--- loncom/interface/loncreateuser.pm	2007/08/31 17:58:47	1.182
+++ loncom/interface/loncreateuser.pm	2007/10/09 17:33:57	1.188
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Create a user
 #
-# $Id: loncreateuser.pm,v 1.182 2007/08/31 17:58:47 raeburn Exp $
+# $Id: loncreateuser.pm,v 1.188 2007/10/09 17:33:57 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -68,7 +68,6 @@ use Apache::longroup;
 use LONCAPA qw(:DEFAULT :match);
 
 my $loginscript; # piece of javascript used in two separate instances
-my $generalrule;
 my $authformnop;
 my $authformkrb;
 my $authformint;
@@ -76,14 +75,24 @@ my $authformfsys;
 my $authformloc;
 
 sub initialize_authen_forms {
+    my ($dom,$curr_authtype) = @_; 
     my ($krbdefdom)=( $ENV{'SERVER_NAME'}=~/(\w+\.\w+)$/);
     $krbdefdom= uc($krbdefdom);
     my %param = ( formname => 'document.cu',
-                  kerb_def_dom => $krbdefdom 
-                  );
+                  kerb_def_dom => $krbdefdom,
+                  domain => $dom,
+                );
+    my %abv_auth = &auth_abbrev();
+    if ($curr_authtype =~ /^(krb4|krb5|internal|localauth|unix):$/) {
+        my $long_auth = $1;
+        my %abv_auth = &auth_abbrev();
+        $param{'curr_authtype'} = $abv_auth{$long_auth};
+        if ($long_auth =~ /^krb(4|5)$/) {
+            $param{'curr_kerb_ver'} = $1;
+        }
+    }
 # no longer static due to configurable kerberos defaults
 #    $loginscript  = &Apache::loncommon::authform_header(%param);
-    $generalrule  = &Apache::loncommon::authform_authorwarning(%param);
     $authformnop  = &Apache::loncommon::authform_nochange(%param);
 # no longer static due to configurable kerberos defaults
 #    $authformkrb  = &Apache::loncommon::authform_kerberos(%param);
@@ -92,6 +101,15 @@ sub initialize_authen_forms {
     $authformloc  = &Apache::loncommon::authform_local(%param);
 }
 
+sub auth_abbrev {
+    my %abv_auth = (
+                     krb4     => 'krb',
+                     internal => 'int',
+                     localuth => 'loc',
+                     unix     => 'fsys',
+                   );
+    return %abv_auth;
+}
 
 # ======================================================= Existing Custom Roles
 
@@ -175,8 +193,13 @@ END_SCRIPT
     }
     my $output = $quota_javascript.
                  '<h3>'.$lt{'disk'}.'</h3>'.
-                 $lt{'cuqu'}.': '.$currquota.'&nbsp;Mb.&nbsp;&nbsp;'.
-                 $defaultinfo.'<br /><span class="LC_nobreak">'.$lt{'chqu'}.
+                 &Apache::loncommon::start_data_table().
+                 &Apache::loncommon::start_data_table_row().
+                 '<td>'.$lt{'cuqu'}.': '.$currquota.'&nbsp;Mb.&nbsp;&nbsp;'.
+                 $defaultinfo.'</td>'.
+                 &Apache::loncommon::end_data_table_row().
+                 &Apache::loncommon::start_data_table_row().
+                 '<td><span class="LC_nobreak">'.$lt{'chqu'}.
                  ': <label>'.
                  '<input type="radio" name="customquota" value="0" '.
                  $custom_off.' onchange="javascript:quota_changes('."'custom'".')"
@@ -186,7 +209,9 @@ END_SCRIPT
                  $lt{'cust'}.':</label>&nbsp;'.
                  '<input type="text" name="portfolioquota" size ="5" value="'.
                  $showquota.'" onfocus="javascript:quota_changes('."'quota'".')" '.
-                 '/>&nbsp;Mb';
+                 '/>&nbsp;Mb</span></td>'.
+                 &Apache::loncommon::end_data_table_row().
+                 &Apache::loncommon::end_data_table();
     return $output;
 }
 
@@ -420,10 +445,42 @@ sub print_user_query_page {
 
 sub print_user_modification_page {
     my ($r,$ccuname,$ccdomain,$srch,$response) = @_;
-    unless (($ccuname) && ($ccdomain)) {
-	&print_username_entry_form($r);
+    if (($ccuname eq '') || ($ccdomain eq '')) {
+        my $usermsg = &mt('No username and/or domain provided.'); 
+	&print_username_entry_form($r,$usermsg);
         return;
     }
+    my %abv_auth = &auth_abbrev();
+    my ($curr_authtype,$instsrch,$rulematch,$rules,%inst_results,
+        $curr_kerb_ver,$newuser);
+    my $uhome=&Apache::lonnet::homeserver($ccuname,$ccdomain);
+    if ($uhome eq 'no_host') {
+        $newuser = 1;
+        $instsrch =
+                      {
+                         srchin => 'instd',
+                         srchby => 'uname',
+                         srchtype => 'exact',
+                         srchterm => $ccuname,
+                         srchdomain => $ccdomain,
+                       };
+        (my $usercheckmsg,$rulematch,$rules,%inst_results) = 
+            &Apache::loncommon::username_rule_check($instsrch,'new');
+        if ($usercheckmsg) {
+            &print_username_entry_form($r,$usercheckmsg);
+            return;
+        }
+    } else {
+        $newuser = 0;
+        my $currentauth = 
+            &Apache::lonnet::queryauthenticate($ccuname,$ccdomain);
+        if ($currentauth =~ /^(krb4|krb5|unix|internal|localauth):/) {	
+            $curr_authtype = $abv_auth{$1};
+            if ($currentauth =~ /^krb(4|5)/) {
+                $curr_kerb_ver = $1;
+            }
+        }
+    }
     if ($response) {
         $response = '<br />'.$response
     }
@@ -434,7 +491,10 @@ sub print_user_modification_page {
 
     my %param = ( formname => 'document.cu',
                   kerb_def_dom => $krbdefdom,
-                  kerb_def_auth => $krbdef
+                  kerb_def_auth => $krbdef,
+                  curr_authtype => $curr_authtype,
+                  curr_kerb_ver => $curr_kerb_ver,
+                  domain => $ccdomain,
                 );
     $loginscript  = &Apache::loncommon::authform_header(%param);
     $authformkrb  = &Apache::loncommon::authform_kerberos(%param);
@@ -642,10 +702,17 @@ ENDSECCODE
                                    $nondc_setsection_code,$groupslist);
 
     my ($jsback,$elements) = &crumb_utilities();
-
+    my $javascript_validations;
+    if ((&Apache::lonnet::allowed('mau',$ccdomain)) || ($uhome eq 'no_host')) {
+        my ($krbdef,$krbdefdom) =
+            &Apache::loncommon::get_kerberos_defaults($ccdomain);
+        $javascript_validations = 
+            &Apache::londropadd::javascript_validations('auth',$krbdefdom,undef,
+                                                        undef,$ccdomain);
+    }
     $js .= "\n".
-           '<script type="text/javascript">'."\n".$jsback."\n".'</script>';
-
+       '<script type="text/javascript">'."\n".$jsback."\n".
+       $javascript_validations.'</script>';
     my $start_page = 
 	&Apache::loncommon::start_page('Create Users, Change User Privileges',
 				       $js,{'add_entries' => \%loaditem,});
@@ -669,13 +736,12 @@ ENDSECCODE
     my $forminfo =<<"ENDFORMINFO";
 <form action="/adm/createuser" method="post" name="cu">
 <input type="hidden" name="phase"       value="update_user_data" />
-<input type="hidden" name="ccuname"     value="$ccuname" />
-<input type="hidden" name="ccdomain"    value="$ccdomain" />
+<input type="hidden" name="ccuname" value="$ccuname" />
+<input type="hidden" name="ccdomain" value="$ccdomain" />
 <input type="hidden" name="pres_value"  value="" />
 <input type="hidden" name="pres_type"   value="" />
 <input type="hidden" name="pres_marker" value="" />
 ENDFORMINFO
-    my $uhome=&Apache::lonnet::homeserver($ccuname,$ccdomain);
     my %inccourses;
     foreach my $key (keys(%env)) {
 	if ($key=~/^user\.priv\.cm\.\/($match_domain)\/($match_username)/) {
@@ -683,137 +749,141 @@ ENDFORMINFO
         }
     }
     if ($uhome eq 'no_host') {
-        my $newuser;
-        my $instsrch = {
-                         srchin => 'instd',
-                         srchby => 'uname',
-                         srchtype => 'exact',
-                       };
-        if ($env{'form.phase'} eq 'userpicked') {
-            $instsrch->{'srchterm'} = $env{'form.seluname'};
-            $instsrch->{'srchdomain'} = $env{'form.seludom'};
-        } else {
-            $instsrch->{'srchterm'} = $ccuname;
-            $instsrch->{'srchdomain'} = $ccdomain,
-        }
-        if (($instsrch->{'srchterm'} ne '') && ($instsrch->{'srchdomain'} ne '')) {
-            $newuser = $instsrch->{'srchterm'}.':'.$instsrch->{'srchdomain'};
-        }
-        my (%dirsrch_results,%inst_results,$dirsrchres);
-        if ($newuser) {
-            if (&directorysrch_check($instsrch) eq 'ok') {
-                ($dirsrchres,%dirsrch_results) = &Apache::lonnet::inst_directory_query($instsrch);
-                if ($dirsrchres eq 'ok') {
-                    if (ref($dirsrch_results{$newuser}) eq 'HASH') { 
-                        %inst_results = %{$dirsrch_results{$newuser}};
-                    }
-                }
-            }
-        }
-        my $home_server_list=
-            '<option value="default" selected>default</option>'."\n".
-                &Apache::loncommon::home_server_option_list($ccdomain);
-        
-	my %lt=&Apache::lonlocal::texthash(
-                    'cnu'  => "Create New User",
-                    'nu'   => "New User",
-                    'id'   => "in domain",
-                    'pd'   => "Personal Data",
-                    'fn'   => "First Name",
-                    'mn'   => "Middle Name",
-                    'ln'   => "Last Name",
-                    'gen'  => "Generation",
-                    'mail' => "Permanent e-mail address",
-                    'idsn' => "ID/Student Number",
-                    'hs'   => "Home Server",
-                    'lg'   => "Login Data"
-				       );
         my $portfolioform;
         if (&Apache::lonnet::allowed('mpq',$env{'request.role.domain'})) {
             # Current user has quota modification privileges
-            $portfolioform = &portfolio_quota($ccuname,$ccdomain);
+            $portfolioform = '<br />'.&portfolio_quota($ccuname,$ccdomain);
         }
-	my $genhelp=&Apache::loncommon::help_open_topic('Generation');
-        &initialize_authen_forms();
-	$r->print(<<ENDNEWUSER);
+        &initialize_authen_forms($ccdomain);
+        my %lt=&Apache::lonlocal::texthash(
+                'cnu'            => 'Create New User',
+                'ind'            => 'in domain',
+                'lg'             => 'Login Data',
+        );
+	$r->print(<<ENDTITLE);
 $start_page
 $crumbs
-<h1>$lt{'cnu'}</h1>
 $response
 $forminfo
-<h2>$lt{'nu'} "$ccuname" $lt{'id'} $ccdomain</h2>
 <script type="text/javascript" language="Javascript">
 $loginscript
 </script>
 <input type='hidden' name='makeuser' value='1' />
-<h3>$lt{'pd'}</h3>
-<p>
-<table>
-<tr><td>$lt{'fn'}  </td>
-    <td><input type="text" name="cfirst" size="15" value="$inst_results{'firstname'}" /></td></tr>
-<tr><td>$lt{'mn'} </td> 
-    <td><input type="text" name="cmiddle" size="15" value="$inst_results{'middlename'}" /></td></tr>
-<tr><td>$lt{'ln'}   </td>
-    <td><input type="text" name="clast" size="15" value="$inst_results{'lastname'}" /></td></tr>
-<tr><td>$lt{'gen'}$genhelp</td>
-    <td><input type="text" name="cgen" size="5" value="$inst_results{'generation'}" /></td></tr>
-<tr><td>$lt{'mail'}</td>
-    <td><input type="text" name="cemail" size="20" value="$inst_results{'permanentemail'}" /></td></tr>
-</table>
-$lt{'idsn'} <input type="text" name="cstid" size="15" value="$inst_results{'id'}" /></p>
-$lt{'hs'}: <select name="hserver" size="1"> $home_server_list </select>
-<hr />
-<h3>$lt{'lg'}</h3>
-<p>$generalrule </p>
-<p>$authformkrb </p>
-<p>$authformint </p>
-<p>$authformfsys</p>
-<p>$authformloc </p>
-<hr />
-$portfolioform
-ENDNEWUSER
+<h3>$lt{'cnu'} "$ccuname" $lt{'ind'} $ccdomain</h3>
+ENDTITLE
+        $r->print('<div class="LC_left_float">'.
+                  &personal_data_display($ccuname,$ccdomain,$newuser,
+                                         %inst_results));
+        my ($home_server_pick,$numlib) = 
+            &Apache::loncommon::home_server_form_item($ccdomain,'hserver',
+                                                      'default','hide');
+        if ($numlib > 1) {
+            $r->print("
+<br />
+$lt{'hs'}: $home_server_pick
+<br />");
+        } else {
+            $r->print($home_server_pick);
+        }
+        $r->print('</div>'."\n".'<div class="LC_left_float"><h3>'.
+                  $lt{'lg'}.'</h3>');
+        my ($fixedauth,$varauth,$authmsg); 
+        if ($rulematch) {
+            if (ref($rules) eq 'HASH') {
+                if (ref($rules->{$rulematch}) eq 'HASH') {
+                    my $authtype = $rules->{$rulematch}{'authtype'};
+                    if ($authtype !~ /^(krb4|krb5|int|fsys|loc)$/) {
+                        $r->print(&set_login($ccdomain));
+                    } else { 
+                        my $authparm = $rules->{$rulematch}{'authparm'};
+                        if ($authtype =~ /^krb(4|5)$/) {
+                            my $ver = $1;
+                            if ($authparm ne '') {
+                                $fixedauth = <<"KERB"; 
+<input type="hidden" name="login" value="krb" />
+<input type="hidden" name="krbver" value="$ver" />
+<input type="hidden" name="krbarg" value="$authparm" />
+KERB
+                                $authmsg = $rules->{$rulematch}{'authmsg'};    
+                            }
+                        } else {
+                            $fixedauth = 
+'<input type="hidden" name="login" value="'.$authtype.'" />'."\n";
+                            if ($rules->{$rulematch}{'authparmfixed'}) {
+                                $fixedauth .=    
+'<input type="hidden" name="'.$authtype.'arg" value="'.$authparm.'" />'."\n";
+                            } else {
+                                $varauth =  
+'<input type="text" name="'.$authtype.'arg" value="" />'."\n";
+                            }
+                        }
+                    }
+                } else {
+                    $r->print(&set_login($ccdomain));
+                }
+            }
+            if ($authmsg) {
+                $r->print(<<ENDAUTH);
+$fixedauth
+$authmsg
+$varauth
+ENDAUTH
+            }
+        } else {
+            $r->print(&set_login($ccdomain)); 
+        }
+        $r->print(<<ENDPORT);
+        $portfolioform
+</div><div class="LC_clear_float_footer"></div>
+ENDPORT
     } else { # user already exists
 	my %lt=&Apache::lonlocal::texthash(
-                    'cup'  => "Change User Privileges",
-                    'usr'  => "User",                    
+                    'cup'  => "Existing user ",
                     'id'   => "in domain",
-                    'fn'   => "first name",
-                    'mn'   => "middle name",
-                    'ln'   => "last name",
-                    'gen'  => "generation",
-                    'email' => "permanent e-mail",
 				       );
 	$r->print(<<ENDCHANGEUSER);
 $start_page
 $crumbs
-<h1>$lt{'cup'}</h1>
 $forminfo
-<h2>$lt{'usr'} "$ccuname" $lt{'id'} "$ccdomain"</h2>
+<h3>$lt{'cup'} "$ccuname" $lt{'id'} "$ccdomain"</h3>
 ENDCHANGEUSER
-        # Get the users information
-        my %userenv = 
-            &Apache::lonnet::get('environment',
-                ['firstname','middlename','lastname','generation',
-                 'permanentemail','portfolioquota'],$ccdomain,$ccuname);
-        my %rolesdump=&Apache::lonnet::dump('roles',$ccdomain,$ccuname);
-        $r->print('
-<hr />'.
-                  &Apache::loncommon::start_data_table().
-                  &Apache::loncommon::start_data_table_header_row().
-'<th>'.$lt{'fn'}.'</th><th>'.$lt{'mn'}.'</th><th>'.$lt{'ln'}.'</th><th>'.$lt{'gen'}.'</th><th>'.$lt{'email'}.'</th>'.
-                  &Apache::loncommon::end_data_table_header_row().
-                  &Apache::loncommon::start_data_table_row());
-        foreach my $item ('firstname','middlename','lastname','generation','permanentemail') {
-           if (&Apache::lonnet::allowed('mau',$ccdomain)) {
-              $r->print(<<"END");
-<td><input type="text" name="c$item" value="$userenv{$item}" size="15" /></td>
-END
-           } else {
-               $r->print('<td>'.$userenv{$item}.'</td>');
-           }
+        $r->print('<div class="LC_left_float">'.
+                  &personal_data_display($ccuname,$ccdomain,$newuser,
+                                         %inst_results).
+                  '</div>');
+        my $user_auth_text = 
+            &user_authentication($ccuname,$ccdomain,$krbdefdom,\%abv_auth);
+        my $user_quota_text;
+        if (&Apache::lonnet::allowed('mpq',$ccdomain)) {
+            # Current user has quota modification privileges
+            $user_quota_text = &portfolio_quota($ccuname,$ccdomain);
+        } elsif (&Apache::lonnet::allowed('mpq',$env{'request.role.domain'})) {
+            # Get the user's portfolio information
+            my %portq = &Apache::lonnet::get('environment',['portfolioquota'],
+                                             $ccdomain,$ccuname);
+
+            my %lt=&Apache::lonlocal::texthash(
+                'dska'  => "Disk space allocated to user's portfolio files",
+                'youd'  => "You do not have privileges to modify the portfolio quota for this user.",
+                'ichr'  => "If a change is required, contact a domain coordinator for the domain",
+            );
+            $user_quota_text = <<ENDNOPORTPRIV;
+<h3>$lt{'dska'}</h3>
+$lt{'youd'} $lt{'ichr'}: $ccdomain
+ENDNOPORTPRIV
+        }
+        if ($user_auth_text ne '') {
+            $r->print('<div class="LC_left_float">'.$user_auth_text);
+            if ($user_quota_text ne '') {
+                $r->print($user_quota_text);
+            }
+            $r->print('</div>');
+
+        } elsif ($user_quota_text ne '') {
+            $r->print('<div class="LC_left_float">'.$user_quota_text.'</div>');
         }
-        $r->print(&Apache::loncommon::end_data_table_row().
-                  &Apache::loncommon::end_data_table());
+        $r->print('<div class="LC_clear_float_footer"></div>');
+        my %rolesdump=&Apache::lonnet::dump('roles',$ccdomain,$ccuname);
         # Build up table of user roles to allow revocation of a role.
         my ($tmp) = keys(%rolesdump);
         unless ($tmp =~ /^(con_lost|error)/i) {
@@ -952,7 +1022,7 @@ END
                    $plaintext=&Apache::lonnet::plaintext($role_code,$class)
 	       } else {
 	           $plaintext=
-		"Customrole '$croletitle' defined by $croleuname\@$croleudom";
+		"Customrole '$croletitle'<br />defined by $croleuname\@$croleudom";
 	       }
                $row.= '</td><td>'.$plaintext.
                       '</td><td>'.$area.
@@ -988,7 +1058,6 @@ END
 	   }
            if ($rolesdisplay == 1) {
                $r->print('
-<hr />
 <h3>'.$lt{'rer'}.'</h3>'.
 &Apache::loncommon::start_data_table("LC_createuser").
 &Apache::loncommon::start_data_table_header_row().
@@ -1004,128 +1073,16 @@ END
 	       $r->print(&Apache::loncommon::end_data_table());
            }
         }  # End of unless
-	my $currentauth=&Apache::lonnet::queryauthenticate($ccuname,$ccdomain);
-	if ($currentauth=~/^krb(4|5):/) {
-	    $currentauth=~/^krb(4|5):(.*)/;
-	    my $krbdefdom=$2;
-            my %param = ( formname => 'document.cu',
-                          kerb_def_dom => $krbdefdom 
-                          );
-            $loginscript  = &Apache::loncommon::authform_header(%param);
-	}
-	# Check for a bad authentication type
-        unless ($currentauth=~/^krb(4|5):/ or
-		$currentauth=~/^unix:/ or
-		$currentauth=~/^internal:/ or
-		$currentauth=~/^localauth:/
-		) { # bad authentication scheme
-	    if (&Apache::lonnet::allowed('mau',$ccdomain)) {
-                &initialize_authen_forms();
-		my %lt=&Apache::lonlocal::texthash(
-                               'err'   => "ERROR",
-			       'uuas'  => "This user has an unrecognized authentication scheme",
-                               'sldb'  => "Please specify login data below",
-                               'ld'    => "Login Data"
-						   );
-		$r->print(<<ENDBADAUTH);
-<hr />
-<script type="text/javascript" language="Javascript">
-$loginscript
-</script>
-<font color='#ff0000'>$lt{'err'}:</font>
-$lt{'uuas'} ($currentauth). $lt{'sldb'}.
-<h3>$lt{'ld'}</h3>
-<p>$generalrule</p>
-<p>$authformkrb</p>
-<p>$authformint</p>
-<p>$authformfsys</p>
-<p>$authformloc</p>
-ENDBADAUTH
-            } else { 
-                # This user is not allowed to modify the user's 
-                # authentication scheme, so just notify them of the problem
-		my %lt=&Apache::lonlocal::texthash(
-                               'err'   => "ERROR",
-			       'uuas'  => "This user has an unrecognized authentication scheme",
-                               'adcs'  => "Please alert a domain coordinator of this situation"
-						   );
-		$r->print(<<ENDBADAUTH);
-<hr />
-<font color="#ff0000"> $lt{'err'}: </font>
-$lt{'uuas'} ($currentauth). $lt{'adcs'}.
-<hr />
-ENDBADAUTH
-            }
-        } else { # Authentication type is valid
-	    my $authformcurrent='';
-	    my $authform_other='';
-            &initialize_authen_forms();
-	    if ($currentauth=~/^krb(4|5):/) {
-		$authformcurrent=$authformkrb;
-		$authform_other="<p>$authformint</p>\n".
-                    "<p>$authformfsys</p><p>$authformloc</p>";
-	    }
-	    elsif ($currentauth=~/^internal:/) {
-		$authformcurrent=$authformint;
-		$authform_other="<p>$authformkrb</p>".
-                    "<p>$authformfsys</p><p>$authformloc</p>";
-	    }
-	    elsif ($currentauth=~/^unix:/) {
-		$authformcurrent=$authformfsys;
-		$authform_other="<p>$authformkrb</p>".
-                    "<p>$authformint</p><p>$authformloc;</p>";
-	    }
-	    elsif ($currentauth=~/^localauth:/) {
-		$authformcurrent=$authformloc;
-		$authform_other="<p>$authformkrb</p>".
-                    "<p>$authformint</p><p>$authformfsys</p>";
-	    }
-            $authformcurrent.=' <i>(will override current values)</i><br />';
-            if (&Apache::lonnet::allowed('mau',$ccdomain)) {
-		# Current user has login modification privileges
-		my %lt=&Apache::lonlocal::texthash(
-                               'ccld'  => "Change Current Login Data",
-			       'enld'  => "Enter New Login Data"
-						   );
-		$r->print(<<ENDOTHERAUTHS);
-<hr />
-<script type="text/javascript" language="Javascript">
-$loginscript
-</script>
-<h3>$lt{'ccld'}</h3>
-<p>$generalrule</p>
-<p>$authformnop</p>
-<p>$authformcurrent</p>
-<h3>$lt{'enld'}</h3>
-$authform_other
-ENDOTHERAUTHS
-            } else {
-                if (&Apache::lonnet::allowed('mau',$env{'request.role.domain'})) {
-                    my %lt=&Apache::lonlocal::texthash(
-                               'ccld'  => "Change Current Login Data",
-                               'yodo'  => "You do not have privileges to modify the authentication configuration for this user.",
-                               'ifch'  => "If a change is required, contact a domain coordinator for the domain",
-                    );
-                    $r->print(<<ENDNOPRIV);
-<hr />
-<h3>$lt{'ccld'}</h3>
-$lt{'yodo'} $lt{'ifch'}: $ccdomain 
-ENDNOPRIV
-                } 
-            }
-            if (&Apache::lonnet::allowed('mpq',$env{'request.role.domain'})) {
-                # Current user has quota modification privileges
-                $r->print(&portfolio_quota($ccuname,$ccdomain));
-            }
-        }  ## End of "check for bad authentication type" logic
     } ## End of new user/old user logic
-    $r->print('<hr /><h3>'.&mt('Add Roles').'</h3>');
+    my $addrolesdisplay = 0;
+    $r->print('<h3>'.&mt('Add Roles').'</h3>');
 #
 # Co-Author
 # 
     if (&authorpriv($env{'user.name'},$env{'request.role.domain'}) &&
         ($env{'user.name'} ne $ccuname || $env{'user.domain'} ne $ccdomain)) {
         # No sense in assigning co-author role to yourself
+        $addrolesdisplay = 1;
 	my $cuname=$env{'user.name'};
         my $cudom=$env{'request.role.domain'};
 	   my %lt=&Apache::lonlocal::texthash(
@@ -1172,6 +1129,13 @@ ENDNOPRIV
 "javascript:pjump('."'date_end','End Date Assistant Co-Author',document.cu.end_$cudom\_$cuname\_aa.value,'end_$cudom\_$cuname\_aa','cu.pres','dateset'".')">'.$lt{'sed'}.'</a></td>'."\n".
          &Apache::loncommon::end_data_table_row()."\n".
          &Apache::loncommon::end_data_table());
+    } elsif (!(&authorpriv($env{'user.name'},$env{'request.role.domain'}))) {
+        $r->print('<span class="LC_error">'.
+                  &mt('You do not have privileges to assign co-author roles.').
+                  '</span>');     
+    } elsif (($env{'user.name'} eq $ccuname) && 
+             ($env{'user.domain'} eq $ccdomain)) {
+       $r->print(&mt('Assigning yourself a co-author or assistant co-author role in your own author area in Construction Space is not permitted'));  
     }
 #
 # Domain level
@@ -1212,33 +1176,314 @@ ENDNOPRIV
     $domaintext.= &Apache::loncommon::end_data_table();
     if ($num_domain_level > 0) {
         $r->print($domaintext);
+        $addrolesdisplay = 1;
     }
 #
-# Course and group levels
+# Course level
 #
 
     if ($env{'request.role'} =~ m{^dc\./($match_domain)/$}) {
         $r->print(&course_level_dc($1,'Course'));
-        $r->print('<hr /><input type="button" value="'.&mt('Modify User').'" onClick="setCourse()" />'."\n");
+        $r->print('<br /><input type="button" value="'.&mt('Modify User').'" onClick="setCourse()" />'."\n");
+    } elsif ($env{'request.role'} =~ m{^au\./($match_domain)/$}) {
+        if ($addrolesdisplay) {
+            $r->print('<br /><input type="button" value="'.&mt('Modify User').'"');
+            if ($newuser) {
+                $r->print(' onClick="verify_message(this.form)" \>'."\n");
+            } else {
+                $r->print('onClick="this.form.submit()" \>'."\n"); 
+            }
+        } else {
+            $r->print('<br /><a href="javascript:backPage(document.cu)">'.
+                      &mt('Back to previous page').'</a>');
+        }
     } else {
         $r->print(&course_level_table(%inccourses));
-        $r->print('<hr /><input type="button" value="'.&mt('Modify User').'" onClick="setSections()" />'."\n");
+        $r->print('<br /><input type="button" value="'.&mt('Modify User').'" onClick="setSections()" />'."\n");
     }
-    $r->print(&Apache::lonhtmlcommon::echo_form_input(['phase','userrole','ccdomain','prevphase','currstate']));
+    $r->print(&Apache::lonhtmlcommon::echo_form_input(['phase','userrole','ccdomain','prevphase','currstate','ccuname','ccdomain']));
     $r->print('<input type="hidden" name="currstate" value="" />');
     $r->print('<input type="hidden" name="prevphase" value="'.$env{'form.phase'}.'" />');
     $r->print("</form>".&Apache::loncommon::end_page());
 }
 
+sub user_authentication {
+    my ($ccuname,$ccdomain,$krbdefdom,$abv_auth) = @_;
+    my $currentauth=&Apache::lonnet::queryauthenticate($ccuname,$ccdomain);
+    my ($loginscript,$outcome);
+    if ($currentauth=~/^(krb)(4|5):(.*)/) {
+        my $long_auth = $1.$2;
+        my $curr_kerb_ver = $2;
+        my $krbdefdom=$3;
+        my $curr_authtype = $abv_auth->{$long_auth};
+        my %param = ( formname      => 'document.cu',
+                      kerb_def_dom  => $krbdefdom,
+                      domain        => $ccdomain,
+                      curr_authtype => $curr_authtype,
+                      curr_kerb_ver => $curr_kerb_ver,
+                          );
+        $loginscript  = &Apache::loncommon::authform_header(%param);
+    }
+    # Check for a bad authentication type
+    if ($currentauth !~ /^(krb4|krb5|unix|internal|localauth):/) {
+        # bad authentication scheme
+        my %lt=&Apache::lonlocal::texthash(
+                       'err'   => "ERROR",
+                       'uuas'  => "This user has an unrecognized authentication scheme",
+                       'adcs'  => "Please alert a domain coordinator of this situation",
+                       'sldb'  => "Please specify login data below",
+                       'ld'    => "Login Data"
+        );
+        if (&Apache::lonnet::allowed('mau',$ccdomain)) {
+            &initialize_authen_forms($ccdomain);
+            my $choices = &set_login($ccdomain);
+            $outcome = <<ENDBADAUTH;
+<script type="text/javascript" language="Javascript">
+$loginscript
+</script>
+<span class="LC_error">$lt{'err'}:
+$lt{'uuas'} ($currentauth). $lt{'sldb'}.</span>
+<h3>$lt{'ld'}</h3>
+$choices
+ENDBADAUTH
+        } else {
+            # This user is not allowed to modify the user's
+            # authentication scheme, so just notify them of the problem
+            $outcome = <<ENDBADAUTH;
+<span class="LC_error"> $lt{'err'}: 
+$lt{'uuas'} ($currentauth). $lt{'adcs'}.
+</span>
+ENDBADAUTH
+        }
+    } else { # Authentication type is valid
+        my $authformcurrent='';
+        my $authform_other='';
+        &initialize_authen_forms($ccdomain,$currentauth);
+        my ($authformcurrent,$authform_other,$can_modify) =
+            &modify_login_block($ccdomain,$currentauth);
+        if (&Apache::lonnet::allowed('mau',$ccdomain)) {
+            # Current user has login modification privileges
+            my %lt=&Apache::lonlocal::texthash (
+                           'ld'    => "Login Data",
+                           'ccld'  => "Change Current Login Data",
+                           'enld'  => "Enter New Login Data"
+                                               );
+            $outcome =
+                       '<script type="text/javascript" language="Javascript">'."\n".
+                       $loginscript."\n".
+                       '</script>'."\n".
+                       '<h3>'.$lt{'ld'}.'</h3>'.
+                       &Apache::loncommon::start_data_table().
+                       &Apache::loncommon::start_data_table_row().
+                       '<td>'.$authformnop;
+            if ($can_modify) {
+                $outcome .= '</td>'."\n".
+                            &Apache::loncommon::end_data_table_row().
+                            &Apache::loncommon::start_data_table_row().
+                            '<td>'.$authformcurrent.'</td>'.
+                            &Apache::loncommon::end_data_table_row()."\n";
+            } else {
+                $outcome .= '&nbsp;('.$authformcurrent.')</td>';
+            }
+            if ($authform_other ne '') {
+                $outcome .= $authform_other;
+            }
+            $outcome .= &Apache::loncommon::end_data_table_row().
+                        &Apache::loncommon::end_data_table();
+        } else {
+            if (&Apache::lonnet::allowed('mau',$env{'request.role.domain'})) {
+                my %lt=&Apache::lonlocal::texthash(
+                           'ccld'  => "Change Current Login Data",
+                           'yodo'  => "You do not have privileges to modify the authentication configuration for this user.",
+                           'ifch'  => "If a change is required, contact a domain coordinator for the domain",
+                );
+                $outcome .= <<ENDNOPRIV;
+<h3>$lt{'ccld'}</h3>
+$lt{'yodo'} $lt{'ifch'}: $ccdomain
+ENDNOPRIV
+            }
+        }
+    }  ## End of "check for bad authentication type" logic
+    return $outcome;
+}
+
+sub set_login {
+    my ($dom) = @_;
+    my %domconfig = &Apache::lonnet::get_dom('configuration',['usercreation'],$dom);
+    my $response;
+    my ($authnum,%can_assign) = 
+        &Apache::loncommon::get_assignable_auth($dom);
+    if ($authnum) {
+        $response = &Apache::loncommon::start_data_table();
+        if (($can_assign{'krb4'}) || ($can_assign{'krb5'})) {
+            $response .= &Apache::loncommon::start_data_table_row().
+                         '<td>'.$authformkrb.'</td>'.
+                         &Apache::loncommon::end_data_table_row()."\n";
+        }
+        if ($can_assign{'int'}) {
+            $response .= &Apache::loncommon::start_data_table_row().
+                         '<td>'.$authformint.'</td>'.
+                         &Apache::loncommon::end_data_table_row()."\n"
+        }
+        if ($can_assign{'loc'}) {
+            $response .= &Apache::loncommon::start_data_table_row().
+                         '<td>'.$authformloc.'</td>'.
+                         &Apache::loncommon::end_data_table_row()."\n";
+        }
+        $response .= &Apache::loncommon::end_data_table();
+    }
+    return $response;
+}
+
+sub modify_login_block {
+    my ($dom,$currentauth) = @_;
+    my %domconfig = &Apache::lonnet::get_dom('configuration',['usercreation'],$dom);
+    my ($authnum,%can_assign) =
+        &Apache::loncommon::get_assignable_auth($dom);
+    my ($authformcurrent,$authform_other,$show_override_msg);
+    if ($currentauth=~/^krb(4|5):/) {
+        $authformcurrent=$authformkrb;
+        if ($can_assign{'int'}) {
+            $authform_other = &Apache::loncommon::start_data_table_row().
+                              '<td>'.$authformint.'</td>'.
+                              &Apache::loncommon::end_data_table_row()."\n"
+        }
+        if ($can_assign{'loc'}) {
+            $authform_other .= &Apache::loncommon::start_data_table_row().
+                               '<td>'.$authformloc.'</td>'.
+                               &Apache::loncommon::end_data_table_row()."\n";
+        }
+        if (($can_assign{'krb4'}) || ($can_assign{'krb5'})) {
+            $show_override_msg = 1;
+        }
+    } elsif ($currentauth=~/^internal:/) {
+        $authformcurrent=$authformint;
+        if (($can_assign{'krb4'}) || ($can_assign{'krb5'})) {
+            $authform_other = &Apache::loncommon::start_data_table_row().
+                              '<td>'.$authformkrb.'</td>'.
+                              &Apache::loncommon::end_data_table_row()."\n";
+        }
+        if ($can_assign{'loc'}) {
+            $authform_other .= &Apache::loncommon::start_data_table_row().
+                               '<td>'.$authformloc.'</td>'.
+                               &Apache::loncommon::end_data_table_row()."\n";
+        }
+        if ($can_assign{'int'}) {
+            $show_override_msg = 1;
+        }
+    } elsif ($currentauth=~/^unix:/) {
+        $authformcurrent=$authformfsys;
+        if (($can_assign{'krb4'}) || ($can_assign{'krb5'})) {
+            $authform_other = &Apache::loncommon::start_data_table_row().
+                              '<td>'.$authformkrb.'</td>'.
+                              &Apache::loncommon::end_data_table_row()."\n";
+        }
+        if ($can_assign{'int'}) {
+            $authform_other .= &Apache::loncommon::start_data_table_row().
+                               '<td>'.$authformint.'</td>'.
+                               &Apache::loncommon::end_data_table_row()."\n"
+        }
+        if ($can_assign{'loc'}) {
+            $authform_other .= &Apache::loncommon::start_data_table_row().
+                               '<td>'.$authformloc.'</td>'.
+                               &Apache::loncommon::end_data_table_row()."\n";
+        }
+        if ($can_assign{'fsys'}) {
+            $show_override_msg = 1;
+        }
+    } elsif ($currentauth=~/^localauth:/) {
+        $authformcurrent=$authformloc;
+        if (($can_assign{'krb4'}) || ($can_assign{'krb5'})) {
+            $authform_other = &Apache::loncommon::start_data_table_row().
+                              '<td>'.$authformkrb.'</td>'.
+                              &Apache::loncommon::end_data_table_row()."\n";
+        }
+        if ($can_assign{'int'}) {
+            $authform_other .= &Apache::loncommon::start_data_table_row().
+                               '<td>'.$authformint.'</td>'.
+                               &Apache::loncommon::end_data_table_row()."\n"
+        }
+        if ($can_assign{'loc'}) {
+            $show_override_msg = 1;
+        }
+    }
+    if ($show_override_msg) {
+        $authformcurrent.= ' <span class="LC_cusr_emph">'.
+                            &mt('will override current values').
+                            '</span><br />';
+    }
+    return ($authformcurrent,$authform_other,$show_override_msg); 
+}
+
+sub personal_data_display {
+    my ($ccuname,$ccdomain,$newuser,%inst_results) = @_; 
+    my ($output,%userenv);
+    if (!$newuser) {
+        # Get the users information
+        %userenv = &Apache::lonnet::get('environment',
+                   ['firstname','middlename','lastname','generation',
+                    'permanentemail','id'],$ccdomain,$ccuname);
+    }
+    my %lt=&Apache::lonlocal::texthash(
+                'pd'             => "Personal Data",
+                'firstname'      => "First Name",
+                'middlename'     => "Middle Name",
+                'lastname'       => "Last Name",
+                'generation'     => "Generation",
+                'permanentemail' => "Permanent e-mail address",
+                'id'             => "ID/Student Number",
+                'hs'             => "Home Server",
+                'lg'             => "Login Data"
+    );
+    my @userinfo = ('firstname','middlename','lastname','generation',
+                    'permanentemail','id');
+    my %textboxsize = (
+                       firstname      => '15',
+                       middlename     => '15',
+                       lastname       => '15',
+                       generation     => '5',
+                       permanentemail => '25',
+                       id             => '15',
+                      );
+    my $genhelp=&Apache::loncommon::help_open_topic('Generation');
+    $output = '<h3>'.$lt{'pd'}.'</h3>'.
+              &Apache::lonhtmlcommon::start_pick_box();
+    foreach my $item (@userinfo) {
+        my $rowtitle = $lt{$item};
+        if ($item eq 'generation') {
+            $rowtitle = $genhelp.$rowtitle;
+        }
+        $output .= &Apache::lonhtmlcommon::row_title($rowtitle,undef,'LC_oddrow_value')."\n";
+        if ($newuser) {
+            if ($inst_results{$item} ne '') {
+                $output .= '<input type="hidden" name="c'.$item.'" value="'.$inst_results{$item}.'" />'.$inst_results{$item};
+            } else {
+                $output .= '<input type="text" name="c'.$item.'" size="'.$textboxsize{$item}.'" value="" />';
+            }
+        } else {
+            if (&Apache::lonnet::allowed('mau',$ccdomain)) {
+                $output .= '<input type="text" name="c'.$item.'" size="'.$textboxsize{$item}.'" value="'.$userenv{$item}.'" />';
+            } else {
+                $output .= $userenv{$item};
+            }
+        }
+        $output .= &Apache::lonhtmlcommon::row_closure(1);
+    }
+    $output .= &Apache::lonhtmlcommon::end_pick_box();
+    return $output;
+}
+
 # ================================================================= Phase Three
 sub update_user_data {
     my ($r) = @_; 
     my $uhome=&Apache::lonnet::homeserver($env{'form.ccuname'},
                                           $env{'form.ccdomain'});
     # Error messages
-    my $error     = '<font color="#ff0000">'.&mt('Error').':</font>';
-    my $end       = &Apache::loncommon::end_page();
-
+    my $error     = '<span class="LC_error">'.&mt('Error').': ';
+    my $end       = '</span><br /><br />'.
+                    '<a href="javascript:backPage(document.userupdate,'.
+                    "'$env{'form.prevphase'}','modify')".'" />'.
+                    &mt('Return to previous page').'</a>'.&Apache::loncommon::end_page();
     my $title;
     if (exists($env{'form.makeuser'})) {
 	$title='Set Privileges for New User';
@@ -1271,6 +1516,7 @@ sub update_user_data {
     $r->print(&Apache::lonhtmlcommon::breadcrumbs('User Management'));
 
     my %disallowed;
+    $r->print(&update_result_form($uhome));
     # Check Inputs
     if (! $env{'form.ccuname'} ) {
 	$r->print($error.&mt('No login name specified').'.'.$end);
@@ -1332,8 +1578,8 @@ sub update_user_data {
     }
 
 
-    $r->print('<h2>'.&mt('User [_1] in domain [_2]',
-			 $env{'form.ccuname'}, $env{'form.ccdomain'}).'</h2>');
+    $r->print('<h3>'.&mt('User [_1] in domain [_2]',
+			 $env{'form.ccuname'}, $env{'form.ccdomain'}).'</h3>');
 
     if ($env{'form.makeuser'}) {
 	$r->print('<h3>'.&mt('Creating new account.').'</h3>');
@@ -1357,10 +1603,10 @@ sub update_user_data {
 	# Call modifyuser
 	my $result = &Apache::lonnet::modifyuser
 	    ($env{'form.ccdomain'},$env{'form.ccuname'},$env{'form.cstid'},
-             $amode,$genpwd,$env{'form.cfirst'},
-             $env{'form.cmiddle'},$env{'form.clast'},$env{'form.cgen'},
-             undef,$desiredhost
-	     );
+             $amode,$genpwd,$env{'form.cfirstname'},
+             $env{'form.cmiddlename'},$env{'form.clastname'},
+             $env{'form.cgeneration'},undef,$desiredhost,
+             $env{'form.cpermanentemail'});
 	$r->print(&mt('Generating user').': '.$result);
         my $home = &Apache::lonnet::homeserver($env{'form.ccuname'},
                                                $env{'form.ccdomain'});
@@ -1519,9 +1765,9 @@ END
                     &Apache::lonnet::appenv(%newenvhash);
                 }
             } else { # error occurred
-                $r->print("<h2>".&mt('Unable to successfully change environment for')." ".
-                      $env{'form.ccuname'}." ".&mt('in domain')." ".
-                      $env{'form.ccdomain'}."</h2>");
+                $r->print('<span class="LC_error">'.&mt('Unable to successfully change environment for').' '.
+                      $env{'form.ccuname'}.' '.&mt('in domain').' '.
+                      $env{'form.ccdomain'}.'</span>');
             }
         }  else { # End of if ($env ... ) logic
             my $putresult;
@@ -1537,8 +1783,7 @@ END
                            'disk' => "Disk space allocated to user's portfolio files",
 					       );
             $r->print(<<"END");
-<h4>$userenv{'firstname'} $userenv{'middlename'} $userenv{'lastname'} $userenv{'generation'}</h4>
-<h4>$lt{'mail'}: $userenv{'permanentemail'}</h4>
+<h4>$userenv{'firstname'} $userenv{'middlename'} $userenv{'lastname'} $userenv{'generation'}&nbsp;&nbsp;($lt{'mail'}: $userenv{'permanentemail'})</h4>
 END
             if ($putresult eq 'ok') {
                 if ($oldportfolioquota != $newportfolioquota) {
@@ -1759,20 +2004,28 @@ END
     } # End of foreach (keys(%env))
 # Flush the course logs so reverse user roles immediately updated
     &Apache::lonnet::flushcourselogs();
-    $r->print('<p><a href="/adm/createuser">'.&mt('Create/Modify Another User').'</a></p>');
-    $r->print('<form name="userupdate" method="post" />'."\n");
+    $r->print(&Apache::loncommon::end_page());
+}
+
+sub update_result_form {
+    my ($uhome) = @_;
+    my $outcome = 
+    '<form name="userupdate" method="post" />'."\n";
     foreach my $item ('srchby','srchin','srchtype','srchterm','srchdomain','ccuname','ccdomain') {
-        $r->print('<input type="hidden" name="'.$item.'" value="'.$env{'form.'.$item}.'" />'."\n");
+        $outcome .= '<input type="hidden" name="'.$item.'" value="'.$env{'form.'.$item}.'" />'."\n";
     }
     foreach my $item ('sortby','seluname','seludom') {
         if (exists($env{'form.'.$item})) {
-            $r->print('<input type="hidden" name="'.$item.'" value="'.$env{'form.'.$item}.'" />'."\n");
+            $outcome .= '<input type="hidden" name="'.$item.'" value="'.$env{'form.'.$item}.'" />'."\n";
         }
     }
-    $r->print('<input type="hidden" name="phase" value="" />'."\n".
-              '<input type ="hidden" name="currstate" value="" />'."\n".
-              '</form>');
-    $r->print(&Apache::loncommon::end_page());
+    if ($uhome eq 'no_host') {
+        $outcome .= '<input type="hidden" name="forcenewuser" value="1" />'."\n";
+    }
+    $outcome .= '<input type="hidden" name="phase" value="" />'."\n".
+                '<input type ="hidden" name="currstate" value="" />'."\n".
+                '</form>';
+    return $outcome;
 }
 
 sub classlist_drop {
@@ -2079,14 +2332,14 @@ sub set_custom_role {
 	&Apache::lonnet::get('roles',["rolesdef_$rolename"]);
 
 # ------------------------------------------------------- Does this role exist?
-    $r->print('<h2>');
+    $r->print('<h3>');
     if (($rdummy ne 'con_lost') && ($roledef ne '')) {
 	$r->print(&mt('Existing Role').' "');
     } else {
 	$r->print(&mt('New Role').' "');
 	$roledef='';
     }
-    $r->print($rolename.'"</h2>');
+    $r->print($rolename.'"</h3>');
 # ------------------------------------------------------- What can be assigned?
     my $sysrole='';
     my $domrole='';
@@ -2164,6 +2417,9 @@ sub handler {
            if ($env{'form.phase'} eq 'get_user_info') {
                my ($currstate,$response,$forcenewuser,$results) = 
                    &user_search_result($srch);
+               if ($env{'form.currstate'} eq 'modify') {
+                   $currstate = $env{'form.currstate'};
+               }
                if ($currstate eq 'select') {
                    &print_user_selection_page($r,$response,$srch,$results,'createuser',\@search);
                } elsif ($currstate eq 'modify') {
@@ -2178,6 +2434,9 @@ sub handler {
                    }
                    $ccuname =&LONCAPA::clean_username($ccuname);
                    $ccdomain=&LONCAPA::clean_domain($ccdomain);
+                   if ($env{'form.forcenewuser'}) {
+                       $response = '';
+                   }   
                    &print_user_modification_page($r,$ccuname,$ccdomain,$srch,
                                                  $response);
                } elsif ($currstate eq 'query') {
@@ -2214,9 +2473,7 @@ sub user_search_result {
     my %inst_matches;
     my %srch_results;
     my ($response,$currstate,$forcenewuser,$dirsrchres);
-    $srch->{'srchterm'} =~ s/^\s+//;
-    $srch->{'srchterm'} =~ s/\s+$//;
-
+    $srch->{'srchterm'} =~ s/\s+/ /g;
     if ($srch->{'srchby'} !~ /^(uname|lastname|lastfirst)$/) {
         $response = &mt('Invalid search.');
     }
@@ -2229,6 +2486,9 @@ sub user_search_result {
     if ($srch->{'srchterm'} eq '') {
         $response = &mt('You must enter a search term.');
     }
+    if ($srch->{'srchterm'} =~ /^\s+$/) {
+        $response = &mt('Your search term must contain more than just spaces.');
+    }
     if (($srch->{'srchin'} eq 'dom') || ($srch->{'srchin'} eq 'instd')) {
         if (($srch->{'srchdomain'} eq '') || 
 	    ! (&Apache::lonnet::domain($srch->{'srchdomain'}))) {
@@ -2493,7 +2753,6 @@ sub directorysrch_check {
     }
 }
 
-
 sub get_courseusers {
     my %advhash;
     my $classlist = &Apache::loncoursedata::get_classlist();
@@ -2706,9 +2965,9 @@ ENDTIMEENTRY
                 if (%sections_count) {
                     my $currsec = &course_sections(\%sections_count,$customrole);
                     $table.=
-                   '<td><table border="0" cellspacing="0" cellpadding="0">'.
-                   '<tr><td valign="top">'.$lt{'exs'}.'<br />'.
-                     $currsec.'</td>'.
+                   '<td><table class="LC_createuser">'.
+                   '<tr class="LC_section_row"><td valign="top">'.
+                   $lt{'exs'}.'<br />'.$currsec.'</td>'.
                    '<td>&nbsp;&nbsp;</td>'.
                    '<td valign="top">&nbsp;'.$lt{'new'}.'<br />'.
                    '<input type="text" name="newsec_'.$customrole.'" value="" /></td>'.
@@ -2733,8 +2992,11 @@ ENDENTRY
     }
     return '' if ($table eq ''); # return nothing if there is nothing 
                                  # in the table
-    my $result = '
-<h4>'.$lt{'crl'}.'</h4>'.
+    my $result;
+    if (!$env{'request.course.id'}) {
+        $result = '<h4>'.$lt{'crl'}.'</h4>'."\n";
+    }
+    $result .= 
 &Apache::loncommon::start_data_table().
 &Apache::loncommon::start_data_table_header_row().
 '<th>'.$lt{'act'}.'</th><th>'.$lt{'rol'}.'</th><th>'.$lt{'ext'}.'</th>