--- loncom/interface/loncommon.pm	2015/03/11 01:55:41	1.1075.2.88
+++ loncom/interface/loncommon.pm	2020/11/12 01:18:26	1.1075.2.149
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # a pile of common routines
 #
-# $Id: loncommon.pm,v 1.1075.2.88 2015/03/11 01:55:41 raeburn Exp $
+# $Id: loncommon.pm,v 1.1075.2.149 2020/11/12 01:18:26 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -71,12 +71,18 @@ use Apache::lonuserutils();
 use Apache::lonuserstate();
 use Apache::courseclassifier();
 use LONCAPA qw(:DEFAULT :match);
+use HTTP::Request;
 use DateTime::TimeZone;
-use DateTime::Locale::Catalog;
+use DateTime::Locale;
+use Encode();
 use Authen::Captcha;
 use Captcha::reCAPTCHA;
+use JSON::DWIW;
+use LWP::UserAgent;
 use Crypt::DES;
 use DynaLoader; # for Crypt::DES version
+use File::Copy();
+use File::Path();
 
 # ---------------------------------------------- Designs
 use vars qw(%defaultdesign);
@@ -191,7 +197,7 @@ BEGIN {
     {
         my $langtabfile = $Apache::lonnet::perlvar{'lonTabDir'}.
                                    '/language.tab';
-        if ( open(my $fh,"<$langtabfile") ) {
+        if ( open(my $fh,'<',$langtabfile) ) {
             while (my $line = <$fh>) {
                 next if ($line=~/^\#/);
                 chomp($line);
@@ -212,7 +218,7 @@ BEGIN {
     {
         my $copyrightfile = $Apache::lonnet::perlvar{'lonIncludes'}.
                                   '/copyright.tab';
-        if ( open (my $fh,"<$copyrightfile") ) {
+        if ( open (my $fh,'<',$copyrightfile) ) {
             while (my $line = <$fh>) {
                 next if ($line=~/^\#/);
                 chomp($line);
@@ -226,7 +232,7 @@ BEGIN {
     {
         my $sourcecopyrightfile = $Apache::lonnet::perlvar{'lonIncludes'}.
                                   '/source_copyright.tab';
-        if ( open (my $fh,"<$sourcecopyrightfile") ) {
+        if ( open (my $fh,'<',$sourcecopyrightfile) ) {
             while (my $line = <$fh>) {
                 next if ($line =~ /^\#/);
                 chomp($line);
@@ -240,7 +246,7 @@ BEGIN {
 # -------------------------------------------------------------- default domain designs
     my $designdir=$Apache::lonnet::perlvar{'lonTabDir'}.'/lonDomColors';
     my $designfile = $designdir.'/default.tab';
-    if ( open (my $fh,"<$designfile") ) {
+    if ( open (my $fh,'<',$designfile) ) {
         while (my $line = <$fh>) {
             next if ($line =~ /^\#/);
             chomp($line);
@@ -254,12 +260,12 @@ BEGIN {
     {
         my $categoryfile = $Apache::lonnet::perlvar{'lonTabDir'}.
                                   '/filecategories.tab';
-        if ( open (my $fh,"<$categoryfile") ) {
+        if ( open (my $fh,'<',$categoryfile) ) {
 	    while (my $line = <$fh>) {
 		next if ($line =~ /^\#/);
 		chomp($line);
                 my ($extension,$category)=(split(/\s+/,$line,2));
-                push @{$category_extensions{lc($category)}},$extension;
+                push(@{$category_extensions{lc($category)}},$extension);
             }
             close($fh);
         }
@@ -269,7 +275,7 @@ BEGIN {
     {
         my $typesfile = $Apache::lonnet::perlvar{'lonTabDir'}.
                '/filetypes.tab';
-        if ( open (my $fh,"<$typesfile") ) {
+        if ( open (my $fh,'<',$typesfile) ) {
             while (my $line = <$fh>) {
 		next if ($line =~ /^\#/);
 		chomp($line);
@@ -422,7 +428,7 @@ sub studentbrowser_javascript {
 <script type="text/javascript" language="Javascript">
 // <![CDATA[
     var stdeditbrowser;
-    function openstdbrowser(formname,uname,udom,clicker,roleflag,ignorefilter,courseadvonly) {
+    function openstdbrowser(formname,uname,udom,clicker,roleflag,ignorefilter,courseadv) {
         var url = '/adm/pickstudent?';
         var filter;
 	if (!ignorefilter) {
@@ -437,7 +443,12 @@ sub studentbrowser_javascript {
                                     '&udomelement='+udom+
                                     '&clicker='+clicker;
 	if (roleflag) { url+="&roles=1"; }
-        if (courseadvonly) { url+="&courseadvonly=1"; }
+        if (courseadv == 'condition') {
+            if (document.getElementById('courseadv')) {
+                courseadv = document.getElementById('courseadv').value;
+            }
+        }
+        if ((courseadv == 'only') || (courseadv == 'none')) { url+="&courseadv="+courseadv; }
         var title = 'Student_Browser';
         var options = 'scrollbars=1,resizable=1,menubar=0';
         options += ',width=700,height=600';
@@ -469,7 +480,7 @@ ENDRESBRW
 }
 
 sub selectstudent_link {
-   my ($form,$unameele,$udomele,$courseadvonly,$clickerid)=@_;
+   my ($form,$unameele,$udomele,$courseadv,$clickerid)=@_;
    my $callargs = "'".&Apache::lonhtmlcommon::entity_encode($form)."','".
                       &Apache::lonhtmlcommon::entity_encode($unameele)."','".
                       &Apache::lonhtmlcommon::entity_encode($udomele)."'";
@@ -480,8 +491,12 @@ sub selectstudent_link {
 	   return '';
        }
        $callargs.=",'".&Apache::lonhtmlcommon::entity_encode($clickerid)."'";
-       if ($courseadvonly)  {
-           $callargs .= ",'',1,1";
+       if ($courseadv eq 'only') {
+           $callargs .= ",'',1,'$courseadv'";
+       } elsif ($courseadv eq 'none') {
+           $callargs .= ",'','','$courseadv'";
+       } elsif ($courseadv eq 'condition') {
+           $callargs .= ",'','','$courseadv'";
        }
        return '<span class="LC_nobreak">'.
               '<a href="javascript:openstdbrowser('.$callargs.');">'.
@@ -532,7 +547,7 @@ ENDAUTHORBRW
 
 sub coursebrowser_javascript {
     my ($domainfilter,$sec_element,$formname,$role_element,$crstype,
-        $credits_element) = @_;
+        $credits_element,$instcode) = @_;
     my $wintitle = 'Course_Browser';
     if ($crstype eq 'Community') {
         $wintitle = 'Community_Browser';
@@ -583,6 +598,12 @@ sub coursebrowser_javascript {
             var ownername = document.forms[formid].ccuname.value;
             var ownerdom =  document.forms[formid].ccdomain.options[document.forms[formid].ccdomain.selectedIndex].value;
             url += '&cloner='+ownername+':'+ownerdom;
+            if (type == 'Course') {
+                url += '&crscode='+document.forms[formid].crscode.value;
+            }
+        }
+        if (formname == 'requestcrs') {
+            url += '&crsdom=$domainfilter&crscode=$instcode';
         }
         if (multflag !=null && multflag != '') {
             url += '&multiple='+multflag;
@@ -927,8 +948,8 @@ ENDSCRT
 }
 
 sub select_timezone {
-   my ($name,$selected,$onchange,$includeempty)=@_;
-   my $output='<select name="'.$name.'" '.$onchange.'>'."\n";
+   my ($name,$selected,$onchange,$includeempty,$disabled)=@_;
+   my $output='<select name="'.$name.'" '.$onchange.$disabled.'>'."\n";
    if ($includeempty) {
        $output .= '<option value=""';
        if (($selected eq '') || ($selected eq 'local')) {
@@ -949,8 +970,8 @@ sub select_timezone {
 }
 
 sub select_datelocale {
-    my ($name,$selected,$onchange,$includeempty)=@_;
-    my $output='<select name="'.$name.'" '.$onchange.'>'."\n";
+    my ($name,$selected,$onchange,$includeempty,$disabled)=@_;
+    my $output='<select name="'.$name.'" '.$onchange.$disabled.'>'."\n";
     if ($includeempty) {
         $output .= '<option value=""';
         if ($selected eq '') {
@@ -958,15 +979,16 @@ sub select_datelocale {
         }
         $output .= '> </option>';
     }
+    my @languages = &Apache::lonlocal::preferred_languages();
     my (@possibles,%locale_names);
-    my @locales = DateTime::Locale::Catalog::Locales;
-    foreach my $locale (@locales) {
-        if (ref($locale) eq 'HASH') {
-            my $id = $locale->{'id'};
-            if ($id ne '') {
-                my $en_terr = $locale->{'en_territory'};
-                my $native_terr = $locale->{'native_territory'};
-                my @languages = &Apache::lonlocal::preferred_languages();
+    my @locales = DateTime::Locale->ids();
+    foreach my $id (@locales) {
+        if ($id ne '') {
+            my ($en_terr,$native_terr);
+            my $loc = DateTime::Locale->load($id);
+            if (ref($loc)) {
+                $en_terr = $loc->name();
+                $native_terr = $loc->native_name();
                 if (grep(/^en$/,@languages) || !@languages) {
                     if ($en_terr ne '') {
                         $locale_names{$id} = '('.$en_terr.')';
@@ -980,7 +1002,8 @@ sub select_datelocale {
                         $locale_names{$id} = '('.$en_terr.')';
                     }
                 }
-                push (@possibles,$id);
+                $locale_names{$id} = Encode::encode('UTF-8',$locale_names{$id});
+                push(@possibles,$id);
             }
         }
     }
@@ -991,7 +1014,7 @@ sub select_datelocale {
         }
         $output.=">$item";
         if ($locale_names{$item} ne '') {
-            $output.="  $locale_names{$item}</option>\n";
+            $output.='  '.$locale_names{$item};
         }
         $output.="</option>\n";
     }
@@ -1000,7 +1023,7 @@ sub select_datelocale {
 }
 
 sub select_language {
-    my ($name,$selected,$includeempty) = @_;
+    my ($name,$selected,$includeempty,$noedit) = @_;
     my %langchoices;
     if ($includeempty) {
         %langchoices = ('' => 'No language preference');
@@ -1012,7 +1035,7 @@ sub select_language {
         }
     }
     %langchoices = &Apache::lonlocal::texthash(%langchoices);
-    return &select_form($selected,$name,\%langchoices);
+    return &select_form($selected,$name,\%langchoices,undef,$noedit);
 }
 
 =pod
@@ -1127,7 +1150,7 @@ sub linked_select_forms {
         $result.="select2data.d_$s1.texts = new Array(";        
         my @s2texts;
         foreach my $value (@s2values) {
-            push @s2texts, $hashref->{$s1}->{'select2'}->{$value};
+            push(@s2texts, $hashref->{$s1}->{'select2'}->{$value});
         }
         $result.="\"@s2texts\");\n";
     }
@@ -1390,7 +1413,7 @@ sub help_menu_js {
         &Apache::loncommon::start_page('Help Menu', undef,
 				       {'frameset'    => 1,
 					'js_ready'    => 1,
-                                        'use_absolute' => $httphost, 
+                                        'use_absolute' => $httphost,
 					'add_entries' => {
 					    'border' => '0',
 					    'rows'   => "110,*",},});
@@ -1733,6 +1756,242 @@ RESIZE
 
 }
 
+sub colorfuleditor_js {
+    return <<"COLORFULEDIT"
+<script type="text/javascript">
+// <![CDATA[>
+    function fold_box(curDepth, lastresource){
+
+    // we need a list because there can be several blocks you need to fold in one tag
+        var block = document.getElementsByName('foldblock_'+curDepth);
+    // but there is only one folding button per tag
+        var foldbutton = document.getElementById('folding_btn_'+curDepth);
+
+        if(block.item(0).style.display == 'none'){
+
+            foldbutton.value = '@{[&mt("Hide")]}';
+            for (i = 0; i < block.length; i++){
+                block.item(i).style.display = '';
+            }
+        }else{
+
+            foldbutton.value = '@{[&mt("Show")]}';
+            for (i = 0; i < block.length; i++){
+                // block.item(i).style.visibility = 'collapse';
+                block.item(i).style.display = 'none';
+            }
+        };
+        saveState(lastresource);
+    }
+
+    function saveState (lastresource) {
+
+        var tag_list = getTagList();
+        if(tag_list != null){
+            var timestamp = new Date().getTime();
+            var key = lastresource;
+
+            // the value pattern is: 'time;key1,value1;key2,value2; ... '
+            // starting with timestamp
+            var value = timestamp+';';
+
+            // building the list of key-value pairs
+            for(var i = 0; i < tag_list.length; i++){
+                value += tag_list[i]+',';
+                value += document.getElementsByName(tag_list[i])[0].style.display+';';
+            }
+
+            // only iterate whole storage if nothing to override
+            if(localStorage.getItem(key) == null){
+
+                // prevent storage from growing large
+                if(localStorage.length > 50){
+                    var regex_getTimestamp = /^(?:\d)+;/;
+                    var oldest_timestamp = regex_getTimestamp.exec(localStorage.key(0));
+                    var oldest_key;
+
+                    for(var i = 1; i < localStorage.length; i++){
+                        if (regex_getTimestamp.exec(localStorage.key(i)) < oldest_timestamp) {
+                            oldest_key = localStorage.key(i);
+                            oldest_timestamp = regex_getTimestamp.exec(oldest_key);
+                        }
+                    }
+                    localStorage.removeItem(oldest_key);
+                }
+            }
+            localStorage.setItem(key,value);
+        }
+    }
+
+    // restore folding status of blocks (on page load)
+    function restoreState (lastresource) {
+        if(localStorage.getItem(lastresource) != null){
+            var key = lastresource;
+            var value = localStorage.getItem(key);
+            var regex_delTimestamp = /^\d+;/;
+
+            value.replace(regex_delTimestamp, '');
+
+            var valueArr = value.split(';');
+            var pairs;
+            var elements;
+            for (var i = 0; i < valueArr.length; i++){
+                pairs = valueArr[i].split(',');
+                elements = document.getElementsByName(pairs[0]);
+
+                for (var j = 0; j < elements.length; j++){
+                    elements[j].style.display = pairs[1];
+                    if (pairs[1] == "none"){
+                        var regex_id = /([_\\d]+)\$/;
+                        regex_id.exec(pairs[0]);
+                        document.getElementById("folding_btn"+RegExp.\$1).value = "Show";
+                    }
+                }
+            }
+        }
+    }
+
+    function getTagList () {
+
+        var stringToSearch = document.lonhomework.innerHTML;
+
+        var ret = new Array();
+        var regex_findBlock = /(foldblock_.*?)"/g;
+        var tag_list = stringToSearch.match(regex_findBlock);
+
+        if(tag_list != null){
+            for(var i = 0; i < tag_list.length; i++){
+                ret.push(tag_list[i].replace(/"/, ''));
+            }
+        }
+        return ret;
+    }
+
+    function saveScrollPosition (resource) {
+        var tag_list = getTagList();
+
+        // we dont always want to jump to the first block
+        // 170 is roughly above the "Problem Editing" header. we just want to save if the user scrolled down further than this
+        if(\$(window).scrollTop() > 170){
+            if(tag_list != null){
+                var result;
+                for(var i = 0; i < tag_list.length; i++){
+                    if(isElementInViewport(tag_list[i])){
+                        result += tag_list[i]+';';
+                    }
+                }
+                sessionStorage.setItem('anchor_'+resource, result);
+            }
+        } else {
+            // we dont need to save zero, just delete the item to leave everything tidy
+            sessionStorage.removeItem('anchor_'+resource);
+        }
+    }
+
+    function restoreScrollPosition(resource){
+
+        var elem = sessionStorage.getItem('anchor_'+resource);
+        if(elem != null){
+            var tag_list = elem.split(';');
+            var elem_list;
+
+            for(var i = 0; i < tag_list.length; i++){
+                elem_list = document.getElementsByName(tag_list[i]);
+
+                if(elem_list.length > 0){
+                    elem = elem_list[0];
+                    break;
+                }
+            }
+            elem.scrollIntoView();
+        }
+    }
+
+    function isElementInViewport(el) {
+
+        // change to last element instead of first
+        var elem = document.getElementsByName(el);
+        var rect = elem[0].getBoundingClientRect();
+
+        return (
+            rect.top >= 0 &&
+            rect.left >= 0 &&
+            rect.bottom <= (window.innerHeight || document.documentElement.clientHeight) && /*or $(window).height() */
+            rect.right <= (window.innerWidth || document.documentElement.clientWidth) /*or $(window).width() */
+        );
+    }
+
+    function autosize(depth){
+        var cmInst = window['cm'+depth];
+        var fitsizeButton = document.getElementById('fitsize'+depth);
+
+        // is fixed size, switching to dynamic
+        if (sessionStorage.getItem("autosized_"+depth) == null) {
+            cmInst.setSize("","auto");
+            fitsizeButton.value = "@{[&mt('Fixed size')]}";
+            sessionStorage.setItem("autosized_"+depth, "yes");
+
+        // is dynamic size, switching to fixed
+        } else {
+            cmInst.setSize("","300px");
+            fitsizeButton.value = "@{[&mt('Dynamic size')]}";
+            sessionStorage.removeItem("autosized_"+depth);
+        }
+    }
+
+
+
+// ]]>
+</script>
+COLORFULEDIT
+}
+
+sub xmleditor_js {
+    return <<XMLEDIT
+<script type="text/javascript" src="/adm/jQuery/addons/jquery-scrolltofixed.js"></script>
+<script type="text/javascript">
+// <![CDATA[>
+
+    function saveScrollPosition (resource) {
+
+        var scrollPos = \$(window).scrollTop();
+        sessionStorage.setItem(resource,scrollPos);
+    }
+
+    function restoreScrollPosition(resource){
+
+        var scrollPos = sessionStorage.getItem(resource);
+        \$(window).scrollTop(scrollPos);
+    }
+
+    // unless internet explorer
+    if (!(window.navigator.appName == "Microsoft Internet Explorer" && (document.documentMode || document.compatMode))){
+
+        \$(document).ready(function() {
+             \$(".LC_edit_actionbar").scrollToFixed(\{zIndex: 100\});
+        });
+    }
+
+    // inserts text at cursor position into codemirror (xml editor only)
+    function insertText(text){
+        cm.focus();
+        var curPos = cm.getCursor();
+        cm.replaceRange(text.replace(/ESCAPEDSCRIPT/g,'script'), {line: curPos.line,ch: curPos.ch});
+    }
+// ]]>
+</script>
+XMLEDIT
+}
+
+sub insert_folding_button {
+    my $curDepth = $Apache::lonxml::curdepth;
+    my $lastresource = $env{'request.ambiguous'};
+
+    return "<input type=\"button\" id=\"folding_btn_$curDepth\"
+            value=\"".&mt('Hide')."\" onclick=\"fold_box('$curDepth','$lastresource')\">";
+}
+
+
 =pod
 
 =head1 Excel and CSV file utility routines
@@ -1992,12 +2251,15 @@ sub multiple_select_form {
 
 =pod
 
-=item * &select_form($defdom,$name,$hashref,$onchange)
+=item * &select_form($defdom,$name,$hashref,$onchange,$readonly)
 
 Returns a string containing a <select name='$name' size='1'> form to 
 allow a user to select options from a ref to a hash containing:
 option_name => displayed text. An optional $onchange can include
-a javascript onchange item, e.g., onchange="this.form.submit();"  
+a javascript onchange item, e.g., onchange="this.form.submit();".
+An optional arg -- $readonly -- if true will cause the select form
+to be disabled, e.g., for the case where an instructor has a section-
+specific role, and is viewing/modifying parameters.  
 
 See lonrights.pm for an example invocation and use.
 
@@ -2005,12 +2267,16 @@ See lonrights.pm for an example invocati
 
 #-------------------------------------------
 sub select_form {
-    my ($def,$name,$hashref,$onchange) = @_;
+    my ($def,$name,$hashref,$onchange,$readonly) = @_;
     return unless (ref($hashref) eq 'HASH');
     if ($onchange) {
         $onchange = ' onchange="'.$onchange.'"';
     }
-    my $selectform = "<select name=\"$name\" size=\"1\"$onchange>\n";
+    my $disabled;
+    if ($readonly) {
+        $disabled = ' disabled="disabled"';
+    }
+    my $selectform = "<select name=\"$name\" size=\"1\"$onchange$disabled>\n";
     my @keys;
     if (exists($hashref->{'select_form_order'})) {
 	@keys=@{$hashref->{'select_form_order'}};
@@ -2179,7 +2445,7 @@ sub select_level_form {
 
 =pod
 
-=item * &select_dom_form($defdom,$name,$includeempty,$showdomdesc,$onchange,$incdoms,$excdoms)
+=item * &select_dom_form($defdom,$name,$includeempty,$showdomdesc,$onchange,$incdoms,$excdoms,$disabled)
 
 Returns a string containing a <select name='$name' size='1'> form to 
 allow a user to select the domain to preform an operation in.  
@@ -2194,16 +2460,21 @@ The optional $onchange argument specifie
 
 The optional $incdoms is a reference to an array of domains which will be the only available options.
 
-The optional $excdoms is a reference to an array of domains which will be excluded from the available options. 
+The optional $excdoms is a reference to an array of domains which will be excluded from the available options.
+
+The optional $disabled argument, if true, adds the disabled attribute to the select tag. 
 
 =cut
 
 #-------------------------------------------
 sub select_dom_form {
-    my ($defdom,$name,$includeempty,$showdomdesc,$onchange,$incdoms,$excdoms) = @_;
+    my ($defdom,$name,$includeempty,$showdomdesc,$onchange,$incdoms,$excdoms,$disabled) = @_;
     if ($onchange) {
         $onchange = ' onchange="'.$onchange.'"';
     }
+    if ($disabled) {
+        $disabled = ' disabled="disabled"';
+    }
     my (@domains,%exclude);
     if (ref($incdoms) eq 'ARRAY') {
         @domains = sort {lc($a) cmp lc($b)} (@{$incdoms});
@@ -2214,7 +2485,7 @@ sub select_dom_form {
     if (ref($excdoms) eq 'ARRAY') {
         map { $exclude{$_} = 1; } @{$excdoms};
     }
-    my $selectdomain = "<select name=\"$name\" size=\"1\"$onchange>\n";
+    my $selectdomain = "<select name=\"$name\" size=\"1\"$onchange$disabled>\n";
     foreach my $dom (@domains) {
         next if ($exclude{$dom});
         $selectdomain.="<option value=\"$dom\" ".
@@ -2590,13 +2861,16 @@ sub authform_kerberos {
               @_,
               );
     my ($check4,$check5,$krbcheck,$krbarg,$krbver,$result,$authtype,
-        $autharg,$jscall);
+        $autharg,$jscall,$disabled);
     my ($authnum,%can_assign) = &get_assignable_auth($in{'domain'});
     if ($in{'kerb_def_auth'} eq 'krb5') {
        $check5 = ' checked="checked"';
     } else {
        $check4 = ' checked="checked"';
     }
+    if ($in{'readonly'}) {
+        $disabled = ' disabled="disabled"';
+    }
     $krbarg = $in{'kerb_def_dom'};
     if (defined($in{'curr_authtype'})) {
         if ($in{'curr_authtype'} eq 'krb') {
@@ -2641,7 +2915,7 @@ sub authform_kerberos {
         if (defined($in{'mode'})) {
             if ($in{'mode'} eq 'modifycourse') {
                 if ($authnum == 1) {
-                    $authtype = '<input type="radio" name="login" value="krb" />';
+                    $authtype = '<input type="radio" name="login" value="krb"'.$disabled.' />';
                 }
             }
         }
@@ -2650,7 +2924,7 @@ sub authform_kerberos {
     if ($authtype eq '') {
         $authtype = '<input type="radio" name="login" value="krb" '.
                     'onclick="'.$jscall.'" onchange="'.$jscall.'"'.
-                    $krbcheck.' />';
+                    $krbcheck.$disabled.' />';
     }
     if (($can_assign{'krb4'} && $can_assign{'krb5'}) ||
         ($can_assign{'krb4'} && !$can_assign{'krb5'} &&
@@ -2663,9 +2937,9 @@ sub authform_kerberos {
          '<label>'.$authtype,
          '</label><input type="text" size="10" name="krbarg" '.
              'value="'.$krbarg.'" '.
-             'onchange="'.$jscall.'" />',
-         '<label><input type="radio" name="krbver" value="4" '.$check4.' />',
-         '</label><label><input type="radio" name="krbver" value="5" '.$check5.' />',
+             'onchange="'.$jscall.'"'.$disabled.' />',
+         '<label><input type="radio" name="krbver" value="4" '.$check4.$disabled.' />',
+         '</label><label><input type="radio" name="krbver" value="5" '.$check5.$disabled.' />',
 	 '</label>');
     } elsif ($can_assign{'krb4'}) {
         $result .= &mt
@@ -2674,7 +2948,7 @@ sub authform_kerberos {
          '<label>'.$authtype,
          '</label><input type="text" size="10" name="krbarg" '.
              'value="'.$krbarg.'" '.
-             'onchange="'.$jscall.'" />',
+             'onchange="'.$jscall.'"'.$disabled.' />',
          '<label><input type="hidden" name="krbver" value="4" />',
          '</label>');
     } elsif ($can_assign{'krb5'}) {
@@ -2684,7 +2958,7 @@ sub authform_kerberos {
          '<label>'.$authtype,
          '</label><input type="text" size="10" name="krbarg" '.
              'value="'.$krbarg.'" '.
-             'onchange="'.$jscall.'" />',
+             'onchange="'.$jscall.'"'.$disabled.' />',
          '<label><input type="hidden" name="krbver" value="5" />',
          '</label>');
     }
@@ -2697,8 +2971,11 @@ sub authform_internal {
                 kerb_def_dom => 'MSU.EDU',
                 @_,
                 );
-    my ($intcheck,$intarg,$result,$authtype,$autharg,$jscall);
+    my ($intcheck,$intarg,$result,$authtype,$autharg,$jscall,$disabled);
     my ($authnum,%can_assign) = &get_assignable_auth($in{'domain'});
+    if ($in{'readonly'}) {
+        $disabled = ' disabled="disabled"';
+    }
     if (defined($in{'curr_authtype'})) {
         if ($in{'curr_authtype'} eq 'int') {
             if ($can_assign{'int'}) {
@@ -2727,7 +3004,7 @@ sub authform_internal {
         if (defined($in{'mode'})) {
             if ($in{'mode'} eq 'modifycourse') {
                 if ($authnum == 1) {
-                    $authtype = '<input type="radio" name="login" value="int" />';
+                    $authtype = '<input type="radio" name="login" value="int"'.$disabled.' />';
                 }
             }
         }
@@ -2735,14 +3012,14 @@ sub authform_internal {
     $jscall = "javascript:changed_radio('int',$in{'formname'});";
     if ($authtype eq '') {
         $authtype = '<input type="radio" name="login" value="int" '.$intcheck.
-                    ' onchange="'.$jscall.'" onclick="'.$jscall.'" />';
+                    ' onchange="'.$jscall.'" onclick="'.$jscall.'"'.$disabled.' />';
     }
     $autharg = '<input type="password" size="10" name="intarg" value="'.
-               $intarg.'" onchange="'.$jscall.'" />';
+               $intarg.'" onchange="'.$jscall.'"'.$disabled.' />';
     $result = &mt
         ('[_1] Internally authenticated (with initial password [_2])',
          '<label>'.$authtype,'</label>'.$autharg);
-    $result.="<label><input type=\"checkbox\" name=\"visible\" onclick='if (this.checked) { this.form.intarg.type=\"text\" } else { this.form.intarg.type=\"password\" }' />".&mt('Visible input').'</label>';
+    $result.='<label><input type="checkbox" name="visible" onclick="if (this.checked) { this.form.intarg.type='."'text'".' } else { this.form.intarg.type='."'password'".' }"'.$disabled.' />'.&mt('Visible input').'</label>';
     return $result;
 }
 
@@ -2752,8 +3029,11 @@ sub authform_local {
               kerb_def_dom => 'MSU.EDU',
               @_,
               );
-    my ($loccheck,$locarg,$result,$authtype,$autharg,$jscall);
+    my ($loccheck,$locarg,$result,$authtype,$autharg,$jscall,$disabled);
     my ($authnum,%can_assign) = &get_assignable_auth($in{'domain'});
+    if ($in{'readonly'}) {
+        $disabled = ' disabled="disabled"';
+    }
     if (defined($in{'curr_authtype'})) {
         if ($in{'curr_authtype'} eq 'loc') {
             if ($can_assign{'loc'}) {
@@ -2782,7 +3062,7 @@ sub authform_local {
         if (defined($in{'mode'})) {
             if ($in{'mode'} eq 'modifycourse') {
                 if ($authnum == 1) {
-                    $authtype = '<input type="radio" name="login" value="loc" />';
+                    $authtype = '<input type="radio" name="login" value="loc"'.$disabled.' />';
                 }
             }
         }
@@ -2791,10 +3071,10 @@ sub authform_local {
     if ($authtype eq '') {
         $authtype = '<input type="radio" name="login" value="loc" '.
                     $loccheck.' onchange="'.$jscall.'" onclick="'.
-                    $jscall.'" />';
+                    $jscall.'"'.$disabled.' />';
     }
     $autharg = '<input type="text" size="10" name="locarg" value="'.
-               $locarg.'" onchange="'.$jscall.'" />';
+               $locarg.'" onchange="'.$jscall.'"'.$disabled.' />';
     $result = &mt('[_1] Local Authentication with argument [_2]',
                   '<label>'.$authtype,'</label>'.$autharg);
     return $result;
@@ -2806,8 +3086,11 @@ sub authform_filesystem {
               kerb_def_dom => 'MSU.EDU',
               @_,
               );
-    my ($fsyscheck,$result,$authtype,$autharg,$jscall);
+    my ($fsyscheck,$result,$authtype,$autharg,$jscall,$disabled);
     my ($authnum,%can_assign) = &get_assignable_auth($in{'domain'});
+    if ($in{'readonly'}) {
+        $disabled = ' disabled="disabled"';
+    }
     if (defined($in{'curr_authtype'})) {
         if ($in{'curr_authtype'} eq 'fsys') {
             if ($can_assign{'fsys'}) {
@@ -2833,7 +3116,7 @@ sub authform_filesystem {
         if (defined($in{'mode'})) {
             if ($in{'mode'} eq 'modifycourse') {
                 if ($authnum == 1) {
-                    $authtype = '<input type="radio" name="login" value="fsys" />';
+                    $authtype = '<input type="radio" name="login" value="fsys"'.$disabled.' />';
                 }
             }
         }
@@ -2842,16 +3125,16 @@ sub authform_filesystem {
     if ($authtype eq '') {
         $authtype = '<input type="radio" name="login" value="fsys" '.
                     $fsyscheck.' onchange="'.$jscall.'" onclick="'.
-                    $jscall.'" />';
+                    $jscall.'"'.$disabled.' />';
     }
     $autharg = '<input type="text" size="10" name="fsysarg" value=""'.
-               ' onchange="'.$jscall.'" />';
+               ' onchange="'.$jscall.'"'.$disabled.' />';
     $result = &mt
         ('[_1] Filesystem Authenticated (with initial password [_2])',
          '<label><input type="radio" name="login" value="fsys" '.
-         $fsyscheck.'onchange="'.$jscall.'" onclick="'.$jscall.'" />',
+         $fsyscheck.'onchange="'.$jscall.'" onclick="'.$jscall.'"'.$disabled.' />',
          '</label><input type="password" size="10" name="fsysarg" value="" '.
-                  'onchange="'.$jscall.'" />');
+                  'onchange="'.$jscall.'"'.$disabled.' />');
     return $result;
 }
 
@@ -2873,7 +3156,7 @@ sub get_assignable_auth {
             my $context;
             if ($env{'request.role'} =~ /^au/) {
                 $context = 'author';
-            } elsif ($env{'request.role'} =~ /^dc/) {
+            } elsif ($env{'request.role'} =~ /^(dc|dh)/) {
                 $context = 'domain';
             } elsif ($env{'request.course.id'}) {
                 $context = 'course';
@@ -2897,6 +3180,79 @@ sub get_assignable_auth {
     return ($authnum,%can_assign);
 }
 
+sub check_passwd_rules {
+    my ($domain,$plainpass) = @_;
+    my %passwdconf = &Apache::lonnet::get_passwdconf($domain);
+    my ($min,$max,@chars,@brokerule,$warning);
+    $min = $Apache::lonnet::passwdmin;
+    if (ref($passwdconf{'chars'}) eq 'ARRAY') {
+        if ($passwdconf{'min'} =~ /^\d+$/) {
+            if ($passwdconf{'min'} > $min) {
+                $min = $passwdconf{'min'};
+            }
+        }
+        if ($passwdconf{'max'} =~ /^\d+$/) {
+            $max = $passwdconf{'max'};
+        }
+        @chars = @{$passwdconf{'chars'}};
+    }
+    if (($min) && (length($plainpass) < $min)) {
+        push(@brokerule,'min');
+    }
+    if (($max) && (length($plainpass) > $max)) {
+        push(@brokerule,'max');
+    }
+    if (@chars) {
+        my %rules;
+        map { $rules{$_} = 1; } @chars;
+        if ($rules{'uc'}) {
+            unless ($plainpass =~ /[A-Z]/) {
+                push(@brokerule,'uc');
+            }
+        }
+        if ($rules{'lc'}) {
+            unless ($plainpass =~ /[a-z]/) {
+                push(@brokerule,'lc');
+            }
+        }
+        if ($rules{'num'}) {
+            unless ($plainpass =~ /\d/) {
+                push(@brokerule,'num');
+            }
+        }
+        if ($rules{'spec'}) {
+            unless ($plainpass =~ /[!"#$%&'()*+,\-.\/:;<=>?@[\\\]^_`{|}~]/) {
+                push(@brokerule,'spec');
+            }
+        }
+    }
+    if (@brokerule) {
+        my %rulenames = &Apache::lonlocal::texthash(
+            uc   => 'At least one upper case letter',
+            lc   => 'At least one lower case letter',
+            num  => 'At least one number',
+            spec => 'At least one non-alphanumeric',
+        );
+        $rulenames{'uc'} .= ': ABCDEFGHIJKLMNOPQRSTUVWXYZ';
+        $rulenames{'lc'} .= ': abcdefghijklmnopqrstuvwxyz';
+        $rulenames{'num'} .= ': 0123456789';
+        $rulenames{'spec'} .= ': !&quot;\#$%&amp;\'()*+,-./:;&lt;=&gt;?@[\]^_\`{|}~';
+        $rulenames{'min'} = &mt('Minimum password length: [_1]',$min);
+        $rulenames{'max'} = &mt('Maximum password length: [_1]',$max);
+        $warning = &mt('Password did not satisfy the following:').'<ul>';
+        foreach my $rule ('min','max','uc','lc','num','spec') {
+            if (grep(/^$rule$/,@brokerule)) {
+                $warning .= '<li>'.$rulenames{$rule}.'</li>';
+            }
+        }
+        $warning .= '</ul>';
+    }
+    if (wantarray) {
+        return @brokerule;
+    }
+    return $warning;
+}
+
 ###############################################################
 ##    Get Kerberos Defaults for Domain                 ##
 ###############################################################
@@ -3721,8 +4077,13 @@ sub get_previous_attempt {
       my %lasthash=();
       my $version;
       for ($version=1;$version<=$returnhash{'version'};$version++) {
-        foreach my $key (sort(split(/\:/,$returnhash{$version.':keys'}))) {
-	  $lasthash{$key}=$returnhash{$version.':'.$key};
+        foreach my $key (reverse(sort(split(/\:/,$returnhash{$version.':keys'})))) {
+            if ($key =~ /\.rawrndseed$/) {
+                my ($id) = ($key =~ /^(.+)\.rawrndseed$/);
+                $lasthash{$id.'.rndseed'} = $returnhash{$version.':'.$key};
+            } else {
+                $lasthash{$key}=$returnhash{$version.':'.$key};
+            }
         }
       }
       $prevattempts=&start_data_table().&start_data_table_header_row();
@@ -3842,9 +4203,15 @@ sub get_previous_attempt {
                         }
                     } else {
                         if ($key =~ /\./) {
-                            my $value = &format_previous_attempt_value($key,
-                                              $returnhash{$version.':'.$key});
-                            $prevattempts.='<td>'.$value.'&nbsp;</td>';
+                            my $value = $returnhash{$version.':'.$key};
+                            if ($key =~ /\.rndseed$/) {
+                                my ($id) = ($key =~ /^(.+)\.rndseed$/);
+                                if (exists($returnhash{$version.':'.$id.'.rawrndseed'})) {
+                                    $value = $returnhash{$version.':'.$id.'.rawrndseed'};
+                                }
+                            }
+                            $prevattempts.='<td>'.&format_previous_attempt_value($key,$value).
+                                           '&nbsp;</td>';
                         } else {
                             $prevattempts.='<td>&nbsp;</td>';
                         }
@@ -3853,9 +4220,15 @@ sub get_previous_attempt {
             } else {
 	        foreach my $key (sort(keys(%lasthash))) {
                     next if ($key =~ /\.foilorder$/);
-		    my $value = &format_previous_attempt_value($key,
-			            $returnhash{$version.':'.$key});
-		    $prevattempts.='<td>'.$value.'&nbsp;</td>';
+                    my $value = $returnhash{$version.':'.$key};
+                    if ($key =~ /\.rndseed$/) {
+                        my ($id) = ($key =~ /^(.+)\.rndseed$/);
+                        if (exists($returnhash{$version.':'.$id.'.rawrndseed'})) {
+                            $value = $returnhash{$version.':'.$id.'.rawrndseed'};
+                        }
+                    }
+                    $prevattempts.='<td>'.&format_previous_attempt_value($key,$value).
+                                   '&nbsp;</td>';
 	        }
             }
 	    $prevattempts.=&end_data_table_row();
@@ -4050,6 +4423,59 @@ sub get_student_view_with_retries {
     }
 }
 
+sub css_links {
+    my ($currsymb,$level) = @_;
+    my ($links,@symbs,%cssrefs,%httpref);
+    if ($level eq 'map') {
+        my $navmap = Apache::lonnavmaps::navmap->new();
+        if (ref($navmap)) {
+            my ($map,undef,$url)=&Apache::lonnet::decode_symb($currsymb);
+            my @resources = $navmap->retrieveResources($map,sub { $_[0]->is_problem() },0,0);
+            foreach my $res (@resources) {
+                if (ref($res) && $res->symb()) {
+                    push(@symbs,$res->symb());
+                }
+            }
+        }
+    } else {
+        @symbs = ($currsymb);
+    }
+    foreach my $symb (@symbs) {
+        my $css_href = &Apache::lonnet::EXT('resource.0.cssfile',$symb);
+        if ($css_href =~ /\S/) {
+            unless ($css_href =~ m{https?://}) {
+                my $url = (&Apache::lonnet::decode_symb($symb))[-1];
+                my $proburl =  &Apache::lonnet::clutter($url);
+                my ($probdir) = ($proburl =~ m{(.+)/[^/]+$});
+                unless ($css_href =~ m{^/}) {
+                    $css_href = &Apache::lonnet::hreflocation($probdir,$css_href);
+                }
+                if ($css_href =~ m{^/(res|uploaded)/}) {
+                    unless (($httpref{'httpref.'.$css_href}) ||
+                            (&Apache::lonnet::is_on_map($css_href))) {
+                        my $thisurl = $proburl;
+                        if ($env{'httpref.'.$proburl}) {
+                            $thisurl = $env{'httpref.'.$proburl};
+                        }
+                        $httpref{'httpref.'.$css_href} = $thisurl;
+                    }
+                }
+            }
+            $cssrefs{$css_href} = 1;
+        }
+    }
+    if (keys(%httpref)) {
+        &Apache::lonnet::appenv(\%httpref);
+    }
+    if (keys(%cssrefs)) {
+        foreach my $css_href (keys(%cssrefs)) {
+            next unless ($css_href =~ m{^(/res/|/uploaded/|https?://)});
+            $links .= '<link rel="stylesheet" type="text/css" href="'.$css_href.'" />'."\n";
+        }
+    }
+    return $links;
+}
+
 =pod
 
 =item * &get_student_answers() 
@@ -4305,13 +4731,13 @@ sub findallcourses {
 ###############################################
 
 sub blockcheck {
-    my ($setters,$activity,$uname,$udom,$url,$is_course) = @_;
+    my ($setters,$activity,$uname,$udom,$url,$is_course,$symb,$caller) = @_;
 
     if (defined($udom) && defined($uname)) {
         # If uname and udom are for a course, check for blocks in the course.
         if (($is_course) || (&Apache::lonnet::is_course($udom,$uname))) {
             my ($startblock,$endblock,$triggerblock) =
-                &get_blocks($setters,$activity,$udom,$uname,$url);
+                &get_blocks($setters,$activity,$udom,$uname,$url,$symb,$caller);
             return ($startblock,$endblock,$triggerblock);
         }
     } else {
@@ -4412,7 +4838,7 @@ sub blockcheck {
                                                                 $tdom,$spec,$trest,$area);
                         }
                     }
-                    my ($author,$adv) = &Apache::lonnet::set_userprivs(\%userroles,\%allroles);
+                    my ($author,$adv,$rar) = &Apache::lonnet::set_userprivs(\%userroles,\%allroles);
                     if ($userroles{'user.priv.'.$checkrole} =~ /evb\&([^\:]*)/) {
                         if ($1) {
                             $no_userblock = 1;
@@ -4434,11 +4860,11 @@ sub blockcheck {
                  ($env{'request.role'} !~ m{^st\./\Q$cdom\E/\Q$cnum\E}));
         next if ($no_userblock);
 
-        # Retrieve blocking times and identity of locker for course
+        # Retrieve blocking times and identity of blocker for course
         # of specified user, unless user has 'evb' privilege.
         
         my ($start,$end,$trigger) = 
-            &get_blocks($setters,$activity,$cdom,$cnum,$url);
+            &get_blocks($setters,$activity,$cdom,$cnum,$url,$symb,$caller);
         if (($start != 0) && 
             (($startblock == 0) || ($startblock > $start))) {
             $startblock = $start;
@@ -4458,7 +4884,7 @@ sub blockcheck {
 }
 
 sub get_blocks {
-    my ($setters,$activity,$cdom,$cnum,$url) = @_;
+    my ($setters,$activity,$cdom,$cnum,$url,$symb,$caller) = @_;
     my $startblock = 0;
     my $endblock = 0;
     my $triggerblock = '';
@@ -4471,7 +4897,13 @@ sub get_blocks {
     my $now = time;
     my %commblocks = &Apache::lonnet::get_comm_blocks($cdom,$cnum);
     if ($activity eq 'docs') {
-        @blockers = &Apache::lonnet::has_comm_blocking('bre',undef,$url,\%commblocks);
+        my ($blocked,$nosymbcache,$noenccheck);
+        if (($caller eq 'blockedaccess') || ($caller eq 'blockingstatus')) {
+            $blocked = 1;
+            $nosymbcache = 1;
+            $noenccheck = 1;
+        }
+        @blockers = &Apache::lonnet::has_comm_blocking('bre',$symb,$url,$nosymbcache,$noenccheck,$blocked,\%commblocks);
         foreach my $block (@blockers) {
             if ($block =~ /^firstaccess____(.+)$/) {
                 my $item = $1;
@@ -4593,12 +5025,12 @@ sub parse_block_record {
 }
 
 sub blocking_status {
-    my ($activity,$uname,$udom,$url,$is_course) = @_;
+    my ($activity,$uname,$udom,$url,$is_course,$symb,$caller) = @_;
     my %setters;
 
 # check for active blocking
     my ($startblock,$endblock,$triggerblock) = 
-        &blockcheck(\%setters,$activity,$uname,$udom,$url,$is_course);
+        &blockcheck(\%setters,$activity,$uname,$udom,$url,$is_course,$symb,$caller);
     my $blocked = 0;
     if ($startblock && $endblock) {
         $blocked = 1;
@@ -4610,11 +5042,16 @@ sub blocking_status {
 # build a link to a popup window containing the details
     my $querystring  = "?activity=$activity";
 # $uname and $udom decide whose portfolio the user is trying to look at
-    if ($activity eq 'port') {
-        $querystring .= "&amp;udom=$udom"      if $udom;
-        $querystring .= "&amp;uname=$uname"    if $uname;
+    if (($activity eq 'port') || ($activity eq 'passwd')) {
+        $querystring .= "&amp;udom=$udom"      if ($udom =~ /^$match_domain$/);
+        $querystring .= "&amp;uname=$uname"    if ($uname =~ /^$match_username$/);
     } elsif ($activity eq 'docs') {
-        $querystring .= '&amp;url='.&HTML::Entities::encode($url,'&"');
+        my $showurl = &Apache::lonenc::check_encrypt($url);
+        $querystring .= '&amp;url='.&HTML::Entities::encode($showurl,'\'&"<>');
+        if ($symb) {
+            my $showsymb = &Apache::lonenc::check_encrypt($symb);
+            $querystring .= '&amp;symb='.&HTML::Entities::encode($showsymb,'\'&"<>');
+        }
     }
 
     my $output .= <<'END_MYBLOCK';
@@ -4631,13 +5068,17 @@ END_MYBLOCK
   
     my $popupUrl = "/adm/blockingstatus/$querystring";
     my $text = &mt('Communication Blocked');
+    my $class = 'LC_comblock';
     if ($activity eq 'docs') {
         $text = &mt('Content Access Blocked');
+        $class = '';
     } elsif ($activity eq 'printout') {
         $text = &mt('Printing Blocked');
+    } elsif ($activity eq 'passwd') {
+        $text = &mt('Password Changing Blocked');
     }
     $output .= <<"END_BLOCK";
-<div class='LC_comblock'>
+<div class='$class'>
   <a onclick='openWindow("$popupUrl","Blocking Table",600,300,"no","no");return false;' href='/adm/blockingstatus/$querystring'
   title='$text'>
   <img class='LC_noBorder LC_middle' title='$text' src='/res/adm/pages/comblock.png' alt='$text'/></a>
@@ -4653,13 +5094,19 @@ END_BLOCK
 ###############################################
 
 sub check_ip_acc {
-    my ($acc)=@_;
+    my ($acc,$clientip)=@_;
     &Apache::lonxml::debug("acc is $acc");
     if (!defined($acc) || $acc =~ /^\s*$/ || $acc =~/^\s*no\s*$/i) {
         return 1;
     }
     my $allowed=0;
-    my $ip=$env{'request.host'} || $ENV{'REMOTE_ADDR'};
+    my $ip;
+    if (($ENV{'REMOTE_ADDR'} eq '127.0.0.1') ||
+        ($ENV{'REMOTE_ADDR'} eq &Apache::lonnet::get_host_ip($Apache::lonnet::perlvar{'lonHostID'}))) {
+        $ip = $env{'request.host'} || $ENV{'REMOTE_ADDR'} || $clientip;
+    } else {
+        $ip = $ENV{'REMOTE_ADDR'} || $env{'request.host'} || $clientip;
+    }
 
     my $name;
     foreach my $pattern (split(',',$acc)) {
@@ -4844,7 +5291,7 @@ sub get_legacy_domconf {
     my $designdir=$Apache::lonnet::perlvar{'lonTabDir'}.'/lonDomColors';
     my $designfile =  $designdir.'/'.$udom.'.tab';
     if (-e $designfile) {
-        if ( open (my $fh,"<$designfile") ) {
+        if ( open (my $fh,'<',$designfile) ) {
             while (my $line = <$fh>) {
                 next if ($line =~ /^\#/);
                 chomp($line);
@@ -5100,9 +5547,10 @@ Inputs:
 
 =item * $args, optional argument valid values are
             no_auto_mt_title -> prevents &mt()ing the title arg
-            inherit_jsmath -> when creating popup window in a page,
-                              should it have jsmath forced on by the
-                              current page
+            use_absolute     -> for external resource or syllabus, this will
+                                contain https://<hostname> if server uses
+                                https (as per hosts.tab), but request is for http
+            hostname         -> hostname, from $r->hostname().
 
 =item * $advtoolsref, optional argument, ref to an array containing
             inlineremote items to be added in "Functions" menu below
@@ -5128,6 +5576,7 @@ sub bodytag {
     }
     if (!$args->{'no_auto_mt_title'}) { $title = &mt($title); }
     my $httphost = $args->{'use_absolute'};
+    my $hostname = $args->{'hostname'};
 
     $function = &get_users_function() if (!$function);
     my $img =    &designparm($function.'.img',$domain);
@@ -5155,6 +5604,14 @@ sub bodytag {
     if ($env{'request.course.id'}) {
         if ($env{'request.role'} !~ /^cr/) {
             $role = &Apache::lonnet::plaintext($role,&course_type());
+        } elsif ($role =~ m{^cr/($match_domain)/\1-domainconfig/(\w+)$}) {
+            if ($env{'request.role.desc'}) {
+                $role = $env{'request.role.desc'};
+            } else {
+                $role = &mt('Helpdesk[_1]','&nbsp;'.$2);
+            }
+        } else {
+            $role = (split(/\//,$role,4))[-1];
         }
         if ($env{'request.course.sec'}) {
             $role .= ('&nbsp;'x2).'-&nbsp;'.&mt('section:').'&nbsp;'.$env{'request.course.sec'};
@@ -5170,7 +5627,7 @@ sub bodytag {
 
 # construct main body tag
     my $bodytag = "<body $extra_body_attr>".
-	&Apache::lontexconvert::init_math_support($args->{'inherit_jsmath'});
+	&Apache::lontexconvert::init_math_support();
 
     &get_unprocessed_cgi($ENV{'QUERY_STRING'}, ['inhibitmenu']);
 
@@ -5194,7 +5651,7 @@ sub bodytag {
         $dc_info =~ s/\s+$//;
     }
 
-    $role = '<span class="LC_nobreak">('.$role.')</span>' if $role;
+    $role = '<span class="LC_nobreak">('.$role.')</span>' if ($role && !$env{'browser.mobile'});
 
     if ($env{'request.state'} eq 'construct') { $forcereg=1; }
 
@@ -5208,7 +5665,7 @@ sub bodytag {
         &Apache::lonmenu::prepare_functions($env{'request.noversionuri'},
                                             $forcereg,$args->{'group'},
                                             $args->{'bread_crumbs'},
-                                            $advtoolsref,'',\$forbodytag);
+                                            $advtoolsref,'','',\$forbodytag);
         unless (ref($args->{'bread_crumbs'}) eq 'ARRAY') {
             $funclist = $forbodytag;
         }
@@ -5254,16 +5711,19 @@ sub bodytag {
             $bodytag .= Apache::lonhtmlcommon::scripttag('', 'end');
             if ($env{'request.state'} eq 'construct') {
                 $bodytag .= &Apache::lonmenu::innerregister($forcereg,
-                                $args->{'bread_crumbs'});
-            } elsif ($forcereg) { 
+                                $args->{'bread_crumbs'},'','',$hostname);
+            } elsif ($forcereg) {
                 $bodytag .= &Apache::lonmenu::innerregister($forcereg,undef,
-                                                            $args->{'group'});
+                                                            $args->{'group'},
+                                                            $args->{'hide_buttons',
+                                                            $hostname});
             } else {
                 my $forbodytag;
                 &Apache::lonmenu::prepare_functions($env{'request.noversionuri'},
                                                     $forcereg,$args->{'group'},
                                                     $args->{'bread_crumbs'},
-                                                    $advtoolsref,'',\$forbodytag);
+                                                    $advtoolsref,'',$hostname,
+                                                    \$forbodytag);
                 unless (ref($args->{'bread_crumbs'}) eq 'ARRAY') {
                     $bodytag .= $forbodytag;
                 }
@@ -5397,7 +5857,6 @@ sub endbodytag {
     unless ((ref($args) eq 'HASH') && ($args->{'notbody'})) {
         $endbodytag='</body>';
     }
-    $endbodytag=&Apache::lontexconvert::jsMath_process()."\n".$endbodytag;
     if ( exists( $env{'internal.head.redirect'} ) ) {
         if (!(ref($args) eq 'HASH' && $args->{'noredirectlink'})) {
 	    $endbodytag=
@@ -5572,6 +6031,17 @@ div.LC_confirm_box .LC_success img {
   vertical-align: middle;
 }
 
+.LC_maxwidth {
+  max-width: 100%;
+  height: auto;
+}
+
+.LC_textsize_mobile {
+  \@media only screen and (max-device-width: 480px) {
+      -webkit-text-size-adjust:100%; -moz-text-size-adjust:100%; -ms-text-size-adjust:100%;
+  }
+}
+
 .LC_icon {
   border: none;
   vertical-align: middle;
@@ -5693,6 +6163,10 @@ table#LC_menubuttons img {
   vertical-align: middle;
 }
 
+.LC_breadcrumbs_hoverable {
+  background: $sidebg;
+}
+
 td.LC_table_cell_checkbox {
   text-align: center;
 }
@@ -5763,6 +6237,11 @@ td.LC_menubuttons_text {
   background: $tabbg;
 }
 
+td.LC_zero_height {
+  line-height: 0;
+  cellpadding: 0;
+}
+
 table.LC_data_table {
   border: 1px solid #000000;
   border-collapse: separate;
@@ -6353,7 +6832,8 @@ table.LC_prior_tries td {
   padding: 6px;
 }
 
-.LC_answer_unknown {
+.LC_answer_unknown,
+.LC_answer_warning {
   background: orange;
   color: black;
   padding: 6px;
@@ -6435,6 +6915,7 @@ table.LC_data_table tr > td.LC_docs_entr
   color: #990000;
 }
 
+.LC_domprefs_email,
 .LC_docs_reinit_warn,
 .LC_docs_ext_edit {
   font-size: x-small;
@@ -6550,7 +7031,7 @@ div.LC_edit_problem_footer,
 div.LC_edit_problem_footer div,
 div.LC_edit_problem_editxml_header,
 div.LC_edit_problem_editxml_header div {
-  margin-top: 5px;
+  z-index: 100;
 }
 
 div.LC_edit_problem_header_title {
@@ -6566,14 +7047,17 @@ table.LC_edit_problem_header_title {
   background: $tabbg;
 }
 
-div.LC_edit_problem_discards {
-  float: left;
-  padding-bottom: 5px;
+div.LC_edit_actionbar {
+    background-color: $sidebg;
+    margin: 0;
+    padding: 0;
+    line-height: 200%;
 }
 
-div.LC_edit_problem_saves {
-  float: right;
-  padding-bottom: 5px;
+div.LC_edit_actionbar div{
+    padding: 0;
+    margin: 0;
+    display: inline-block;
 }
 
 .LC_edit_opt {
@@ -6589,6 +7073,10 @@ div.LC_edit_problem_saves {
     margin-left: 40px;
 }
 
+#LC_edit_problem_codemirror div{
+    margin-left: 0px;
+}
+
 img.stift {
   border-width: 0;
   vertical-align: middle;
@@ -6676,6 +7164,10 @@ fieldset {
   /* overflow: hidden; */
 }
 
+article.geogebraweb div {
+    margin: 0;
+}
+
 fieldset > legend {
   font-weight: bold;
   padding: 0 5px 0 5px;
@@ -6703,7 +7195,6 @@ fieldset > legend {
 ol.LC_primary_menu {
   margin: 0;
   padding: 0;
-  background-color: $pgbg_or_bgcolor;
 }
 
 ol#LC_PathBreadcrumbs {
@@ -6715,23 +7206,48 @@ ol.LC_primary_menu li {
   vertical-align: middle;
   text-align: left;
   list-style: none;
+  position: relative;
   float: left;
+  z-index: 100; /* will be displayed above codemirror and underneath the help-layer */
+  line-height: 1.5em;
 }
 
-ol.LC_primary_menu li a {
+ol.LC_primary_menu li a, 
+ol.LC_primary_menu li p {
   display: block;
   margin: 0;
   padding: 0 5px 0 10px;
   text-decoration: none;
 }
 
-ol.LC_primary_menu li ul {
+ol.LC_primary_menu li p span.LC_primary_menu_innertitle {
+  display: inline-block;
+  width: 95%;
+  text-align: left;
+}
+
+ol.LC_primary_menu li p span.LC_primary_menu_innerarrow {
+  display: inline-block;
+  width: 5%;
+  float: right;
+  text-align: right;
+  font-size: 70%;
+}
+
+ol.LC_primary_menu ul {
   display: none;
-  width: 10em;
+  width: 15em;
   background-color: $data_table_light;
+  position: absolute;
+  top: 100%;
+}
+
+ol.LC_primary_menu ul ul {
+  left: 100%;
+  top: 0;
 }
 
-ol.LC_primary_menu li:hover ul, ol.LC_primary_menu li.hover ul {
+ol.LC_primary_menu li:hover > ul, ol.LC_primary_menu li.hover > ul {
   display: block;
   position: absolute;
   margin: 0;
@@ -6740,15 +7256,21 @@ ol.LC_primary_menu li:hover ul, ol.LC_pr
 }
 
 ol.LC_primary_menu li:hover li, ol.LC_primary_menu li.hover li {
+/* First Submenu -> size should be smaller than the menu title of the whole menu */
   font-size: 90%;
   vertical-align: top;
   float: none;
   border-left: 1px solid black;
   border-right: 1px solid black;
+/* A dark bottom border to visualize different menu options;
+overwritten in the create_submenu routine for the last border-bottom of the menu */
+  border-bottom: 1px solid $data_table_dark;
 }
 
-ol.LC_primary_menu li:hover li a, ol.LC_primary_menu li.hover li a {
-  background-color:$data_table_light;
+ol.LC_primary_menu li li p:hover {
+  color:$button_hover;
+  text-decoration:none;
+  background-color:$data_table_dark;
 }
 
 ol.LC_primary_menu li li a:hover {
@@ -6756,6 +7278,11 @@ ol.LC_primary_menu li li a:hover {
    background-color:$data_table_dark;
 }
 
+/* Font-size equal to the size of the predecessors*/
+ol.LC_primary_menu li:hover li li {
+  font-size: 100%;
+}
+
 ol.LC_primary_menu li img {
   vertical-align: bottom;
   height: 1.1em;
@@ -6812,7 +7339,6 @@ ul#LC_secondary_menu li {
   font-weight: bold;
   line-height: 1.8em;
   border-right: 1px solid black;
-  vertical-align: middle;
   float: left;
 }
 
@@ -7298,6 +7824,14 @@ ul.LC_funclist li {
 		cursor:pointer;
 }
 
+pre.LC_wordwrap {
+  white-space: pre-wrap;
+  white-space: -moz-pre-wrap;
+  white-space: -pre-wrap;
+  white-space: -o-pre-wrap;
+  word-wrap: break-word;
+}
+
 /*
   styles used by TTH when "Default set of options to pass to tth/m
   when converting TeX" in course settings has been set
@@ -7319,6 +7853,39 @@ span.roman {font-family: serif; font-sty
 span.overacc2 {position: relative;  left: .8em; top: -1.2ex;}
 span.overacc1 {position: relative;  left: .6em; top: -1.2ex;}
 
+#LC_minitab_header {
+  float:left;
+  width:100%;
+  background:#DAE0D2 url("/res/adm/pages/minitabmenu_bg.gif") repeat-x bottom;
+  font-size:93%;
+  line-height:normal;
+  margin: 0.5em 0 0.5em 0;
+}
+#LC_minitab_header ul {
+  margin:0;
+  padding:10px 10px 0;
+  list-style:none;
+}
+#LC_minitab_header li {
+  float:left;
+  background:url("/res/adm/pages/minitabmenu_left.gif") no-repeat left top;
+  margin:0;
+  padding:0 0 0 9px;
+}
+#LC_minitab_header a {
+  display:block;
+  background:url("/res/adm/pages/minitabmenu_right.gif") no-repeat right top;
+  padding:5px 15px 4px 6px;
+}
+#LC_minitab_header #LC_current_minitab {
+  background-image:url("/res/adm/pages/minitabmenu_left_on.gif");
+}
+#LC_minitab_header #LC_current_minitab a {
+  background-image:url("/res/adm/pages/minitabmenu_right_on.gif");
+  padding-bottom:5px;
+}
+
+
 END
 }
 
@@ -7411,6 +7978,123 @@ sub headtag {
 <meta http-equiv="pragma" content="no-cache" />
 <meta http-equiv="Refresh" content="$time; url=$url" />
 ADDMETA
+    } else {
+        unless (($args->{'frameset'}) || ($args->{'js_ready'}) || ($args->{'only_body'}) || ($args->{'no_nav_bar'})) {
+            my $requrl = $env{'request.uri'};
+            if ($requrl eq '') {
+                $requrl = $ENV{'REQUEST_URI'};
+                $requrl =~ s/\?.+$//;
+            }
+            unless (($requrl =~ m{^/adm/(?:switchserver|login|authenticate|logout|groupsort|cleanup|helper|slotrequest|grades)(\?|$)}) ||
+                    (($requrl =~ m{^/res/}) && (($env{'form.submitted'} eq 'scantron') ||
+                     ($env{'form.grade_symb'}) || ($Apache::lonhomework::scantronmode)))) {
+                my $dom_in_use = $Apache::lonnet::perlvar{'lonDefDomain'};
+                unless (&Apache::lonnet::allowed('mau',$dom_in_use)) {
+                    my %domdefs = &Apache::lonnet::get_domain_defaults($dom_in_use);
+                    my $lonhost = $Apache::lonnet::perlvar{'lonHostID'};
+                    my $offload;
+                    if (ref($domdefs{'offloadnow'}) eq 'HASH') {
+                        if ($domdefs{'offloadnow'}{$lonhost}) {
+                            $offload = 1;
+                        }
+                    }
+                    unless ($offload) {
+                        if (ref($domdefs{'offloadoth'}) eq 'HASH') {
+                            if ($domdefs{'offloadoth'}{$lonhost}) {
+                                if (($env{'user.domain'} ne '') && ($env{'user.domain'} ne $dom_in_use) &&
+                                    (!(($env{'user.name'} eq 'public') && ($env{'user.domain'} eq 'public')))) {
+                                    unless (&Apache::lonnet::shared_institution($env{'user.domain'})) {
+                                        $offload = 1;
+                                        $dom_in_use = $env{'user.domain'};
+                                    }
+                                }
+                            }
+                        }
+                    }
+                    if ($offload) {
+                        my $newserver = &Apache::lonnet::spareserver(30000,undef,1,$dom_in_use);
+                        if (($newserver) && ($newserver ne $lonhost)) {
+                            my $numsec = 5;
+                            my $timeout = $numsec * 1000;
+                            my ($newurl,$locknum,%locks,$msg);
+                            if ($env{'request.role.adv'}) {
+                                ($locknum,%locks) = &Apache::lonnet::get_locks();
+                            }
+                            my $disable_submit = 0;
+                            if ($requrl =~ /$LONCAPA::assess_re/) {
+                                $disable_submit = 1;
+                            }
+                            if ($locknum) {
+                                my @lockinfo = sort(values(%locks));
+                                $msg = &mt('Once the following tasks are complete: ')."\n".
+                                       join(", ",sort(values(%locks)))."\n";
+                                if (&show_course()) {
+                                    $msg .= &mt('your session will be transferred to a different server, after you click "Courses".');
+                                } else {
+                                    $msg .= &mt('your session will be transferred to a different server, after you click "Roles".');
+                                }
+                            } else {
+                                if (($requrl =~ m{^/res/}) && ($env{'form.submitted'} =~ /^part_/)) {
+                                    $msg = &mt('Your LON-CAPA submission has been recorded')."\n";
+                                }
+                                $msg .= &mt('Your current LON-CAPA session will be transferred to a different server in [quant,_1,second].',$numsec);
+                                $newurl = '/adm/switchserver?otherserver='.$newserver;
+                                if (($env{'request.role'}) && ($env{'request.role'} ne 'cm')) {
+                                    $newurl .= '&role='.$env{'request.role'};
+                                }
+                                if ($env{'request.symb'}) {
+                                    my $shownsymb = &Apache::lonenc::check_encrypt($env{'request.symb'});
+                                    if ($shownsymb =~ m{^/enc/}) {
+                                        my $reqdmajor = 2;
+                                        my $reqdminor = 11;
+                                        my $reqdsubminor = 3;
+                                        my $newserverrev = &Apache::lonnet::get_server_loncaparev('',$newserver);
+                                        my $remoterev = &Apache::lonnet::get_server_loncaparev(undef,$newserver);
+                                        my ($major,$minor,$subminor) = ($remoterev =~ /^\'?(\d+)\.(\d+)\.(\d+|)[\w.\-]+\'?$/);
+                                        if (($major eq '' && $minor eq '') ||
+                                            (($reqdmajor > $major) || (($reqdmajor == $major) && ($reqdminor > $minor)) ||
+                                            (($reqdmajor == $major) && ($reqdminor == $minor) && (($subminor eq '') ||
+                                             ($reqdsubminor > $subminor))))) {
+                                            undef($shownsymb);
+                                        }
+                                    }
+                                    if ($shownsymb) {
+                                        &js_escape(\$shownsymb);
+                                        $newurl .= '&symb='.$shownsymb;
+                                    }
+                                } else {
+                                    my $shownurl = &Apache::lonenc::check_encrypt($requrl);
+                                    &js_escape(\$shownurl);
+                                    $newurl .= '&origurl='.$shownurl;
+                                }
+                            }
+                            &js_escape(\$msg);
+                            $result.=<<OFFLOAD
+<meta http-equiv="pragma" content="no-cache" />
+<script type="text/javascript">
+// <![CDATA[
+function LC_Offload_Now() {
+    var dest = "$newurl";
+    if (dest != '') {
+        window.location.href="$newurl";
+    }
+}
+\$(document).ready(function () {
+    window.alert('$msg');
+    if ($disable_submit) {
+        \$(".LC_hwk_submit").prop("disabled", true);
+        \$( ".LC_textline" ).prop( "readonly", "readonly");
+    }
+    setTimeout('LC_Offload_Now()', $timeout);
+});
+// ]]>
+</script>
+OFFLOAD
+                        }
+                    }
+                }
+            }
+        }
     }
     if (!defined($title)) {
 	$title = 'The LearningOnline Network with CAPA';
@@ -7424,11 +8108,18 @@ ADDMETA
     $result .= '>'
         .$inhibitprint
 	.$head_extra;
-    if ($env{'browser.mobile'}) {
+    my $clientmobile;
+    if (($env{'user.name'} eq '') && ($env{'user.domain'} eq '')) {
+        (undef,undef,undef,undef,undef,undef,$clientmobile) = &decode_user_agent();
+    } else {
+        $clientmobile = $env{'browser.mobile'};
+    }
+    if ($clientmobile) {
         $result .= '
 <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=0, minimum-scale=1.0, maximum-scale=1.0">
 <meta name="apple-mobile-web-app-capable" content="yes" />';
     }
+    $result .= '<meta name="google" content="notranslate" />'."\n";
     return $result.'</head>';
 }
 
@@ -7608,13 +8299,16 @@ $args - additional optional args support
              no_inline_link -> if true and in remote mode, don't show the
                                     'Switch To Inline Menu' link
              no_auto_mt_title -> prevent &mt()ing the title arg
-             inherit_jsmath -> when creating popup window in a page,
-                                    should it have jsmath forced on by the
-                                    current page
              bread_crumbs ->             Array containing breadcrumbs
              bread_crumbs_component ->  if exists show it as headline else show only the breadcrumbs
+             bread_crumbs_nomenu -> if true will pass false as the value of $menulink
+                                    to lonhtmlcommon::breadcrumbs
              group          -> includes the current group, if page is for a
                                specific group
+             use_absolute   -> for request for external resource or syllabus, this
+                               will contain https://<hostname> if server uses
+                               https (as per hosts.tab), but request is for http
+             hostname       -> hostname, originally from $r->hostname(), (optional).
 
 =back
 
@@ -7678,12 +8372,18 @@ sub start_page {
                 if (@advtools > 0) {
                     &Apache::lonmenu::advtools_crumbs(@advtools);
                 }
-
+                my $menulink;
+                # if arg: bread_crumbs_nomenu is true pass 0 as $menulink item.
+                if (exists($args->{'bread_crumbs_nomenu'})) {
+                    $menulink = 0;
+                } else {
+                    undef($menulink);
+                }
 		#if bread_crumbs_component exists show it as headline else show only the breadcrumbs
 		if(exists($args->{'bread_crumbs_component'})){
-			$result .= &Apache::lonhtmlcommon::breadcrumbs($args->{'bread_crumbs_component'});
+			$result .= &Apache::lonhtmlcommon::breadcrumbs($args->{'bread_crumbs_component'},'',$menulink);
 		}else{
-			$result .= &Apache::lonhtmlcommon::breadcrumbs();
+			$result .= &Apache::lonhtmlcommon::breadcrumbs('','',$menulink);
 		}
     } elsif (($env{'environment.remote'} eq 'on') &&
              ($env{'form.inhibitmenu'} ne 'yes') &&
@@ -7785,7 +8485,7 @@ var modalWindow = {
 };
 	var openMyModal = function(source,width,height,scrolling,transparency,style)
 	{
-                source = source.replace("'","&#39;");
+                source = source.replace(/'/g,"&#39;");
 		modalWindow.windowId = "myModal";
 		modalWindow.width = width;
 		modalWindow.height = height;
@@ -7810,8 +8510,7 @@ sub modal_link {
         $target_attr = 'target="'.$target.'"';
     }
     return <<"ENDLINK";
-<a href="$link" $target_attr title="$title" onclick="javascript:openMyModal('$link',$width,$height,'$scrolling','$transparency','$style'); return false;">
-           $linktext</a>
+<a href="$link" $target_attr title="$title" onclick="javascript:openMyModal('$link',$width,$height,'$scrolling','$transparency','$style'); return false;">$linktext</a>
 ENDLINK
 }
 
@@ -7914,8 +8613,9 @@ sub end_togglebox {
 }
 
 sub LCprogressbar_script {
-   my ($id)=@_;
-   return(<<ENDPROGRESS);
+   my ($id,$number_to_do)=@_;
+   if ($number_to_do) {
+       return(<<ENDPROGRESS);
 <script type="text/javascript">
 // <![CDATA[
 \$('#progressbar$id').progressbar({
@@ -7928,21 +8628,43 @@ sub LCprogressbar_script {
 // ]]>
 </script>
 ENDPROGRESS
+   } else {
+       return(<<ENDPROGRESS);
+<script type="text/javascript">
+// <![CDATA[
+\$('#progressbar$id').progressbar({
+  value: false,
+  create: function(event, ui) {
+    \$('.ui-widget-header', this).css({'background':'#F0F0F0'});
+    \$('.ui-progressbar-overlay', this).css({'margin':'0'});
+  }
+});
+// ]]>
+</script>
+ENDPROGRESS
+   }
 }
 
 sub LCprogressbarUpdate_script {
    return(<<ENDPROGRESSUPDATE);
 <style type="text/css">
 .ui-progressbar { position:relative; }
+.progress-label {position: absolute; width: 100%; text-align: center; top: 1px; font-weight: bold; text-shadow: 1px 1px 0 #fff;margin: 0; line-height: 200%; }
 .pblabel { position: absolute; width: 100%; text-align: center; line-height: 1.9em; }
 </style>
 <script type="text/javascript">
 // <![CDATA[
 var LCprogressTxt='---';
 
-function LCupdateProgress(percent,progresstext,id) {
+function LCupdateProgress(percent,progresstext,id,maxnum) {
    LCprogressTxt=progresstext;
-   \$('#progressbar'+id).progressbar('value',percent);
+   if ((maxnum == '') || (maxnum == undefined) || (maxnum == null)) {
+       \$('#progressbar'+id).find('.progress-label').text(LCprogressTxt);
+   } else if (percent === \$('#progressbar'+id).progressbar( "value" )) {
+       \$('#progressbar'+id).find('.pblabel').text(LCprogressTxt);
+   } else {
+       \$('#progressbar'+id).progressbar('value',percent);
+   }
 }
 // ]]>
 </script>
@@ -7954,37 +8676,54 @@ my $LCidcnt;
 my $LCcurrentid;
 
 sub LCprogressbar {
-    my ($r)=(@_);
+    my ($r,$number_to_do,$preamble)=@_;
     $LClastpercent=0;
     $LCidcnt++;
     $LCcurrentid=$$.'_'.$LCidcnt;
-    my $starting=&mt('Starting');
-    my $content=(<<ENDPROGBAR);
+    my ($starting,$content);
+    if ($number_to_do) {
+        $starting=&mt('Starting');
+        $content=(<<ENDPROGBAR);
+$preamble
   <div id="progressbar$LCcurrentid">
     <span class="pblabel">$starting</span>
   </div>
 ENDPROGBAR
-    &r_print($r,$content.&LCprogressbar_script($LCcurrentid));
+    } else {
+        $starting=&mt('Loading...');
+        $LClastpercent='false';
+        $content=(<<ENDPROGBAR);
+$preamble
+  <div id="progressbar$LCcurrentid">
+      <div class="progress-label">$starting</div>
+  </div>
+ENDPROGBAR
+    }
+    &r_print($r,$content.&LCprogressbar_script($LCcurrentid,$number_to_do));
 }
 
 sub LCprogressbarUpdate {
-    my ($r,$val,$text)=@_;
-    unless ($val) { 
-       if ($LClastpercent) {
-           $val=$LClastpercent;
-       } else {
-           $val=0;
-       }
+    my ($r,$val,$text,$number_to_do)=@_;
+    if ($number_to_do) {
+        unless ($val) { 
+            if ($LClastpercent) {
+                $val=$LClastpercent;
+            } else {
+                $val=0;
+            }
+        }
+        if ($val<0) { $val=0; }
+        if ($val>100) { $val=0; }
+        $LClastpercent=$val;
+        unless ($text) { $text=$val.'%'; }
+    } else {
+        $val = 'false';
     }
-    if ($val<0) { $val=0; }
-    if ($val>100) { $val=0; }
-    $LClastpercent=$val;
-    unless ($text) { $text=$val.'%'; }
     $text=&js_ready($text);
     &r_print($r,<<ENDUPDATE);
 <script type="text/javascript">
 // <![CDATA[
-LCupdateProgress($val,'$text','$LCcurrentid');
+LCupdateProgress($val,'$text','$LCcurrentid','$number_to_do');
 // ]]>
 </script>
 ENDUPDATE
@@ -9101,8 +9840,24 @@ sub get_secgrprole_info {
 }
 
 sub user_picker {
-    my ($dom,$srch,$forcenewuser,$caller,$cancreate,$usertype,$context) = @_;
+    my ($dom,$srch,$forcenewuser,$caller,$cancreate,$usertype,$context,$fixeddom,$noinstd) = @_;
     my $currdom = $dom;
+    my @alldoms = &Apache::lonnet::all_domains();
+    if (@alldoms == 1) {
+        my %domsrch = &Apache::lonnet::get_dom('configuration',
+                                               ['directorysrch'],$alldoms[0]);
+        my $domdesc = &Apache::lonnet::domain($alldoms[0],'description');
+        my $showdom = $domdesc;
+        if ($showdom eq '') {
+            $showdom = $dom;
+        }
+        if (ref($domsrch{'directorysrch'}) eq 'HASH') {
+            if ((!$domsrch{'directorysrch'}{'available'}) &&
+                ($domsrch{'directorysrch'}{'lcavailable'} eq '0')) {
+                return (&mt('LON-CAPA directory search is not available in domain: [_1]',$showdom),0);
+            }
+        }
+    }
     my %curr_selected = (
                         srchin => 'dom',
                         srchby => 'lastname',
@@ -9123,7 +9878,7 @@ sub user_picker {
         }
         $srchterm = $srch->{'srchterm'};
     }
-    my %lt=&Apache::lonlocal::texthash(
+    my %html_lt=&Apache::lonlocal::texthash(
                     'usr'       => 'Search criteria',
                     'doma'      => 'Domain/institution to search',
                     'uname'     => 'username',
@@ -9136,6 +9891,8 @@ sub user_picker {
                     'exact'     => 'is',
                     'contains'  => 'contains',
                     'begins'    => 'begins with',
+                                       );
+    my %js_lt=&Apache::lonlocal::texthash(
                     'youm'      => "You must include some text to search for.",
                     'thte'      => "The text you are searching for must contain at least two characters when using a 'begins' type search.",
                     'thet'      => "The text you are searching for must contain at least three characters when using a 'contains' type search.",
@@ -9145,7 +9902,16 @@ sub user_picker {
                     'whse'      => "When searching by last,first you must include at least one character in the first name.",
                      'thfo'     => "The following need to be corrected before the search can be run:",
                                        );
-    my $domform = &select_dom_form($currdom,'srchdomain',1,1);
+    &html_escape(\%html_lt);
+    &js_escape(\%js_lt);
+    my $domform;
+    my $allow_blank = 1;
+    if ($fixeddom) {
+        $allow_blank = 0;
+        $domform = &select_dom_form($currdom,'srchdomain',$allow_blank,1,undef,[$currdom]);
+    } else {
+        $domform = &select_dom_form($currdom,'srchdomain',$allow_blank,1);
+    }
     my $srchinsel = ' <select name="srchin">';
 
     my @srchins = ('crs','dom','alc','instd');
@@ -9157,12 +9923,13 @@ sub user_picker {
         next if ($option eq 'alc');
         next if (($option eq 'crs') && ($env{'form.form'} eq 'requestcrs'));  
         next if ($option eq 'crs' && !$env{'request.course.id'});
+        next if (($option eq 'instd') && ($noinstd));
         if ($curr_selected{'srchin'} eq $option) {
             $srchinsel .= ' 
-   <option value="'.$option.'" selected="selected">'.$lt{$option}.'</option>';
+   <option value="'.$option.'" selected="selected">'.$html_lt{$option}.'</option>';
         } else {
             $srchinsel .= '
-   <option value="'.$option.'">'.$lt{$option}.'</option>';
+   <option value="'.$option.'">'.$html_lt{$option}.'</option>';
         }
     }
     $srchinsel .= "\n  </select>\n";
@@ -9171,10 +9938,10 @@ sub user_picker {
     foreach my $option ('lastname','lastfirst','uname') {
         if ($curr_selected{'srchby'} eq $option) {
             $srchbysel .= '
-   <option value="'.$option.'" selected="selected">'.$lt{$option}.'</option>';
+   <option value="'.$option.'" selected="selected">'.$html_lt{$option}.'</option>';
         } else {
             $srchbysel .= '
-   <option value="'.$option.'">'.$lt{$option}.'</option>';
+   <option value="'.$option.'">'.$html_lt{$option}.'</option>';
          }
     }
     $srchbysel .= "\n  </select>\n";
@@ -9183,10 +9950,10 @@ sub user_picker {
     foreach my $option ('begins','contains','exact') {
         if ($curr_selected{'srchtype'} eq $option) {
             $srchtypesel .= '
-   <option value="'.$option.'" selected="selected">'.$lt{$option}.'</option>';
+   <option value="'.$option.'" selected="selected">'.$html_lt{$option}.'</option>';
         } else {
             $srchtypesel .= '
-   <option value="'.$option.'">'.$lt{$option}.'</option>';
+   <option value="'.$option.'">'.$html_lt{$option}.'</option>';
         }
     }
     $srchtypesel .= "\n  </select>\n";
@@ -9271,46 +10038,46 @@ function validateEntry(callingForm) {
 
     if (srchterm == "") {
         checkok = 0;
-        msg += "$lt{'youm'}\\n";
+        msg += "$js_lt{'youm'}\\n";
     }
 
     if (srchtype== 'begins') {
         if (srchterm.length < 2) {
             checkok = 0;
-            msg += "$lt{'thte'}\\n";
+            msg += "$js_lt{'thte'}\\n";
         }
     }
 
     if (srchtype== 'contains') {
         if (srchterm.length < 3) {
             checkok = 0;
-            msg += "$lt{'thet'}\\n";
+            msg += "$js_lt{'thet'}\\n";
         }
     }
     if (srchin == 'instd') {
         if (srchdomain == '') {
             checkok = 0;
-            msg += "$lt{'yomc'}\\n";
+            msg += "$js_lt{'yomc'}\\n";
         }
     }
     if (srchin == 'dom') {
         if (srchdomain == '') {
             checkok = 0;
-            msg += "$lt{'ymcd'}\\n";
+            msg += "$js_lt{'ymcd'}\\n";
         }
     }
     if (srchby == 'lastfirst') {
         if (srchterm.indexOf(",") == -1) {
             checkok = 0;
-            msg += "$lt{'whus'}\\n";
+            msg += "$js_lt{'whus'}\\n";
         }
         if (srchterm.indexOf(",") == srchterm.length -1) {
             checkok = 0;
-            msg += "$lt{'whse'}\\n";
+            msg += "$js_lt{'whse'}\\n";
         }
     }
     if (checkok == 0) {
-        alert("$lt{'thfo'}\\n"+msg);
+        alert("$js_lt{'thfo'}\\n"+msg);
         return;
     }
     if (checkok == 1) {
@@ -9328,10 +10095,10 @@ $new_user_create
 END_BLOCK
 
     $output .= &Apache::lonhtmlcommon::start_pick_box().
-               &Apache::lonhtmlcommon::row_title($lt{'doma'}).
+               &Apache::lonhtmlcommon::row_title($html_lt{'doma'}).
                $domform.
                &Apache::lonhtmlcommon::row_closure().
-               &Apache::lonhtmlcommon::row_title($lt{'usr'}).
+               &Apache::lonhtmlcommon::row_title($html_lt{'usr'}).
                $srchbysel.
                $srchtypesel. 
                '<input type="text" size="15" name="srchterm" value="'.$srchterm.'" />'.
@@ -9339,61 +10106,165 @@ END_BLOCK
                &Apache::lonhtmlcommon::row_closure(1). 
                &Apache::lonhtmlcommon::end_pick_box().
                '<br />';
-    return $output;
+    return ($output,1);
 }
 
 sub user_rule_check {
     my ($usershash,$checks,$alerts,$rulematch,$inst_results,$curr_rules,$got_rules) = @_;
-    my $response;
+    my ($response,%inst_response);
     if (ref($usershash) eq 'HASH') {
-        foreach my $user (keys(%{$usershash})) {
-            my ($uname,$udom) = split(/:/,$user);
-            next if ($udom eq '' || $uname eq '');
-            my ($id,$newuser);
-            if (ref($usershash->{$user}) eq 'HASH') {
-                $newuser = $usershash->{$user}->{'newuser'};
-                $id = $usershash->{$user}->{'id'};
-            }
-            my $inst_response;
+        if (keys(%{$usershash}) > 1) {
+            my (%by_username,%by_id,%userdoms);
+            my $checkid;
             if (ref($checks) eq 'HASH') {
-                if (defined($checks->{'username'})) {
-                    ($inst_response,%{$inst_results->{$user}}) = 
-                        &Apache::lonnet::get_instuser($udom,$uname);
-                } elsif (defined($checks->{'id'})) {
-                    ($inst_response,%{$inst_results->{$user}}) =
-                        &Apache::lonnet::get_instuser($udom,undef,$id);
+                if ((!defined($checks->{'username'})) && (defined($checks->{'id'}))) {
+                    $checkid = 1;
+                }
+            }
+            foreach my $user (keys(%{$usershash})) {
+                my ($uname,$udom) = split(/:/,$user);
+                if ($checkid) {
+                    if (ref($usershash->{$user}) eq 'HASH') {
+                        if ($usershash->{$user}->{'id'} ne '') {
+                            $by_id{$udom}{$usershash->{$user}->{'id'}} = $uname;
+                            $userdoms{$udom} = 1;
+                            if (ref($inst_results) eq 'HASH') {
+                                $inst_results->{$uname.':'.$udom} = {};
+                            }
+                        }
+                    }
+                } else {
+                    $by_username{$udom}{$uname} = 1;
+                    $userdoms{$udom} = 1;
+                    if (ref($inst_results) eq 'HASH') {
+                        $inst_results->{$uname.':'.$udom} = {};
+                    }
+                }
+            }
+            foreach my $udom (keys(%userdoms)) {
+                if (!$got_rules->{$udom}) {
+                    my %domconfig = &Apache::lonnet::get_dom('configuration',
+                                                             ['usercreation'],$udom);
+                    if (ref($domconfig{'usercreation'}) eq 'HASH') {
+                        foreach my $item ('username','id') {
+                            if (ref($domconfig{'usercreation'}{$item.'_rule'}) eq 'ARRAY') {
+                                $$curr_rules{$udom}{$item} =
+                                    $domconfig{'usercreation'}{$item.'_rule'};
+                            }
+                        }
+                    }
+                    $got_rules->{$udom} = 1;
+                }
+            }
+            if ($checkid) {
+                foreach my $udom (keys(%by_id)) {
+                    my ($outcome,$results) = &Apache::lonnet::get_multiple_instusers($udom,$by_id{$udom},'id');
+                    if ($outcome eq 'ok') {
+                        foreach my $id (keys(%{$by_id{$udom}})) {
+                            my $uname = $by_id{$udom}{$id};
+                            $inst_response{$uname.':'.$udom} = $outcome;
+                        }
+                        if (ref($results) eq 'HASH') {
+                            foreach my $uname (keys(%{$results})) {
+                                if (exists($inst_response{$uname.':'.$udom})) {
+                                    $inst_response{$uname.':'.$udom} = $outcome;
+                                    $inst_results->{$uname.':'.$udom} = $results->{$uname};
+                                }
+                            }
+                        }
+                    }
                 }
             } else {
-                ($inst_response,%{$inst_results->{$user}}) =
-                    &Apache::lonnet::get_instuser($udom,$uname);
-                return;
+                foreach my $udom (keys(%by_username)) {
+                    my ($outcome,$results) = &Apache::lonnet::get_multiple_instusers($udom,$by_username{$udom});
+                    if ($outcome eq 'ok') {
+                        foreach my $uname (keys(%{$by_username{$udom}})) {
+                            $inst_response{$uname.':'.$udom} = $outcome;
+                        }
+                        if (ref($results) eq 'HASH') {
+                            foreach my $uname (keys(%{$results})) {
+                                $inst_results->{$uname.':'.$udom} = $results->{$uname};
+                            }
+                        }
+                    }
+                }
             }
-            if (!$got_rules->{$udom}) {
-                my %domconfig = &Apache::lonnet::get_dom('configuration',
-                                                  ['usercreation'],$udom);
-                if (ref($domconfig{'usercreation'}) eq 'HASH') {
-                    foreach my $item ('username','id') {
-                        if (ref($domconfig{'usercreation'}{$item.'_rule'}) eq 'ARRAY') {
-                            $$curr_rules{$udom}{$item} = 
-                                $domconfig{'usercreation'}{$item.'_rule'};
+        } elsif (keys(%{$usershash}) == 1) {
+            my $user = (keys(%{$usershash}))[0];
+            my ($uname,$udom) = split(/:/,$user);
+            if (($udom ne '') && ($uname ne '')) {
+                if (ref($usershash->{$user}) eq 'HASH') {
+                    if (ref($checks) eq 'HASH') {
+                        if (defined($checks->{'username'})) {
+                            ($inst_response{$user},%{$inst_results->{$user}}) =
+                                &Apache::lonnet::get_instuser($udom,$uname);
+                        } elsif (defined($checks->{'id'})) {
+                            if ($usershash->{$user}->{'id'} ne '') {
+                                ($inst_response{$user},%{$inst_results->{$user}}) =
+                                    &Apache::lonnet::get_instuser($udom,undef,
+                                                                  $usershash->{$user}->{'id'});
+                            } else {
+                                ($inst_response{$user},%{$inst_results->{$user}}) =
+                                    &Apache::lonnet::get_instuser($udom,$uname);
+                            }
+                        }
+                    } else {
+                       ($inst_response{$user},%{$inst_results->{$user}}) =
+                            &Apache::lonnet::get_instuser($udom,$uname);
+                       return;
+                    }
+                    if (!$got_rules->{$udom}) {
+                        my %domconfig = &Apache::lonnet::get_dom('configuration',
+                                                                 ['usercreation'],$udom);
+                        if (ref($domconfig{'usercreation'}) eq 'HASH') {
+                            foreach my $item ('username','id') {
+                                if (ref($domconfig{'usercreation'}{$item.'_rule'}) eq 'ARRAY') {
+                                   $$curr_rules{$udom}{$item} =
+                                       $domconfig{'usercreation'}{$item.'_rule'};
+                                }
+                            }
                         }
+                        $got_rules->{$udom} = 1;
                     }
                 }
-                $got_rules->{$udom} = 1;  
+            } else {
+                return;
+            }
+        } else {
+            return;
+        }
+        foreach my $user (keys(%{$usershash})) {
+            my ($uname,$udom) = split(/:/,$user);
+            next if (($udom eq '') || ($uname eq ''));
+            my $id;
+            if (ref($inst_results) eq 'HASH') {
+                if (ref($inst_results->{$user}) eq 'HASH') {
+                    $id = $inst_results->{$user}->{'id'};
+                }
+            }
+            if ($id eq '') {
+                if (ref($usershash->{$user})) {
+                    $id = $usershash->{$user}->{'id'};
+                }
             }
             foreach my $item (keys(%{$checks})) {
                 if (ref($$curr_rules{$udom}) eq 'HASH') {
                     if (ref($$curr_rules{$udom}{$item}) eq 'ARRAY') {
                         if (@{$$curr_rules{$udom}{$item}} > 0) {
-                            my %rule_check = &Apache::lonnet::inst_rulecheck($udom,$uname,$id,$item,$$curr_rules{$udom}{$item});
+                            my %rule_check = &Apache::lonnet::inst_rulecheck($udom,$uname,$id,$item,
+                                                                             $$curr_rules{$udom}{$item});
                             foreach my $rule (@{$$curr_rules{$udom}{$item}}) {
                                 if ($rule_check{$rule}) {
                                     $$rulematch{$user}{$item} = $rule;
-                                    if ($inst_response eq 'ok') {
+                                    if ($inst_response{$user} eq 'ok') {
                                         if (ref($inst_results) eq 'HASH') {
                                             if (ref($inst_results->{$user}) eq 'HASH') {
                                                 if (keys(%{$inst_results->{$user}}) == 0) {
                                                     $$alerts{$item}{$udom}{$uname} = 1;
+                                                } elsif ($item eq 'id') {
+                                                    if ($inst_results->{$user}->{'id'} eq '') {
+                                                        $$alerts{$item}{$udom}{$uname} = 1;
+                                                    }
                                                 }
                                             }
                                         }
@@ -9550,7 +10421,7 @@ sub get_institutional_codes {
         foreach (@currxlists) {
             if (m/^([^:]+):(\w*)$/) {
                 unless (grep/^$1$/,@{$allcourses}) {
-                    push @{$allcourses},$1;
+                    push(@{$allcourses},$1);
                     $$LC_code{$1} = $2;
                 }
             }
@@ -9563,7 +10434,7 @@ sub get_institutional_codes {
                 my $sec = $coursecode.$1;
                 my $lc_sec = $2;
                 unless (grep/^$sec$/,@{$allcourses}) {
-                    push @{$allcourses},$sec;
+                    push(@{$allcourses},$sec);
                     $$LC_code{$sec} = $lc_sec;
                 }
             }
@@ -9661,7 +10532,9 @@ reservable_now - ref to hash of student_
 
     Keys in inner hash are:
     (a) symb: either blank or symb to which slot use is restricted.
-    (b) endreserve: end date of reservation period. 
+    (b) endreserve: end date of reservation period.
+    (c) uniqueperiod: start,end dates when slot is to be uniquely
+        selected.
 
 sorted_future - ref to array of student_schedulable slots reservable in
                 the future, ordered by start date of reservation period.
@@ -9672,6 +10545,8 @@ future_reservable - ref to hash of stude
     Keys in inner hash are:
     (a) symb: either blank or symb to which slot use is restricted.
     (b) startreserve:  start date of reservation period.
+    (c) uniqueperiod: start,end dates when slot is to be uniquely
+        selected.
 
 =back
 
@@ -9725,6 +10600,10 @@ sub get_future_slots {
             my $startreserve = $slots{$slot}->{'startreserve'};
             my $endreserve = $slots{$slot}->{'endreserve'};
             my $symb = $slots{$slot}->{'symb'};
+            my $uniqueperiod;
+            if (ref($slots{$slot}->{'uniqueperiod'}) eq 'ARRAY') {
+                $uniqueperiod = join(',',@{$slots{$slot}->{'uniqueperiod'}});
+            }
             if (($startreserve < $now) &&
                 (!$endreserve || $endreserve > $now)) {
                 my $lastres = $endreserve;
@@ -9733,13 +10612,15 @@ sub get_future_slots {
                 }
                 $reservable_now{$slot} = {
                                            symb       => $symb,
-                                           endreserve => $lastres
+                                           endreserve => $lastres,
+                                           uniqueperiod => $uniqueperiod,   
                                          };
             } elsif (($startreserve > $now) &&
                      (!$endreserve || $endreserve > $startreserve)) {
                 $future_reservable{$slot} = {
                                               symb         => $symb,
-                                              startreserve => $startreserve
+                                              startreserve => $startreserve,
+                                              uniqueperiod => $uniqueperiod,
                                             };
             }
         }
@@ -10804,7 +11685,7 @@ sub modify_html_refs {
                 return;
             }
         } 
-        if (open(my $fh,"<$container")) {
+        if (open(my $fh,'<',$container)) {
             $content = join('', <$fh>);
             close($fh);
         } else {
@@ -10869,7 +11750,7 @@ sub modify_html_refs {
                         }
                     }
                 } else {
-                    if (open(my $fh,">$container")) {
+                    if (open(my $fh,'>',$container)) {
                         print $fh $content;
                         close($fh);
                         $output = '<p>'.&mt('Updated [quant,_1,reference] in [_2].',
@@ -11386,6 +12267,18 @@ sub decompress_uploaded_file {
 
 sub process_decompression {
     my ($docudom,$docuname,$file,$destination,$dir_root,$hiddenelem) = @_;
+    unless (($dir_root eq '/userfiles') && ($destination =~ m{^(docs|supplemental)/(default|\d+)/\d+$})) {
+        return '<p class="LC_error">'.&mt('Not extracted.').'<br />'.
+               &mt('Unexpected file path.').'</p>'."\n";
+    }
+    unless (($docudom =~ /^$match_domain$/) && ($docuname =~ /^$match_courseid$/)) {
+        return '<p class="LC_error">'.&mt('Not extracted.').'<br />'.
+               &mt('Unexpected course context.').'</p>'."\n";
+    }
+    unless ($file eq &Apache::lonnet::clean_filename($file)) {
+        return '<p class="LC_error">'.&mt('Not extracted.').'<br />'.
+               &mt('Filename contained unexpected characters.').'</p>'."\n";
+    }
     my ($dir,$error,$warning,$output);
     if ($file !~ /\.(zip|tar|bz2|gz|tar.gz|tar.bz2|tgz)$/i) {
         $error = &mt('Filename not a supported archive file type.').
@@ -11420,30 +12313,44 @@ sub process_decompression {
                 }
             }
             my $numskip = scalar(@to_skip);
-            if (($numskip > 0) && 
-                ($numskip == $env{'form.archive_itemcount'})) {
+            my $numoverwrite = scalar(@to_overwrite);
+            if (($numskip) && (!$numoverwrite)) {
                 $warning = &mt('All items in the archive file already exist, and no overwriting of existing files has been requested.');         
             } elsif ($dir eq '') {
                 $error = &mt('Directory containing archive file unavailable.');
             } elsif (!$error) {
                 my ($decompressed,$display);
-                if ($numskip > 0) {
+                if (($numskip) || ($numoverwrite)) {
                     my $tempdir = time.'_'.$$.int(rand(10000));
                     mkdir("$dir/$tempdir",0755);
-                    system("mv $dir/$file $dir/$tempdir/$file");
-                    ($decompressed,$display) = 
-                        &decompress_uploaded_file($file,"$dir/$tempdir");
-                    foreach my $item (@to_skip) {
-                        if (($item ne '') && ($item !~ /\.\./)) {
-                            if (-f "$dir/$tempdir/$item") { 
-                                unlink("$dir/$tempdir/$item");
-                            } elsif (-d "$dir/$tempdir/$item") {
-                                system("rm -rf $dir/$tempdir/$item");
+                    if (&File::Copy::move("$dir/$file","$dir/$tempdir/$file")) {
+                        ($decompressed,$display) =
+                            &decompress_uploaded_file($file,"$dir/$tempdir");
+                        foreach my $item (@to_skip) {
+                            if (($item ne '') && ($item !~ /\.\./)) {
+                                if (-f "$dir/$tempdir/$item") {
+                                    unlink("$dir/$tempdir/$item");
+                                } elsif (-d "$dir/$tempdir/$item") {
+                                    &File::Path::remove_tree("$dir/$tempdir/$item",{ safe => 1 });
+                                }
                             }
                         }
+                        foreach my $item (@to_overwrite) {
+                            if ((-e "$dir/$tempdir/$item") && (-e "$dir/$item")) {
+                                if (($item ne '') && ($item !~ /\.\./)) {
+                                    if (-f "$dir/$item") {
+                                        unlink("$dir/$item");
+                                    } elsif (-d "$dir/$item") {
+                                        &File::Path::remove_tree("$dir/$item",{ safe => 1 });
+                                    }
+                                    &File::Copy::move("$dir/$tempdir/$item","$dir/$item");
+                                }
+                            }
+                        }
+                        if (&File::Copy::move("$dir/$tempdir/$file","$dir/$file")) {
+                            &File::Path::remove_tree("$dir/$tempdir",{ safe => 1 });
+                        }
                     }
-                    system("mv $dir/$tempdir/* $dir");
-                    rmdir("$dir/$tempdir");   
                 } else {
                     ($decompressed,$display) = 
                         &decompress_uploaded_file($file,$dir);
@@ -11461,8 +12368,7 @@ sub process_decompression {
                     if (ref($newdirlistref) eq 'ARRAY') {
                         foreach my $dir_line (@{$newdirlistref}) {
                             my ($item,undef,undef,$testdir)=split(/\&/,$dir_line,5);
-                            unless (($item =~ /^\.+$/) || ($item eq $file) || 
-                                    ((@to_skip > 0) && (grep(/^\Q$item\E$/,@to_skip)))) {
+                            unless (($item =~ /^\.+$/) || ($item eq $file)) { 
                                 push(@newitems,$item);
                                 if ($dirptr&$testdir) {
                                     $is_dir{$item} = 1;
@@ -11947,7 +12853,7 @@ END
 sub process_extracted_files {
     my ($context,$docudom,$docuname,$destination,$dir_root,$hiddenelem) = @_;
     my $numitems = $env{'form.archive_count'};
-    return unless ($numitems);
+    return if ((!$numitems) || ($numitems =~ /\D/));
     my @ids=&Apache::lonnet::current_machine_ids();
     my ($prefix,$pathtocheck,$dir,$ishome,$error,$warning,%toplevelitems,%is_dir,
         %folders,%containers,%mapinner,%prompttofetch);
@@ -11960,7 +12866,7 @@ sub process_extracted_files {
     } else {
         $prefix = $Apache::lonnet::perlvar{'lonDocRoot'};
         $pathtocheck = "$dir_root/$docudom/$docuname/$destination";
-        $dir = "$dir_root/$docudom/$docuname";    
+        $dir = "$dir_root/$docudom/$docuname";
     }
     my $currdir = "$dir_root/$destination";
     (my $docstype,$mapinner{'0'}) = ($destination =~ m{^(docs|supplemental)/(\w+)/});
@@ -12049,7 +12955,9 @@ sub process_extracted_files {
                                                         '.'.$containers{$outer},1,1);
                             $newseqid{$i} = $newidx;
                             unless ($errtext) {
-                                $result .=  '<li>'.&mt('Folder: [_1] added to course',$docstitle).'</li>'."\n";
+                                $result .=  '<li>'.&mt('Folder: [_1] added to course',
+                                                       &HTML::Entities::encode($docstitle,'<>&"'))..
+                                            '</li>'."\n";
                             }
                         }
                     } else {
@@ -12058,38 +12966,47 @@ sub process_extracted_files {
                             my $url = '/uploaded/'.$docudom.'/'.$docuname.'/'.
                                       $docstype.'/'.$mapinner{$outer}.'/'.$newidx.'/'.
                                       $title;
-                            if (!-e "$prefix$dir/$docstype/$mapinner{$outer}") {
-                                mkdir("$prefix$dir/$docstype/$mapinner{$outer}",0755);
-                            }
-                            if (!-e "$prefix$dir/$docstype/$mapinner{$outer}/$newidx") {
-                                mkdir("$prefix$dir/$docstype/$mapinner{$outer}/$newidx");
-                            }
-                            if (-e "$prefix$dir/$docstype/$mapinner{$outer}/$newidx") {
-                                system("mv $prefix$path $prefix$dir/$docstype/$mapinner{$outer}/$newidx/$title");
-                                $newdest{$i} = "$prefix$dir/$docstype/$mapinner{$outer}/$newidx";
-                                unless ($ishome) {
-                                    my $fetch = "$newdest{$i}/$title";
-                                    $fetch =~ s/^\Q$prefix$dir\E//;
-                                    $prompttofetch{$fetch} = 1;
+                            if (($outer !~ /\D/) && ($mapinner{$outer} !~ /\D/) && ($newidx !~ /\D/)) {
+                                if (!-e "$prefix$dir/$docstype/$mapinner{$outer}") {
+                                    mkdir("$prefix$dir/$docstype/$mapinner{$outer}",0755);
                                 }
-                            }
-                            $LONCAPA::map::resources[$newidx]=
-                                $docstitle.':'.$url.':false:normal:res';
-                            push(@LONCAPA::map::order, $newidx);
-                            my ($outtext,$errtext)=
-                                &LONCAPA::map::storemap('/uploaded/'.$docudom.'/'.
-                                                        $docuname.'/'.$folders{$outer}.
-                                                        '.'.$containers{$outer},1,1);
-                            unless ($errtext) {
-                                if (-e "$prefix$dir/$docstype/$mapinner{$outer}/$newidx/$title") {
-                                    $result .= '<li>'.&mt('File: [_1] added to course',$docstitle).'</li>'."\n";
+                                if (!-e "$prefix$dir/$docstype/$mapinner{$outer}/$newidx") {
+                                    mkdir("$prefix$dir/$docstype/$mapinner{$outer}/$newidx");
+                                }
+                                if (-e "$prefix$dir/$docstype/$mapinner{$outer}/$newidx") {
+                                    if (rename("$prefix$path","$prefix$dir/$docstype/$mapinner{$outer}/$newidx/$title")) {
+                                        $newdest{$i} = "$prefix$dir/$docstype/$mapinner{$outer}/$newidx";
+                                        unless ($ishome) {
+                                            my $fetch = "$newdest{$i}/$title";
+                                            $fetch =~ s/^\Q$prefix$dir\E//;
+                                            $prompttofetch{$fetch} = 1;
+                                        }
+                                   }
                                 }
+                                $LONCAPA::map::resources[$newidx]=
+                                    $docstitle.':'.$url.':false:normal:res';
+                                push(@LONCAPA::map::order, $newidx);
+                                my ($outtext,$errtext)=
+                                    &LONCAPA::map::storemap('/uploaded/'.$docudom.'/'.
+                                                            $docuname.'/'.$folders{$outer}.
+                                                            '.'.$containers{$outer},1,1);
+                                unless ($errtext) {
+                                    if (-e "$prefix$dir/$docstype/$mapinner{$outer}/$newidx/$title") {
+                                        $result .= '<li>'.&mt('File: [_1] added to course',
+                                                              &HTML::Entities::encode($docstitle,'<>&"')).
+                                                   '</li>'."\n";
+                                    }
+                                }
+                            } else {
+                                $warning .= &mt('Item extracted from archive: [_1] has unexpected path.',
+                                                &HTML::Entities::encode($path,'<>&"')).'<br />';
                             }
                         }
                     }
                 }
             } else {
-                $warning .= &mt('Item extracted from archive: [_1] has unexpected path.',$path).'<br />';
+                $warning .= &mt('Item extracted from archive: [_1] has unexpected path.',
+                                &HTML::Entities::encode($path,'<>&"')).'<br />';
             }
         }
         for (my $i=1; $i<=$numitems; $i++) {
@@ -12150,7 +13067,9 @@ sub process_extracted_files {
                         }
                         if ($fullpath ne '') {
                             if (-e "$prefix$path") {
-                                system("mv $prefix$path $fullpath/$title");
+                                unless (rename("$prefix$path","$fullpath/$title")) {
+                                     $warning .= &mt('Failed to rename dependency').'<br />';
+                                }
                             }
                             if (-e "$fullpath/$title") {
                                 my $showpath;
@@ -12159,21 +13078,26 @@ sub process_extracted_files {
                                 } else {
                                     $showpath = "/$title";
                                 }
-                                $result .= '<li>'.&mt('[_1] included as a dependency',$showpath).'</li>'."\n";
-                            }
-                            unless ($ishome) {
-                                my $fetch = "$fullpath/$title";
-                                $fetch =~ s/^\Q$prefix$dir\E//;
-                                $prompttofetch{$fetch} = 1;
+                                $result .= '<li>'.&mt('[_1] included as a dependency',
+                                                      &HTML::Entities::encode($showpath,'<>&"')).
+                                           '</li>'."\n";
+                                unless ($ishome) {
+                                    my $fetch = "$fullpath/$title";
+                                    $fetch =~ s/^\Q$prefix$dir\E//;
+                                    $prompttofetch{$fetch} = 1;
+                                }
                             }
                         }
                     }
                 } elsif ($env{'form.archive_'.$referrer{$i}} eq 'discard') {
                     $warning .= &mt('[_1] is a dependency of [_2], which was discarded.',
-                                    $path,$env{'form.archive_content_'.$referrer{$i}}).'<br />';
+                                    &HTML::Entities::encode($path,'<>&"'),
+                                    &HTML::Entities::encode($env{'form.archive_content_'.$referrer{$i}},'<>&"')).
+                                '<br />';
                 }
             } else {
-                $warning .= &mt('Item extracted from archive: [_1] has unexpected path.',$path).'<br />';
+                $warning .= &mt('Item extracted from archive: [_1] has unexpected path.',
+                                &HTML::Entities::encode($path)).'<br />';
             }
         }
         if (keys(%todelete)) {
@@ -12447,12 +13371,15 @@ sub upfile_store {
     $env{'form.upfile'}=~s/\n+/\n/gs;
     $env{'form.upfile'}=~s/\n+$//gs;
 
-    my $datatoken=$env{'user.name'}.'_'.$env{'user.domain'}.
-	'_enroll_'.$env{'request.course.id'}.'_'.time.'_'.$$;
+    my $datatoken = &valid_datatoken($env{'user.name'}.'_'.$env{'user.domain'}.
+                                     '_enroll_'.$env{'request.course.id'}.'_'.
+                                     time.'_'.$$);
+    return if ($datatoken eq '');
+
     {
         my $datafile = $r->dir_config('lonDaemons').
                            '/tmp/'.$datatoken.'.tmp';
-        if ( open(my $fh,">$datafile") ) {
+        if ( open(my $fh,'>',$datafile) ) {
             print $fh $env{'form.upfile'};
             close($fh);
         }
@@ -12462,21 +13389,22 @@ sub upfile_store {
 
 =pod
 
-=item * &load_tmp_file($r)
+=item * &load_tmp_file($r,$datatoken)
 
 Load uploaded file from tmp, $r should be the HTTP Request object,
-needs $env{'form.datatoken'},
+$datatoken is the name to assign to the temporary file.
 sets $env{'form.upfile'} to the contents of the file
 
 =cut
 
 sub load_tmp_file {
-    my $r=shift;
+    my ($r,$datatoken) = @_;
+    return if ($datatoken eq '');
     my @studentdata=();
     {
         my $studentfile = $r->dir_config('lonDaemons').
-                              '/tmp/'.$env{'form.datatoken'}.'.tmp';
-        if ( open(my $fh,"<$studentfile") ) {
+                              '/tmp/'.$datatoken.'.tmp';
+        if ( open(my $fh,'<',$studentfile) ) {
             @studentdata=<$fh>;
             close($fh);
         }
@@ -12484,6 +13412,14 @@ sub load_tmp_file {
     $env{'form.upfile'}=join('',@studentdata);
 }
 
+sub valid_datatoken {
+    my ($datatoken) = @_;
+    if ($datatoken =~ /^$match_username\_$match_domain\_enroll_(|$match_domain\_$match_courseid)\_\d+_\d+$/) {
+        return $datatoken;
+    }
+    return;
+}
+
 =pod
 
 =item * &upfile_record_sep()
@@ -12924,7 +13860,7 @@ sub DrawBarGraph {
         @Labels = @$labels;
     } else {
         for (my $i=0;$i<@{$Values[0]};$i++) {
-            push (@Labels,$i+1);
+            push(@Labels,$i+1);
         }
     }
     #
@@ -13372,6 +14308,12 @@ defdom (domain for which to retrieve con
 origmail (scalar - email address of recipient from loncapa.conf,
 i.e., predates configuration by DC via domainprefs.pm
 
+$requname username of requester (if mailing type is helpdeskmail)
+
+$requdom domain of requester (if mailing type is helpdeskmail)
+
+$reqemail e-mail address of requester (if mailing type is helpdeskmail)
+
 Returns: comma separated list of addresses to which to send e-mail.
 
 =back
@@ -13381,11 +14323,11 @@ Returns: comma separated list of address
 ############################################################
 ############################################################
 sub build_recipient_list {
-    my ($defmail,$mailing,$defdom,$origmail) = @_;
+    my ($defmail,$mailing,$defdom,$origmail,$requname,$requdom,$reqemail) = @_;
     my @recipients;
-    my $otheremails;
+    my ($otheremails,$lastresort,$allbcc,$addtext);
     my %domconfig =
-         &Apache::lonnet::get_dom('configuration',['contacts'],$defdom);
+        &Apache::lonnet::get_dom('configuration',['contacts'],$defdom);
     if (ref($domconfig{'contacts'}) eq 'HASH') {
         if (exists($domconfig{'contacts'}{$mailing})) {
             if (ref($domconfig{'contacts'}{$mailing}) eq 'HASH') {
@@ -13397,14 +14339,183 @@ sub build_recipient_list {
                             push(@recipients,$addr);
                         }
                     }
-                    $otheremails = $domconfig{'contacts'}{$mailing}{'others'};
+                }
+                $otheremails = $domconfig{'contacts'}{$mailing}{'others'};
+                if ($mailing eq 'helpdeskmail') {
+                    if ($domconfig{'contacts'}{$mailing}{'bcc'}) {
+                        my @bccs = split(/,/,$domconfig{'contacts'}{$mailing}{'bcc'});
+                        my @ok_bccs;
+                        foreach my $bcc (@bccs) {
+                            $bcc =~ s/^\s+//g;
+                            $bcc =~ s/\s+$//g;
+                            if ($bcc =~ m/^[^\@]+\@[^\@]+$/) {
+                                if (!(grep(/^\Q$bcc\E$/,@ok_bccs))) {
+                                    push(@ok_bccs,$bcc);
+                                }
+                            }
+                        }
+                        if (@ok_bccs > 0) {
+                            $allbcc = join(', ',@ok_bccs);
+                        }
+                    }
+                    $addtext = $domconfig{'contacts'}{$mailing}{'include'};
                 }
             }
         } elsif ($origmail ne '') {
-            push(@recipients,$origmail);
+            $lastresort = $origmail;
+        }
+        if ($mailing eq 'helpdeskmail') {
+            if ((ref($domconfig{'contacts'}{'overrides'}) eq 'HASH') &&
+                (keys(%{$domconfig{'contacts'}{'overrides'}}))) {
+                my ($inststatus,$inststatus_checked);
+                if (($env{'user.name'} ne '') && ($env{'user.domain'} ne '') &&
+                    ($env{'user.domain'} ne 'public')) {
+                    $inststatus_checked = 1;
+                    $inststatus = $env{'environment.inststatus'};
+                }
+                unless ($inststatus_checked) {
+                    if (($requname ne '') && ($requdom ne '')) {
+                        if (($requname =~ /^$match_username$/) &&
+                            ($requdom =~ /^$match_domain$/) &&
+                            (&Apache::lonnet::domain($requdom))) {
+                            my $requhome = &Apache::lonnet::homeserver($requname,
+                                                                      $requdom);
+                            unless ($requhome eq 'no_host') {
+                                my %userenv = &Apache::lonnet::userenvironment($requdom,$requname,'inststatus');
+                                $inststatus = $userenv{'inststatus'};
+                                $inststatus_checked = 1;
+                            }
+                        }
+                    }
+                }
+                unless ($inststatus_checked) {
+                    if ($reqemail =~ /^[^\@]+\@[^\@]+$/) {
+                        my %srch = (srchby     => 'email',
+                                    srchdomain => $defdom,
+                                    srchterm   => $reqemail,
+                                    srchtype   => 'exact');
+                        my %srch_results = &Apache::lonnet::usersearch(\%srch);
+                        foreach my $uname (keys(%srch_results)) {
+                            if (ref($srch_results{$uname}{'inststatus'}) eq 'ARRAY') {
+                                $inststatus = join(',',@{$srch_results{$uname}{'inststatus'}});
+                                $inststatus_checked = 1;
+                                last;
+                            }
+                        }
+                        unless ($inststatus_checked) {
+                            my ($dirsrchres,%srch_results) = &Apache::lonnet::inst_directory_query(\%srch);
+                            if ($dirsrchres eq 'ok') {
+                                foreach my $uname (keys(%srch_results)) {
+                                    if (ref($srch_results{$uname}{'inststatus'}) eq 'ARRAY') {
+                                        $inststatus = join(',',@{$srch_results{$uname}{'inststatus'}});
+                                        $inststatus_checked = 1;
+                                        last;
+                                    }
+                                }
+                            }
+                        }
+                    }
+                }
+                if ($inststatus ne '') {
+                    foreach my $status (split(/\:/,$inststatus)) {
+                        if (ref($domconfig{'contacts'}{'overrides'}{$status}) eq 'HASH') {
+                            my @contacts = ('adminemail','supportemail');
+                            foreach my $item (@contacts) {
+                                if ($domconfig{'contacts'}{'overrides'}{$status}{$item}) {
+                                    my $addr = $domconfig{'contacts'}{'overrides'}{$status};
+                                    if (!grep(/^\Q$addr\E$/,@recipients)) {
+                                        push(@recipients,$addr);
+                                    }
+                                }
+                            }
+                            $otheremails = $domconfig{'contacts'}{'overrides'}{$status}{'others'};
+                            if ($domconfig{'contacts'}{'overrides'}{$status}{'bcc'}) {
+                                my @bccs = split(/,/,$domconfig{'contacts'}{'overrides'}{$status}{'bcc'});
+                                my @ok_bccs;
+                                foreach my $bcc (@bccs) {
+                                    $bcc =~ s/^\s+//g;
+                                    $bcc =~ s/\s+$//g;
+                                    if ($bcc =~ m/^[^\@]+\@[^\@]+$/) {
+                                        if (!(grep(/^\Q$bcc\E$/,@ok_bccs))) {
+                                            push(@ok_bccs,$bcc);
+                                        }
+                                    }
+                                }
+                                if (@ok_bccs > 0) {
+                                    $allbcc = join(', ',@ok_bccs);
+                                }
+                            }
+                            $addtext = $domconfig{'contacts'}{'overrides'}{$status}{'include'};
+                            last;
+                        }
+                    }
+                }
+            }
         }
     } elsif ($origmail ne '') {
-        push(@recipients,$origmail);
+        $lastresort = $origmail;
+    }
+    if (($mailing eq 'helpdeskmail') && ($lastresort ne '')) {
+        unless (grep(/^\Q$defdom\E$/,&Apache::lonnet::current_machine_domains())) {
+            my $lonhost = $Apache::lonnet::perlvar{'lonHostID'};
+            my $machinedom = $Apache::lonnet::perlvar{'lonDefDomain'};
+            my %what = (
+                          perlvar => 1,
+                       );
+            my $primary = &Apache::lonnet::domain($defdom,'primary');
+            if ($primary) {
+                my $gotaddr;
+                my ($result,$returnhash) =
+                    &Apache::lonnet::get_remote_globals($primary,{ perlvar => 1 });
+                if (($result eq 'ok') && (ref($returnhash) eq 'HASH')) {
+                    if ($returnhash->{'lonSupportEMail'} =~ /^[^\@]+\@[^\@]+$/) {
+                        $lastresort = $returnhash->{'lonSupportEMail'};
+                        $gotaddr = 1;
+                    }
+                }
+                unless ($gotaddr) {
+                    my $uintdom = &Apache::lonnet::internet_dom($primary);
+                    my $intdom = &Apache::lonnet::internet_dom($lonhost);
+                    unless ($uintdom eq $intdom) {
+                        my %domconfig =
+                            &Apache::lonnet::get_dom('configuration',['contacts'],$machinedom);
+                        if (ref($domconfig{'contacts'}) eq 'HASH') {
+                            if (ref($domconfig{'contacts'}{'otherdomsmail'}) eq 'HASH') {
+                                my @contacts = ('adminemail','supportemail');
+                                foreach my $item (@contacts) {
+                                    if ($domconfig{'contacts'}{'otherdomsmail'}{$item}) {
+                                        my $addr = $domconfig{'contacts'}{$item};
+                                        if (!grep(/^\Q$addr\E$/,@recipients)) {
+                                            push(@recipients,$addr);
+                                        }
+                                    }
+                                }
+                                if ($domconfig{'contacts'}{'otherdomsmail'}{'others'}) {
+                                    $otheremails = $domconfig{'contacts'}{'otherdomsmail'}{'others'};
+                                }
+                                if ($domconfig{'contacts'}{'otherdomsmail'}{'bcc'}) {
+                                    my @bccs = split(/,/,$domconfig{'contacts'}{'otherdomsmail'}{'bcc'});
+                                    my @ok_bccs;
+                                    foreach my $bcc (@bccs) {
+                                        $bcc =~ s/^\s+//g;
+                                        $bcc =~ s/\s+$//g;
+                                        if ($bcc =~ m/^[^\@]+\@[^\@]+$/) {
+                                            if (!(grep(/^\Q$bcc\E$/,@ok_bccs))) {
+                                                push(@ok_bccs,$bcc);
+                                            }
+                                        }
+                                    }
+                                    if (@ok_bccs > 0) {
+                                        $allbcc = join(', ',@ok_bccs);
+                                    }
+                                }
+                                $addtext = $domconfig{'contacts'}{'otherdomsmail'}{'include'};
+                            }
+                        }
+                    }
+                }
+            }
+        }
     }
     if (defined($defmail)) {
         if ($defmail ne '') {
@@ -13424,8 +14535,21 @@ sub build_recipient_list {
             }
         }
     }
-    my $recipientlist = join(',',@recipients); 
-    return $recipientlist;
+    if ($mailing eq 'helpdeskmail') {
+        if ((!@recipients) && ($lastresort ne '')) {
+            push(@recipients,$lastresort);
+        }
+    } elsif ($lastresort ne '') {
+        if (!grep(/^\Q$lastresort\E$/,@recipients)) {
+            push(@recipients,$lastresort);
+        }
+    }
+    my $recipientlist = join(',',@recipients);
+    if (wantarray) {
+        return ($recipientlist,$allbcc,$addtext);
+    } else {
+        return $recipientlist;
+    }
 }
 
 ############################################################
@@ -13516,6 +14640,8 @@ jsarray (reference to array of categorie
 subcats (reference to hash of arrays containing all subcategories within each 
          category, -recursive)
 
+maxd (reference to hash used to hold max depth for all top-level categories).
+
 Returns: nothing
 
 Side effects: populates trails and allitems hash references.
@@ -13523,7 +14649,7 @@ Side effects: populates trails and allit
 =cut
 
 sub extract_categories {
-    my ($categories,$cats,$trails,$allitems,$idx,$jsarray,$subcats) = @_;
+    my ($categories,$cats,$trails,$allitems,$idx,$jsarray,$subcats,$maxd) = @_;
     if (ref($categories) eq 'HASH') {
         &gather_categories($categories,$cats,$idx,$jsarray);
         if (ref($cats->[0]) eq 'ARRAY') {
@@ -13549,12 +14675,15 @@ sub extract_categories {
                         if (ref($subcats) eq 'HASH') {
                             push(@{$subcats->{$item}},&escape($category).':'.&escape($name).':1');
                         }
-                        &recurse_categories($cats,2,$category,$trails,$allitems,\@parents,$subcats);
+                        &recurse_categories($cats,2,$category,$trails,$allitems,\@parents,$subcats,$maxd);
                     }
                 } else {
                     if (ref($subcats) eq 'HASH') {
                         $subcats->{$item} = [];
                     }
+                    if (ref($maxd) eq 'HASH') {
+                        $maxd->{$name} = 1;
+                    }
                 }
             }
         }
@@ -13592,7 +14721,7 @@ Side effects: populates trails and allit
 =cut
 
 sub recurse_categories {
-    my ($cats,$depth,$category,$trails,$allitems,$parents,$subcats) = @_;
+    my ($cats,$depth,$category,$trails,$allitems,$parents,$subcats,$maxd) = @_;
     my $shallower = $depth - 1;
     if (ref($cats->[$depth]{$category}) eq 'ARRAY') {
         for (my $k=0; $k<@{$cats->[$depth]{$category}}; $k++) {
@@ -13619,16 +14748,21 @@ sub recurse_categories {
                 }
             }
             &recurse_categories($cats,$deeper,$name,$trails,$allitems,$parents,
-                                $subcats);
+                                $subcats,$maxd);
             pop(@{$parents});
         }
     } else {
         my $item = &escape($category).':'.&escape($parents->[-1]).':'.$shallower;
-        my $trailstr = join(' -&gt; ',(@{$parents},$category));
+        my $trailstr = join(' &raquo; ',(@{$parents},$category));
         if ($allitems->{$item} eq '') {
             push(@{$trails},$trailstr);
             $allitems->{$item} = scalar(@{$trails})-1;
         }
+        if (ref($maxd) eq 'HASH') {
+            if ($depth > $maxd->{$parents->[0]}) {
+                $maxd->{$parents->[0]} = $depth;
+            }
+        }
     }
     return;
 }
@@ -13649,16 +14783,19 @@ currcat - scalar with an & separated lis
 
 type    - scalar contains course type (Course or Community).
 
+disabled - scalar (optional) contains disabled="disabled" if input elements are
+           to be readonly (e.g., Domain Helpdesk role viewing course settings).
+
 Returns: $output (markup to be displayed) 
 
 =cut
 
 sub assign_categories_table {
-    my ($cathash,$currcat,$type) = @_;
+    my ($cathash,$currcat,$type,$disabled) = @_;
     my $output;
     if (ref($cathash) eq 'HASH') {
-        my (@cats,@trails,%allitems,%idx,@jsarray,@path,$maxdepth);
-        &extract_categories($cathash,\@cats,\@trails,\%allitems,\%idx,\@jsarray);
+        my (@cats,@trails,%allitems,%idx,@jsarray,%maxd,@path,$maxdepth);
+        &extract_categories($cathash,\@cats,\@trails,\%allitems,\%idx,\@jsarray,\%maxd);
         $maxdepth = scalar(@cats);
         if (@cats > 0) {
             my $itemcount = 0;
@@ -13690,11 +14827,11 @@ sub assign_categories_table {
                     }
                     $table .= '<tr '.$css_class.'><td><span class="LC_nobreak">'.
                               '<input type="checkbox" name="usecategory" value="'.
-                              $item.'"'.$checked.' />'.$parent_title.'</span>'.
+                              $item.'"'.$checked.$disabled.' />'.$parent_title.'</span>'.
                               '<input type="hidden" name="catname" value="'.$parent.'" /></td>';
                     my $depth = 1;
                     push(@path,$parent);
-                    $table .= &assign_category_rows($itemcount,\@cats,$depth,$parent,\@path,\@currcategories);
+                    $table .= &assign_category_rows($itemcount,\@cats,$depth,$parent,\@path,\@currcategories,$disabled);
                     pop(@path);
                     $table .= '</tr><tr><td colspan="'.$maxdepth.'" class="LC_row_separator"></td></tr>';
                     $itemcount ++;
@@ -13733,12 +14870,15 @@ path - Array containing all categories b
 
 currcategories - reference to array of current categories assigned to the course
 
+disabled - scalar (optional) contains disabled="disabled" if input elements are
+           to be readonly (e.g., Domain Helpdesk role viewing course settings).
+
 Returns: $output (markup to be displayed).
 
 =cut
 
 sub assign_category_rows {
-    my ($itemcount,$cats,$depth,$parent,$path,$currcategories) = @_;
+    my ($itemcount,$cats,$depth,$parent,$path,$currcategories,$disabled) = @_;
     my ($text,$name,$item,$chgstr);
     if (ref($cats) eq 'ARRAY') {
         my $maxdepth = scalar(@{$cats});
@@ -13761,12 +14901,12 @@ sub assign_category_rows {
                     }
                     $text .= '<tr><td><span class="LC_nobreak"><label>'.
                              '<input type="checkbox" name="usecategory" value="'.
-                             $item.'"'.$checked.' />'.$name.'</label></span>'.
+                             $item.'"'.$checked.$disabled.' />'.$name.'</label></span>'.
                              '<input type="hidden" name="catname" value="'.$name.'" />'.
                              '</td><td>';
                     if (ref($path) eq 'ARRAY') {
                         push(@{$path},$name);
-                        $text .= &assign_category_rows($itemcount,$cats,$deeper,$name,$path,$currcategories);
+                        $text .= &assign_category_rows($itemcount,$cats,$deeper,$name,$path,$currcategories,$disabled);
                         pop(@{$path});
                     }
                     $text .= '</td></tr>';
@@ -13997,37 +15137,95 @@ sub check_clone {
                 return ($can_clone, $clonemsg, $cloneid, $clonehome);
             }
         }
-	if (($env{'request.role.domain'} eq $args->{'clonedomain'}) && 
+	if (($env{'request.role.domain'} eq $args->{'clonedomain'}) &&
             (&Apache::lonnet::allowed('ccc',$env{'request.role.domain'}))) {
 	    $can_clone = 1;
 	} else {
-	    my %clonehash = &Apache::lonnet::get('environment',['cloners'],
+	    my %clonehash = &Apache::lonnet::get('environment',['cloners','internal.coursecode'],
 						 $args->{'clonedomain'},$args->{'clonecourse'});
-	    my @cloners = split(/,/,$clonehash{'cloners'});
-            if (grep(/^\*$/,@cloners)) {
-                $can_clone = 1;
-            } elsif (grep(/^\*\:\Q$args->{'ccdomain'}\E$/,@cloners)) {
-                $can_clone = 1;
+            if ($clonehash{'cloners'} eq '') {
+                my %domdefs = &Apache::lonnet::get_domain_defaults($args->{'course_domain'});
+                if ($domdefs{'canclone'}) {
+                    unless ($domdefs{'canclone'} eq 'none') {
+                        if ($domdefs{'canclone'} eq 'domain') {
+                            if ($args->{'ccdomain'} eq $args->{'clonedomain'}) {
+                                $can_clone = 1;
+                            }
+                        } elsif (($clonehash{'internal.coursecode'}) && ($args->{'crscode'}) &&
+                                 ($args->{'clonedomain'} eq  $args->{'course_domain'})) {
+                            if (&Apache::lonnet::default_instcode_cloning($args->{'clonedomain'},$domdefs{'canclone'},
+                                                                          $clonehash{'internal.coursecode'},$args->{'crscode'})) {
+                                $can_clone = 1;
+                            }
+                        }
+                    }
+                }
             } else {
+	        my @cloners = split(/,/,$clonehash{'cloners'});
+                if (grep(/^\*$/,@cloners)) {
+                    $can_clone = 1;
+                } elsif (grep(/^\*\:\Q$args->{'ccdomain'}\E$/,@cloners)) {
+                    $can_clone = 1;
+                } elsif (grep(/^\Q$args->{'ccuname'}\E:\Q$args->{'ccdomain'}\E$/,@cloners)) {
+                    $can_clone = 1;
+                }
+                unless ($can_clone) {
+                    if (($clonehash{'internal.coursecode'}) && ($args->{'crscode'}) &&
+                        ($args->{'clonedomain'} eq  $args->{'course_domain'})) {
+                        my (%gotdomdefaults,%gotcodedefaults);
+                        foreach my $cloner (@cloners) {
+                            if (($cloner ne '*') && ($cloner !~ /^\*\:$match_domain$/) &&
+                                ($cloner !~ /^$match_username\:$match_domain$/) && ($cloner ne '')) {
+                                my (%codedefaults,@code_order);
+                                if (ref($gotcodedefaults{$args->{'clonedomain'}}) eq 'HASH') {
+                                    if (ref($gotcodedefaults{$args->{'clonedomain'}}{'defaults'}) eq 'HASH') {
+                                        %codedefaults = %{$gotcodedefaults{$args->{'clonedomain'}}{'defaults'}};
+                                    }
+                                    if (ref($gotcodedefaults{$args->{'clonedomain'}}{'order'}) eq 'ARRAY') {
+                                        @code_order = @{$gotcodedefaults{$args->{'clonedomain'}}{'order'}};
+                                    }
+                                } else {
+                                    &Apache::lonnet::auto_instcode_defaults($args->{'clonedomain'},
+                                                                            \%codedefaults,
+                                                                            \@code_order);
+                                    $gotcodedefaults{$args->{'clonedomain'}}{'defaults'} = \%codedefaults;
+                                    $gotcodedefaults{$args->{'clonedomain'}}{'order'} = \@code_order;
+                                }
+                                if (@code_order > 0) {
+                                    if (&Apache::lonnet::check_instcode_cloning(\%codedefaults,\@code_order,
+                                                                                $cloner,$clonehash{'internal.coursecode'},
+                                                                                $args->{'crscode'})) {
+                                        $can_clone = 1;
+                                        last;
+                                    }
+                                }
+                            }
+                        }
+                    }
+                }
+            }
+            unless ($can_clone) {
                 my $ccrole = 'cc';
                 if ($args->{'crstype'} eq 'Community') {
                     $ccrole = 'co';
                 }
-	        my %roleshash =
-		    &Apache::lonnet::get_my_roles($args->{'ccuname'},
-					 $args->{'ccdomain'},
-                                         'userroles',['active'],[$ccrole],
-					 [$args->{'clonedomain'}]);
-	        if (($roleshash{$args->{'clonecourse'}.':'.$args->{'clonedomain'}.':'.$ccrole}) || (grep(/^\Q$args->{'ccuname'}\E:\Q$args->{'ccdomain'}\E$/,@cloners))) {
+                my %roleshash =
+                    &Apache::lonnet::get_my_roles($args->{'ccuname'},
+                                                  $args->{'ccdomain'},
+                                                  'userroles',['active'],[$ccrole],
+                                                  [$args->{'clonedomain'}]);
+                if ($roleshash{$args->{'clonecourse'}.':'.$args->{'clonedomain'}.':'.$ccrole}) {
                     $can_clone = 1;
-                } elsif (&Apache::lonnet::is_course_owner($args->{'clonedomain'},$args->{'clonecourse'},$args->{'ccuname'},$args->{'ccdomain'})) {
+                } elsif (&Apache::lonnet::is_course_owner($args->{'clonedomain'},$args->{'clonecourse'},
+                                                          $args->{'ccuname'},$args->{'ccdomain'})) {
                     $can_clone = 1;
+                }
+            }
+            unless ($can_clone) {
+                if ($args->{'crstype'} eq 'Community') {
+                    $clonemsg = &mt('No new community created.').$linefeed.&mt('The new community could not be cloned from the existing community because the new community owner ([_1]) does not have cloning rights in the existing community ([_2]).',$args->{'ccuname'}.':'.$args->{'ccdomain'},$clonedesc{'description'});
                 } else {
-                    if ($args->{'crstype'} eq 'Community') {
-                        $clonemsg = &mt('No new community created.').$linefeed.&mt('The new community could not be cloned from the existing community because the new community owner ([_1]) does not have cloning rights in the existing community ([_2]).',$args->{'ccuname'}.':'.$args->{'ccdomain'},$clonedesc{'description'});
-                    } else {
-                        $clonemsg = &mt('No new course created.').$linefeed.&mt('The new course could not be cloned from the existing course because the new course owner ([_1]) does not have cloning rights in the existing course ([_2]).',$args->{'ccuname'}.':'.$args->{'ccdomain'},$clonedesc{'description'});
-                    }
+                    $clonemsg = &mt('No new course created.').$linefeed.&mt('The new course could not be cloned from the existing course because the new course owner ([_1]) does not have cloning rights in the existing course ([_2]).',$args->{'ccuname'}.':'.$args->{'ccdomain'},$clonedesc{'description'});
 	        }
 	    }
         }
@@ -14036,7 +15234,8 @@ sub check_clone {
 }
 
 sub construct_course {
-    my ($args,$logmsg,$courseid,$crsudom,$crsunum,$udom,$uname,$context,$cnum,$category,$coderef) = @_;
+    my ($args,$logmsg,$courseid,$crsudom,$crsunum,$udom,$uname,$context,
+        $cnum,$category,$coderef) = @_;
     my $outcome;
     my $linefeed =  '<br />'."\n";
     if ($context eq 'auto') {
@@ -14184,7 +15383,7 @@ sub construct_course {
                 my $addcheck = &Apache::lonnet::auto_new_course($$crsunum,$$crsudom,$class,$cenv{'internal.courseowner'});
                 $cenv{'internal.sectionnums'} .= $item.',';
                 unless ($addcheck eq 'ok') {
-                    push @badclasses, $class;
+                    push(@badclasses,$class);
                 }
             }
             $cenv{'internal.sectionnums'} =~ s/,$//;
@@ -14212,7 +15411,7 @@ sub construct_course {
                 my $addcheck =  &Apache::lonnet::auto_new_course($$crsunum,$$crsudom,$xl,$cenv{'internal.courseowner'});
                 $cenv{'internal.crosslistings'} .= $item.',';
                 unless ($addcheck eq 'ok') {
-                    push @badclasses, $xl;
+                    push(@badclasses,$xl);
                 }
             }
             $cenv{'internal.crosslistings'} =~ s/,$//;
@@ -14247,28 +15446,29 @@ sub construct_course {
     }
     if (@badclasses > 0) {
         my %lt=&Apache::lonlocal::texthash(
-                'tclb' => 'The courses listed below were included as sections or crosslistings affiliated with your new LON-CAPA course.  However, if automated course roster updates are enabled for this class, these particular sections/crosslistings will not contribute towards enrollment, because the user identified as the course owner for this LON-CAPA course',
-                'dnhr' => 'does not have rights to access enrollment in these classes',
-                'adby' => 'as determined by the policies of your institution on access to official classlists'
+                'tclb' => 'The courses listed below were included as sections or crosslistings affiliated with your new LON-CAPA course.',
+                'howi' => 'However, if automated course roster updates are enabled for this class, these particular sections/crosslistings are not guaranteed to contribute towards enrollment.',
+                'itis' => 'It is possible that rights to access enrollment for these classes will be available through assignment of co-owners.',
         );
-        my $badclass_msg = $cenv{'internal.courseowner'}.') - '.$lt{'dnhr'}.
-                           ' ('.$lt{'adby'}.')';
+        my $badclass_msg = $lt{'tclb'}.$linefeed.$lt{'howi'}.$linefeed.
+                           &mt('That is because the user identified as the course owner ([_1]) does not have rights to access enrollment in these classes, as determined by the policies of your institution on access to official classlists',$cenv{'internal.courseowner'}).$linefeed.$lt{'itis'};
         if ($context eq 'auto') {
             $outcome .= $badclass_msg.$linefeed;
+        } else {
             $outcome .= '<div class="LC_warning">'.$badclass_msg.$linefeed.'<ul>'."\n";
-            foreach my $item (@badclasses) {
-                if ($context eq 'auto') {
-                    $outcome .= " - $item\n";
-                } else {
-                    $outcome .= "<li>$item</li>\n";
-                }
-            }
+        }
+        foreach my $item (@badclasses) {
             if ($context eq 'auto') {
-                $outcome .= $linefeed;
+                $outcome .= " - $item\n";
             } else {
-                $outcome .= "</ul><br /><br /></div>\n";
+                $outcome .= "<li>$item</li>\n";
             }
-        } 
+        }
+        if ($context eq 'auto') {
+            $outcome .= $linefeed;
+        } else {
+            $outcome .= "</ul><br /><br /></div>\n";
+        }
     }
     if ($args->{'no_end_date'}) {
         $args->{'endaccess'} = 0;
@@ -14300,6 +15500,9 @@ sub construct_course {
        if ($args->{'setcontent'}) {
            $cenv{'question.email'}=$args->{'ccuname'}.':'.$args->{'ccdomain'};
        }
+       if ($args->{'setcomment'}) {
+           $cenv{'comment.email'}=$args->{'ccuname'}.':'.$args->{'ccdomain'};
+       }
     }
     if ($args->{'reshome'}) {
 	$cenv{'reshome'}=$args->{'reshome'}.'/';
@@ -14371,12 +15574,17 @@ sub construct_course {
 # Open all assignments
 #
     if ($args->{'openall'}) {
+       my $opendate = time;
+       if ($args->{'openallfrom'} =~ /^\d+$/) {
+           $opendate = $args->{'openallfrom'};
+       }
        my $storeunder=$$crsudom.'_'.$$crsunum.'.0.opendate';
-       my %storecontent = ($storeunder         => time,
+       my %storecontent = ($storeunder         => $opendate,
                            $storeunder.'.type' => 'date_start');
-       
-       $outcome .= &mt('Opening all assignments').': '.&Apache::lonnet::cput
-                 ('resourcedata',\%storecontent,$$crsudom,$$crsunum).$linefeed;
+       $outcome .= &mt('All assignments open starting [_1]',
+                       &Apache::lonlocal::locallocaltime($opendate)).': '.
+                   &Apache::lonnet::cput
+                       ('resourcedata',\%storecontent,$$crsudom,$$crsunum).$linefeed;
    }
 #
 # Set first page
@@ -14610,7 +15818,23 @@ sub init_user_environment {
 	    opendir(DIR,$lonids);
 	    while ($filename=readdir(DIR)) {
 		if ($filename=~/^$username\_\d+\_$domain\_$authhost\.id$/) {
-		    unlink($lonids.'/'.$filename);
+                    if (tie(my %oldenv,'GDBM_File',"$lonids/$filename",
+                            &GDBM_READER(),0640)) {
+                        my $linkedfile;
+                        if (exists($oldenv{'user.linkedenv'})) {
+                            $linkedfile = $oldenv{'user.linkedenv'};
+                        }
+                        untie(%oldenv);
+                        if (unlink("$lonids/$filename")) {
+                            if ($linkedfile =~ /^[a-f0-9]+_linked$/) {
+                                if (-l "$lonids/$linkedfile.id") {
+                                    unlink("$lonids/$linkedfile.id");
+                                }
+                            }
+                        }
+                    } else {
+                        unlink($lonids.'/'.$filename);
+                    }
 		}
 	    }
 	    closedir(DIR);
@@ -14698,36 +15922,44 @@ sub init_user_environment {
             $env{'user.noloadbalance'} = $lonhost;
         }
 
-        my %is_adv = ( is_adv => $env{'user.adv'} );
-        my %domdef;
-        unless ($domain eq 'public') {
-            %domdef = &Apache::lonnet::get_domain_defaults($domain);
+        if ($form->{'noloadbalance'}) {
+            my @hosts = &Apache::lonnet::current_machine_ids();
+            my $hosthere = $form->{'noloadbalance'};
+            if (grep(/^\Q$hosthere\E$/,@hosts)) {
+                $initial_env{"user.noloadbalance"} = $hosthere;
+                $env{'user.noloadbalance'} = $hosthere;
+            }
         }
 
-        foreach my $tool ('aboutme','blog','webdav','portfolio') {
-            $userenv{'availabletools.'.$tool} = 
-                &Apache::lonnet::usertools_access($username,$domain,$tool,'reload',
-                                                  undef,\%userenv,\%domdef,\%is_adv);
-        }
+        unless ($domain eq 'public') {
+            my %is_adv = ( is_adv => $env{'user.adv'} );
+            my %domdef = &Apache::lonnet::get_domain_defaults($domain);
 
-        foreach my $crstype ('official','unofficial','community','textbook') {
-            $userenv{'canrequest.'.$crstype} =
-                &Apache::lonnet::usertools_access($username,$domain,$crstype,
-                                                  'reload','requestcourses',
-                                                  \%userenv,\%domdef,\%is_adv);
-        }
+            foreach my $tool ('aboutme','blog','webdav','portfolio') {
+                $userenv{'availabletools.'.$tool} = 
+                    &Apache::lonnet::usertools_access($username,$domain,$tool,'reload',
+                                                      undef,\%userenv,\%domdef,\%is_adv);
+            }
 
-        $userenv{'canrequest.author'} =
-            &Apache::lonnet::usertools_access($username,$domain,'requestauthor',
-                                        'reload','requestauthor',
-                                        \%userenv,\%domdef,\%is_adv);
-        my %reqauthor = &Apache::lonnet::get('requestauthor',['author_status','author'],
-                                             $domain,$username);
-        my $reqstatus = $reqauthor{'author_status'};
-        if ($reqstatus eq 'approval' || $reqstatus eq 'approved') {
-            if (ref($reqauthor{'author'}) eq 'HASH') {
-                $userenv{'requestauthorqueued'} = $reqstatus.':'.
-                                                  $reqauthor{'author'}{'timestamp'};
+            foreach my $crstype ('official','unofficial','community','textbook') {
+                $userenv{'canrequest.'.$crstype} =
+                    &Apache::lonnet::usertools_access($username,$domain,$crstype,
+                                                      'reload','requestcourses',
+                                                      \%userenv,\%domdef,\%is_adv);
+            }
+
+            $userenv{'canrequest.author'} =
+                &Apache::lonnet::usertools_access($username,$domain,'requestauthor',
+                                                  'reload','requestauthor',
+                                                  \%userenv,\%domdef,\%is_adv);
+            my %reqauthor = &Apache::lonnet::get('requestauthor',['author_status','author'],
+                                                 $domain,$username);
+            my $reqstatus = $reqauthor{'author_status'};
+            if ($reqstatus eq 'approval' || $reqstatus eq 'approved') {
+                if (ref($reqauthor{'author'}) eq 'HASH') {
+                    $userenv{'requestauthorqueued'} = $reqstatus.':'.
+                                                      $reqauthor{'author'}{'timestamp'};
+                }
             }
         }
 
@@ -15241,11 +16473,18 @@ cloneruname - optional username of new c
 
 clonerudom - optional domain of new course owner
 
-domcloner - Optional "domcloner" flag; has value=1 if user has ccc priv in domain being filtered by,
+domcloner - optional "domcloner" flag; has value=1 if user has ccc priv in domain being filtered by,
             (used when DC is using course creation form)
 
 codetitles - reference to array of titles of components in institutional codes (official courses).
 
+cc_clone - escaped comma separated list of courses for which course cloner has active CC role
+           (and so can clone automatically)
+
+reqcrsdom - domain of new course, where search_courses is used to identify potential courses to clone
+
+reqinstcode - institutional code of new course, where search_courses is used to identify potential
+              courses to clone
 
 Returns: %courses - hash of courses satisfying search criteria, keys = course IDs, values are corresponding colon-separated escaped description, institutional code, owner and type.
 
@@ -15256,7 +16495,8 @@ Side Effects: None
 
 
 sub search_courses {
-    my ($dom,$type,$filter,$numtitles,$cloneruname,$clonerudom,$domcloner,$codetitles) = @_;
+    my ($dom,$type,$filter,$numtitles,$cloneruname,$clonerudom,$domcloner,$codetitles,
+        $cc_clone,$reqcrsdom,$reqinstcode) = @_;
     my (%courses,%showcourses,$cloner);
     if (($filter->{'ownerfilter'} ne '') ||
         ($filter->{'ownerdomfilter'} ne '')) {
@@ -15304,10 +16544,10 @@ sub search_courses {
                                              $filter->{'combownerfilter'},
                                              $filter->{'coursefilter'},
                                              undef,undef,$type,$regexpok,undef,undef,
-                                             undef,undef,$cloner,$env{'form.cc_clone'},
+                                             undef,undef,$cloner,$cc_clone,
                                              $filter->{'cloneableonly'},
                                              $createdbefore,$createdafter,undef,
-                                             $domcloner);
+                                             $domcloner,undef,$reqcrsdom,$reqinstcode);
     if (($filter->{'personfilter'} ne '') && ($filter->{'persondomfilter'} ne '')) {
         my $ccrole;
         if ($type eq 'Community') {
@@ -15327,7 +16567,7 @@ sub search_courses {
                 if (ref($courses{$cid}) eq 'HASH') {
                     if (ref($courses{$cid}{roles}) eq 'ARRAY') {
                         if (!grep(/^\Q$courserole\E$/,@{$courses{$cid}{roles}})) {
-                            push (@{$courses{$cid}{roles}},$courserole);
+                            push(@{$courses{$cid}{roles}},$courserole);
                         }
                     } else {
                         $courses{$cid}{roles} = [$courserole];
@@ -15657,8 +16897,8 @@ sub recurse_supplemental {
 }
 
 sub symb_to_docspath {
-    my ($symb) = @_;
-    return unless ($symb);
+    my ($symb,$navmapref) = @_;
+    return unless ($symb && ref($navmapref));
     my ($mapurl,$id,$resurl) = &Apache::lonnet::decode_symb($symb);
     if ($resurl=~/\.(sequence|page)$/) {
         $mapurl=$resurl;
@@ -15666,9 +16906,11 @@ sub symb_to_docspath {
         $mapurl=$env{'course.'.$env{'request.course.id'}.'.url'};
     }
     my $mapresobj;
-    my $navmap = Apache::lonnavmaps::navmap->new();
-    if (ref($navmap)) {
-        $mapresobj = $navmap->getResourceByUrl($mapurl);
+    unless (ref($$navmapref)) {
+        $$navmapref = Apache::lonnavmaps::navmap->new();
+    }
+    if (ref($$navmapref)) {
+        $mapresobj = $$navmapref->getResourceByUrl($mapurl);
     }
     $mapurl=~s{^.*/([^/]+)\.(\w+)$}{$1};
     my $type=$2;
@@ -15678,7 +16920,7 @@ sub symb_to_docspath {
         if ($pcslist ne '') {
             foreach my $pc (split(/,/,$pcslist)) {
                 next if ($pc <= 1);
-                my $res = $navmap->getByMapPc($pc);
+                my $res = $$navmapref->getByMapPc($pc);
                 if (ref($res)) {
                     my $thisurl = $res->src();
                     $thisurl=~s{^.*/([^/]+)\.\w+$}{$1};
@@ -15725,31 +16967,32 @@ sub symb_to_docspath {
 }
 
 sub captcha_display {
-    my ($context,$lonhost) = @_;
+    my ($context,$lonhost,$defdom) = @_;
     my ($output,$error);
-    my ($captcha,$pubkey,$privkey) = &get_captcha_config($context,$lonhost);
+    my ($captcha,$pubkey,$privkey,$version) =
+        &get_captcha_config($context,$lonhost,$defdom);
     if ($captcha eq 'original') {
         $output = &create_captcha();
         unless ($output) {
             $error = 'captcha';
         }
     } elsif ($captcha eq 'recaptcha') {
-        $output = &create_recaptcha($pubkey);
+        $output = &create_recaptcha($pubkey,$version);
         unless ($output) {
             $error = 'recaptcha';
         }
     }
-    return ($output,$error,$captcha);
+    return ($output,$error,$captcha,$version);
 }
 
 sub captcha_response {
-    my ($context,$lonhost) = @_;
+    my ($context,$lonhost,$defdom) = @_;
     my ($captcha_chk,$captcha_error);
-    my ($captcha,$pubkey,$privkey) = &get_captcha_config($context,$lonhost);
+    my ($captcha,$pubkey,$privkey,$version) = &get_captcha_config($context,$lonhost,$defdom);
     if ($captcha eq 'original') {
         ($captcha_chk,$captcha_error) = &check_captcha();
     } elsif ($captcha eq 'recaptcha') {
-        $captcha_chk = &check_recaptcha($privkey);
+        $captcha_chk = &check_recaptcha($privkey,$version);
     } else {
         $captcha_chk = 1;
     }
@@ -15757,8 +17000,8 @@ sub captcha_response {
 }
 
 sub get_captcha_config {
-    my ($context,$lonhost) = @_;
-    my ($captcha,$pubkey,$privkey,$hashtocheck);
+    my ($context,$lonhost,$dom_in_effect) = @_;
+    my ($captcha,$pubkey,$privkey,$version,$hashtocheck);
     my $hostname = &Apache::lonnet::hostname($lonhost);
     my $serverhomeID = &Apache::lonnet::get_server_homeID($hostname);
     my $serverhomedom = &Apache::lonnet::host_domain($serverhomeID);
@@ -15774,6 +17017,10 @@ sub get_captcha_config {
                     }
                     if ($privkey && $pubkey) {
                         $captcha = 'recaptcha';
+                        $version = $hashtocheck->{'recaptchaversion'};
+                        if ($version ne '2') {
+                            $version = 1;
+                        }
                     } else {
                         $captcha = 'original';
                     }
@@ -15791,14 +17038,39 @@ sub get_captcha_config {
             $privkey = $domconfhash{$serverhomedom.'.login.recaptchakeys_private'};
             if ($privkey && $pubkey) {
                 $captcha = 'recaptcha';
+                $version = $domconfhash{$serverhomedom.'.login.recaptchaversion'};
+                if ($version ne '2') {
+                    $version = 1;
+                }
             } else {
                 $captcha = 'original';
             }
         } elsif ($domconfhash{$serverhomedom.'.login.captcha'} eq 'original') {
             $captcha = 'original';
         }
+    } elsif ($context eq 'passwords') {
+        if ($dom_in_effect) {
+            my %passwdconf = &Apache::lonnet::get_passwdconf($dom_in_effect);
+            if ($passwdconf{'captcha'} eq 'recaptcha') {
+                if (ref($passwdconf{'recaptchakeys'}) eq 'HASH') {
+                    $pubkey = $passwdconf{'recaptchakeys'}{'public'};
+                    $privkey = $passwdconf{'recaptchakeys'}{'private'};
+                }
+                if ($privkey && $pubkey) {
+                    $captcha = 'recaptcha';
+                    $version = $passwdconf{'recaptchaversion'};
+                    if ($version ne '2') {
+                        $version = 1;
+                    }
+                } else {
+                    $captcha = 'original';
+                }
+            } elsif ($passwdconf{'captcha'} ne 'notused') {
+                $captcha = 'original';
+            }
+        }
     }
-    return ($captcha,$pubkey,$privkey);
+    return ($captcha,$pubkey,$privkey,$version);
 }
 
 sub create_captcha {
@@ -15857,38 +17129,61 @@ sub check_captcha {
 }
 
 sub create_recaptcha {
-    my ($pubkey) = @_;
-    my $use_ssl;
-    if ($ENV{'SERVER_PORT'} == 443) {
-        $use_ssl = 1;
-    }
-    my $captcha = Captcha::reCAPTCHA->new;
-    return $captcha->get_options_setter({theme => 'white'})."\n".
-           $captcha->get_html($pubkey,undef,$use_ssl).
-           &mt('If either word is hard to read, [_1] will replace them.',
-               '<img src="/res/adm/pages/refresh.gif" alt="reCAPTCHA refresh" />').
-           '<br /><br />';
+    my ($pubkey,$version) = @_;
+    if ($version >= 2) {
+        return '<div class="g-recaptcha" data-sitekey="'.$pubkey.'"></div>';
+    } else {
+        my $use_ssl;
+        if ($ENV{'SERVER_PORT'} == 443) {
+            $use_ssl = 1;
+        }
+        my $captcha = Captcha::reCAPTCHA->new;
+        return $captcha->get_options_setter({theme => 'white'})."\n".
+               $captcha->get_html($pubkey,undef,$use_ssl).
+               &mt('If the text is hard to read, [_1] will replace them.',
+                   '<img src="/res/adm/pages/refresh.gif" alt="reCAPTCHA refresh" />').
+               '<br /><br />';
+     }
 }
 
 sub check_recaptcha {
-    my ($privkey) = @_;
+    my ($privkey,$version) = @_;
     my $captcha_chk;
-    my $captcha = Captcha::reCAPTCHA->new;
-    my $captcha_result =
-        $captcha->check_answer(
-                                $privkey,
-                                $ENV{'REMOTE_ADDR'},
-                                $env{'form.recaptcha_challenge_field'},
-                                $env{'form.recaptcha_response_field'},
-                              );
-    if ($captcha_result->{is_valid}) {
-        $captcha_chk = 1;
+    if ($version >= 2) {
+        my $ua = LWP::UserAgent->new;
+        $ua->timeout(10);
+        my %info = (
+                     secret   => $privkey,
+                     response => $env{'form.g-recaptcha-response'},
+                     remoteip => $ENV{'REMOTE_ADDR'},
+                   );
+        my $response = $ua->post('https://www.google.com/recaptcha/api/siteverify',\%info);
+        if ($response->is_success)  {
+            my $data = JSON::DWIW->from_json($response->decoded_content);
+            if (ref($data) eq 'HASH') {
+                if ($data->{'success'}) {
+                    $captcha_chk = 1;
+                }
+            }
+        }
+    } else {
+        my $captcha = Captcha::reCAPTCHA->new;
+        my $captcha_result =
+            $captcha->check_answer(
+                                    $privkey,
+                                    $ENV{'REMOTE_ADDR'},
+                                    $env{'form.recaptcha_challenge_field'},
+                                    $env{'form.recaptcha_response_field'},
+                                  );
+        if ($captcha_result->{is_valid}) {
+            $captcha_chk = 1;
+        }
     }
     return $captcha_chk;
 }
 
 sub emailusername_info {
-    my @fields = ('firstname','lastname','institution','web','location','officialemail');
+    my @fields = ('firstname','lastname','institution','web','location','officialemail','id');
     my %titles = &Apache::lonlocal::texthash (
                      lastname      => 'Last Name',
                      firstname     => 'First Name',
@@ -15896,6 +17191,7 @@ sub emailusername_info {
                      location      => "School's city, state/province, country",
                      web           => "School's web address",
                      officialemail => 'E-mail address at institution (if different)',
+                     id            => 'Student/Employee ID',
                  );
     return (\@fields,\%titles);
 }
@@ -15976,14 +17272,175 @@ sub des_decrypt {
     } else {
         $cypher=new DES $keybin;
     }
-    my $plaintext=
-        $cypher->decrypt(unpack("a8",pack("H16",substr($cyphertext,0,16))));
-    $plaintext.=
-        $cypher->decrypt(unpack("a8",pack("H16",substr($cyphertext,16,16))));
-    $plaintext=substr($plaintext,1,ord(substr($plaintext,0,1)) );
+    my $plaintext='';
+    my $cypherlength = length($cyphertext);
+    my $numchunks = int($cypherlength/32);
+    for (my $j=0; $j<$numchunks; $j++) {
+        my $start = $j*32;
+        my $cypherblock = substr($cyphertext,$start,32);
+        my $chunk =
+            $cypher->decrypt(unpack("a8",pack("H16",substr($cypherblock,0,16))));
+        $chunk .=
+            $cypher->decrypt(unpack("a8",pack("H16",substr($cypherblock,16,16))));
+        $chunk=substr($chunk,1,ord(substr($chunk,0,1)) );
+        $plaintext .= $chunk;
+    }
     return $plaintext;
 }
 
+sub is_nonframeable {
+    my ($url,$absolute,$hostname,$ip,$nocache) = @_;
+    my ($remprotocol,$remhost) = ($url =~ m{^(https?)\://(([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,})}i);
+    return if (($remprotocol eq '') || ($remhost eq ''));
+
+    $remprotocol = lc($remprotocol);
+    $remhost = lc($remhost);
+    my $remport = 80;
+    if ($remprotocol eq 'https') {
+        $remport = 443;
+    }
+    my ($result,$cached) = &Apache::lonnet::is_cached_new('noiframe',$remhost.':'.$remport);
+    if ($cached) {
+        unless ($nocache) {
+            if ($result) {
+                return 1;
+            } else {
+                return 0;
+            }
+        }
+    }
+    my $uselink;
+    my $request = new HTTP::Request('HEAD',$url);
+    my $ua = LWP::UserAgent->new;
+    $ua->timeout(5);
+    my $response=$ua->request($request);
+    if ($response->is_success()) {
+        my $secpolicy = lc($response->header('content-security-policy'));
+        my $xframeop = lc($response->header('x-frame-options'));
+        $secpolicy =~ s/^\s+|\s+$//g;
+        $xframeop =~ s/^\s+|\s+$//g;
+        if (($secpolicy ne '') || ($xframeop ne '')) {
+            my $remotehost = $remprotocol.'://'.$remhost;
+            my ($origin,$protocol,$port);
+            if ($ENV{'SERVER_PORT'} =~/^\d+$/) {
+                $port = $ENV{'SERVER_PORT'};
+            } else {
+                $port = 80;
+            }
+            if ($absolute eq '') {
+                $protocol = 'http:';
+                if ($port == 443) {
+                    $protocol = 'https:';
+                }
+                $origin = $protocol.'//'.lc($hostname);
+            } else {
+                $origin = lc($absolute);
+                ($protocol,$hostname) = ($absolute =~ m{^(https?:)//([^/]+)$});
+            }
+            if (($secpolicy) && ($secpolicy =~ /\Qframe-ancestors\E([^;]*)(;|$)/)) {
+                my $framepolicy = $1;
+                $framepolicy =~ s/^\s+|\s+$//g;
+                my @policies = split(/\s+/,$framepolicy);
+                if (@policies) {
+                    if (grep(/^\Q'none'\E$/,@policies)) {
+                        $uselink = 1;
+                    } else {
+                        $uselink = 1;
+                        if ((grep(/^\Q*\E$/,@policies)) || (grep(/^\Q$protocol\E$/,@policies)) ||
+                                (($origin ne '') && (grep(/^\Q$origin\E$/,@policies))) ||
+                                (($ip ne '') && (grep(/^\Q$ip\E$/,@policies)))) {
+                            undef($uselink);
+                        }
+                        if ($uselink) {
+                            if (grep(/^\Q'self'\E$/,@policies)) {
+                                if (($origin ne '') && ($remotehost eq $origin)) {
+                                    undef($uselink);
+                                }
+                            }
+                        }
+                        if ($uselink) {
+                            my @possok;
+                            if ($ip ne '') {
+                                push(@possok,$ip);
+                            }
+                            my $hoststr = '';
+                            foreach my $part (reverse(split(/\./,$hostname))) {
+                                if ($hoststr eq '') {
+                                    $hoststr = $part;
+                                } else {
+                                    $hoststr = "$part.$hoststr";
+                                }
+                                if ($hoststr eq $hostname) {
+                                    push(@possok,$hostname);
+                                } else {
+                                    push(@possok,"*.$hoststr");
+                                }
+                            }
+                            if (@possok) {
+                                foreach my $poss (@possok) {
+                                    last if (!$uselink);
+                                    foreach my $policy (@policies) {
+                                        if ($policy =~ m{^(\Q$protocol\E//|)\Q$poss\E(\Q:$port\E|)$}) {
+                                            undef($uselink);
+                                            last;
+                                        }
+                                    }
+                                }
+                            }
+                        }
+                    }
+                }
+            } elsif ($xframeop ne '') {
+                $uselink = 1;
+                my @policies = split(/\s*,\s*/,$xframeop);
+                if (@policies) {
+                    unless (grep(/^deny$/,@policies)) {
+                        if ($origin ne '') {
+                            if (grep(/^sameorigin$/,@policies)) {
+                                if ($remotehost eq $origin) {
+                                    undef($uselink);
+                                }
+                            }
+                            if ($uselink) {
+                                foreach my $policy (@policies) {
+                                    if ($policy =~ /^allow-from\s*(.+)$/) {
+                                        my $allowfrom = $1;
+                                        if (($allowfrom ne '') && ($allowfrom eq $origin)) {
+                                            undef($uselink);
+                                            last;
+                                        }
+                                    }
+                                }
+                            }
+                        }
+                    }
+                }
+            }
+        }
+    }
+    if ($nocache) {
+        if ($cached) {
+            my $devalidate;
+            if ($uselink && !$result) {
+                $devalidate = 1;
+            } elsif (!$uselink && $result) {
+                $devalidate = 1;
+            }
+            if ($devalidate) {
+                &Apache::lonnet::devalidate_cache_new('noiframe',$remhost.':'.$remport);
+            }
+        }
+    } else {
+        if ($uselink) {
+            $result = 1;
+        } else {
+            $result = 0;
+        }
+        &Apache::lonnet::do_cache_new('noiframe',$remhost.':'.$remport,$result,3600);
+    }
+    return $uselink;
+}
+
 1;
 __END__;