--- loncom/interface/createaccount.pm	2014/04/23 10:11:26	1.64
+++ loncom/interface/createaccount.pm	2016/02/17 19:15:48	1.71
@@ -4,7 +4,7 @@
 # kerberos, or SSO) or an e-mail address. Requests to use an e-mail address as
 # username may be processed automatically, or may be queued for approval.
 #
-# $Id: createaccount.pm,v 1.64 2014/04/23 10:11:26 raeburn Exp $
+# $Id: createaccount.pm,v 1.71 2016/02/17 19:15:48 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -170,10 +170,38 @@ sub handler {
         if (grep(/^sso$/,@{$cancreate})) {
             $msg = '<h3>'.&mt('Account creation').'</h3>'.
                    &mt("Although your username and password were authenticated by your institution's Single Sign On system, you do not currently have a LON-CAPA account at this institution.").'<br />';
-
+            my $shibenv;
+            if (($r->dir_config('lonOtherAuthen') eq 'yes') && 
+                ($r->dir_config('lonOtherAuthenType') eq 'Shibboleth')) {
+                if (ref($domconfig{'usercreation'}) eq 'HASH') {
+                    if (ref($domconfig{'usercreation'}{'cancreate'}) eq 'HASH') {
+                        if (ref($domconfig{'usercreation'}{'cancreate'}{'shibenv'}) eq 'HASH') {
+                            my @possfields = ('firstname','middlename','lastname','generation',
+                                              'permanentemail','id');
+                            my ($othertitle,$usertypes,$types) = &Apache::loncommon::sorted_inst_types($domain);
+                            $shibenv= {};
+                            foreach my $key (keys(%{$domconfig{'usercreation'}{'cancreate'}{'shibenv'}})) {
+                                if ($key eq 'inststatus') {
+                                    if (ref($usertypes) eq 'HASH') {
+                                        if ($domconfig{'usercreation'}{'cancreate'}{'shibenv'}{$key} ne '') {
+                                            if (exists($usertypes->{$domconfig{'usercreation'}{'cancreate'}{'shibenv'}{$key}})) {
+                                                $shibenv->{$key} = $domconfig{'usercreation'}{'cancreate'}{'shibenv'}{$key};
+                                             }
+                                        }
+                                    }
+                                } elsif (grep(/^\Q$key\E/,@possfields)) {
+                                    if ($domconfig{'usercreation'}{'cancreate'}{'shibenv'}{$key} ne '') {
+                                        $shibenv->{$key} = $domconfig{'usercreation'}{'cancreate'}{'shibenv'}{$key};
+                                    }
+                                }
+                            }
+                        }
+                    }
+                }
+            }
             $msg .= &username_check($sso_username,$domain,$domdesc,$courseid, 
                                     $lonhost,$contact_email,$contact_name,
-                                    $sso_logout,$statustocreate);
+                                    $sso_logout,$statustocreate,$shibenv);
         } else {
             $msg = '<h3>'.&mt('Account creation unavailable').'</h3>'.
                    '<span class="LC_warning">'.&mt("Although your username and password were authenticated by your institution's Single Sign On system, you do not currently have a LON-CAPA account at this institution, and you are not permitted to create one.").'</span><br /><br />'.&mt('Please contact the [_1] ([_2]) for assistance.',$contact_name,$contact_email).'<hr />'.
@@ -249,15 +277,13 @@ sub handler {
     } elsif (!$token) {
         &print_header($r,$start_page,$courseid);
         my $now=time;
-        my $gotlondes;
-        if (grep(/^login$/,@{$cancreate})) {
+        if ((grep(/^login$/,@{$cancreate})) && (!grep(/^email$/,@{$cancreate}))) {
             if (open(my $jsh,"<$include/londes.js")) {
                 while(my $line = <$jsh>) {
                     $r->print($line);
                 }
                 close($jsh);
                 $r->print(&javascript_setforms($now));
-                $gotlondes = 1;
             }
         }
         if (grep(/^email$/,@{$cancreate})) {
@@ -265,8 +291,7 @@ sub handler {
         }
         my $usertype = &get_usertype($domain);
         $output = &print_username_form($r,$domain,$domdesc,$cancreate,$now,$lonhost,
-                                       $include,$courseid,$gotlondes,$emailusername,
-                                       $usertype);
+                                       $include,$courseid,$emailusername,$usertype);
     }
     $r->print($output);
     &print_footer($r);
@@ -364,6 +389,7 @@ sub javascript_setforms {
     }
     if (@required) {
         my $missprompt = &mt('One or more required fields are currently blank.');
+        &js_escape(\$missprompt);
         my $reqstr = join("','",@required);
         $requiredchk = <<"ENDCHK";
                 var requiredfields = new Array('$reqstr');
@@ -405,7 +431,7 @@ $requiredchk
                 initkeys();
 
                 server.elements.upass.value
-                    = crypted(client.elements.upass$now.value);
+                    = getCrypted(client.elements.upass$now.value);
 
                 client.elements.uname.value='';
                 client.elements.upass$now.value='';
@@ -418,6 +444,7 @@ $setuserinfo
         }
         return false;
     }
+
 // ]]>
 </script>
 ENDSCRIPT
@@ -427,8 +454,10 @@ ENDSCRIPT
 sub javascript_checkpass {
     my ($now,$context) = @_;
     my $nopass = &mt('You must enter a password.');
-    my $mismatchpass = &mt('The passwords you entered did not match.').'\\n'.
+    my $mismatchpass = &mt('The passwords you entered did not match.')."\n".
                        &mt('Please try again.'); 
+    &js_escape(\$nopass);
+    &js_escape(\$mismatchpass);
     my $js = <<"ENDSCRIPT";
 <script type="text/javascript">
 // <![CDATA[
@@ -462,18 +491,19 @@ ENDSCRIPT
 }
 
 sub javascript_validmail {
-    my %lt = &Apache::lonlocal::texthash (
+    my %js_lt = &Apache::lonlocal::texthash (
                email => 'The e-mail address you entered',
                notv  => 'is not a valid e-mail address',
     );
     my $output =  "\n".'<script type="text/javascript">'."\n".
                   '// <![CDATA['."\n".
                   &Apache::lonhtmlcommon::javascript_valid_email()."\n";
+    &js_escape(\%js_lt);
     $output .= <<"ENDSCRIPT";
 function validate_email(client) {
     field = client.uname;
     if (validmail(field) == false) {
-        alert("$lt{'email'}: "+field.value+" $lt{'notv'}.");
+        alert("$js_lt{'email'}: "+field.value+" $js_lt{'notv'}.");
         return false;
     }
     return true;
@@ -484,7 +514,7 @@ ENDSCRIPT
 }
 
 sub print_username_form {
-    my ($r,$domain,$domdesc,$cancreate,$now,$lonhost,$include,$courseid,$gotlondes,$emailusername,
+    my ($r,$domain,$domdesc,$cancreate,$now,$lonhost,$include,$courseid,$emailusername,
         $usertype) = @_;
     my %lt = &Apache::lonlocal::texthash (
                                          unam => 'username',
@@ -543,8 +573,7 @@ sub print_username_form {
                                $lt{'yopw'}.'<br />';
                 }
                 $output .= &print_dataentry_form($r,$domain,$lonhost,$include,$now,$captchaform,
-                                                 $courseid,$gotlondes,$emailusername,$captcha,
-                                                 $usertype);
+                                                 $courseid,$emailusername,$captcha,$usertype);
             }
             $output .= '</div>';
         }
@@ -832,8 +861,8 @@ sub process_mailtoken {
 
 sub start_session {
     my ($r,$username,$domain,$uhome,$courseid,$token) = @_;
-
-    if ($r->dir_config('lonBalancer') eq 'yes') {
+    my ($is_balancer) = &Apache::lonnet::check_loadbalancing($username,$domain);
+    if ($is_balancer) {
         Apache::lonauth::success($r, $username, $domain, $uhome,
             'noredirect', undef, {});
 
@@ -847,7 +876,6 @@ sub start_session {
             ($courseid ? "/adm/selfenroll?courseid=$courseid" : '/adm/roles'),
             undef, {}); 
     }
-
     return;
 }
 
@@ -857,21 +885,16 @@ sub start_session {
 # Stores token to store DES-key and stage during creation session
 #
 sub print_dataentry_form {
-    my ($r,$domain,$lonhost,$include,$now,$captchaform,$courseid,$gotlondes,$emailusername,$captcha,
+    my ($r,$domain,$lonhost,$include,$now,$captchaform,$courseid,$emailusername,$captcha,
         $usertype) = @_;
     my ($error,$output);
-    unless ($gotlondes) {
-        if (open(my $jsh,"<$include/londes.js")) {
-            while(my $line = <$jsh>) {
-                $r->print($line);
-            }
-            close($jsh);
-            $output = &javascript_setforms($now,$emailusername,$captcha,$usertype)."\n";
-            $gotlondes = 1;
-        }
-    }
-    if ($gotlondes) {
-        $output .= &javascript_checkpass($now,'email');
+    if (open(my $jsh,"<$include/londes.js")) {
+        while(my $line = <$jsh>) {
+            $r->print($line);
+        }
+        close($jsh);
+        $output = &javascript_setforms($now,$emailusername,$captcha,$usertype)."\n".
+                  &javascript_checkpass($now,'email');
         my ($lkey,$ukey) = &Apache::loncommon::des_keys();
         my ($lextkey,$uextkey) = &getkeys($lkey,$ukey);
         my $logtoken=Apache::lonnet::reply('tmpput:'.$ukey.$lkey.'&createaccount:createaccount',
@@ -975,7 +998,12 @@ sub get_creation_controls {
             if (ref($usercreation->{'cancreate'}{'emailusername'}) eq 'HASH') {
                 $emailusername = $usercreation->{'cancreate'}{'emailusername'};
             } else {
-                $emailusername =  {'lastname' => '1', 'firstname' => 1, };
+                $emailusername = {
+                                    default =>  {
+                                                   'lastname' => '1',
+                                                   'firstname' => 1,
+                                                },
+                                 };
             }
         }
     }
@@ -1164,7 +1192,7 @@ sub login_failure_msg {
 
 sub username_check {
     my ($username,$domain,$domdesc,$courseid,$lonhost,$contact_email,
-        $contact_name,$sso_logout,$statustocreate) = @_;
+        $contact_name,$sso_logout,$statustocreate,$shibenv) = @_;
     my (%rulematch,%inst_results,$checkfail,$rowcount,$editable,$output,$msg,
         %alerts,%curr_rules,%got_rules);
     &call_rulecheck($username,$domain,\%alerts,\%rulematch,
@@ -1200,6 +1228,13 @@ sub username_check {
     }
     if (!$checkfail) {
         $output = '<form method="post" action="/adm/createaccount">';
+        if (ref($shibenv) eq 'HASH') {
+            foreach my $key (keys(%{$shibenv})) {
+                if ($ENV{$shibenv->{$key}} ne '') {
+                    $inst_results{$username.':'.$domain}{$key} = $ENV{$shibenv->{$key}};
+                }
+            }
+        }
         (my $datatable,$rowcount,$editable) = 
             &Apache::loncreateuser::personal_data_display($username,$domain,1,'selfcreate',
                                                          $inst_results{$username.':'.$domain});