Return to createaccount.pm CVS log

Up to [LON-CAPA] / loncom / interface

Diff for /loncom/interface/createaccount.pm between versions 1.37.2.3 and 1.72

-version 1.37.2.3, 2010/11/29 15:13:08
+version 1.72, 2016/02/19 20:28:46
  Line 1
  # The LearningOnline Network
  # Allow visitors to create a user account with the username being either an
- # institutional log-in ID (institutional authentication required - localauth
+ # institutional log-in ID (institutional authentication required - localauth,
- #  or kerberos) or an e-mail address.
+ # kerberos, or SSO) or an e-mail address. Requests to use an e-mail address as
+ # username may be processed automatically, or may be queued for approval.
  #
  # $Id$
  #
- Line 39  use Apache::lonhtmlcommon;
+ Line 40  use Apache::lonhtmlcommon;
  use Apache::lonlocal;
  use Apache::lonauth;
  use Apache::resetpw;
- use Captcha::reCAPTCHA;
  use DynaLoader; # for Crypt::DES version
  use Crypt::DES;
  use LONCAPA qw(:DEFAULT :match);
  Line 55  sub handler {
      my $domain;
-     my $sso_username = $r->subprocess_env->get('REDIRECT_SSOUserUnknown');
+     my $sso_username = $r->subprocess_env->get('SSOUserUnknown');
-     my $sso_domain = $r->subprocess_env->get('REDIRECT_SSOUserDomain');
+     my $sso_domain = $r->subprocess_env->get('SSOUserDomain');
-     &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},['token','courseid']);
+     &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},
+                                             ['token','courseid','domain','type']);
      &Apache::lonacc::get_posted_cgi($r);
      &Apache::lonlocal::get_language_handle($r);
      if ($sso_username ne '' && $sso_domain ne '') {
          $domain = $sso_domain;
      } else {
-         $domain = &Apache::lonnet::default_login_domain();
+         ($domain, undef) = Apache::lonnet::is_course($env{'form.courseid'});
-         if (defined($env{'form.courseid'})) {
+         unless ($domain) {
-             if (&validate_course($env{'form.courseid'})) {
+             if ($env{'form.phase'} =~ /^username_(activation|validation)$/) {
-                 if ($env{'form.courseid'} =~ /^($match_domain)_($match_courseid)$/) {
+                 if (($env{'form.udom'} =~ /^$match_domain$/) &&
-                     $domain = $1;
+                     (&Apache::lonnet::domain($env{'form.udom'}) ne '')) {
+                     $domain = $env{'form.udom'};
+                 } else {
+                     $domain = &Apache::lonnet::default_login_domain();
                  }
+             } elsif (($env{'form.phase'} eq '') &&
+                      ($env{'form.domain'} =~ /^$match_domain$/) &&
+                      (&Apache::lonnet::domain($env{'form.domain'}) ne '')) {
+                 $domain = $env{'form.domain'};
+             } else {
+                 $domain = &Apache::lonnet::default_login_domain();
              }
          }
      }
- Line 92  sub handler {
+ Line 102  sub handler {
          my $end_page =
              &Apache::loncommon::end_page();
          $r->print($start_page."\n".'<h2>'.&mt('You are already logged in').'</h2>'.
-                   '<p>'.&mt('Please either [_1]continue the current session[_2] or [_3]log out[_4].','<a href="/adm/roles">','</a>','<a href="/adm/logout">','</a>').
+                   '<p>'.&mt('Please either [_1]continue the current session[_2] or [_3]log out[_4].',
+                             '<a href="/adm/roles">','</a>','<a href="/adm/logout">','</a>').
                    '</p><p><a href="/adm/loginproblems.html">'.&mt('Login problems?').'</a></p>'.$end_page);
          return OK;
      }
      my ($js,$courseid,$title);
-     if (defined($env{'form.courseid'})) {
+     $courseid = Apache::lonnet::is_course($env{'form.courseid'});
-         $courseid = &validate_course($env{'form.courseid'});
-     }
      if ($courseid ne '') {
          $js = &catreturn_js();
          $title = 'Self-enroll in a LON-CAPA course';
- Line 115  sub handler {
+ Line 124  sub handler {
          my %domconfig =
              &Apache::lonnet::get_dom('configuration',['usercreation'],$domain);
-         my ($cancreate,$statustocreate) =
+         my ($cancreate,$statustocreate,$emailusername) =
              &get_creation_controls($domain,$domconfig{'usercreation'});
          my ($result,$output) =
              &username_validation($r,$env{'form.uname'},$domain,$domdesc,
                                   $contact_name,$contact_email,$courseid,
                                   $lonhost,$statustocreate);
-         if ($result eq 'existingaccount') {
+         if ($result eq 'redirect') {
+             $r->internal_redirect('/adm/switchserver');
+             return OK;
+         } elsif ($result eq 'existingaccount') {
              $r->print($output);
              &print_footer($r);
              return OK;
          } else {
-             $start_page =
+             $start_page = &Apache::loncommon::start_page($title,$js);
-                 &Apache::loncommon::start_page($title,$js,
-                                                {'no_inline_link'   => 1,});
              &print_header($r,$start_page,$courseid);
              $r->print($output);
              &print_footer($r);
              return OK;
          }
      }
-     $start_page =
+     $start_page = &Apache::loncommon::start_page($title,$js);
-         &Apache::loncommon::start_page($title,$js,
-                                        {'no_inline_link'   => 1,});
      my %domconfig =
          &Apache::lonnet::get_dom('configuration',['usercreation'],$domain);
-     my ($cancreate,$statustocreate) = &get_creation_controls($domain,$domconfig{'usercreation'});
+     my ($cancreate,$statustocreate,$emailusername) =
+         &get_creation_controls($domain,$domconfig{'usercreation'});
      if (@{$cancreate} == 0) {
          &print_header($r,$start_page,$courseid);
          my $output = '<h3>'.&mt('Account creation unavailable').'</h3>'.
                       '<span class="LC_warning">'.
-                      &mt('Creation of a new user account using an e-mail address or an institutional log-in ID as username is not permitted for the GCI WebCenter.').'</span><br /><br />';
+                      &mt('Creation of a new user account using an e-mail address or an institutional log-in ID as username is not permitted at this institution ([_1]).',$domdesc).
+                      '</span><br /><br />';
          $r->print($output);
          &print_footer($r);
          return OK;
- Line 160  sub handler {
+ Line 170  sub handler {
          if (grep(/^sso$/,@{$cancreate})) {
              $msg = '<h3>'.&mt('Account creation').'</h3>'.
                     &mt("Although your username and password were authenticated by your institution's Single Sign On system, you do not currently have a LON-CAPA account at this institution.").'<br />';
+             my $shibenv;
+             if (($r->dir_config('lonOtherAuthen') eq 'yes') &&
+                 ($r->dir_config('lonOtherAuthenType') eq 'Shibboleth')) {
+                 if (ref($domconfig{'usercreation'}) eq 'HASH') {
+                     if (ref($domconfig{'usercreation'}{'cancreate'}) eq 'HASH') {
+                         if (ref($domconfig{'usercreation'}{'cancreate'}{'shibenv'}) eq 'HASH') {
+                             my @possfields = ('firstname','middlename','lastname','generation',
+                                               'permanentemail','id');
+                             my ($othertitle,$usertypes,$types) = &Apache::loncommon::sorted_inst_types($domain);
+                             $shibenv= {};
+                             foreach my $key (keys(%{$domconfig{'usercreation'}{'cancreate'}{'shibenv'}})) {
+                                 if ($key eq 'inststatus') {
+                                     if (ref($usertypes) eq 'HASH') {
+                                         if ($domconfig{'usercreation'}{'cancreate'}{'shibenv'}{$key} ne '') {
+                                             if (exists($usertypes->{$domconfig{'usercreation'}{'cancreate'}{'shibenv'}{$key}})) {
+                                                 $shibenv->{$key} = $domconfig{'usercreation'}{'cancreate'}{'shibenv'}{$key};
+                                              }
+                                         }
+                                     }
+                                 } elsif (grep(/^\Q$key\E/,@possfields)) {
+                                     if ($domconfig{'usercreation'}{'cancreate'}{'shibenv'}{$key} ne '') {
+                                         $shibenv->{$key} = $domconfig{'usercreation'}{'cancreate'}{'shibenv'}{$key};
+                                     }
+                                 }
+                             }
+                         }
+                     }
+                 }
+             }
              $msg .= &username_check($sso_username,$domain,$domdesc,$courseid,
                                      $lonhost,$contact_email,$contact_name,
-                                     $sso_logout,$statustocreate);
+                                     $sso_logout,$statustocreate,$shibenv);
          } else {
              $msg = '<h3>'.&mt('Account creation unavailable').'</h3>'.
                     '<span class="LC_warning">'.&mt("Although your username and password were authenticated by your institution's Single Sign On system, you do not currently have a LON-CAPA account at this institution, and you are not permitted to create one.").'</span><br /><br />'.&mt('Please contact the [_1] ([_2]) for assistance.',$contact_name,$contact_email).'<hr />'.
- Line 174  sub handler {
+ Line 212  sub handler {
          return OK;
      }
-     my ($output,$nostart,$noend);
+     my ($output,$nostart,$noend,$redirect);
      my $token = $env{'form.token'};
      if ($token) {
-         ($output,$nostart,$noend) =
+         my $usertype = &get_usertype($domain);
+         ($output,$nostart,$noend,$redirect) =
              &process_mailtoken($r,$token,$contact_name,$contact_email,$domain,
-                                $domdesc,$lonhost,$include,$start_page);
+                                $domdesc,$lonhost,$include,$start_page,$cancreate,
-         if ($nostart) {
+                                $domconfig{'usercreation'},$usertype);
+         if ($redirect) {
+             $r->internal_redirect('/adm/switchserver');
+             return OK;
+         } elsif ($nostart) {
              if ($noend) {
                  return OK;
              } else {
- Line 199  sub handler {
+ Line 242  sub handler {
      if ($env{'form.phase'} eq 'username_activation') {
          (my $result,$output,$nostart) =
              &username_activation($r,$env{'form.uname'},$domain,$domdesc,
-                                  $lonhost,$courseid);
+                                  $courseid);
-         if ($result eq 'ok') {
+         if ($result eq 'redirect') {
+             $r->internal_redirect('/adm/switchserver');
+             return OK;
+         } elsif ($result eq 'ok') {
              if ($nostart) {
                  return OK;
              }
- Line 223  sub handler {
+ Line 269  sub handler {
          }
      } elsif ($env{'form.create_with_email'}) {
          &print_header($r,$start_page,$courseid);
-         $output = &process_email_request($env{'form.useremail'},$domain,$domdesc,
+         my $usertype = &get_usertype($domain);
+         $output = &process_email_request($env{'form.uname'},$domain,$domdesc,
                                           $contact_name,$contact_email,$cancreate,
                                           $lonhost,$domconfig{'usercreation'},
-                                          $courseid);
+                                          $emailusername,$courseid,$usertype);
      } elsif (!$token) {
          &print_header($r,$start_page,$courseid);
          my $now=time;
-         if (grep(/^login$/,@{$cancreate})) {
+         if ((grep(/^login$/,@{$cancreate})) && (!grep(/^email$/,@{$cancreate}))) {
-             my $jsh=Apache::File->new($include."/londes.js");
+             if (open(my $jsh,"<$include/londes.js")) {
-             $r->print(<$jsh>);
+                 while(my $line = <$jsh>) {
-             $r->print(&javascript_setforms($now));
+                     $r->print($line);
+                 }
+                 close($jsh);
+                 $r->print(&javascript_setforms($now));
+             }
          }
          if (grep(/^email$/,@{$cancreate})) {
              $r->print(&javascript_validmail());
          }
-         $output = &print_username_form($domain,$domdesc,$cancreate,$now,$lonhost,
+         my $usertype = &get_usertype($domain);
-                                        $courseid);
+         $output = &print_username_form($r,$domain,$domdesc,$cancreate,$now,$lonhost,
+                                        $include,$courseid,$emailusername,$usertype);
      }
      $r->print($output);
      &print_footer($r);
- Line 267  sub print_footer {
+ Line 319  sub print_footer {
          $r->print('<form name="backupcrumbs" method="post" action="">'.
                    &Apache::lonhtmlcommon::echo_form_input(['backto','logtoken',
                        'token','serverid','uname','upass','phase','create_with_email',
-                       'code','useremail','crypt','cfirstname','clastname',
+                       'code','crypt','cfirstname','clastname','g-recaptcha-response',
+                       'recaptcha_challenge_field','recaptcha_response_field',
                        'cmiddlename','cgeneration','cpermanentemail','cid']).
                    '</form>');
      }
      $r->print(&Apache::loncommon::end_page());
  }
+ sub get_usertype {
+     my ($domain) = @_;
+     my $usertype = 'default';
+     my ($othertitle,$usertypes,$types) = &Apache::loncommon::sorted_inst_types($domain);
+     if (ref($types) eq 'ARRAY') {
+         push(@{$types},'default');
+         my $posstype = $env{'form.type'};
+         $posstype =~ s/^\s+|\s$//g;
+         if (grep(/^\Q$posstype\E$/,@{$types})) {
+             $usertype = $posstype;
+         }
+     }
+     return $usertype;
+ }
  sub selfenroll_crumbs {
      my ($r,$courseid,$desc) = @_;
      &Apache::lonhtmlcommon::add_breadcrumb
- Line 286  sub selfenroll_crumbs {
+ Line 354  sub selfenroll_crumbs {
      }
      my $last_crumb;
      if ($desc ne '') {
-         $last_crumb = &mt('Self-enroll in [_1]','<span class="LC_cusr_emph">'.$desc.'</span>');
+         $last_crumb = &mt("Self-enroll in [_1]","'$desc'");
      } else {
          $last_crumb = &mt('Self-enroll');
      }
- Line 297  sub selfenroll_crumbs {
+ Line 365  sub selfenroll_crumbs {
      return;
  }
- sub validate_course {
+ sub javascript_setforms {
-     my ($courseid) = @_;
+     my ($now,$emailusername,$captcha,$usertype,$recaptchaversion) =  @_;
-     my ($cdom,$cnum) = ($courseid =~ /^($match_domain)_($match_courseid)$/);
+     my ($setuserinfo,@required,$requiredchk);
-     if (($cdom ne '') && ($cnum ne '')) {
+     if (ref($emailusername) eq 'HASH') {
-         if (&Apache::lonnet::is_course($cdom,$cnum)) {
+         if (ref($emailusername->{$usertype}) eq 'HASH') {
-             return ($courseid);
+             foreach my $key (sort(keys(%{$emailusername->{$usertype}}))) {
+                 if ($emailusername->{$usertype}{$key} eq 'required') {
+                     push(@required,$key);
+                 }
+                 $setuserinfo .= '                    server.elements.'.$key.'.value=client.elements.'.$key.'.value;'."\n";
+             }
+             $setuserinfo .= '                    server.elements.type.value=client.elements.type.value;'."\n";
+         }
+         if ($captcha eq 'original') {
+             $setuserinfo .= '                    server.elements.code.value=client.elements.code.value;'."\n".
+                             '                    server.elements.crypt.value=client.elements.crypt.value;'."\n";
+         } elsif ($captcha eq 'recaptcha') {
+             if ($recaptchaversion ne '2') {
+                 $setuserinfo .=
+                 '                    server.elements.recaptcha_challenge_field.value=client.elements.recaptcha_challenge_field.value;'."\n".
+                 '                    server.elements.recaptcha_response_field.value=client.elements.recaptcha_response_field.value;'."\n";
+             }
          }
      }
-     return;
+     if (@required) {
- }
+         my $missprompt = &mt('One or more required fields are currently blank.');
+         &js_escape(\$missprompt);
+         my $reqstr = join("','",@required);
+         $requiredchk = <<"ENDCHK";
+                 var requiredfields = new Array('$reqstr');
+                 missing = 0;
+                 for (var i=0; i<requiredfields.length; i++) {
+                     try {
+                         eval("client.elements."+requiredfields[i]+".value");
+                     }
+                     catch(err) {
+                         continue;
+                     }
+                     if (eval("client.elements."+requiredfields[i]+".value") == '') {
+                         missing ++;
+                     }
+                 }
+                 if (missing > 0) {
+                     alert("$missprompt");
+                     return false;
+                 }
- sub javascript_setforms {
+ ENDCHK
-     my ($now) =  @_;
+     }
      my $js = <<ENDSCRIPT;
-  <script type="text/javascript" language="JavaScript">
+ <script type="text/javascript">
-     function send() {
+ // <![CDATA[
-         this.document.server.elements.uname.value = this.document.client.elements.uname.value;
+     function send(one,two,context) {
-         this.document.server.elements.udom.value = this.document.client.elements.udom.value;
+         var server;
-         uextkey=this.document.client.elements.uextkey.value;
+         var client;
-         lextkey=this.document.client.elements.lextkey.value;
+         if (document.forms[one]) {
-         initkeys();
+             server = document.forms[one];
+             if (document.forms[two]) {
-         this.document.server.elements.upass.value
+                 client = document.forms[two];
-             = crypted(this.document.client.elements.upass$now.value);
+ $requiredchk
+                 server.elements.uname.value = client.elements.uname.value;
-         this.document.client.elements.uname.value='';
+                 server.elements.udom.value = client.elements.udom.value;
-         this.document.client.elements.upass$now.value='';
+                 uextkey=client.elements.uextkey.value;
-         this.document.server.submit();
+                 lextkey=client.elements.lextkey.value;
+                 initkeys();
+                 server.elements.upass.value
+                     = getCrypted(client.elements.upass$now.value);
+                 client.elements.uname.value='';
+                 client.elements.upass$now.value='';
+                 if (context == 'email') {
+ $setuserinfo
+                     client.elements.upasscheck$now.value='';
+                 }
+                 server.submit();
+             }
+         }
          return false;
      }
-  </script>
+ // ]]>
+ </script>
  ENDSCRIPT
+     if (($captcha eq 'recaptcha') && ($recaptchaversion eq '2')) {
+         $js .= "\n".'<script src="https://www.google.com/recaptcha/api.js"></script>'."\n";
+     }
      return $js;
  }
  sub javascript_checkpass {
-     my ($now) = @_;
+     my ($now,$context) = @_;
      my $nopass = &mt('You must enter a password.');
-     my $mismatchpass = &mt('The passwords you entered did not match.').'\\n'.
+     my $mismatchpass = &mt('The passwords you entered did not match.')."\n".
                         &mt('Please try again.');
+     &js_escape(\$nopass);
+     &js_escape(\$mismatchpass);
      my $js = <<"ENDSCRIPT";
- <script type="text/javascript" language="JavaScript">
+ <script type="text/javascript">
-     function checkpass() {
+ // <![CDATA[
-         var upass = this.document.client.elements.upass$now.value;
+     function checkpass(one,two) {
-         var upasscheck = this.document.client.elements.upasscheck$now.value;
+         var client;
-         if (upass == '') {
+         if (document.forms[two]) {
-             alert("$nopass");
+             client = document.forms[two];
-             return false;
+             var upass = client.elements.upass$now.value;
-         }
+             var upasscheck = client.elements.upasscheck$now.value;
-         if (upass == upasscheck) {
+             if (upass == '') {
-             this.document.client.elements.upasscheck$now.value='';
+                 alert("$nopass");
-             send();
+                 return false;
-             return false;
+             }
-         } else {
+             if (upass == upasscheck) {
-             alert("$mismatchpass");
+                 client.elements.upasscheck$now.value='';
-             return false;
+                 if (validate_email(client)) {
+                     send(one,two,'$context');
+                 }
+                 return false;
+             } else {
+                 alert("$mismatchpass");
+                 return false;
+             }
          }
+         return false;
      }
+ // ]]>
  </script>
  ENDSCRIPT
      return $js;
  }
  sub javascript_validmail {
-     my %lt = &Apache::lonlocal::texthash (
+     my %js_lt = &Apache::lonlocal::texthash (
                 email => 'The e-mail address you entered',
                 notv  => 'is not a valid e-mail address',
      );
      my $output =  "\n".'<script type="text/javascript">'."\n".
+                   '// <![CDATA['."\n".
                    &Apache::lonhtmlcommon::javascript_valid_email()."\n";
+     &js_escape(\%js_lt);
      $output .= <<"ENDSCRIPT";
- function validate_email() {
+ function validate_email(client) {
-     field = document.createaccount.useremail;
+     field = client.uname;
      if (validmail(field) == false) {
-         alert("$lt{'email'}: "+field.value+" $lt{'notv'}.");
+         alert("$js_lt{'email'}: "+field.value+" $js_lt{'notv'}.");
          return false;
-     } else {
-        var emailaddr = field.value;
-        var lcemail = emailaddr.toLowerCase();
-        if (emailaddr != lcemail) {
-            field.value = lcemail;
-            alert("WebCenter usernames are all lower case.\\nAccordingly your username will be "+lcemail+" once activated.");
-        }
      }
      return true;
  }
  ENDSCRIPT
-     $output .= "\n".'</script>'."\n";
+     $output .= "\n".'// ]]>'."\n".'</script>'."\n";
      return $output;
  }
  sub print_username_form {
-     my ($domain,$domdesc,$cancreate,$now,$lonhost,$courseid) = @_;
+     my ($r,$domain,$domdesc,$cancreate,$now,$lonhost,$include,$courseid,$emailusername,
-     my %lt = &Apache::lonlocal::texthash(
+         $usertype) = @_;
+     my %lt = &Apache::lonlocal::texthash (
                                           unam => 'username',
                                           udom => 'domain',
                                           uemail => 'E-mail address in LON-CAPA',
-                                          proc => 'Proceed');
+                                          proc => 'Proceed',
+                                          crac => 'Create account with a username provided by this institution',
+                                          clca => 'Create LON-CAPA account',
+                                          type => 'Type in your log-in ID and password to find out.',
+                                          plse => 'Please provide a password for your new account.',
+                                          info => 'Please provide user information and a password for your new account.',
+                                          yopw => 'Your password will be encrypted when sent (and stored).',
+                                          );
      my $output;
      if (ref($cancreate) eq 'ARRAY') {
          if (grep(/^login$/,@{$cancreate})) {
              my %domdefaults = &Apache::lonnet::get_domain_defaults($domain);
              if ((($domdefaults{'auth_def'} =~/^krb/) && ($domdefaults{'auth_arg_def'} ne '')) || ($domdefaults{'auth_def'} eq 'localauth')) {
-                 $output = '<div class="LC_left_float"><h3>'.&mt('Create account with a username provided by this institution').'</h3>';
+                 $output = '<div class="LC_left_float"><h3>'.$lt{'crac'}.'</h3>';
-                 my $submit_text = &mt('Create LON-CAPA account');
+                 $output .= &mt('If you already have a log-in ID at this institution [_1]you may be able to use it for LON-CAPA.','<br />').
-                 $output .= &mt('If you already have a log-in ID at this institution,[_1] you may be able to use it for LON-CAPA.','<br />').'<br /><br />'.&mt('Type in your log-in ID and password to find out.').'<br /><br />';
+                            '<br /><br />'.
-                 $output .= &login_box($now,$lonhost,$courseid,$submit_text,
+                            $lt{'type'}.
+                            '<br /><br />';
+                 $output .= &login_box($now,$lonhost,$courseid,$lt{'clca'},
                                        $domain,'createaccount').'</div>';
              }
          }
          if (grep(/^email$/,@{$cancreate})) {
              $output .= '<div class="LC_left_float"><h3>'.&mt('Create account with an e-mail address as your username').'</h3>';
-             my $captchaform = &create_recaptcha();
+             my ($captchaform,$error,$captcha,$recaptchaversion) =
-             if ($captchaform) {
+                 &Apache::loncommon::captcha_display('usercreation',$lonhost);
-                 my $submit_text = &mt('Request LON-CAPA account');
+             if ($error) {
-                 my $emailform = '<input type="text" name="useremail" size="25" value="" />';
-                 if (grep(/^login$/,@{$cancreate})) {
-                     $output .= &mt('Provide your e-mail address to request a LON-CAPA account,[_1] if you do not have a log-in ID at your institution.','<br />').'<br /><br />';
-                 } else {
-                     $output .= '<br />';
-                 }
-                 $output .=  '<form name="createaccount" method="post" onSubmit="return validate_email()" action="/adm/createaccount">'.
-                             &Apache::lonhtmlcommon::start_pick_box()."\n".
-                             &Apache::lonhtmlcommon::row_title(&mt('E-mail address'),
-                                                              'LC_pick_box_title')."\n".
-                             $emailform."\n".
-                             &Apache::lonhtmlcommon::row_closure(1).
-                             &Apache::lonhtmlcommon::row_title(&mt('Validation'),
-                                                              'LC_pick_box_title')."\n".
-                             $captchaform."\n".
-                             &mt('If either word is hard to read, [_1] will replace them.','<image src="/res/adm/pages/refresh.gif" alt="reCAPTCHA refresh" />').'<br /><br />';
-                 if ($courseid ne '') {
-                     $output .= '<input type="hidden" name="courseid" value="'.$courseid.'"/>'."\n";
-                 }
-                 $output .=  &Apache::lonhtmlcommon::row_closure(1).
-                             &Apache::lonhtmlcommon::row_title().'<br />'.
-                             '<input type="submit" name="create_with_email" value="'.
-                             $submit_text.'" />'.
-                             &Apache::lonhtmlcommon::row_closure(1).
-                             &Apache::lonhtmlcommon::end_pick_box().'<br /><br />';
-                 if ($courseid ne '') {
-                     $output .= &Apache::lonhtmlcommon::echo_form_input(['courseid']);
-                 }
-                 $output .= '</form>';
-             } else {
                  my $helpdesk = '/adm/helpdesk?origurl=%2fadm%2fcreateaccount';
                  if ($courseid ne '') {
                      $helpdesk .= '&courseid='.$courseid;
                  }
-                 $output .= '<span class="LC_error">'.&mt('An error occurred generating the validation code[_1] required for an e-mail address to be used as username.','<br />').'</span><br /><br />'.&mt('[_1]Contact the helpdesk[_2] or [_3]reload[_2] the page and try again.','<a href="'.$helpdesk.'">','</a>','<a href="javascript:window.location.reload()">');
+                 $output .= '<span class="LC_error">'.
+                            &mt('An error occurred generating the validation code[_1] required for an e-mail address to be used as username.','<br />').
+                            '</span><br /><br />'.
+                            &mt('[_1]Contact the helpdesk[_2] or [_3]reload[_2] the page and try again.',
+                                '<a href="'.$helpdesk.'">','</a>','<a href="javascript:window.location.reload()">');
+             } else {
+                 if (grep(/^login$/,@{$cancreate})) {
+                     $output .= &mt('If you do not have a log-in ID at your institution, [_1]provide your e-mail address to request a LON-CAPA account.','<br />').'<br /><br />'.
+                                $lt{'plse'}.'<br />'.
+                                $lt{'yopw'}.'<br />';
+                 } else {
+                     my $prompt = $lt{'plse'};
+                     if (ref($emailusername) eq 'HASH') {
+                         if (ref($emailusername->{$usertype}) eq 'HASH') {
+                             if (keys(%{$emailusername->{$usertype}}) > 0) {
+                                 $prompt = $lt{'info'};
+                             }
+                         }
+                     }
+                     $output .= $prompt.'<br />'.
+                                $lt{'yopw'}.'<br />';
+                 }
+                 $output .= &print_dataentry_form($r,$domain,$lonhost,$include,$now,$captchaform,
+                                                  $courseid,$emailusername,$captcha,$usertype,
+                                                  $recaptchaversion);
              }
              $output .= '</div>';
          }
- Line 467  sub login_box {
+ Line 600  sub login_box {
                                                createaccount => 'Log-in ID',
                                                selfenroll    => 'Username',
                                              );
-     my ($lkey,$ukey) = &Apache::lonpreferences::des_keys();
+     my ($lkey,$ukey) = &Apache::loncommon::des_keys();
      my ($lextkey,$uextkey) = &getkeys($lkey,$ukey);
-     my $logtoken=Apache::lonnet::reply('tmpput:'.$ukey.$lkey.'&createaccount',
+     my $logtoken=Apache::lonnet::reply('tmpput:'.$ukey.$lkey.'&createaccount:createaccount',
                                         $lonhost);
      $output = &serverform($logtoken,$lonhost,undef,$courseid,$context);
-     my $unameform = '<input type="text" name="uname" size="20" value="" />';
+     my $unameform = '<input type="text" name="uname" size="20" value="" autocomplete="off" />';
-     my $upassform = '<input type="password" name="upass'.$now.'" size="20" />';
+     my $upassform = '<input type="password" name="upass'.$now.'" size="20" autocomplete="off" />';
-     $output .= '<form name="client" method="post" onsubmit="return(send());">'."\n".
+     $output .= '<form name="client" method="post" action="" onsubmit="return(send('."'server','client'".'));">'."\n".
-                '<input type="hidden" name="udom" value="'.$domain.'" />'.
                 &Apache::lonhtmlcommon::start_pick_box()."\n".
                 &Apache::lonhtmlcommon::row_title($titles{$context},
                                                   'LC_pick_box_title')."\n".
- Line 484  sub login_box {
+ Line 616  sub login_box {
                 &Apache::lonhtmlcommon::row_title(&mt('Password'),
                                                  'LC_pick_box_title')."\n".
                 $upassform;
+     if ($context eq 'selfenroll') {
+         my $udomform = '<input type="text" name="udom" size="10" value="'.
+                         $domain.'" />';
+         $output .= &Apache::lonhtmlcommon::row_closure(1)."\n".
+                    &Apache::lonhtmlcommon::row_title(&mt('Domain'),
+                                                      'LC_pick_box_title')."\n".
+                    $udomform."\n";
+     } else {
+         $output .= '<input type="hidden" name="udom" value="'.$domain.'" />';
+     }
      $output .= &Apache::lonhtmlcommon::row_closure(1).
                 &Apache::lonhtmlcommon::row_title().
                 '<br /><input type="submit" name="username_validation" value="'.
- Line 504  sub login_box {
+ Line 646  sub login_box {
  sub process_email_request {
      my ($useremail,$domain,$domdesc,$contact_name,$contact_email,$cancreate,
-         $server,$settings,$courseid) = @_;
+         $server,$settings,$emailusername,$courseid,$usertype) = @_;
-     $useremail = lc($env{'form.useremail'});
      my $output;
      if (ref($cancreate) eq 'ARRAY') {
          if (!grep(/^email$/,@{$cancreate})) {
- Line 517  sub process_email_request {
+ Line 658  sub process_email_request {
                                       $contact_name,$contact_email);
              return $output;
          } else {
+             $useremail =~ s/^\s+|\s+$//g;
+             my $uname=&LONCAPA::clean_username($useremail);
+             if ($useremail ne $uname) {
+                 $output = &invalid_state('badusername',$domdesc,
+                                          $contact_name,$contact_email);
+                 return $output;
+             }
              my $uhome = &Apache::lonnet::homeserver($useremail,$domain);
              if ($uhome ne 'no_host') {
                  $output = &invalid_state('existinguser',$domdesc,
                                           $contact_name,$contact_email);
                  return $output;
              } else {
-                  my $captcha = Captcha::reCAPTCHA->new;
+                 my ($captcha_chk,$captcha_error) = &Apache::loncommon::captcha_response('usercreation',$server);
-                  my $captcha_result =
+                 if ($captcha_chk != 1) {
-                      $captcha->check_answer(
-                                             'PRIVATEKEY',
-                                             $ENV{'REMOTE_ADDR'},
-                                             $env{'form.recaptcha_challenge_field'},
-                                             $env{'form.recaptcha_response_field'},
-                                            );
-                 if (!$captcha_result->{is_valid}) {
                      $output = &invalid_state('captcha',$domdesc,$contact_name,
-                                              $contact_email);
+                                              $contact_email,$captcha_error);
                      return $output;
                  }
-                 my $uhome=&Apache::lonnet::homeserver($useremail,$domain);
+                 my (%rulematch,%inst_results,%curr_rules,%got_rules,%alerts);
-                 if ($uhome eq 'no_host') {
+                 &call_rulecheck($useremail,$domain,\%alerts,\%rulematch,
-                     my (%rulematch,%inst_results,%curr_rules,%got_rules,%alerts);
+                                 \%inst_results,\%curr_rules,\%got_rules,'username');
-                     &call_rulecheck($useremail,$domain,\%alerts,\%rulematch,
+                 if (ref($alerts{'username'}) eq 'HASH') {
-                                     \%inst_results,\%curr_rules,%got_rules,'username');
+                     if (ref($alerts{'username'}{$domain}) eq 'HASH') {
-                     if (ref($alerts{'username'}) eq 'HASH') {
+                         if ($alerts{'username'}{$domain}{$useremail}) {
-                         if (ref($alerts{'username'}{$domain}) eq 'HASH') {
+                             $output = &invalid_state('userrules',$domdesc,
-                             if ($alerts{'username'}{$domain}{$useremail}) {
+                                                      $contact_name,$contact_email);
-                                 $output = &invalid_state('userrules',$domdesc,
+                             return $output;
-                                                          $contact_name,$contact_email);
-                                 return $output;
-                             }
                          }
                      }
-                     my $format_msg =
+                 }
-                         &guest_format_check($useremail,$domain,$cancreate,
+                 my $format_msg =
-                                             $settings);
+                     &guest_format_check($useremail,$domain,$cancreate,
-                     if ($format_msg) {
+                                         $settings);
-                         $output = &invalid_state('userformat',$domdesc,$contact_name,
+                 if ($format_msg) {
-                                                  $contact_email,$format_msg);
+                     $output = &invalid_state('userformat',$domdesc,$contact_name,
-                         return $output;
+                                              $contact_email,$format_msg);
-                     }
+                     return $output;
                  }
              }
          }
          $output = &send_token($domain,$useremail,$server,$domdesc,$contact_name,
-                           $contact_email,$courseid);
+                               $contact_email,$courseid,$emailusername,$usertype);
      }
      return $output;
  }
- Line 583  sub call_rulecheck {
+ Line 720  sub call_rulecheck {
  }
  sub send_token {
-     my ($domain,$email,$server,$domdesc,$contact_name,$contact_email,$courseid) = @_;
+     my ($domain,$email,$server,$domdesc,$contact_name,$contact_email,$courseid,$emailusername,
+         $usertype) = @_;
      my $msg = '<h3>'.&mt('Account creation status').'</h3>'.
                &mt('Thank you for your request to create a new LON-CAPA account.').
                '<br /><br />';
      my $now = time;
-     my %info = ('ip'         => $ENV{'REMOTE_ADDR'},
+     $env{'form.logtoken'} =~ s/(`)//g;
-                 'time'       => $now,
+     if ($env{'form.logtoken'}) {
-                 'domain'     => $domain,
+         my $logtoken = $env{'form.logtoken'};
-                 'username'   => $email,
+         my $tmpinfo=Apache::lonnet::reply('tmpget:'.$logtoken,$server);
-                 'courseid'   => $courseid);
+         if (($tmpinfo=~/^error/) || ($tmpinfo eq 'con_lost')) {
-     my $token = &Apache::lonnet::tmpput(\%info,$server);
+             $msg = &mt('Information needed to process your request is missing, inaccessible or expired.')
-     if ($token !~ /^error/ && $token ne 'no_such_host') {
+                   .'<br />'.&mt('Return to the previous page to try again.');
-         my $esc_token = &escape($token);
+         } else {
-         my $showtime = localtime(time);
+             my $reply = &Apache::lonnet::reply('tmpdel:'.$logtoken,$server);
-         my $mailmsg = &mt('A request was submitted on [_1] for creation of a GCI WebCenter account.',$showtime).' '.
+             unless ($reply eq 'ok') {
-              &mt('To complete this process please open a web browser and enter the following URL in the address/location box: [_1]',
+                 $msg .= &mt('Request could not be processed.');
-                  &Apache::lonnet::absolute_url().'/adm/createaccount?token='.$esc_token);
+             }
-         my $result = &Apache::resetpw::send_mail($domdesc,$email,$mailmsg,$contact_name,
+         }
-                                                  $contact_email);
+         my %info = ('ip'         => $ENV{'REMOTE_ADDR'},
-         if ($result eq 'ok') {
+                     'time'       => $now,
-             $msg .= &mt('A message has been sent to the e-mail address you provided.').'<br />'.&mt('The message includes the web address for the link you will use to complete the account creation process.').'<br />'.&mt("The link included in the message will be valid for the next [_1]two[_2] hours.",'<b>','</b>');
+                     'domain'     => $domain,
+                     'username'   => $email,
+                     'courseid'   => $courseid,
+                     'upass'      => $env{'form.upass'},
+                     'serverid'   => $env{'form.serverid'},
+                     'tmpinfo'    => $tmpinfo);
+         if (ref($emailusername) eq 'HASH') {
+             if (ref($emailusername->{$usertype}) eq 'HASH') {
+                 foreach my $item (keys(%{$emailusername->{$usertype}})) {
+                     $info{$item} = $env{'form.'.$item};
+                     $info{$item} =~ s/(`)//g;
+                 }
+                 unless ($usertype eq 'default') {
+                     $info{'inststatus'} = $usertype;
+                 }
+             }
+         }
+         my $token = &Apache::lonnet::tmpput(\%info,$server,'createaccount');
+         if ($token !~ /^error/ && $token ne 'no_such_host') {
+             my $esc_token = &escape($token);
+             my $showtime = localtime(time);
+             my $mailmsg = &mt('A request was submitted on [_1] for creation of a LON-CAPA account at the following institution: [_2].',$showtime,$domdesc).' '.
+                           &mt('To complete this process please open a web browser and enter the following URL in the address/location box: [_1]',
+                           &Apache::lonnet::absolute_url().'/adm/createaccount?token='.$esc_token);
+             my $result = &Apache::resetpw::send_mail($domdesc,$email,$mailmsg,$contact_name,
+                                                      $contact_email);
+             if ($result eq 'ok') {
+                 $msg .= &mt('A message has been sent to the e-mail address you provided.').'<br />'.
+                         &mt('The message includes the web address for the link you will use to complete the account creation process.').'<br />'.
+                         &mt("The link included in the message will be valid for the next [_1]two[_2] hours.",'<b>','</b>');
+             } else {
+                 $msg .= '<span class="LC_error">'.
+                         &mt('An error occurred when sending a message to the e-mail address you provided.').'</span><br />'.
+                         ' '.&mt('Please contact the [_1] ([_2]) for assistance.',$contact_name,$contact_email);
+             }
          } else {
              $msg .= '<span class="LC_error">'.
-                     &mt('An error occurred when sending a message to the e-mail address you provided.').'</span><br />'.
+                     &mt('An error occurred creating a token required for the account creation process.').'</span><br />'.
                      ' '.&mt('Please contact the [_1] ([_2]) for assistance.',$contact_name,$contact_email);
          }
      } else {
-         $msg .= '<span class="LC_error">'.
+         $msg .=  $msg = &mt('Information needed to process your request is missing, inaccessible or expired.')
-                 &mt('An error occurred creating a token required for the account creation process.').'</span><br />'.
+                 .'<br />'.&mt('Return to the previous page to try again.');
-                 ' '.&mt('Please contact the [_1] ([_2]) for assistance.',$contact_name,$contact_email);
      }
      return $msg;
  }
  sub process_mailtoken {
      my ($r,$token,$contact_name,$contact_email,$domain,$domdesc,$lonhost,
-         $include,$start_page) = @_;
+         $include,$start_page,$cancreate,$settings,$usertype) = @_;
-     my ($msg,$nostart,$noend);
+     my ($msg,$nostart,$noend,$redirect);
      my %data = &Apache::lonnet::tmpget($token);
      my $now = time;
      if (keys(%data) == 0) {
          $msg = &mt('Sorry, the URL you provided to complete creation of a new LON-CAPA account was invalid.')
                 .' '.&mt('Either the token included in the URL has been deleted or the URL you provided was invalid.')
-                .' '.&mt('Please submit a [_1]new request[_2] for account creation and follow the new link page included in the e-mail that will be sent to you.','<a href="/adm/createaccount">','</a>');
+                .' '.&mt('Please submit a [_1]new request[_2] for account creation and follow the new link page included in the e-mail that will be sent to you.',
+                         '<a href="/adm/createaccount">','</a>');
          return $msg;
      }
      if (($data{'time'} =~ /^\d+$/) &&
          ($data{'domain'} ne '') &&
          ($data{'username'}  =~ /^[^\@]+\@[^\@]+\.[^\@\.]+$/)) {
          if ($now - $data{'time'} < 7200) {
-             if ($env{'form.phase'} eq 'createaccount') {
+ # Check if request should be queued.
-                 my ($result,$output) = &create_account($r,$domain,$lonhost,
+             if (ref($cancreate) eq 'ARRAY') {
-                                                        $data{'username'},$domdesc);
+                 my $disposition;
-                 if ($result eq 'ok') {
+                 if (grep(/^email$/,@{$cancreate})) {
-                     $msg = $output;
+                     if (ref($settings) eq 'HASH') {
-                     my $shownow = &Apache::lonlocal::locallocaltime($now);
+                         if (ref($settings->{'cancreate'}) eq 'HASH') {
-                     my $mailmsg = &mt('A GCI WebCenter account has been created [_1] from IP address: [_2].  If you did not perform this action or authorize it, please contact the [_3] ([_4]).',$shownow,$ENV{'REMOTE_ADDR'},$contact_name,$contact_email)."\n";
+                             if (ref($settings->{'cancreate'}{'selfcreateprocessing'}) eq 'HASH') {
-                     my $mailresult = &Apache::resetpw::send_mail($domdesc,$data{'email'},
+                                 $disposition = $settings->{'cancreate'}{'selfcreateprocessing'}{$usertype};
-                                                                  $mailmsg,$contact_name,
+                             }
-                                                                  $contact_email);
+                         }
-                     if ($mailresult eq 'ok') {
+                     }
-                         $msg .= &mt('An e-mail confirming creation of your new LON-CAPA account has been sent to [_1].',$data{'username'});
+                     if ($disposition eq 'approval') {
+                         $msg = &store_request($domain,$data{'username'},'approval',\%data,$settings);
+                         my $delete = &Apache::lonnet::tmpdel($token);
                      } else {
-                         $msg .= &mt('An error occurred when sending e-mail to [_1] confirming creation of your LON-CAPA account.',$data{'username'});
+                         my ($result,$output,$uhome) =
+                             &create_account($r,$domain,$domdesc,\%data);
+                         if ($result eq 'ok') {
+                             $msg = $output;
+                             my $shownow = &Apache::lonlocal::locallocaltime($now);
+                             my $mailmsg = &mt('A LON-CAPA account for the institution: [_1] has been created [_2] from IP address: [_3]. If you did not perform this action or authorize it, please contact the [_4] ([_5]).',$domdesc,$shownow,$ENV{'REMOTE_ADDR'},$contact_name,$contact_email)."\n";
+                             my $mailresult = &Apache::resetpw::send_mail($domdesc,$data{'email'},
+                                                                         $mailmsg,$contact_name,
+                                                                         $contact_email);
+                             if ($mailresult eq 'ok') {
+                                 $msg .= &mt('An e-mail confirming creation of your new LON-CAPA account has been sent to [_1].',$data{'username'});
+                             } else {
+                                 $msg .= &mt('An error occurred when sending e-mail to [_1] confirming creation of your LON-CAPA account.',$data{'username'});
+                             }
+                             $redirect = &start_session($r,$data{'username'},$domain,$uhome,
+                                                        $data{'courseid'},$token);
+                             $nostart = 1;
+                             $noend = 1;
+                         } else {
+                             $msg .= &mt('A problem occurred when attempting to create your new LON-CAPA account.')
+                                    .'<br />'.$output;
+                             if (($contact_name ne '') && ($contact_email ne '')) {
+                                 $msg .= &mt('Please contact the [_1] ([_2]) for assistance.',$contact_name,$contact_email);
+                             }
+                         }
+                         my $delete = &Apache::lonnet::tmpdel($token);
                      }
-                     my %form = &start_session($r,$data{'username'},$domain,
-                                               $lonhost,$data{'courseid'},
-                                               $token);
-                     $nostart = 1;
-                     $noend = 1;
                  } else {
-                     $msg .= &mt('A problem occurred when attempting to create your new LON-CAPA account.')
+                     $msg = &invalid_state('noemails',$domdesc,$contact_name,$contact_email);
-                            .'<br />'.$output
- #                           .&mt('Please contact the [_1] ([_2]) for assistance.',$contact_name,'<a href="mailto:'.$contact_email.'">'.$contact_email.'</a>');
-                            .&mt('Please contact the [_1] ([_2]) for assistance.',$contact_name,$contact_email);
                  }
-                 my $delete = &Apache::lonnet::tmpdel($token);
              } else {
-                 $msg .= &mt('Please provide user information and a password for your new account.').'<br />'.&mt('Your password, which must contain at least seven characters, will be sent to the LON-CAPA server in an encrypted form.').'<br />';
+                 $msg = &invalid_state('noemails',$domdesc,$contact_name,$contact_email);
-                 $msg .= &print_dataentry_form($r,$domain,$lonhost,$include,$token,$now,$data{'username'},$start_page);
-                 $nostart = 1;
              }
          } else {
              $msg = &mt('Sorry, the token generated when you requested creation of an account has expired.')
- Line 673  sub process_mailtoken {
+ Line 863  sub process_mailtoken {
          $msg .= &mt('Sorry, the URL generated when you requested creation of an account contained incomplete information.')
                 .' '.&mt('Please submit a [_1]new request[_2] for account creation and follow the new link included in the e-mail that will be sent to you.','<a href="/adm/createaccount">','</a>');
      }
-     return ($msg,$nostart,$noend);
+     return ($msg,$nostart,$noend,$redirect);
  }
  sub start_session {
-     my ($r,$username,$domain,$lonhost,$courseid,$token) = @_;
+     my ($r,$username,$domain,$uhome,$courseid,$token) = @_;
-     my %form = (
+     my ($is_balancer) = &Apache::lonnet::check_loadbalancing($username,$domain);
-                 uname => $username,
+     if ($is_balancer) {
-                 udom  => $domain,
+         Apache::lonauth::success($r, $username, $domain, $uhome,
-                );
+             'noredirect', undef, {});
-     my $firsturl = '/adm/roles';
-     if (defined($courseid)) {
+         Apache::lonnet::tmpdel($token) if $token;
-         $courseid = &validate_course($courseid);
-         if ($courseid ne '') {
+         return 'redirect';
-             $form{'courseid'} = $courseid;
-             $firsturl = '/adm/selfenroll?courseid='.$courseid;
-         }
-     }
-     if ($r->dir_config('lonBalancer') eq 'yes') {
-         &Apache::lonauth::success($r,$form{'uname'},$form{'udom'},
-                                   $lonhost,'noredirect',undef,\%form);
-         if ($token ne '') {
-             my $delete = &Apache::lonnet::tmpdel($token);
-         }
-         $r->internal_redirect('/adm/switchserver');
      } else {
-         &Apache::lonauth::success($r,$form{'uname'},$form{'udom'},
+         $courseid = Apache::lonnet::is_course($courseid);
-                                   $lonhost,$firsturl,undef,\%form);
+         Apache::lonauth::success($r, $username, $domain, $uhome,
+             ($courseid ? "/adm/selfenroll?courseid=$courseid" : '/adm/roles'),
+             undef, {});
      }
-     return %form;
+     return;
  }
+ #
+ # The screen that the user gets to create his or her account
+ # Desired username, desired password, etc
+ # Stores token to store DES-key and stage during creation session
+ #
  sub print_dataentry_form {
-     my ($r,$domain,$lonhost,$include,$mailtoken,$now,$username,$start_page) = @_;
+     my ($r,$domain,$lonhost,$include,$now,$captchaform,$courseid,$emailusername,$captcha,
+         $usertype,$recaptchaversion) = @_;
      my ($error,$output);
-     &print_header($r,$start_page);
      if (open(my $jsh,"<$include/londes.js")) {
          while(my $line = <$jsh>) {
              $r->print($line);
          }
          close($jsh);
-         $output .= &javascript_setforms($now)."\n".&javascript_checkpass($now);
+         $output = &javascript_setforms($now,$emailusername,$captcha,$usertype,$recaptchaversion).
-         my ($lkey,$ukey) = &Apache::lonpreferences::des_keys();
+                   "\n".&javascript_checkpass($now,'email');
+         my ($lkey,$ukey) = &Apache::loncommon::des_keys();
          my ($lextkey,$uextkey) = &getkeys($lkey,$ukey);
-         my $logtoken=Apache::lonnet::reply('tmpput:'.$ukey.$lkey.'&createaccount',
+         my $logtoken=Apache::lonnet::reply('tmpput:'.$ukey.$lkey.'&createaccount:createaccount',
                                             $lonhost);
-         my $formtag = '<form name="server" method="post" target="_top" action="/adm/createaccount">';
+         $output .=
-         my ($datatable,$rowcount) =
+             '<form name="createaccount" method="post" target="_top" action="/adm/createaccount">';
-             &Apache::loncreateuser::personal_data_display($username,$domain,
+         if ($courseid ne '') {
-                                                           'email','selfcreate');
+             $output .= '<input type="hidden" name="courseid" value="'.$courseid.'"/>'."\n";
-         if ($rowcount) {
+         }
-             $output .= '<div class="LC_left_float">'.$formtag.$datatable;
+         if (ref($emailusername) eq 'HASH') {
-         } else {
+             if (ref($emailusername->{$usertype}) eq 'HASH') {
-             $output .= $formtag;
+                 foreach my $field (sort(keys(%{$emailusername->{$usertype}}))) {
+                     $output .= '<input type="hidden" name="'.$field.'" value="" />'."\n";
+                 }
+                 $output .= '<input type="hidden" name="type" value="" />'."\n";
+             }
+         }
+         if ($captcha eq 'original') {
+             $output .= '
+    <input type="hidden" name="crypt" value="" />
+    <input type="hidden" name="code" value="" />
+ ';
+         } elsif ($captcha eq 'recaptcha') {
+             if ($recaptchaversion eq '2') {
+                 $output .= "$captchaform\n";
+                 undef($captchaform);
+             } else {
+                 $output .= '
+    <input type="hidden" name="recaptcha_challenge_field" value="" />
+    <input type="hidden" name="recaptcha_response_field" value="" />
+ ';
+             }
          }
          $output .= <<"ENDSERVERFORM";
     <input type="hidden" name="logtoken" value="$logtoken" />
-    <input type="hidden" name="token" value="$mailtoken" />
     <input type="hidden" name="serverid" value="$lonhost" />
     <input type="hidden" name="uname" value="" />
     <input type="hidden" name="upass" value="" />
     <input type="hidden" name="udom" value="" />
     <input type="hidden" name="phase" value="createaccount" />
+    <input type="hidden" name="create_with_email" value="1" />
    </form>
  ENDSERVERFORM
+         my $beginclientform = '<form name="newemail" method="post" action="" '.
+                               'onsubmit="return checkpass('."'createaccount','newemail'".');">'."\n";
+         my $endclientform = '<input type="hidden" name="udom" value="'.$domain.'" />'."\n".
+                             '<input type="hidden" name="lextkey" value="'.$lextkey.'" />'."\n".
+                             '<input type="hidden" name="uextkey" value="'.$uextkey.'" />'."\n".
+                             '</form>'."\n".
+                             '<p class="LC_info">'.&mt('Fields marked [_1]*[_2] are required.','<b>','</b>').'</p>';
+         my ($datatable,$rowcount) =
+             &Apache::loncreateuser::personal_data_display('',$domain,'email','selfcreate',
+                                                           '','',$now,$captchaform,
+                                                           $emailusername,$usertype);
          if ($rowcount) {
-             $output .= '</div>'.
+             $output .= '<div class="LC_left_float">'.$beginclientform.$datatable.$endclientform;
-                        '<div class="LC_left_float">';
+         } else {
+             $output .= $beginclientform.$endclientform;
          }
-         my $upassone = '<input type="password" name="upass'.$now.'" size="10" />';
-         my $upasstwo = '<input type="password" name="upasscheck'.$now.'" size="10" />';
-         my $submit_text = &mt('Create LON-CAPA account');
-         $output .= '<h3>'.&mt('Login Data').'</h3>'."\n".
-                    '<form name="client" method="post" '.
-                    'onsubmit="return checkpass();">'."\n".
-                    &Apache::lonhtmlcommon::start_pick_box()."\n".
-                    &Apache::lonhtmlcommon::row_title(&mt('Username'),
-                                                      'LC_pick_box_title',
-                                                      'LC_oddrow_value')."\n".
-                    $username."\n".
-                    &Apache::lonhtmlcommon::row_closure(1)."\n".
-                    &Apache::lonhtmlcommon::row_title(&mt('Password'),
-                                                     'LC_pick_box_title',
-                                                     'LC_oddrow_value')."\n".
-                    $upassone."\n".
-                    &Apache::lonhtmlcommon::row_closure(1)."\n".
-                    &Apache::lonhtmlcommon::row_title(&mt('Confirm password'),
-                                                      'LC_pick_box_title',
-                                                      'LC_oddrow_value')."\n".
-                    $upasstwo.
-                    &Apache::lonhtmlcommon::row_closure(1)."\n".
-                    &Apache::lonhtmlcommon::row_title()."\n".
-                    '<br /><input type="submit" name="createaccount" value="'.
-                    $submit_text.'" />'.
-                    &Apache::lonhtmlcommon::row_closure(1)."\n".
-                    &Apache::lonhtmlcommon::end_pick_box()."\n".
-                    '<input type="hidden" name="uname" value="'.$username.'" />'."\n".
-                    '<input type="hidden" name="udom" value="'.$domain.'" />'."\n".
-                    '<input type="hidden" name="lextkey" value="'.$lextkey.'" />'."\n".
-                    '<input type="hidden" name="uextkey" value="'.$uextkey.'" />'."\n".
-                    '</form>';
          if ($rowcount) {
              $output .= '</div>'."\n".
                         '<div class="LC_clear_float_footer"></div>'."\n";
- Line 784  ENDSERVERFORM
+ Line 971  ENDSERVERFORM
      return $output;
  }
+ #
+ # Retrieve rules for generating accounts from domain configuration
+ # Can the user make a new account or just self-enroll?
  sub get_creation_controls {
      my ($domain,$usercreation) = @_;
-     my (@cancreate,@statustocreate);
+     my (@cancreate,@statustocreate,$emailusername);
      if (ref($usercreation) eq 'HASH') {
          if (ref($usercreation->{'cancreate'}) eq 'HASH') {
              if (ref($usercreation->{'cancreate'}{'statustocreate'}) eq 'ARRAY') {
                  @statustocreate = @{$usercreation->{'cancreate'}{'statustocreate'}};
+                 if (@statustocreate == 0) {
+                     my ($othertitle,$usertypes,$types) =
+                         &Apache::loncommon::sorted_inst_types($domain);
+                     if (ref($types) eq 'ARRAY') {
+                         if (@{$types} == 0) {
+                             @statustocreate = ('default');
+                         }
+                     } else {
+                         @statustocreate = ('default');
+                     }
+                 }
              } else {
                  @statustocreate = ('default');
                  my ($othertitle,$usertypes,$types) =
- Line 805  sub get_creation_controls {
+ Line 1007  sub get_creation_controls {
                       ($usercreation->{'cancreate'}{'selfcreate'} ne '')) {
                  @cancreate = ($usercreation->{'cancreate'}{'selfcreate'});
              }
+             if (ref($usercreation->{'cancreate'}{'emailusername'}) eq 'HASH') {
+                 $emailusername = $usercreation->{'cancreate'}{'emailusername'};
+             } else {
+                 $emailusername = {
+                                     default =>  {
+                                                    'lastname' => '1',
+                                                    'firstname' => 1,
+                                                 },
+                                  };
+             }
          }
      }
-     return (\@cancreate,\@statustocreate);
+     return (\@cancreate,\@statustocreate,$emailusername);
  }
  sub create_account {
-     my ($r,$domain,$lonhost,$username,$domdesc) = @_;
+     my ($r,$domain,$domdesc,$dataref) = @_;
-     my ($retrieved,$output,$upass) = &process_credentials($env{'form.logtoken'},
+     my $error    = '<span class="LC_error">'.&mt('Error:').' ';
-                                                           $env{'form.serverid'});
+     my $end      = '</span><br /><br />';
-     # Error messages
+     my $rtnlink  = '<a href="javascript:history.back();">'.
-     my $error     = '<span class="LC_error">'.&mt('Error:').' ';
-     my $end       = '</span><br /><br />';
-     my $rtnlink   = '<a href="javascript:history.back();" />'.
                      &mt('Return to previous page').'</a>'.
                      &Apache::loncommon::end_page();
-     if ($retrieved eq 'ok') {
+     my $output;
-         if ($env{'form.courseid'} ne '') {
+     if (ref($dataref) eq 'HASH') {
-             my ($result,$userchkmsg) = &check_id($username,$domain,$domdesc);
+         my ($username,$encpass,$serverid,$courseid,$id,$firstname,$middlename,$lastname,
-             if ($result eq 'fail') {
+             $generation,$inststatus);
-                 $output = $error.&mt('Invalid ID format').$end.
+         $username   = $dataref->{'username'};
-                           $userchkmsg.$rtnlink;
+         $encpass    = $dataref->{'upass'};
-                 return ('fail',$output);
+         $serverid   = $dataref->{'serverid'};
+         $courseid   = $dataref->{'courseid'};
+         $id         = $dataref->{'id'};
+         $firstname  = $dataref->{'firstname'};
+         $middlename = $dataref->{'middlename'};
+         $lastname   = $dataref->{'lastname'};
+         $generation = $dataref->{'generation'};
+         $inststatus = $dataref->{'inststatus'};
+         my $currhome = &Apache::lonnet::homeserver($username,$domain);
+         unless ($currhome eq 'no_host') {
+             $output = &mt('User account requested for username: [_1] in domain: [_2] already exists.',$username,$domain);
+             return ('fail',$error.$output.$end.$rtnlink);
+         }
+ # Split the logtoken to retrieve the DES key and decrypt the encypted password
+         my ($key,$caller)=split(/&/,$dataref->{'tmpinfo'});
+         if ($caller eq 'createaccount') {
+             my $upass = &Apache::loncommon::des_decrypt($key,$encpass);
+ # See if we are allowed to use the proposed student/employee ID,
+ # as per domain rules; if not, student/employee will be left blank.
+             if ($id ne '') {
+                 my ($result,$userchkmsg) = &check_id($username,$domain,$id,$domdesc,'email');
+                 if ($result eq 'fail') {
+                     $output = $error.&mt('Invalid ID format').$end.
+                               $userchkmsg;
+                     undef($id);
+                 }
              }
+ # Create an internally authenticated account with password $upass
+ # if the user account does not already exist.
+ # Assign student/employee id, first name, last name, etc.
+             my $result =
+                 &Apache::lonnet::modifyuser($domain,$username,$id,
+                                             'internal',$upass,$firstname,$middlename,
+                                             $lastname,$generation,undef,undef,$username);
+             $output = &mt('Generating user: [_1]',$result);
+ # Now that the user account exists, retrieve the homeserver, and include it in the output.
+             my $uhome = &Apache::lonnet::homeserver($username,$domain);
+             unless (($inststatus eq 'default') || ($inststatus eq '')) {
+                 &Apache::lonnet::put('environment',{inststatus => $inststatus},$domain,$username);
+             }
+             $output .= '<br />'.&mt('Home server: [_1]',$uhome).' '.
+                        &Apache::lonnet::hostname($uhome).'<br /><br />';
+             return ('ok',$output,$uhome);
+         } else {
+             $output = &mt('Unable to retrieve your account creation information - unexpected context');
+             undef($encpass);
+             return ('fail',$error.$output.$end.$rtnlink);
          }
      } else {
+         $output = &mt('Unable to retrieve information for your account request.');
          return ('fail',$error.$output.$end.$rtnlink);
      }
-     # Call modifyuser
-     my $result =
-         &Apache::lonnet::modifyuser($domain,$username,$env{'form.cid'},
-                                     'internal',$upass,$env{'form.cfirstname'},
-                                     $env{'form.cmiddlename'},$env{'form.clastname'},
-                                     $env{'form.cgeneration'},undef,undef,$username);
-     $output = &mt('Generating user: [_1]',$result);
-     my $uhome = &Apache::lonnet::homeserver($username,$domain);
-     $output .= '<br />'.&mt('Home server: [_1]',$uhome).' '.
-               &Apache::lonnet::hostname($uhome).'<br /><br />';
-     return ('ok',$output);
  }
  sub username_validation {
      my ($r,$username,$domain,$domdesc,$contact_name,$contact_email,$courseid,
          $lonhost,$statustocreate) = @_;
-     my ($retrieved,$output,$upass);
+ # $r: request object
+ # $username,$domain: for the user who needs to be validated
+ # $domdesc: full name of the domain (for error messages)
+ # $contact_name, $contact_email: name and email for user assistance (for error messages in &username_check)
+ # $courseid: ID of the course if user came to username_validation via self-enroll link,
+ #             passed to start_session()
+ # $lonhost: LON-CAPA lonHostID
+ # $statustocreate: -> inststatus in username_check ('faculty', 'staff', 'student', ...)
+ #
+ # Sanitize incoming username and domain
+ #
      $username= &LONCAPA::clean_username($username);
      $domain = &LONCAPA::clean_domain($domain);
+ #
+ # Check if LON-CAPA account already exists for $username:$domain
+ #
      my $uhome = &Apache::lonnet::homeserver($username,$domain);
-     ($retrieved,$output,$upass) = &process_credentials($env{'form.logtoken'},
+     my $output;
-                                                        $env{'form.serverid'});
-     if ($retrieved ne 'ok') {
+ # Retrieve DES key from server using logtoken
+     my $tmpinfo=Apache::lonnet::reply('tmpget:'.$env{'form.logtoken'},$env{'form.serverid'});
+     if (($tmpinfo=~/^error/) || ($tmpinfo eq 'con_lost')) {
+         $output = &mt('Information needed to verify your login information is missing, inaccessible or expired.')
+                  .'<br />'.&mt('You may need to reload the previous page to obtain a new token.');
+         return ('fail',$output);
+     } else {
+         my $reply = &Apache::lonnet::reply('tmpdel:'.$env{'form.logtoken'},$env{'form.serverid'});
+         unless ($reply eq 'ok') {
+             $output = &mt('Session could not be opened.');
+             return ('fail',$output);
+         }
+     }
+ # Split the logtoken to retrieve the DES key and decrypt the encypted password
+     my ($key,$caller)=split(/&/,$tmpinfo);
+     my $upass;
+     if ($caller eq 'createaccount') {
+         $upass = &Apache::loncommon::des_decrypt($key,$env{'form.upass'});
+     } else {
+         $output = &mt('Unable to retrieve your log-in information - unexpected context');
          return ('fail',$output);
      }
      if ($uhome ne 'no_host') {
          my $result = &Apache::lonnet::authenticate($username,$upass,$domain);
          if ($result ne 'no_host') {
-             my %form = &start_session($r,$username,$domain,$lonhost,$courseid);
+             my $redirect = &start_session($r,$username,$domain,$uhome,$courseid);
-             $output = '<br /><br />'.&mt('A LON-CAPA account already exists for username [_1] at this institution ([_2]).','<tt>'.$username.'</tt>',$domdesc).'<br />'.&mt('The password entered was also correct so you have been logged in.');
+             if ($redirect) {
+                 return ($redirect);
+             }
+             $output = '<br /><br />'.
+                       &mt('A LON-CAPA account already exists for username [_1] at this institution ([_2]).',
+                           '<tt>'.$username.'</tt>',$domdesc).'<br />'.
+                       &mt('The password entered was also correct so you have been logged in.');
              return ('existingaccount',$output);
          } else {
              $output = &login_failure_msg($courseid);
- Line 872  sub username_validation {
+ Line 1167  sub username_validation {
          my $primlibserv = &Apache::lonnet::domain($domain,'primary');
          my $authok;
          my %domdefaults = &Apache::lonnet::get_domain_defaults($domain);
-         if ((($domdefaults{'auth_def'} =~/^krb(4|5)$/) && ($domdefaults{'auth_arg_def'} ne '')) || ($domdefaults{'auth_def'} eq 'localauth')) {
+         if ((($domdefaults{'auth_def'} =~/^krb(4|5)$/) && ($domdefaults{'auth_arg_def'} ne '')) ||
+              ($domdefaults{'auth_def'} eq 'localauth')) {
              my $checkdefauth = 1;
              $authok =
                  &Apache::lonnet::reply("encrypt:auth:$domain:$username:$upass:$checkdefauth",$primlibserv);
- Line 908  sub login_failure_msg {
+ Line 1204  sub login_failure_msg {
  sub username_check {
      my ($username,$domain,$domdesc,$courseid,$lonhost,$contact_email,
-         $contact_name,$sso_logout,$statustocreate) = @_;
+         $contact_name,$sso_logout,$statustocreate,$shibenv) = @_;
      my (%rulematch,%inst_results,$checkfail,$rowcount,$editable,$output,$msg,
          %alerts,%curr_rules,%got_rules);
      &call_rulecheck($username,$domain,\%alerts,\%rulematch,
-                     \%inst_results,\%curr_rules,%got_rules,'username');
+                     \%inst_results,\%curr_rules,\%got_rules,'username');
      if (ref($alerts{'username'}) eq 'HASH') {
          if (ref($alerts{'username'}{$domain}) eq 'HASH') {
              if ($alerts{'username'}{$domain}{$username}) {
- Line 944  sub username_check {
+ Line 1240  sub username_check {
      }
      if (!$checkfail) {
          $output = '<form method="post" action="/adm/createaccount">';
+         if (ref($shibenv) eq 'HASH') {
+             foreach my $key (keys(%{$shibenv})) {
+                 if ($ENV{$shibenv->{$key}} ne '') {
+                     $inst_results{$username.':'.$domain}{$key} = $ENV{$shibenv->{$key}};
+                 }
+             }
+         }
          (my $datatable,$rowcount,$editable) =
              &Apache::loncreateuser::personal_data_display($username,$domain,1,'selfcreate',
                                                           $inst_results{$username.':'.$domain});
- Line 958  sub username_check {
+ Line 1261  sub username_check {
                      'time'       => $now,
                      'domain'     => $domain,
                      'username'   => $username);
-         my $authtoken = &Apache::lonnet::tmpput(\%info,$lonhost);
+         my $authtoken = &Apache::lonnet::tmpput(\%info,$lonhost,'createaccount');
          if ($authtoken !~ /^error/ && $authtoken ne 'no_such_host') {
              $output .= '<input type="hidden" name="authtoken" value="'.&HTML::Entities::encode($authtoken,'&<>"').'" />';
          } else {
- Line 969  sub username_check {
+ Line 1272  sub username_check {
          }
      }
      if ($checkfail) {
-         $msg = '<h4>'.&mt('Account creation unavailable').'</h4>';
+         $msg = '<br /><h4>'.&mt('Account creation unavailable').'</h4>';
          if ($checkfail eq 'username') {
              $msg .= '<span class="LC_warning">'.
                       &mt('A LON-CAPA account may not be created with the username you use.').
- Line 995  sub username_check {
+ Line 1298  sub username_check {
          if ($rowcount) {
              if ($editable) {
                  if ($courseid ne '') {
-                     $msg = '<h4>'.&mt('User information').'</h4>';
+                     $msg = '<br /><h4>'.&mt('User information').'</h4>';
                  }
                  $msg .= &mt('To create one, use the table below to provide information about yourself, then click the [_1]Create LON-CAPA account[_2] button.','<span class="LC_cusr_emph">','</span>').'<br />';
              } else {
- Line 1016  sub username_check {
+ Line 1319  sub username_check {
  }
  sub username_activation {
-     my ($r,$username,$domain,$domdesc,$lonhost,$courseid) = @_;
+     my ($r,$username,$domain,$domdesc,$courseid) = @_;
      my $output;
      my $error     = '<span class="LC_error">'.&mt('Error:').' ';
      my $end       = '</span><br /><br />';
-     my $rtnlink   = '<a href="javascript:history.back();" />'.
+     my $rtnlink   = '<a href="javascript:history.back();">'.
                      &mt('Return to previous page').'</a>'.
                      &Apache::loncommon::end_page();
      my %domdefaults = &Apache::lonnet::get_domain_defaults($domain);
- Line 1042  sub username_activation {
+ Line 1345  sub username_activation {
          $output = &mt('Sorry, your authentication has expired.');
      }
      if ($earlyout ne '') {
-         $output .= '<br />'.&mt('Please [_1]start again[_2].','<a href="/adm/createaccount">','</a>');
+         my $link = '/adm/createaccount';
+         if (&Apache::lonnet::domain($domain) ne '') {
+             $link .= "?domain=$domain";
+         }
+         $output .= '<br />'.&mt('Please [_1]start again[_2].',
+                                 '<a href="'.$link.'">','</a>');
          return($earlyout,$output);
      }
      if ((($domdefaults{'auth_def'} =~/^krb(4|5)$/) &&
           ($domdefaults{'auth_arg_def'} ne '')) ||
          ($domdefaults{'auth_def'} eq 'localauth')) {
          if ($env{'form.courseid'} ne '') {
-             my ($result,$userchkmsg) = &check_id($username,$domain,$domdesc);
+             my $id = $env{'form.cid'};
+             my ($result,$userchkmsg) = &check_id($username,$domain,$id,$domdesc,'institutional');
              if ($result eq 'fail') {
                  $output = $error.&mt('Invalid ID format').$end.
                            $userchkmsg.$rtnlink;
- Line 1059  sub username_activation {
+ Line 1368  sub username_activation {
          # Call modifyuser
          my (%rulematch,%inst_results,%curr_rules,%got_rules,%alerts,%info);
          &call_rulecheck($username,$domain,\%alerts,\%rulematch,
-                         \%inst_results,\%curr_rules,%got_rules);
+                         \%inst_results,\%curr_rules,\%got_rules);
          my @userinfo = ('firstname','middlename','lastname','generation',
                          'permanentemail','id');
          my %canmodify =
- Line 1086  sub username_activation {
+ Line 1395  sub username_activation {
          if ($result eq 'ok') {
              my $delete = &Apache::lonnet::tmpdel($env{'form.authtoken'});
              $output = &mt('A LON-CAPA account has been created for username: [_1] in domain: [_2].',$username,$domain);
-             my %form = &start_session($r,$username,$domain,$lonhost,$courseid);
+             my $uhome=&Apache::lonnet::homeserver($username,$domain,'true');
              my $nostart = 1;
-             return ('ok',$output,$nostart);
+             my $response = 'ok';
+             my $redirect = &start_session($r,$username,$domain,$uhome,$courseid);
+             if ($redirect) {
+                 $response = $redirect;
+             }
+             return ($response,$output,$nostart);
          } else {
              $output = &mt('Account creation failed for username: [_1] in domain: [_2].',$username,$domain).'<br /><span class="LC_error">'.&mt('Error: [_1]',$result).'</span>';
              return ('fail',$output);
- Line 1100  sub username_activation {
+ Line 1414  sub username_activation {
  }
  sub check_id {
-     my ($username,$domain,$domdesc) = @_;
+     my ($username,$domain,$id,$domdesc,$usernametype) = @_;
-     # Check ID format
+     # Check student/employee ID format
+     # Is proposed student/employee ID acceptable according to domain's rules.
+     # $domdesc is just used for user error messages
      my (%alerts,%rulematch,%inst_results,%curr_rules,%checkhash);
      my %checks = ('id' => 1);
      %{$checkhash{$username.':'.$domain}} = (
                                              'newuser' => 1,
-                                             'id' => $env{'form.cid'},
+                                             'id' => $id,
                                             );
      &Apache::loncommon::user_rule_check(\%checkhash,\%checks,\%alerts,
                                          \%rulematch,\%inst_results,\%curr_rules);
- Line 1115  sub check_id {
+ Line 1431  sub check_id {
              if ($alerts{'id'}{$domain}{$env{'form.cid'}}) {
                  my $userchkmsg;
                  if (ref($curr_rules{$domain}) eq 'HASH') {
-                     $userchkmsg  =
+                     if ($usernametype eq 'email') {
-                         &Apache::loncommon::instrule_disallow_msg('id',
+                         $userchkmsg = &mt('A student/employee ID has not been set because the value suggested matched the format used for institutional users in the domain, and you are using an e-mail address as username, not an institutional username.');
-                                                            $domdesc,1).
+                     } else {
-                         &Apache::loncommon::user_rule_formats($domain,
+                         $userchkmsg =
-                               $domdesc,$curr_rules{$domain}{'id'},'id');
+                             &Apache::loncommon::instrule_disallow_msg('id',
+                                                                       $domdesc,1).
+                             &Apache::loncommon::user_rule_formats($domain,
+                                 $domdesc,$curr_rules{$domain}{'id'},'id');
+                     }
                  }
                  return ('fail',$userchkmsg);
              }
- Line 1133  sub invalid_state {
+ Line 1453  sub invalid_state {
      my $msg = '<h3>'.&mt('Account creation unavailable').'</h3><span class="LC_error">';
      if ($error eq 'baduseremail') {
          $msg .= &mt('The e-mail address you provided does not appear to be a valid address.');
+     } elsif ($error eq 'badusername') {
+         $msg .= &mt('The e-mail address you provided contains characters which prevent its use as a username in LON-CAPA.');
      } elsif ($error eq 'existinguser') {
          $msg .= &mt('The e-mail address you provided is already in use as a username in LON-CAPA at this institution.');
      } elsif ($error eq 'userrules') {
- Line 1140  sub invalid_state {
+ Line 1462  sub invalid_state {
      } elsif ($error eq 'userformat') {
          $msg .= &mt('The e-mail address you provided may not be used as a username at this LON-CAPA institution.');
      } elsif ($error eq 'captcha') {
-         $msg .= &mt('Validation of the code your entered failed.');
+         $msg .= &mt('Validation of the code you entered failed.');
      } elsif ($error eq 'noemails') {
          $msg .= &mt('Creation of a new user account using an e-mail address as username is not permitted at this LON-CAPA institution.');
      }
- Line 1148  sub invalid_state {
+ Line 1470  sub invalid_state {
      if ($msgtext) {
          $msg .= '<br />'.$msgtext;
      }
-     $msg .= &linkto_email_help($contact_email,$domdesc);
+     $msg .= &linkto_email_help($contact_email,$domdesc,$error);
      return $msg;
  }
  sub linkto_email_help {
-     my ($contact_email,$domdesc) = @_;
+     my ($contact_email,$domdesc,$error) = @_;
      my $msg;
+     my $href = '/adm/helpdesk';
      if ($contact_email ne '') {
          my $escuri = &HTML::Entities::encode('/adm/createaccount','&<>"');
-         $msg .= '<br />'.&mt('You may wish to contact the [_1]LON-CAPA helpdesk[_2] for [_3].','<a href="/adm/helpdesk?origurl='.$escuri.'">','</a>',$domdesc).'<br />';
+         $href .= '?origurl='.$escuri;
+         if ($error eq 'existinguser') {
+             my $escemail = &HTML::Entities::encode($env{'form.useremail'});
+             $href .= '&useremail='.$escemail.'&useraccount='.$escemail;
+         }
+         $msg .= '<br />'.&mt('You may wish to contact the [_1]LON-CAPA helpdesk[_2] for [_3].','<a href="'.$href.'">','</a>',$domdesc).'<br />';
      } else {
-         $msg .= '<br />'.&mt('You may wish to send an e-mail to the server administrator: [_1] for [_2].',$Apache::lonnet::perlvar{'AdminEmail'},$domdesc).'<br />';
+         $msg .= '<br />'.&mt('You may wish to send an e-mail to the server administrator: [_1] for [_2].',$Apache::lonnet::perlvar{'AdmEMail'},$domdesc).'<br />';
      }
      return $msg;
  }
- sub create_recaptcha {
-     my $captcha = Captcha::reCAPTCHA->new;
-     return $captcha->get_options_setter({theme => 'white'})."\n".
-            $captcha->get_html('PUBLICKEY'); # generate public key for IP
-                                             # from http://recaptcha.net/
- }
  sub getkeys {
      my ($lkey,$ukey) = @_;
      my $lextkey=hex($lkey);
- Line 1207  ENDSERVERFORM
+ Line 1528  ENDSERVERFORM
      return $output;
  }
- sub process_credentials {
+ sub store_request {
-     my ($logtoken,$lonhost) = @_;
+     my ($dom,$username,$val,$dataref,$settings) = @_;
-     my $tmpinfo=Apache::lonnet::reply('tmpget:'.$logtoken,$lonhost);
+     my $output;
-     my ($retrieved,$output,$upass);
+     my $domconfiguser = &Apache::lonnet::get_domainconfiguser($dom);
-     if (($tmpinfo=~/^error/) || ($tmpinfo eq 'con_lost')) {
+     my $key = &escape($username);
-         $output = &mt('Information needed to verify your login information is missing, inaccessible or expired.')
+     my $now = time();
-                  .'<br />'.&mt('You may need to reload the previous page to obtain a new token.');
+     if (&Apache::lonnet::put('usernamequeue', { $key.'_'.$val => $now },
-         return ($retrieved,$output,$upass);
+                              $dom,$domconfiguser) eq 'ok') {
-     } else {
+         if (ref($dataref) eq 'HASH') {
-         my $reply = &Apache::lonnet::reply('tmpdel:'.$logtoken,$lonhost);
+             my $logtoken = $dataref->{'tmpinfo'};
-         if ($reply eq 'ok') {
+             my $serverid = $dataref->{'serverid'};
-             $retrieved = 'ok';
+             if ($logtoken && $serverid) {
-         } else {
+                 my $tmpinfo=Apache::lonnet::reply('tmpget:'.$logtoken,$serverid);
-             $output = &mt('Session could not be opened.');
+                 unless (($tmpinfo=~/^error/) || ($tmpinfo eq 'con_lost')) {
+                     my $reply = &Apache::lonnet::reply('tmpdel:'.$logtoken,$serverid);
+                     if ($reply eq 'ok') {
+                         my ($key,$caller)=split(/&/,$tmpinfo);
+                         $dataref->{'key'} = $key;
+                         undef($dataref->{'tmpinfo'});
+                         undef($dataref->{'serverid'});
+                     }
+                 }
+             }
          }
-     }
+         my %userrequest = ( $username => $dataref );
-     my ($key,$caller)=split(/&/,$tmpinfo);
+         $userrequest{$username}{timestamp} = $now;
-     if ($caller eq 'createaccount') {
+         $userrequest{$username}{status} = $val;
-         $upass = &Apache::lonpreferences::des_decrypt($key,$env{'form.upass'});
+         my $notifylist;
+         if (ref($settings) eq 'HASH') {
+             if (ref($settings->{'cancreate'}) eq 'HASH') {
+                 if (ref($settings->{'cancreate'}{'notify'}) eq 'HASH') {
+                     my $notifylist = $settings->{'cancreate'}{'notify'}{'approval'};
+                     if ($notifylist) {
+                         my $sender = $domconfiguser.':'.$dom;
+                         my $domdesc = &Apache::lonnet::domain($dom,'description');
+                         my $fullname;
+                         if (ref($dataref) eq 'HASH') {
+                             if ($dataref->{'firstname'}) {
+                                 $fullname = $dataref->{'firstname'};
+                             }
+                             if ($dataref->{'lastname'}) {
+                                 $fullname .= ' '.$dataref->{'lastname'};
+                             }
+                             $fullname =~ s/^\s+|\s+$//g;
+                         }
+                         &Apache::loncoursequeueadmin::send_selfserve_notification($notifylist,
+                                                      "$fullname ($username)",
+                                                      undef,$domdesc,$now,'usernamereq',$sender);
+                     }
+                 }
+             }
+         }
+         my $userresult =
+             &Apache::lonnet::put('nohist_requestedusernames',\%userrequest,$dom,$domconfiguser);
+         $output = '<p class="LC_info">'.
+                   &mt('Your request for a LON-CAPA account has been submitted for approval.').
+                   '</p>'.
+                   '<p class="LC_info">'.
+                   &mt('An e-mail will be sent to [_1] when your request has been reviewed by an administrator and action has been taken.',$username).
+                   '</p>';
      } else {
-         $output = &mt('Unable to retrieve your log-in information - unexpected context');
+         $output = '<span class="LC_error">'.
+                   &mt('An error occurred when attempting to save your request for a LON-CAPA account.');
+                   '</span>';
      }
-     return ($retrieved,$output,$upass);
+     return $output;
  }
  sub guest_format_check {
- Line 1255  sub guest_format_check {
+ Line 1619  sub guest_format_check {
      }
      if ($format_match) {
          ($login) = ($useremail =~ /^([^\@]+)\@/);
-         $format_msg = '<br />'.&mt("Your e-mail address uses the same internet domain as your institution's LON-CAPA service.").'<br />'.&mt('Creation of a LON-CAPA account with this type of e-mail address as username is not permitted.').'<br />';
+         $format_msg = '<br />'.
+                       &mt("Your e-mail address uses the same internet domain as your institution's LON-CAPA service.").'<br />'.
+                       &mt('Creation of a LON-CAPA account with this type of e-mail address as username is not permitted.').'<br />';
          if (ref($cancreate) eq 'ARRAY') {
              if (grep(/^login$/,@{$cancreate})) {
                  $format_msg .= &mt('You should request creation of a LON-CAPA account for a log-in ID of "[_1]" at your institution instead.',$login).'<br />';
- Line 1289  sub sso_logout_frag {
+ Line 1655  sub sso_logout_frag {
  sub catreturn_js {
      return  <<"ENDSCRIPT";
  <script type="text/javascript">
+ // <![CDATA[
  function ToSelfenroll(formname) {
      var formidx = getFormByName(formname);
      if (formidx > -1) {
- Line 1337  function getFormByName(item) {
+ Line 1703  function getFormByName(item) {
      }
      return -1;
  }
+ // ]]>
  </script>
  ENDSCRIPT

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

500 Internal Server Error

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at root@localhost to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.

Removed from v.1.37.2.3
changed lines
	Added in v.1.72