--- loncom/interface/domainprefs.pm	2019/07/18 18:28:52	1.363
+++ loncom/interface/domainprefs.pm	2020/03/15 23:04:15	1.371
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Handler to set domain-wide configuration settings
 #
-# $Id: domainprefs.pm,v 1.363 2019/07/18 18:28:52 raeburn Exp $
+# $Id: domainprefs.pm,v 1.371 2020/03/15 23:04:15 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -831,6 +831,7 @@ sub print_config_box {
     if ($numheaders > 1) {
         my $colspan = '';
         my $rightcolspan = '';
+        my $leftnobr = '';
         if (($action eq 'rolecolors') || ($action eq 'defaults') ||
             ($action eq 'directorysrch') ||
             (($action eq 'login') && ($numheaders < 4))) {
@@ -839,12 +840,15 @@ sub print_config_box {
         if ($action eq 'usersessions') {
             $rightcolspan = ' colspan="3"'; 
         }
+        if ($action eq 'passwords') {
+            $leftnobr = ' LC_nobreak';
+        }
         $output .= '
           <tr>
            <td>
             <table class="LC_nested">
              <tr class="LC_info_row">
-              <td class="LC_left_item"'.$colspan.'>'.&mt($item->{'header'}->[0]->{'col1'}).'</td>
+              <td class="LC_left_item'.$leftnobr.'"'.$colspan.'>'.&mt($item->{'header'}->[0]->{'col1'}).'</td>
               <td class="LC_right_item"'.$rightcolspan.'>'.&mt($item->{'header'}->[0]->{'col2'}).'</td>
              </tr>';
         $rowtotal ++;
@@ -956,7 +960,7 @@ sub print_config_box {
            <td>
             <table class="LC_nested">
              <tr class="LC_info_row">
-              <td class="LC_left_item"'.$colspan.'>'.&mt($item->{'header'}->[3]->{'col1'}).'</td>
+              <td class="LC_left_item'.$leftnobr.'"'.$colspan.'>'.&mt($item->{'header'}->[3]->{'col1'}).'</td>
               <td class="LC_right_item"'.$colspan.'>'.&mt($item->{'header'}->[3]->{'col2'}).'</td></tr>'."\n";
                     if ($action eq 'passwords') {
                         $output .= $item->{'print'}->('bottom',$dom,$confname,$settings,\$rowtotal);
@@ -6056,7 +6060,7 @@ sub print_passwords {
                 $datatable .= '<span class="LC_nobreak"><label>'.
                               '<input type="checkbox" name="passwords_case_sensitive" value="'.
                               $item.'"'.$checkedcase.' />'.$usertypes->{$item}.'</label>'.
-                              '<span>&nbsp;&nbsp; ';
+                              '</span>&nbsp;&nbsp; ';
             }
         }
         my $checkedcase;
@@ -6160,7 +6164,7 @@ sub print_passwords {
                       &mt('(If you use the same account ...  reset a password from this page.)').'</span><br /><br />'.
                       &mt('Include custom text:');
         if ($customurl) {
-            my $link =  &Apache::loncommon::modal_link($customurl,&mt('Custom text file'),600,500,
+            my $link =  &Apache::loncommon::modal_link($customurl,&mt('custom text'),600,500,
                                                        undef,undef,undef,undef,'background-color:#ffffff');
             $datatable .= '<span class="LC_nobreak">&nbsp;'.$link.
                           '<label><input type="checkbox" name="passwords_custom_del"'.
@@ -6256,6 +6260,7 @@ sub print_passwords {
         }
     } elsif ($position eq 'lower') {
         my ($min,$max,%chars,$expire,$numsaved);
+        $min = $Apache::lonnet::passwdmin;
         if (ref($settings) eq 'HASH') {
             if ($settings->{min}) {
                 $min = $settings->{min};
@@ -6272,8 +6277,6 @@ sub print_passwords {
             if ($settings->{numsaved}) {
                 $numsaved = $settings->{numsaved};
             }
-        } else {
-            $min = '7';
         }
         my %rulenames = &Apache::lonlocal::texthash(
                                                      uc => 'At least one upper case letter',
@@ -6284,14 +6287,16 @@ sub print_passwords {
         $css_class = $itemcount%2?' class="LC_odd_row"':'';
         $datatable .= '<tr'.$css_class.'><td>'.$titles{'min'}.'</td>'.
                       '<td class="LC_left_item"><span class="LC_nobreak">'.
-                      '<input type="text" name="passwords_min" value="'.$min.'" size="3" />'.
-                      '<span class="LC_fontsize_small"> '.&mt('(Leave blank for no minimum)').'</span>'.
+                      '<input type="text" name="passwords_min" value="'.$min.'" size="3" '.
+                      'onblur="javascript:warnIntPass(this);" />'.
+                      '<span class="LC_fontsize_small"> '.&mt('(Enter an integer: 7 or larger)').'</span>'.
                       '</span></td></tr>';
         $itemcount ++;
         $css_class = $itemcount%2?' class="LC_odd_row"':'';
         $datatable .= '<tr'.$css_class.'><td>'.$titles{'max'}.'</td>'.
                       '<td class="LC_left_item"><span class="LC_nobreak">'.
-                      '<input type="text" name="passwords_max" value="'.$max.'" size="3" />'.
+                      '<input type="text" name="passwords_max" value="'.$max.'" size="3" '.
+                      'onblur="javascript:warnIntPass(this);" />'.
                       '<span class="LC_fontsize_small"> '.&mt('(Leave blank for no maximum)').'</span>'.
                       '</span></td></tr>';
         $itemcount ++;
@@ -6331,14 +6336,16 @@ sub print_passwords {
         $css_class = $itemcount%2?' class="LC_odd_row"':'';
         $datatable .= '<tr'.$css_class.'><td>'.$titles{'expire'}.'</td>'.
                       '<td class="LC_left_item"><span class="LC_nobreak">'.
-                      '<input type="text" name="passwords_expire" value="'.$expire.'" size="4" />'.
+                      '<input type="text" name="passwords_expire" value="'.$expire.'" size="4" '.
+                      'onblur="javascript:warnIntPass(this);" />'.
                       '<span class="LC_fontsize_small"> '.&mt('(Leave blank for no expiration)').'</span>'.
                       '</span></td></tr>';
         $itemcount ++;
         $css_class = $itemcount%2?' class="LC_odd_row"':'';
         $datatable .= '<tr'.$css_class.'><td>'.$titles{'numsaved'}.'</td>'.
                       '<td class="LC_left_item"><span class="LC_nobreak">'.
-                      '<input type="text" name="passwords_numsaved" value="'.$numsaved.'" size="3" />'.
+                      '<input type="text" name="passwords_numsaved" value="'.$numsaved.'" size="3" '.
+                      'onblur="javascript:warnIntPass(this);" />'. 
                       '<span class="LC_fontsize_small"> '.&mt('(Leave blank to not save previous passwords)').'</span>'.
                       '</span></td></tr>';
     } else {
@@ -6384,7 +6391,7 @@ sub print_passwords {
                     $datatable .= '<span class="LC_nobreak"><label>'.
                                   '<input type="checkbox" name="passwords_crsowner_'.$item.'" value="'.
                                   $type.'"'.$checked.' />'.$usertypes->{$type}.'</label>'.
-                                  '<span>&nbsp;&nbsp; ';
+                                  '</span>&nbsp;&nbsp; ';
                 }
             }
             my $checked;
@@ -6413,13 +6420,18 @@ sub print_usersessions {
     if ($position eq 'top') {
         if (keys(%serverhomes) > 1) {
             my %spareid = &current_offloads_to($dom,$settings,\%servers);
-            my $curroffloadnow;
+            my ($curroffloadnow,$curroffloadoth);
             if (ref($settings) eq 'HASH') {
                 if (ref($settings->{'offloadnow'}) eq 'HASH') {
                     $curroffloadnow = $settings->{'offloadnow'};
                 }
+                if (ref($settings->{'offloadoth'}) eq 'HASH') {
+                    $curroffloadoth = $settings->{'offloadoth'};
+                }
             }
-            $datatable .= &spares_row($dom,\%servers,\%spareid,\%serverhomes,\%altids,$curroffloadnow,$rowtotal);
+            my $other_insts = scalar(keys(%by_location));
+            $datatable .= &spares_row($dom,\%servers,\%spareid,\%serverhomes,\%altids,
+                                      $other_insts,$curroffloadnow,$curroffloadoth,$rowtotal);
         } else {
             $datatable .= '<tr'.$css_class.'><td colspan="2">'.
                           &mt('Nothing to set here, as the cluster to which this domain belongs only contains one server.').
@@ -6863,7 +6875,8 @@ sub current_offloads_to {
 }
 
 sub spares_row {
-    my ($dom,$servers,$spareid,$serverhomes,$altids,$curroffloadnow,$rowtotal) = @_;
+    my ($dom,$servers,$spareid,$serverhomes,$altids,$other_insts,
+        $curroffloadnow,$curroffloadoth,$rowtotal) = @_;
     my $css_class;
     my $numinrow = 4;
     my $itemcount = 1;
@@ -6883,12 +6896,17 @@ sub spares_row {
                 }
             }
             next unless (ref($spareid->{$server}) eq 'HASH');
-            my $checkednow;
+            my ($checkednow,$checkedoth);
             if (ref($curroffloadnow) eq 'HASH') {
                 if ($curroffloadnow->{$server}) {
                     $checkednow = ' checked="checked"';
                 }
             }
+            if (ref($curroffloadoth) eq 'HASH') {
+                if ($curroffloadoth->{$server}) {
+                    $checkedoth = ' checked="checked"';
+                }
+            }
             $css_class = $itemcount%2 ? ' class="LC_odd_row"' : '';
             $datatable .= '<tr'.$css_class.'>
                            <td rowspan="2">
@@ -6897,8 +6915,15 @@ sub spares_row {
                               ,'<b>'.$server.'</b>').'</span><br />'.
                           '<span class="LC_nobreak">'."\n".
                           '<label><input type="checkbox" name="offloadnow" value="'.$server.'"'.$checkednow.' />'.
-                          '&nbsp;'.&mt('Switch active users on next access').'</label></span>'.
+                          '&nbsp;'.&mt('Switch any active user on next access').'</label></span>'.
+                          "\n";
+            if ($other_insts) {
+                $datatable .= '<br />'.
+                              '<span class="LC_nobreak">'."\n".
+                          '<label><input type="checkbox" name="offloadoth" value="'.$server.'"'.$checkedoth.' />'.
+                          '&nbsp;'.&mt('Switch other institutions on next access').'</label></span>'.
                           "\n";
+            }
             my (%current,%canselect);
             my @choices = 
                 &possible_newspares($server,$spareid->{$server},$serverhomes,$altids);
@@ -9295,16 +9320,22 @@ ENDSCRIPT
 }
 
 sub passwords_javascript {
-    my $intauthcheck = &mt('Warning: disallowing login for an authenticated user if the stored cost is less than the default will require a password reset by/for the user.');
-    my $intauthcost = &mt('Warning: bcrypt encryption cost for internal authentication must be an integer.');
-    &js_escape(\$intauthcheck);
-    &js_escape(\$intauthcost);
+    my %intalert = &Apache::lonlocal::texthash (
+        authcheck => 'Warning: disallowing login for an authenticated user if the stored cost is less than the default will require a password reset by/for the user.',
+        authcost => 'Warning: bcrypt encryption cost for internal authentication must be an integer.',
+        passmin => 'Warning: minimum password length must be a positive integer greater than 6.',
+        passmax => 'Warning: maximum password length must be a positive integer (or blank).',
+        passexp => 'Warning: days before password expiration must be a positive integer (or blank).',
+        passnum => 'Warning: number of previous passwords to save must be a positive integer (or blank).',
+    );
+    &js_escape(\%intalert);
+    my $defmin = $Apache::lonnet::passwdmin;
     my $intauthjs = <<"ENDSCRIPT";
 
 function warnIntAuth(field) {
     if (field.name == 'intauth_check') {
         if (field.value == '2') {
-            alert('$intauthcheck');
+            alert('$intalert{authcheck}');
         }
     }
     if (field.name == 'intauth_cost') {
@@ -9312,7 +9343,60 @@ function warnIntAuth(field) {
         if (field.value != '') {
             var regexdigit=/^\\d+\$/;
             if (!regexdigit.test(field.value)) {
-                alert('$intauthcost');
+                alert('$intalert{authcost}');
+            }
+        }
+    }
+    return;
+}
+
+function warnIntPass(field) {
+    field.value.replace(/^\s+/,'');
+    field.value.replace(/\s+\$/,'');
+    var regexdigit=/^\\d+\$/;
+    if (field.name == 'passwords_min') {
+        if (field.value == '') {
+            alert('$intalert{passmin}');
+            field.value = '$defmin';
+        } else {
+            if (!regexdigit.test(field.value)) {
+                alert('$intalert{passmin}');
+                field.value = '$defmin';
+            }
+            var minval = parseInt(field.value,10);
+            if (minval < $defmin) {
+                alert('$intalert{passmin}');
+                field.value = '$defmin';
+            }
+        }
+    } else {
+        if (field.value == '0') {
+            field.value = '';
+        }
+        if (field.value != '') {
+            if (field.name == 'passwords_expire') {
+                var regexpposnum=/^\\d+(|\\.\\d*)\$/; 
+                if (!regexpposnum.test(field.value)) {
+                    alert('$intalert{passexp}');
+                    field.value = '';
+                } else {
+                    var expval = parseFloat(field.value);
+                    if (expval == 0) {
+                        alert('$intalert{passexp}');
+                        field.value = '';
+                    }
+                }
+            } else {
+                if (!regexdigit.test(field.value)) {
+                    if (field.name == 'passwords_max') {
+                        alert('$intalert{passmax}');
+                    } else {
+                        if (field.name == 'passwords_numsaved') {
+                            alert('$intalert{passnum}');
+                        }
+                    }
+                    field.value = '';
+                }
             }
         }
     }
@@ -14490,8 +14574,8 @@ sub modify_passwords {
         'intauth_cost'   => 10,
         'intauth_check'  => 0,
         'intauth_switch' => 0,
-        'min'            => 7,
     );
+    $staticdefaults{'min'} = $Apache::lonnet::passwdmin;
     foreach my $type (@oktypes) {
         $staticdefaults{'resetpostlink'}{$type} = ['email','username'];
     }
@@ -14503,7 +14587,7 @@ sub modify_passwords {
             if ($current{'resetlink'} ne $linklife) {
                 $changes{'reset'} = 1;
             }
-        } elsif (!exists($domconfig{passwords})) {
+        } elsif (!ref($domconfig{passwords}) eq 'HASH') {
             if ($staticdefaults{'resetlink'} ne $linklife) {
                 $changes{'reset'} = 1;
             }
@@ -14524,7 +14608,7 @@ sub modify_passwords {
         if (@diffs > 0) {
             $changes{'reset'} = 1;
         }
-    } elsif (!exists($domconfig{passwords})) {
+    } elsif (!ref($domconfig{passwords}) eq 'HASH') {
         my @diffs = &Apache::loncommon::compare_arrays($staticdefaults{'resetcase'},\@casesens);
         if (@diffs > 0) {
             $changes{'reset'} = 1;
@@ -14536,7 +14620,7 @@ sub modify_passwords {
             if ($current{'resetprelink'} ne $newvalues{'resetprelink'}) {
                 $changes{'reset'} = 1;
             }
-        } elsif (!exists($domconfig{passwords})) {
+        } elsif (!ref($domconfig{passwords}) eq 'HASH') {
             if ($staticdefaults{'resetprelink'} ne $newvalues{'resetprelink'}) {
                 $changes{'reset'} = 1;
             }
@@ -14563,7 +14647,7 @@ sub modify_passwords {
                 } else {
                     $changes{'reset'} = 1;
                 }
-            } elsif (!exists($domconfig{passwords})) {
+            } elsif (!ref($domconfig{passwords}) eq 'HASH') {
                 my @diffs = &Apache::loncommon::compare_arrays($staticdefaults{'resetpostlink'}{$type},\@postlink);
                 if (@diffs > 0) {
                     $changes{'reset'} = 1;
@@ -14585,7 +14669,7 @@ sub modify_passwords {
             if (@diffs > 0) {
                 $changes{'reset'} = 1;
             }
-        } elsif (!exists($domconfig{passwords})) {
+        } elsif (!ref($domconfig{passwords}) eq 'HASH') {
             my @diffs = &Apache::loncommon::compare_arrays($staticdefaults{'resetemail'},\@resetemail);
             if (@diffs > 0) {
                 $changes{'reset'} = 1;
@@ -14672,10 +14756,18 @@ sub modify_passwords {
         $env{'form.passwords_'.$rule} =~ s/^\s+|\s+$//g;
         my $ruleok;
         if ($rule eq 'expire') {
-            if ($env{'form.passwords_'.$rule} =~ /^\d+(|\.\d*)$/) {
+            if (($env{'form.passwords_'.$rule} =~ /^\d+(|\.\d*)$/) &&
+                ($env{'form.passwords_'.$rule} ne '0')) {
                 $ruleok = 1;
             }
-        } elsif ($env{'form.passwords_'.$rule} =~ /^\d+$/) {
+        } elsif ($rule eq 'min') {
+            if ($env{'form.passwords_'.$rule} =~ /^\d+$/) {
+                if ($env{'form.passwords_'.$rule} >= $Apache::lonnet::passwdmin) {
+                    $ruleok = 1;
+                }
+            }
+        } elsif (($env{'form.passwords_'.$rule} =~ /^\d+$/) &&
+                 ($env{'form.passwords_'.$rule} ne '0')) {
             $ruleok = 1;
         }
         if ($ruleok) {
@@ -14688,6 +14780,8 @@ sub modify_passwords {
                 if ($staticdefaults{$rule} ne $newvalues{$rule}) {
                     $changes{'rules'} = 1;
                 }
+            } else {
+                $changes{'rules'} = 1;
             }
         } elsif (exists($current{$rule})) {
             $changes{'rules'} = 1;
@@ -14736,7 +14830,7 @@ sub modify_passwords {
                 }
             }
         }
-    } elsif (!exists($domconfig{passwords})) {
+    } elsif (!(ref($domconfig{passwords}) eq 'HASH')) {
         foreach my $item ('by','for') {
             if (@{$crsownerchg{$item}} > 0) {
                 $changes{'crsownerchg'} = 1;
@@ -14766,9 +14860,11 @@ sub modify_passwords {
                             $resulttext .= '<li>'.&mt('CAPTCHA validation set to use: original CAPTCHA').'</li>';
                         } elsif ($confighash{'passwords'}{'captcha'} eq 'recaptcha') {
                             $resulttext .= '<li>'.&mt('CAPTCHA validation set to use: reCAPTCHA').' '.
-                                           &mt('version: [_1]',$confighash{'passwords'}{'recaptchaversion'}).'<br />'.
-                                           &mt('Public key: [_1]',$confighash{'passwords'}{'recaptchapub'}).'</br>'.
-                                           &mt('Private key: [_1]',$confighash{'passwords'}{'recaptchapriv'}).'</li>';
+                                           &mt('version: [_1]',$confighash{'passwords'}{'recaptchaversion'}).'<br />';
+                            if (ref($confighash{'passwords'}{'recaptchakeys'}) eq 'HASH') {
+                                $resulttext .= &mt('Public key: [_1]',$confighash{'passwords'}{'recaptchakeys'}{'public'}).'</br>'.
+                                               &mt('Private key: [_1]',$confighash{'passwords'}{'recaptchakeys'}{'private'}).'</li>';
+                            }
                         } else {
                             $resulttext .= '<li>'.&mt('No CAPTCHA validation').'</li>';
                         }
@@ -14847,8 +14943,9 @@ sub modify_passwords {
                         }
                         if ($confighash{'passwords'}{'resetcustom'}) {
                             my $customlink = &Apache::loncommon::modal_link($confighash{'passwords'}{'resetcustom'},
-                                                                            $titles{custom},600,500);
-                            $resulttext .= '<li>'.&mt('Preamble to "Forgot Password" form includes [_1]',$customlink).'</li>';
+                                                                            &mt('custom text'),600,500,undef,undef,
+                                                                            undef,undef,'background-color:#ffffff');
+                            $resulttext .= '<li>'.&mt('Preamble to "Forgot Password" form includes: [_1]',$customlink).'</li>';
                         } else {
                             $resulttext .= '<li>'.&mt('No custom text included in preamble to "Forgot Password" form').'</li>';
                         }
@@ -14885,7 +14982,8 @@ sub modify_passwords {
                             if ($confighash{'passwords'}{$rule} eq '') {
                                 if ($rule eq 'min') {
                                     $resulttext .= '<li>'.&mt('[_1] not set.',$titles{$rule});
-                                                   ' '.&mt('Default of 7 will be used').'</li>';
+                                                   ' '.&mt('Default of [_1] will be used',
+                                                           $Apache::lonnet::passwdmin).'</li>';
                                 } else {
                                     $resulttext .= '<li>'.&mt('[_1] set to none',$titles{$rule}).'</li>';
                                 }
@@ -14893,6 +14991,24 @@ sub modify_passwords {
                                 $resulttext .= '<li>'.&mt('[_1] set to [_2]',$titles{$rule},$confighash{'passwords'}{$rule}).'</li>';
                             }
                         }
+                        if (ref($confighash{'passwords'}{'chars'}) eq 'ARRAY') {
+                            if (@{$confighash{'passwords'}{'chars'}} > 0) {
+                                my %rulenames = &Apache::lonlocal::texthash(
+                                                     uc => 'At least one upper case letter',
+                                                     lc => 'At least one lower case letter',
+                                                     num => 'At least one number',
+                                                     spec => 'At least one non-alphanumeric',
+                                                   );
+                                my $needed = '<ul><li>'.
+                                             join('</li><li>',map {$rulenames{$_} } @{$confighash{'passwords'}{'chars'}}).
+                                             '</li></ul>'; 
+                                $resulttext .= '<li>'.&mt('[_1] set to: [_2]',$titles{'chars'},$needed).'</li>';
+                            } else {
+                                $resulttext .= '<li>'.&mt('[_1] set to none',$titles{'chars'}).'</li>';
+                            }
+                        } else {
+                            $resulttext .= '<li>'.&mt('[_1] set to none',$titles{'chars'}).'</li>';
+                        }
                     } elsif ($key eq 'crsownerchg') {
                         if (ref($confighash{'passwords'}{'crsownerchg'}) eq 'HASH') {
                             if ((@{$confighash{'passwords'}{'crsownerchg'}{'by'}} == 0) ||
@@ -16032,19 +16148,25 @@ sub modify_selfcreation {
 }
 
 sub process_captcha {
-    my ($container,$changes,$newsettings,$current) = @_;
-    return unless ((ref($changes) eq 'HASH') && (ref($newsettings) eq 'HASH') || (ref($current) eq 'HASH'));
+    my ($container,$changes,$newsettings,$currsettings) = @_;
+    return unless ((ref($changes) eq 'HASH') && (ref($newsettings) eq 'HASH'));
     $newsettings->{'captcha'} = $env{'form.'.$container.'_captcha'};
     unless ($newsettings->{'captcha'} eq 'recaptcha' || $newsettings->{'captcha'} eq 'notused') {
         $newsettings->{'captcha'} = 'original';
     }
-    if ($current->{'captcha'} ne $newsettings->{'captcha'}) {
+    my %current;
+    if (ref($currsettings) eq 'HASH') {
+        %current = %{$currsettings};
+    }
+    if ($current{'captcha'} ne $newsettings->{'captcha'}) {
         if ($container eq 'cancreate') {
             if (ref($changes->{'cancreate'}) eq 'ARRAY') {
                 push(@{$changes->{'cancreate'}},'captcha');
             } elsif (!defined($changes->{'cancreate'})) {
                 $changes->{'cancreate'} = ['captcha'];
             }
+        } elsif ($container eq 'passwords') {
+            $changes->{'reset'} = 1;
         } else {
             $changes->{'captcha'} = 1;
         }
@@ -16066,9 +16188,9 @@ sub process_captcha {
         }
         $newsettings->{'recaptchaversion'} = $newversion;
     }
-    if (ref($current->{'recaptchakeys'}) eq 'HASH') {
-        $currpub = $current->{'recaptchakeys'}{'public'};
-        $currpriv = $current->{'recaptchakeys'}{'private'};
+    if (ref($current{'recaptchakeys'}) eq 'HASH') {
+        $currpub = $current{'recaptchakeys'}{'public'};
+        $currpriv = $current{'recaptchakeys'}{'private'};
         unless ($newsettings->{'captcha'} eq 'recaptcha') {
             $newsettings->{'recaptchakeys'} = {
                                                  public  => '',
@@ -16076,8 +16198,8 @@ sub process_captcha {
                                               }
         }
     }
-    if ($current->{'captcha'} eq 'recaptcha') {
-        $currversion = $current->{'recaptchaversion'};
+    if ($current{'captcha'} eq 'recaptcha') {
+        $currversion = $current{'recaptchaversion'};
         if ($currversion ne '2') {
             $currversion = 1;
         }
@@ -16089,6 +16211,8 @@ sub process_captcha {
             } elsif (!defined($changes->{'cancreate'})) {
                 $changes->{'cancreate'} = ['recaptchaversion'];
             }
+        } elsif ($container eq 'passwords') {
+            $changes->{'reset'} = 1;
         } else {
             $changes->{'recaptchaversion'} = 1;
         }
@@ -16100,6 +16224,8 @@ sub process_captcha {
             } elsif (!defined($changes->{'cancreate'})) {
                 $changes->{'cancreate'} = ['recaptchakeys'];
             }
+        } elsif ($container eq 'passwords') {
+            $changes->{'reset'} = 1;
         } else {
             $changes->{'recaptchakeys'} = 1;
         }
@@ -16895,6 +17021,10 @@ sub modify_coursecategories {
                     }
                     $resulttext .= '</ul></li>';
                 }
+                &Apache::lonnet::do_cache_new('cats',$dom,$cathash,3600);
+                if (ref($lastactref) eq 'HASH') {
+                    $lastactref->{'cats'} = 1;
+                }
             }
             $resulttext .= '</ul>';
             if ($changes{'unauth'} || $changes{'auth'}) {
@@ -18176,6 +18306,7 @@ sub modify_usersessions {
         }
     }
     $defaultshash{'usersessions'}{'offloadnow'} = {};
+    $defaultshash{'usersessions'}{'offloadoth'} = {};
     my @offloadnow = &Apache::loncommon::get_env_multiple('form.offloadnow');
     my @okoffload;
     if (@offloadnow) {
@@ -18192,6 +18323,22 @@ sub modify_usersessions {
             }
         }
     }
+    my @offloadoth = &Apache::loncommon::get_env_multiple('form.offloadoth');
+    my @okoffloadoth;
+    if (@offloadoth) {
+        foreach my $server (@offloadoth) {
+            if (&Apache::lonnet::hostname($server) ne '') {
+                unless (grep(/^\Q$server\E$/,@okoffloadoth)) {
+                    push(@okoffloadoth,$server);
+                }
+            }
+        }
+        if (@okoffloadoth) {
+            foreach my $lonhost (@okoffloadoth) {
+                $defaultshash{'usersessions'}{'offloadoth'}{$lonhost} = 1;
+            }
+        }
+    }
     if (ref($domconfig{'usersessions'}) eq 'HASH') {
         if (ref($domconfig{'usersessions'}{'spares'}) eq 'HASH') {
             if (ref($changes{'spares'}) eq 'HASH') {
@@ -18202,26 +18349,38 @@ sub modify_usersessions {
         } else {
             $savespares = 1;
         }
-        if (ref($domconfig{'usersessions'}{'offloadnow'}) eq 'HASH') {
-            foreach my $lonhost (keys(%{$domconfig{'usersessions'}{'offloadnow'}})) {
-                unless ($defaultshash{'usersessions'}{'offloadnow'}{$lonhost}) {
-                    $changes{'offloadnow'} = 1;
-                    last;
-                }
-            }
-            unless ($changes{'offloadnow'}) {
-                foreach my $lonhost (keys(%{$defaultshash{'usersessions'}{'offloadnow'}})) {
-                    unless ($domconfig{'usersessions'}{'offloadnow'}{$lonhost}) {
-                        $changes{'offloadnow'} = 1;
+        foreach my $offload ('offloadnow','offloadoth') {
+            if (ref($domconfig{'usersessions'}{$offload}) eq 'HASH') {
+                foreach my $lonhost (keys(%{$domconfig{'usersessions'}{$offload}})) {
+                    unless ($defaultshash{'usersessions'}{$offload}{$lonhost}) {
+                        $changes{$offload} = 1;
                         last;
                     }
                 }
-            }
-        } elsif (@okoffload) {
+                unless ($changes{$offload}) {
+                    foreach my $lonhost (keys(%{$defaultshash{'usersessions'}{$offload}})) {
+                        unless ($domconfig{'usersessions'}{$offload}{$lonhost}) {
+                            $changes{$offload} = 1;
+                            last;
+                        }
+                    }
+                }
+            } else {
+                if (($offload eq 'offloadnow') && (@okoffload)) {
+                     $changes{'offloadnow'} = 1;
+                }
+                if (($offload eq 'offloadoth') && (@okoffloadoth)) {
+                    $changes{'offloadoth'} = 1;
+                }
+            } 
+        }
+    } else {
+        if (@okoffload) {
             $changes{'offloadnow'} = 1;
         }
-    } elsif (@okoffload) {
-        $changes{'offloadnow'} = 1;
+        if (@okoffloadoth) {
+            $changes{'offloadoth'} = 1;
+        }
     }
     my $nochgmsg = &mt('No changes made to settings for user session hosting/offloading.');
     if ((keys(%changes) > 0) || ($savespares)) {
@@ -18238,6 +18397,9 @@ sub modify_usersessions {
                 if (ref($defaultshash{'usersessions'}{'offloadnow'}) eq 'HASH') {
                     $domdefaults{'offloadnow'} = $defaultshash{'usersessions'}{'offloadnow'};
                 }
+                if (ref($defaultshash{'usersessions'}{'offloadoth'}) eq 'HASH') {
+                    $domdefaults{'offloadoth'} = $defaultshash{'usersessions'}{'offloadoth'};
+                }
             }
             my $cachetime = 24*60*60;
             &Apache::lonnet::do_cache_new('domdefaults',$dom,\%domdefaults,$cachetime);
@@ -18317,16 +18479,31 @@ sub modify_usersessions {
                 if ($changes{'offloadnow'}) {
                     if (ref($defaultshash{'usersessions'}{'offloadnow'}) eq 'HASH') {
                         if (keys(%{$defaultshash{'usersessions'}{'offloadnow'}}) > 0) {
-                            $resulttext .= '<li>'.&mt('Switch active users on next access, for server(s):').'<ul>';
+                            $resulttext .= '<li>'.&mt('Switch any active user on next access, for server(s):').'<ul>';
                             foreach my $lonhost (sort(keys(%{$defaultshash{'usersessions'}{'offloadnow'}}))) {
                                 $resulttext .= '<li>'.$lonhost.'</li>';
                             }
                             $resulttext .= '</ul>';
                         } else {
-                            $resulttext .= '<li>'.&mt('No servers now set to switch active users on next access.');
+                            $resulttext .= '<li>'.&mt('No servers now set to switch any active user on next access.');
+                        }
+                    } else {
+                        $resulttext .= '<li>'.&mt('No servers now set to switch any active user on next access.').'</li>';
+                    }
+                }
+                if ($changes{'offloadoth'}) {
+                    if (ref($defaultshash{'usersessions'}{'offloadoth'}) eq 'HASH') {
+                        if (keys(%{$defaultshash{'usersessions'}{'offloadoth'}}) > 0) {
+                            $resulttext .= '<li>'.&mt('Switch other institutions on next access, for server(s):').'<ul>';
+                            foreach my $lonhost (sort(keys(%{$defaultshash{'usersessions'}{'offloadoth'}}))) {
+                                $resulttext .= '<li>'.$lonhost.'</li>';
+                            }
+                            $resulttext .= '</ul>';
+                        } else {
+                            $resulttext .= '<li>'.&mt('No servers now set to switch other institutions on next access.');
                         }
                     } else {
-                        $resulttext .= '<li>'.&mt('No servers now set to switch active users on next access.').'</li>';
+                        $resulttext .= '<li>'.&mt('No servers now set to switch other institutions on next access.').'</li>';
                     }
                 }
                 $resulttext .= '</ul>';
@@ -19675,7 +19852,7 @@ sub devalidate_remote_domconfs {
     my %thismachine;
     map { $thismachine{$_} = 1; } &Apache::lonnet::current_machine_ids();
     my @posscached = ('domainconfig','domdefaults','ltitools','usersessions',
-                      'directorysrch','passwdconf');
+                      'directorysrch','passwdconf','cats');
     if (keys(%servers)) {
         foreach my $server (keys(%servers)) {
             next if ($thismachine{$server});