{'cancreate'}},$item);
                             }
@@ -10086,11 +11903,11 @@ sub modify_selfcreation {
                         push(@{$changes{'cancreate'}},$item);
                     }
                 }
-            } elsif (ref($cancreate{$item}) eq 'HASH') {
-                if (!$cancreate{$item}{$curr_usercreation{'cancreate'}{$item}}) {
-                    if (!grep(/^$item$/,@{$changes{'cancreate'}})) {
-                        push(@{$changes{'cancreate'}},$item);
-                    }
+            }
+        } elsif (($item eq 'selfcreateprocessing') || ($item eq 'emailverified') || ($item eq 'emailoptions')) {
+            if (ref($cancreate{$item}) eq 'HASH') {
+                if (!grep(/^$item$/,@{$changes{'cancreate'}})) {
+                    push(@{$changes{'cancreate'}},$item);
                 }
             }
         } elsif ($item eq 'emailusername') {
@@ -10123,6 +11940,15 @@ sub modify_selfcreation {
     if (ref($cancreate{'selfcreateprocessing'}) eq 'HASH') {
         $save_usercreate{'cancreate'}{'selfcreateprocessing'} = $cancreate{'selfcreateprocessing'};
     }
+    if (ref($cancreate{'emailverified'}) eq 'HASH') {
+        $save_usercreate{'cancreate'}{'emailverified'} = $cancreate{'emailverified'};
+    }
+    if (ref($cancreate{'emailoptions'}) eq 'HASH') {
+        $save_usercreate{'cancreate'}{'emailoptions'} = $cancreate{'emailoptions'};
+    }
+    if (ref($cancreate{'emaildomain'}) eq 'HASH') {
+        $save_usercreate{'cancreate'}{'emaildomain'} = $cancreate{'emaildomain'};
+    }
     if (ref($cancreate{'statustocreate'}) eq 'ARRAY') {
         $save_usercreate{'cancreate'}{'statustocreate'} = $cancreate{'statustocreate'};
     }
@@ -10130,16 +11956,18 @@ sub modify_selfcreation {
         $save_usercreate{'cancreate'}{'shibenv'} = $cancreate{'shibenv'};
     }
     $save_usercreate{'cancreate'}{'emailusername'} = $cancreate{'emailusername'};
-    $save_usercreate{'emailrule'} = \@email_rule;
+    $save_usercreate{'email_rule'} = \%email_rule;
 
     my %userconfig_hash = (
             usercreation     => \%save_usercreate,
             usermodification => \%save_usermodify,
+            inststatus       => \%save_inststatus,
     );
+
     my $putresult = &Apache::lonnet::put_dom('configuration',\%userconfig_hash,
                                              $dom);
 #
-# Accumulate details of changes to domain cofiguration for self-creation of usernames in $resulttext
+# Accumulate details of changes to domain configuration for self-creation of usernames in $resulttext
 #
     if ($putresult eq 'ok') {
         if (keys(%changes) > 0) {
@@ -10147,7 +11975,7 @@ sub modify_selfcreation {
             if (ref($changes{'cancreate'}) eq 'ARRAY') {
                 my %lt = &selfcreation_types();
                 foreach my $type (@{$changes{'cancreate'}}) {
-                    my $chgtext;
+                    my $chgtext = '';
                     if ($type eq 'selfcreate') {
                         if (@{$cancreate{$type}} == 0) {
                             $chgtext .= &mt('Self creation of a new user account is not permitted.');
@@ -10162,18 +11990,25 @@ sub modify_selfcreation {
                                 if (grep(/^(login|sso)$/,@{$cancreate{$type}})) {
                                     if (ref($cancreate{'statustocreate'}) eq 'ARRAY') {
                                         if (@{$cancreate{'statustocreate'}} == 0) {
-                                            $chgtext .= '<br />'.
-                                                        '<span class="LC_warning">'.
-                                                        &mt("However, no institutional affiliations (including 'other') are currently permitted to create accounts.").
-                                                        '</span>';
+                                            $chgtext .= '<span class="LC_warning">'.
+                                                        &mt("However, no institutional affiliations (including 'other') are currently permitted to create accounts via log-in or single sign-on.").
+                                                        '</span><br />';
                                         }
                                     }
                                 }
+                                if (grep(/^email$/,@{$cancreate{$type}})) {
+                                    if (!@statuses) {
+                                        $chgtext .= '<span class="LC_warning">'.
+                                                    &mt("However, e-mail verification is currently set to 'unavailable' for all user types (including 'other'), so self-creation of accounts is not possible for non-institutional log-in.").
+                                                    '</span><br />';
+
+                                    }
+                                }
                             }
                         }
                     } elsif ($type eq 'shibenv') {
                         if (keys(%{$cancreate{$type}}) == 0) {
-                            $chgtext .= &mt('Shibboleth-autheticated user does not use environment variables to set user information'); 
+                            $chgtext .= &mt('Shibboleth-autheticated user does not use environment variables to set user information').'<br />'; 
                         } else {
                             $chgtext .= &mt('Shibboleth-autheticated user information set from environment variables, as follows:').
                                         '<ul>';
@@ -10186,7 +12021,7 @@ sub modify_selfcreation {
                                 }
                             }
                             $chgtext .= '</ul>';
-                        }  
+                        }
                     } elsif ($type eq 'statustocreate') {
                         if ((ref($cancreate{'selfcreate'}) eq 'ARRAY') &&
                             (ref($cancreate{'statustocreate'}) eq 'ARRAY')) {
@@ -10199,7 +12034,7 @@ sub modify_selfcreation {
                                                     &mt("However, no institutional affiliations (including 'other') are currently permitted to create accounts.").
                                                     '</span>';
                                     }
-                                } elsif (ref($usertypes) eq 'HASH') {
+                                } elsif (keys(%usertypes) > 0) {
                                     if (grep(/^(login|sso)$/,@{$cancreate{'selfcreate'}})) {
                                         $chgtext .= &mt('Creation of a new account for an institutional user is restricted to the following institutional affiliation(s):');
                                     } else {
@@ -10210,12 +12045,12 @@ sub modify_selfcreation {
                                         if ($case eq 'default') {
                                             $chgtext .= '<li>'.$othertitle.'</li>';
                                         } else {
-                                            $chgtext .= '<li>'.$usertypes->{$case}.'</li>';
+                                            $chgtext .= '<li>'.$usertypes{$case}.'</li>';
                                         }
                                     }
                                     $chgtext .= '</ul>';
                                     if (!grep(/^(login|sso)$/,@{$cancreate{'selfcreate'}})) {
-                                        $chgtext .= '<br /><span class="LC_warning">'.
+                                        $chgtext .= '<span class="LC_warning">'.
                                                     &mt('However, users authenticated by institutional login/single sign on are not currently permitted to create accounts.').
                                                     '</span>';
                                     }
@@ -10227,26 +12062,129 @@ sub modify_selfcreation {
                                     $chgtext .= &mt('Although institutional affiliations permitted to create accounts were changed, self creation of accounts is not currently permitted for any authentication types.');
                                 }
                             }
+                            $chgtext .= '<br />';
                         }
                     } elsif ($type eq 'selfcreateprocessing') {
                         my %choices = &Apache::lonlocal::texthash (
                                                                     automatic => 'Automatic approval',
                                                                     approval  => 'Queued for approval',
                                                                   );
-                        if (@statuses > 1) {
-                            $chgtext .= &mt('Processing of requests to create account with e-mail address as username set as follows:'). 
-                                        '<ul>';
-                           foreach my $type (@statuses) {
-                               if ($type eq 'default') {
-                                   $chgtext .= '<li>'.$othertitle.' -- '.$choices{$cancreate{'selfcreateprocessing'}{$type}}.'</li>';
-                               } else {
-                                   $chgtext .= '<li>'.$usertypes->{$type}.' -- '.$choices{$cancreate{'selfcreateprocessing'}{$type}}.'</li>';
-                               }
-                           }
-                           $chgtext .= '</ul>';
+                        if (@types) {
+                            if (@statuses) {
+                                $chgtext .= &mt('Processing of requests to create account with e-mail verification set as follows:'). 
+                                            '<ul>';
+                                foreach my $status (@statuses) {
+                                    if ($status eq 'default') {
+                                        $chgtext .= '<li>'.$othertitle.' -- '.$choices{$cancreate{'selfcreateprocessing'}{$status}}.'</li>';
+                                    } else {
+                                        $chgtext .= '<li>'.$usertypes{$status}.' -- '.$choices{$cancreate{'selfcreateprocessing'}{$status}}.'</li>';
+                                    }
+                                }
+                                $chgtext .= '</ul>';
+                            }
+                        } else {
+                            $chgtext .= &mt('Processing of requests to create account with e-mail verification set to: "[_1]"',
+                                            $choices{$cancreate{'selfcreateprocessing'}{'default'}});
+                        }
+                    } elsif ($type eq 'emailverified') {
+                        my %options = &Apache::lonlocal::texthash (
+                                                                    all   => 'Same as e-mail',
+                                                                    first => 'Omit @domain',
+                                                                    free  => 'Free to choose',
+                                                                  );
+                        if (@types) {
+                            if (@statuses) {
+                                $chgtext .= &mt('For self-created accounts verified by e-mail address, username is set as follows:').
+                                            '<ul>';
+                                foreach my $status (@statuses) {
+                                    if ($type eq 'default') {
+                                        $chgtext .= '<li>'.$othertitle.' -- '.$options{$cancreate{'emailverified'}{$status}}.'</li>';
+                                    } else {
+                                        $chgtext .= '<li>'.$usertypes{$status}.' -- '.$options{$cancreate{'emailverified'}{$status}}.'</li>';
+                                    }
+                                }
+                                $chgtext .= '</ul>';
+                            }
                         } else {
-                           $chgtext .= &mt('Processing of requests to create account with e-mail address as username set to: "[_1]"',
-                                         $choices{$cancreate{'selfcreateprocessing'}{'default'}});
+                            $chgtext .= &mt("For self-created accounts verified by e-mail address, user's username is: '[_1]'",
+                                            $options{$cancreate{'emailverified'}{'default'}});
+                        }
+                    } elsif ($type eq 'emailoptions') {
+                        my %options = &Apache::lonlocal::texthash (
+                                                                    any     => 'Any e-mail',
+                                                                    inst    => 'Institutional only',
+                                                                    noninst => 'Non-institutional only',
+                                                                    custom  => 'Custom restrictions',
+                                                                  );
+                        if (@types) {
+                            if (@statuses) {
+                                $chgtext .= &mt('For self-created accounts verified by e-mail address, requirements for e-mail address are as follows:').
+                                            '<ul>';
+                                foreach my $status (@statuses) {
+                                    if ($type eq 'default') {
+                                        $chgtext .= '<li>'.$othertitle.' -- '.$options{$cancreate{'emailoptions'}{$status}}.'</li>';
+                                    } else {
+                                        $chgtext .= '<li>'.$usertypes{$status}.' -- '.$options{$cancreate{'emailoptions'}{$status}}.'</li>';
+                                    }
+                                }
+                                $chgtext .= '</ul>';
+                            }
+                        } else {
+                            if ($cancreate{'emailoptions'}{'default'} eq 'any') {
+                                $chgtext .= &mt('For self-created accounts verified by e-mail address, any e-mail may be used');
+                            } else {
+                                $chgtext .= &mt('For self-created accounts verified by e-mail address, e-mail restricted to: "[_1]"',
+                                                $options{$cancreate{'emailoptions'}{'default'}});
+                            }
+                        }
+                    } elsif ($type eq 'emaildomain') {
+                        my $output;
+                        if (@statuses) {
+                            foreach my $type (@statuses) {
+                                if (ref($cancreate{'emaildomain'}{$type}) eq 'HASH') {
+                                    if ($cancreate{'emailoptions'}{$type} eq 'inst') {
+                                        if ($type eq 'default') {
+                                            if ((ref($cancreate{'emaildomain'}{$type}) ne 'HASH') ||
+                                                ($cancreate{'emaildomain'}{$type}{'inst'} eq '')) {
+                                                $output = '<li>'.$othertitle.' -- '.&mt('No restriction on e-mail domain').'</li>';
+                                            } else {
+                                                $output = '<li>'.$othertitle.' -- '.&mt("User's e-mail address needs to end: [_1]",
+                                                                                        $cancreate{'emaildomain'}{$type}{'inst'}).'</li>';
+                                            }
+                                        } else {
+                                            if ((ref($cancreate{'emaildomain'}{$type}) ne 'HASH') ||
+                                                ($cancreate{'emaildomain'}{$type}{'inst'} eq '')) {
+                                                $output = '<li>'.$usertypes{$type}.' -- '.&mt('No restriction on e-mail domain').'</li>';
+                                            } else {
+                                                $output = '<li>'.$usertypes{$type}.' -- '.&mt("User's e-mail address needs to end: [_1]",
+                                                                                              $cancreate{'emaildomain'}{$type}{'inst'}).'</li>'; 
+                                            }
+                                        }
+                                    } elsif ($cancreate{'emailoptions'}{$type} eq 'noninst') {
+                                        if ($type eq 'default') {
+                                            if ((ref($cancreate{'emaildomain'}{$type}) ne 'HASH') ||
+                                                ($cancreate{'emaildomain'}{$type}{'noninst'} eq '')) {
+                                                $output = '<li>'.$othertitle.' -- '.&mt('No restriction on e-mail domain').'</li>';
+                                            } else {
+                                                $output = '<li>'.$othertitle.' -- '.&mt("User's e-mail address must not end: [_1]",
+                                                                                        $cancreate{'emaildomain'}{$type}{'noninst'}).'</li>';
+                                            }
+                                        } else {
+                                            if ((ref($cancreate{'emaildomain'}{$type}) ne 'HASH') ||
+                                                ($cancreate{'emaildomain'}{$type}{'noninst'} eq '')) {
+                                                $output = '<li>'.$usertypes{$type}.' -- '.&mt('No restriction on e-mail domain').'</li>';
+                                            } else {
+                                                $output = '<li>'.$usertypes{$type}.' -- '.&mt("User's e-mail address must not end: [_1]",
+                                                                                                $cancreate{'emaildomain'}{$type}{'noninst'}).'</li>';   
+                                            }
+                                        }
+                                    }
+                                }
+                            }
+                        }
+                        if ($output ne '') {
+                            $chgtext .= &mt('For self-created accounts verified by e-mail address:').
+                                        '<ul>'.$output.'</ul>';
                         }
                     } elsif ($type eq 'captcha') {
                         if ($savecaptcha{$type} eq 'notused') {
@@ -10283,11 +12221,11 @@ sub modify_selfcreation {
                         }
                     } elsif ($type eq 'emailusername') {
                         if (ref($cancreate{'emailusername'}) eq 'HASH') {
-                            if (ref($types) eq 'ARRAY') {
-                                foreach my $type (@{$types}) {
+                            if (@statuses) {
+                                foreach my $type (@statuses) {
                                     if (ref($cancreate{'emailusername'}{$type}) eq 'HASH') {
                                         if (keys(%{$cancreate{'emailusername'}{$type}}) > 0) {
-                                            $chgtext .= &mt('When self-creating account with e-mail as username, the following information will be provided by [_1]:',"'$usertypes->{$type}'").
+                                            $chgtext .= &mt('When self-creating account with e-mail verification, the following information will be provided by [_1]:',"'$usertypes{$type}'").
                                                     '<ul>';
                                             foreach my $field (@{$infofields}) {
                                                 if ($cancreate{'emailusername'}{$type}{$field}) {
@@ -10296,48 +12234,86 @@ sub modify_selfcreation {
                                             }
                                             $chgtext .= '</ul>';
                                         } else {
-                                            $chgtext .= &mt('When self creating account with e-mail as username, no information besides e-mail address will be provided by [_1].',"'$usertypes->{$type}'").'<br />';
+                                            $chgtext .= &mt('When self creating account with e-mail verification, no information besides e-mail address will be provided by [_1].',"'$usertypes{$type}'").'<br />';
                                         }
                                     } else {
-                                        $chgtext .= &mt('When self creating account with e-mail as username, no information besides e-mail address will be provided by [_1].',"'$usertypes->{$type}'").'<br />';
+                                        $chgtext .= &mt('When self creating account with e-mail verification, no information besides e-mail address will be provided by [_1].',"'$usertypes{$type}'").'<br />';
                                     }
                                 }
                             }
                         }
                     } elsif ($type eq 'notify') {
-                        $chgtext = &mt('No Domain Coordinators will receive notification of username requests requiring approval.');
+                        my $numapprove = 0;
                         if (ref($changes{'cancreate'}) eq 'ARRAY') {
                             if ((grep(/^notify$/,@{$changes{'cancreate'}})) && (ref($cancreate{'notify'}) eq 'HASH')) {
                                 if ($cancreate{'notify'}{'approval'}) {
-                                    $chgtext = &mt('Notification of username requests requiring approval will be sent to: ').$cancreate{'notify'}{'approval'};
+                                    $chgtext .= &mt('Notification of username requests requiring approval will be sent to: ').$cancreate{'notify'}{'approval'};
+                                    $numapprove ++;
                                 }
                             }
                         }
+                        unless ($numapprove) {
+                            $chgtext .= &mt('No Domain Coordinators will receive notification of username requests requiring approval.');
+                        }
                     }
                     if ($chgtext) {
                         $resulttext .= '<li>'.$chgtext.'</li>';
                     }
                 }
             }
-            if (ref($changes{'email_rule'}) eq 'ARRAY') {
+            if ((ref($changes{'email_rule'}) eq 'ARRAY') && (@{$changes{'email_rule'}} > 0)) {
                 my ($emailrules,$emailruleorder) =
                     &Apache::lonnet::inst_userrules($dom,'email');
-                my $chgtext = '<ul>';
-                foreach my $type (@email_rule) {
-                    if (ref($emailrules->{$type}) eq 'HASH') {
-                        $chgtext .= '<li>'.$emailrules->{$type}{'name'}.'</li>';
+                foreach my $type (@{$changes{'email_rule'}}) {
+                    if (ref($email_rule{$type}) eq 'ARRAY') {
+                        my $chgtext = '<ul>';
+                        foreach my $rule (@{$email_rule{$type}}) {
+                            if (ref($emailrules->{$rule}) eq 'HASH') {
+                                $chgtext .= '<li>'.$emailrules->{$rule}{'name'}.'</li>';
+                            }
+                        }
+                        $chgtext .= '</ul>';
+                        my $typename;
+                        if (@types) {
+                            if ($type eq 'default') {
+                                $typename = $othertitle;
+                            } else {
+                                $typename = $usertypes{$type};
+                            } 
+                            $chgtext .= &mt('(Affiliation: [_1])',$typename);
+                        }
+                        if (@{$email_rule{$type}} > 0) {
+                            $resulttext .= '<li>'.
+                                           &mt('Accounts may not be created by users verified by e-mail, for e-mail addresses of the following types: ',
+                                               $usertypes{$type}).
+                                           $chgtext.
+                                           '</li>';
+                        } else {
+                            $resulttext .= '<li>'.
+                                           &mt('There are now no restrictions on e-mail addresses which may be used for verification when a user requests an account.').
+                                           '</li>'.
+                                           &mt('(Affiliation: [_1])',$typename);
+                        }
                     }
                 }
-                $chgtext .= '</ul>';
-                if (@email_rule > 0) {
-                    $resulttext .= '<li>'.
-                                   &mt('Accounts may not be created by users self-enrolling with e-mail addresses of the following types: ').
-                                       $chgtext.
-                                   '</li>';
-                } else {
-                    $resulttext .= '<li>'.
-                                   &mt('There are now no restrictions on e-mail addresses which may be used as a username when self-enrolling.').
-                                   '</li>';
+            }
+            if (ref($changes{'inststatus'}) eq 'ARRAY') {
+                if (ref($save_inststatus{'inststatusguest'}) eq 'ARRAY') {
+                    if (@{$save_inststatus{'inststatusguest'}} > 0) {
+                        my $chgtext = '<ul>';
+                        foreach my $type (@{$save_inststatus{'inststatusguest'}}) {
+                            $chgtext .= '<li>'.$usertypes{$type}.'</li>';
+                        }
+                        $chgtext .= '</ul>';
+                        $resulttext .= '<li>'.
+                                       &mt('A user will self-report one of the following affiliations when requesting an account verified by e-mail: ').
+                                          $chgtext.
+                                       '</li>';
+                    } else {
+                        $resulttext .= '<li>'.
+                                       &mt('No affiliations available for self-reporting when requesting an account verified by e-mail.').
+                                       '</li>';
+                    }
                 }
             }
             if (ref($changes{'selfcreate'}) eq 'ARRAY') {
@@ -10345,9 +12321,9 @@ sub modify_selfcreation {
                 my %fieldtitles = &Apache::loncommon::personal_data_fieldtitles();
                 foreach my $type (@{$changes{'selfcreate'}}) {
                     my $typename = $type;
-                    if (ref($usertypes) eq 'HASH') {
-                        if ($usertypes->{$type} ne '') {
-                            $typename = $usertypes->{$type};
+                    if (keys(%usertypes) > 0) {
+                        if ($usertypes{$type} ne '') {
+                            $typename = $usertypes{$type};
                         }
                     }
                     my @modifiable;
@@ -10370,6 +12346,12 @@ sub modify_selfcreation {
                 $resulttext .= '</ul></li>';
             }
             $resulttext .= '</ul>';
+            my $cachetime = 24*60*60;
+            $domdefaults{'inststatusguest'} = $save_inststatus{'inststatusguest'};
+            &Apache::lonnet::do_cache_new('domdefaults',$dom,\%domdefaults,$cachetime);
+            if (ref($lastactref) eq 'HASH') {
+                $lastactref->{'domdefaults'} = 1;
+            }
         } else {
             $resulttext = &mt('No changes made to self-creation settings');
         }
@@ -10653,9 +12635,16 @@ sub modify_defaults {
     }
     my @todelete = &Apache::loncommon::get_env_multiple('form.inststatus_delete');
     my @allpos;
-    my %guests;
     my %alltypes;
-    my ($currtitles,$currguests,$currorder);
+    my @inststatusguest;
+    if (ref($currinststatus->{'inststatusguest'}) eq 'ARRAY') {
+        foreach my $type (@{$currinststatus->{'inststatusguest'}}) {
+            unless (grep(/^\Q$type\E$/,@todelete)) {
+                push(@inststatusguest,$type);
+            }
+        }
+    }
+    my ($currtitles,$currorder);
     if (ref($currinststatus) eq 'HASH') {
         if (ref($currinststatus->{'inststatusorder'}) eq 'ARRAY') {
             foreach my $type (@{$currinststatus->{'inststatusorder'}}) {
@@ -10670,14 +12659,8 @@ sub modify_defaults {
                     $allpos[$position] = $type;
                     $alltypes{$type} = $env{'form.inststatus_title_'.$type};
                     $alltypes{$type} =~ s/`//g;
-                    if ($env{'form.inststatus_guest_'.$type}) {
-                        $guests{$type} = 1;
-                    }
                 }
             }
-            if (ref($currinststatus->{'inststatusguest'}) eq 'ARRAY') {
-                $currguests = join(',',@{$currinststatus->{'inststatusguest'}});
-            }
             $currorder = join(',',@{$currinststatus->{'inststatusorder'}});
             $currtitles =~ s/,$//;
         }
@@ -10686,9 +12669,6 @@ sub modify_defaults {
         my $newtype = $env{'form.addinststatus'};
         $newtype =~ s/\W//g;
         unless (exists($alltypes{$newtype})) {
-            if ($env{'form.addinststatus_guest'}) {
-                $guests{$newtype} = 1;
-            }
             $alltypes{$newtype} = $env{'form.addinststatus_title'};
             $alltypes{$newtype} =~ s/`//g; 
             my $position = $env{'form.addinststatus_pos'};
@@ -10698,13 +12678,10 @@ sub modify_defaults {
             }
         }
     }
-    my (@orderedstatus,@orderedguests);
+    my @orderedstatus;
     foreach my $type (@allpos) {
         unless (($type eq '') || (grep(/^\Q$type\E$/,@orderedstatus))) {
             push(@orderedstatus,$type);
-            if ($guests{$type}) {
-                push(@orderedguests,$type);
-            }
         }
     }
     foreach my $type (keys(%alltypes)) {
@@ -10715,7 +12692,7 @@ sub modify_defaults {
     $defaults_hash{'inststatus'} = {
                                      inststatustypes => \%alltypes,
                                      inststatusorder => \@orderedstatus,
-                                     inststatusguest => \@orderedguests,
+                                     inststatusguest => \@inststatusguest,
                                    };
     if (ref($defaults_hash{'inststatus'}) eq 'HASH') {
         foreach my $item ('inststatustypes','inststatusorder','inststatusguest') {
@@ -10725,9 +12702,6 @@ sub modify_defaults {
     if ($currorder ne join(',',@orderedstatus)) {
         $changes{'inststatus'}{'inststatusorder'} = 1;
     }
-    if ($currguests ne join(',',@orderedguests)) {
-        $changes{'inststatus'}{'inststatusguest'} = 1;
-    }
     my $newtitles;
     foreach my $item (@orderedstatus) {
         $newtitles .= $alltypes{$item}.',';
@@ -10746,26 +12720,15 @@ sub modify_defaults {
             foreach my $item (sort(keys(%changes))) {
                 if ($item eq 'inststatus') {
                     if (ref($changes{'inststatus'}) eq 'HASH') {
-                        if (($changes{'inststatus'}{'inststatustypes'}) || $changes{'inststatus'}{'inststatusorder'}) {
+                        if (@orderedstatus) {
                             $resulttext .= '<li>'.&mt('Institutional user status types set to:').' ';
                             foreach my $type (@orderedstatus) { 
                                 $resulttext .= $alltypes{$type}.', ';
                             }
                             $resulttext =~ s/, $//;
                             $resulttext .= '</li>';
-                        }
-                        if ($changes{'inststatus'}{'inststatusguest'}) {
-                            $resulttext .= '<li>'; 
-                            if (@orderedguests) {
-                                $resulttext .= &mt('Types assignable to "non-institutional" usernames set to:').' ';
-                                foreach my $type (@orderedguests) {
-                                    $resulttext .= $alltypes{$type}.', ';
-                                }
-                                $resulttext =~ s/, $//;
-                            } else {
-                                $resulttext .= &mt('Types assignable to "non-institutional" usernames set to none.');
-                            }
-                            $resulttext .= '</li>';
+                        } else {
+                            $resulttext .= '<li>'.&mt('Institutional user status types deleted').'</li>'; 
                         }
                     }
                 } else {
@@ -10951,6 +12914,15 @@ sub modify_coursecategories {
         if ($domconfig{'coursecategories'}{'categorizecomm'} ne $env{'form.categorizecomm'}) {
             $changes{'categorizecomm'} = 1;
             $domconfig{'coursecategories'}{'categorizecomm'} = $env{'form.categorizecomm'};
+
+        }
+        if ($domconfig{'coursecategories'}{'togglecatsplace'} ne $env{'form.togglecatsplace'}) {
+            $changes{'togglecatsplace'} = 1;
+            $domconfig{'coursecategories'}{'togglecatsplace'} = $env{'form.togglecatsplace'};
+        }
+        if ($domconfig{'coursecategories'}{'categorizeplace'} ne $env{'form.categorizeplace'}) {
+            $changes{'categorizeplace'} = 1;
+            $domconfig{'coursecategories'}{'categorizeplace'} = $env{'form.categorizeplace'};
         }
         foreach my $item (@catitems) {
             if (grep(/^\Q$env{'form.coursecat_'.$item}\E$/,@cattypes)) {
@@ -10965,11 +12937,15 @@ sub modify_coursecategories {
         $changes{'categorize'} = 1;
         $changes{'togglecatscomm'} = 1;
         $changes{'categorizecomm'} = 1;
+        $changes{'togglecatsplace'} = 1;
+        $changes{'categorizeplace'} = 1;
         $domconfig{'coursecategories'} = {
                                              togglecats => $env{'form.togglecats'},
                                              categorize => $env{'form.categorize'},
                                              togglecatscomm => $env{'form.togglecatscomm'},
                                              categorizecomm => $env{'form.categorizecomm'},
+                                             togglecatsplace => $env{'form.togglecatsplace'},
+                                             categorizeplace => $env{'form.categorizeplace'},
                                          };
         foreach my $item (@catitems) {
             if ($env{'form.coursecat_'.$item} ne 'std') {
@@ -10987,6 +12963,9 @@ sub modify_coursecategories {
         if (($domconfig{'coursecategories'}{'cats'}{'communities::0'} ne '')  && ($env{'form.communities'} == 0)) {
             push(@deletecategory,'communities::0');
         }
+        if (($domconfig{'coursecategories'}{'cats'}{'placement::0'} ne '')  && ($env{'form.placement'} == 0)) {
+            push(@deletecategory,'placement::0');
+        }
     }
     my (@predelcats,@predeltrails,%predelallitems,%sort_by_deltrail);
     if (ref($cathash) eq 'HASH') {
@@ -11049,9 +13028,23 @@ sub modify_coursecategories {
             $adds{$newitem} = 1;
         }
     }
+    if ($env{'form.placement'} eq '1') {
+        if (ref($cathash) eq 'HASH') {
+            my $newitem = 'placement::0';
+            if ($cathash->{$newitem} eq '') {
+                $domconfig{'coursecategories'}{'cats'}{$newitem} = $env{'form.placement_pos'};
+                $adds{$newitem} = 1;
+            }
+        } else {
+            my $newitem = 'placement::0';
+            $domconfig{'coursecategories'}{'cats'}{$newitem} = $env{'form.placement_pos'};
+            $adds{$newitem} = 1;
+        }
+    }
     if ($env{'form.addcategory_name'} ne '') {
         if (($env{'form.addcategory_name'} ne 'instcode') &&
-            ($env{'form.addcategory_name'} ne 'communities')) {
+            ($env{'form.addcategory_name'} ne 'communities') &&
+            ($env{'form.addcategory_name'} ne 'placement')) {
             my $newitem = &escape($env{'form.addcategory_name'}).'::0';
             $domconfig{'coursecategories'}{'cats'}{$newitem} = $env{'form.addcategory_pos'};
             $adds{$newitem} = 1;
@@ -11563,7 +13556,7 @@ sub modify_helpsettings {
                                                                    order  => 'Order',
                                                                    desc   => 'Role description',
                                                                    access => 'Role usage',
-                                                                   status => 'Allowed instituional types',
+                                                                   status => 'Allowed institutional types',
                                                                    exc    => 'Allowed personnel',
                                                                    inc    => 'Disallowed personnel',
                         );
@@ -11646,14 +13639,16 @@ sub modify_coursedefaults {
     my ($dom,$lastactref,%domconfig) = @_;
     my ($resulttext,$errors,%changes,%defaultshash);
     my %defaultchecked = (
+                           'canuse_pdfforms' => 'off',
                            'uselcmath'       => 'on',
                            'usejsme'         => 'on'
                          );
-    my @toggles = ('uselcmath','usejsme');
+    my @toggles = ('canuse_pdfforms','uselcmath','usejsme');
     my @numbers = ('anonsurvey_threshold','uploadquota_official','uploadquota_unofficial',
-                   'uploadquota_community','uploadquota_textbook','mysqltables_official',
-                   'mysqltables_unofficial','mysqltables_community','mysqltables_textbook');
-    my @types = ('official','unofficial','community','textbook');
+                   'uploadquota_community','uploadquota_textbook','uploadquota_placement',
+                   'mysqltables_official','mysqltables_unofficial','mysqltables_community',
+                   'mysqltables_textbook','mysqltables_placement');
+    my @types = ('official','unofficial','community','textbook','placement');
     my %staticdefaults = (
                            anonsurvey_threshold => 10,
                            uploadquota          => 500,
@@ -11838,10 +13833,10 @@ sub modify_coursedefaults {
     if ($putresult eq 'ok') {
         if (keys(%changes) > 0) {
             my %domdefaults = &Apache::lonnet::get_domain_defaults($dom,1);
-            if (($changes{'uploadquota'}) || ($changes{'postsubmit'}) ||
+            if (($changes{'canuse_pdfforms'}) || ($changes{'uploadquota'}) || ($changes{'postsubmit'}) ||
                 ($changes{'coursecredits'}) || ($changes{'uselcmath'}) || ($changes{'usejsme'}) ||
                 ($changes{'canclone'}) || ($changes{'mysqltables'})) {
-                foreach my $item ('uselcmath','usejsme') {
+                foreach my $item ('canuse_pdfforms','uselcmath','usejsme') { 
                     if ($changes{$item}) {
                         $domdefaults{$item}=$defaultshash{'coursedefaults'}{$item};
                     }
@@ -11892,7 +13887,13 @@ sub modify_coursedefaults {
             }
             $resulttext = &mt('Changes made:').'<ul>';
             foreach my $item (sort(keys(%changes))) {
-                if ($item eq 'uselcmath') {
+                if ($item eq 'canuse_pdfforms') {
+                    if ($env{'form.'.$item} eq '1') {
+                        $resulttext .= '<li>'.&mt("Course/Community users can create/upload PDF forms set to 'on'").'</li>';
+                    } else {
+                        $resulttext .= '<li>'.&mt('Course/Community users can create/upload PDF forms set to "off"').'</li>';
+                    }
+                } elsif ($item eq 'uselcmath') {
                     if ($env{'form.'.$item} eq '1') {
                         $resulttext .= '<li>'.&mt('Math preview uses LON-CAPA previewer (javascript), if supported by browser.').'</li>';
                     } else {
@@ -11912,7 +13913,7 @@ sub modify_coursedefaults {
                                        '<li>'.&mt('Official courses: [_1] MB','<b>'.$defaultshash{'coursedefaults'}{'uploadquota'}{'official'}.'</b>').'</li>'.
                                        '<li>'.&mt('Unofficial courses: [_1] MB','<b>'.$defaultshash{'coursedefaults'}{'uploadquota'}{'unofficial'}.'</b>').'</li>'.
                                        '<li>'.&mt('Textbook courses: [_1] MB','<b>'.$defaultshash{'coursedefaults'}{'uploadquota'}{'textbook'}.'</b>').'</li>'.
-
+                                       '<li>'.&mt('Placement tests: [_1] MB','<b>'.$defaultshash{'coursedefaults'}{'uploadquota'}{'placement'}.'</b>').'</li>'. 
                                        '<li>'.&mt('Communities: [_1] MB','<b>'.$defaultshash{'coursedefaults'}{'uploadquota'}{'community'}.'</b>').'</li>'.
                                        '</ul>'.
                                        '</li>';
@@ -11925,6 +13926,7 @@ sub modify_coursedefaults {
                                        '<li>'.&mt('Official courses: [_1] s','<b>'.$defaultshash{'coursedefaults'}{'mysqltables'}{'official'}.'</b>').'</li>'.
                                        '<li>'.&mt('Unofficial courses: [_1] s','<b>'.$defaultshash{'coursedefaults'}{'mysqltables'}{'unofficial'}.'</b>').'</li>'.
                                        '<li>'.&mt('Textbook courses: [_1] s','<b>'.$defaultshash{'coursedefaults'}{'mysqltables'}{'textbook'}.'</b>').'</li>'.
+                                       '<li>'.&mt('Placement tests: [_1] s','<b>'.$defaultshash{'coursedefaults'}{'mysqltables'}{'placement'}.'</b>').'</li>'.
                                        '<li>'.&mt('Communities: [_1] s','<b>'.$defaultshash{'coursedefaults'}{'mysqltables'}{'community'}.'</b>').'</li>'.
                                        '</ul>'.
                                        '</li>';
@@ -11960,6 +13962,8 @@ sub modify_coursedefaults {
                                     $resulttext .= &mt('Unofficial courses');
                                 } elsif ($type eq 'textbook') {
                                     $resulttext .= &mt('Textbook courses');
+                                } elsif ($type eq 'placement') {
+                                    $resulttext .= &mt('Placement tests');
                                 }
                                 $resulttext .= ' -- '.$display.'</li>';
                             }
@@ -12011,7 +14015,7 @@ sub modify_coursedefaults {
 sub modify_selfenrollment {
     my ($dom,$lastactref,%domconfig) = @_;
     my ($resulttext,$errors,%changes,%selfenrollhash,%ordered);
-    my @types = ('official','unofficial','community','textbook');
+    my @types = ('official','unofficial','community','textbook','placement');
     my %titles = &tool_titles();
     my %descs = &Apache::lonuserutils::selfenroll_default_descs();
     ($ordered{'admin'},my $titlesref) = &Apache::lonuserutils::get_selfenroll_titles();
@@ -12228,12 +14232,12 @@ sub modify_selfenrollment {
                         $resulttext .= '</ul></li>'; 
                     }
                 }
-                if ((exists($changes{'admin'})) || (exists($changes{'default'}))) {
-                    my $cachetime = 24*60*60;
-                    &Apache::lonnet::do_cache_new('domdefaults',$dom,\%domdefaults,$cachetime);
-                    if (ref($lastactref) eq 'HASH') {
-                        $lastactref->{'domdefaults'} = 1;
-                    }
+            }
+            if ((exists($changes{'admin'})) || (exists($changes{'default'}))) {
+                my $cachetime = 24*60*60;
+                &Apache::lonnet::do_cache_new('domdefaults',$dom,\%domdefaults,$cachetime);
+                if (ref($lastactref) eq 'HASH') {
+                    $lastactref->{'domdefaults'} = 1;
                 }
             }
             $resulttext .= '</ul>';
@@ -12258,8 +14262,8 @@ sub modify_usersessions {
                 );
     my @prefixes = ('remote','hosted','spares');
     my @lcversions = &Apache::lonnet::all_loncaparevs();
-    my (%by_ip,%by_location,@intdoms);
-    &build_location_hashes(\@intdoms,\%by_ip,\%by_location);
+    my (%by_ip,%by_location,@intdoms,@instdoms);
+    &build_location_hashes(\@intdoms,\%by_ip,\%by_location,\@instdoms);
     my @locations = sort(keys(%by_location));
     my (%defaultshash,%changes);
     foreach my $prefix (@prefixes) {
@@ -12575,6 +14579,298 @@ sub modify_usersessions {
     return $resulttext;
 }
 
+sub modify_ssl {
+    my ($dom,$lastactref,%domconfig) = @_;
+    my (%by_ip,%by_location,@intdoms,@instdoms);
+    &build_location_hashes(\@intdoms,\%by_ip,\%by_location,\@instdoms);
+    my @locations = sort(keys(%by_location));
+    my %servers = &Apache::lonnet::internet_dom_servers($dom);
+    my (%defaultshash,%changes);
+    my $action = 'ssl';
+    my @prefixes = ('connto','connfrom','replication');
+    foreach my $prefix (@prefixes) {
+        $defaultshash{$action}{$prefix} = {};
+    }
+    my %domdefaults = &Apache::lonnet::get_domain_defaults($dom,1);
+    my $resulttext;
+    my %iphost = &Apache::lonnet::get_iphost();
+    my @reptypes = ('certreq','nocertreq');
+    my @connecttypes = ('dom','intdom','other');
+    my %types = (
+                  connto      => \@connecttypes,
+                  connfrom    => \@connecttypes,
+                  replication => \@reptypes,
+                );
+    foreach my $prefix (sort(keys(%types))) {
+        foreach my $type (@{$types{$prefix}}) {
+            if (($prefix eq 'connto') || ($prefix eq 'connfrom')) {
+                my $value = 'yes';
+                if ($env{'form.'.$prefix.'_'.$type} =~ /^(no|req)$/) {
+                    $value = $env{'form.'.$prefix.'_'.$type};
+                }
+                if (ref($domconfig{$action}{$prefix}) eq 'HASH') {
+                    if ($domconfig{$action}{$prefix}{$type} ne '') {
+                        if ($value ne $domconfig{$action}{$prefix}{$type}) {
+                            $changes{$prefix}{$type} = 1;
+                        }
+                        $defaultshash{$action}{$prefix}{$type} = $value;
+                    } else {
+                        $defaultshash{$action}{$prefix}{$type} = $value;
+                        $changes{$prefix}{$type} = 1;
+                    }
+                } else {
+                    $defaultshash{$action}{$prefix}{$type} = $value;
+                    $changes{$prefix}{$type} = 1;
+                }
+                if (($type eq 'dom') && (keys(%servers) == 1)) {
+                    delete($changes{$prefix}{$type});
+                } elsif (($type eq 'intdom') && (@instdoms == 1)) {
+                    delete($changes{$prefix}{$type});
+                } elsif (($type eq 'other') && (keys(%by_location) == 0)) { 
+                    delete($changes{$prefix}{$type});
+                }
+            } elsif ($prefix eq 'replication') {
+                if (@locations > 0) {
+                    my $inuse = $env{'form.'.$prefix.'_'.$type.'_inuse'};
+                    my @vals = &Apache::loncommon::get_env_multiple('form.'.$prefix.'_'.$type);
+                    my @okvals;
+                    foreach my $val (@vals) {
+                        if ($val =~ /:/) {
+                            my @items = split(/:/,$val);
+                            foreach my $item (@items) {
+                                if (ref($by_location{$item}) eq 'ARRAY') {
+                                    push(@okvals,$item);
+                                }
+                            }
+                        } else {
+                            if (ref($by_location{$val}) eq 'ARRAY') {
+                                push(@okvals,$val);
+                            }
+                        }
+                    }
+                    @okvals = sort(@okvals);
+                    if (ref($domconfig{$action}) eq 'HASH') {
+                        if (ref($domconfig{$action}{$prefix}) eq 'HASH') {
+                            if (ref($domconfig{$action}{$prefix}{$type}) eq 'ARRAY') {
+                                if ($inuse == 0) {
+                                    $changes{$prefix}{$type} = 1;
+                                } else {
+                                    $defaultshash{$action}{$prefix}{$type} = \@okvals;
+                                    my @changed = &Apache::loncommon::compare_arrays($domconfig{$action}{$prefix}{$type},$defaultshash{$action}{$prefix}{$type});
+                                    if (@changed > 0) {
+                                        $changes{$prefix}{$type} = 1;
+                                    }
+                                }
+                            } else {
+                                if ($inuse == 1) {
+                                    $defaultshash{$action}{$prefix}{$type} = \@okvals;
+                                    $changes{$prefix}{$type} = 1;
+                                }
+                            }
+                        } else {
+                            if ($inuse == 1) {
+                                $defaultshash{$action}{$prefix}{$type} = \@okvals;
+                                $changes{$prefix}{$type} = 1;
+                            }
+                        }
+                    } else {
+                        if ($inuse == 1) {
+                            $defaultshash{$action}{$prefix}{$type} = \@okvals;
+                            $changes{$prefix}{$type} = 1;
+                        }
+                    }
+                }
+            }
+        }
+    }
+    my $nochgmsg = &mt('No changes made to LON-CAPA SSL settings');
+    if (keys(%changes) > 0) {
+        my $putresult = &Apache::lonnet::put_dom('configuration',\%defaultshash,
+                                                 $dom);
+        if ($putresult eq 'ok') {
+            if (ref($defaultshash{$action}) eq 'HASH') {
+                if (ref($defaultshash{$action}{'replication'}) eq 'HASH') {
+                    $domdefaults{'replication'} = $defaultshash{$action}{'replication'};
+                }
+                if (ref($defaultshash{$action}{'connto'}) eq 'HASH') {
+                    $domdefaults{'connto'} = $domconfig{$action}{'connto'};
+                }
+                if (ref($defaultshash{$action}{'connfrom'}) eq 'HASH') {
+                    $domdefaults{'connfrom'} = $domconfig{$action}{'connfrom'};
+                }
+            }
+            my $cachetime = 24*60*60;
+            &Apache::lonnet::do_cache_new('domdefaults',$dom,\%domdefaults,$cachetime);
+            if (ref($lastactref) eq 'HASH') {
+                $lastactref->{'domdefaults'} = 1;
+            }
+            if (keys(%changes) > 0) {
+                my %titles = &ssl_titles();
+                $resulttext = &mt('Changes made:').'<ul>';
+                foreach my $prefix (@prefixes) {
+                    if (ref($changes{$prefix}) eq 'HASH') {
+                        $resulttext .= '<li>'.$titles{$prefix}.'<ul>';
+                        foreach my $type (@{$types{$prefix}}) {
+                            if (defined($changes{$prefix}{$type})) {
+                                my $newvalue;
+                                if (ref($defaultshash{$action}) eq 'HASH') {
+                                    if (ref($defaultshash{$action}{$prefix})) {
+                                        if (($prefix eq 'connto') || ($prefix eq 'connfrom')) {
+                                            $newvalue = $titles{$defaultshash{$action}{$prefix}{$type}};
+                                        } elsif (ref($defaultshash{$action}{$prefix}{$type}) eq 'ARRAY') {
+                                            if (@{$defaultshash{$action}{$prefix}{$type}} > 0) {
+                                                $newvalue = join(', ',@{$defaultshash{$action}{$prefix}{$type}});
+                                            }
+                                        }
+                                    }
+                                    if ($newvalue eq '') {
+                                        $resulttext .= '<li>'.&mt('[_1] set to: none',$titles{$type}).'</li>';
+                                    } else {
+                                        $resulttext .= '<li>'.&mt('[_1] set to: [_2].',$titles{$type},$newvalue).'</li>';
+                                    }
+                                }
+                            }
+                        }
+                        $resulttext .= '</ul>';
+                    }
+                }
+            } else {
+                $resulttext = $nochgmsg;
+            }
+        } else {
+            $resulttext = '<span class="LC_error">'.
+                          &mt('An error occurred: [_1]',$putresult).'</span>';
+        }
+    } else {
+        $resulttext = $nochgmsg;
+    }
+    return $resulttext;
+}
+
+sub modify_trust {
+    my ($dom,$lastactref,%domconfig) = @_;
+    my (%by_ip,%by_location,@intdoms,@instdoms);
+    &build_location_hashes(\@intdoms,\%by_ip,\%by_location,\@instdoms);
+    my @locations = sort(keys(%by_location));
+    my @prefixes = qw(content shared enroll othcoau coaurem domroles catalog reqcrs msg);
+    my @types = ('exc','inc');
+    my (%defaultshash,%changes);
+    foreach my $prefix (@prefixes) {
+        $defaultshash{'trust'}{$prefix} = {};
+    }
+    my %domdefaults = &Apache::lonnet::get_domain_defaults($dom,1);
+    my $resulttext;
+    foreach my $prefix (@prefixes) {
+        foreach my $type (@types) {
+            my $inuse = $env{'form.'.$prefix.'_'.$type.'_inuse'};
+            my @vals = &Apache::loncommon::get_env_multiple('form.'.$prefix.'_'.$type);
+            my @okvals;
+            foreach my $val (@vals) {
+                if ($val =~ /:/) {
+                    my @items = split(/:/,$val);
+                    foreach my $item (@items) {
+                        if (ref($by_location{$item}) eq 'ARRAY') {
+                            push(@okvals,$item);
+                        }
+                    }
+                } else {
+                    if (ref($by_location{$val}) eq 'ARRAY') {
+                        push(@okvals,$val);
+                    }
+                }
+            }
+            @okvals = sort(@okvals);
+            if (ref($domconfig{'trust'}) eq 'HASH') {
+                if (ref($domconfig{'trust'}{$prefix}) eq 'HASH') {
+                    if (ref($domconfig{'trust'}{$prefix}{$type}) eq 'ARRAY') {
+                        if ($inuse == 0) {
+                            $changes{$prefix}{$type} = 1;
+                        } else {
+                            $defaultshash{'trust'}{$prefix}{$type} = \@okvals;
+                            my @changed = &Apache::loncommon::compare_arrays($domconfig{'trust'}{$prefix}{$type},$defaultshash{'trust'}{$prefix}{$type});
+                            if (@changed > 0) {
+                                $changes{$prefix}{$type} = 1;
+                            }
+                        }
+                    } else {
+                        if ($inuse == 1) {
+                            $defaultshash{'trust'}{$prefix}{$type} = \@okvals;
+                            $changes{$prefix}{$type} = 1;
+                        }
+                    }
+                } else {
+                    if ($inuse == 1) {
+                        $defaultshash{'trust'}{$prefix}{$type} = \@okvals;
+                        $changes{$prefix}{$type} = 1;
+                    }
+                }
+            } else {
+                if ($inuse == 1) {
+                    $defaultshash{'trust'}{$prefix}{$type} = \@okvals;
+                    $changes{$prefix}{$type} = 1;
+                }
+            }
+        }
+    }
+    my $nochgmsg = &mt('No changes made to trust settings.');
+    if (keys(%changes) > 0) {
+        my $putresult = &Apache::lonnet::put_dom('configuration',\%defaultshash,
+                                                 $dom);
+        if ($putresult eq 'ok') {
+            if (ref($defaultshash{'trust'}) eq 'HASH') {
+                foreach my $prefix (@prefixes) {
+                    if (ref($defaultshash{'trust'}{$prefix}) eq 'HASH') {
+                        $domdefaults{'trust'.$prefix} = $defaultshash{'trust'}{$prefix};
+                    }
+                }
+            }
+            my $cachetime = 24*60*60;
+            &Apache::lonnet::do_cache_new('domdefaults',$dom,\%domdefaults,$cachetime);
+            if (ref($lastactref) eq 'HASH') {
+                $lastactref->{'domdefaults'} = 1;
+            }
+            if (keys(%changes) > 0) {
+                my %lt = &trust_titles();
+                $resulttext = &mt('Changes made:').'<ul>';
+                foreach my $prefix (@prefixes) {
+                    if (ref($changes{$prefix}) eq 'HASH') {
+                        $resulttext .= '<li>'.$lt{$prefix}.'<ul>';
+                        foreach my $type (@types) {
+                            if (defined($changes{$prefix}{$type})) {
+                                my $newvalue;
+                                if (ref($defaultshash{'trust'}) eq 'HASH') {
+                                    if (ref($defaultshash{'trust'}{$prefix})) {
+                                        if (ref($defaultshash{'trust'}{$prefix}{$type}) eq 'ARRAY') {
+                                            if (@{$defaultshash{'trust'}{$prefix}{$type}} > 0) {
+                                                $newvalue = join(', ',@{$defaultshash{'trust'}{$prefix}{$type}});
+                                            }
+                                        }
+                                    }
+                                }
+                                if ($newvalue eq '') {
+                                    $resulttext .= '<li>'.&mt('[_1] set to: none',$lt{$type}).'</li>';
+                                } else {
+                                    $resulttext .= '<li>'.&mt('[_1] set to: [_2].',$lt{$type},$newvalue).'</li>';
+                                }
+                            }
+                        }
+                        $resulttext .= '</ul>';
+                    }
+                }
+                $resulttext .= '</ul>';
+            } else {
+                $resulttext = $nochgmsg;
+            }
+        } else {
+            $resulttext = '<span class="LC_error">'.
+                          &mt('An error occurred: [_1]',$putresult).'</span>';
+        }
+    } else {
+        $resulttext = $nochgmsg;
+    }
+    return $resulttext;
+}
+
 sub modify_loadbalancing {
     my ($dom,%domconfig) = @_;
     my $primary_id = &Apache::lonnet::domain($dom,'primary');
@@ -13515,6 +15811,7 @@ function toggleDisplay(domForm,caller) {
         var optionsElement = domForm.coursecredits;
         var checkval = 1;
         var dispval = 'block';
+        var selfcreateRegExp = /^cancreate_emailverified/;
         if (caller == 'emailoptions') {
             optionsElement = domForm.cancreate_email; 
         }
@@ -13525,6 +15822,11 @@ function toggleDisplay(domForm,caller) {
             optionsElement = domForm.canclone;
             checkval = 'instcode';
         }
+        if (selfcreateRegExp.test(caller)) {
+            optionsElement = domForm.elements[caller];
+            checkval = 'other';
+            dispval = 'inline'
+        }
         if (optionsElement.length) {
             var currval;
             for (var i=0; i<optionsElement.length; i++) {
@@ -13566,7 +15868,7 @@ sub devalidate_remote_domconfs {
     my %servers = &Apache::lonnet::internet_dom_servers($dom);
     my %thismachine;
     map { $thismachine{$_} = 1; } &Apache::lonnet::current_machine_ids();
-    my @posscached = ('domainconfig','domdefaults','usersessions','directorysrch');
+    my @posscached = ('domainconfig','domdefaults','ltitools','usersessions','directorysrch');
     if (keys(%servers)) {
         foreach my $server (keys(%servers)) {
             next if ($thismachine{$server});