--- loncom/interface/lonuserutils.pm	2010/07/09 14:40:20	1.120
+++ loncom/interface/lonuserutils.pm	2012/08/21 01:50:34	1.140
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Utility functions for managing LON-CAPA user accounts
 #
-# $Id: lonuserutils.pm,v 1.120 2010/07/09 14:40:20 raeburn Exp $
+# $Id: lonuserutils.pm,v 1.140 2012/08/21 01:50:34 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -295,7 +295,8 @@ sub hidden_input {
 }
 
 sub print_upload_manager_header {
-    my ($r,$datatoken,$distotal,$krbdefdom,$context,$permission,$crstype)=@_;
+    my ($r,$datatoken,$distotal,$krbdefdom,$context,$permission,$crstype,
+        $can_assign)=@_;
     my $javascript;
     #
     if (! exists($env{'form.upfile_associate'})) {
@@ -309,9 +310,9 @@ sub print_upload_manager_header {
         }
     }
     if ($env{'form.upfile_associate'} eq 'reverse') {
-        $javascript=&upload_manager_javascript_reverse_associate();
+        $javascript=&upload_manager_javascript_reverse_associate($can_assign);
     } else {
-        $javascript=&upload_manager_javascript_forward_associate();
+        $javascript=&upload_manager_javascript_forward_associate($can_assign);
     }
     #
     # Deal with restored settings
@@ -532,6 +533,7 @@ END
         if (message!='') {
             message+='\\n';
         }
+        message+='$alert{'section'}';
     }
     if (foundemail==0) {
         if (message!='') {
@@ -585,6 +587,46 @@ END
 ###############################################################
 ###############################################################
 sub upload_manager_javascript_forward_associate {
+    my ($can_assign) = @_;
+    my ($auth_update,$numbuttons,$argreset);
+    if (ref($can_assign) eq 'HASH') {
+        if ($can_assign->{'krb4'} || $can_assign->{'krb5'}) {
+            $argreset .= "      vf.krbarg.value='';\n";
+            $numbuttons ++ ;
+        }
+        if ($can_assign->{'int'}) {
+            $argreset .= "      vf.intarg.value='';\n";
+            $numbuttons ++;
+        }
+        if ($can_assign->{'loc'}) {
+            $argreset .= "      vf.locarg.value='';\n";
+            $numbuttons ++;
+        }
+        if (!$can_assign->{'int'}) {
+            my $warning = &mt('You may not specify an initial password for each user, as this is only available when new users use LON-CAPA internal authentication.\n').
+                          &mt('Your current role does not have rights to create users with that authentication type.');
+            $auth_update = <<"END";
+   // Currently the initial password field is only supported for internal auth
+   // (see bug 6368).
+   if (nw==9) {
+       eval('vf.f'+tf+'.selectedIndex=0;')
+       alert('$warning');
+   }
+END
+        } elsif ($numbuttons > 1) {
+            $auth_update = <<"END";
+   // If we set the password, make the password form below correspond to
+   // the new value.
+   if (nw==9) {
+      changed_radio('int',document.studentform);
+      set_auth_radio_buttons('int',document.studentform);
+$argreset
+   }
+
+END
+        }
+    }
+
     return(<<ENDPICK);
 function verify(vf,sec_caller) {
     var founduname=0;
@@ -661,15 +703,7 @@ function flip(vf,tf) {
          }
       }
    }
-   // If we set the password, make the password form below correspond to
-   // the new value.
-   if (nw==9) {
-       changed_radio('int',document.studentform);
-       set_auth_radio_buttons('int',document.studentform);
-       vf.intarg.value='';
-       vf.krbarg.value='';
-       vf.locarg.value='';
-   }
+   $auth_update
 }
 
 function clearpwd(vf) {
@@ -687,6 +721,45 @@ ENDPICK
 ###############################################################
 ###############################################################
 sub upload_manager_javascript_reverse_associate {
+    my ($can_assign) = @_;
+    my ($auth_update,$numbuttons,$argreset);
+    if (ref($can_assign) eq 'HASH') {
+        if ($can_assign->{'krb4'} || $can_assign->{'krb5'}) {
+            $argreset .= "      vf.krbarg.value='';\n";
+            $numbuttons ++ ;
+        }
+        if ($can_assign->{'int'}) {
+            $argreset .= "      vf.intarg.value='';\n";
+            $numbuttons ++;
+        }
+        if ($can_assign->{'loc'}) {
+            $argreset .= "      vf.locarg.value='';\n";
+            $numbuttons ++;
+        }
+        if (!$can_assign->{'int'}) {
+            my $warning = &mt('You may not specify an initial password, as this is only available when new users use LON-CAPA internal authentication.\n').
+                          &mt('Your current role does not have rights to create users with that authentication type.');
+            $auth_update = <<"END";
+   // Currently the initial password field is only supported for internal auth
+   // (see bug 6368).
+   if (tf==8 && nw!=0) {
+       eval('vf.f'+tf+'.selectedIndex=0;')
+       alert('$warning');
+   }
+END
+        } elsif ($numbuttons > 1) {
+            $auth_update = <<"END";
+   // initial password specified, pick internal authentication
+   if (tf==8 && nw!=0) {
+      changed_radio('int',document.studentform);
+      set_auth_radio_buttons('int',document.studentform);
+$argreset
+   }
+
+END
+        }
+    }
+
     return(<<ENDPICK);
 function verify(vf,sec_caller) {
     var founduname=0;
@@ -694,6 +767,7 @@ function verify(vf,sec_caller) {
     var foundname=0;
     var foundid=0;
     var foundsec=0;
+    var foundemail=0;
     var foundrole=0;
     var founddomain=0;
     var foundinststatus=0;
@@ -705,11 +779,12 @@ function verify(vf,sec_caller) {
         if (i==6 && tw!=0) { foundid=1; }
         if (i==7 && tw!=0) { foundsec=1; }
         if (i==8 && tw!=0) { foundpwd=1; }
-        if (i==9 && tw!=0) { foundrole=1; }
-        if (i==10 && tw!=0) { founddomain=1; }
-        if (i==13 && tw!=0) { foundinstatus=1; }
+        if (i==9 && tw!=0) { foundemail=1; }
+        if (i==10 && tw!=0) { foundrole=1; }
+        if (i==11 && tw!=0) { founddomain=1; }
+        if (i==12 && tw!=0) { foundinstatus=1; }
     }
-    verify_message(vf,founduname,foundpwd,foundname,foundid,foundsec,foundrole,founddomain,foundinststatus);
+    verify_message(vf,founduname,foundpwd,foundname,foundid,foundsec,foundemail,foundrole,founddomain,foundinststatus);
 }
 
 function flip(vf,tf) {
@@ -726,14 +801,7 @@ function flip(vf,tf) {
    if ((tf>=2) && (tf<=5) && (nw!=0)) {
       eval('vf.f1.selectedIndex=0;')
    }
-   // intial password specified, pick internal authentication
-   if (tf==8 && nw!=0) {
-       changed_radio('int',document.studentform);
-       set_auth_radio_buttons('int',document.studentform);
-       vf.krbarg.value='';
-       vf.intarg.value='';
-       vf.locarg.value='';
-   }
+   $auth_update
 }
 
 function clearpwd(vf) {
@@ -978,8 +1046,9 @@ sub print_upload_manager_form {
     my ($krbdef,$krbdefdom) =
         &Apache::loncommon::get_kerberos_defaults($defdom);
     #
+    my ($authnum,%can_assign) =  &Apache::loncommon::get_assignable_auth($defdom);
     &print_upload_manager_header($r,$datatoken,$distotal,$krbdefdom,$context,
-                                 $permission,$crstype);
+                                 $permission,$crstype,\%can_assign);
     my $i;
     my $keyfields;
     if ($total>=0) {
@@ -1352,6 +1421,7 @@ sub curr_role_permissions {
 sub my_custom_roles {
     my ($crstype) = @_;
     my %returnhash=();
+    my $extra = &Apache::lonnet::freeze_escape({'skipcheck' => 1});
     my %rolehash=&Apache::lonnet::dump('roles');
     foreach my $key (keys(%rolehash)) {
         if ($key=~/^rolesdef\_(\w+)$/) {
@@ -1374,8 +1444,9 @@ sub print_userlist {
     if ($env{'form.Status'} !~ /^(Any|Expired|Active|Future)$/) {
         $env{'form.Status'} = 'Active';
     }
+    my $onchange = "javascript:updateCols('Status');";
     my $status_select = &Apache::lonhtmlcommon::StatusOptions
-        ($env{'form.Status'});
+        ($env{'form.Status'},undef,undef,$onchange);
 
     if ($env{'form.showrole'} eq '') {
         if ($context eq 'course') {
@@ -1408,12 +1479,12 @@ sub print_userlist {
     $r->print('<form name="studentform" method="post" action="/adm/createuser">'."\n".
               '<input type="hidden" name="action" value="'.
               $env{'form.action'}.'" />');
-    $r->print("<p>\n");
+    $r->print('<div>'."\n");
     if ($env{'form.action'} ne 'modifystudent') {
         my %lt=&Apache::lonlocal::texthash('csv' => "CSV",
                                            'excel' => "Excel",
                                            'html'  => 'HTML');
-        my $output_selector = '<select size="1" name="output" >';
+        my $output_selector = '<select size="1" name="output" onchange="javascript:updateCols('."'output'".');" >';
         foreach my $outputformat ('html','csv','excel') {
             my $option = '<option value="'.$outputformat.'"';
             if ($outputformat eq $env{'form.output'}) {
@@ -1423,13 +1494,13 @@ sub print_userlist {
             $output_selector .= "\n".$option;
         }
         $output_selector .= '</select>';
-        $r->print('<label><span class="LC_nobreak">'
+        $r->print('<span class="LC_nobreak">'
                  .&mt('Output Format: [_1]',$output_selector)
-                 .'</span></label>'.('&nbsp;'x3));
+                 .'</span>'.('&nbsp;'x3));
     }
-    $r->print('<label><span class="LC_nobreak">'
+    $r->print('<span class="LC_nobreak">'
              .&mt('User Status: [_1]',$status_select)
-             .'</span></label>'.('&nbsp;'x3)."\n");
+             .'</span>'.('&nbsp;'x3)."\n");
     my $roleselected = '';
     if ($env{'form.showrole'} eq 'Any') {
        $roleselected = ' selected="selected"'; 
@@ -1440,20 +1511,25 @@ sub print_userlist {
         ($cnum,$cdom) = &get_course_identity();
         $r->print(&section_group_filter($cnum,$cdom));
     }
+    $r->print('</div><div class="LC_left_float">'.
+              &column_checkboxes($context,$mode,$formname).
+              '</div><br clear="all" />');
     if ($env{'form.phase'} eq '') {
-        $r->print('<br /><br />'.&list_submit_button(&mt('Display List of Users')).
-                  "\n</p>\n".
+        $r->print(&list_submit_button(&mt('Display List of Users'))."\n".
                   '<input type="hidden" name="phase" value="" /></form>');
         return;
     }
     if (!(($context eq 'domain') && 
           (($env{'form.roletype'} eq 'course') || ($env{'form.roletype'} eq 'community')))) {
-        $r->print(
-            "\n</p>\n"
-           .'<p>'
-           .&list_submit_button(&mt('Update Display'))
-           ."</p>\n"
-        );
+        $r->print(&list_submit_button(&mt('Update Display'))."\n");
+    }
+
+    my @cols = &infocolumns($context,$mode);  
+    if (!@cols) {
+         $r->print('<hr /><span class="LC_warning">'.
+                   &mt('No user information selected for display.').'</span>'.
+                   '<input type="hidden" name="phase" value="display" /></form>'."\n");
+         return;
     }
     my ($indexhash,$keylist) = &make_keylist_array();
     my (%userlist,%userinfo,$clearcoursepick);
@@ -1495,7 +1571,7 @@ sub print_userlist {
             $r->print('<hr />'.&mt('Searching').' ...<br />&nbsp;<br />');
         }
     } else {
-        $r->print('<hr />'.&mt('Searching').' ...<br />&nbsp;<br />');
+        $r->print('<hr /><div id="searching">'.&mt('Searching').' ...</div>');
     }
     $r->rflush();
     if ($context eq 'course') {
@@ -1649,6 +1725,7 @@ sub print_userlist {
     }
     $r->print('<input type="hidden" name="phase" value="'.
               $env{'form.phase'}.'" /></form>');
+    return;
 }
 
 sub role_filter {
@@ -1661,11 +1738,11 @@ sub role_filter {
     my ($role_select);
     if ($context eq 'domain') {
         $role_select = &domain_roles_select();
-        $output = '<label><span class="LC_nobreak">'
+        $output = '<span class="LC_nobreak">'
                  .&mt('Role Type: [_1]',$role_select)
-                 .'</span></label>';
+                 .'</span>';
     } else {
-        $role_select = '<select name="showrole">'."\n".
+        $role_select = '<select name="showrole" onchange="javascript:updateCols('."'showrole'".');">'."\n".
                        '<option value="Any" '.$roleselected.'>'.
                        &mt('Any role').'</option>';
         my ($roletype,$crstype);
@@ -1692,9 +1769,9 @@ sub role_filter {
             $role_select .= '<option value="'.$role.'"'.$roleselected.'>'.$plrole.'</option>';
         }
         $role_select .= '</select>';
-        $output = '<label><span class="LC_nobreak">'
+        $output = '<span class="LC_nobreak">'
                  .&mt('Role: [_1]',$role_select)
-                 .'</span></label> ';
+                 .'</span>';
     }
     return $output;
 }
@@ -1757,11 +1834,167 @@ sub section_group_filter {
     return $output;
 }
 
+sub infocolumns {
+    my ($context,$mode) = @_;
+    my @cols;
+    if (($mode eq 'pickauthor') || ($mode eq 'autoenroll')) {
+        @cols = &get_cols_array($context,$mode);
+    } else {
+        my @posscols = &get_cols_array($context,$mode);
+        if ($env{'form.phase'} ne '') {
+            my @checkedcols = &Apache::loncommon::get_env_multiple('form.showcol');
+            foreach my $col (@checkedcols) {
+                if (grep(/^$col$/,@posscols)) {
+                    push(@cols,$col);
+                }
+            }
+        } else {
+            @cols = @posscols;
+        }
+    }
+    return @cols;
+}
+
+sub get_cols_array {
+    my ($context,$mode) = @_;
+    my @cols;
+    if ($mode eq 'pickauthor') {
+        @cols = ('username','fullname','status','email');
+    } else {
+        @cols = ('username','domain','id','fullname');
+        if ($context eq 'course') {
+            push(@cols,'section');
+        }
+        push(@cols,('start','end','role'));
+        if ($context eq 'domain') {
+            push (@cols,'extent');
+        }
+        unless (($mode eq 'autoenroll') && ($env{'form.Status'} ne 'Any')) {
+            push(@cols,'status');
+        }
+        if ($context eq 'course') {
+            push(@cols,'groups');
+        }
+        push(@cols,'email');
+        if (($context eq 'course') && ($mode ne 'autoenroll')) {
+            push(@cols,'lastlogin','clicker');
+        }
+        if (($context eq 'course') && ($mode ne 'autoenroll') &&
+            ($env{'course.'.$env{'request.course.id'}.'.internal.showphoto'})) {
+            push(@cols,'photos');
+        }
+    }
+    return @cols;
+}
+
+sub column_checkboxes {
+    my ($context,$mode,$formname) = @_;
+    my @cols = &get_cols_array($context,$mode);
+    my @showncols = &Apache::loncommon::get_env_multiple('form.showcol');
+    my (%disabledchk,%unchecked);
+    if ($env{'form.phase'} eq '') {
+        $disabledchk{'status'} = 1;
+        if ($context eq 'course') {
+            $disabledchk{'role'} = 1;
+            $unchecked{'photo'} = 1;
+        }
+        $unchecked{'clicker'} = 1;
+        $unchecked{'start'} = 1;
+        $unchecked{'end'} = 1;
+    } else {
+        if ($env{'form.Status'} ne 'Any') {
+            $disabledchk{'status'} = 1;
+        }
+        if ($env{'form.showrole'} ne 'Any') {
+            $disabledchk{'role'} = 1; 
+        }
+    }
+    my $numposs = scalar(@cols);
+    my $numinrow = 8;
+    my %lt = &get_column_names($context);
+    my $output = '<fieldset><legend>'.&mt('Information to show').'</legend>'."\n".'<span class="LC_nobreak">'.
+                 '<input type="button" onclick="javascript:checkAll(document.'.$formname.'.showcol);" value="'.&mt('check all').'" />'.
+                 ('&nbsp;'x3).
+                 '<input type="button" onclick="javascript:uncheckAll(document.'.$formname.'.showcol);" value="'.&mt('uncheck all').'" />'.
+                 '</span><table>';
+    
+    for (my $i=0; $i<$numposs; $i++) {
+        my $rem = $i%($numinrow);
+        if ($rem == 0) {
+            if ($i > 0) {
+                $output .= '</tr>';
+            }
+            $output .= '<tr>';
+        }
+        my $checked;
+        if ($env{'form.phase'} eq '') {
+            $checked = ' checked="checked"';
+            if ($unchecked{$cols[$i]}) { 
+               $checked = '';
+            }
+            if ($disabledchk{$cols[$i]}) {
+                $checked = ' disabled="disabled"';
+            }
+        } elsif (grep(/^\Q$cols[$i]\E$/,@showncols)) {
+            $checked = ' checked="checked"';
+        } elsif ($disabledchk{$cols[$i]}) {
+            $checked = ' disabled="disabled"';
+        }
+        if ($i == $numposs-1) {
+            my $colsleft = $numinrow-$rem;
+            if ($colsleft > 1) {
+                $output .= '<td colspan="'.$colsleft.'">';
+            } else {
+                $output .= '<td>';
+            }
+        } else {
+            $output .= '<td>';
+        }
+        $output .= '<label><input id="showcol'.$cols[$i].'" type="checkbox" name="showcol" value="'.$cols[$i].'"'.$checked.' />'.
+                   $lt{$cols[$i]}.'</label></td>';
+
+    }
+    $output .= '</tr></table></fieldset>';
+    return $output;
+}
+
 sub list_submit_button {
     my ($text) = @_;
     return '<input type="button" name="updatedisplay" value="'.$text.'" onclick="javascript:display_update()" />';
 }
 
+sub get_column_names {
+    my ($context) = @_;
+    my %lt = &Apache::lonlocal::texthash(
+        'username'   => "username",
+        'domain'     => "domain",
+        'id'         => 'ID',
+        'fullname'   => "name",
+        'section'    => "section",
+        'groups'     => "active groups",
+        'start'      => "start date",
+        'end'        => "end date",
+        'status'     => "status",
+        'role'       => "role",
+        'type'       => "enroll type/action",
+        'email'      => "e-mail address",
+        'photo'      => "photo",
+        'lastlogin'  => "last login",
+        'extent'     => "extent",
+        'ca'         => "check all",
+        'ua'         => "uncheck all",
+        'clicker'    => "clicker-ID",
+    );
+    if ($context eq 'domain' && $env{'form.roletype'} eq 'course') {
+        $lt{'extent'} = &mt('Course(s): description, section(s), status');
+    } elsif ($context eq 'domain' && $env{'form.roletype'} eq 'community') {
+        $lt{'extent'} = &mt('Communities: description, section(s), status');
+    } elsif ($context eq 'author') {
+        $lt{'extent'} = &mt('Author');
+    }
+    return %lt;
+}
+
 sub gather_userinfo {
     my ($context,$format,$userlist,$indexhash,$userinfo,$rolehash,$permission) = @_;
     my $viewablesec;
@@ -2125,7 +2358,7 @@ sub show_users_list {
         $sortby = 'username';
     }
     my $setting = $env{'form.roletype'};
-    my ($cid,$cdom,$cnum,$classgroups,$displayphotos,$displayclickers,$crstype);
+    my ($cid,$cdom,$cnum,$classgroups,$crstype);
     if ($context eq 'course') {
         $cid = $env{'request.course.id'};
         $crstype = &Apache::loncommon::course_type();
@@ -2135,14 +2368,6 @@ sub show_users_list {
         if ($mode eq 'autoenroll') {
             $env{'form.showrole'} = 'st';
         } else {
-            if (! exists($env{'form.displayphotos'})) {
-                $env{'form.displayphotos'} = 'off';
-            }
-            $displayphotos = $env{'form.displayphotos'};
-            if (! exists($env{'form.displayclickers'})) {
-                $env{'form.displayclickers'} = 'off';
-            }
-            $displayclickers = $env{'form.displayclickers'};
             if ($env{'course.'.$cid.'.internal.showphoto'}) {
                 $r->print('
 <script type="text/javascript">
@@ -2158,10 +2383,6 @@ function photowindow(photolink) {
 </script>
                ');
             }
-            $r->print(<<END);
-<input type="hidden" name="displayphotos" value="$displayphotos" />
-<input type="hidden" name="displayclickers" value="$displayclickers" />
-END
         }
     } elsif ($context eq 'domain') {
         if ($setting eq 'community') {
@@ -2171,14 +2392,12 @@ END
         }
     }
     if ($mode ne 'autoenroll' && $mode ne 'pickauthor') {
-        my $check_uncheck_js = &Apache::loncommon::check_uncheck_jscript();
         my $date_sec_selector = &date_section_javascript($context,$setting,$statusmode);
         my $verify_action_js = &bulkaction_javascript($formname);
         $r->print(<<END);
 
 <script type="text/javascript" language="Javascript">
 // <![CDATA[
-$check_uncheck_js
 
 $verify_action_js
 
@@ -2236,71 +2455,18 @@ END
     $r->print(<<END);
 <input type="hidden" name="sortby" value="$sortby" />
 END
-
-    my %lt=&Apache::lonlocal::texthash(
-                       'username'   => "username",
-                       'domain'     => "domain",
-                       'id'         => 'ID',
-                       'fullname'   => "name",
-                       'section'    => "section",
-                       'groups'     => "active groups",
-                       'start'      => "start date",
-                       'end'        => "end date",
-                       'status'     => "status",
-                       'role'       => "role",
-                       'type'       => "enroll type/action",
-                       'email'      => "e-mail address",
-                       'photo'      => "photo",
-                       'extent'     => "extent",
+    my @cols = &infocolumns($context,$mode);
+    my %coltxt = &get_column_names($context);
+    my %acttxt = &Apache::lonlocal::texthash(
                        'pr'         => "Proceed",
-                       'ca'         => "check all",
-                       'ua'         => "uncheck all",
                        'ac'         => "Action to take for selected users",
                        'link'       => "Behavior of clickable username link for each user",
                        'aboutme'    => "Display a user's personal information page",
                        'owin'       => "Open in a new window",
                        'modify'     => "Modify a user's information",
                        'track'      => "View a user's recent activity",
-                       'clicker'    => "Clicker-ID",
                       );
-    if ($context eq 'domain' && $env{'form.roletype'} eq 'course') {
-        $lt{'extent'} = &mt('Course(s): description, section(s), status');
-    } elsif ($context eq 'domain' && $env{'form.roletype'} eq 'community') {
-        $lt{'extent'} = &mt('Communities: description, section(s), status');
-    } elsif ($context eq 'author') {
-        $lt{'extent'} = &mt('Author'); 
-    }
-    my @cols;
-    if ($mode eq 'pickauthor') {
-        @cols = ('username','fullname','status','email');
-    } else {
-        @cols = ('username','domain','id','fullname');
-        if ($context eq 'course') {
-            push(@cols,'section');
-        }
-        if (!($context eq 'domain' && ($env{'form.roletype'} eq 'course')
-                              && ($env{'form.roletype'} eq 'community'))) { 
-            push(@cols,('start','end'));
-        }
-        if ($env{'form.showrole'} eq 'Any' || $env{'form.showrole'} eq 'cr') {
-            push(@cols,'role');
-        }
-        if ($context eq 'domain' && ($env{'form.roletype'} eq 'author' ||
-                                    $env{'form.roletype'} eq 'course' ||
-                                    $env{'form.roletype'} eq 'community')) {
-            push (@cols,'extent');
-        }
-        if (($statusmode eq 'Any') && 
-            (!($context eq 'domain' && (($env{'form.roletype'} eq 'course')
-             || ($env{'form.roletype'} eq 'community'))))) {
-            push(@cols,'status');
-        }
-        if ($context eq 'course') {
-            push(@cols,'groups');
-        }
-        push(@cols,'email');
-    }
-
+    my %lt = (%coltxt,%acttxt);
     my $rolefilter = $env{'form.showrole'};
     if ($env{'form.showrole'} eq 'cr') {
         $rolefilter = &mt('custom');  
@@ -2311,7 +2477,7 @@ END
     if ($mode ne 'autoenroll') {
         $results_description = &results_header_row($rolefilter,$statusmode,
                                                    $context,$permission,$mode,$crstype);
-        $r->print('<b>'.$results_description.'</b><br /><br />');
+        $r->print('<b>'.$results_description.'</b><br clear="all" />');
     }
     my ($output,$actionselect,%canchange,%canchangesec);
     if ($mode eq 'html' || $mode eq 'view' || $mode eq 'autoenroll' || $mode eq 'pickauthor') {
@@ -2407,7 +2573,7 @@ END
             }
             $output .= '</td><td valign="top"  style="border-left: 1px solid;"><span class="LC_nobreak"><input type="checkbox" name="userwin" value="1"'.$checkwin.' />'.$lt{'owin'}.'</span></td></tr></table></fieldset></div>';
         }
-        $output .= "\n".'<div class="LC_clear_float_footer">&nbsp;</div>'."\n".
+        $output .= "\n".'<br clear="all" />'."\n".
                   &Apache::loncommon::start_data_table().
                   &Apache::loncommon::start_data_table_header_row();
         if ($mode eq 'autoenroll') {
@@ -2424,42 +2590,6 @@ END
             $output .= "<th><a href=\"javascript:document.$formname.sortby.value='$item';document.$formname.submit();\">$lt{$item}</a></th>\n";
         }
         my %role_types = &role_type_names();
-        if ($context eq 'course' && $mode ne 'autoenroll') {
-            if ($env{'form.showrole'} eq 'st' || $env{'form.showrole'} eq 'Any') {
-                # Clicker display on or off?
-                my %clicker_options = (
-                                        'on' => 'Show',
-                                        'off' => 'Hide',
-                                      );
-                my $clickerchg = 'on';
-                if ($displayclickers eq 'on') {
-                    $clickerchg = 'off';
-                }
-                $output .= '    <th>'."\n".'     '
-                        .&mt('[_1]'.$clicker_options{$clickerchg}.'[_2] clicker id'
-                            ,'<a href="javascript:document.'.$formname.'.displayclickers.value='
-                             ."'".$clickerchg."'".';document.'.$formname.'.submit();">'
-                            ,'</a>')
-                        ."\n".'    </th>'."\n";
-
-                # Photo display on or off?
-                if ($env{'course.'.$env{'request.course.id'}.'.internal.showphoto'}) {
-                    my %photo_options = &Apache::lonlocal::texthash(
-                                                            'on' => 'Show',
-                                                            'off' => 'Hide',
-                                                                );
-                    my $photochg = 'on';
-                    if ($displayphotos eq 'on') {
-                        $photochg = 'off';
-                    }
-                    $output .= '    <th>'."\n".'     '.
-                '<a href="javascript:document.'.$formname.'.displayphotos.value='.
-                      "'".$photochg."'".';document.'.$formname.'.submit();">'.
-                      $photo_options{$photochg}.'</a>&nbsp;'.$lt{'photo'}."\n".
-                      '    </th>'."\n";
-                }
-            }
-        }
         $output .= &Apache::loncommon::end_data_table_header_row();
 # Done with the HTML header line
     } elsif ($mode eq 'csv') {
@@ -2480,14 +2610,12 @@ END
             $CSVfile = undef;
         }
         #
-        push @cols,'clicker';
         # Write headers and data to file
         print $CSVfile '"'.$results_description.'"'."\n"; 
         print $CSVfile '"'.join('","',map {
             &Apache::loncommon::csv_translate($lt{$_})
             } (@cols))."\"\n";
     } elsif ($mode eq 'excel') {
-        push @cols,'clicker';
         # Create the excel spreadsheet
         ($excel_workbook,$excel_filename,$format) =
             &Apache::loncommon::create_workbook($r);
@@ -2523,6 +2651,11 @@ END
                                                 Future  => 'Future',
                                                 Expired => 'Expired',
                                                );
+    # If this is for a single course get last course "log-in".
+    my %crslogins;
+    if ($context eq 'course') {
+        %crslogins=&Apache::lonnet::dump('nohist_crslastlogin',$cdom,$cnum);
+    }
     # Get groups, role, permanent e-mail so we can sort on them if
     # necessary.
     foreach my $user (keys(%{$userlist})) {
@@ -2606,7 +2739,7 @@ END
                     }
                 }
                 if ($env{'course.'.$env{'request.course.id'}.'.internal.showphoto'}) {
-                    if (($displayphotos eq 'on') && ($role eq 'st')) {
+                    if ((grep/^photo$/,@cols) && ($role eq 'st')) {
                         $userlist->{$user}->[$index{'photo'}] =
                             &Apache::lonnet::retrievestudentphoto($udom,$uname,'jpg');
                         $userlist->{$user}->[$index{'thumbnail'}] =
@@ -2659,15 +2792,23 @@ END
         $in{'clicker'} = $clickers; 
 	my $role = $in{'role'};
         $in{'role'}=&Apache::lonnet::plaintext($sdata->[$index{'role'}],$crstype);
-        if (! defined($in{'start'}) || $in{'start'} == 0) {
-            $in{'start'} = &mt('none');
-        } else {
-            $in{'start'} = &Apache::lonlocal::locallocaltime($in{'start'});
+        unless ($mode eq 'excel') {
+            if (! defined($in{'start'}) || $in{'start'} == 0) {
+                $in{'start'} = &mt('none');
+            } else {
+                $in{'start'} = &Apache::lonlocal::locallocaltime($in{'start'});
+            }
+            if (! defined($in{'end'}) || $in{'end'} == 0) {
+                $in{'end'} = &mt('none');
+            } else {
+                $in{'end'} = &Apache::lonlocal::locallocaltime($in{'end'});
+            }
         }
-        if (! defined($in{'end'}) || $in{'end'} == 0) {
-            $in{'end'} = &mt('none');
-        } else {
-            $in{'end'} = &Apache::lonlocal::locallocaltime($in{'end'});
+        if ($context eq 'course') {
+            my $lastlogin = $crslogins{$in{'username'}.':'.$in{'domain'}.':'.$in{'section'}.':'.$role};
+            if ($lastlogin ne '') {
+                $in{'lastlogin'} = &Apache::lonlocal::locallocaltime($lastlogin);
+            }
         }
         if ($mode eq 'view' || $mode eq 'html' || $mode eq 'autoenroll' || $mode eq 'pickauthor') {
             $r->print(&Apache::loncommon::start_data_table_row());
@@ -2742,43 +2883,34 @@ END
                         $showitem = $ltstatus{$in{$item}};
                     }
                     $r->print('<td>'.$showitem.'</td>'."\n");
-                } else {
-                    $r->print('<td>'.$in{$item}.'</td>'."\n");
-                }
-            }
-            if (($context eq 'course') && ($mode ne 'autoenroll')) {
-                if ($env{'form.showrole'} eq 'st' || $env{'form.showrole'} eq 'Any') {
-                    if ($displayclickers eq 'on') {
-                        my $clickers =
+                } elsif ($item eq 'photo') {
+                     if (($context eq 'course') && ($mode ne 'autoenroll') && 
+                         ($env{'course.'.$env{'request.course.id'}.'.internal.showphoto'})) { 
+                         if ($role eq 'st') {
+                             $r->print('<td align="right"><a href="javascript:photowindow('."'".$in{'photo'}."'".')"><img src="'.$in{'thumbnail'}.'" border="1" alt="" /></a></td>');
+                         } else {
+                             $r->print('<td>&nbsp;</td>');
+                         }
+                     }
+                } elsif ($item eq 'clicker') {
+                    if (($context eq 'course') && ($mode ne 'autoenroll')) {
+                        if ($env{'form.showrole'} eq 'st' || $env{'form.showrole'} eq 'Any') {
+                            my $clickers =
                    (&Apache::lonnet::userenvironment($in{'domain'},$in{'username'},'clickers'))[1];
-                        if ($clickers!~/\w/) { $clickers='-'; }
-                        $r->print('<td>'.$clickers.'</td>');
-                    } else {
-                        $r->print('    <td>&nbsp;</td>  ');
-                    }
-                    if ($env{'course.'.$env{'request.course.id'}.'.internal.showphoto'}) {
-                        if ($displayphotos eq 'on' && $role eq 'st' && $in{'photo'} ne '') {
-                            $r->print('    <td align="right"><a href="javascript:photowindow('."'".$in{'photo'}."'".')"><img src="'.$in{'thumbnail'}.'" border="1" alt="" /></a></td>');
+                            if ($clickers!~/\w/) { $clickers='-'; }
+                            $r->print('<td>'.$clickers.'</td>');
                         } else {
-                            $r->print('    <td>&nbsp;</td>  ');
-                        }
-                    }
+                             $r->print('<td>&nbsp;</td>'."\n");
+                        } 
+                    } 
+                } else {
+                    $r->print('<td>'.$in{$item}.'</td>'."\n");
                 }
             }
             $r->print(&Apache::loncommon::end_data_table_row());
         } elsif ($mode eq 'csv') {
             next if (! defined($CSVfile));
             # no need to bother with $linkto
-            if (! defined($in{'start'}) || $in{'start'} == 0) {
-                $in{'start'} = &mt('none');
-            } else {
-                $in{'start'} = &Apache::lonlocal::locallocaltime($in{'start'});
-            }
-            if (! defined($in{'end'}) || $in{'end'} == 0) {
-                $in{'end'} = &mt('none');
-            } else {
-                $in{'end'} = &Apache::lonlocal::locallocaltime($in{'end'});
-            }
             my @line = ();
             foreach my $item (@cols) {
                 push @line,&Apache::loncommon::csv_translate($in{$item});
@@ -2788,9 +2920,9 @@ END
             my $col = 0;
             foreach my $item (@cols) {
                 if ($item eq 'start' || $item eq 'end') {
-                    if (defined($item) && $item != 0) {
+                    if ((defined($in{$item})) && ($in{$item} != 0)) {
                         $excel_sheet->write($row,$col++,
-                            &Apache::lonstathelpers::calc_serial($in{item}),
+                            &Apache::lonstathelpers::calc_serial($in{$item}),
                                     $format->{'date'});
                     } else {
                         $excel_sheet->write($row,$col++,'none');
@@ -3922,15 +4054,22 @@ sub upfile_drop_add {
                 $r->print($groupwarn.'<br />');
             }
         }
-        my (%curr_rules,%got_rules,%alerts);
+        my (%curr_rules,%got_rules,%alerts,%cancreate);
         my %customroles = &my_custom_roles($crstype);
         my @permitted_roles = 
-            &roles_on_upload($context,$setting,$crstype,%customroles); 
+            &roles_on_upload($context,$setting,$crstype,%customroles);
+        my %longtypes = &Apache::lonlocal::texthash(
+                            official   => 'Institutional',
+                            unofficial => 'Non-institutional',
+                        );
+        my $newuserdom = $env{'request.role.domain'};
+        map { $cancreate{$_} = &can_create_user($newuserdom,$context,$_); } keys(%longtypes);
         # Get new users list
         foreach my $line (@userdata) {
             my @secs;
             my %entries=&Apache::loncommon::record_sep($line);
             # Determine user name
+            $entries{$fields{'username'}} =~ s/^\s+|\s+$//g;
             unless (($entries{$fields{'username'}} eq '') ||
                     (!defined($entries{$fields{'username'}}))) {
                 my ($fname, $mname, $lname,$gen) = ('','','','');
@@ -3951,13 +4090,20 @@ sub upfile_drop_add {
                         $gen=$entries{$fields{'gen'}};
                     }
                 }
+
                 if ($entries{$fields{'username'}}
                     ne &LONCAPA::clean_username($entries{$fields{'username'}})) {
+                    my $nowhitespace;
+                    if ($entries{$fields{'username'}} =~ /\s/) {
+                        $nowhitespace = ' - '.&mt('usernames may not contain spaces.');
+                    }
                     $r->print('<br />'.
       &mt('[_1]: Unacceptable username for user [_2] [_3] [_4] [_5]',
-          '<b>'.$entries{$fields{'username'}}.'</b>',$fname,$mname,$lname,$gen));
+          '<b>'.$entries{$fields{'username'}}.'</b>',$fname,$mname,$lname,$gen).
+                              $nowhitespace);
                     next;
                 } else {
+                    $entries{$fields{'domain'}} =~ s/^\s+|\s+$//g;
                     if ($entries{$fields{'domain'}} 
                         ne &LONCAPA::clean_domain($entries{$fields{'domain'}})) {
                         $r->print('<br />'. '<b>'.$entries{$fields{'domain'}}.
@@ -4016,6 +4162,7 @@ sub upfile_drop_add {
                     # determine email address
                     my $email='';
                     if (defined($fields{'email'})) {
+                        $entries{$fields{'email'}} =~ s/^\s+|\s+$//g;
                         if (defined($entries{$fields{'email'}})) {
                             $email=$entries{$fields{'email'}};
                             unless ($email=~/^[^\@]+\@[^\@]+$/) { $email=''; }
@@ -4062,7 +4209,7 @@ sub upfile_drop_add {
                         $role = $defaultrole;
                     }
                     # Clean up whitespace
-                    foreach (\$id,\$fname,\$mname,\$lname,\$gen) {
+                    foreach (\$id,\$fname,\$mname,\$lname,\$gen,\$inststatus) {
                         $$_ =~ s/(\s+$|^\s+)//g;
                     }
                     # check against rules
@@ -4071,20 +4218,52 @@ sub upfile_drop_add {
                     my (%rulematch,%inst_results,%idinst_results);
                     my $uhome=&Apache::lonnet::homeserver($username,$userdomain);
                     if ($uhome eq 'no_host') {
-                        next if ($userdomain ne $domain);
+                        if ($userdomain ne $newuserdom) {
+                            if ($context eq 'course') {
+                                $r->print('<br />'.
+                                          &mt('[_1]: The domain specified ([_2]) is different to that of the course.',
+                                          '<b>'.$username.'</b>',$userdomain).'<br />');
+                            } elsif ($context eq 'author') {
+                                $r->print(&mt('[_1]: The domain specified ([_2]) is different to that of the author.',
+                                        '<b>'.$username.'</b>',$userdomain).'<br />'); 
+                            } else {
+                                $r->print(&mt('[_1]: The domain specified ([_2]) is different to that of your current role.',
+                                        '<b>'.$username.'</b>',$userdomain).'<br />');
+                            }
+                            $r->print(&mt('The user does not already exist, and you may not create a new user in a different domain.'));
+                            next;
+                        }
                         $checkid = 1;
                         $newuser = 1;
+                        my $user = $username.':'.$newuserdom;
                         my $checkhash;
                         my $checks = { 'username' => 1 };
-                        $checkhash->{$username.':'.$domain} = { 'newuser' => 1, };
+                        $checkhash->{$username.':'.$newuserdom} = { 'newuser' => 1, };
                         &Apache::loncommon::user_rule_check($checkhash,$checks,
                             \%alerts,\%rulematch,\%inst_results,\%curr_rules,
                             \%got_rules);
                         if (ref($alerts{'username'}) eq 'HASH') {
-                            if (ref($alerts{'username'}{$domain}) eq 'HASH') {
-                                next if ($alerts{'username'}{$domain}{$username});
+                            if (ref($alerts{'username'}{$newuserdom}) eq 'HASH') {
+                                if ($alerts{'username'}{$newuserdom}{$username}) {
+                                    $r->print('<br />'.
+                                              &mt('[_1]: matches the username format at your institution, but is not known to your directory service.','<b>'.$username.'</b>').'<br />'.
+                                              &mt('Consequently, the user was not created.'));
+                                    next;
+                                }
+                            }
+                        }
+                        my $usertype = 'unofficial';
+                        if (ref($rulematch{$user}) eq 'HASH') {
+                            if ($rulematch{$user}{'username'}) {
+                                $usertype = 'official';
                             }
                         }
+                        unless ($cancreate{$usertype}) {
+                            my $showtype = $longtypes{$usertype};
+                            $r->print('<br />'.
+                                      &mt('[_1]: The user does not exist, and you are not permitted to create users of type: [_2].','<b>'.$username.'</b>',$showtype));
+                            next;
+                        }
                     } else {
                         if ($context eq 'course' || $context eq 'author') {
                             if ($userdomain eq $domain ) {
@@ -4135,7 +4314,12 @@ sub upfile_drop_add {
                                 \%got_rules);
                             if (ref($alerts{'id'}) eq 'HASH') {
                                 if (ref($alerts{'id'}{$userdomain}) eq 'HASH') {
-                                    next if ($alerts{'id'}{$userdomain}{$id});
+                                    if ($alerts{'id'}{$userdomain}{$id}) {
+                                        $r->print(&mt('[_1]: has a student/employee ID matching the format at your institution, but the ID is found by your directory service.',
+                                                  '<b>'.$username.'</b>').'<br />'.
+                                                  &mt('Consequently, the user was not created.'));
+                                        next;
+                                    }
                                 }
                             }
                         }
@@ -4230,7 +4414,7 @@ sub upfile_drop_add {
             }
         } # end of foreach (@userdata)
         # Flush the course logs so reverse user roles immediately updated
-        &Apache::lonnet::flushcourselogs();
+        $r->register_cleanup(\&Apache::lonnet::flushcourselogs);
         $r->print("</p>\n<p>\n".&mt('Processed [quant,_1,user].',$counts{'user'}).
                   "</p>\n");
         if ($counts{'role'} > 0) {
@@ -4686,12 +4870,12 @@ sub update_user_list {
                }
             } elsif ($choice eq 'chgdates') {
                 $r->print(&mt("$result_text{'ok'}{$choice} role of '[_1]' in [_2] for '[_3]' - [_4]",$plrole,$extent, 
-                      '<i>'.&Apache::loncommon::plainname($uname.':'.$udom).'</i>',
+                      '<i>'.&Apache::loncommon::plainname($uname,$udom).'</i>',
                       $dates).'<br />');
                $count ++;
             } else {
                 $r->print(&mt("$result_text{'ok'}{$choice} role of '[_1]' in [_2] for '[_3]'.",$plrole,$extent,
-                      '<i>'.&Apache::loncommon::plainname($uname.':'.$udom).'</i>').
+                      '<i>'.&Apache::loncommon::plainname($uname,$udom).'</i>').
                           '<br />');
                 $count ++;
             }
@@ -4699,7 +4883,7 @@ sub update_user_list {
             $r->print(
                 &mt("Error $result_text{'error'}{$choice} [_1] in [_2] for '[_3]': [_4].",
                     $plrole,$extent,
-                    '<i>'.&Apache::loncommon::plainname($uname.':'.$udom).'</i>',
+                    '<i>'.&Apache::loncommon::plainname($uname,$udom).'</i>',
                     $result).'<br />');
         }
     }
@@ -4722,7 +4906,7 @@ sub update_user_list {
             $r->print('<p>'.&mt('Re-enabling will re-activate data for the role.').'</p>');
         }
         # Flush the course logs so reverse user roles immediately updated
-        &Apache::lonnet::flushcourselogs();
+        $r->register_cleanup(\&Apache::lonnet::flushcourselogs);
     }
     if ($env{'form.makedatesdefault'}) {
         if ($choice eq 'chgdates' || $choice eq 'reenable' || $choice eq 'activate') {
@@ -4937,7 +5121,7 @@ sub setsections_javascript {
                     accr => 'A course coordinator role will be added with access to all sections.',
                     acor => 'A coordinator role will be added with access to all sections',
                     inea => 'In each course, each user may only have one student role at a time.',
-                    inec => 'In each community, each user may only have one member role at a time.',
+                    inco => 'In each community, each user may only have one member role at a time.',
                     youh => 'You had selected ',
                     secs => 'sections.',
                     plmo => 'Please modify your selections so they include no more than one section.',
@@ -5158,18 +5342,40 @@ sub can_modify_userinfo {
 }
 
 sub check_usertype {
-    my ($dom,$uname,$rules) = @_;
+    my ($dom,$uname,$rules,$curr_rules,$got_rules) = @_;
     my $usertype;
-    if (ref($rules) eq 'HASH') {
-        my @user_rules = keys(%{$rules});
-        if (@user_rules > 0) {
-            my %rule_check = &Apache::lonnet::inst_rulecheck($dom,$uname,undef,'username',\@user_rules);
-            if (keys(%rule_check) > 0) {
-                $usertype = 'unofficial';
-                foreach my $item (keys(%rule_check)) {
-                    if ($rule_check{$item}) {
-                        $usertype = 'official';
-                        last;
+    if ((ref($got_rules) eq 'HASH') && (ref($curr_rules) eq 'HASH')) {
+        if (!$got_rules->{$dom}) {
+            my %domconfig = &Apache::lonnet::get_dom('configuration',
+                                              ['usercreation'],$dom);
+            if (ref($domconfig{'usercreation'}) eq 'HASH') {
+                foreach my $item ('username','id') {
+                    if (ref($domconfig{'usercreation'}{$item.'_rule'}) eq 'ARRAY') {
+                        $curr_rules->{$dom}{$item} =
+                                $domconfig{'usercreation'}{$item.'_rule'};
+                    }
+                }
+            }
+            $got_rules->{$dom} = 1;
+        }
+        if (ref($rules) eq 'HASH') {
+            my @user_rules;
+            if (ref($curr_rules->{$dom}{'username'}) eq 'ARRAY') {
+                foreach my $rule (keys(%{$rules})) {
+                    if (grep(/^\Q$rule\E/,@{$curr_rules->{$dom}{'username'}})) {
+                        push(@user_rules,$rule);
+                    }
+                } 
+            }
+            if (@user_rules > 0) {
+                my %rule_check = &Apache::lonnet::inst_rulecheck($dom,$uname,undef,'username',\@user_rules);
+                if (keys(%rule_check) > 0) {
+                    $usertype = 'unofficial';
+                    foreach my $item (keys(%rule_check)) {
+                        if ($rule_check{$item}) {
+                            $usertype = 'official';
+                            last;
+                        }
                     }
                 }
             }