--- loncom/interface/createaccount.pm	2014/05/05 22:01:15	1.66
+++ loncom/interface/createaccount.pm	2017/11/16 23:38:40	1.72.2.1
@@ -4,7 +4,7 @@
 # kerberos, or SSO) or an e-mail address. Requests to use an e-mail address as
 # username may be processed automatically, or may be queued for approval.
 #
-# $Id: createaccount.pm,v 1.66 2014/05/05 22:01:15 raeburn Exp $
+# $Id: createaccount.pm,v 1.72.2.1 2017/11/16 23:38:40 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -277,15 +277,13 @@ sub handler {
     } elsif (!$token) {
         &print_header($r,$start_page,$courseid);
         my $now=time;
-        my $gotlondes;
-        if (grep(/^login$/,@{$cancreate})) {
-            if (open(my $jsh,"<$include/londes.js")) {
+        if ((grep(/^login$/,@{$cancreate})) && (!grep(/^email$/,@{$cancreate}))) {
+            if (open(my $jsh,"<","$include/londes.js")) {
                 while(my $line = <$jsh>) {
                     $r->print($line);
                 }
                 close($jsh);
                 $r->print(&javascript_setforms($now));
-                $gotlondes = 1;
             }
         }
         if (grep(/^email$/,@{$cancreate})) {
@@ -293,8 +291,7 @@ sub handler {
         }
         my $usertype = &get_usertype($domain);
         $output = &print_username_form($r,$domain,$domdesc,$cancreate,$now,$lonhost,
-                                       $include,$courseid,$gotlondes,$emailusername,
-                                       $usertype);
+                                       $include,$courseid,$emailusername,$usertype);
     }
     $r->print($output);
     &print_footer($r);
@@ -322,7 +319,7 @@ sub print_footer {
         $r->print('<form name="backupcrumbs" method="post" action="">'.
                   &Apache::lonhtmlcommon::echo_form_input(['backto','logtoken',
                       'token','serverid','uname','upass','phase','create_with_email',
-                      'code','crypt','cfirstname','clastname',
+                      'code','crypt','cfirstname','clastname','g-recaptcha-response',
                       'recaptcha_challenge_field','recaptcha_response_field',
                       'cmiddlename','cgeneration','cpermanentemail','cid']).
                   '</form>');
@@ -369,7 +366,7 @@ sub selfenroll_crumbs {
 }
 
 sub javascript_setforms {
-    my ($now,$emailusername,$captcha,$usertype) =  @_;
+    my ($now,$emailusername,$captcha,$usertype,$recaptchaversion) =  @_;
     my ($setuserinfo,@required,$requiredchk);
     if (ref($emailusername) eq 'HASH') {
         if (ref($emailusername->{$usertype}) eq 'HASH') {  
@@ -385,13 +382,16 @@ sub javascript_setforms {
             $setuserinfo .= '                    server.elements.code.value=client.elements.code.value;'."\n".
                             '                    server.elements.crypt.value=client.elements.crypt.value;'."\n";
         } elsif ($captcha eq 'recaptcha') {
-            $setuserinfo .= 
+            if ($recaptchaversion ne '2') {
+                $setuserinfo .=
                 '                    server.elements.recaptcha_challenge_field.value=client.elements.recaptcha_challenge_field.value;'."\n".
                 '                    server.elements.recaptcha_response_field.value=client.elements.recaptcha_response_field.value;'."\n";
+            }
         }
     }
     if (@required) {
         my $missprompt = &mt('One or more required fields are currently blank.');
+        &js_escape(\$missprompt);
         my $reqstr = join("','",@required);
         $requiredchk = <<"ENDCHK";
                 var requiredfields = new Array('$reqstr');
@@ -433,7 +433,7 @@ $requiredchk
                 initkeys();
 
                 server.elements.upass.value
-                    = crypted(client.elements.upass$now.value);
+                    = getCrypted(client.elements.upass$now.value);
 
                 client.elements.uname.value='';
                 client.elements.upass$now.value='';
@@ -446,17 +446,23 @@ $setuserinfo
         }
         return false;
     }
+
 // ]]>
 </script>
 ENDSCRIPT
+    if (($captcha eq 'recaptcha') && ($recaptchaversion eq '2')) {
+        $js .= "\n".'<script src="https://www.google.com/recaptcha/api.js"></script>'."\n";
+    }
     return $js;
 }
 
 sub javascript_checkpass {
     my ($now,$context) = @_;
     my $nopass = &mt('You must enter a password.');
-    my $mismatchpass = &mt('The passwords you entered did not match.').'\\n'.
+    my $mismatchpass = &mt('The passwords you entered did not match.')."\n".
                        &mt('Please try again.'); 
+    &js_escape(\$nopass);
+    &js_escape(\$mismatchpass);
     my $js = <<"ENDSCRIPT";
 <script type="text/javascript">
 // <![CDATA[
@@ -490,18 +496,19 @@ ENDSCRIPT
 }
 
 sub javascript_validmail {
-    my %lt = &Apache::lonlocal::texthash (
+    my %js_lt = &Apache::lonlocal::texthash (
                email => 'The e-mail address you entered',
                notv  => 'is not a valid e-mail address',
     );
     my $output =  "\n".'<script type="text/javascript">'."\n".
                   '// <![CDATA['."\n".
                   &Apache::lonhtmlcommon::javascript_valid_email()."\n";
+    &js_escape(\%js_lt);
     $output .= <<"ENDSCRIPT";
 function validate_email(client) {
     field = client.uname;
     if (validmail(field) == false) {
-        alert("$lt{'email'}: "+field.value+" $lt{'notv'}.");
+        alert("$js_lt{'email'}: "+field.value+" $js_lt{'notv'}.");
         return false;
     }
     return true;
@@ -512,7 +519,7 @@ ENDSCRIPT
 }
 
 sub print_username_form {
-    my ($r,$domain,$domdesc,$cancreate,$now,$lonhost,$include,$courseid,$gotlondes,$emailusername,
+    my ($r,$domain,$domdesc,$cancreate,$now,$lonhost,$include,$courseid,$emailusername,
         $usertype) = @_;
     my %lt = &Apache::lonlocal::texthash (
                                          unam => 'username',
@@ -542,7 +549,8 @@ sub print_username_form {
         }
         if (grep(/^email$/,@{$cancreate})) {
             $output .= '<div class="LC_left_float"><h3>'.&mt('Create account with an e-mail address as your username').'</h3>';
-            my ($captchaform,$error,$captcha) = &Apache::loncommon::captcha_display('usercreation',$lonhost);
+            my ($captchaform,$error,$captcha,$recaptchaversion) = 
+                &Apache::loncommon::captcha_display('usercreation',$lonhost);
             if ($error) {
                 my $helpdesk = '/adm/helpdesk?origurl=%2fadm%2fcreateaccount';
                 if ($courseid ne '') {
@@ -571,8 +579,8 @@ sub print_username_form {
                                $lt{'yopw'}.'<br />';
                 }
                 $output .= &print_dataentry_form($r,$domain,$lonhost,$include,$now,$captchaform,
-                                                 $courseid,$gotlondes,$emailusername,$captcha,
-                                                 $usertype);
+                                                 $courseid,$emailusername,$captcha,$usertype,
+                                                 $recaptchaversion);
             }
             $output .= '</div>';
         }
@@ -860,8 +868,8 @@ sub process_mailtoken {
 
 sub start_session {
     my ($r,$username,$domain,$uhome,$courseid,$token) = @_;
-
-    if ($r->dir_config('lonBalancer') eq 'yes') {
+    my ($is_balancer) = &Apache::lonnet::check_loadbalancing($username,$domain);
+    if ($is_balancer) {
         Apache::lonauth::success($r, $username, $domain, $uhome,
             'noredirect', undef, {});
 
@@ -875,7 +883,6 @@ sub start_session {
             ($courseid ? "/adm/selfenroll?courseid=$courseid" : '/adm/roles'),
             undef, {}); 
     }
-
     return;
 }
 
@@ -885,21 +892,16 @@ sub start_session {
 # Stores token to store DES-key and stage during creation session
 #
 sub print_dataentry_form {
-    my ($r,$domain,$lonhost,$include,$now,$captchaform,$courseid,$gotlondes,$emailusername,$captcha,
-        $usertype) = @_;
+    my ($r,$domain,$lonhost,$include,$now,$captchaform,$courseid,$emailusername,$captcha,
+        $usertype,$recaptchaversion) = @_;
     my ($error,$output);
-    unless ($gotlondes) {
-        if (open(my $jsh,"<$include/londes.js")) {
-            while(my $line = <$jsh>) {
-                $r->print($line);
-            }
-            close($jsh);
-            $output = &javascript_setforms($now,$emailusername,$captcha,$usertype)."\n";
-            $gotlondes = 1;
-        }
-    }
-    if ($gotlondes) {
-        $output .= &javascript_checkpass($now,'email');
+    if (open(my $jsh,"<","$include/londes.js")) {
+        while(my $line = <$jsh>) {
+            $r->print($line);
+        }
+        close($jsh);
+        $output = &javascript_setforms($now,$emailusername,$captcha,$usertype,$recaptchaversion).
+                  "\n".&javascript_checkpass($now,'email');
         my ($lkey,$ukey) = &Apache::loncommon::des_keys();
         my ($lextkey,$uextkey) = &getkeys($lkey,$ukey);
         my $logtoken=Apache::lonnet::reply('tmpput:'.$ukey.$lkey.'&createaccount:createaccount',
@@ -923,10 +925,15 @@ sub print_dataentry_form {
    <input type="hidden" name="code" value="" />
 ';
         } elsif ($captcha eq 'recaptcha') {
-            $output .= '
+            if ($recaptchaversion eq '2') {
+                $output .= "$captchaform\n";
+                undef($captchaform);
+            } else {
+                $output .= '
    <input type="hidden" name="recaptcha_challenge_field" value="" />
    <input type="hidden" name="recaptcha_response_field" value="" />
 ';
+            }
         }
         $output .= <<"ENDSERVERFORM";
    <input type="hidden" name="logtoken" value="$logtoken" />
@@ -1003,7 +1010,12 @@ sub get_creation_controls {
             if (ref($usercreation->{'cancreate'}{'emailusername'}) eq 'HASH') {
                 $emailusername = $usercreation->{'cancreate'}{'emailusername'};
             } else {
-                $emailusername =  {'lastname' => '1', 'firstname' => 1, };
+                $emailusername = {
+                                    default =>  {
+                                                   'lastname' => '1',
+                                                   'firstname' => 1,
+                                                },
+                                 };
             }
         }
     }
@@ -1625,14 +1637,14 @@ sub sso_logout_frag {
     if (defined($r->dir_config('lonSSOUserLogoutMessageFile_'.$domain))) {
         my $msgfile = $r->dir_config('lonSSOUserLogoutMessageFile_'.$domain);
         if (-e $msgfile) {
-            open(my $fh,"<$msgfile");
+            open(my $fh,"<",$msgfile);
             $endsessionmsg = join('',<$fh>);
             close($fh);
         }
     } elsif (defined($r->dir_config('lonSSOUserLogoutMessageFile'))) {
         my $msgfile = $r->dir_config('lonSSOUserLogoutMessageFile');
         if (-e $msgfile) {     
-            open(my $fh,"<$msgfile");
+            open(my $fh,"<",$msgfile);
             $endsessionmsg = join('',<$fh>);
             close($fh);
         }
