--- loncom/interface/courseprefs.pm	2021/10/18 22:29:20	1.94
+++ loncom/interface/courseprefs.pm	2022/02/21 15:44:57	1.105
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Handler to set configuration settings for a course
 #
-# $Id: courseprefs.pm,v 1.94 2021/10/18 22:29:20 raeburn Exp $
+# $Id: courseprefs.pm,v 1.105 2022/02/21 15:44:57 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -52,12 +52,16 @@ This module is used for configuration of
 
 =item process_changes()
 
+=item process_linkprot()
+
 =item get_sec_str()
 
 =item check_clone()
 
 =item store_changes()
 
+=item store_linkprot()
+
 =item update_env()
 
 =item display_disallowed()
@@ -220,6 +224,7 @@ use Apache::lonparmset;
 use Apache::courseclassifier;
 use Apache::lonlocal;
 use LONCAPA qw(:DEFAULT :match);
+use Crypt::CBC;
 
 my $registered_cleanup;
 my $modified_courses;
@@ -365,14 +370,28 @@ sub handler {
     }
 
     my %values=&Apache::lonnet::dump('environment',$cdom,$cnum);
-    my %courselti=&Apache::lonnet::dump('lti',$cdom,$cnum,undef,undef,undef,1);
-    if ($courselti{'lock'}) {
-        delete($courselti{'lock'});
+    my %linkprot=&Apache::lonnet::dump('lti',$cdom,$cnum,undef,undef,undef,1);
+    my %ltienc = &Apache::lonnet::dump('nohist_ltienc',$cdom,$cnum,undef,undef,undef,1);
+    foreach my $id (keys(%linkprot)) {
+        if (ref($linkprot{$id}) eq 'HASH') {
+            if (ref($ltienc{$id}) eq 'HASH') {
+                $values{'linkprot'}{$id} = { %{$linkprot{$id}}, %{$ltienc{$id}} };
+            } else {
+                $values{'linkprot'}{$id} = $linkprot{$id};
+            }
+        }
+        unless ($phase eq 'process') {
+            if (ref($values{'linkprot'}{$id}) eq 'HASH') {
+                delete($values{'linkprot'}{$id}{'secret'});
+            }
+        }
+    }
+    if ($linkprot{'lock'}) {
+        delete($linkprot{'lock'});
     }
-    $values{'linkprotection'} = \%courselti;
     my @prefs_order = ('courseinfo','localization','feedback','discussion',
                        'classlists','appearance','grading','printouts',
-                       'menuitems','linkprotection','spreadsheet','bridgetasks',
+                       'menuitems','linkprot','spreadsheet','bridgetasks',
                        'lti','other');
 
     my %prefs = (
@@ -473,7 +492,7 @@ sub handler {
                      help => 'Course_Prefs_Display',
                      ordered => ['default_xml_style','pageseparators',
                                  'disable_receipt_display','texengine',
-                                 'tthoptions','uselcmath','usejsme'],
+                                 'tthoptions','uselcmath','usejsme','inline_chem'],
                       itemtext => {
                           default_xml_style       => 'Default XML style file',
                           pageseparators          => 'Visibly Separate Items on Pages',
@@ -482,6 +501,7 @@ sub handler {
                           tthoptions              => 'Default set of options to pass to tth/m when converting TeX',
                           uselcmath               => 'Student formula entry uses inline preview, not DragMath pop-up',
                           usejsme                 => 'Molecule editor uses JSME (HTML5) in place of JME (Java)',
+                          inline_chem             => 'Chemical reaction response uses inline preview, not pop-up',
                                   },
                   },
         'grading' =>
@@ -563,7 +583,7 @@ sub handler {
                          menucollections => 'Menu collections',
                                  },
                    },
-        'linkprotection' =>
+        'linkprot' =>
                    {
                      text => 'Link protection',
                      help => 'Course_Prefs_Linkprotection',
@@ -595,7 +615,7 @@ sub handler {
         my $jscript = &get_jscript($cid,$cdom,$phase,$crstype,\%values,$noedit);
         my @allitems = &get_allitems(%prefs);
         &Apache::lonconfigsettings::display_settings($r,$cdom,$phase,$context,
-            \@prefs_order,\%prefs,\%values,undef,$jscript,\@allitems,$crstype,
+            \@prefs_order,\%prefs,\%values,$cnum,$jscript,\@allitems,$crstype,
             'coursepref',$parm_permission);
     } else {
         &Apache::lonconfigsettings::display_choices($r,$phase,$context,
@@ -648,7 +668,7 @@ sub get_allitems {
 }
 
 sub print_config_box {
-    my ($r,$cdom,$phase,$action,$item,$settings,$allitems,$crstype,$parm_permission) = @_;
+    my ($r,$cdom,$cnum,$phase,$action,$item,$settings,$allitems,$crstype,$parm_permission) = @_;
     my $ordered = $item->{'ordered'};
     my $itemtext = $item->{'itemtext'};
     my $noedit;
@@ -778,8 +798,8 @@ sub print_config_box {
         $output .= &print_lti($cdom,$settings,$ordered,$itemtext,\$rowtotal,$crstype,$noedit);
     } elsif ($action eq 'menuitems') {
         $output .= &print_menuitems('bottom',$cdom,$settings,$itemtext,\$rowtotal,$crstype,$noedit);
-    } elsif ($action eq 'linkprotection') {
-        $output .= &print_linkprotection($cdom,$settings,\$rowtotal,$crstype,$noedit);
+    } elsif ($action eq 'linkprot') {
+        $output .= &print_linkprotection($cdom,$cnum,$settings,\$rowtotal,$crstype,$noedit,'course');
     } elsif ($action eq 'other') {
         $output .= &print_other($cdom,$settings,$allitems,\$rowtotal,$crstype,$noedit);
     }
@@ -793,7 +813,7 @@ sub print_config_box {
 
 sub process_changes {
     my ($cdom,$cnum,$action,$values,$item,$changes,$allitems,$disallowed,$crstype) = @_;
-    my (%newvalues,%courselti,$errors);
+    my (%newvalues,$errors);
     if (ref($item) eq 'HASH') {
         if (ref($changes) eq 'HASH') {
             my @ordered;
@@ -810,14 +830,11 @@ sub process_changes {
                         }
                     }
                 }
-            } elsif ($action eq 'linkprotection') {
-                if (ref($values->{'linkprotection'}) eq 'HASH') {
-                    foreach my $id (keys(%{$values->{'linkprotection'}})) {
+            } elsif ($action eq 'linkprot') {
+                if (ref($values->{$action}) eq 'HASH') {
+                    foreach my $id (keys(%{$values->{$action}})) {
                         if ($id =~ /^\d+$/) {
                             push(@ordered,$id);
-                            unless (ref($values->{'linkprotection'}->{$id}) eq 'HASH') {
-                                $courselti{$id} = '';
-                            }
                         }
                     }
                 }
@@ -962,77 +979,9 @@ sub process_changes {
                     } elsif ($values->{'menucollections'}) {
                         $changes->{'menucollections'} = '';
                     }
-                } elsif ($action eq 'linkprotection') {
-                    my %menutitles = &ltimenu_titles();
-                    my (@items,%deletions,%itemids,%haschanges);
-                    if ($env{'form.linkprot_add'}) {
-                        my $name = $env{'form.linkprot_name_add'};
-                        $name =~ s/(`)/'/g;
-                        my ($newid,$error) = &get_courselti_id($cdom,$cnum,$name);
-                        if ($newid) {
-                            $itemids{'add'} = $newid;
-                            push(@items,'add');
-                            $haschanges{$newid} = 1;
-                        } else {
-                            $errors .= '<span class="LC_error">'.
-                                       &mt('Failed to acquire unique ID for link protection').
-                                       '</span>';
-                        }
-                    }
-                    if (ref($values->{'linkprotection'}) eq 'HASH') {
-                        my @todelete = &Apache::loncommon::get_env_multiple('form.linkprot_del');
-                        my $maxnum = $env{'form.linkprot_maxnum'};
-                        for (my $i=0; $i<=$maxnum; $i++) {
-                            my $itemid = $env{'form.linkprot_id_'.$i};
-                            $itemid =~ s/\D+//g;
-                            if ($itemid) {
-                                if (ref($values->{'linkprotection'}->{$itemid}) eq 'HASH') {
-                                    push(@items,$i);
-                                    $itemids{$i} = $itemid;
-                                    if ((@todelete > 0) && (grep(/^$i$/,@todelete))) {
-                                        $deletions{$itemid} = $values->{'linkprotection'}->{$itemid}->{'name'};
-                                    }
-                                }
-                            }
-                        }
-                    }
-
-                    foreach my $idx (@items) {
-                        my $itemid = $itemids{$idx};
-                        next unless ($itemid);
-                        if (exists($deletions{$itemid})) {
-                            $courselti{$itemid} = $deletions{$itemid};
-                            $haschanges{$itemid} = 1;
-                            next;
-                        }
-                        my %current;
-                        if (ref($values->{'linkprotection'}) eq 'HASH') {
-                            if (ref($values->{'linkprotection'}->{$itemid}) eq 'HASH') {
-                                foreach my $key (keys(%{$values->{'linkprotection'}->{$itemid}})) {
-                                    $current{$key} = $values->{'linkprotection'}->{$itemid}->{$key};
-                                }
-                            }
-                        }
-                        foreach my $inner ('name','key','secret','lifetime','version') {
-                            my $formitem = 'form.linkprot_'.$inner.'_'.$idx;
-                            $env{$formitem} =~ s/(`)/'/g;
-                            if ($inner eq 'lifetime') {
-                                $env{$formitem} =~ s/[^\d.]//g;
-                            }
-                            unless ($idx eq 'add') {
-                                if ($current{$inner} ne $env{$formitem}) {
-                                    $haschanges{$itemid} = 1;
-                                }
-                            }
-                            if ($env{$formitem} ne '') {
-                                $courselti{$itemid}{$inner} = $env{$formitem};
-                            }
-                        }
-                    }
-                    if (keys(%haschanges)) {
-                        foreach my $entry (keys(%haschanges)) {
-                            $changes->{$entry} = $courselti{$entry};
-                        }
+                } elsif ($action eq 'linkprot') {
+                    if (ref($values) eq 'HASH') {
+                        $errors = &process_linkprot($cdom,$cnum,$values->{$action},$changes,'course');
                     }
                 } else {
                     foreach my $entry (@ordered) {
@@ -1163,7 +1112,9 @@ sub process_changes {
                                         $autocoowner = $domconf{'autoenroll'}{'co-owners'};
                                     }
                                 }
-                                unless ($autocoowner) {
+                                if ($autocoowner) {
+                                    $newvalues{'co-owners'} = $values->{'internal.co-owners'}; 
+                                } else {
                                     my @keepcoowners = &Apache::loncommon::get_env_multiple('form.coowners');
                                     my @pendingcoowners = &Apache::loncommon::get_env_multiple('form.pendingcoowners');
                                     my @invitecoowners =  &Apache::loncommon::get_env_multiple('form.invitecoowners');
@@ -1208,6 +1159,8 @@ sub process_changes {
                                     if ($pendingcoowners ne '') {
                                         @newpending = @pendingcoown;
                                     }
+                                } else {
+                                    @newcoown = @currcoown;
                                 }
                                 $newvalues{'pendingco-owners'} = join(',',sort(@newpending));
                                 $newvalues{'co-owners'} = join(',',sort(@newcoown));
@@ -1523,23 +1476,237 @@ sub process_changes {
     return $errors;
 }
 
-sub get_courselti_id {
-    my ($cdom,$cnum,$name) = @_;
-    # get lock on lti db in course
+sub process_linkprot {
+    my ($cdom,$cnum,$values,$changes,$context) = @_;
+    my ($home,$dest,$ltiauth,$privkey,$privnum,$cipher,$errors,%linkprot);
+    if (ref($values) eq 'HASH') {
+        foreach my $id (keys(%{$values})) {
+            if ($id =~ /^\d+$/) {
+                unless (ref($values->{$id}) eq 'HASH') {
+                    $linkprot{$id} = '';
+                }
+            }
+        }
+    }
+    my %domdefs = &Apache::lonnet::get_domain_defaults($cdom);
+    my @ids=&Apache::lonnet::current_machine_ids();
+    if ($context eq 'domain') {
+        $home = &Apache::lonnet::domain($cdom,'primary');
+    } else {
+        $home = &Apache::lonnet::homeserver($cnum,$cdom);
+    }
+    if ((($context eq 'domain') && ($domdefs{'linkprotenc_dom'})) ||
+        (($context eq 'course') && ($domdefs{'linkprotenc_crs'}))) {
+        unless (($home eq 'no_host') || ($home eq '')) {
+            if (grep(/^\Q$home\E$/,@ids)) {
+                if (ref($domdefs{'privhosts'}) eq 'ARRAY') {
+                    if (grep(/^\Q$home\E$/,@{$domdefs{'privhosts'}})) {
+                        my %privhash  = &Apache::lonnet::restore_dom('lti','private',$cdom,$home,1);
+                        $privkey = $privhash{'key'};
+                        $privnum = $privhash{'version'};
+                        if (($privnum) && ($privkey ne '')) {
+                            $cipher = Crypt::CBC->new({'key'     => $privkey,
+                                                       'cipher'  => 'DES'});
+                        }
+                    }
+                }
+            }
+        }
+    }
+    if ($context eq 'domain') {
+        $dest = '/adm/domainprefs';
+        $ltiauth = 1;
+    } else {
+        $dest = '/adm/courseprefs';
+        if (exists($env{'course.'.$env{'request.course.id'}.'.internal.ltiauth'})) {
+            $ltiauth = $env{'course.'.$env{'request.course.id'}.'.internal.ltiauth'};
+        } else {
+            my %domdefs = &Apache::lonnet::get_domain_defaults($cdom);
+            $ltiauth = $domdefs{'crsltiauth'};
+        }
+    }
+    my $switchserver = &check_switchserver($cdom,$cnum,$context,$dest);
+    my (@items,%deletions,%itemids,%haschanges);
+    if ($env{'form.linkprot_add'}) {
+        my $name = $env{'form.linkprot_name_add'};
+        $name =~ s/(`)/'/g;
+        my ($newid,$error) = &get_linkprot_id($cdom,$cnum,$name,$context);
+        if ($newid) {
+            $itemids{'add'} = $newid;
+            push(@items,'add');
+            $haschanges{$newid} = 1;
+        } else {
+            $errors .= '<span class="LC_error">'.
+                       &mt('Failed to acquire unique ID for link protection').
+                       '</span>';
+        }
+    }
+    if (ref($values) eq 'HASH') {
+        my @todelete = &Apache::loncommon::get_env_multiple('form.linkprot_del');
+        my $maxnum = $env{'form.linkprot_maxnum'};
+        for (my $i=0; $i<=$maxnum; $i++) {
+            my $itemid = $env{'form.linkprot_id_'.$i};
+            $itemid =~ s/\D+//g;
+            if ($itemid) {
+                if (ref($values->{$itemid}) eq 'HASH') {
+                    push(@items,$i);
+                    $itemids{$i} = $itemid;
+                    if ((@todelete > 0) && (grep(/^$i$/,@todelete))) {
+                        $deletions{$itemid} = $values->{$itemid}->{'name'};
+                    }
+                }
+            }
+        }
+    }
+    foreach my $idx (@items) {
+        my $itemid = $itemids{$idx};
+        next unless ($itemid);
+        if (exists($deletions{$itemid})) {
+            $linkprot{$itemid} = $deletions{$itemid};
+            $haschanges{$itemid} = 1;
+            next;
+        }
+        my %current;
+        if (ref($values) eq 'HASH') {
+            if (ref($values->{$itemid}) eq 'HASH') {
+                foreach my $key (keys(%{$values->{$itemid}})) {
+                    $current{$key} = $values->{$itemid}->{$key};
+                }
+            }
+        }
+        foreach my $inner ('name','lifetime','version') {
+            my $formitem = 'form.linkprot_'.$inner.'_'.$idx;
+            $env{$formitem} =~ s/(`)/'/g;
+            if ($inner eq 'lifetime') {
+                $env{$formitem} =~ s/[^\d.]//g;
+            }
+            unless ($idx eq 'add') {
+                if ($current{$inner} ne $env{$formitem}) {
+                    $haschanges{$itemid} = 1;
+                }
+            }
+            if ($env{$formitem} ne '') {
+                $linkprot{$itemid}{$inner} = $env{$formitem};
+            }
+        }
+        if ($ltiauth) {
+            my $reqitem = 'form.linkprot_requser_'.$idx;
+            $env{$reqitem} =~ s/(`)/'/g;
+            unless ($idx eq 'add') {
+                if ((!$current{'requser'} && $env{$reqitem}) ||
+                    ($current{'requser'} && !$env{$reqitem})) {
+                    $haschanges{$itemid} = 1;
+                }
+            }
+            if ($env{$reqitem} == 1) {
+                $linkprot{$itemid}{'requser'} = $env{$reqitem};
+                foreach my $inner ('mapuser','notstudent') {
+                    my $formitem = 'form.linkprot_'.$inner.'_'.$idx;
+                    $env{$formitem} =~ s/(`)/'/g;
+                    if ($inner eq 'mapuser') {
+                        if ($env{$formitem} eq 'other') {
+                            my $mapuser = $env{'form.linkprot_customuser_'.$idx};
+                            $mapuser =~ s/(`)/'/g;
+                            $mapuser =~ s/^\s+|\s+$//g;
+                            if ($mapuser ne '') {
+                                $linkprot{$itemid}{$inner} = $mapuser;
+                            } else {
+                                delete($linkprot{$itemid}{'requser'});
+                                last;
+                            }
+                        } elsif ($env{$formitem} eq 'sourcedid') {
+                            $linkprot{$itemid}{$inner} = 'lis_person_sourcedid';
+                        } elsif ($env{$formitem} eq 'email') {
+                            $linkprot{$itemid}{$inner} = 'lis_person_contact_email_primary';
+                        }
+                    } else {
+                        $linkprot{$itemid}{$inner} = $env{$formitem};
+                    }
+                    unless ($idx eq 'add') {
+                        if ($current{$inner} ne $linkprot{$itemid}{$inner}) {
+                            $haschanges{$itemid} = 1;
+                        }
+                    }
+                }
+            }
+        }
+        unless ($switchserver) {
+            my $keyitem = 'form.linkprot_key_'.$idx;
+            $env{$keyitem} =~ s/(`)/'/g;
+            unless ($idx eq 'add') {
+                if ($current{'key'} ne $env{$keyitem}) {
+                    $haschanges{$itemid} = 1;
+                }
+            }
+            if ($env{$keyitem} ne '') {
+                $linkprot{$itemid}{'key'} = $env{$keyitem};
+            }
+            my $secretitem = 'form.linkprot_secret_'.$idx;
+            $env{$secretitem} =~ s/(`)/'/g;
+            if ($current{'usable'}) {
+                if ($env{'form.linkprot_changesecret_'.$idx}) {
+                    if ($env{$secretitem} ne '') {
+                        if ($privnum && $cipher) {
+                            $linkprot{$itemid}{'secret'} = $cipher->encrypt_hex($env{$secretitem});
+                            $linkprot{$itemid}{'cipher'} = $privnum;
+                        } else {
+                            $linkprot{$itemid}{'secret'} = $env{$secretitem};
+                        }
+                        $haschanges{$itemid} = 1;
+                    }
+                } else {
+                    $linkprot{$itemid}{'secret'} = $current{'secret'};
+                }
+            } elsif ($env{$secretitem} ne '') {
+                if ($privnum && $cipher) {
+                    $linkprot{$itemid}{'secret'} = $cipher->encrypt_hex($env{$secretitem});
+                    $linkprot{$itemid}{'cipher'} = $privnum;
+                } else {
+                    $linkprot{$itemid}{'secret'} = $env{$secretitem};
+                }
+                $haschanges{$itemid} = 1;
+            }
+        }
+    }
+    if (keys(%haschanges)) {
+        foreach my $entry (keys(%haschanges)) {
+            $changes->{$entry} = $linkprot{$entry};
+        }
+    }
+    return $errors;
+}
+
+sub get_linkprot_id {
+    my ($cdom,$cnum,$name,$context) = @_;
+    # get lock on lti db in course or linkprot db in domain
     my $lockhash = {
                       lock => $env{'user.name'}.
                               ':'.$env{'user.domain'},
                    };
     my $tries = 0;
-    my $gotlock = &Apache::lonnet::newput('lti',$lockhash,$cdom,$cnum);
+    my $gotlock;
+    if ($context eq 'domain') {
+        $gotlock = &Apache::lonnet::newput_dom('linkprot',$lockhash,$cdom);
+    } else {
+        $gotlock = &Apache::lonnet::newput('lti',$lockhash,$cdom,$cnum);
+    }
     my ($id,$error);
     while (($gotlock ne 'ok') && ($tries<10)) {
         $tries ++;
         sleep (0.1);
-        $gotlock = &Apache::lonnet::newput('lti',$lockhash,$cdom,$cnum);
+        if ($context eq 'domain') {
+            $gotlock = &Apache::lonnet::newput_dom('linkprot',$lockhash,$cdom); 
+        } else {
+            $gotlock = &Apache::lonnet::newput('lti',$lockhash,$cdom,$cnum);
+        }
     }
     if ($gotlock eq 'ok') {
-        my %currids  = &Apache::lonnet::dump('lti',$cdom,$cnum,undef,undef,undef,1);
+        my %currids;
+        if ($context eq 'domain') {
+            %currids = &Apache::lonnet::dump_dom('linkprot',$cdom);
+        } else {
+            %currids  = &Apache::lonnet::dump('lti',$cdom,$cnum,undef,undef,undef,1);
+        }
         if ($currids{'lock'}) {
             delete($currids{'lock'});
             if (keys(%currids)) {
@@ -1553,14 +1720,25 @@ sub get_courselti_id {
                 $id = 1;
             }
             if ($id) {
-                unless (&Apache::lonnet::newput('lti',{ $id => $name },$cdom,$cnum) eq 'ok') {
-                    $error = 'nostore';
+                if ($context eq 'domain') {
+                     unless (&Apache::lonnet::newput_dom('linkprot',{ $id => $name },$cdom) eq 'ok') {
+                         $error = 'nostore';
+                     }
+                } else {
+                    unless (&Apache::lonnet::newput('lti',{ $id => $name },$cdom,$cnum) eq 'ok') {
+                        $error = 'nostore';
+                    }
                 }
             } else {
                 $error = 'nonumber';
             }
         }
-        my $dellockoutcome = &Apache::lonnet::del('lti',['lock'],$cdom,$cnum);
+        my $dellockoutcome; 
+        if ($context eq 'domain') {
+            $dellockoutcome = &Apache::lonnet::del_dom('linkprot',['lock'],$cdom);
+        } else {
+            $dellockoutcome = &Apache::lonnet::del('lti',['lock'],$cdom,$cnum);
+        }
     } else {
         $error = 'nolock';
     }
@@ -1611,10 +1789,10 @@ sub store_changes {
     my ($chome,$output);
     my (%storehash,@delkeys,@need_env_update,@oldcloner,%oldlinkprot);
     if ((ref($values) eq 'HASH') && (ref($changes) eq 'HASH')) {
-        if (ref($values->{'linkprotection'}) eq 'HASH') {
-            %oldlinkprot = %{$values->{'linkprotection'}};
+        if (ref($values->{'linkprot'}) eq 'HASH') {
+            %oldlinkprot = %{$values->{'linkprot'}};
         }
-        delete($values->{'linkprotection'});
+        delete($values->{'linkprot'});
         %storehash = %{$values};
     } else {
         if ($crstype eq 'Community') {
@@ -1627,7 +1805,7 @@ sub store_changes {
     my ($numchanges,$skipstore);
     if (ref($changes) eq 'HASH') {
         $numchanges = scalar(keys(%{$changes}));
-        if (($numchanges == 1) && (exists($changes->{'linkprotection'}))) {
+        if (($numchanges == 1) && (exists($changes->{'linkprot'}))) {
             $skipstore = 1;
         } elsif (!$numchanges) {
             if ($crstype eq 'Community') {
@@ -1650,7 +1828,7 @@ sub store_changes {
         if (grep(/^\Q$item\E$/,@{$actions})) {
             $output .= '<h3>'.&mt($prefs->{$item}{'text'}).'</h3>';
             if (ref($changes->{$item}) eq 'HASH') {
-                if ((keys(%{$changes->{$item}}) > 0) || ($item eq 'linkprotection')) {
+                if (keys(%{$changes->{$item}}) > 0) {
                     $output .= &mt('Changes made:').'<ul style="list-style:none;">';
                     if ($item eq 'other') {
                         foreach my $key (sort(keys(%{$changes->{$item}}))) {
@@ -1663,41 +1841,8 @@ sub store_changes {
                                            "'$storehash{$key}'")).'</li>';
                             }
                         }
-                    } elsif ($item eq 'linkprotection') {
-                        if (&Apache::lonnet::put('lti',$changes->{'linkprotection'},$cdom,$cnum,1) eq 'ok') {
-                            my $hashid=$cdom.'_'.$cnum;
-                            &Apache::lonnet::devalidate_cache_new('courselti',$hashid);
-                            foreach my $itemid (sort { $a <=> $b } %{$changes->{'linkprotection'}}) {
-                                if (ref($changes->{'linkprotection'}->{$itemid}) eq 'HASH') {
-                                    my %values = %{$changes->{'linkprotection'}->{$itemid}};
-                                    my %desc = &linkprot_names();
-                                    my $display;
-                                    foreach my $title ('name','lifetime','version','key','secret') {
-                                        if ($title eq 'secret') {
-                                            my $length = length($values{$title});
-                                            $display .= $desc{$title}.': '.('*' x $length);
-                                        } elsif ($title eq 'version') {
-                                            if ($values{$title} eq 'LTI-1p0') {
-                                                $display .= $desc{$title}.': 1.1, ';
-                                            }
-                                        } else {
-                                            $display .= $desc{$title}.': '.$values{$title}.', ';
-                                        }
-                                    }
-                                    $output .= '<li>'.&Apache::lonhtmlcommon::confirm_success(&mt('[_1] set to [_2]','<i>'.$itemid.'</i>',
-                                               "'$display'")).'</li>';
-                                } elsif (ref($oldlinkprot{$itemid}) eq 'HASH') {
-                                    my $oldname = $oldlinkprot{$itemid}{'name'};
-                                    $output .= '<li>'.&Apache::lonhtmlcommon::confirm_success(&mt('Deleted setting for [_1]','<i>'."$itemid ($oldname)".'</i>')).'</li>';
-                                }
-                            }
-                        } else {
-                            $output .= '<li>'.
-                                       '<span class="LC_error">'.
-                                       &mt('An error occurred when saving changes to link protection settings, which remain unchanged.').
-                                       '</span>'.
-                                       '</li>';
-                        }
+                    } elsif ($item eq 'linkprot') {
+                        $output .= &store_linkprot($cdom,$cnum,'course',$changes->{$item},\%oldlinkprot);
                     } else {
                         if (ref($prefs->{$item}->{'ordered'}) eq 'ARRAY') {
                             my @settings = @{$prefs->{$item}->{'ordered'}};
@@ -1852,7 +1997,8 @@ sub store_changes {
                                         $displayval = &Apache::lonlocal::locallocaltime($displayval);
                                     } elsif ($key eq 'categories') {
                                         $displayval = $env{'form.categories_display'};
-                                    } elsif (($key eq 'canuse_pdfforms') || ($key eq 'usejsme') || ($key eq 'uselcmath')) {
+                                    } elsif (($key eq 'canuse_pdfforms') || ($key eq 'usejsme') ||
+                                             ($key eq 'uselcmath') || ($key eq 'inline_chem')) {
                                         if ($changes->{$item}{$key} eq '1') {
                                             $displayval = &mt('Yes');
                                         } elsif ($changes->{$item}{$key} eq '0') {
@@ -2030,6 +2176,157 @@ sub store_changes {
     return $output;
 }
 
+sub store_linkprot {
+    my ($cdom,$cnum,$context,$changes,$oldlinkprot) = @_;
+    my ($ltiauth,$home,$lti_save_error,$output,$error,%ltienc,@deletions);
+    if ($context eq 'domain') {
+        $ltiauth = 1;
+        $home = &Apache::lonnet::domain($cdom,'primary');
+    } else {
+        $home = &Apache::lonnet::homeserver($cnum,$cdom);
+        if (exists($env{'course.'.$env{'request.course.id'}.'.internal.ltiauth'})) {
+            $ltiauth = $env{'course.'.$env{'request.course.id'}.'.internal.ltiauth'};
+        } else {
+            my %domdefs = &Apache::lonnet::get_domain_defaults($cdom);
+            $ltiauth = $domdefs{'crsltiauth'};
+        }
+    }
+    if (ref($changes) eq 'HASH') {
+        foreach my $id (sort { $a <=> $b } keys(%{$changes})) {
+            if (ref($changes->{$id}) eq 'HASH') {
+                if (exists($changes->{$id}->{'key'})) {
+                    $ltienc{$id}{'key'} = $changes->{$id}->{'key'};
+                    delete($changes->{$id}->{'key'});
+                }
+                if (exists($changes->{$id}->{'secret'})) {
+                    $ltienc{$id}{'secret'} = $changes->{$id}->{'secret'};
+                    delete($changes->{$id}->{'secret'});
+                } elsif (ref($oldlinkprot->{$id}) eq 'HASH') {
+                    if (exists($oldlinkprot->{$id}{'usable'})) {
+                        $changes->{$id}->{'usable'} = 1;
+                    }
+                }
+            }
+        }
+    }
+    my @ids=&Apache::lonnet::current_machine_ids();
+    if (keys(%ltienc) > 0) {
+        if ($context eq 'domain') {
+            foreach my $id (keys(%ltienc)) {
+                if (exists($ltienc{$id}{'secret'})) {
+                    $changes->{$id}->{'usable'} = 1;
+                }
+            }
+        } else {
+            unless (($home eq 'no_host') || ($home eq '')) {
+                my $allowed;
+                foreach my $id (@ids) { if ($id eq $home) { $allowed=1; } }
+                if ($allowed) {
+                    if (&Apache::lonnet::put('nohist_ltienc',\%ltienc,$cdom,$cnum,1) eq 'ok') {
+                        foreach my $id (keys(%ltienc)) {
+                            if (exists($ltienc{$id}{'secret'})) {
+                                $changes->{$id}->{'usable'} = 1;
+                            }
+                        }
+                    } else {
+                        $lti_save_error = 1;
+                    }
+                }
+            }
+        }
+    }
+    unless ($lti_save_error) {
+        if ($context eq 'course') {
+            if (&Apache::lonnet::put('lti',$changes,$cdom,$cnum,1) eq 'ok') {
+                my $hashid=$cdom.'_'.$cnum;
+                &Apache::lonnet::devalidate_cache_new('courselti',$hashid);
+                unless (($home eq 'no_host') || ($home eq '')) {
+                    if (grep(/^\Q$home\E$/,@ids)) {
+                        &Apache::lonnet::devalidate_cache_new('courseltienc',$hashid);
+                    }
+                }
+            } else {
+                $lti_save_error = 1;
+            }
+        }
+        unless ($lti_save_error) {
+            foreach my $id (sort { $a <=> $b } %{$changes}) {
+                if (ref($changes->{$id}) eq 'HASH') {
+                    my %values = %{$changes->{$id}};
+                    my %desc = &linkprot_names();
+                    my $display;
+                    foreach my $title ('name','lifetime','version','key','secret') {
+                        if (($title eq 'key') || ($title eq 'secret')) {
+                            if (ref($ltienc{$id}) eq 'HASH') {
+                                if (exists($ltienc{$id}{$title})) {
+                                    if ($title eq 'secret') {
+                                        my $length = length($ltienc{$id}{$title});
+                                        $display .= $desc{$title}.': ['.&mt('not shown').'], ';
+                                    } else {
+                                        $display .= $desc{$title}.': '.$ltienc{$id}{$title}.', ';
+                                    }
+                                }
+                            }
+                        } elsif ($title eq 'version') {
+                            if ($values{$title} eq 'LTI-1p0') {
+                                $display .= $desc{$title}.': 1.1, ';
+                            }
+                        } else {
+                            $display .= $desc{$title}.': '.$values{$title}.', ';
+                        }
+                    }
+                    if ($ltiauth) {
+                        if (($values{'requser'}) && ($values{'mapuser'} ne '')) {
+                            if ($values{'mapuser'} eq 'lis_person_contact_email_primary') {
+                                $display .= &mt('Source of username: Email address [_1]',
+                                                '(lis_person_contact_email_primary)').', ';
+                            } elsif ($values{'mapuser'} eq 'lis_person_sourcedid') {
+                                $display .= &mt('Source of username: User ID [_1]',
+                                                '(lis_person_sourcedid)').', ';
+                            } else {
+                                $display .= &mt('Source of username: [_1]',$values{'mapuser'}).', ';
+                            }
+                            if ($values{'notstudent'} eq 'auth') {
+                                $display .= &mt('Display LON-CAPA login page if no match').', ';
+                            } elsif ($values{'notstudent'} eq 'reject') {
+                                $display .= &mt('Discontinue launch if no match').', ';
+                            }
+                        }
+                    }
+                    $display =~ s/, $//;
+                    $output .= '<li>'.&Apache::lonhtmlcommon::confirm_success(&mt('[_1] set to [_2]','<i>'.$id.'</i>',
+                                                                              "'$display'")).'</li>';
+                } elsif (ref($oldlinkprot->{$id}) eq 'HASH') {
+                    my $oldname = $oldlinkprot->{$id}{'name'};
+                    $output .= '<li>'.&Apache::lonhtmlcommon::confirm_success(&mt('Deleted setting for [_1]','<i>'."$id ($oldname)".'</i>')).'</li>';
+                }
+            }
+        } else {
+            $lti_save_error = 1;
+        }
+    }
+    unless ($lti_save_error) {
+        foreach my $id (sort { $a <=> $b } keys(%{$changes})) {
+            unless (ref($changes->{$id}) eq 'HASH') {
+                push(@deletions,$id);
+            }
+        }
+        if (@deletions) {
+            if ($context eq 'course') {
+                &Apache::lonnet::del('nohist_ltienc',\@deletions,$cdom,$cnum);
+            }
+        }
+    }
+    if ($lti_save_error) {
+        $output .= '<li>'.
+                   '<span class="LC_error">'.
+                   &mt('An error occurred when saving changes to link protection settings, which remain unchanged.').
+                   '</span>'.
+                   '</li>';
+    }
+    return $output;
+}
+
 sub update_env {
     my ($cnum,$cdom,$chome,$need_env_update,$storehash)  = @_;
     my $count = 0;
@@ -2373,7 +2670,8 @@ ENDSCRIPT
                '// <![CDATA['."\n".  
                $browse_js."\n".$categorize_js."\n".$loncaparev_js."\n".
                $cloners_js."\n".$instcode_js.
-               $syllabus_js."\n".$menuitems_js."\n".'//]]>'."\n".
+               $syllabus_js."\n".$menuitems_js."\n".
+               &linkprot_javascript()."\n".'//]]>'."\n".
                '</script>'."\n".$stubrowse_js."\n";
     return $jscript;
 }
@@ -2459,6 +2757,68 @@ function getIndexByName(item) {
 ENDSCRIPT
 }
 
+sub linkprot_javascript {
+    return <<"ENDSCRIPT";
+function toggleLinkProt(form,num,item) {
+    var radioname = '';
+    var currdivid = '';
+    var newdivid = '';
+    if ((document.getElementById('linkprot_divcurr'+item+'_'+num)) &&
+        (document.getElementById('linkprot_divchg'+item+'_'+num))) {
+        currdivid = document.getElementById('linkprot_divcurr'+item+'_'+num);
+        newdivid = document.getElementById('linkprot_divchg'+item+'_'+num);
+        radioname = form.elements['linkprot_change'+item+'_'+num];
+        if (radioname) {
+            if (radioname.length > 0) {
+                var setvis;
+                for (var i=0; i<radioname.length; i++) {
+                    if (radioname[i].checked == true) {
+                        if (radioname[i].value == 1) {
+                            newdivid.style.display = 'inline-block';
+                            currdivid.style.display = 'none';
+                            setvis = 1;
+                        }
+                        break;
+                    }
+                }
+                if (!setvis) {
+                    newdivid.style.display = 'none';
+                    currdivid.style.display = 'inline-block';
+                }
+            }
+        }
+    }
+    return;
+}
+
+function toggleLinkProtReqUser(form,item,extra,valon,styleon,num) {
+    if (document.getElementById('linkprot_'+extra+'_'+num)) {
+        var extraid = document.getElementById('linkprot_'+extra+'_'+num);
+        var itemname = form.elements['linkprot_'+item+'_'+num];
+        if (itemname) {
+            if (itemname.length > 0) {
+                var setvis;
+                for (var i=0; i<itemname.length; i++) {
+                    if (itemname[i].checked == true) {
+                        if (itemname[i].value == valon) {
+                            extraid.style.display = styleon;
+                            setvis = 1;
+                        }
+                        break;
+                    }
+                }
+                if (!setvis) {
+                    extraid.style.display = 'none';
+                }
+            }
+        }
+    }
+    return;
+}
+ENDSCRIPT
+
+}
+
 
 sub print_courseinfo {
     my ($cdom,$settings,$ordered,$itemtext,$rowtotal,$crstype,$noedit) = @_;
@@ -3804,7 +4164,7 @@ sub coowner_invitations {
         @pendingcoown = split(',',$pendingcoowners);
     }
     if (ref($currcoownref) eq 'ARRAY') {
-        @currcoown == @{$currcoownref};
+        @currcoown = @{$currcoownref};
     }
     my $disabled;
     if ($noedit) {
@@ -3868,7 +4228,7 @@ sub manage_coownership  {
         @pendingcoown = split(',',$pendingcoowners);
     }
     if (ref($currcoownref) eq 'ARRAY') {
-        @currcoown == @{$currcoownref};
+        @currcoown = @{$currcoownref};
     }
     my $disabled;
     if ($noedit) {
@@ -4671,6 +5031,10 @@ sub print_appearance {
                    text => '<b>'.&mt($itemtext->{'usejsme'}).'</b>',
                    input => 'radio',
                  },
+         'inline_chem' => {
+                   text => '<b>'.&mt($itemtext->{'inline_chem'}).'</b>',
+                   input => 'radio',
+                 },
     );
     return &make_item_rows($cdom,\%items,$ordered,$settings,$rowtotal,$crstype,'appearance',$noedit);
 }
@@ -5258,30 +5622,60 @@ sub menucollections_display {
 }
 
 sub print_linkprotection {
-    my ($cdom,$settings,$rowtotal,$crstype,$noedit) = @_;
-    unless (ref($settings) eq 'HASH') {
-        return;
-    }
+    my ($cdom,$cnum,$settings,$rowtotal,$crstype,$noedit,$context) = @_;
 
     my %linkprotection;
     my $count = 0;
     my $next = 1;
-    my ($datatable,$disabled,$css_class);
+    my ($datatable,$disabled,$css_class,$dest);
     if ($noedit) {
         $disabled = ' disabled="disabled"';
     }
-    my %lt = &linkprot_names();
+    my %desc = &linkprot_names();
+    my %lt = &Apache::lonlocal::texthash (
+       'requ'      => 'Required settings',
+       'opti'      => 'Optional settings',
+    );
     my $itemcount = 0;
 
-    if (ref($settings->{'linkprotection'}) eq 'HASH') {
-        if (keys(%{$settings->{'linkprotection'}})) {
-            my @current = sort { $a <=> $b } keys(%{$settings->{'linkprotection'}});
+    my $ltiauth;
+    if ($context eq 'domain') {
+        $ltiauth = 1;
+    } else {
+        if (exists($env{'course.'.$env{'request.course.id'}.'.internal.ltiauth'})) {
+            $ltiauth = $env{'course.'.$env{'request.course.id'}.'.internal.ltiauth'};
+        } else {
+            my %domdefs = &Apache::lonnet::get_domain_defaults($cdom);
+            $ltiauth = $domdefs{'crsltiauth'};
+        }
+    }
+    if ($context eq 'domain') {
+        $dest = '/adm/domainprefs';
+    } else {
+        $dest = '/adm/courseprefs';
+    }
+    
+    my ($switchserver,$switchmessage);
+    $switchserver = &check_switchserver($cdom,$cnum,$context,$dest);
+    if ($switchserver) {
+        if ($context eq 'domain') {
+            $switchmessage = &mt("submit from domain's primary library server: [_1].",$switchserver);  
+        } elsif ($crstype eq 'Community') {
+           $switchmessage = &mt("submit from community's home server: [_1].",$switchserver);
+        } else {
+            $switchmessage = &mt("submit from course's home server: [_1].",$switchserver);
+        }
+    }
+
+    if ((ref($settings) eq 'HASH') && (ref($settings->{'linkprot'}) eq 'HASH')) {
+        if (keys(%{$settings->{'linkprot'}})) {
+            my @current = sort { $a <=> $b } keys(%{$settings->{'linkprot'}});
             $next += $current[-1];
             for (my $i=0; $i<@current; $i++) {
                 my $num = $current[$i];
                 my %values;
-                if (ref($settings->{'linkprotection'}->{$num}) eq 'HASH') {
-                    %values = %{$settings->{'linkprotection'}->{$num}};
+                if (ref($settings->{'linkprot'}->{$num}) eq 'HASH') {
+                    %values = %{$settings->{'linkprot'}->{$num}};
                 } else {
                     next;
                 }
@@ -5293,24 +5687,101 @@ sub print_linkprotection {
                 $datatable .=
                     '<tr '.$css_class.'><td><span class="LC_nobreak">'.
                     '<label><input type="checkbox" name="linkprot_del" value="'.$i.'"'.$disabled.' />'.
-                    &mt('Delete?').'</label></span></td>'.
-                    '<td><span class="LC_nobreak">'.$lt{'name'}.
-                    ':<input type="text" size="15" name="linkprot_name_'.$i.'" value="'.$values{'name'}.'"'.$disabled.' /></span> '.
+                    &mt('Delete?').'</label></span></td><td>';
+                my ($usersty,$onclickrequser,%checkedrequser);
+                if ($ltiauth) {
+                    $usersty = 'display:none';
+                    $onclickrequser = ' onclick="toggleLinkProtReqUser(this.form,'."'requser','optional','1','block','$i'".');"';
+                    %checkedrequser = (
+                        no => ' checked="checked"',
+                        yes  => '',
+                    );
+                    if ($values{'requser'}) {
+                        $checkedrequser{'yes'} = $checkedrequser{'no'};
+                        $checkedrequser{'no'} = '';
+                    }
+                    $datatable .= '<fieldset><legend>'.$lt{'requ'}.'</legend>';
+                    if ($values{'requser'}) { 
+                        $usersty = 'display:inline-block';
+                    }
+                }
+                $datatable .=
+                    '<span class="LC_nobreak">'.$desc{'name'}.
+                    ':<input type="text" size="15" name="linkprot_name_'.$i.'" value="'.$values{'name'}.'" autocomplete="off"'.$disabled.' /></span> '.
                     ('&nbsp;'x2).
-                    '<span class="LC_nobreak">'.$lt{'version'}.':<select name="linkprot_version_'.$i.'">'.
+                    '<span class="LC_nobreak">'.$desc{'version'}.':<select name="linkprot_version_'.$i.'"'.$disabled.'>'.
                     '<option value="LTI-1p0" '.$selected.'>1.1</option></select></span> '."\n".
                     ('&nbsp;'x2).
-                    '<span class="LC_nobreak">'.$lt{'lifetime'}.':<input type="text" name="linkprot_lifetime_'.$i.'"'.
-                    'value="'.$values{'lifetime'}.'" size="3"'.$disabled.' /></span>'.
-                    '<br /><br />'.
-                    '<span class="LC_nobreak">'.$lt{'key'}.
-                    ':<input type="text" size="25" name="linkprot_key_'.$i.'" value="'.$values{'key'}.'"'.$disabled.' /></span> '.
-                    ('&nbsp;'x2).
-                    '<span class="LC_nobreak">'.$lt{'secret'}.':'.
-                    '<input type="password" size="20" name="linkprot_secret_'.$i.'" value="'.$values{'secret'}.'"'.$disabled.' />'.
-                    '<label><input type="checkbox" name="visible" onclick="if (this.checked) { this.form.linkprot_secret_'.$i.'.type='."'text'".' } else { this.form.linkprot_secret_'.$i.'.type='."'password'".' }" />'.&mt('Visible input').'</label>'.
-                    '<input type="hidden" name="linkprot_id_'.$i.'" value="'.$num.'" /></span>'.
-                    '</td></tr>';
+                    '<span class="LC_nobreak">'.$desc{'lifetime'}.':<input type="text" name="linkprot_lifetime_'.$i.'"'.
+                    ' value="'.$values{'lifetime'}.'" size="3"'.$disabled.' /></span>';
+                if ($ltiauth) {
+                    $datatable .= ('&nbsp;'x2).'<span class="LC_nobreak">'.$desc{'requser'}.'?'.
+                                  '<label><input type="radio" name="linkprot_requser_'.$i.'" value="0"'.
+                                  $onclickrequser.$checkedrequser{'no'}.$disabled.' />'.&mt('No').'</label>&nbsp;'.
+                                  '<label><input type="radio" name="linkprot_requser_'.$i.'" value="1"'.
+                                  $onclickrequser.$checkedrequser{'yes'}.$disabled.' />'.&mt('Yes').'</label></span>';
+                }
+                $datatable .= '<br /><br />';
+                if ($values{'key'} ne '') {
+                    $datatable .= '<span class="LC_nobreak">'.$desc{'key'};
+                    if ($noedit) {
+                        $datatable .= ': ['.&mt('not shown').']';
+                    } elsif ($switchserver) {
+                        $datatable .= ': ['.&mt('[_1] to view/edit',$switchserver).']';
+                    } else {
+                        $datatable .= ':<input type="text" size="25" name="linkprot_key_'.$i.'" value="'.$values{'key'}.'" autocomplete="off"'.$disabled.' />';
+                    }
+                    $datatable .= '</span> '.('&nbsp;'x2);
+                } elsif (!$switchserver) {
+                    $datatable .= '<span class="LC_nobreak">'.$desc{'key'}.':'.
+                                  '<input type="text" size="25" name="linkprot_key_'.$i.'" value="'.$values{'key'}.'" autocomplete="off"'.$disabled.' />'.
+                                  '</span> '.('&nbsp;'x2);
+                }
+                if ($switchserver) {
+                    if ($values{'usable'} ne '') {
+                        $datatable .= '<div id="linkprot_divcurrsecret_'.$i.'" style="display:inline-block" /><span class="LC_nobreak">'.
+                                      $desc{'secret'}.': ['.&mt('not shown').'] '.('&nbsp;'x2).'</span></div>'.
+                                      '<span class="LC_nobreak">'.&mt('Change secret?').
+                                      '<label><input type="radio" value="0" name="linkprot_changesecret_'.$i.'" onclick="javascript:toggleLinkProt(this.form,'."'$i','secret'".');" checked="checked"'.$disabled.' />'.&mt('No').'</label>'.
+                                      ('&nbsp;'x2).
+                                      '<label><input type="radio" value="1" name="linkprot_changesecret_'.$i.'" onclick="javascript:toggleLinkProt(this.form,'."'$i','secret'".');" '.$disabled.' />'.&mt('Yes').'</label>'.('&nbsp;'x2).
+                                      '</span><div id="linkprot_divchgsecret_'.$i.'" style="display:none" />'.
+                                      '<span class="LC_nobreak"> - '.$switchmessage.'</span>'.
+                                      '</div>';
+                    } elsif ($values{'key'} eq '') {
+                        $datatable .= '<span class="LC_nobreak">'.&mt('Key and Secret are required').' - '.$switchmessage.'</span>'."\n";
+                    } else {
+                        $datatable .= '<span class="LC_nobreak">'.&mt('Secret required').' - '.$switchmessage.'</span>'."\n";
+                    }
+                } else {
+                    if ($values{'usable'} ne '') {
+                        $datatable .= '<div id="linkprot_divcurrsecret_'.$i.'" style="display:inline-block" /><span class="LC_nobreak">'.
+                                      $desc{'secret'}.': ['.&mt('not shown').'] '.('&nbsp;'x2).'</span></div>'.
+                                      '<span class="LC_nobreak">'.&mt('Change?').
+                                      '<label><input type="radio" value="0" name="linkprot_changesecret_'.$i.'" onclick="javascript:toggleLinkProt(this.form,'."'$i','secret'".');" checked="checked"'.$disabled.' />'.&mt('No').'</label>'.
+                                      ('&nbsp;'x2).
+                                      '<label><input type="radio" value="1" name="linkprot_changesecret_'.$i.'" onclick="javascript:toggleLinkProt(this.form,'."'$i','secret'".');"'.$disabled.' />'.&mt('Yes').
+                                      '</label>&nbsp;&nbsp;</span><div id="linkprot_divchgsecret_'.$i.'" style="display:none" />'.
+                                      '<span class="LC_nobreak">'.&mt('New Secret').':'.
+                                      '<input type="password" size="20" name="linkprot_secret_'.$i.'" value="" autocomplete="off"'.$disabled.' />'.
+                                      '<label><input type="checkbox" name="visible" onclick="if (this.checked) { this.form.linkprot_secret_'.$i.'.type='."'text'".' } else { this.form.linkprot_secret_'.$i.'.type='."'password'".' }"'.$disabled.' />'.&mt('Visible input').'</label>'.
+                                      '<input type="hidden" name="linkprot_id_'.$i.'" value="'.$num.'" /></span></div>';
+                    } else {
+                        $datatable .=
+                            '<span class="LC_nobreak">'.$desc{'secret'}.':'.
+                            '<input type="password" size="20" name="linkprot_secret_'.$i.'" value="" autocomplete="off"'.$disabled.' />'.
+                            '<label><input type="checkbox" name="visible" onclick="if (this.checked) { this.form.linkprot_secret_'.$i.'.type='."'text'".' } else { this.form.linkprot_secret_'.$i.'.type='."'password'".' }"'.$disabled.' />'.&mt('Visible input').'</label>'.
+                            '<input type="hidden" name="linkprot_id_'.$i.'" value="'.$num.'" /></span>';
+                    }
+                }
+                if ($ltiauth) {
+                    $datatable .= 
+                        '</fieldset>'.
+                        '<fieldset id="linkprot_optional_'.$i.'" style="'.$usersty.'"><legend>'.$lt{'opti'}.'</legend>'.
+                        &linkprot_options($i,$itemcount,$disabled,\%values,\%desc).
+                        '</fieldset>';
+                }
+                $datatable .= '</td></tr>';
                 $itemcount ++;
             }
         }
@@ -5318,34 +5789,136 @@ sub print_linkprotection {
     $css_class = $itemcount%2?' class="LC_odd_row"':'';
     $datatable .= '<tr '.$css_class.'><td><span class="LC_nobreak">'."\n".
                   '<input type="hidden" name="linkprot_maxnum" value="'.$next.'" />'."\n".
-                  '<input type="checkbox" name="linkprot_add" value="1" />'.&mt('Add').'</span></td>'."\n".
-                  '<td>'.
-                  '<span class="LC_nobreak">'.$lt{'name'}.
-                  ':<input type="text" size="15" name="linkprot_name_add" value="" /></span> '."\n".
+                  '<input type="checkbox" name="linkprot_add" value="1"'.$disabled.' />'.&mt('Add').'</span></td>'."\n".
+                  '<td width="100%">';
+    my ($usersty,$onclickrequser,%checkedrequser);
+    if ($ltiauth) {
+        $usersty = 'display:none';
+        $onclickrequser = ' onclick="toggleLinkProtReqUser(this.form,'."'requser','optional','1','block','add'".');"';
+        %checkedrequser = (
+            no => ' checked="checked"',
+            yes  => '',
+        );
+        $datatable .= '<fieldset><legend>'.$lt{'requ'}.'</legend>';
+    }
+    $datatable .= '<span class="LC_nobreak">'.$desc{'name'}.
+                  ':<input type="text" size="15" name="linkprot_name_add" value="" autocomplete="off"'.$disabled.' /></span> '."\n".
                   ('&nbsp;'x2).
-                  '<span class="LC_nobreak">'.$lt{'version'}.':<select name="linkprot_version_add">'.
+                  '<span class="LC_nobreak">'.$desc{'version'}.':<select name="linkprot_version_add"'.$disabled.'>'.
                   '<option value="LTI-1p0" selected="selected">1.1</option></select></span> '."\n".
                   ('&nbsp;'x2).
-                  '<span class="LC_nobreak">'.$lt{'lifetime'}.':<input type="text" size="3" name="linkprot_lifetime_add" value="300" /></span> '."\n".
-                  '<br /><br />'.
-                  '<span class="LC_nobreak">'.$lt{'key'}.':<input type="text" size="25" name="linkprot_key_add" value="" /></span> '."\n".
-                  ('&nbsp;'x2).
-                  '<span class="LC_nobreak">'.$lt{'secret'}.':<input type="password" size="20" name="linkprot_secret_add" value="" />'.
-                  '<label><input type="checkbox" name="visible" onclick="if (this.checked) { this.form.linkprot_secret_add.type='."'text'".' } else { this.form.linkprot_secret_add.type='."'password'".' }" />'.&mt('Visible input').'</label></span> '."\n".
-                  '</td></tr>';
+                  '<span class="LC_nobreak">'.$desc{'lifetime'}.':<input type="text" size="3" name="linkprot_lifetime_add" value="300"'.$disabled.' /></span> '."\n";
+    if ($ltiauth) {
+        $datatable .= ('&nbsp;'x2).'<span class="LC_nobreak">'.$desc{'requser'}.'?'.
+                      '<label><input type="radio" name="linkprot_requser_add" value="0"'.
+                      $onclickrequser.$checkedrequser{'no'}.$disabled.' />'.&mt('No').'</label>&nbsp;'.
+                      '<label><input type="radio" name="linkprot_requser_add" value="1"'.
+                      $onclickrequser.$checkedrequser{'yes'}.$disabled.' />'.&mt('Yes').'</label></span>';
+    }
+    $datatable .= '<br /><br />';
+    if ($switchserver) {
+        $datatable .= '<span class="LC_nobreak">'.&mt('Key and Secret are required').' - '.$switchmessage.'</span>'."\n";
+    } else {
+        $datatable .= '<span class="LC_nobreak">'.$desc{'key'}.':<input type="text" size="25" name="linkprot_key_add" value="" autocomplete="off"'.$disabled.' /></span> '."\n".
+                      ('&nbsp;'x2).
+                      '<span class="LC_nobreak">'.$desc{'secret'}.':<input type="password" size="20" name="linkprot_secret_add" value="" autocomplete="off"'.$disabled.' />'.
+                      '<label><input type="checkbox" name="visible" onclick="if (this.checked) { this.form.linkprot_secret_add.type='."'text'".' } else { this.form.linkprot_secret_add.type='."'password'".' }"'.$disabled.' />'.&mt('Visible input').'</label></span> '."\n";
+    }
+    if ($ltiauth) {
+        $datatable .= '</fieldset>'.
+                      '<fieldset id="linkprot_optional_add" style="'.$usersty.'"><legend>'.$lt{'opti'}.'</legend>'.
+                      &linkprot_options('add',$itemcount,$disabled,{},\%desc).
+                     '</fieldset>';
+    }
+    $datatable .= '</td></tr>';
     $$rowtotal ++;
-    return $datatable;;
+    return $datatable;
 }
 
 sub linkprot_names {
-    my %lt = &Apache::lonlocal::texthash(
+    return &Apache::lonlocal::texthash(
                                           'version'   => 'LTI Version',
                                           'key'       => 'Key',
                                           'lifetime'  => 'Nonce lifetime (s)',
-                                          'name'      => 'Launcher Application Name',
+                                          'name'      => 'Launcher Application',
                                           'secret'    => 'Secret',
+                                          'requser'   => 'Use identity',
+                                          'email'     => 'Email address',
+                                          'sourcedid' => 'User ID',
+                                          'other'     => 'Other',
+                                          'auth'      => 'Display LON-CAPA login page',
+                                          'reject'    => 'Discontinue launch process',
                                         );
-    return %lt;
+}
+
+sub check_switchserver {
+    my ($cdom,$cnum,$context,$dest) = @_;
+    my ($allowed,$switchserver,$home);
+    if ($context eq 'domain') {
+        $home = &Apache::lonnet::domain($cdom,'primary');
+    } else {
+        $home = &Apache::lonnet::homeserver($cnum,$cdom);
+    }
+    unless (($home eq 'no_host') || ($home eq '')) {
+        my @ids=&Apache::lonnet::current_machine_ids();
+        foreach my $id (@ids) { if ($id eq $home) { $allowed=1; } }
+        if (!$allowed) {
+            $switchserver='<a href="/adm/switchserver?otherserver='.$home.'&amp;role='.
+                          &HTML::Entities::encode($env{'request.role'},'\'<>"&').
+                          '&amp;destinationurl='.$dest.'">'.&mt('Switch Server').'</a>';
+        }
+    }
+    return $switchserver;
+}
+
+sub linkprot_options {
+    my ($num,$itemcount,$disabled,$current,$desc) = @_;
+    my %lt;
+    if (ref($desc) eq 'HASH') {
+        %lt = %{$desc};
+    }
+    my $userfieldsty = 'none';
+    my (%checked,$userfield);
+    $checked{'sourcedid'} = ' checked="checked"';
+    $checked{'reject'} = ' checked="checked"';
+    if (ref($current) eq 'HASH') {
+        if (($current->{'mapuser'} ne '') && ($current->{'mapuser'} ne 'lis_person_sourcedid')) {
+            $checked{'sourcedid'} = '';
+            if ($current->{'mapuser'} eq 'lis_person_contact_email_primary') {
+                $checked{'email'} = ' checked="checked"';
+            } else {
+                $checked{'other'} = ' checked="checked"';
+                $userfield = $current->{'mapuser'};
+                $userfieldsty = 'inline-block';
+            }
+        }
+        if (($current->{'notstudent'} ne '') && ($current->{'notstudent'} ne 'reject')) {
+            $checked{'reject'} = '';
+            $checked{'auth'} = ' checked="checked"';
+        }
+    }
+    my $onclickuser = ' onclick="toggleLinkProtReqUser(this.form,'."'mapuser','userfield','other','inline-block','$num'".');"';
+    my $output = '<div class="LC_floatleft"><span class="LC_nobreak">'.
+                 &mt('Source of LON-CAPA username in LTI request').':&nbsp;';
+    foreach my $option ('sourcedid','email','other') {
+        $output .= '<label><input type="radio" name="linkprot_mapuser_'.$num.'" value="'.$option.'"'.
+                   $checked{$option}.$onclickuser.$disabled.' />'.$lt{$option}.'</label>'.
+                   ($option eq 'other' ? '' : ('&nbsp;'x2) );
+    }
+    $output .= '</span></div>'.
+               '<div class="LC_floatleft" style="display:'.$userfieldsty.';" id="linkprot_userfield_'.$num.'">'.
+               '<input type="text" name="linkprot_customuser_'.$num.'" '.
+               'value="'.$userfield.'"'.$disabled.' /></div>';
+    $output .= '<br />'.
+               '<div class="LC_floatleft"><span class="LC_nobreak">'.
+               &mt('Action when username is not for an enrolled student').':&nbsp;';
+    foreach my $option ('reject','auth') {
+        $output .= '<label><input type="radio" name="linkprot_notstudent_'.$num.'" value="'.$option.'"'.
+                   $checked{$option}.$disabled.' />'.$lt{$option}.'</label>'.
+                   ($option eq 'auth' ? '' : ('&nbsp;'x2) );
+    }
+    $output .= '</span></div>';
+    return $output;
 }
 
 sub print_other {
@@ -5551,7 +6124,7 @@ sub make_item_rows {
                                                        $settings->{$item},$disabled);
             } elsif ($items->{$item}{input} eq 'radio') {
                 my ($unsetdefault,$valueyes,$valueno);
-                if (($item eq 'usejsme') || ($item eq 'uselcmath')) {
+                if (($item eq 'usejsme') || ($item eq 'uselcmath') || ($item eq 'inline_chem')) {
                      my %domdefs = &Apache::lonnet::get_domain_defaults($cdom);
                      unless ($domdefs{$item} eq '0') {
                          $unsetdefault = 1;