--- loncom/interface/lonuserutils.pm	2010/01/05 22:08:48	1.109.2.2
+++ loncom/interface/lonuserutils.pm	2010/11/01 18:19:01	1.129
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Utility functions for managing LON-CAPA user accounts
 #
-# $Id: lonuserutils.pm,v 1.109.2.2 2010/01/05 22:08:48 raeburn Exp $
+# $Id: lonuserutils.pm,v 1.129 2010/11/01 18:19:01 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -47,7 +47,8 @@ sub modifystudent {
     # this one.  If $csec is defined, drop them from all other sections of
     # this course and add them to section $csec
     my ($cnum,$cdom) = &get_course_identity($courseid);
-    my %roles = &Apache::lonnet::dump('roles',$udom,$unam);
+    my $extra = &Apache::lonnet::freeze_escape({'skipcheck' => 1});
+    my %roles = &Apache::lonnet::dump('roles',$udom,$unam,'.',undef,$extra);
     my ($tmp) = keys(%roles);
     # Bail out if we were unable to get the students roles
     return "$1" if ($tmp =~ /^(con_lost|error|no_such_host)/i);
@@ -295,7 +296,8 @@ sub hidden_input {
 }
 
 sub print_upload_manager_header {
-    my ($r,$datatoken,$distotal,$krbdefdom,$context,$permission,$crstype)=@_;
+    my ($r,$datatoken,$distotal,$krbdefdom,$context,$permission,$crstype,
+        $can_assign)=@_;
     my $javascript;
     #
     if (! exists($env{'form.upfile_associate'})) {
@@ -309,9 +311,9 @@ sub print_upload_manager_header {
         }
     }
     if ($env{'form.upfile_associate'} eq 'reverse') {
-        $javascript=&upload_manager_javascript_reverse_associate();
+        $javascript=&upload_manager_javascript_reverse_associate($can_assign);
     } else {
-        $javascript=&upload_manager_javascript_forward_associate();
+        $javascript=&upload_manager_javascript_forward_associate($can_assign);
     }
     #
     # Deal with restored settings
@@ -585,6 +587,31 @@ END
 ###############################################################
 ###############################################################
 sub upload_manager_javascript_forward_associate {
+    my ($can_assign) = @_;
+    my $auth_update;
+    if (ref($can_assign) eq 'HASH') {
+        if (keys(%{$can_assign}) > 1) {
+            $auth_update = <<"END";
+   // If we set the password, make the password form below correspond to
+   // the new value.
+   if (nw==9) {
+      changed_radio('int',document.studentform);
+      set_auth_radio_buttons('int',document.studentform);
+END
+        }
+        if ($can_assign->{'krb4'} || $can_assign->{'krb5'}) {
+           $auth_update .= "      vf.krbarg.value='';\n";
+        }
+        if ($can_assign->{'int'}) {
+           $auth_update .= "      vf.intarg.value='';\n";
+        }
+        if ($can_assign->{'loc'}) {
+           $auth_update .= "      vf.locarg.value='';\n";
+        }
+        $auth_update .= "
+   }\n";
+    }
+
     return(<<ENDPICK);
 function verify(vf,sec_caller) {
     var founduname=0;
@@ -661,15 +688,7 @@ function flip(vf,tf) {
          }
       }
    }
-   // If we set the password, make the password form below correspond to
-   // the new value.
-   if (nw==9) {
-       changed_radio('int',document.studentform);
-       set_auth_radio_buttons('int',document.studentform);
-       vf.intarg.value='';
-       vf.krbarg.value='';
-       vf.locarg.value='';
-   }
+   $auth_update
 }
 
 function clearpwd(vf) {
@@ -687,6 +706,29 @@ ENDPICK
 ###############################################################
 ###############################################################
 sub upload_manager_javascript_reverse_associate {
+    my ($can_assign) = @_;
+    my $auth_update; 
+    if (ref($can_assign) eq 'HASH') {
+        if (keys(%{$can_assign}) > 1) {
+            $auth_update = <<"END";
+   // initial password specified, pick internal authentication
+   if (tf==8 && nw!=0) {
+      changed_radio('int',document.studentform);
+      set_auth_radio_buttons('int',document.studentform);
+END
+        }
+        if ($can_assign->{'krb'}) {      
+           $auth_update .= "      vf.krbarg.value='';\n";
+        }
+        if ($can_assign->{'int'}) {
+           $auth_update .= "      vf.intarg.value='';\n";
+        }
+        if ($can_assign->{'loc'}) {
+           $auth_update .= "      vf.locarg.value='';\n";
+        }
+        $auth_update .= "
+   }\n";
+    }
     return(<<ENDPICK);
 function verify(vf,sec_caller) {
     var founduname=0;
@@ -726,14 +768,7 @@ function flip(vf,tf) {
    if ((tf>=2) && (tf<=5) && (nw!=0)) {
       eval('vf.f1.selectedIndex=0;')
    }
-   // intial password specified, pick internal authentication
-   if (tf==8 && nw!=0) {
-       changed_radio('int',document.studentform);
-       set_auth_radio_buttons('int',document.studentform);
-       vf.krbarg.value='';
-       vf.intarg.value='';
-       vf.locarg.value='';
-   }
+   $auth_update
 }
 
 function clearpwd(vf) {
@@ -978,8 +1013,9 @@ sub print_upload_manager_form {
     my ($krbdef,$krbdefdom) =
         &Apache::loncommon::get_kerberos_defaults($defdom);
     #
+    my ($authnum,%can_assign) =  &Apache::loncommon::get_assignable_auth($defdom);
     &print_upload_manager_header($r,$datatoken,$distotal,$krbdefdom,$context,
-                                 $permission,$crstype);
+                                 $permission,$crstype,\%can_assign);
     my $i;
     my $keyfields;
     if ($total>=0) {
@@ -1185,10 +1221,8 @@ sub default_role_selector {
                     'exs'  => "Existing sections",
                     'new'  => "New section",
                   );
-    $options = '<select name="defaultrole">'."\n";
-    unless (($context eq 'course') && (&Apache::loncommon::needs_gci_custom())) {
-        $options .= ' <option value="">'.&mt('Please select').'</option>'."\n";
-    }
+    $options = '<select name="defaultrole">'."\n".
+               ' <option value="">'.&mt('Please select').'</option>'."\n"; 
     if ($context eq 'course') {
         $options .= &default_course_roles($context,$checkpriv,$crstype,%customroles);
     } elsif ($context eq 'author') {
@@ -1450,8 +1484,12 @@ sub print_userlist {
     }
     if (!(($context eq 'domain') && 
           (($env{'form.roletype'} eq 'course') || ($env{'form.roletype'} eq 'community')))) {
-        $r->print('&nbsp;'.&list_submit_button(&mt('Update Display')).
-                  "\n</p>\n");
+        $r->print(
+            "\n</p>\n"
+           .'<p>'
+           .&list_submit_button(&mt('Update Display'))
+           ."</p>\n"
+        );
     }
     my ($indexhash,$keylist) = &make_keylist_array();
     my (%userlist,%userinfo,$clearcoursepick);
@@ -1470,9 +1508,11 @@ sub print_userlist {
             $title = &mt('Select Communities');
             $warning = &mt('Warning: data retrieval for multiple communities can take considerable time, as this operation is not currently optimized.');
         }
+        my @standardnames = &Apache::loncommon::get_standard_codeitems();
         my $courseform =
             &Apache::lonhtmlcommon::course_selection($formname,$numcodes,
-                            $codetitles,$idlist,$idlist_titles,$crstype);
+                            $codetitles,$idlist,$idlist_titles,$crstype,
+                            \@standardnames);
         $r->print('<p>'.&Apache::lonhtmlcommon::start_pick_box()."\n".
                   &Apache::lonhtmlcommon::start_pick_box()."\n".
                   &Apache::lonhtmlcommon::row_title($title,'LC_oddrow_value')."\n".
@@ -1690,7 +1730,7 @@ sub role_filter {
         $role_select .= '</select>';
         $output = '<label><span class="LC_nobreak">'
                  .&mt('Role: [_1]',$role_select)
-                 .'</span></label>';
+                 .'</span></label> ';
     }
     return $output;
 }
@@ -1730,7 +1770,7 @@ sub section_group_filter {
         }
         if (@options > 0) {
             my $currsel;
-            $markup = '<select name="'.$name{$item}.'" />'."\n";
+            $markup = '<select name="'.$name{$item}.'">'."\n";
             foreach my $option ('all','none',@options) { 
                 $currsel = '';
                 if ($env{'form.'.$name{$item}} eq $option) {
@@ -1745,7 +1785,9 @@ sub section_group_filter {
                 $markup .= '</option>'."\n";
             }
             $markup .= '</select>'."\n";
-            $output .= ('&nbsp;'x3).'<label>'.$title{$item}.': '.$markup.'</label>';
+            $output .= ('&nbsp;'x3).'<span class="LC_nobreak">'
+                      .'<label>'.$title{$item}.': '.$markup.'</label>'
+                      .'</span> ';
         }
     }
     return $output;
@@ -1919,7 +1961,7 @@ function setCourseCat(formname) {
     if (formname.Year.options[formname.Year.selectedIndex].value == -1) {
         return;
     }
-    courseSet('Year');
+    courseSet('$codetitles[0]');
     for (var j=0; j<formname.Semester.length; j++) {
         if (formname.Semester.options[j].value == "$env{'form.Semester'}") {
             formname.Semester.options[j].selected = true;
@@ -1928,7 +1970,7 @@ function setCourseCat(formname) {
     if (formname.Semester.options[formname.Semester.selectedIndex].value == -1) {
         return;
     }
-    courseSet('Semester');
+    courseSet('$codetitles[1]');
     for (var j=0; j<formname.Department.length; j++) {
         if (formname.Department.options[j].value == "$env{'form.Department'}") {            formname.Department.options[j].selected = true;
         }
@@ -1936,7 +1978,7 @@ function setCourseCat(formname) {
     if (formname.Department.options[formname.Department.selectedIndex].value == -1) {
         return;
     }
-    courseSet('Department');
+    courseSet('$codetitles[2]');
     for (var j=0; j<formname.Number.length; j++) {
         if (formname.Number.options[j].value == "$env{'form.Number'}") {
             formname.Number.options[j].selected = true;
@@ -2399,7 +2441,7 @@ END
             if ($env{'form.userwin'}) {
                 $checkwin = ' checked="checked"';
             }
-            $output .= '</td><td valign="top"><span class="LC_nobreak"><input type="checkbox" name="userwin" value="1"'.$checkwin.' />'.$lt{'owin'}.'</span></td></tr></table></fieldset></div>';
+            $output .= '</td><td valign="top"  style="border-left: 1px solid;"><span class="LC_nobreak"><input type="checkbox" name="userwin" value="1"'.$checkwin.' />'.$lt{'owin'}.'</span></td></tr></table></fieldset></div>';
         }
         $output .= "\n".'<div class="LC_clear_float_footer">&nbsp;</div>'."\n".
                   &Apache::loncommon::start_data_table().
@@ -2939,7 +2981,7 @@ sub print_username_link {
         $output = $in->{'username'};
     } else {
         $output = '<a href="javascript:username_display_launch('.
-                  "'$in->{'username'}','$in->{'domain'}'".')" />'.
+                  "'$in->{'username'}','$in->{'domain'}'".')">'.
                   $in->{'username'}.'</a>';
     }
     return $output;
@@ -3169,9 +3211,9 @@ ENDJS
     my %lt = &Apache::lonlocal::texthash (
                  chac => 'Access dates to apply for selected users',
                  chse => 'Changes in section affiliation to apply to selected users',
-                 fors => 'For student roles changing the section, will result in a section switch as students may only be in one section of a course at a time.',
-                 forn => 'For a role in a course that is not a student role, a user may have roles in more than one section of a course at a time.',
-                 reta => "Retain each user's current section affiliations?", 
+                 fors => 'For student roles, changing the section will result in a section switch as students may only be in one section of a course at a time.',
+                 forn => 'For a course role that is not "student", users may have roles in more than one section at a time.',
+                 reta => "Retain each user's current section affiliations?",
                  dnap => '(Does not apply to student roles).',
             );
     my ($date_items,$headertext);
@@ -3189,14 +3231,13 @@ ENDJS
                                           $permission,$crstype);
     }
     $output .= '<h3>'.$headertext.'</h3>'.
-               '<form name="'.$formname.'" method="post">'."\n".
+               '<form name="'.$formname.'" method="post" action="">'."\n".
                 $date_items;
     if ($context eq 'course' && $env{'form.bulkaction'} eq 'chgsec') {
         my ($cnum,$cdom) = &get_course_identity();
-        my $crstype = &Apache::loncommon::course_type();
         if ($crstype eq 'Community') {
-            $lt{'fors'} = &mt('For member roles changing the section, will result in a section switch as members may only be in one section of a community at a time.');
-            $lt{'forn'} = &mt('For a role in a community that is not a member role, a user may have roles in more than one section of a community at a time.');
+            $lt{'fors'} = &mt('For member roles, changing the section will result in a section switch, as members may only be in one section of a community at a time.');
+            $lt{'forn'} = &mt('For a community role that is not "member", users may have roles in more than one section at a time.');
             $lt{'dnap'} = &mt('(Does not apply to member roles).'); 
         }
         my $info;
@@ -3237,7 +3278,7 @@ sub section_picker {
     my ($cdom,$cnum,$role,$rowtitle,$permission,$context,$mode,$crstype) = @_;
     my %sections_count = &Apache::loncommon::get_sections($cdom,$cnum);
     my $sections_select .= &course_sections(\%sections_count,$role);
-    my $secbox = '<p>'.&Apache::lonhtmlcommon::start_pick_box()."\n";
+    my $secbox = '<div>'.&Apache::lonhtmlcommon::start_pick_box()."\n";
     if ($mode eq 'upload') {
         my ($options,$cb_script,$coursepick) =
             &default_role_selector($context,1,$crstype);
@@ -3250,7 +3291,7 @@ sub section_picker {
                    '<td align="center">'.&mt('Existing sections')."\n".
                    '<br />'.$sections_select.'</td><td align="center">'.
                    &mt('New section').'<br />'."\n".
-                   '<input type="text" name="newsec" size="15" />'."\n".
+                   '<input type="text" name="newsec" size="15" value="" />'."\n".
                    '<input type="hidden" name="sections" value="" />'."\n".
                    '</td></tr></table>'."\n";
     } else {
@@ -3259,7 +3300,7 @@ sub section_picker {
                    $env{'request.course.sec'};
     }
     $secbox .= &Apache::lonhtmlcommon::row_closure(1)."\n".
-               &Apache::lonhtmlcommon::end_pick_box().'</p>';
+               &Apache::lonhtmlcommon::end_pick_box().'</div>';
     return $secbox;
 }
 
@@ -3400,7 +3441,7 @@ sub results_header_row {
                 if ($rolefilter eq 'Any') {
                     $description .= &mt('All users with co-author roles in domain',$showfilter);
                 } else {
-                    $description .= &mt('All co-authors in domain  with [_1] roles',$rolefilter);
+                    $description .= &mt('All co-authors in domain with [_1] roles',$rolefilter);
                 }
             }
         } elsif (($env{'form.roletype'} eq 'course') || 
@@ -3657,7 +3698,7 @@ sub print_first_users_upload_form {
     $str .= '<input type="hidden" name="action" value="upload" />';
     $str .= '<input type="hidden" name="state"  value="got_file" />';
 
-    $str .= '<h3>'.&mt('Upload a file containing information about users').'</h3>'."\n";
+    $str .= '<h2>'.&mt('Upload a file containing information about users').'</h2>'."\n";
 
     # Excel and CSV Help
     $str .= '<div class="LC_left_float">'
@@ -3668,8 +3709,15 @@ sub print_first_users_upload_form {
                 &mt("How do I create a CSV file from a spreadsheet"))
            .'</div><br clear="all" />'."\n";
     $str .= &Apache::lonhtmlcommon::start_pick_box()
-           .&Apache::lonhtmlcommon::row_title(&mt('File'))
-           .&Apache::loncommon::upfile_select_html()
+           .&Apache::lonhtmlcommon::row_title(&mt('File'));
+    if (&Apache::lonlocal::current_language() ne 'en') {
+        if ($context eq 'course') { 
+            $str .= '<p class="LC_info">'."\n"
+                   .&mt('Please upload an UTF8 encoded file to ensure a correct character encoding in your classlist.')."\n"
+                   .'</p>'."\n";
+        }
+    }
+    $str .= &Apache::loncommon::upfile_select_html()
            .&Apache::lonhtmlcommon::row_closure()
            .&Apache::lonhtmlcommon::row_title(
                 '<label for="noFirstLine">'
@@ -3910,15 +3958,21 @@ sub upfile_drop_add {
                 $r->print($groupwarn.'<br />');
             }
         }
-        my (%curr_rules,%got_rules,%alerts);
+        my (%curr_rules,%got_rules,%alerts,%cancreate);
         my %customroles = &my_custom_roles($crstype);
         my @permitted_roles = 
-            &roles_on_upload($context,$setting,$crstype,%customroles); 
+            &roles_on_upload($context,$setting,$crstype,%customroles);
+        my %longtypes = &Apache::lonlocal::texthash(
+                            official   => 'Institutional',
+                            unofficial => 'Non-institutional',
+                        );
+        map { $cancreate{$_} = &can_create_user($domain,$context,$_); } keys(%longtypes);
         # Get new users list
         foreach my $line (@userdata) {
             my @secs;
             my %entries=&Apache::loncommon::record_sep($line);
             # Determine user name
+            $entries{$fields{'username'}} =~ s/^\s+|\s+$//g;
             unless (($entries{$fields{'username'}} eq '') ||
                     (!defined($entries{$fields{'username'}}))) {
                 my ($fname, $mname, $lname,$gen) = ('','','','');
@@ -3939,13 +3993,20 @@ sub upfile_drop_add {
                         $gen=$entries{$fields{'gen'}};
                     }
                 }
+
                 if ($entries{$fields{'username'}}
                     ne &LONCAPA::clean_username($entries{$fields{'username'}})) {
+                    my $nowhitespace;
+                    if ($entries{$fields{'username'}} =~ /\s/) {
+                        $nowhitespace = ' - '.&mt('usernames may not contain spaces.');
+                    }
                     $r->print('<br />'.
       &mt('[_1]: Unacceptable username for user [_2] [_3] [_4] [_5]',
-          '<b>'.$entries{$fields{'username'}}.'</b>',$fname,$mname,$lname,$gen));
+          '<b>'.$entries{$fields{'username'}}.'</b>',$fname,$mname,$lname,$gen).
+                              $nowhitespace);
                     next;
                 } else {
+                    $entries{$fields{'domain'}} =~ s/^\s+|\s+$//g;
                     if ($entries{$fields{'domain'}} 
                         ne &LONCAPA::clean_domain($entries{$fields{'domain'}})) {
                         $r->print('<br />'. '<b>'.$entries{$fields{'domain'}}.
@@ -4004,6 +4065,7 @@ sub upfile_drop_add {
                     # determine email address
                     my $email='';
                     if (defined($fields{'email'})) {
+                        $entries{$fields{'email'}} =~ s/^\s+|\s+$//g;
                         if (defined($entries{$fields{'email'}})) {
                             $email=$entries{$fields{'email'}};
                             unless ($email=~/^[^\@]+\@[^\@]+$/) { $email=''; }
@@ -4050,7 +4112,7 @@ sub upfile_drop_add {
                         $role = $defaultrole;
                     }
                     # Clean up whitespace
-                    foreach (\$id,\$fname,\$mname,\$lname,\$gen) {
+                    foreach (\$id,\$fname,\$mname,\$lname,\$gen,\$inststatus) {
                         $$_ =~ s/(\s+$|^\s+)//g;
                     }
                     # check against rules
@@ -4059,9 +4121,16 @@ sub upfile_drop_add {
                     my (%rulematch,%inst_results,%idinst_results);
                     my $uhome=&Apache::lonnet::homeserver($username,$userdomain);
                     if ($uhome eq 'no_host') {
-                        next if ($userdomain ne $domain);
+                        if ($userdomain ne $domain) {
+                            $r->print('<br />'.
+                                &mt('[_1]: The domain specified ([_2]) is different to that of the course.',
+                                    '<b>'.$username.'</b>',$userdomain).'<br />'.
+                                &mt('The user does not already exist, and you may not create a new user in a different domain.'));
+                            next;
+                        }
                         $checkid = 1;
                         $newuser = 1;
+                        my $user = $username.':'.$domain;
                         my $checkhash;
                         my $checks = { 'username' => 1 };
                         $checkhash->{$username.':'.$domain} = { 'newuser' => 1, };
@@ -4070,9 +4139,26 @@ sub upfile_drop_add {
                             \%got_rules);
                         if (ref($alerts{'username'}) eq 'HASH') {
                             if (ref($alerts{'username'}{$domain}) eq 'HASH') {
-                                next if ($alerts{'username'}{$domain}{$username});
+                                if ($alerts{'username'}{$domain}{$username}) {
+                                    $r->print('<br />'.
+                                              &mt('[_1]: matches the username format at your institution, but is not known to your directory service.','<b>'.$username.'</b>').'<br />'.
+                                              &mt('Consequently, the user was not created.'));
+                                    next;
+                                }
                             }
                         }
+                        my $usertype = 'unofficial';
+                        if (ref($rulematch{$user}) eq 'HASH') {
+                            if ($rulematch{$user}{'username'}) {
+                                $usertype = 'official';
+                            }
+                        }
+                        unless ($cancreate{$usertype}) {
+                            my $showtype = $longtypes{$usertype};
+                            $r->print('<br />'.
+                                      &mt("[_1]: The user does not exist, and you are not permitted to create users of type: $showtype.",'<b>'.$username.'</b>'));
+                            next;
+                        }
                     } else {
                         if ($context eq 'course' || $context eq 'author') {
                             if ($userdomain eq $domain ) {
@@ -4123,7 +4209,12 @@ sub upfile_drop_add {
                                 \%got_rules);
                             if (ref($alerts{'id'}) eq 'HASH') {
                                 if (ref($alerts{'id'}{$userdomain}) eq 'HASH') {
-                                    next if ($alerts{'id'}{$userdomain}{$id});
+                                    if ($alerts{'id'}{$userdomain}{$id}) {
+                                        $r->print(&mt('[_1]: has a student/employee ID matching the format at your institution, but the ID is found by your directory service.',
+                                                  '<b>'.$username.'</b>').'<br />'.
+                                                  &mt('Consequently, the user was not created.'));
+                                        next;
+                                    }
                                 }
                             }
                         }
@@ -4218,7 +4309,7 @@ sub upfile_drop_add {
             }
         } # end of foreach (@userdata)
         # Flush the course logs so reverse user roles immediately updated
-        &Apache::lonnet::flushcourselogs();
+        $r->register_cleanup(\&Apache::lonnet::flushcourselogs);
         $r->print("</p>\n<p>\n".&mt('Processed [quant,_1,user].',$counts{'user'}).
                   "</p>\n");
         if ($counts{'role'} > 0) {
@@ -4382,10 +4473,9 @@ sub print_drop_menu {
 # ================================================================== Phase four
 
 sub update_user_list {
-    my ($r,$context,$setting,$choice) = @_;
+    my ($r,$context,$setting,$choice,$crstype) = @_;
     my $now = time;
     my $count=0;
-    my $crstype;
     if ($context eq 'course') {
         $crstype = &Apache::loncommon::course_type();
     }
@@ -4400,7 +4490,7 @@ sub update_user_list {
                                    'reenable' => 'Re-enabled',
                                    'activate' => 'Activated',
                                    'chgdates' => 'Changed Access Dates for',
-                                   'chgsec'   => 'Changed section for',
+                                   'chgsec'   => 'Changed section(s) for',
                                    'drop'     => 'Dropped',
                                  },
                         error => {'revoke'    => 'revoking',
@@ -4417,8 +4507,9 @@ sub update_user_list {
         ($startdate,$enddate) = &get_dates_from_form();
     }
     foreach my $item (@changelist) {
-        my ($role,$uname,$udom,$cid,$sec,$scope,$result,$type,$locktype,@sections,
-            $scopestem);
+        my ($role,$uname,$udom,$cid,$sec,$scope,$result,$type,$locktype,
+            @sections,$scopestem,$singlesec,$showsecs,$warn_singlesec,
+            $nothingtodo,$keepnosection);
         if ($choice eq 'drop') {
             ($uname,$udom,$sec) = split(/:/,$item,-1);
             $role = 'st';
@@ -4517,14 +4608,23 @@ sub update_user_list {
             } elsif ($choice eq 'chgsec') {
                 my (@newsecs,$revresult,$nochg,@retained);
                 if (($role ne 'cc') && ($role ne 'co')) {
-                    @newsecs = split(/,/,$env{'form.newsecs'});
+                    my @secs = sort(split(/,/,$env{'form.newsecs'}));
+                    if (@secs) {
+                        my %curr_groups = &Apache::longroup::coursegroups();
+                        foreach my $sec (@secs) {
+                            next if (($sec =~ /\W/) || ($sec eq 'none') ||
+                            (exists($curr_groups{$sec})));
+                            push(@newsecs,$sec);
+                        }
+                    }
                 }
                 # remove existing section if not to be retained.   
-                if (!$env{'form.retainsec'}) {
+                if (!$env{'form.retainsec'} || ($role eq 'st')) {
                     if ($sec eq '') {
                         if (@newsecs == 0) {
-                            $result = &mt('No change in section assignment (none)');
+                            $result = 'ok';
                             $nochg = 1;
+                            $nothingtodo = 1;
                         } else {
                             $revresult =
                                 &Apache::lonnet::revokerole($udom,$uname,
@@ -4551,13 +4651,23 @@ sub update_user_list {
                 } else {
                     if ($sec eq '') {
                         $nochg = 1;
-                    } else { 
+                        $keepnosection = 1;
+                    } else {
                         push(@retained,$sec);
                     }
                 }
                 # add new sections
+                my (@diffs,@shownew);
+                if (@retained) {
+                    @diffs = &Apache::loncommon::compare_arrays(\@retained,\@newsecs);
+                } else {
+                    @diffs = @newsecs;
+                }
                 if (@newsecs == 0) {
-                    if (!$nochg) {
+                    if ($nochg) {
+                        $result = 'ok';
+                        $nothingtodo = 1;
+                    } else {
                         if ($role eq 'st') {
                             $result = 
                                 &Apache::lonnet::modify_student_enrollment($udom,$uname,undef,undef,undef,undef,undef,undef,$end,$start,$type,$locktype,$cid,'',$context);
@@ -4566,22 +4676,58 @@ sub update_user_list {
                             $result = &Apache::lonnet::assignrole($udom,$uname,$newscope,$role,$end,$start,'','',$context);
                         }
                     }
+                    $showsecs = &mt('No section');
+                } elsif (@diffs == 0) {
+                    $result = 'ok';
+                    $nothingtodo = 1;
                 } else {
-                    foreach my $newsec (@newsecs) { 
+                    foreach my $newsec (@newsecs) {
                         if (!grep(/^\Q$newsec\E$/,@retained)) {
                             if ($role eq 'st') {
                                 $result = &Apache::lonnet::modify_student_enrollment($udom,$uname,undef,undef,undef,undef,undef,$newsec,$end,$start,$type,$locktype,$cid,'',$context);
+                                if (@newsecs > 1) {
+                                    my $showsingle; 
+                                    if ($newsec eq '') {
+                                        $showsingle = &mt('No section');
+                                    } else {
+                                        $showsingle = $newsec;
+                                    }
+                                    if ($crstype eq 'Community') {
+                                        $warn_singlesec = &mt('Although more than one section was indicated, a role was only added for the first section - [_1], as each community member may only be in one section at a time.','<i>'.$showsingle.'</i>');
+                                    } else { 
+                                        $warn_singlesec = &mt('Although more than one section was indicated, a role was only added for the first section - [_1], as each student may only be in one section of a course at a time.','<i>'.$showsingle.'</i>');
+                                    }
+                                    $showsecs = $showsingle; 
+                                    last;
+                                } else {
+                                    if ($newsec eq '') {
+                                        $showsecs = &mt('No section');
+                                    } else {
+                                        $showsecs = $newsec;
+                                    }
+                                }
                             } else {
                                 my $newscope = $scopestem;
                                 if ($newsec ne '') {
                                    $newscope .= '/'.$newsec;
+                                   push(@shownew,$newsec); 
                                 }
                                 $result = &Apache::lonnet::assignrole($udom,$uname,
                                                         $newscope,$role,$end,$start);
+                                
                             }
                         }
                     }
                 }
+                unless ($role eq 'st') {
+                    unless ($showsecs) {
+                        my @tolist = sort(@shownew,@retained);
+                        if ($keepnosection) {
+                            push(@tolist,&mt('No section'));
+                        }
+                        $showsecs = join(', ',@tolist);
+                    }
+                }
             }
         }
         my $extent = $scope;
@@ -4592,13 +4738,48 @@ sub update_user_list {
             }
         }
         if ($result eq 'ok' || $result eq 'ok:') {
-            $r->print(&mt("$result_text{'ok'}{$choice} role of '[_1]' in [_2] for [_3]",
-                          $plrole,$extent,$uname.':'.$udom).'<br />');
-            $count++;
+            my $dates;
+            if (($choice eq 'chgsec') || ($choice eq 'chgdates')) {
+                $dates = &dates_feedback($start,$end,$now);
+            }
+            if ($choice eq 'chgsec') {
+                if ($nothingtodo) {
+                    $r->print(&mt("Section assignment for role of '[_1]' in [_2] for '[_3]' unchanged.",$plrole,$extent,'<i>'.
+                          &Apache::loncommon::plainname($uname,$udom).
+                          '</i>').' ');
+                    if ($sec eq '') {
+                        $r->print(&mt('[_1]No section[_2] - [_3]','<b>','</b>',$dates));
+                    } else {
+                        $r->print(&mt('Section(s): [_1] - [_2]',
+                                      '<b>'.$showsecs.'</b>',$dates));
+                    }
+                    $r->print('<br />');
+                } else {
+                    $r->print(&mt("$result_text{'ok'}{$choice} role of '[_1]' in [_2] for '[_3]' to [_4] - [_5]",$plrole,$extent,
+                        '<i>'.&Apache::loncommon::plainname($uname,$udom).'</i>',
+                        '<b>'.$showsecs.'</b>',$dates).'<br />');
+                   $count ++;
+               }
+               if ($warn_singlesec) {
+                   $r->print('<div class="LC_warning">'.$warn_singlesec.'</div>');
+               }
+            } elsif ($choice eq 'chgdates') {
+                $r->print(&mt("$result_text{'ok'}{$choice} role of '[_1]' in [_2] for '[_3]' - [_4]",$plrole,$extent, 
+                      '<i>'.&Apache::loncommon::plainname($uname,$udom).'</i>',
+                      $dates).'<br />');
+               $count ++;
+            } else {
+                $r->print(&mt("$result_text{'ok'}{$choice} role of '[_1]' in [_2] for '[_3]'.",$plrole,$extent,
+                      '<i>'.&Apache::loncommon::plainname($uname,$udom).'</i>').
+                          '<br />');
+                $count ++;
+            }
         } else {
             $r->print(
-                &mt("Error $result_text{'error'}{$choice} [_1] in [_2] for [_3]: [_4].",
-                    $plrole,$extent,$uname.':'.$udom,$result).'<br />');
+                &mt("Error $result_text{'error'}{$choice} [_1] in [_2] for '[_3]': [_4].",
+                    $plrole,$extent,
+                    '<i>'.&Apache::loncommon::plainname($uname,$udom).'</i>',
+                    $result).'<br />');
         }
     }
     $r->print('<form name="studentform" method="post" action="/adm/createuser">'."\n");
@@ -4614,13 +4795,13 @@ sub update_user_list {
             }
         }
     }
-    $r->print('<p><b>'.&mt("$result_text{'ok'}{$choice} role(s) for [quant,_1,user,users,no users].",$count).'</b></p>');
+    $r->print('<p><b>'.&mt("$result_text{'ok'}{$choice} for [quant,_1,user role,user roles,no user roles].",$count).'</b></p>');
     if ($count > 0) {
         if ($choice eq 'revoke' || $choice eq 'drop') {
             $r->print('<p>'.&mt('Re-enabling will re-activate data for the role.').'</p>');
         }
         # Flush the course logs so reverse user roles immediately updated
-        &Apache::lonnet::flushcourselogs();
+        $r->register_cleanup(\&Apache::lonnet::flushcourselogs);
     }
     if ($env{'form.makedatesdefault'}) {
         if ($choice eq 'chgdates' || $choice eq 'reenable' || $choice eq 'activate') {
@@ -4634,6 +4815,27 @@ sub update_user_list {
     $r->print('<a href="javascript:document.studentform.submit()">'.$linktext.'</a></form>'."\n");
 }
 
+sub dates_feedback {
+    my ($start,$end,$now) = @_;
+    my $dates;
+    if ($start < $now) {
+        if ($end == 0) {
+            $dates .= &mt('role(s) active now; no end date');
+        } elsif ($end > $now) {
+            $dates = &mt('role(s) active now; ends [_1].',&Apache::lonlocal::locallocaltime($end));
+        } else {
+            $dates = &mt('role(s) expired: [_1].',&Apache::lonlocal::locallocaltime($end));
+        }
+     } else {
+        if ($end == 0 || $end > $now) {
+            $dates = &mt('future role(s); starts: [_1].',&Apache::lonlocal::locallocaltime($start));
+        } else {
+            $dates = &mt('role(s) expired: [_1].',&Apache::lonlocal::locallocaltime($end));
+        }
+    }
+    return $dates;
+}
+
 sub classlist_drop {
     my ($scope,$uname,$udom,$now) = @_;
     my ($cdom,$cnum) = ($scope=~m{^/($match_domain)/($match_courseid)});
@@ -4814,7 +5016,7 @@ sub setsections_javascript {
                     accr => 'A course coordinator role will be added with access to all sections.',
                     acor => 'A coordinator role will be added with access to all sections',
                     inea => 'In each course, each user may only have one student role at a time.',
-                    inec => 'In each community, each user may only have on member role at a time.',
+                    inco => 'In each community, each user may only have one member role at a time.',
                     youh => 'You had selected ',
                     secs => 'sections.',
                     plmo => 'Please modify your selections so they include no more than one section.',
@@ -4822,16 +5024,21 @@ sub setsections_javascript {
                     plch => 'Please choose a different section name.',
                     mnot => 'may not be used as a section name, as it is the name of a course group.',
                     secn => 'Section names and group names must be distinct. Please choose a different section name.',
+                    nonw => 'Section names may only contain letters or numbers.',
                  );                
     $setsection_js .= <<"ENDSECCODE";
 
 function setSections(formname,crstype) {
     var re1 = /^currsec_/;
+    var re2 =/\\W/;
+    var trimleading = /^\\s+/;
+    var trimtrailing = /\\s+\$/;
     var groups = new Array($groupslist);
     for (var i=0;i<formname.elements.length;i++) {
         var str = formname.elements[i].name;
         var checkcurr = str.match(re1);
         if (checkcurr != null) {
+            var num = i;
             if ($checkincluded) {
                 $rolecode
                 if (role == 'cc' || role == 'co') {
@@ -4843,38 +5050,60 @@ function setSections(formname,crstype) {
                 } else {
                     var sections = '';
                     var numsec = 0;
-                    var sections;
-                    for (var j=0; j<formname.elements[i].length; j++) {
-                        if (formname.elements[i].options[j].selected == true ) {
-                            if (formname.elements[i].options[j].value != "") {
+                    var fromexisting = new Array();
+                    for (var j=0; j<formname.elements[num].length; j++) {
+                        if (formname.elements[num].options[j].selected == true ) {
+                            var addsec = formname.elements[num].options[j].value;
+                            if ((addsec != "") && (addsec != null)) {
+                                fromexisting.push(addsec);
                                 if (numsec == 0) {
-                                    if (formname.elements[i].options[j].value != "") {
-                                        sections = formname.elements[i].options[j].value;
-                                        numsec ++;
-                                    }
-                                }
-                                else {
-                                    sections = sections + "," +  formname.elements[i].options[j].value
-                                    numsec ++;
+                                    sections = addsec;
+                                } else {
+                                    sections = sections + "," +  addsec;
                                 }
+                                numsec ++;
                             }
                         }
                     }
-                    if (numsec > 0) {
-                        if (formname.elements[i+1].value != "" && formname.elements[i+1].value != null) {
-                            sections = sections + "," +  formname.elements[i+1].value;
-                        }
-                    }
-                    else {
-                        sections = formname.elements[i+1].value;
-                    }
-                    var newsecs = formname.elements[i+1].value;
-                    var numsplit;
+                    var newsecs = formname.elements[num+1].value;
+                    var validsecs = new Array();
+                    var validsecstr = '';
+                    var badsecs = new Array();
                     if (newsecs != null && newsecs != "") {
-                        numsplit = newsecs.split(/,/g);
-                        numsec = numsec + numsplit.length;
+                        var numsplit;
+                        if (newsecs.indexOf(',') == -1) {
+                            numsplit = new Array(newsecs);
+                        } else {
+                            numsplit = newsecs.split(/,/g);
+                        }
+                        for (var m=0; m<numsplit.length; m++) {
+                            var newsec = numsplit[m];
+                            newsec = newsec.replace(trimleading,'');
+                            newsec = newsec.replace(trimtrailing,'');
+                            if (re2.test(newsec) == true) {
+                                badsecs.push(newsec);
+                            } else {
+                                if (newsec != '') {
+                                    var isnew = 1;
+                                    if (fromexisting != null) {
+                                        for (var n=0; n<fromexisting.length; n++) {
+                                            if (newsec == fromexisting[n]) {
+                                                isnew = 0;
+                                            }
+                                        }
+                                    }
+                                    if (isnew == 1) {
+                                        validsecs.push(newsec);
+                                    }
+                                }
+                            }
+                        }
+                        if (badsecs.length > 0) {
+                            alert("$alerts{'nonw'}\\n$alerts{'plch'}");
+                            return;
+                        }
+                        numsec = numsec + validsecs.length;
                     }
-
                     if ((role == 'st') && (numsec > 1)) {
                         if (crstype == 'Community') {
                             alert("$alerts{'inea'} $alerts{'youh'} "+numsec+" $alerts{'secs'}\\n$alerts{'plmo'}");
@@ -4882,25 +5111,36 @@ function setSections(formname,crstype) {
                             alert("$alerts{'inco'} $alerts{'youh'} "+numsec+" $alerts{'secs'}\\n$alerts{'plmo'}");
                         }
                         return;
-                    }
-                    else {
-                        if (numsplit != null) {
-                            for (var j=0; j<numsplit.length; j++) {
-                                if ((numsplit[j] == 'all') ||
-                                    (numsplit[j] == 'none')) {
-                                    alert("'"+numsplit[j]+"' $alerts{'mayn'}\\n$alerts{'plch'}");
+                    } else {
+                        if (validsecs != null) {
+                            for (var j=0; j<validsecs.length; j++) {
+                                if (validsecstr == '' || validsecstr == null) {
+                                    validsecstr = validsecs[j];
+                                } else {
+                                    validsecstr += ','+validsecs[j];
+                                }
+                                if ((validsecs[j] == 'all') ||
+                                    (validsecs[j] == 'none')) {
+                                    alert("'"+validsecs[j]+"' $alerts{'mayn'}\\n$alerts{'plch'}");
                                     return;
                                 }
                                 for (var k=0; k<groups.length; k++) {
-                                    if (numsplit[j] == groups[k]) {
-                                        alert("'"+numsplit[j]+"' $alerts{'mnot'}\\n$alerts{'secn'}");
+                                    if (validsecs[j] == groups[k]) {
+                                        alert("'"+validsecs[j]+"' $alerts{'mnot'}\\n$alerts{'secn'}");
                                         return;
                                     }
                                 }
                             }
                         }
-                        formname.elements[i+2].value = sections;
                     }
+                    if ((validsecstr != '') && (validsecstr != null)) {
+                        if ((sections == '') || (sections == null)) {
+                            sections = validsecstr;
+                        } else {
+                            sections = sections + "," + validsecstr;
+                        }
+                    }
+                    formname.elements[num+2].value = sections;
                 }
             }
         }
@@ -5025,22 +5265,14 @@ sub roles_by_context {
         if ($env{'request.role'} =~ m{^dc\./}) {
             push(@allroles,'ad');
         }
-        if (&Apache::loncommon::needs_gci_custom()) {
-            if ($crstype eq 'Community') {
-                push(@allroles,'co');
-            } else {
-                push(@allroles,'cc');
-            }
+        push(@allroles,('ta','ep','in'));
+        if ($crstype eq 'Community') {
+            push(@allroles,'co');
         } else {
-            push(@allroles,('ta','ep','in'));
-            if ($crstype eq 'Community') {
-                push(@allroles,'co');
-            } else {
-                push(@allroles,'cc');
-            }
-            if ($custom) {
-                push(@allroles,'cr');
-            }
+            push(@allroles,'cc');
+        }
+        if ($custom) {
+            push(@allroles,'cr');
         }
     } elsif ($context eq 'author') {
         @allroles = ('ca','aa');