--- loncom/interface/lonuserutils.pm	2017/01/28 03:48:44	1.182
+++ loncom/interface/lonuserutils.pm	2023/10/06 02:27:26	1.184.4.10.2.5
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Utility functions for managing LON-CAPA user accounts
 #
-# $Id: lonuserutils.pm,v 1.182 2017/01/28 03:48:44 raeburn Exp $
+# $Id: lonuserutils.pm,v 1.184.4.10.2.5 2023/10/06 02:27:26 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -438,7 +438,7 @@ sub javascript_validations {
             } elsif ($context eq 'domain') {
                 $setsection_call = 'setCourse()';
                 $setsections_js = &dc_setcourse_js($param{'formname'},$mode,
-                                                   $context,$showcredits);
+                                                   $context,$showcredits,$domain);
             }
             $finish = "  var checkSec = $setsection_call\n".
                       "  if (checkSec == 'ok') {\n".
@@ -510,7 +510,7 @@ END
 ";
     } elsif ($mode eq 'modifycourse') {
         $auth_checks .= "
-    if (vf.elements[current.argfield].value == null || vf.elements[current.argfield].value == '') {
+    if ((current.argfield !== null) && (current.argfield !== undefined) && (current.argfield !== '') && (vf.elements[current.argfield].value == null || vf.elements[current.argfield].value == '')) {
 ";
     }
     if ( ($mode eq 'createcourse') || ($mode eq 'modifycourse') ) {
@@ -531,19 +531,25 @@ END
 /* regexp here to check for non \d \. in credits */
 END
     } else {
+        my ($numrules,$intargjs) =
+            &Apache::loncommon::passwd_validation_js('vf.elements[current.argfield].value',$domain);
         $auth_checks .= (<<END);
     foundatype=1;
     if (current.argfield == null || current.argfield == '') {
+        // The login radiobutton checked does not have an associated textbox
+    } else if (vf.elements[current.argfield].value == '') {
         var alertmsg = '';
         switch (current.radiovalue) {
             case 'krb':
                 alertmsg = '$alert{'krb'}';
                 break;
-            case 'loc':
-            case 'fsys':
+            case 'int':
                 alertmsg = '$alert{'ipass'}';
                 break;
             case 'fsys':
+                alertmsg = '$alert{'ipass'}';
+                break;
+            case 'loc':
                 alertmsg = '';
                 break;
             default:
@@ -553,6 +559,10 @@ END
             alert(alertmsg);
             return;
         }
+    } else if (current.radiovalue == 'int') {
+        if ($numrules > 0) {
+$intargjs
+        }
     }
 END
     }
@@ -641,6 +651,7 @@ END
                  $section_checks.$authheader;
     return $result;
 }
+
 ###############################################################
 ###############################################################
 sub upload_manager_javascript_forward_associate {
@@ -1121,8 +1132,15 @@ sub print_upload_manager_form {
     if (!$env{'form.datatoken'}) {
         $datatoken=&Apache::loncommon::upfile_store($r);
     } else {
-        $datatoken=$env{'form.datatoken'};
-        &Apache::loncommon::load_tmp_file($r);
+        $datatoken=&Apache::loncommon::valid_datatoken($env{'form.datatoken'});
+        if ($datatoken ne '') {
+            &Apache::loncommon::load_tmp_file($r,$datatoken);
+        }
+    }
+    if ($datatoken eq '') {
+        $r->print('<p class="LC_error">'.&mt('Error').': '.
+                  &mt('Invalid datatoken').'</p>');
+        return 'missingdata';
     }
     my @records=&Apache::loncommon::upfile_record_sep();
     if($env{'form.noFirstLine'}){
@@ -1206,6 +1224,7 @@ sub print_upload_manager_form {
     }
     &print_upload_manager_footer($r,$i,$keyfields,$defdom,$today,$halfyear,
                                  $context,$permission,$crstype,$showcredits);
+    return 'ok';
 }
 
 sub setup_date_selectors {
@@ -2279,7 +2298,6 @@ sub build_user_record {
 
 sub courses_selector {
     my ($cdom,$formname) = @_;
-    my %coursecodes = ();
     my %codes = ();
     my @codetitles = ();
     my %cat_titles = ();
@@ -2292,14 +2310,15 @@ sub courses_selector {
     my $jscript = '';
 
     my $totcodes = 0;
-    $totcodes =
-        &Apache::courseclassifier::retrieve_instcodes(\%coursecodes,
-                                                      $cdom,$totcodes);
-    if ($totcodes > 0) {
-        $format_reply =
-             &Apache::lonnet::auto_instcode_format($caller,$cdom,\%coursecodes,
-                                \%codes,\@codetitles,\%cat_titles,\%cat_order);
-        if ($format_reply eq 'ok') {
+    my $instcats = &Apache::lonnet::get_dom_instcats($cdom);
+    if (ref($instcats) eq 'HASH') {
+        if ((ref($instcats->{'codetitles'}) eq 'ARRAY') && (ref($instcats->{'codes'}) eq 'HASH') &&
+            (ref($instcats->{'cat_titles'}) eq 'HASH') && (ref($instcats->{'cat_order'}) eq 'HASH')) {
+            %codes = %{$instcats->{'codes'}};
+            @codetitles = @{$instcats->{'codetitles'}};
+            %cat_titles = %{$instcats->{'cat_titles'}};
+            %cat_order = %{$instcats->{'cat_order'}};
+            $totcodes = scalar(keys(%codes));
             my $numtypes = @codetitles;
             &Apache::courseclassifier::build_code_selections(\%codes,\@codetitles,\%cat_titles,\%cat_order,\%idlist,\%idnums,\%idlist_titles);
             my ($scripttext,$longtitles) = &Apache::courseclassifier::javascript_definitions(\@codetitles,\%idlist,\%idlist_titles,\%idnums,\%cat_titles);
@@ -2336,7 +2355,8 @@ function setCourseCat(formname) {
     }
     courseSet('$codetitles[1]');
     for (var j=0; j<formname.Department.length; j++) {
-        if (formname.Department.options[j].value == "$env{'form.Department'}") {            formname.Department.options[j].selected = true;
+        if (formname.Department.options[j].value == "$env{'form.Department'}") {
+            formname.Department.options[j].selected = true;
         }
     }
     if (formname.Department.options[formname.Department.selectedIndex].value == -1) {
@@ -2757,7 +2777,7 @@ END
                .'<input type="checkbox" name="userwin" value="1"'.$checkwin.' />'.$lt{'owin'}
                .'</label></span></td></tr></table></fieldset></div>';
         }
-        $output .= "\n".'<br clear="all" />'."\n".
+        $output .= "\n".'<div style="padding:0;clear:both;margin:0;border:0"></div>'."\n".
                   &Apache::loncommon::start_data_table().
                   &Apache::loncommon::start_data_table_header_row();
         if ($mode eq 'autoenroll') {
@@ -3101,7 +3121,14 @@ END
                         }
                         if ($showcheckbox) {
                             $r->print('<td><input type="checkbox" name="'.
-                                      'actionlist" value="'.&HTML::Entities::encode($checkval,'&<>"').'" /></td>');
+                                      'actionlist" value="'.
+                                      &HTML::Entities::encode($checkval,'&<>"').'" />');
+                            foreach my $item ('start','end') {
+                                $r->print('<input type="hidden" name="'.
+                                          &HTML::Entities::encode($checkval.'_'.$item,'&<>"').'"'.
+                                          ' value="'.$sdata->[$index{$item}].'" />');
+                            }
+                            $r->print('</td>');
                         } else {
                             $r->print('<td>&nbsp;</td>');
                         }
@@ -3115,8 +3142,6 @@ END
             foreach my $item (@cols) {
                 if ($item eq 'username') {
                     $r->print('<td>'.&print_username_link($mode,\%in).'</td>');
-                } elsif (($item eq 'start' || $item eq 'end') && ($actionselect)) {
-                    $r->print('<td>'.$in{$item}.'<input type="hidden" name="'.&HTML::Entities::encode($checkval.'_'.$item.'" value="'.$sdata->[$index{$item}],'&<>"').'" /></td>'."\n");
                 } elsif ($item eq 'status') {
                     my $showitem = $in{$item};
                     if (defined($ltstatus{$in{$item}})) {
@@ -3507,6 +3532,8 @@ END
         setSections(formname,'$crstype');
         if (seccheck == 'ok') {
             opener.document.$callingform.newsecs.value = formname.sections.value;
+        } else {
+            return;
         }
 END
     } else {
@@ -4091,7 +4118,7 @@ sub print_first_users_upload_form {
            .&Apache::lonhtmlcommon::end_pick_box();
 
     $str .= '<p>'
-           .'<input type="submit" name="fileupload" value="'.&mt('Next').'"'
+           .'<input type="button" name="fileupload" value="'.&mt('Next').'"'
            .' onclick="javascript:checkUpload(this.form);" />'
            .'</p>';
 
@@ -4102,7 +4129,10 @@ sub print_first_users_upload_form {
 # ================================================= Drop/Add from uploaded file
 sub upfile_drop_add {
     my ($r,$context,$permission,$showcredits) = @_;
-    &Apache::loncommon::load_tmp_file($r);
+    my $datatoken = &Apache::loncommon::valid_datatoken($env{'form.datatoken'});
+    if ($datatoken ne '') {
+        &Apache::loncommon::load_tmp_file($r,$datatoken);
+    }
     my @userdata=&Apache::loncommon::upfile_record_sep();
     if($env{'form.noFirstLine'}){shift(@userdata);}
     my @keyfields = split(/\,/,$env{'form.keyfields'});
@@ -4116,10 +4146,6 @@ sub upfile_drop_add {
             $fields{$env{'form.f'.$i}}=$keyfields[$i];
         }
     }
-    if ($env{'form.fullup'} ne 'yes') {
-        $r->print('<form name="studentform" method="post" action="/adm/createuser">'."\n".
-                  '<input type="hidden" name="action" value="'.$env{'form.action'}.'" />');
-    }
     #
     # Store the field choices away
     my @storefields = qw/username names fname mname lname gen id 
@@ -4133,17 +4159,26 @@ sub upfile_drop_add {
         $fieldstype{$field.'_choice'} = 'scalar';
     }
     &Apache::loncommon::store_course_settings('enrollment_upload',\%fieldstype);
-    my ($cid,$crstype,$setting);
+    my ($cid,$crstype,$setting,$crsdom,$crsnum,$oldcrsuserdoms);
     if ($context eq 'domain') {
         $setting = $env{'form.roleaction'};
     }
     if ($env{'request.course.id'} ne '') {
         $cid = $env{'request.course.id'};
         $crstype = &Apache::loncommon::course_type();
+        $crsdom = $env{'course.'.$env{'request.course.id'}.'.domain'};
+        $crsnum = $env{'course.'.$env{'request.course.id'}.'.num'};
     } elsif ($setting eq 'course') {
         if (&Apache::lonnet::is_course($env{'form.dcdomain'},$env{'form.dccourse'})) {
             $cid = $env{'form.dcdomain'}.'_'.$env{'form.dccourse'};
             $crstype = &Apache::loncommon::course_type($cid);
+            $crsdom = $env{'form.dcdomain'};
+            $crsnum = $env{'form.dccourse'};
+            if (exists($env{'course.'.$cid.'.internal.userdomains'})) {
+                $oldcrsuserdoms = 1;
+            }
+            my %coursedesc = &Apache::lonnet::coursedescription($cid,{ one_time => 1 });
+            $env{'course.'.$cid.'.internal.userdomains'} = $coursedesc{'internal.userdomains'};
         }
     }
     my ($startdate,$enddate) = &get_dates_from_form();
@@ -4164,10 +4199,10 @@ sub upfile_drop_add {
     } else {
         my %home_servers = &Apache::lonnet::get_servers($defdom,'library');
         if (! exists($home_servers{$desiredhost})) {
-            $r->print('<span class="LC_error">'.&mt('Error').
-                      &mt('Invalid home server specified').'</span>');
+            $r->print('<p class="LC_error">'.&mt('Error').': '.
+                      &mt('Invalid home server specified').'</p>');
             $r->print(&Apache::loncommon::end_page());
-            return;
+            return 'invalidhome';
         }
     }
     # Determine authentication mechanism
@@ -4177,6 +4212,7 @@ sub upfile_drop_add {
     }
     my $amode  = '';
     my $genpwd = '';
+    my @genpwdfail;
     if ($env{'form.login'} eq 'krb') {
         $amode='krb';
         $amode.=$env{'form.krbver'};
@@ -4185,6 +4221,8 @@ sub upfile_drop_add {
         $amode='internal';
         if ((defined($env{'form.intarg'})) && ($env{'form.intarg'})) {
             $genpwd=$env{'form.intarg'};
+            @genpwdfail =
+                &Apache::loncommon::check_passwd_rules($domain,$genpwd);
         }
     } elsif ($env{'form.login'} eq 'loc') {
         $amode='localauth';
@@ -4263,10 +4301,14 @@ sub upfile_drop_add {
                                                   \@statuses,\@poss_roles);
                 &gather_userinfo($context,'view',\%userlist,$indexhash,\%info,
                              \%cstr_roles,$permission);
-
             }
         }
     }
+    if ($datatoken eq '') {
+        $r->print('<p class="LC_error">'.&mt('Error').': '.
+                  &mt('Invalid datatoken').'</p>');
+        return 'missingdata';
+    }
     if ( $domain eq &LONCAPA::clean_domain($domain)
         && ($amode ne '')) {
         #######################################
@@ -4336,7 +4378,8 @@ sub upfile_drop_add {
         my $newuserdom = $env{'request.role.domain'};
         map { $cancreate{$_} = &can_create_user($newuserdom,$context,$_); } keys(%longtypes);
         # Get new users list
-        my (%existinguser,%userinfo,%disallow,%rulematch,%inst_results,%alerts,%checkuname);
+        my (%existinguser,%userinfo,%disallow,%rulematch,%inst_results,%alerts,%checkuname,
+            %showpasswdrules,$haspasswdmap);
         my $counter = -1;
         foreach my $line (@userdata) {
             $counter ++;
@@ -4464,11 +4507,43 @@ sub upfile_drop_add {
                         }
                     }
                     # determine user password
-                    my $password = $genpwd;
+                    my $password;
+                    my $passwdfromfile;
                     if (defined($fields{'ipwd'})) {
                         if ($entries{$fields{'ipwd'}}) {
                             $password=$entries{$fields{'ipwd'}};
+                            $passwdfromfile = 1;
+                            if ($env{'form.login'} eq 'int') {
+                                my $uhome=&Apache::lonnet::homeserver($username,$userdomain);
+                                if (($uhome eq 'no_host') || ($changeauth)) {
+                                    my @brokepwdrules =
+                                        &Apache::loncommon::check_passwd_rules($domain,$password);
+                                    if (@brokepwdrules) {
+                                        $disallow{$counter} = &mt('[_1]: Password included in file for this user did not meet requirements.',
+                                                                  '<b>'.$username.'</b>');
+                                        map { $showpasswdrules{$_} = 1; } @brokepwdrules;
+                                        next;
+                                    }
+                                }
+                            }
+                        }
+                    }
+                    unless ($passwdfromfile) {
+                        if ($env{'form.login'} eq 'int') {
+                            if (@genpwdfail) {
+                                my $uhome=&Apache::lonnet::homeserver($username,$userdomain);
+                                if (($uhome eq 'no_host') || ($changeauth)) {
+                                    $disallow{$counter} = &mt('[_1]: No specific password in file for this user; default password did not meet requirements',
+                                                              '<b>'.$username.'</b>');
+                                    unless ($haspasswdmap) {
+                                        map { $showpasswdrules{$_} = 1; } @genpwdfail;
+                                        $haspasswdmap = 1;
+                                    }
+                                }
+                                next;
+                            }
                         }
+                        $password = $genpwd;
                     }
                     # determine user role
                     my $role = '';
@@ -4740,6 +4815,16 @@ sub upfile_drop_add {
                     my (%userres,%authres,%roleres,%idres);
                     my $singlesec = '';
                     if ($role eq 'st') {
+                        if (($context eq 'domain') && ($changeauth eq 'Yes') && (!$newuser)) {
+                            if ((&Apache::lonnet::allowed('mau',$userdomain)) &&
+                                (&Apache::lonnet::homeserver($username,$userdomain) ne 'no_host')) {
+                                if ((($amode =~ /^krb4|krb5|internal$/) && $password ne '') ||
+                                     ($amode eq 'localauth')) {
+                                    $authresult =
+                                        &Apache::lonnet::modifyuserauth($userdomain,$username,$amode,$password);
+                                }
+                            }
+                        }
                         my $sec;
                         if (ref($userinfo{$i}{'sections'}) eq 'ARRAY') {
                             if (@secs > 0) {
@@ -4781,16 +4866,16 @@ sub upfile_drop_add {
                                     }
                                 }
                             }
-                            if (!$multiple) {
-                                ($userresult,$authresult,$roleresult,$idresult) = 
-                                    &modifyuserrole($context,$setting,
-                                                    $changeauth,$cid,$userdomain,$username, 
-                                                    $id,$amode,$password,$fname,
-                                                    $mname,$lname,$gen,$singlesec,
-                                                    $env{'form.forceid'},$desiredhost,
-                                                    $email,$role,$enddate,$startdate,
-                                                    $checkid,$inststatus);
-                            }
+                        }
+                        if (!$multiple) {
+                            ($userresult,$authresult,$roleresult,$idresult) = 
+                                &modifyuserrole($context,$setting,
+                                                $changeauth,$cid,$userdomain,$username, 
+                                                $id,$amode,$password,$fname,
+                                                $mname,$lname,$gen,$singlesec,
+                                                $env{'form.forceid'},$desiredhost,
+                                                $email,$role,$enddate,$startdate,
+                                                $checkid,$inststatus);
                         }
                     }
                     if ($multiple) {
@@ -4812,6 +4897,13 @@ sub upfile_drop_add {
             } # end of loop
             $r->print('</ul>');
             &Apache::lonhtmlcommon::Close_PrgWin($r,\%prog_state);
+            if (($context eq 'domain') && ($setting eq 'course')) {
+                unless ($oldcrsuserdoms) {
+                    if (exists($env{'course.'.$cid.'.internal.userdomains'})) {
+                        delete($env{'course.'.$cid.'.internal.userdomains'});
+                    }
+                }
+            }
         }
         # Flush the course logs so reverse user roles immediately updated
         $r->register_cleanup(\&Apache::lonnet::flushcourselogs);
@@ -4819,7 +4911,9 @@ sub upfile_drop_add {
                   "</p>\n");
         if ($counts{'role'} > 0) {
             $r->print("<p>\n".
-                      &mt('Roles added for [quant,_1,user].',$counts{'role'}).' '.&mt('If a user is currently logged-in to LON-CAPA, any new roles which are active will be available when the user next logs in.')."</p>\n");
+                      &mt('Roles added for [quant,_1,user].',$counts{'role'}).' '.
+                      &mt('If a user is currently logged-in to LON-CAPA, any new roles which are active will be available when the user next logs in.').
+                      "</p>\n");
         } else {
             $r->print('<p>'.&mt('No roles added').'</p>');
         }
@@ -4829,6 +4923,7 @@ sub upfile_drop_add {
                           $counts{'auth'})."</p>\n");
         }
         $r->print(&print_namespacing_alerts($domain,\%alerts,\%curr_rules));
+        $r->print(&passwdrule_alerts($domain,\%showpasswdrules));
         #####################################
         # Display list of students to drop  #
         #####################################
@@ -4837,10 +4932,9 @@ sub upfile_drop_add {
             #  Get current classlist
             my $classlist = &Apache::loncoursedata::get_classlist();
             if (! defined($classlist)) {
-                $r->print('<form name="studentform" method="post" action="/adm/createuser">'.
-                          '<input type="hidden" name="action" value="'.$env{'form.action'}.'" />'.
-                          '<p class="LC_info">'.&mt('There are no students with current/future access to the course.').'</p>'.
-                          '</form>'."\n");
+                $r->print('<p class="LC_info">'.
+                          &mt('There are no students with current/future access to the course.').
+                          '</p>'."\n");
             } elsif (ref($classlist) eq 'HASH') {
                 # Remove the students we just added from the list of students.
                 foreach my $line (@userdata) {
@@ -4856,9 +4950,7 @@ sub upfile_drop_add {
             }
         }
     } # end of unless
-    if ($env{'form.fullup'} ne 'yes') {
-        $r->print('</form>');
-    }
+    return 'ok';
 }
 
 sub print_namespacing_alerts {
@@ -4901,6 +4993,42 @@ sub print_namespacing_alerts {
     }
 }
 
+sub passwdrule_alerts {
+    my ($domain,$passwdrules) = @_;
+    my $warning;
+    if (ref($passwdrules) eq 'HASH') {
+        my %showrules = %{$passwdrules};
+        if (keys(%showrules)) {
+            my %passwdconf = &Apache::lonnet::get_passwdconf($domain);
+            $warning = '<b>'.&mt('Password requirement(s) unmet for one or more users:').'</b><ul>';
+            if ($showrules{'min'}) {
+                my $min = $passwdconf{'min'};
+                if ($min eq '') {
+                    $min = $Apache::lonnet::passwdmin;
+                }
+                $warning .= '<li>'.&mt('minimum [quant,_1,character]',$min).'</li>';
+            }
+            if ($showrules{'max'}) {
+                $warning .= '<li>'.&mt('maximum [quant,_1,character]',$passwdconf{'max'}).'</li>';
+            }
+            if ($showrules{'uc'}) {
+                $warning .= '<li>'.&mt('contain at least one upper case letter').'</li>';
+            }
+            if ($showrules{'lc'}) {
+                $warning .= '<li>'.&mt('contain at least one lower case letter').'</li>';
+            }
+            if ($showrules{'num'}) {
+                $warning .= '<li>'.&mt('contain at least one number').'</li>';
+            }
+            if ($showrules{'spec'}) {
+                $warning .= '<li>'.&mt('contain at least one non-alphanumeric').'</li>';
+            }
+            $warning .= '</ul>';
+        }
+    }
+    return $warning;
+}
+
 sub user_change_result {
     my ($r,$userresult,$authresult,$roleresult,$idresult,$counts,$flushc,
         $username,$userdomain,$userchg) = @_;
@@ -5770,6 +5898,70 @@ sub can_modify_userinfo {
     return %canmodify;
 }
 
+sub can_change_internalpass {
+    my ($uname,$udom,$crstype,$permission) = @_;
+    my $canchange;
+    if (&Apache::lonnet::allowed('mau',$udom)) {
+        $canchange = 1;
+    } elsif ((ref($permission) eq 'HASH') && ($permission->{'mip'}) &&
+             ($udom eq $env{'request.role.domain'})) {
+        unless ($env{'course.'.$env{'request.course.id'}.'.internal.nopasswdchg'}) {
+            my ($cnum,$cdom) = &get_course_identity();
+            if ((&Apache::lonnet::is_course_owner($cdom,$cnum)) && ($udom eq $env{'user.domain'})) {
+                my @userstatuses = ('default');
+                my %userenv = &Apache::lonnet::userenvironment($udom,$uname,'inststatus');
+                if ($userenv{'inststatus'} ne '') {
+                    @userstatuses =  split(/:/,$userenv{'inststatus'});
+                }
+                my $noupdate = 1;
+                my %passwdconf = &Apache::lonnet::get_passwdconf($cdom);
+                if (ref($passwdconf{'crsownerchg'}) eq 'HASH') {
+                    if (ref($passwdconf{'crsownerchg'}{'for'}) eq 'ARRAY') {
+                        foreach my $status (@userstatuses) {
+                            if (grep(/^\Q$status\E$/,@{$passwdconf{'crsownerchg'}{'for'}})) {
+                                undef($noupdate);
+                                last;
+                            }
+                        }
+                    }
+                }
+                if ($noupdate) {
+                    return;
+                }
+                my %owned = &Apache::lonnet::courseiddump($cdom,'.',1,'.',
+                                                          $env{'user.name'}.':'.$env{'user.domain'},
+                                                          undef,undef,undef,'.');
+                my %roleshash = &Apache::lonnet::get_my_roles($uname,$udom,'userroles',
+                                                              ['active','future']);
+                foreach my $key (keys(%roleshash)) {
+                    my ($name,$domain,$role) = split(/:/,$key);
+                    if ($role eq 'st') {
+                        next if (($name eq $cnum) && ($domain eq $cdom));
+                        if ($owned{$domain.'_'.$name}) {
+                            if (ref($owned{$domain.'_'.$name}) eq 'HASH') {
+                                if ($owned{$domain.'_'.$name}{'nopasswdchg'}) {
+                                    $noupdate = 1;
+                                    last;
+                                }
+                            }
+                        } else {
+                            $noupdate = 1;
+                            last;
+                        }
+                    } else {
+                        $noupdate = 1;
+                        last;
+                    }
+                }
+                unless ($noupdate) {
+                    $canchange = 1;
+                }
+            }
+        }
+    }
+    return $canchange;
+}
+
 sub check_usertype {
     my ($dom,$uname,$rules,$curr_rules,$got_rules) = @_;
     my $usertype;
@@ -5890,12 +6082,21 @@ sub get_permission {
                     $permission{'selfenrolladmin'} = 1;
                 }
             }
+            unless ($permission{'selfenrolladmin'}) {
+                $permission{'selfenrollview'} = 1;
+            }
         }
         if ($env{'request.course.id'}) {
-            my $user = $env{'user.name'}.':'.$env{'user.domain'};
+            my $user;
+            if (($env{'user.name'} ne '') && ($env{'user.domain'} ne '')) {
+                $user = $env{'user.name'}.':'.$env{'user.domain'};
+            }
             if (($user ne '') && ($env{'course.'.$env{'request.course.id'}.'.internal.courseowner'} eq
                                   $user)) {
                 $permission{'owner'} = 1;
+                if (&Apache::lonnet::allowed('mip',$env{'request.course.id'})) {
+                    $permission{'mip'} = 1;
+                }
             } elsif (($user ne '') && ($env{'course.'.$env{'request.course.id'}.'.internal.co-owners'} ne '')) {
                 if (grep(/^\Q$user\E$/,split(/,/,$env{'course.'.$env{'request.course.id'}.'.internal.co-owners'}))) {
                     $permission{'co-owner'} = 1;
@@ -5932,8 +6133,9 @@ sub get_permission {
         }
     }
     my $allowed = 0;
-    foreach my $perm (values(%permission)) {
-        if ($perm) { $allowed=1; last; }
+    foreach my $key (keys(%permission)) {
+        next if (($key eq 'owner') || ($key eq 'co-owner'));
+        if ($permission{$key}) { $allowed=1; last; }
     }
     return (\%permission,$allowed);
 }
@@ -5982,7 +6184,7 @@ sub get_course_identity {
 }
 
 sub dc_setcourse_js {
-    my ($formname,$mode,$context,$showcredits) = @_;
+    my ($formname,$mode,$context,$showcredits,$domain) = @_;
     my ($dc_setcourse_code,$authen_check);
     my $cctext = &Apache::lonnet::plaintext('cc');
     my $cotext = &Apache::lonnet::plaintext('co');
@@ -5991,7 +6193,7 @@ sub dc_setcourse_js {
     if ($mode eq 'upload') {
         $role = 'courserole';
     } else {
-        $authen_check = &verify_authen($formname,$context);
+        $authen_check = &verify_authen($formname,$context,$domain);
     }
     $dc_setcourse_code = (<<"SCRIPTTOP");
 $authen_check
@@ -6135,12 +6337,14 @@ ENDSCRIPT
 }
 
 sub verify_authen {
-    my ($formname,$context) = @_;
+    my ($formname,$context,$domain) = @_;
     my %alerts = &authcheck_alerts();
     my $finish = "return 'ok';";
     if ($context eq 'author') {
         $finish = "document.$formname.submit();";
     }
+    my ($numrules,$intargjs) =
+        &Apache::loncommon::passwd_validation_js('argpicked',$domain);
     my $outcome = <<"ENDSCRIPT";
 
 function auth_check() {
@@ -6174,6 +6378,7 @@ function auth_check() {
                 break;
             case 'int':
                 alertmsg = '$alerts{'ipass'}';
+                break;
             case 'fsys':
                 alertmsg = '$alerts{'ipass'}';
                 break;
@@ -6187,6 +6392,11 @@ function auth_check() {
             alert(alertmsg);
             return;
         }
+    } else if (logintype == 'int') {
+        var numrules = $numrules;
+        if (numrules > 0) {
+$intargjs
+        }
     }
     $finish
 }
@@ -6338,7 +6548,7 @@ sub selfenrollment_administration {
         }
     }
     if ($settings{'internal.selfenrollmgrdc'} ne '') {
-        my @in_domain = split(/,/,$settings{'internal.selfenrollmgrdc'});
+        @in_domain = split(/,/,$settings{'internal.selfenrollmgrdc'});
         my @diffs = &Apache::loncommon::compare_arrays(\@in_domain,$possconfigs);
         unless (@diffs) {
             return (\@in_course,\@in_domain);