--- loncom/interface/createaccount.pm	2008/03/24 05:15:14	1.4
+++ loncom/interface/createaccount.pm	2008/05/14 20:05:07	1.5
@@ -3,7 +3,7 @@
 # institutional log-in ID (institutional authentication required - localauth
 #  or kerberos) or an e-mail address.
 #
-# $Id: createaccount.pm,v 1.4 2008/03/24 05:15:14 raeburn Exp $
+# $Id: createaccount.pm,v 1.5 2008/05/14 20:05:07 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -50,8 +50,17 @@ sub handler {
     if ($r->header_only) {
         return OK;
     }
+    
+    my $domain;
 
-    my $domain = &Apache::lonnet::default_login_domain();
+    my $sso_username = $r->subprocess_env->get('REDIRECT_SSOUserUnknown');
+    my $sso_domain = $r->subprocess_env->get('REDIRECT_SSOUserDomain');
+
+    if ($sso_username ne '' && $sso_domain ne '') {
+        $domain = $sso_domain; 
+    } else { 
+        $domain = &Apache::lonnet::default_login_domain();
+    }
     my $domdesc = &Apache::lonnet::domain($domain,'description');
     my $contact_name = &mt('LON-CAPA helpdesk');
     my $contact_email =  $r->dir_config('lonSupportEMail');
@@ -82,17 +91,20 @@ sub handler {
             $domain = $env{'form.udom'};
         }
     }
-    my $cancreate;
+    my @cancreate;
     my %domconfig = &Apache::lonnet::get_dom('configuration',['usercreation'],$domain);
     if (ref($domconfig{'usercreation'}) eq 'HASH') {
         if (ref($domconfig{'usercreation'}{'cancreate'}) eq 'HASH') {
-            if ($domconfig{'usercreation'}{'cancreate'}{'selfcreate'} ne 'none') {
-                $cancreate = $domconfig{'usercreation'}{'cancreate'}{'selfcreate'};
+            if (ref($domconfig{'usercreation'}{'cancreate'}{'selfcreate'}) eq 'ARRAY') {
+                @cancreate = @{$domconfig{'usercreation'}{'cancreate'}{'selfcreate'}};
+            } elsif (($domconfig{'usercreation'}{'cancreate'}{'selfcreate'} ne 'none') &&
+                     ($domconfig{'usercreation'}{'cancreate'}{'selfcreate'} ne '')) {
+                @cancreate = ($domconfig{'usercreation'}{'cancreate'}{'selfcreate'});
             }
         }
     }
 
-    if (!$cancreate) {
+    if (@cancreate == 0) {
         &print_header($r,$start_page);
         my $output = &mt('Creation of a new user account using an e-mail address as username or a loginID from your institution is not permitted in the domain: [_1] ([_2]).',$domain,$domdesc);
         $r->print($output);
@@ -100,6 +112,30 @@ sub handler {
         return OK;
     }
 
+    my $courseid;
+    if (defined($env{'form.courseid'})) {
+        $courseid = &validate_course($env{'form.courseid'});
+    }
+
+    if ($sso_username ne '') {
+        &print_header($r,$start_page);
+        my ($output,$msg);
+        if (grep(/^sso$/,@cancreate)) {
+            $msg = &mt("Although your username and password were authenticated by your institution's Single Sign On system, you do not currently have a LON-CAPA account in this domain.");
+            ($output, my $checkfail) = &username_check($sso_username,$domain,$domdesc,$courseid);
+            if ($checkfail) {
+                $msg .= &mt('A LON-CAPA account may not be created with the username you use.');
+            } else {
+                $msg .= &mt('To create one, use the table below to provide information about yourself (if appropriate), then click the "Create LON-CAPA account" button.');
+            }
+        } else {
+            $msg = &mt("Although your username and password were authenticated by your institution's Single Sign On system, you do not currently have a LON-CAPA account in this domain, and you are not permitted to create one.");
+        }
+        $r->print('<h4>'.$msg.'</h4>'.$output);
+        $r->print(&Apache::loncommon::end_page());
+        return OK;
+    }
+
     my ($output,$nostart,$noend);
     my $token = $env{'form.token'};
     if ($token) {
@@ -122,11 +158,6 @@ sub handler {
         }
     }
 
-    my $courseid;
-    if (defined($env{'form.courseid'})) {
-        $courseid = &validate_course($env{'form.courseid'});
-    }
-
     if ($env{'form.phase'} eq 'username_activation') {
         (my $result,$output,$nostart) = 
             &username_activation($r,$env{'form.uname'},$domain,$domdesc,
@@ -145,7 +176,7 @@ sub handler {
     &print_header($r,$start_page);
     if ($env{'form.create_with_email'}) {
         $output = &process_email_request($env{'form.useremail'},$domain,$domdesc,
-                                         $contact_name,$contact_email,$cancreate,
+                                         $contact_name,$contact_email,\@cancreate,
                                          $lonhost,$domconfig{'usercreation'},
                                          $courseid);
     } elsif ($env{'form.phase'} eq 'username_validation') {
@@ -153,12 +184,12 @@ sub handler {
                                        $contact_name,$contact_email,$courseid);
     } elsif (!$token) {
         my $now=time;
-        if ($cancreate eq 'any' || $cancreate eq 'login') {
+        if (grep(/^login$/,@cancreate)) {
             my $jsh=Apache::File->new($include."/londes.js");
             $r->print(<$jsh>);
             $r->print(&javascript_setforms($now));
         }
-        $output = &print_username_form($domain,$domdesc,$cancreate,$now,$lonhost,
+        $output = &print_username_form($domain,$domdesc,\@cancreate,$now,$lonhost,
                                        $courseid); 
     }
     $r->print($output);
@@ -248,64 +279,66 @@ sub print_username_form {
                                          uemail => 'Email address in LON-CAPA',
                                          proc => 'Proceed');
     my $output;
-    if ($cancreate eq 'any' || $cancreate eq 'login') {
-        my %domdefaults = &Apache::lonnet::get_domain_defaults($domain);
-        if ((($domdefaults{'auth_def'} =~/^krb/) && ($domdefaults{'auth_arg_def'} ne '')) || ($domdefaults{'auth_def'} eq 'localauth')) {
-            $output = '<div class="LC_left_float"><h3>'.&mt('Create account with a username provided by your institution').'</h3>';
-            $output .= &mt('If you already have a Log-in ID at your institution, you may be able to use it[_1] for LON-CAPA.','<br />').'&nbsp;'.&mt('Type in your Log-in ID and password to find out.').'<br /><br />';
-            my ($lkey,$ukey) = &Apache::lonpreferences::des_keys();
-            my ($lextkey,$uextkey) = &getkeys($lkey,$ukey);
-            my $logtoken=Apache::lonnet::reply('tmpput:'.$ukey.$lkey.'&createaccount',
-                                               $lonhost);
-            $output .= &serverform($logtoken,$lonhost,undef,$courseid);
-            my $unameform = '<input type="text" name="uname" size="10" value="" />';
-            my $upassform = '<input type="password" name="upass'.$now.'" size="10" />';
-            my $submit_text = &mt('Create LON-CAPA account');
-            $output .= '<form name="client" method="post" action="/adm/createaccount">'."\n". 
-                       &Apache::lonhtmlcommon::start_pick_box()."\n".
-                       &Apache::lonhtmlcommon::row_title(&mt('Log-in ID'),
+    if (ref($cancreate) eq 'ARRAY') {
+        if (grep(/^login$/,@{$cancreate})) {
+            my %domdefaults = &Apache::lonnet::get_domain_defaults($domain);
+            if ((($domdefaults{'auth_def'} =~/^krb/) && ($domdefaults{'auth_arg_def'} ne '')) || ($domdefaults{'auth_def'} eq 'localauth')) {
+                $output = '<div class="LC_left_float"><h3>'.&mt('Create account with a username provided by your institution').'</h3>';
+                $output .= &mt('If you already have a Log-in ID at your institution, you may be able to use it[_1] for LON-CAPA.','<br />').'&nbsp;'.&mt('Type in your Log-in ID and password to find out.').'<br /><br />';
+                my ($lkey,$ukey) = &Apache::lonpreferences::des_keys();
+                my ($lextkey,$uextkey) = &getkeys($lkey,$ukey);
+                my $logtoken=Apache::lonnet::reply('tmpput:'.$ukey.$lkey.'&createaccount',
+                                                   $lonhost);
+                $output .= &serverform($logtoken,$lonhost,undef,$courseid);
+                my $unameform = '<input type="text" name="uname" size="10" value="" />';
+                my $upassform = '<input type="password" name="upass'.$now.'" size="10" />';
+                my $submit_text = &mt('Create LON-CAPA account');
+                $output .= '<form name="client" method="post" action="/adm/createaccount">'."\n". 
+                           &Apache::lonhtmlcommon::start_pick_box()."\n".
+                           &Apache::lonhtmlcommon::row_title(&mt('Log-in ID'),
                                                         'LC_pick_box_title')."\n".
-                       $unameform."\n".
-                       &Apache::lonhtmlcommon::row_closure(1)."\n".
-                       &Apache::lonhtmlcommon::row_title(&mt('Password'),
+                           $unameform."\n".
+                           &Apache::lonhtmlcommon::row_closure(1)."\n".
+                           &Apache::lonhtmlcommon::row_title(&mt('Password'),
                                                         'LC_pick_box_title')."\n".
-                       $upassform."\n".'<br /><br />'."\n".
-                       '<input type="button" name="username_validation" value="'.
-                       $submit_text.'" onclick="javascript:send()" />'."\n". 
-                       &Apache::lonhtmlcommon::row_closure(1)."\n".
-                       &Apache::lonhtmlcommon::end_pick_box().'<br /><br />'."\n".
-                       '<input type="hidden" name="lextkey" value="'.$lextkey.'">'."\n".
-                       '<input type="hidden" name="uextkey" value="'.$uextkey.'">'."\n".
-                       '</form></div>';
-        }
-    }
-    if (($cancreate eq 'any') || ($cancreate eq 'email')) {
-        $output .= '<div class="LC_left_float"><h3>'.&mt('Create account with an e-mail address as your username').'</h3>';
-        if ($cancreate eq 'any') {
-            $output .= &mt('Provide your e-mail address to request a LON-CAPA account if you do not have [_1] a log-in ID at your institution.','<br />').'<br /><br />';
-        } elsif ($cancreate eq 'unofficial') {
-            $output .= '<br />';
-        }
-        my $emailform = '<input type="text" name="useremail" size="25" value="" />';
-        my $captchaform = &create_captcha();
-        my $submit_text = &mt('Request LON-CAPA account');
-        $output .=  '<form name="createaccount" method="post" onsubmit="validate_email();" action="/adm/createaccount">'.
-                    &Apache::lonhtmlcommon::start_pick_box()."\n".
-                    &Apache::lonhtmlcommon::row_title(&mt('E-mail address'),
-                                                     'LC_pick_box_title')."\n".
-                    $emailform."\n".
-                    &Apache::lonhtmlcommon::row_closure(1).
-                    &Apache::lonhtmlcommon::row_title(&mt('Validation'),
-                                                     'LC_pick_box_title')."\n".
-                    $captchaform."\n".'<br /><br />';
-        if ($courseid ne '') {
-            $output .= '<input type="hidden" name="courseid" value="'.$courseid.'"/>'."\n"; 
+                           $upassform."\n".'<br /><br />'."\n".
+                           '<input type="button" name="username_validation" value="'.
+                           $submit_text.'" onclick="javascript:send()" />'."\n". 
+                           &Apache::lonhtmlcommon::row_closure(1)."\n".
+                           &Apache::lonhtmlcommon::end_pick_box().'<br /><br />'."\n".
+                           '<input type="hidden" name="lextkey" value="'.$lextkey.'">'."\n".
+                           '<input type="hidden" name="uextkey" value="'.$uextkey.'">'."\n".
+                           '</form></div>';
+            }
+        }
+        if (grep(/^email$/,@{$cancreate})) {
+            $output .= '<div class="LC_left_float"><h3>'.&mt('Create account with an e-mail address as your username').'</h3>';
+            if (grep(/^login$/,@{$cancreate})) {
+                $output .= &mt('Provide your e-mail address to request a LON-CAPA account if you do not have [_1] a log-in ID at your institution.','<br />').'<br /><br />';
+            } else {
+                $output .= '<br />';
+            }
+            my $emailform = '<input type="text" name="useremail" size="25" value="" />';
+            my $captchaform = &create_captcha();
+            my $submit_text = &mt('Request LON-CAPA account');
+            $output .=  '<form name="createaccount" method="post" onsubmit="validate_email();" action="/adm/createaccount">'.
+                        &Apache::lonhtmlcommon::start_pick_box()."\n".
+                        &Apache::lonhtmlcommon::row_title(&mt('E-mail address'),
+                                                         'LC_pick_box_title')."\n".
+                        $emailform."\n".
+                        &Apache::lonhtmlcommon::row_closure(1).
+                        &Apache::lonhtmlcommon::row_title(&mt('Validation'),
+                                                         'LC_pick_box_title')."\n".
+                        $captchaform."\n".'<br /><br />';
+            if ($courseid ne '') {
+                $output .= '<input type="hidden" name="courseid" value="'.$courseid.'"/>'."\n"; 
+            }
+            $output .= '<input type="submit" name="create_with_email" value="'. 
+                        $submit_text.'" />'.
+                        &Apache::lonhtmlcommon::row_closure(1).
+                        &Apache::lonhtmlcommon::end_pick_box().'<br /><br /></form>'.
+                        '</div>';
         }
-        $output .= '<input type="submit" name="create_with_email" value="'. 
-                    $submit_text.'" />'.
-                    &Apache::lonhtmlcommon::row_closure(1).
-                    &Apache::lonhtmlcommon::end_pick_box().'<br /><br /></form>'.
-                    '</div>';
     }
     if ($output eq '') {
         $output = &mt('Creation of a new user account using either an e-mail address or institutional log-in ID as your username is not permitted in the domain: [_1] ([_2])',$domain,$domdesc);
@@ -320,71 +353,73 @@ sub process_email_request {
         $server,$settings,$courseid) = @_;
     my $useremail = $env{'form.useremail'};
     my $output;
-    if ($cancreate ne 'any' && $cancreate ne 'email') {
-        $output = &invalid_state('noemails',$domdesc,
-                                 $contact_name,$contact_email);
-        return $output;
-    } elsif ($useremail !~ /^[^\@]+\@[^\@]+\.[^\@\.]+$/) {
-        $output = &invalid_state('baduseremail',$domdesc,
-                                 $contact_name,$contact_email);
-        return $output;
-    } else {
-        my $uhome = &Apache::lonnet::homeserver($useremail,$domain);
-        if ($uhome ne 'no_host') {
-            $output = &invalid_state('existinguser',$domdesc,
+    if (ref($cancreate) eq 'ARRAY') {
+        if (!grep(/^email$/,@{$cancreate})) {
+            $output = &invalid_state('noemails',$domdesc,
+                                     $contact_name,$contact_email);
+            return $output;
+        } elsif ($useremail !~ /^[^\@]+\@[^\@]+\.[^\@\.]+$/) {
+            $output = &invalid_state('baduseremail',$domdesc,
                                      $contact_name,$contact_email);
             return $output;
         } else {
-            my $code = $env{'form.code'};
-            my $md5sum = $env{'form.crypt'};
-            my %captcha_params = &captcha_settings();
-            my $captcha = Authen::Captcha->new(
-                              output_folder => $captcha_params{'output_dir'},
-                              data_folder   => $captcha_params{'db_dir'},
-                             );
-            my $captcha_chk = $captcha->check_code($code,$md5sum);
-            my %captcha_hash = (
-                              0       => 'Code not checked (file error)',
-                              -1      => 'Failed: code expired',
-                              -2      => 'Failed: invalid code (not in database)',
-                              -3      => 'Failed: invalid code (code does not match crypt)',
-                               );
-            if ($captcha_chk != 1) {
-                $output = &invalid_state('captcha',$domdesc,$contact_name,
-                                         $contact_email,$captcha_hash{$captcha_chk});
+            my $uhome = &Apache::lonnet::homeserver($useremail,$domain);
+            if ($uhome ne 'no_host') {
+                $output = &invalid_state('existinguser',$domdesc,
+                                         $contact_name,$contact_email);
                 return $output;
-            }
-            my (%rulematch,%inst_results,%curr_rules,%got_rules,%alerts);
-            my $uhome=&Apache::lonnet::homeserver($useremail,$domain);
-            if ($uhome eq 'no_host') {
-                my $checkhash;
-                my $checks = { 'username' => 1 };
-                $checkhash->{$useremail.':'.$domain} = { 'newuser' => 1, };
-                &Apache::loncommon::user_rule_check($checkhash,$checks,
-                      \%alerts,\%rulematch,\%inst_results,\%curr_rules,
-                      \%got_rules);
-                if (ref($alerts{'useremail'}) eq 'HASH') {
-                    if (ref($alerts{'useremail'}{$domain}) eq 'HASH') {
-                        if ($alerts{'username'}{$domain}{$useremail}) {
-                            $output = &invalid_state('userrules',$domdesc,
-                                                     $contact_name,$contact_email);
-                            return $output;
+            } else {
+                my $code = $env{'form.code'};
+                my $md5sum = $env{'form.crypt'};
+                my %captcha_params = &captcha_settings();
+                my $captcha = Authen::Captcha->new(
+                                  output_folder => $captcha_params{'output_dir'},
+                                  data_folder   => $captcha_params{'db_dir'},
+                                 );
+                my $captcha_chk = $captcha->check_code($code,$md5sum);
+                my %captcha_hash = (
+                                  0       => 'Code not checked (file error)',
+                                  -1      => 'Failed: code expired',
+                                  -2      => 'Failed: invalid code (not in database)',
+                                  -3      => 'Failed: invalid code (code does not match crypt)',
+                                   );
+                if ($captcha_chk != 1) {
+                    $output = &invalid_state('captcha',$domdesc,$contact_name,
+                                             $contact_email,$captcha_hash{$captcha_chk});
+                    return $output;
+                }
+                my (%rulematch,%inst_results,%curr_rules,%got_rules,%alerts);
+                my $uhome=&Apache::lonnet::homeserver($useremail,$domain);
+                if ($uhome eq 'no_host') {
+                    my $checkhash;
+                    my $checks = { 'username' => 1 };
+                    $checkhash->{$useremail.':'.$domain} = { 'newuser' => 1, };
+                    &Apache::loncommon::user_rule_check($checkhash,$checks,
+                          \%alerts,\%rulematch,\%inst_results,\%curr_rules,
+                          \%got_rules);
+                    if (ref($alerts{'useremail'}) eq 'HASH') {
+                        if (ref($alerts{'useremail'}{$domain}) eq 'HASH') {
+                            if ($alerts{'username'}{$domain}{$useremail}) {
+                                $output = &invalid_state('userrules',$domdesc,
+                                                         $contact_name,$contact_email);
+                                return $output;
+                            }
                         }
                     }
-                }
-                my $format_msg = 
-                    &guest_format_check($useremail,$domain,$cancreate,
-                                        $settings);
-                if ($format_msg) {
-                    $output = &invalid_state('userformat',$domdesc,$contact_name,
-                                             $contact_email,$format_msg);
-                    return $output;
+                    my $format_msg = 
+                        &guest_format_check($useremail,$domain,$cancreate,
+                                            $settings);
+                    if ($format_msg) {
+                        $output = &invalid_state('userformat',$domdesc,$contact_name,
+                                                 $contact_email,$format_msg);
+                        return $output;
+                    }
                 }
             }
         }
-    }
-    $output = &send_token($domain,$useremail,$server,$domdesc,$contact_name,
+        $output = &send_token($domain,$useremail,$server,$domdesc,$contact_name,
                           $contact_email,$courseid);
+    }
     return $output;
 }
 
@@ -650,7 +685,7 @@ sub username_validation {
             $authok = 'non_authorized';
         }
         if ($authok eq 'authorized') {
-            $output = &username_check($username,$domain,$domdesc,$courseid);            
+            ($output,undef) = &username_check($username,$domain,$domdesc,$courseid);            
         } else {
             $output = &mt('Not authenticated').' '.&mt('Please check the username and password'); 
         }
@@ -670,14 +705,17 @@ sub username_check {
     if (ref($alerts{'username'}) eq 'HASH') {
         if (ref($alerts{'username'}{$domain}) eq 'HASH') {
             if ($alerts{'username'}{$domain}{$username}) {
-                my $userchkmsg;
+                my ($userchkmsg,$checkfail);
                 if (ref($curr_rules{$domain}) eq 'HASH') {
                     $userchkmsg =
                         &Apache::loncommon::instrule_disallow_msg('username',$domdesc,1).
                         &Apache::loncommon::user_rule_formats($domain,$domdesc,
                                 $curr_rules{$domain}{'username'},'username');
+                    if ($userchkmsg) {
+                        $checkfail = 1;
+                    }
                 }
-                return $userchkmsg;
+                return ($userchkmsg,$checkfail);
             }
         }
     }
@@ -694,7 +732,7 @@ sub username_check {
     }
     $output .= '<input type="submit" name="newaccount" value="'.
                $submit_text.'" /></form>';
-    return $output;
+    return ($output,'');
 }
 
 sub username_activation {
@@ -896,8 +934,10 @@ sub guest_format_check {
     if ($format_match) {
         ($login) = ($useremail =~ /^([^\@]+)\@/);
         $format_msg = '<br />'.&mt("Your e-mail address uses the same internet domain as your institution's LON-CAPA service.").'<br />'.&mt('Creation of a LON-CAPA account with this type of e-mail address as username is not permitted.').'<br />';
-        if ($cancreate eq 'any' || $cancreate eq 'login') {
-            $format_msg .= &mt('You should request creation of a LON-CAPA account for a Log-in ID of "[_1]" at your institution instead.',$login).'<br />'; 
+        if (ref($cancreate) eq 'ARRAY') {
+            if (grep(/^login$/,@{$cancreate})) {
+                $format_msg .= &mt('You should request creation of a LON-CAPA account for a Log-in ID of "[_1]" at your institution instead.',$login).'<br />'; 
+            }
         }
     }
     return $format_msg;