--- loncom/interface/loncreateuser.pm	2007/12/24 16:00:13	1.224
+++ loncom/interface/loncreateuser.pm	2008/01/01 17:24:59	1.227
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Create a user
 #
-# $Id: loncreateuser.pm,v 1.224 2007/12/24 16:00:13 raeburn Exp $
+# $Id: loncreateuser.pm,v 1.227 2008/01/01 17:24:59 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -76,30 +76,30 @@ my $authformfsys;
 my $authformloc;
 
 sub initialize_authen_forms {
-    my ($dom,$curr_authtype,$mode) = @_; 
-    my ($krbdefdom)=( $ENV{'SERVER_NAME'}=~/(\w+\.\w+)$/);
-    $krbdefdom= uc($krbdefdom);
-    my %param = ( formname => 'document.cu',
+    my ($dom,$formname,$curr_authtype,$mode) = @_;
+    my ($krbdef,$krbdefdom) = &Apache::loncommon::get_kerberos_defaults($dom);
+    my %param = ( formname => $formname,
                   kerb_def_dom => $krbdefdom,
+                  kerb_def_auth => $krbdef,
                   domain => $dom,
                 );
     my %abv_auth = &auth_abbrev();
-    if ($curr_authtype =~ /^(krb4|krb5|internal|localauth|unix):$/) {
+    if ($curr_authtype =~ /^(krb4|krb5|internal|localauth|unix):(.*)$/) {
         my $long_auth = $1;
+        my $curr_autharg = $2;
         my %abv_auth = &auth_abbrev();
         $param{'curr_authtype'} = $abv_auth{$long_auth};
         if ($long_auth =~ /^krb(4|5)$/) {
             $param{'curr_kerb_ver'} = $1;
+            $param{'curr_autharg'} = $curr_autharg;
         }
         if ($mode eq 'modifyuser') {
             $param{'mode'} = $mode;
         }
     }
-# no longer static due to configurable kerberos defaults
-#    $loginscript  = &Apache::loncommon::authform_header(%param);
+    $loginscript  = &Apache::loncommon::authform_header(%param);
+    $authformkrb  = &Apache::loncommon::authform_kerberos(%param);
     $authformnop  = &Apache::loncommon::authform_nochange(%param);
-# no longer static due to configurable kerberos defaults
-#    $authformkrb  = &Apache::loncommon::authform_kerberos(%param);
     $authformint  = &Apache::loncommon::authform_internal(%param);
     $authformfsys = &Apache::loncommon::authform_filesystem(%param);
     $authformloc  = &Apache::loncommon::authform_local(%param);
@@ -515,8 +515,7 @@ sub print_user_modification_page {
         $formname = 'cu';
     }
     my %abv_auth = &auth_abbrev();
-    my ($curr_authtype,%rulematch,%inst_results,$curr_kerb_ver,$newuser,
-        %alerts,%curr_rules,%got_rules);
+    my (%rulematch,%inst_results,$newuser,%alerts,%curr_rules,%got_rules);
     my $uhome=&Apache::lonnet::homeserver($ccuname,$ccdomain);
     if ($uhome eq 'no_host') {
         my $usertype;
@@ -571,32 +570,10 @@ sub print_user_modification_page {
         }
     } else {
         $newuser = 0;
-        my $currentauth = 
-            &Apache::lonnet::queryauthenticate($ccuname,$ccdomain);
-        if ($currentauth =~ /^(krb4|krb5|unix|internal|localauth):/) {	
-            $curr_authtype = $abv_auth{$1};
-            if ($currentauth =~ /^krb(4|5)/) {
-                $curr_kerb_ver = $1;
-            }
-        }
     }
     if ($response) {
         $response = '<br />'.$response;
     }
-    my $defdom=$env{'request.role.domain'};
-
-    my ($krbdef,$krbdefdom) =
-       &Apache::loncommon::get_kerberos_defaults($defdom);
-
-    my %param = ( formname => 'document.cu',
-                  kerb_def_dom => $krbdefdom,
-                  kerb_def_auth => $krbdef,
-                  curr_authtype => $curr_authtype,
-                  curr_kerb_ver => $curr_kerb_ver,
-                  domain => $ccdomain,
-                );
-    $loginscript  = &Apache::loncommon::authform_header(%param);
-    $authformkrb  = &Apache::loncommon::authform_kerberos(%param);
 
     my $pjump_def = &Apache::lonhtmlcommon::pjump_javascript_definition();
     my $dc_setcourse_code = '';
@@ -654,7 +631,7 @@ ENDFORMINFO
             # Current user has quota modification privileges
             $portfolioform = '<br />'.&portfolio_quota($ccuname,$ccdomain);
         }
-        &initialize_authen_forms($ccdomain);
+        &initialize_authen_forms($ccdomain,$formname);
         my %lt=&Apache::lonlocal::texthash(
                 'cnu'            => 'Create New User',
                 'ast'            => 'as a student',
@@ -775,8 +752,7 @@ ENDCHANGEUSER
             $r->print(&Apache::lonuserutils::forceid_change($context));
         }
         $r->print('</div>');
-        my $user_auth_text = 
-            &user_authentication($ccuname,$ccdomain,$krbdefdom,\%abv_auth);
+        my $user_auth_text =  &user_authentication($ccuname,$ccdomain,$formname);
         my $user_quota_text;
         if (&Apache::lonnet::allowed('mpq',$ccdomain)) {
             # Current user has quota modification privileges
@@ -840,7 +816,7 @@ ENDNOPORTPRIV
             if ($addrolesdisplay) {
                 $r->print('<br /><input type="button" value="'.&mt('Modify User').'"');
                 if ($newuser) {
-                    $r->print(' onClick="verify_message(this.form)" \>'."\n");
+                    $r->print(' onClick="auth_check()" \>'."\n");
                 } else {
                     $r->print('onClick="this.form.submit()" \>'."\n");
                 }
@@ -897,26 +873,28 @@ sub validation_javascript {
     if ($context eq 'domain') {
         my $dcdom = $env{'request.role.domain'};
         $loaditem->{'onload'} = "document.cu.coursedesc.value='';";
-        $dc_setcourse_code = &Apache::lonuserutils::dc_setcourse_js('cu','singleuser');
+        $dc_setcourse_code = 
+            &Apache::lonuserutils::dc_setcourse_js('cu','singleuser',$context);
     } else {
-        $nondc_setsection_code =
-            &Apache::lonuserutils::setsections_javascript($formname,$groupslist);
+        my $checkauth; 
+        if (($newuser) || (&Apache::lonnet::allowed('mau',$ccdomain))) {
+            $checkauth = 1;
+        }
+        if ($context eq 'course') {
+            $nondc_setsection_code =
+                &Apache::lonuserutils::setsections_javascript($formname,$groupslist,
+                                                              undef,$checkauth);
+        }
+        if ($checkauth) {
+            $nondc_setsection_code .= 
+                &Apache::lonuserutils::verify_authen($formname,$context);
+        }
     }
     my $js = &user_modification_js($pjump_def,$dc_setcourse_code,
                                    $nondc_setsection_code,$groupslist);
-
     my ($jsback,$elements) = &crumb_utilities();
-    my $javascript_validations;
-    if ((&Apache::lonnet::allowed('mau',$ccdomain)) || ($newuser)) {
-        my ($krbdef,$krbdefdom) =
-            &Apache::loncommon::get_kerberos_defaults($ccdomain);
-        $javascript_validations =
-            &Apache::lonuserutils::javascript_validations('createuser',$krbdefdom,undef,
-                                                          undef,$ccdomain);
-    }
     $js .= "\n".
-           '<script type="text/javascript">'."\n".$jsback."\n".
-           $javascript_validations.'</script>';
+           '<script type="text/javascript">'."\n".$jsback."\n".'</script>';
     return $js;
 }
 
@@ -1241,22 +1219,9 @@ sub new_domain_roles {
 }
 
 sub user_authentication {
-    my ($ccuname,$ccdomain,$krbdefdom,$abv_auth) = @_;
+    my ($ccuname,$ccdomain,$formname) = @_;
     my $currentauth=&Apache::lonnet::queryauthenticate($ccuname,$ccdomain);
-    my ($loginscript,$outcome);
-    if ($currentauth=~/^(krb)(4|5):(.*)/) {
-        my $long_auth = $1.$2;
-        my $curr_kerb_ver = $2;
-        my $krbdefdom=$3;
-        my $curr_authtype = $abv_auth->{$long_auth};
-        my %param = ( formname      => 'document.cu',
-                      kerb_def_dom  => $krbdefdom,
-                      domain        => $ccdomain,
-                      curr_authtype => $curr_authtype,
-                      curr_kerb_ver => $curr_kerb_ver,
-                          );
-        $loginscript  = &Apache::loncommon::authform_header(%param);
-    }
+    my $outcome;
     # Check for a bad authentication type
     if ($currentauth !~ /^(krb4|krb5|unix|internal|localauth):/) {
         # bad authentication scheme
@@ -1268,7 +1233,8 @@ sub user_authentication {
                        'ld'    => "Login Data"
         );
         if (&Apache::lonnet::allowed('mau',$ccdomain)) {
-            &initialize_authen_forms($ccdomain);
+            &initialize_authen_forms($ccdomain,$formname);
+
             my $choices = &Apache::lonuserutils::set_login($ccdomain,$authformkrb,$authformint,$authformloc);
             $outcome = <<ENDBADAUTH;
 <script type="text/javascript" language="Javascript">
@@ -1289,7 +1255,7 @@ $lt{'uuas'} ($currentauth). $lt{'adcs'}.
 ENDBADAUTH
         }
     } else { # Authentication type is valid
-        &initialize_authen_forms($ccdomain,$currentauth,'modifyuser');
+        &initialize_authen_forms($ccdomain,$formname,$currentauth,'modifyuser');
         my ($authformcurrent,$can_modify,@authform_others) =
             &modify_login_block($ccdomain,$currentauth);
         if (&Apache::lonnet::allowed('mau',$ccdomain)) {
@@ -2029,20 +1995,27 @@ END
     }
     if ($env{'form.action'} eq 'singlestudent') {
         &enroll_single_student($r,$uhome,$amode,$genpwd,$now,$newuser);
+        $r->print('<p><a href="javascript:backPage(document.userupdate)">'.                  &mt('Enroll Another Student').'</a></p>');
     } else {
-        my $rolechanges = &update_roles($r);
-        if (!$rolechanges && $namechanged) {
+        my @rolechanges = &update_roles($r);
+        if ($namechanged) {
             if ($context eq 'course') {
                 if (@userroles > 0) {
-                    if (grep(/^st$/,@userroles)) {
-                        my $classlistupdated =
-                            &Apache::lonuserutils::update_classlist($cdom,
+                    if ((@rolechanges == 0) || 
+                        (!(grep(/^st$/,@rolechanges)))) {
+                        if (grep(/^st$/,@userroles)) {
+                            my $classlistupdated =
+                                &Apache::lonuserutils::update_classlist($cdom,
                                               $cnum,$env{'form.ccdomain'},
                                        $env{'form.ccuname'},\%userupdate);
+                        }
                     }
                 }
             }
         }
+        my $userinfo = &Apache::loncommon::plainname($env{'form.ccuname'},
+                                                     $env{'form.ccdomain'}); 
+        $r->print('<p><a href="javascript:backPage(document.userupdate,'."'$env{'form.prevphase'}','modify'".')">'.&mt('Modify this user: <span class="LC_cusr_emph">([_1])</span>',$userinfo).'</a>'.('&nbsp;'x5).'<a href="javascript:backPage(document.userupdate)">'.&mt('Create/Modify Another User').'</a></p>');
     }
     $r->print(&Apache::loncommon::end_page());
 }
@@ -2050,7 +2023,7 @@ END
 sub update_roles {
     my ($r) = @_;
     my $now=time;
-    my $rolechanges = 0;
+    my @rolechanges;
     my %disallowed;
     $r->print('<h3>'.&mt('Modifying Roles').'</h3>');
     foreach my $key (keys (%env)) {
@@ -2074,6 +2047,9 @@ sub update_roles {
 			    $now);
 		    $r->print($result);
 		}
+                if (!grep(/^\Q$role\E$/,@rolechanges)) {
+                    push(@rolechanges,$role);
+                }
 	    }
 	    if ($key=~m{^form\.rev\:([^_]+)_cr\.cr/($match_domain)/($match_username)/(\w+)$}s) {
 # Revoke custom role
@@ -2082,8 +2058,10 @@ sub update_roles {
                       &Apache::lonnet::revokecustomrole($env{'form.ccdomain'},
 				  $env{'form.ccuname'},$1,$2,$3,$4).
 		'</b><br />');
+                if (!grep(/^cr$/,@rolechanges)) {
+                    push(@rolechanges,'cr');
+                }
 	    }
-            $rolechanges ++;
 	} elsif ($key=~/^form\.del/) {
 	    if ($key=~/^form\.del\:([^\_]+)\_([^\_\.]+)$/) {
 # Delete standard role
@@ -2101,6 +2079,9 @@ sub update_roles {
 			    $now);
 		    $r->print($result);
 		}
+                if (!grep(/^\Q$role\E$/,@rolechanges)) {
+                    push(@rolechanges,$role);
+                }
             }
 	    if ($key=~m{^form\.del\:([^_]+)_cr\.cr/($match_domain)/($match_username)/(\w+)$}) {
                 my ($url,$rdom,$rnam,$rolename) = ($1,$2,$3,$4);
@@ -2110,8 +2091,10 @@ sub update_roles {
                       &Apache::lonnet::assigncustomrole($env{'form.ccdomain'},
                          $env{'form.ccuname'},$url,$rdom,$rnam,$rolename,$now,
                          0,1).'</b><br />');
+                if (!grep(/^cr$/,@rolechanges)) {
+                    push(@rolechanges,'cr');
+                }
             }
-            $rolechanges ++;
 	} elsif ($key=~/^form\.ren/) {
             my $udom = $env{'form.ccdomain'};
             my $uname = $env{'form.ccuname'};
@@ -2144,6 +2127,9 @@ sub update_roles {
 			      $role,$url,$result).'<br />';
 		}
                 $r->print($output);
+                if (!grep(/^\Q$role\E$/,@rolechanges)) {
+                    push(@rolechanges,$role);
+                }
 	    }
 # Re-enable custom role
 	    if ($key=~m{^form\.ren\:([^_]+)_cr\.cr/($match_domain)/($match_username)/(\w+)$}) {
@@ -2153,8 +2139,10 @@ sub update_roles {
                                $url,$rdom,$rnam,$rolename,0,$now);
                 $r->print(&mt('Re-enabling custom role [_1] by [_2]@[_3] in [_4] : <b>[_5]</b>',
                           $rolename,$rnam,$rdom,$url,$result).'<br />');
+                if (!grep(/^cr$/,@rolechanges)) {
+                    push(@rolechanges,'cr');
+                }
             }
-            $rolechanges ++;
 	} elsif ($key=~/^form\.act/) {
             my $udom = $env{'form.ccdomain'};
             my $uname = $env{'form.ccuname'};
@@ -2189,6 +2177,9 @@ sub update_roles {
 		        $r->print(&Apache::loncommon::commit_customrole($udom,$uname,$securl,$three,$four,$five,$start,$end));
                     }
                 }
+                if (!grep(/^cr$/,@rolechanges)) {
+                    push(@rolechanges,'cr');
+                }
 	    } elsif ($key=~/^form\.act\_($match_domain)\_($match_name)\_([^\_]+)$/) {
 		# Activate roles for sections with 3 id numbers
 		# set start, end times, and the url for the class
@@ -2227,7 +2218,10 @@ sub update_roles {
                     if ($emptysec) {
                         $r->print(&Apache::loncommon::commit_standardrole($udom,$uname,$url,$three,$start,$end,$one,$two,''));
                     }
-                } 
+                }
+                if (!grep(/^\Q$three\E$/,@rolechanges)) {
+                    push(@rolechanges,$three);
+                }
 	    } elsif ($key=~/^form\.act\_([^\_]+)\_([^\_]+)$/) {
 		# Activate roles for sections with two id numbers
 		# set start, end times, and the url for the class
@@ -2237,26 +2231,31 @@ sub update_roles {
 		my $end   = ( $env{'form.end_'.$1.'_'.$2} ? 
 			      $env{'form.end_'.$1.'_'.$2} :
 			      0 );
-		my $url='/'.$1.'/';
+                my $one = $1;
+                my $two = $2;
+		my $url='/'.$one.'/';
                 # split multiple sections
                 my %sections = ();
-                my $num_sections = &build_roles($env{'form.sec_'.$1.'_'.$2},\%sections,$2);
+                my $num_sections = &build_roles($env{'form.sec_'.$one.'_'.$two},\%sections,$two);
                 if ($num_sections == 0) {
-                    $r->print(&Apache::loncommon::commit_standardrole($udom,$uname,$url,$2,$start,$end,$1,undef,''));
+                    $r->print(&Apache::loncommon::commit_standardrole($udom,$uname,$url,$two,$start,$end,$one,undef,''));
                 } else {
                     my $emptysec = 0;
                     foreach my $sec (sort {$a cmp $b} keys %sections) {
                         if ($sec ne '') {
                             my $securl = $url.'/'.$sec;
-                            $r->print(&Apache::loncommon::commit_standardrole($udom,$uname,$securl,$2,$start,$end,$1,undef,$sec));
+                            $r->print(&Apache::loncommon::commit_standardrole($udom,$uname,$securl,$two,$start,$end,$one,undef,$sec));
                         } else {
                             $emptysec = 1;
                         }
                     }
                     if ($emptysec) {
-                        $r->print(&Apache::loncommon::commit_standardrole($udom,$uname,$url,$2,$start,$end,$1,undef,''));
+                        $r->print(&Apache::loncommon::commit_standardrole($udom,$uname,$url,$two,$start,$end,$one,undef,''));
                     }
                 }
+                if (!grep(/^\Q$two\E$/,@rolechanges)) {
+                    push(@rolechanges,$two);
+                }
 	    } else {
 		$r->print('<p><span class="LC_error">'.&mt('ERROR').': '.&mt('Unknown command').' <tt>'.$key.'</tt></span></p><br />');
             }
@@ -2268,15 +2267,14 @@ sub update_roles {
                 }
                 $r->print(' '.&mt('Please <a href="javascript:history.go(-1)">go back</a> and choose a different section name.').'</p><br />');
             }
-            $rolechanges ++;
 	}
     } # End of foreach (keys(%env))
 # Flush the course logs so reverse user roles immediately updated
     &Apache::lonnet::flushcourselogs();
-    if (!$rolechanges) {
+    if (@rolechanges == 0) {
         $r->print(&mt('No roles to modify'));
     }
-    return $rolechanges;
+    return @rolechanges;
 }
 
 sub enroll_single_student {