--- loncom/interface/loncreateuser.pm	2007/09/19 06:24:26	1.187
+++ loncom/interface/loncreateuser.pm	2007/10/11 02:16:25	1.189
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Create a user
 #
-# $Id: loncreateuser.pm,v 1.187 2007/09/19 06:24:26 raeburn Exp $
+# $Id: loncreateuser.pm,v 1.189 2007/10/11 02:16:25 albertel Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -82,8 +82,14 @@ sub initialize_authen_forms {
                   kerb_def_dom => $krbdefdom,
                   domain => $dom,
                 );
+    my %abv_auth = &auth_abbrev();
     if ($curr_authtype =~ /^(krb4|krb5|internal|localauth|unix):$/) {
-        $param{'curr_authtype'} = $curr_authtype;
+        my $long_auth = $1;
+        my %abv_auth = &auth_abbrev();
+        $param{'curr_authtype'} = $abv_auth{$long_auth};
+        if ($long_auth =~ /^krb(4|5)$/) {
+            $param{'curr_kerb_ver'} = $1;
+        }
     }
 # no longer static due to configurable kerberos defaults
 #    $loginscript  = &Apache::loncommon::authform_header(%param);
@@ -95,6 +101,15 @@ sub initialize_authen_forms {
     $authformloc  = &Apache::loncommon::authform_local(%param);
 }
 
+sub auth_abbrev {
+    my %abv_auth = (
+                     krb4     => 'krb',
+                     internal => 'int',
+                     localuth => 'loc',
+                     unix     => 'fsys',
+                   );
+    return %abv_auth;
+}
 
 # ======================================================= Existing Custom Roles
 
@@ -178,8 +193,13 @@ END_SCRIPT
     }
     my $output = $quota_javascript.
                  '<h3>'.$lt{'disk'}.'</h3>'.
-                 $lt{'cuqu'}.': '.$currquota.'&nbsp;Mb.&nbsp;&nbsp;'.
-                 $defaultinfo.'<br /><span class="LC_nobreak">'.$lt{'chqu'}.
+                 &Apache::loncommon::start_data_table().
+                 &Apache::loncommon::start_data_table_row().
+                 '<td>'.$lt{'cuqu'}.': '.$currquota.'&nbsp;Mb.&nbsp;&nbsp;'.
+                 $defaultinfo.'</td>'.
+                 &Apache::loncommon::end_data_table_row().
+                 &Apache::loncommon::start_data_table_row().
+                 '<td><span class="LC_nobreak">'.$lt{'chqu'}.
                  ': <label>'.
                  '<input type="radio" name="customquota" value="0" '.
                  $custom_off.' onchange="javascript:quota_changes('."'custom'".')"
@@ -189,7 +209,9 @@ END_SCRIPT
                  $lt{'cust'}.':</label>&nbsp;'.
                  '<input type="text" name="portfolioquota" size ="5" value="'.
                  $showquota.'" onfocus="javascript:quota_changes('."'quota'".')" '.
-                 '/>&nbsp;Mb';
+                 '/>&nbsp;Mb</span></td>'.
+                 &Apache::loncommon::end_data_table_row().
+                 &Apache::loncommon::end_data_table();
     return $output;
 }
 
@@ -428,9 +450,12 @@ sub print_user_modification_page {
 	&print_username_entry_form($r,$usermsg);
         return;
     }
-    my ($curr_authtype,$instsrch,$rulematch,$rules,%inst_results);
+    my %abv_auth = &auth_abbrev();
+    my ($curr_authtype,$instsrch,$rulematch,$rules,%inst_results,
+        $curr_kerb_ver,$newuser);
     my $uhome=&Apache::lonnet::homeserver($ccuname,$ccdomain);
     if ($uhome eq 'no_host') {
+        $newuser = 1;
         $instsrch =
                       {
                          srchin => 'instd',
@@ -446,8 +471,15 @@ sub print_user_modification_page {
             return;
         }
     } else {
-        $curr_authtype = 
+        $newuser = 0;
+        my $currentauth = 
             &Apache::lonnet::queryauthenticate($ccuname,$ccdomain);
+        if ($currentauth =~ /^(krb4|krb5|unix|internal|localauth):/) {	
+            $curr_authtype = $abv_auth{$1};
+            if ($currentauth =~ /^krb(4|5)/) {
+                $curr_kerb_ver = $1;
+            }
+        }
     }
     if ($response) {
         $response = '<br />'.$response
@@ -461,6 +493,7 @@ sub print_user_modification_page {
                   kerb_def_dom => $krbdefdom,
                   kerb_def_auth => $krbdef,
                   curr_authtype => $curr_authtype,
+                  curr_kerb_ver => $curr_kerb_ver,
                   domain => $ccdomain,
                 );
     $loginscript  = &Apache::loncommon::authform_header(%param);
@@ -669,10 +702,17 @@ ENDSECCODE
                                    $nondc_setsection_code,$groupslist);
 
     my ($jsback,$elements) = &crumb_utilities();
-
+    my $javascript_validations;
+    if ((&Apache::lonnet::allowed('mau',$ccdomain)) || ($uhome eq 'no_host')) {
+        my ($krbdef,$krbdefdom) =
+            &Apache::loncommon::get_kerberos_defaults($ccdomain);
+        $javascript_validations = 
+            &Apache::londropadd::javascript_validations('auth',$krbdefdom,undef,
+                                                        undef,$ccdomain);
+    }
     $js .= "\n".
-           '<script type="text/javascript">'."\n".$jsback."\n".'</script>';
-
+       '<script type="text/javascript">'."\n".$jsback."\n".
+       $javascript_validations.'</script>';
     my $start_page = 
 	&Apache::loncommon::start_page('Create Users, Change User Privileges',
 				       $js,{'add_entries' => \%loaditem,});
@@ -696,8 +736,8 @@ ENDSECCODE
     my $forminfo =<<"ENDFORMINFO";
 <form action="/adm/createuser" method="post" name="cu">
 <input type="hidden" name="phase"       value="update_user_data" />
-<input type="hidden" name="ccuname"     value="$ccuname" />
-<input type="hidden" name="ccdomain"    value="$ccdomain" />
+<input type="hidden" name="ccuname" value="$ccuname" />
+<input type="hidden" name="ccdomain" value="$ccdomain" />
 <input type="hidden" name="pres_value"  value="" />
 <input type="hidden" name="pres_type"   value="" />
 <input type="hidden" name="pres_marker" value="" />
@@ -709,72 +749,31 @@ ENDFORMINFO
         }
     }
     if ($uhome eq 'no_host') {
-	my %lt=&Apache::lonlocal::texthash(
-                    'cnu'            => "Create New User",
-                    'nu'             => "New User",
-                    'ind'            => "in domain",
-                    'pd'             => "Personal Data",
-                    'firstname'      => "First Name",
-                    'middlename'     => "Middle Name",
-                    'lastname'       => "Last Name",
-                    'generation'     => "Generation",
-                    'permanentemail' => "Permanent e-mail address",
-                    'id'             => "ID/Student Number",
-                    'hs'             => "Home Server",
-                    'lg'             => "Login Data"
-				       );
-        my @userinfo = ('firstname','middlename','lastname','generation','permanentemail','id');
-        my %textboxsize = (
-                           firstname      => '15',
-                           middlename     => '15',
-                           lastname       => '15',
-                           generation     => '5',
-                           permanentemail => '25',
-                           id             => '15',
-                          );
-        my %element   = (
-                           firstname      => 'cfirst', 
-                           middlename     => 'cmiddle',
-                           lastname       => 'clast',
-                           generation     => 'cgen',
-                           permanentemail => 'cemail',
-                           id             => 'cstid',
-                          );
         my $portfolioform;
         if (&Apache::lonnet::allowed('mpq',$env{'request.role.domain'})) {
             # Current user has quota modification privileges
-            $portfolioform = &portfolio_quota($ccuname,$ccdomain);
+            $portfolioform = '<br />'.&portfolio_quota($ccuname,$ccdomain);
         }
-	my $genhelp=&Apache::loncommon::help_open_topic('Generation');
         &initialize_authen_forms($ccdomain);
+        my %lt=&Apache::lonlocal::texthash(
+                'cnu'            => 'Create New User',
+                'ind'            => 'in domain',
+                'lg'             => 'Login Data',
+        );
 	$r->print(<<ENDTITLE);
 $start_page
 $crumbs
 $response
 $forminfo
-<h2>$lt{'cnu'} "$ccuname" $lt{'ind'} $ccdomain</h2>
 <script type="text/javascript" language="Javascript">
 $loginscript
 </script>
 <input type='hidden' name='makeuser' value='1' />
-<h3>$lt{'pd'}</h3>
-<p>
+<h3>$lt{'cnu'} "$ccuname" $lt{'ind'} $ccdomain</h3>
 ENDTITLE
-        $r->print(&Apache::lonhtmlcommon::start_pick_box());
-        foreach my $item (@userinfo) {
-            my $rowtitle = $lt{$item};
-            if ($item eq 'generation') {
-                $rowtitle = $genhelp.$rowtitle;
-            }
-            $r->print(&Apache::lonhtmlcommon::row_title($rowtitle,undef,'LC_oddrow_value')."\n");
-            if ($inst_results{$item} ne '') {
-                $r->print('<input type="hidden" name="'.$element{$item}.'" value="'.$inst_results{$item}.'" />'.$inst_results{$item});
-            } else {
-                $r->print('<input type="text" name="'.$element{$item}.'" size="'.$textboxsize{$item}.'" value="" />');
-            }
-            $r->print(&Apache::lonhtmlcommon::row_closure(1));
-        }
-        $r->print(&Apache::lonhtmlcommon::end_pick_box());
+        $r->print('<div class="LC_left_float">'.
+                  &personal_data_display($ccuname,$ccdomain,$newuser,
+                                         %inst_results));
         my ($home_server_pick,$numlib) = 
             &Apache::loncommon::home_server_form_item($ccdomain,'hserver',
                                                       'default','hide');
@@ -786,7 +785,8 @@ $lt{'hs'}: $home_server_pick
         } else {
             $r->print($home_server_pick);
         }
-        $r->print("<hr />\n".'<h3>'.$lt{'lg'}.'</h3>');
+        $r->print('</div>'."\n".'<div class="LC_left_float"><h3>'.
+                  $lt{'lg'}.'</h3>');
         my ($fixedauth,$varauth,$authmsg); 
         if ($rulematch) {
             if (ref($rules) eq 'HASH') {
@@ -833,49 +833,57 @@ ENDAUTH
             $r->print(&set_login($ccdomain)); 
         }
         $r->print(<<ENDPORT);
-<hr />
-$portfolioform
+        $portfolioform
+</div><div class="LC_clear_float_footer"></div>
 ENDPORT
     } else { # user already exists
 	my %lt=&Apache::lonlocal::texthash(
-                    'cup'  => "Change User Privileges for",
+                    'cup'  => "Existing user ",
                     'id'   => "in domain",
-                    'fn'   => "first name",
-                    'mn'   => "middle name",
-                    'ln'   => "last name",
-                    'gen'  => "generation",
-                    'email' => "permanent e-mail",
 				       );
 	$r->print(<<ENDCHANGEUSER);
 $start_page
 $crumbs
 $forminfo
-<h2>$lt{'cup'} "$ccuname" $lt{'id'} "$ccdomain"</h2>
+<h3>$lt{'cup'} "$ccuname" $lt{'id'} "$ccdomain"</h3>
 ENDCHANGEUSER
-        # Get the users information
-        my %userenv = 
-            &Apache::lonnet::get('environment',
-                ['firstname','middlename','lastname','generation',
-                 'permanentemail','portfolioquota'],$ccdomain,$ccuname);
-        my %rolesdump=&Apache::lonnet::dump('roles',$ccdomain,$ccuname);
-        $r->print('
-<hr />'.
-                  &Apache::loncommon::start_data_table().
-                  &Apache::loncommon::start_data_table_header_row().
-'<th>'.$lt{'fn'}.'</th><th>'.$lt{'mn'}.'</th><th>'.$lt{'ln'}.'</th><th>'.$lt{'gen'}.'</th><th>'.$lt{'email'}.'</th>'.
-                  &Apache::loncommon::end_data_table_header_row().
-                  &Apache::loncommon::start_data_table_row());
-        foreach my $item ('firstname','middlename','lastname','generation','permanentemail') {
-           if (&Apache::lonnet::allowed('mau',$ccdomain)) {
-              $r->print(<<"END");
-<td><input type="text" name="c$item" value="$userenv{$item}" size="15" /></td>
-END
-           } else {
-               $r->print('<td>'.$userenv{$item}.'</td>');
-           }
+        $r->print('<div class="LC_left_float">'.
+                  &personal_data_display($ccuname,$ccdomain,$newuser,
+                                         %inst_results).
+                  '</div>');
+        my $user_auth_text = 
+            &user_authentication($ccuname,$ccdomain,$krbdefdom,\%abv_auth);
+        my $user_quota_text;
+        if (&Apache::lonnet::allowed('mpq',$ccdomain)) {
+            # Current user has quota modification privileges
+            $user_quota_text = &portfolio_quota($ccuname,$ccdomain);
+        } elsif (&Apache::lonnet::allowed('mpq',$env{'request.role.domain'})) {
+            # Get the user's portfolio information
+            my %portq = &Apache::lonnet::get('environment',['portfolioquota'],
+                                             $ccdomain,$ccuname);
+
+            my %lt=&Apache::lonlocal::texthash(
+                'dska'  => "Disk space allocated to user's portfolio files",
+                'youd'  => "You do not have privileges to modify the portfolio quota for this user.",
+                'ichr'  => "If a change is required, contact a domain coordinator for the domain",
+            );
+            $user_quota_text = <<ENDNOPORTPRIV;
+<h3>$lt{'dska'}</h3>
+$lt{'youd'} $lt{'ichr'}: $ccdomain
+ENDNOPORTPRIV
         }
-        $r->print(&Apache::loncommon::end_data_table_row().
-                  &Apache::loncommon::end_data_table());
+        if ($user_auth_text ne '') {
+            $r->print('<div class="LC_left_float">'.$user_auth_text);
+            if ($user_quota_text ne '') {
+                $r->print($user_quota_text);
+            }
+            $r->print('</div>');
+
+        } elsif ($user_quota_text ne '') {
+            $r->print('<div class="LC_left_float">'.$user_quota_text.'</div>');
+        }
+        $r->print('<div class="LC_clear_float_footer"></div>');
+        my %rolesdump=&Apache::lonnet::dump('roles',$ccdomain,$ccuname);
         # Build up table of user roles to allow revocation of a role.
         my ($tmp) = keys(%rolesdump);
         unless ($tmp =~ /^(con_lost|error)/i) {
@@ -1014,7 +1022,7 @@ END
                    $plaintext=&Apache::lonnet::plaintext($role_code,$class)
 	       } else {
 	           $plaintext=
-		"Customrole '$croletitle' defined by $croleuname\@$croleudom";
+		"Customrole '$croletitle'<br />defined by $croleuname\@$croleudom";
 	       }
                $row.= '</td><td>'.$plaintext.
                       '</td><td>'.$area.
@@ -1050,7 +1058,6 @@ END
 	   }
            if ($rolesdisplay == 1) {
                $r->print('
-<hr />
 <h3>'.$lt{'rer'}.'</h3>'.
 &Apache::loncommon::start_data_table("LC_createuser").
 &Apache::loncommon::start_data_table_header_row().
@@ -1066,121 +1073,16 @@ END
 	       $r->print(&Apache::loncommon::end_data_table());
            }
         }  # End of unless
-	my $currentauth=&Apache::lonnet::queryauthenticate($ccuname,$ccdomain);
-	if ($currentauth=~/^krb(4|5):/) {
-	    $currentauth=~/^krb(4|5):(.*)/;
-	    my $krbdefdom=$2;
-            my %param = ( formname => 'document.cu',
-                          kerb_def_dom => $krbdefdom,
-                          domain => $ccdomain,
-                          curr_authtype => $currentauth, 
-                          );
-            $loginscript  = &Apache::loncommon::authform_header(%param);
-	}
-	# Check for a bad authentication type
-        if ($currentauth !~ /^(krb4|krb5|unix|internal|localauth):/) {
-	    # bad authentication scheme
-	    if (&Apache::lonnet::allowed('mau',$ccdomain)) {
-                &initialize_authen_forms($ccdomain);
-		my %lt=&Apache::lonlocal::texthash(
-                               'err'   => "ERROR",
-			       'uuas'  => "This user has an unrecognized authentication scheme",
-                               'sldb'  => "Please specify login data below",
-                               'ld'    => "Login Data"
-						   );
-                my $choices = &set_login($ccdomain);
-		$r->print(<<ENDBADAUTH);
-<hr />
-<script type="text/javascript" language="Javascript">
-$loginscript
-</script>
-<font color='#ff0000'>$lt{'err'}:</font>
-$lt{'uuas'} ($currentauth). $lt{'sldb'}.
-<h3>$lt{'ld'}</h3>
-$choices
-ENDBADAUTH
-            } else { 
-                # This user is not allowed to modify the user's 
-                # authentication scheme, so just notify them of the problem
-		my %lt=&Apache::lonlocal::texthash(
-                               'err'   => "ERROR",
-			       'uuas'  => "This user has an unrecognized authentication scheme",
-                               'adcs'  => "Please alert a domain coordinator of this situation"
-						   );
-		$r->print(<<ENDBADAUTH);
-<hr />
-<font color="#ff0000"> $lt{'err'}: </font>
-$lt{'uuas'} ($currentauth). $lt{'adcs'}.
-<hr />
-ENDBADAUTH
-            }
-        } else { # Authentication type is valid
-	    my $authformcurrent='';
-	    my $authform_other='';
-            &initialize_authen_forms($ccdomain,$currentauth);
-            my ($authformcurrent,$authform_other,$can_modify) = 
-                &modify_login_block($ccdomain,$currentauth);
-            if (&Apache::lonnet::allowed('mau',$ccdomain)) {
-		# Current user has login modification privileges
-		my %lt=&Apache::lonlocal::texthash(
-                               'ccld'  => "Change Current Login Data",
-			       'enld'  => "Enter New Login Data"
-						   );
-		$r->print(<<ENDOTHERAUTHS);
-<hr />
-<script type="text/javascript" language="Javascript">
-$loginscript
-</script>
-<h3>$lt{'ccld'}</h3>
-<p>$authformnop
-ENDOTHERAUTHS
-                if ($can_modify) {
-                    $r->print('</p><p>'.$authformcurrent.'</p>');
-                } else {
-                    $r->print('&nbsp;('.$authformcurrent.')</p>'); 
-                }
-                if ($authform_other ne '') {
-                    $r->print('<h3>'.$lt{'enld'}.'</h3>'."\n".
-                              $authform_other);
-                }
-            } else {
-                if (&Apache::lonnet::allowed('mau',$env{'request.role.domain'})) {
-                    my %lt=&Apache::lonlocal::texthash(
-                               'ccld'  => "Change Current Login Data",
-                               'yodo'  => "You do not have privileges to modify the authentication configuration for this user.",
-                               'ifch'  => "If a change is required, contact a domain coordinator for the domain",
-                    );
-                    $r->print(<<ENDNOPRIV);
-<hr />
-<h3>$lt{'ccld'}</h3>
-$lt{'yodo'} $lt{'ifch'}: $ccdomain 
-ENDNOPRIV
-                } 
-            }
-        }  ## End of "check for bad authentication type" logic
-        if (&Apache::lonnet::allowed('mpq',$ccdomain)) {
-            # Current user has quota modification privileges
-            $r->print(&portfolio_quota($ccuname,$ccdomain));
-        } elsif (&Apache::lonnet::allowed('mpq',$env{'request.role.domain'})) { 
-            my %lt=&Apache::lonlocal::texthash(
-                'dska'  => "Disk space allocated to user's portfolio files",
-                'youd'  => "You do not have privileges to modify the portfolio quota for this user.",
-                'ichr'  => "If a change is required, contact a domain coordinator for the domain",
-            );
-            $r->print(<<ENDNOPORTPRIV);
-<hr />
-<h3>$lt{'dska'}</h3>
-$lt{'youd'} $lt{'ichr'}: $ccdomain
-ENDNOPORTPRIV
-        }
     } ## End of new user/old user logic
-    $r->print('<hr /><h3>'.&mt('Add Roles').'</h3>');
+    my $addrolesdisplay = 0;
+    $r->print('<h3>'.&mt('Add Roles').'</h3>');
 #
 # Co-Author
 # 
     if (&authorpriv($env{'user.name'},$env{'request.role.domain'}) &&
         ($env{'user.name'} ne $ccuname || $env{'user.domain'} ne $ccdomain)) {
         # No sense in assigning co-author role to yourself
+        $addrolesdisplay = 1;
 	my $cuname=$env{'user.name'};
         my $cudom=$env{'request.role.domain'};
 	   my %lt=&Apache::lonlocal::texthash(
@@ -1227,6 +1129,13 @@ ENDNOPORTPRIV
 "javascript:pjump('."'date_end','End Date Assistant Co-Author',document.cu.end_$cudom\_$cuname\_aa.value,'end_$cudom\_$cuname\_aa','cu.pres','dateset'".')">'.$lt{'sed'}.'</a></td>'."\n".
          &Apache::loncommon::end_data_table_row()."\n".
          &Apache::loncommon::end_data_table());
+    } elsif (!(&authorpriv($env{'user.name'},$env{'request.role.domain'}))) {
+        $r->print('<span class="LC_error">'.
+                  &mt('You do not have privileges to assign co-author roles.').
+                  '</span>');     
+    } elsif (($env{'user.name'} eq $ccuname) && 
+             ($env{'user.domain'} eq $ccdomain)) {
+       $r->print(&mt('Assigning yourself a co-author or assistant co-author role in your own author area in Construction Space is not permitted'));  
     }
 #
 # Domain level
@@ -1267,38 +1176,161 @@ ENDNOPORTPRIV
     $domaintext.= &Apache::loncommon::end_data_table();
     if ($num_domain_level > 0) {
         $r->print($domaintext);
+        $addrolesdisplay = 1;
     }
 #
-# Course and group levels
+# Course level
 #
 
     if ($env{'request.role'} =~ m{^dc\./($match_domain)/$}) {
         $r->print(&course_level_dc($1,'Course'));
-        $r->print('<hr /><input type="button" value="'.&mt('Modify User').'" onClick="setCourse()" />'."\n");
+        $r->print('<br /><input type="button" value="'.&mt('Modify User').'" onClick="setCourse()" />'."\n");
+    } elsif ($env{'request.role'} =~ m{^au\./($match_domain)/$}) {
+        if ($addrolesdisplay) {
+            $r->print('<br /><input type="button" value="'.&mt('Modify User').'"');
+            if ($newuser) {
+                $r->print(' onClick="verify_message(this.form)" \>'."\n");
+            } else {
+                $r->print('onClick="this.form.submit()" \>'."\n"); 
+            }
+        } else {
+            $r->print('<br /><a href="javascript:backPage(document.cu)">'.
+                      &mt('Back to previous page').'</a>');
+        }
     } else {
         $r->print(&course_level_table(%inccourses));
-        $r->print('<hr /><input type="button" value="'.&mt('Modify User').'" onClick="setSections()" />'."\n");
+        $r->print('<br /><input type="button" value="'.&mt('Modify User').'" onClick="setSections()" />'."\n");
     }
-    $r->print(&Apache::lonhtmlcommon::echo_form_input(['phase','userrole','ccdomain','prevphase','currstate']));
+    $r->print(&Apache::lonhtmlcommon::echo_form_input(['phase','userrole','ccdomain','prevphase','currstate','ccuname','ccdomain']));
     $r->print('<input type="hidden" name="currstate" value="" />');
     $r->print('<input type="hidden" name="prevphase" value="'.$env{'form.phase'}.'" />');
     $r->print("</form>".&Apache::loncommon::end_page());
 }
 
+sub user_authentication {
+    my ($ccuname,$ccdomain,$krbdefdom,$abv_auth) = @_;
+    my $currentauth=&Apache::lonnet::queryauthenticate($ccuname,$ccdomain);
+    my ($loginscript,$outcome);
+    if ($currentauth=~/^(krb)(4|5):(.*)/) {
+        my $long_auth = $1.$2;
+        my $curr_kerb_ver = $2;
+        my $krbdefdom=$3;
+        my $curr_authtype = $abv_auth->{$long_auth};
+        my %param = ( formname      => 'document.cu',
+                      kerb_def_dom  => $krbdefdom,
+                      domain        => $ccdomain,
+                      curr_authtype => $curr_authtype,
+                      curr_kerb_ver => $curr_kerb_ver,
+                          );
+        $loginscript  = &Apache::loncommon::authform_header(%param);
+    }
+    # Check for a bad authentication type
+    if ($currentauth !~ /^(krb4|krb5|unix|internal|localauth):/) {
+        # bad authentication scheme
+        my %lt=&Apache::lonlocal::texthash(
+                       'err'   => "ERROR",
+                       'uuas'  => "This user has an unrecognized authentication scheme",
+                       'adcs'  => "Please alert a domain coordinator of this situation",
+                       'sldb'  => "Please specify login data below",
+                       'ld'    => "Login Data"
+        );
+        if (&Apache::lonnet::allowed('mau',$ccdomain)) {
+            &initialize_authen_forms($ccdomain);
+            my $choices = &set_login($ccdomain);
+            $outcome = <<ENDBADAUTH;
+<script type="text/javascript" language="Javascript">
+$loginscript
+</script>
+<span class="LC_error">$lt{'err'}:
+$lt{'uuas'} ($currentauth). $lt{'sldb'}.</span>
+<h3>$lt{'ld'}</h3>
+$choices
+ENDBADAUTH
+        } else {
+            # This user is not allowed to modify the user's
+            # authentication scheme, so just notify them of the problem
+            $outcome = <<ENDBADAUTH;
+<span class="LC_error"> $lt{'err'}: 
+$lt{'uuas'} ($currentauth). $lt{'adcs'}.
+</span>
+ENDBADAUTH
+        }
+    } else { # Authentication type is valid
+        my $authformcurrent='';
+        my $authform_other='';
+        &initialize_authen_forms($ccdomain,$currentauth);
+        my ($authformcurrent,$authform_other,$can_modify) =
+            &modify_login_block($ccdomain,$currentauth);
+        if (&Apache::lonnet::allowed('mau',$ccdomain)) {
+            # Current user has login modification privileges
+            my %lt=&Apache::lonlocal::texthash (
+                           'ld'    => "Login Data",
+                           'ccld'  => "Change Current Login Data",
+                           'enld'  => "Enter New Login Data"
+                                               );
+            $outcome =
+                       '<script type="text/javascript" language="Javascript">'."\n".
+                       $loginscript."\n".
+                       '</script>'."\n".
+                       '<h3>'.$lt{'ld'}.'</h3>'.
+                       &Apache::loncommon::start_data_table().
+                       &Apache::loncommon::start_data_table_row().
+                       '<td>'.$authformnop;
+            if ($can_modify) {
+                $outcome .= '</td>'."\n".
+                            &Apache::loncommon::end_data_table_row().
+                            &Apache::loncommon::start_data_table_row().
+                            '<td>'.$authformcurrent.'</td>'.
+                            &Apache::loncommon::end_data_table_row()."\n";
+            } else {
+                $outcome .= '&nbsp;('.$authformcurrent.')</td>';
+            }
+            if ($authform_other ne '') {
+                $outcome .= $authform_other;
+            }
+            $outcome .= &Apache::loncommon::end_data_table_row().
+                        &Apache::loncommon::end_data_table();
+        } else {
+            if (&Apache::lonnet::allowed('mau',$env{'request.role.domain'})) {
+                my %lt=&Apache::lonlocal::texthash(
+                           'ccld'  => "Change Current Login Data",
+                           'yodo'  => "You do not have privileges to modify the authentication configuration for this user.",
+                           'ifch'  => "If a change is required, contact a domain coordinator for the domain",
+                );
+                $outcome .= <<ENDNOPRIV;
+<h3>$lt{'ccld'}</h3>
+$lt{'yodo'} $lt{'ifch'}: $ccdomain
+ENDNOPRIV
+            }
+        }
+    }  ## End of "check for bad authentication type" logic
+    return $outcome;
+}
+
 sub set_login {
     my ($dom) = @_;
     my %domconfig = &Apache::lonnet::get_dom('configuration',['usercreation'],$dom);
     my $response;
     my ($authnum,%can_assign) = 
         &Apache::loncommon::get_assignable_auth($dom);
-    if (($can_assign{'krb4'}) || ($can_assign{'krb5'})) {
-        $response .= "<p>$authformkrb </p>\n";
-    }
-    if ($can_assign{'int'}) {
-        $response .= "<p>$authformint </p>\n"
-    }
-    if ($can_assign{'loc'}) {
-        $response .= "<p>$authformloc </p>\n";
+    if ($authnum) {
+        $response = &Apache::loncommon::start_data_table();
+        if (($can_assign{'krb4'}) || ($can_assign{'krb5'})) {
+            $response .= &Apache::loncommon::start_data_table_row().
+                         '<td>'.$authformkrb.'</td>'.
+                         &Apache::loncommon::end_data_table_row()."\n";
+        }
+        if ($can_assign{'int'}) {
+            $response .= &Apache::loncommon::start_data_table_row().
+                         '<td>'.$authformint.'</td>'.
+                         &Apache::loncommon::end_data_table_row()."\n"
+        }
+        if ($can_assign{'loc'}) {
+            $response .= &Apache::loncommon::start_data_table_row().
+                         '<td>'.$authformloc.'</td>'.
+                         &Apache::loncommon::end_data_table_row()."\n";
+        }
+        $response .= &Apache::loncommon::end_data_table();
     }
     return $response;
 }
@@ -1312,10 +1344,14 @@ sub modify_login_block {
     if ($currentauth=~/^krb(4|5):/) {
         $authformcurrent=$authformkrb;
         if ($can_assign{'int'}) {
-            $authform_other = "<p>$authformint </p>\n"
+            $authform_other = &Apache::loncommon::start_data_table_row().
+                              '<td>'.$authformint.'</td>'.
+                              &Apache::loncommon::end_data_table_row()."\n"
         }
         if ($can_assign{'loc'}) {
-            $authform_other .= "<p>$authformloc </p>\n";
+            $authform_other .= &Apache::loncommon::start_data_table_row().
+                               '<td>'.$authformloc.'</td>'.
+                               &Apache::loncommon::end_data_table_row()."\n";
         }
         if (($can_assign{'krb4'}) || ($can_assign{'krb5'})) {
             $show_override_msg = 1;
@@ -1323,10 +1359,14 @@ sub modify_login_block {
     } elsif ($currentauth=~/^internal:/) {
         $authformcurrent=$authformint;
         if (($can_assign{'krb4'}) || ($can_assign{'krb5'})) {
-            $authform_other = "<p>$authformkrb </p>\n"
+            $authform_other = &Apache::loncommon::start_data_table_row().
+                              '<td>'.$authformkrb.'</td>'.
+                              &Apache::loncommon::end_data_table_row()."\n";
         }
         if ($can_assign{'loc'}) {
-            $authform_other .= "<p>$authformloc </p>\n";
+            $authform_other .= &Apache::loncommon::start_data_table_row().
+                               '<td>'.$authformloc.'</td>'.
+                               &Apache::loncommon::end_data_table_row()."\n";
         }
         if ($can_assign{'int'}) {
             $show_override_msg = 1;
@@ -1334,13 +1374,19 @@ sub modify_login_block {
     } elsif ($currentauth=~/^unix:/) {
         $authformcurrent=$authformfsys;
         if (($can_assign{'krb4'}) || ($can_assign{'krb5'})) {
-            $authform_other = "<p>$authformkrb </p>\n"
+            $authform_other = &Apache::loncommon::start_data_table_row().
+                              '<td>'.$authformkrb.'</td>'.
+                              &Apache::loncommon::end_data_table_row()."\n";
         }
         if ($can_assign{'int'}) {
-            $authform_other .= "<p>$authformint </p>\n"
+            $authform_other .= &Apache::loncommon::start_data_table_row().
+                               '<td>'.$authformint.'</td>'.
+                               &Apache::loncommon::end_data_table_row()."\n"
         }
         if ($can_assign{'loc'}) {
-            $authform_other .= "<p>$authformloc </p>\n";
+            $authform_other .= &Apache::loncommon::start_data_table_row().
+                               '<td>'.$authformloc.'</td>'.
+                               &Apache::loncommon::end_data_table_row()."\n";
         }
         if ($can_assign{'fsys'}) {
             $show_override_msg = 1;
@@ -1348,10 +1394,14 @@ sub modify_login_block {
     } elsif ($currentauth=~/^localauth:/) {
         $authformcurrent=$authformloc;
         if (($can_assign{'krb4'}) || ($can_assign{'krb5'})) {
-            $authform_other = "<p>$authformkrb </p>\n"
+            $authform_other = &Apache::loncommon::start_data_table_row().
+                              '<td>'.$authformkrb.'</td>'.
+                              &Apache::loncommon::end_data_table_row()."\n";
         }
         if ($can_assign{'int'}) {
-            $authform_other .= "<p>$authformint </p>\n"
+            $authform_other .= &Apache::loncommon::start_data_table_row().
+                               '<td>'.$authformint.'</td>'.
+                               &Apache::loncommon::end_data_table_row()."\n"
         }
         if ($can_assign{'loc'}) {
             $show_override_msg = 1;
@@ -1365,15 +1415,75 @@ sub modify_login_block {
     return ($authformcurrent,$authform_other,$show_override_msg); 
 }
 
+sub personal_data_display {
+    my ($ccuname,$ccdomain,$newuser,%inst_results) = @_; 
+    my ($output,%userenv);
+    if (!$newuser) {
+        # Get the users information
+        %userenv = &Apache::lonnet::get('environment',
+                   ['firstname','middlename','lastname','generation',
+                    'permanentemail','id'],$ccdomain,$ccuname);
+    }
+    my %lt=&Apache::lonlocal::texthash(
+                'pd'             => "Personal Data",
+                'firstname'      => "First Name",
+                'middlename'     => "Middle Name",
+                'lastname'       => "Last Name",
+                'generation'     => "Generation",
+                'permanentemail' => "Permanent e-mail address",
+                'id'             => "ID/Student Number",
+                'hs'             => "Home Server",
+                'lg'             => "Login Data"
+    );
+    my @userinfo = ('firstname','middlename','lastname','generation',
+                    'permanentemail','id');
+    my %textboxsize = (
+                       firstname      => '15',
+                       middlename     => '15',
+                       lastname       => '15',
+                       generation     => '5',
+                       permanentemail => '25',
+                       id             => '15',
+                      );
+    my $genhelp=&Apache::loncommon::help_open_topic('Generation');
+    $output = '<h3>'.$lt{'pd'}.'</h3>'.
+              &Apache::lonhtmlcommon::start_pick_box();
+    foreach my $item (@userinfo) {
+        my $rowtitle = $lt{$item};
+        if ($item eq 'generation') {
+            $rowtitle = $genhelp.$rowtitle;
+        }
+        $output .= &Apache::lonhtmlcommon::row_title($rowtitle,undef,'LC_oddrow_value')."\n";
+        if ($newuser) {
+            if ($inst_results{$item} ne '') {
+                $output .= '<input type="hidden" name="c'.$item.'" value="'.$inst_results{$item}.'" />'.$inst_results{$item};
+            } else {
+                $output .= '<input type="text" name="c'.$item.'" size="'.$textboxsize{$item}.'" value="" />';
+            }
+        } else {
+            if (&Apache::lonnet::allowed('mau',$ccdomain)) {
+                $output .= '<input type="text" name="c'.$item.'" size="'.$textboxsize{$item}.'" value="'.$userenv{$item}.'" />';
+            } else {
+                $output .= $userenv{$item};
+            }
+        }
+        $output .= &Apache::lonhtmlcommon::row_closure(1);
+    }
+    $output .= &Apache::lonhtmlcommon::end_pick_box();
+    return $output;
+}
+
 # ================================================================= Phase Three
 sub update_user_data {
     my ($r) = @_; 
     my $uhome=&Apache::lonnet::homeserver($env{'form.ccuname'},
                                           $env{'form.ccdomain'});
     # Error messages
-    my $error     = '<font color="#ff0000">'.&mt('Error').':</font>';
-    my $end       = &Apache::loncommon::end_page();
-
+    my $error     = '<span class="LC_error">'.&mt('Error').': ';
+    my $end       = '</span><br /><br />'.
+                    '<a href="javascript:backPage(document.userupdate,'.
+                    "'$env{'form.prevphase'}','modify')".'" />'.
+                    &mt('Return to previous page').'</a>'.&Apache::loncommon::end_page();
     my $title;
     if (exists($env{'form.makeuser'})) {
 	$title='Set Privileges for New User';
@@ -1406,6 +1516,7 @@ sub update_user_data {
     $r->print(&Apache::lonhtmlcommon::breadcrumbs('User Management'));
 
     my %disallowed;
+    $r->print(&update_result_form($uhome));
     # Check Inputs
     if (! $env{'form.ccuname'} ) {
 	$r->print($error.&mt('No login name specified').'.'.$end);
@@ -1467,8 +1578,8 @@ sub update_user_data {
     }
 
 
-    $r->print('<h2>'.&mt('User [_1] in domain [_2]',
-			 $env{'form.ccuname'}, $env{'form.ccdomain'}).'</h2>');
+    $r->print('<h3>'.&mt('User [_1] in domain [_2]',
+			 $env{'form.ccuname'}, $env{'form.ccdomain'}).'</h3>');
 
     if ($env{'form.makeuser'}) {
 	$r->print('<h3>'.&mt('Creating new account.').'</h3>');
@@ -1492,10 +1603,10 @@ sub update_user_data {
 	# Call modifyuser
 	my $result = &Apache::lonnet::modifyuser
 	    ($env{'form.ccdomain'},$env{'form.ccuname'},$env{'form.cstid'},
-             $amode,$genpwd,$env{'form.cfirst'},
-             $env{'form.cmiddle'},$env{'form.clast'},$env{'form.cgen'},
-             undef,$desiredhost,$env{'form.cemail'}
-	     );
+             $amode,$genpwd,$env{'form.cfirstname'},
+             $env{'form.cmiddlename'},$env{'form.clastname'},
+             $env{'form.cgeneration'},undef,$desiredhost,
+             $env{'form.cpermanentemail'});
 	$r->print(&mt('Generating user').': '.$result);
         my $home = &Apache::lonnet::homeserver($env{'form.ccuname'},
                                                $env{'form.ccdomain'});
@@ -1654,9 +1765,9 @@ END
                     &Apache::lonnet::appenv(%newenvhash);
                 }
             } else { # error occurred
-                $r->print("<h2>".&mt('Unable to successfully change environment for')." ".
-                      $env{'form.ccuname'}." ".&mt('in domain')." ".
-                      $env{'form.ccdomain'}."</h2>");
+                $r->print('<span class="LC_error">'.&mt('Unable to successfully change environment for').' '.
+                      $env{'form.ccuname'}.' '.&mt('in domain').' '.
+                      $env{'form.ccdomain'}.'</span>');
             }
         }  else { # End of if ($env ... ) logic
             my $putresult;
@@ -1672,8 +1783,7 @@ END
                            'disk' => "Disk space allocated to user's portfolio files",
 					       );
             $r->print(<<"END");
-<h4>$userenv{'firstname'} $userenv{'middlename'} $userenv{'lastname'} $userenv{'generation'}</h4>
-<h4>$lt{'mail'}: $userenv{'permanentemail'}</h4>
+<h4>$userenv{'firstname'} $userenv{'middlename'} $userenv{'lastname'} $userenv{'generation'}&nbsp;&nbsp;($lt{'mail'}: $userenv{'permanentemail'})</h4>
 END
             if ($putresult eq 'ok') {
                 if ($oldportfolioquota != $newportfolioquota) {
@@ -1894,20 +2004,28 @@ END
     } # End of foreach (keys(%env))
 # Flush the course logs so reverse user roles immediately updated
     &Apache::lonnet::flushcourselogs();
-    $r->print('<p><a href="/adm/createuser">'.&mt('Create/Modify Another User').'</a></p>');
-    $r->print('<form name="userupdate" method="post" />'."\n");
+    $r->print(&Apache::loncommon::end_page());
+}
+
+sub update_result_form {
+    my ($uhome) = @_;
+    my $outcome = 
+    '<form name="userupdate" method="post" />'."\n";
     foreach my $item ('srchby','srchin','srchtype','srchterm','srchdomain','ccuname','ccdomain') {
-        $r->print('<input type="hidden" name="'.$item.'" value="'.$env{'form.'.$item}.'" />'."\n");
+        $outcome .= '<input type="hidden" name="'.$item.'" value="'.$env{'form.'.$item}.'" />'."\n";
     }
     foreach my $item ('sortby','seluname','seludom') {
         if (exists($env{'form.'.$item})) {
-            $r->print('<input type="hidden" name="'.$item.'" value="'.$env{'form.'.$item}.'" />'."\n");
+            $outcome .= '<input type="hidden" name="'.$item.'" value="'.$env{'form.'.$item}.'" />'."\n";
         }
     }
-    $r->print('<input type="hidden" name="phase" value="" />'."\n".
-              '<input type ="hidden" name="currstate" value="" />'."\n".
-              '</form>');
-    $r->print(&Apache::loncommon::end_page());
+    if ($uhome eq 'no_host') {
+        $outcome .= '<input type="hidden" name="forcenewuser" value="1" />'."\n";
+    }
+    $outcome .= '<input type="hidden" name="phase" value="" />'."\n".
+                '<input type ="hidden" name="currstate" value="" />'."\n".
+                '</form>';
+    return $outcome;
 }
 
 sub classlist_drop {
@@ -2214,14 +2332,14 @@ sub set_custom_role {
 	&Apache::lonnet::get('roles',["rolesdef_$rolename"]);
 
 # ------------------------------------------------------- Does this role exist?
-    $r->print('<h2>');
+    $r->print('<h3>');
     if (($rdummy ne 'con_lost') && ($roledef ne '')) {
 	$r->print(&mt('Existing Role').' "');
     } else {
 	$r->print(&mt('New Role').' "');
 	$roledef='';
     }
-    $r->print($rolename.'"</h2>');
+    $r->print($rolename.'"</h3>');
 # ------------------------------------------------------- What can be assigned?
     my $sysrole='';
     my $domrole='';
@@ -2290,15 +2408,21 @@ sub handler {
       
        my $phase = $env{'form.phase'};
        my @search = ('srchterm','srchby','srchin','srchtype','srchdomain');
+       
+       &Apache::loncreateuser::restore_prev_selections();
+       my $srch;
+       foreach my $item (@search) {
+	   $srch->{$item} = $env{'form.'.$item};
+       }
 
        if (($phase eq 'get_user_info') || ($phase eq 'userpicked')) {
-           my $srch;
-           foreach my $item (@search) {
-               $srch->{$item} = $env{'form.'.$item};
-           }
+
            if ($env{'form.phase'} eq 'get_user_info') {
                my ($currstate,$response,$forcenewuser,$results) = 
                    &user_search_result($srch);
+               if ($env{'form.currstate'} eq 'modify') {
+                   $currstate = $env{'form.currstate'};
+               }
                if ($currstate eq 'select') {
                    &print_user_selection_page($r,$response,$srch,$results,'createuser',\@search);
                } elsif ($currstate eq 'modify') {
@@ -2313,6 +2437,9 @@ sub handler {
                    }
                    $ccuname =&LONCAPA::clean_username($ccuname);
                    $ccdomain=&LONCAPA::clean_domain($ccdomain);
+                   if ($env{'form.forcenewuser'}) {
+                       $response = '';
+                   }   
                    &print_user_modification_page($r,$ccuname,$ccdomain,$srch,
                                                  $response);
                } elsif ($currstate eq 'query') {
@@ -2332,7 +2459,7 @@ sub handler {
        } elsif ($env{'form.phase'} eq 'set_custom_roles') {
 	   &set_custom_role($r);
        } else {
-           &print_username_entry_form($r);
+           &print_username_entry_form($r,undef,$srch);
        }
    } else {
       $env{'user.error.msg'}=
@@ -2342,6 +2469,17 @@ sub handler {
    return OK;
 }
 
+sub restore_prev_selections {
+    my %saveable_parameters = ('srchby'   => 'scalar',
+			       'srchin'   => 'scalar',
+			       'srchtype' => 'scalar',
+			       );
+    &Apache::loncommon::store_settings('user','user_picker',
+				       \%saveable_parameters);
+    &Apache::loncommon::restore_settings('user','user_picker',
+					 \%saveable_parameters);
+}
+
 #-------------------------------------------------- functions for &phase_two
 sub user_search_result {
     my ($srch) = @_;
@@ -2841,9 +2979,9 @@ ENDTIMEENTRY
                 if (%sections_count) {
                     my $currsec = &course_sections(\%sections_count,$customrole);
                     $table.=
-                   '<td><table border="0" cellspacing="0" cellpadding="0">'.
-                   '<tr><td valign="top">'.$lt{'exs'}.'<br />'.
-                     $currsec.'</td>'.
+                   '<td><table class="LC_createuser">'.
+                   '<tr class="LC_section_row"><td valign="top">'.
+                   $lt{'exs'}.'<br />'.$currsec.'</td>'.
                    '<td>&nbsp;&nbsp;</td>'.
                    '<td valign="top">&nbsp;'.$lt{'new'}.'<br />'.
                    '<input type="text" name="newsec_'.$customrole.'" value="" /></td>'.
@@ -2868,8 +3006,11 @@ ENDENTRY
     }
     return '' if ($table eq ''); # return nothing if there is nothing 
                                  # in the table
-    my $result = '
-<h4>'.$lt{'crl'}.'</h4>'.
+    my $result;
+    if (!$env{'request.course.id'}) {
+        $result = '<h4>'.$lt{'crl'}.'</h4>'."\n";
+    }
+    $result .= 
 &Apache::loncommon::start_data_table().
 &Apache::loncommon::start_data_table_header_row().
 '<th>'.$lt{'act'}.'</th><th>'.$lt{'rol'}.'</th><th>'.$lt{'ext'}.'</th>