--- loncom/interface/lonpreferences.pm	2006/06/14 18:56:58	1.88
+++ loncom/interface/lonpreferences.pm	2007/04/13 13:39:32	1.98
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Preferences
 #
-# $Id: lonpreferences.pm,v 1.88 2006/06/14 18:56:58 albertel Exp $
+# $Id: lonpreferences.pm,v 1.98 2007/04/13 13:39:32 www Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -42,6 +42,7 @@ use Apache::loncommon();
 use Apache::lonhtmlcommon();
 use Apache::lonlocal;
 use Apache::lonnet;
+use LONCAPA();
 
 #
 # Write lonnet::passwd to do the call below.
@@ -279,6 +280,8 @@ ENDVCSCREEN
 ################################################################
 sub rolesprefchanger {
     my $r = shift;
+    my $role    = ($env{'user.adv'} ? 'Role' : 'Course');
+    my $lc_role = ($env{'user.adv'} ? 'role' : 'course');
     my $user       = $env{'user.name'};
     my $domain     = $env{'user.domain'};
     my %userenv = &Apache::lonnet::get
@@ -298,52 +301,154 @@ sub rolesprefchanger {
 	$options .= "<option $select>$i</option>\n";
     }
 
-    $r->print(<<ENDSCREEN);
-<p>Some LON-CAPA users have a long list of roles. The Recent Roles Hotlist
-feature keeps track of the last N roles which have been
-visited and places a table of these at the top of the roles page.
-People with very few roles should leave this feature disabled.
-</p>
+# Get list of recent roles and display with checkbox in front
+    my $roles_check_list = '';
+    my $role_key='';
+    if ($env{'environment.recentroles'}) {
+        my %recent_roles =
+               &Apache::lonhtmlcommon::get_recent('roles',$env{'environment.recentrolesn'});
+        my %frozen_roles =
+               &Apache::lonhtmlcommon::get_recent_frozen('roles',$env{'environment.recentrolesn'});
+        
+        my %role_text = &rolespref_get_role_text([keys(%recent_roles)]);
+        my @sorted_roles = sort {$role_text{$a} cmp $role_text{$b}} keys(%role_text);
+
+        $roles_check_list .=
+	    &Apache::loncommon::start_data_table().
+	    &Apache::loncommon::start_data_table_header_row().
+	    "<th>".&mt('Freeze '.$role)."</th>".
+	    "<th>".&mt($role)."</td>".
+	    &Apache::loncommon::end_data_table_header_row().
+	    "\n";
+	my $count;
+        foreach $role_key (@sorted_roles) {
+            my $checked = "";
+            my $value = $recent_roles{$role_key};
+            if ($frozen_roles{$role_key}) {
+                $checked = "checked=\"checked\"";
+            }
+	    $count++;
+            $roles_check_list .=
+		&Apache::loncommon::start_data_table_row().
+		'<td class="LC_table_cell_checkbox">'.
+		"<input type=\"checkbox\" $checked name=\"freezeroles\"".
+		" id=\"freezeroles$count\" value=\"$role_key\" /></td>".
+		"<td><label for=\"freezeroles$count\">".
+		"$role_text{$role_key}</label></td>".
+		&Apache::loncommon::end_data_table_row(). "\n";
+        }
+        $roles_check_list .= "</table>\n";
+    }
 
-<form name="prefs" action="/adm/preferences" method="post">
+    $r->print('
+<p>'.&mt('Some LON-CAPA users have a long list of '.$lc_role.'s. The Recent '.$role.'s Hotlist feature keeps track of the last N '.$lc_role.'s which have been visited and places a table of these at the top of the '.$lc_role.'s page. People with very few '.$lc_role.'s should leave this feature disabled.').'
+</p>
+<form name="prefs" action="/adm/preferences" method="POST">
 <input type="hidden" name="action" value="verify_and_change_rolespref" />
-<br /><label>Enable Recent Roles Hotlist:
-<input type="checkbox" $checked name="recentroles" value="true" /></label>
-<br />Number of roles in Hotlist:
+<br /><label>'.&mt('Enable Recent '.$role.'s Hotlist:').'
+<input type="checkbox" '.$checked.' name="recentroles" value="true" /></label>
+<br />'.&mt('Number of '.$role.'s in Hotlist:').'
 <select name="recentrolesn" size="1">
-$options
+'.$options.'
 </select>
+<p>'.&mt('This list below can be used to <q>freeze</q> '.$lc_role.'s on your screen. Those marked as frozen will not be removed from the list, even if they have not been used recently.').'
+</p>
+'.$roles_check_list.'
 <br />
-<input type="submit" value="Change" />
-</form>
-ENDSCREEN
+<input type="submit" value="'.&mt('Change').'" />
+</form>');
+}
+
+sub rolespref_get_role_text {
+# Get a line of text for each role
+    my ($roles) = @_;
+    my %roletext = ();
+
+    foreach my $item (@$roles) {
+# get course information
+        my ($role,$rest) = split(/\./, $item);
+        my $trole = "";
+        $trole = &Apache::lonnet::plaintext($role);
+        my ($tdomain,$other,$tsection)= split(/\//,Apache::lonnet::declutter($rest));
+        my $tother = '-';
+        if ($role =~ /^(cc|st|in|ta|ep|cr)/ ) {
+            my %newhash=&Apache::lonnet::coursedescription($tdomain."_".$other);
+            $tother = " - ".$newhash{'description'};
+        } elsif ($role =~ /dc/) {
+            $tother = "";
+        } else {
+            $tother = " - $other";
+        }
+ 
+        my $section="";
+        if ($tsection) {
+            $section = " - Section/Group: $tsection";
+        }
+        $roletext{$item} = $tdomain." - ".$trole.$tother.$section;
+    }
+    return %roletext;
 }
 
 sub verify_and_change_rolespref {
     my $r = shift;
+    my $role = ($env{'user.adv'} ? 'Role' : 'Course');
     my $user       = $env{'user.name'};
     my $domain     = $env{'user.domain'};
 # Recent Roles Hotlist Flag
     my $hotlist_flag  = $env{'form.recentroles'};
     my $hotlist_n  = $env{'form.recentrolesn'};
-    my $message='';
+    my $message='<hr />';
     if ($hotlist_flag) {
         &Apache::lonnet::put('environment',{'recentroles' => $hotlist_flag});
         &Apache::lonnet::appenv('environment.recentroles' => $hotlist_flag);
-        $message='Recent Roles Hotlist is Enabled';
+        $message=&mt('Recent '.$role.'s Hotlist is Enabled');
     } else {
         &Apache::lonnet::del('environment',['recentroles']);
         &Apache::lonnet::delenv('environment\.recentroles');
-        $message='Recent Roles Hotlist is Disabled';
+        $message=&mt('Recent '.$role.'s Hotlist is Disabled');
     }
     if ($hotlist_n) {
         &Apache::lonnet::put('environment',{'recentrolesn' => $hotlist_n});
         &Apache::lonnet::appenv('environment.recentrolesn' => $hotlist_n);
         if ($hotlist_flag) {
-            $message.="<br />Display $hotlist_n Most Recent Roles\n";
+            $message.="<br />".
+		&mt('Display [_1] Most Recent '.$role.'s',$hotlist_n)."\n";
+        }
+    }
+
+# Get list of froze roles and list of recent roles
+    my @freeze_list = &Apache::loncommon::get_env_multiple('form.freezeroles');
+    my %freeze = ();
+    my %roletext = ();
+
+    foreach my $key (@freeze_list) {
+        $freeze{$key}='1';
+    }
+
+    my %recent_roles =
+        &Apache::lonhtmlcommon::get_recent('roles',$env{'environment.recentrolesn'});
+    my %frozen_roles =
+        &Apache::lonhtmlcommon::get_recent_frozen('roles',$env{'environment.recentrolesn'});
+    my %role_text = &rolespref_get_role_text([keys(%recent_roles)]);
+
+# Unset any roles that were previously frozen but aren't in list
+    foreach my $role_key (sort(keys(%recent_roles))) {
+        if (($frozen_roles{$role_key}) && (!exists($freeze{$role_key}))) {
+	    $message .= "<br />".&mt('Unfreezing '.$role.': [_1]',$role_text{$role_key})."\n";
+	    &Apache::lonhtmlcommon::store_recent('roles',$role_key,' ',0);
         }
     }
 
+# Freeze selected roles
+    foreach my $role_key (@freeze_list) {
+        if (!$frozen_roles{$role_key}) {
+             $message .= "<br />".&mt('Freezing '.$role.': [_1]',$role_text{$role_key})."\n";
+             &Apache::lonhtmlcommon::store_recent('roles',
+                                          $role_key,' ',1);
+        }
+    }
+    $message .= "<hr /><br />\n";
+
     $r->print(<<ENDRPSCREEN);
 $message
 ENDRPSCREEN
@@ -411,6 +516,45 @@ ENDVCSCREEN
 }
 
 ################################################################
+#                     Icon Subroutines                         #
+################################################################
+sub iconchanger {
+    my $r = shift;
+    my $user       = $env{'user.name'};
+    my $domain     = $env{'user.domain'};
+    my %userenv = &Apache::lonnet::get
+        ('environment',['icons']);
+    my $iconic='checked="checked"';
+    my $classic='';
+    if ($userenv{'icons'} eq 'classic') {
+       $classic='checked="checked"';
+       $iconic='';
+    }
+    my $useicons=&mt('Use icons');
+    my $usebuttons=&mt('Use classic buttons');
+    my $change=&mt('Change');
+    $r->print(<<ENDSCREEN);
+<form name="prefs" action="/adm/preferences" method="post">
+<input type="hidden" name="action" value="verify_and_change_icons" />
+<label><input type="radio" name="menumode" value="iconic" $iconic /> $useicons</label><br />
+<label><input type="radio" name="menumode" value="classic" $classic /> $usebuttons</label><br />
+<input type="submit" value="$change" />
+</form>
+ENDSCREEN
+}
+
+sub verify_and_change_icons {
+    my $r = shift;
+    my $user       = $env{'user.name'};
+    my $domain     = $env{'user.domain'};
+    my $newicons  = $env{'form.menumode'};
+
+    &Apache::lonnet::put('environment',{'icons' => $newicons});
+    &Apache::lonnet::appenv('environment.icons' => $newicons);
+    $r->print(&mt('Set menu mode to [_1].',$newicons));
+}
+
+################################################################
 #         Message Forward                                      #
 ################################################################
 
@@ -452,8 +596,8 @@ sub verify_and_change_msgforward {
     my $message='';
     foreach (split(/\,/,$env{'form.msgforward'})) {
 	my ($msuser,$msdomain)=split(/[\@\:]/,$_);
-        $msuser=~s/\W//g;
-        $msdomain=~s/\W//g;
+        $msuser = &LONCAPA::clean_username($msuser);
+        $msdomain = &LONCAPA::clean_domain($msdomain);
         if (($msuser) && ($msdomain)) {
 	    if (&Apache::lonnet::homeserver($msuser,$msdomain) ne 'no_host') {
                $newscreen.=$msuser.':'.$msdomain.',';
@@ -617,14 +761,41 @@ ENDVCCOL
 #            password handler subroutines            #
 ######################################################
 sub passwordchanger {
+    my ($r,$errormessage,$caller,$mailtoken) = @_;
     # This function is a bit of a mess....
     # Passwords are encrypted using londes.js (DES encryption)
-    my $r = shift;
-    my $errormessage = shift;
     $errormessage = ($errormessage || '');
-    my $user       = $env{'user.name'};
-    my $domain     = $env{'user.domain'};
-    my $homeserver = $env{'user.home'};
+    my ($user,$domain,$currentpass,$defdom);
+    if ((!defined($caller)) || ($caller eq 'preferences')) {
+        $user = $env{'user.name'};
+        $domain = $env{'user.domain'};
+        if (!defined($caller)) {
+            $caller = 'preferences';
+        }
+    } elsif ($caller eq 'reset_by_email') {
+            $defdom = $r->dir_config('lonDefDomain');
+            my %data = &Apache::lonnet::tmpget($mailtoken);
+            if (keys(%data) == 0) {
+                $r->print(&mt('Sorry, the URL you provided to complete the reset of your password was invalid.  Either the token included in the URL has been deleted or the URL you provided was invalid. Please submit a <a href="/adm/resetpw">new request</a> for a password reset, and follow the link to the new URL included in the e-mail that will be sent to you, to allow you to enter a new password.'));
+                return;
+            }
+            if (defined($data{time})) {
+                if (time - $data{'time'} < 7200) {
+                    $user = $data{'username'};
+                    $domain = $data{'domain'};
+                    $currentpass = $data{'temppasswd'};
+                } else {
+                    $r->print(&mt('Sorry, the token generated when you requested a password reset has expired.').'<br />');
+                    return;
+                }
+            } else {
+                $r->print(&mt('Sorry, the URL generated when you requested reset of your password contained incomplete information.').'<br />');
+                return;
+            }
+   } else {
+        $r->print(&mt('Page requested in unexpected context').'<br />');
+        return;
+    }
     my $currentauth=&Apache::lonnet::queryauthenticate($user,$domain);
     # Check for authentication types that allow changing of the password.
     return if ($currentauth !~ /^(unix|internal):/);
@@ -641,12 +812,13 @@ sub passwordchanger {
 				       .$ukey_npass2 . $lkey_npass2,
 				       $lonhost);
     # Hexify the keys for output as javascript variables
-    $ukey_cpass = hex($ukey_cpass);
-    $lkey_cpass = hex($lkey_cpass);
-    $ukey_npass1= hex($ukey_npass1);
-    $lkey_npass1= hex($lkey_npass1);
-    $ukey_npass2= hex($ukey_npass2);
-    $lkey_npass2= hex($lkey_npass2);
+    my %hexkey;
+    $hexkey{'ukey_cpass'}  = hex($ukey_cpass);
+    $hexkey{'lkey_cpass'}  = hex($lkey_cpass);
+    $hexkey{'ukey_npass1'} = hex($ukey_npass1);
+    $hexkey{'lkey_npass1'} = hex($lkey_npass1);
+    $hexkey{'ukey_npass2'} = hex($ukey_npass2);
+    $hexkey{'lkey_npass2'} = hex($lkey_npass2);
     # Output javascript to deal with passwords
     # Output DES javascript
     {
@@ -654,7 +826,25 @@ sub passwordchanger {
 	my $jsh=Apache::File->new($include."/londes.js");
 	$r->print(<$jsh>);
     }
+    $r->print(&jscript_send($caller));
     $r->print(<<ENDFORM);
+$errormessage
+
+<p>
+<!-- We separate the forms into 'server' and 'client' in order to
+     ensure that unencrypted passwords will not be sent out by a
+     crappy browser -->
+ENDFORM
+    $r->print(&server_form($logtoken,$caller,$mailtoken));
+    $r->print(&client_form($caller,\%hexkey,$currentpass,$defdom));
+
+    #
+    return;
+}
+
+sub jscript_send {
+    my ($caller) = @_;
+    my $output = qq|
 <script language="JavaScript">
 
     function send() {
@@ -676,30 +866,51 @@ sub passwordchanger {
         initkeys();
         this.document.pserver.elements.newpass_2.value
             =crypted(this.document.client.elements.newpass_2.value);
-
+|;
+    if ($caller eq 'reset_by_email') {
+        $output .= qq|
+        this.document.pserver.elements.uname.value =
+                   this.document.client.elements.uname.value;
+        this.document.pserver.elements.udom.value =
+                   this.document.client.elements.udom.options[this.document.client.elements.udom.selectedIndex].value;
+|;
+    }
+    $ output .= qq|
         this.document.pserver.submit();
     }
-
 </script>
-$errormessage
-
-<p>
-<!-- We separate the forms into 'server' and 'client' in order to
-     ensure that unencrypted passwords will not be sent out by a
-     crappy browser -->
-
-<form name="pserver" action="/adm/preferences" method="post">
-<input type="hidden" name="logtoken"    value="$logtoken" />
-<input type="hidden" name="action"      value="verify_and_change_pass" />
-<input type="hidden" name="currentpass" value="" />
-<input type="hidden" name="newpass_1"   value="" />
-<input type="hidden" name="newpass_2"   value="" />
-</form>
+|;
+}
 
+sub client_form {
+    my ($caller,$hexkey,$currentpass,$defdom) = @_;
+    my $output = qq|
 <form name="client" >
 <table>
+|;
+    if ($caller eq 'reset_by_email') {
+        $output .= qq|
+<tr><td align="right"> E-mail address:                        </td>
+    <td><input type="text" name="email" size="30" /> </td></tr>
+<tr><td align="right"> Username:                        </td>
+    <td>
+     <input type="text" name="uname" size="15" />
+     <input type="hidden" name="currentpass" value="$currentpass" />
+    </td></tr>
+<tr><td align="right"> Domain:                               </td>
+    <td>
+|;
+        $output .= &Apache::loncommon::select_dom_form($defdom,'udom').'
+   </td>
+</tr>
+';
+    } else {
+        $output .= qq|
 <tr><td align="right"> Current password:                      </td>
     <td><input type="password" name="currentpass" size="10"/> </td></tr>
+|;
+    }
+    $output .= <<"ENDFORM";
 <tr><td align="right"> New password:                          </td>
     <td><input type="password" name="newpass_1" size="10"  /> </td></tr>
 <tr><td align="right"> Confirm password:                      </td>
@@ -707,27 +918,83 @@ $errormessage
 <tr><td colspan="2" align="center">
     <input type="button" value="Change Password" onClick="send();">
 </table>
-<input type="hidden" name="ukey_cpass"  value="$ukey_cpass" />
-<input type="hidden" name="lkey_cpass"  value="$lkey_cpass" />
-<input type="hidden" name="ukey_npass1" value="$ukey_npass1" />
-<input type="hidden" name="lkey_npass1" value="$lkey_npass1" />
-<input type="hidden" name="ukey_npass2" value="$ukey_npass2" />
-<input type="hidden" name="lkey_npass2" value="$lkey_npass2" />
+<input type="hidden" name="ukey_cpass"  value="$hexkey->{'ukey_cpass'}" />
+<input type="hidden" name="lkey_cpass"  value="$hexkey->{'lkey_cpass'}" />
+<input type="hidden" name="ukey_npass1" value="$hexkey->{'ukey_npass1'}" />
+<input type="hidden" name="lkey_npass1" value="$hexkey->{'lkey_npass1'}" />
+<input type="hidden" name="ukey_npass2" value="$hexkey->{'ukey_npass2'}" />
+<input type="hidden" name="lkey_npass2" value="$hexkey->{'lkey_npass2'}" />
 </form>
 </p>
 ENDFORM
-    #
-    return;
+    return $output;
+}
+
+sub server_form {
+    my ($logtoken,$caller,$mailtoken) = @_;
+    my $action = '/adm/preferences';
+    if ($caller eq 'reset_by_email') {
+        $action = '/adm/resetpw';
+    }
+    my $output = qq|
+<form name="pserver" action="$action" method="post">
+<input type="hidden" name="logtoken"    value="$logtoken" />
+<input type="hidden" name="currentpass" value="" />
+<input type="hidden" name="newpass_1"   value="" />
+<input type="hidden" name="newpass_2"   value="" />
+    |;
+    if ($caller eq 'reset_by_email') {
+        $output .=  qq|
+<input type="hidden" name="token"   value="$mailtoken" />
+<input type="hidden" name="uname"   value="" />
+<input type="hidden" name="udom"   value="" />
+
+|;
+    }
+    $output .= qq|
+<input type="hidden" name="action" value="verify_and_change_pass" />
+</form>
+|;
+    return $output;
 }
 
 sub verify_and_change_password {
-    my $r = shift;
-    my $user       = $env{'user.name'};
-    my $domain     = $env{'user.domain'};
-    my $homeserver = $env{'user.home'};
+    my ($r,$caller,$mailtoken) = @_;
+    my ($user,$domain,$homeserver);
+    if ($caller eq 'reset_by_email') {
+        $user       = $env{'form.uname'};
+        $domain     = $env{'form.udom'};
+        if ($user ne '' && $domain ne '') {
+            $homeserver = &Apache::lonnet::homeserver($user,$domain);
+            if ($homeserver eq 'no_host') {
+        &passwordchanger($r,"<p>\n<font color='#ff0000'>ERROR</font>".
+                         "Invalid username and/or domain .\n</p>",
+                         $caller,$mailtoken);
+                return 1;
+            }
+        } else {
+            &passwordchanger($r,"<p>\n<font color='#ff0000'>ERROR</font>".
+                             "Username and Domain were blank.\n</p>",
+                             $caller,$mailtoken);
+            return 1;
+        }
+    } else {
+        $user       = $env{'user.name'};
+        $domain     = $env{'user.domain'};
+        $homeserver = $env{'user.home'};
+    }
     my $currentauth=&Apache::lonnet::queryauthenticate($user,$domain);
     # Check for authentication types that allow changing of the password.
-    return if ($currentauth !~ /^(unix|internal):/);
+    if ($currentauth !~ /^(unix|internal):/) {
+        if ($caller eq 'reset_by_email') {
+            &passwordchanger($r,"<p>\n<font color='#ff0000'>ERROR</font>".
+                             "Authentication type for this user can not be changed by this mechanism..\n</p>",
+                              $caller,$mailtoken);
+            return 1;
+        } else {
+            return;
+        }
+    }
     #
     my $currentpass = $env{'form.currentpass'}; 
     my $newpass1    = $env{'form.newpass_1'}; 
@@ -738,7 +1005,7 @@ sub verify_and_change_password {
 	    defined($newpass1)    && 
 	    defined($newpass2)    ){
 	&passwordchanger($r,"<p>\n<font color='#ff0000'>ERROR</font>".
-			 "Password data was blank.\n</p>");
+			 "One or more password fields were blank.\n</p>",$caller,$mailtoken);
 	return;
     }
     # Get the keys
@@ -746,10 +1013,14 @@ sub verify_and_change_password {
     my $tmpinfo = Apache::lonnet::reply('tmpget:'.$logtoken,$lonhost);
     if (($tmpinfo=~/^error/) || ($tmpinfo eq 'con_lost')) {
         # I do not a have a better idea about how to handle this
+        my $tryagain_text = &mt('Please log out and try again.');
+        if ($caller eq 'reset_by_email') {
+            $tryagain_text = &mt('Please try again later.');
+        }
 	$r->print(<<ENDERROR);
 <p>
 <font color="#ff0000">ERROR:</font> Unable to retrieve stored token for
-password decryption.  Please log out and try again.
+password decryption.  $tryagain_text
 </p>
 ENDERROR
         # Probably should log an error here
@@ -760,19 +1031,29 @@ ENDERROR
     $currentpass = &des_decrypt($ckey ,$currentpass);
     $newpass1    = &des_decrypt($n1key,$newpass1);
     $newpass2    = &des_decrypt($n2key,$newpass2);
-    # 
+    #
+    if ($caller eq 'reset_by_email') {
+        my %data = &Apache::lonnet::tmpget($mailtoken);
+        if ($currentpass ne $data{'temppasswd'}) {
+            &passwordchanger($r,
+                         '<font color="#ff0000">ERROR:</font>'.
+                         'Could not verify current authentication.  '.
+                         'Please try again.',$caller,$mailtoken);
+            return 1;
+        }
+    } 
     if ($newpass1 ne $newpass2) {
 	&passwordchanger($r,
 			 '<font color="#ff0000">ERROR:</font>'.
 			 'The new passwords you entered do not match.  '.
-			 'Please try again.');
+			 'Please try again.',$caller,$mailtoken);
 	return 1;
     }
     if (length($newpass1) < 7) {
 	&passwordchanger($r,
 			 '<font color="#ff0000">ERROR:</font>'.
 			 'Passwords must be a minimum of 7 characters long.  '.
-			 'Please try again.');
+			 'Please try again.',$caller,$mailtoken);
 	return 1;
     }
     #
@@ -783,7 +1064,7 @@ ENDERROR
     }
     if ($badpassword) {
 	# I can't figure out how to enter bad characters on my browser.
-	&passwordchanger($r,<<ENDERROR);
+	my $errormessage = <<"ENDERROR";
 <font color="#ff0000">ERROR:</font>
 The password you entered contained illegal characters.<br />
 Valid characters are: space and <br />
@@ -792,20 +1073,22 @@ Valid characters are: space and <br />
 ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_\`abcdefghijklmnopqrstuvwxyz{|}~
 </pre>
 ENDERROR
+        &passwordchanger($r,$errormessage,$caller,$mailtoken);
+        return 1;
     }
     # 
     # Change the password (finally)
     my $result = &Apache::lonnet::changepass
-	($user,$domain,$currentpass,$newpass1,$homeserver);
+	($user,$domain,$currentpass,$newpass1,$homeserver,$caller);
     # Inform the user the password has (not?) been changed
     if ($result =~ /^ok$/) {
 	$r->print(<<"ENDTEXT");
-<h2>The password for $user was successfully changed</h2>
+<h3>The password for $user was successfully changed</h3>
 ENDTEXT
     } else {
 	# error error: run in circles, scream and shout
         $r->print(<<ENDERROR);
-<h2><font color="#ff0000">The password for $user was not changed</font></h2>
+<h3><font color="#ff0000">The password for $user was not changed</font></h3>
 Please make sure your old password was entered correctly.
 ENDERROR
         return 1;
@@ -1096,7 +1379,7 @@ sub handler {
                       }));
 
     push (@Options,({ action   => 'changemsgforward',
-                      linktext => 'Change Message Forwarding and Notification Addresses',
+                      linktext => 'Change Message Forwarding and Notification Email Addresses',
                       href     => '/adm/preferences',
                       help     => 'Prefs_Forwarding',
                       breadcrumb => 
@@ -1180,20 +1463,21 @@ sub handler {
                       printmenu => 'yes',
                       subroutine => \&verify_and_change_discussion, }
                     ));
-                       
+
+    my $role = ($env{'user.adv'} ? 'Roles' : 'Course');
     push (@Options,({ action   => 'changerolespref',
-                      linktext => 'Change Roles Page Preferences',
+                      linktext => 'Change '.$role.' Page Preferences',
                       href     => '/adm/preferences',
                       subroutine => \&rolesprefchanger,
                       breadcrumb =>
                           { href => '/adm/preferences?action=changerolespref',
-                            text => 'Change Roles Pref'},
+                            text => 'Change '.$role.' Page Pref'},
                       },
                     { action   => 'verify_and_change_rolespref',
                       subroutine => \&verify_and_change_rolespref,
                       breadcrumb =>
                           { href => '/adm/preferences?action=changerolespref',
-                            text => 'Change Roles Preferences'},
+                            text => 'Change '.$role.' Page Preferences'},
                       printmenu => 'yes',
                       }));
 
@@ -1225,6 +1509,22 @@ sub handler {
 		      }));
     }
 
+    push (@Options,({ action   => 'changeicons',
+                      linktext => 'Change How Main Menu is Displayed',
+                      href     => '/adm/preferences',
+                      subroutine => \&iconchanger,
+                      breadcrumb =>
+                          { href => '/adm/preferences?action=changeicons',
+                            text => 'Change Main Menu'},
+                      },
+                    { action   => 'verify_and_change_icons',
+                      subroutine => \&verify_and_change_icons,
+                      breadcrumb =>
+                          { href => '/adm/preferences?action=changeicons',
+                            text => 'Change Main Menu'},
+                      printmenu => 'yes',
+                      }));
+
     if (&Apache::lonnet::allowed('whn',$env{'request.course.id'})
 	|| &Apache::lonnet::allowed('whn',$env{'request.course.id'}.'/'
 				    .$env{'request.course.sec'})) {

E-mail address:
Username:	+ + +
Domain:	+\|; + $output .= &Apache::loncommon::select_dom_form($defdom,'udom').' +
Current password:
New password:
Confirm password: