--- loncom/interface/loncommon.pm	2015/04/17 12:34:01	1.1218
+++ loncom/interface/loncommon.pm	2016/02/19 02:39:07	1.1234
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # a pile of common routines
 #
-# $Id: loncommon.pm,v 1.1218 2015/04/17 12:34:01 droeschl Exp $
+# $Id: loncommon.pm,v 1.1234 2016/02/19 02:39:07 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -73,11 +73,16 @@ use Apache::courseclassifier();
 use LONCAPA qw(:DEFAULT :match);
 use DateTime::TimeZone;
 use DateTime::Locale::Catalog;
+use Encode();
 use Text::Aspell;
 use Authen::Captcha;
 use Captcha::reCAPTCHA;
+use JSON::DWIW;
+use LWP::UserAgent;
 use Crypt::DES;
 use DynaLoader; # for Crypt::DES version
+use MIME::Lite;
+use MIME::Types;
 
 # ---------------------------------------------- Designs
 use vars qw(%defaultdesign);
@@ -535,7 +540,7 @@ ENDAUTHORBRW
 
 sub coursebrowser_javascript {
     my ($domainfilter,$sec_element,$formname,$role_element,$crstype,
-        $credits_element) = @_;
+        $credits_element,$instcode) = @_;
     my $wintitle = 'Course_Browser';
     if ($crstype eq 'Community') {
         $wintitle = 'Community_Browser';
@@ -585,7 +590,10 @@ sub coursebrowser_javascript {
         if (formname == 'ccrs') {
             var ownername = document.forms[formid].ccuname.value;
             var ownerdom =  document.forms[formid].ccdomain.options[document.forms[formid].ccdomain.selectedIndex].value;
-            url += '&cloner='+ownername+':'+ownerdom;
+            url += '&cloner='+ownername+':'+ownerdom+'&crscode='+document.forms[formid].crscode.value;
+        }
+        if (formname == 'requestcrs') {
+            url += '&crsdom=$domainfilter&crscode=$instcode';
         }
         if (multflag !=null && multflag != '') {
             url += '&multiple='+multflag;
@@ -983,6 +991,7 @@ sub select_datelocale {
                         $locale_names{$id} = '('.$en_terr.')';
                     }
                 }
+                $locale_names{$id} = Encode::encode('UTF-8',$locale_names{$id});
                 push (@possibles,$id);
             }
         }
@@ -994,7 +1003,7 @@ sub select_datelocale {
         }
         $output.=">$item";
         if ($locale_names{$item} ne '') {
-            $output.="  $locale_names{$item}</option>\n";
+            $output.='  '.$locale_names{$item};
         }
         $output.="</option>\n";
     }
@@ -2264,12 +2273,16 @@ See lonrights.pm for an example invocati
 
 #-------------------------------------------
 sub select_form {
-    my ($def,$name,$hashref,$onchange) = @_;
+    my ($def,$name,$hashref,$onchange,$readonly) = @_;
     return unless (ref($hashref) eq 'HASH');
     if ($onchange) {
         $onchange = ' onchange="'.$onchange.'"';
     }
-    my $selectform = "<select name=\"$name\" size=\"1\"$onchange>\n";
+    my $disabled;
+    if ($readonly) {
+        $disabled = ' disabled="disabled"';
+    }
+    my $selectform = "<select name=\"$name\" size=\"1\"$onchange$disabled>\n";
     my @keys;
     if (exists($hashref->{'select_form_order'})) {
 	@keys=@{$hashref->{'select_form_order'}};
@@ -4948,9 +4961,9 @@ sub blocking_status {
 # build a link to a popup window containing the details
     my $querystring  = "?activity=$activity";
 # $uname and $udom decide whose portfolio the user is trying to look at
-    if ($activity eq 'port') {
-        $querystring .= "&amp;udom=$udom"      if $udom;
-        $querystring .= "&amp;uname=$uname"    if $uname;
+    if (($activity eq 'port') || ($activity eq 'passwd')) {
+        $querystring .= "&amp;udom=$udom"      if ($udom =~ /^$match_domain$/); 
+        $querystring .= "&amp;uname=$uname"    if ($uname =~ /^$match_username$/);
     } elsif ($activity eq 'docs') {
         $querystring .= '&amp;url='.&HTML::Entities::encode($url,'&"');
     }
@@ -4975,6 +4988,8 @@ END_MYBLOCK
         $class = '';
     } elsif ($activity eq 'printout') {
         $text = &mt('Printing Blocked');
+    } elsif ($activity eq 'passwd') {
+        $text = &mt('Password Changing Blocked');
     }
     $output .= <<"END_BLOCK";
 <div class='$class'>
@@ -4998,17 +5013,39 @@ sub check_ip_acc {
     if (!defined($acc) || $acc =~ /^\s*$/ || $acc =~/^\s*no\s*$/i) {
         return 1;
     }
-    my $allowed=0;
+    my $allowed;
     my $ip=$env{'request.host'} || $ENV{'REMOTE_ADDR'} || $clientip;
 
     my $name;
-    foreach my $pattern (split(',',$acc)) {
-        $pattern =~ s/^\s*//;
-        $pattern =~ s/\s*$//;
+    my %access = (
+                     allowfrom => 1,
+                     denyfrom  => 0,
+                 );
+    my @allows;
+    my @denies;
+    foreach my $item (split(',',$acc)) {
+        $item =~ s/^\s*//;
+        $item =~ s/\s*$//;
+        my $pattern;
+        if ($item =~ /^\!(.+)$/) {
+            push(@denies,$1);
+        } else {
+            push(@allows,$item);
+        }
+   }
+   my $numdenies = scalar(@denies);
+   my $numallows = scalar(@allows);
+   my $count = 0;
+   foreach my $pattern (@denies,@allows) {
+        $count ++; 
+        my $acctype = 'allowfrom';
+        if ($count <= $numdenies) {
+            $acctype = 'denyfrom';
+        }
         if ($pattern =~ /\*$/) {
             #35.8.*
             $pattern=~s/\*//;
-            if ($ip =~ /^\Q$pattern\E/) { $allowed=1; }
+            if ($ip =~ /^\Q$pattern\E/) { $allowed=$access{$acctype}; }
         } elsif ($pattern =~ /(\d+\.\d+\.\d+)\.\[(\d+)-(\d+)\]$/) {
             #35.8.3.[34-56]
             my $low=$2;
@@ -5016,7 +5053,7 @@ sub check_ip_acc {
             $pattern=$1;
             if ($ip =~ /^\Q$pattern\E/) {
                 my $last=(split(/\./,$ip))[3];
-                if ($last <=$high && $last >=$low) { $allowed=1; }
+                if ($last <=$high && $last >=$low) { $allowed=$access{$acctype}; }
             }
         } elsif ($pattern =~ /^\*/) {
             #*.msu.edu
@@ -5026,10 +5063,10 @@ sub check_ip_acc {
                 my $netaddr=inet_aton($ip);
                 ($name)=gethostbyaddr($netaddr,AF_INET);
             }
-            if ($name =~ /\Q$pattern\E$/i) { $allowed=1; }
+            if ($name =~ /\Q$pattern\E$/i) { $allowed=$access{$acctype}; }
         } elsif ($pattern =~ /\d+\.\d+\.\d+\.\d+/) {
             #127.0.0.1
-            if ($ip =~ /^\Q$pattern\E/) { $allowed=1; }
+            if ($ip =~ /^\Q$pattern\E/) { $allowed=$access{$acctype}; }
         } else {
             #some.name.com
             if (!defined($name)) {
@@ -5037,9 +5074,16 @@ sub check_ip_acc {
                 my $netaddr=inet_aton($ip);
                 ($name)=gethostbyaddr($netaddr,AF_INET);
             }
-            if ($name =~ /\Q$pattern\E$/i) { $allowed=1; }
+            if ($name =~ /\Q$pattern\E$/i) { $allowed=$access{$acctype}; }
+        }
+        if ($allowed =~ /^(0|1)$/) { last; }
+    }
+    if ($allowed eq '') {
+        if ($numdenies && !$numallows) {
+            $allowed = 1;
+        } else {
+            $allowed = 0;
         }
-        if ($allowed) { last; }
     }
     return $allowed;
 }
@@ -7608,6 +7652,16 @@ ul.LC_funclist li {
 }
 
 /*
+  styles used for response display
+*/
+div.LC_radiofoil, div.LC_rankfoil {
+  margin: .5em 0em .5em 0em;
+}
+table.LC_itemgroup {
+  margin-top: 1em;
+}
+
+/*
   styles used by TTH when "Default set of options to pass to tth/m
   when converting TeX" in course settings has been set
 
@@ -7628,6 +7682,87 @@ span.roman {font-family: serif; font-sty
 span.overacc2 {position: relative;  left: .8em; top: -1.2ex;}
 span.overacc1 {position: relative;  left: .6em; top: -1.2ex;}
 
+/*
+  sections with roles, for content only
+*/
+section[class^="role-"] {
+  padding-left: 10px;
+  padding-right: 5px;
+  margin-top: 8px;
+  margin-bottom: 8px;
+  border: 1px solid #2A4;
+  border-radius: 5px;
+  box-shadow: 0px 1px 1px #BBB;
+}
+section[class^="role-"]>h1 {
+  position: relative;
+  margin: 0px;
+  padding-top: 10px;
+  padding-left: 40px;
+}
+section[class^="role-"]>h1:before {
+  position: absolute;
+  left: -5px;
+  top: 5px;
+}
+section.role-activity>h1:before {
+  content:url('/adm/daxe/images/section_icons/activity.png');
+}
+section.role-advice>h1:before {
+  content:url('/adm/daxe/images/section_icons/advice.png');
+}
+section.role-bibliography>h1:before {
+  content:url('/adm/daxe/images/section_icons/bibliography.png');
+}
+section.role-citation>h1:before {
+  content:url('/adm/daxe/images/section_icons/citation.png');
+}
+section.role-conclusion>h1:before {
+  content:url('/adm/daxe/images/section_icons/conclusion.png');
+}
+section.role-definition>h1:before {
+  content:url('/adm/daxe/images/section_icons/definition.png');
+}
+section.role-demonstration>h1:before {
+  content:url('/adm/daxe/images/section_icons/demonstration.png');
+}
+section.role-example>h1:before {
+  content:url('/adm/daxe/images/section_icons/example.png');
+}
+section.role-explanation>h1:before {
+  content:url('/adm/daxe/images/section_icons/explanation.png');
+}
+section.role-introduction>h1:before {
+  content:url('/adm/daxe/images/section_icons/introduction.png');
+}
+section.role-method>h1:before {
+  content:url('/adm/daxe/images/section_icons/method.png');
+}
+section.role-more_information>h1:before {
+  content:url('/adm/daxe/images/section_icons/more_information.png');
+}
+section.role-objectives>h1:before {
+  content:url('/adm/daxe/images/section_icons/objectives.png');
+}
+section.role-prerequisites>h1:before {
+  content:url('/adm/daxe/images/section_icons/prerequisites.png');
+}
+section.role-remark>h1:before {
+  content:url('/adm/daxe/images/section_icons/remark.png');
+}
+section.role-reminder>h1:before {
+  content:url('/adm/daxe/images/section_icons/reminder.png');
+}
+section.role-summary>h1:before {
+  content:url('/adm/daxe/images/section_icons/summary.png');
+}
+section.role-syntax>h1:before {
+  content:url('/adm/daxe/images/section_icons/syntax.png');
+}
+section.role-warning>h1:before {
+  content:url('/adm/daxe/images/section_icons/warning.png');
+}
+
 END
 }
 
@@ -7768,6 +7903,7 @@ ADDMETA
                                         $newurl .= '&origurl='.$requrl;
                                     }
                                 }
+                                &js_escape(\$msg);
                                 $result.=<<OFFLOAD
 <meta http-equiv="pragma" content="no-cache" />
 <script type="text/javascript">
@@ -9502,7 +9638,7 @@ sub user_picker {
         }
         $srchterm = $srch->{'srchterm'};
     }
-    my %lt=&Apache::lonlocal::texthash(
+    my %html_lt=&Apache::lonlocal::texthash(
                     'usr'       => 'Search criteria',
                     'doma'      => 'Domain/institution to search',
                     'uname'     => 'username',
@@ -9515,6 +9651,8 @@ sub user_picker {
                     'exact'     => 'is',
                     'contains'  => 'contains',
                     'begins'    => 'begins with',
+                                       );
+    my %js_lt=&Apache::lonlocal::texthash(
                     'youm'      => "You must include some text to search for.",
                     'thte'      => "The text you are searching for must contain at least two characters when using a 'begins' type search.",
                     'thet'      => "The text you are searching for must contain at least three characters when using a 'contains' type search.",
@@ -9524,6 +9662,8 @@ sub user_picker {
                     'whse'      => "When searching by last,first you must include at least one character in the first name.",
                      'thfo'     => "The following need to be corrected before the search can be run:",
                                        );
+    &html_escape(\%html_lt);
+    &js_escape(\%js_lt);
     my $domform = &select_dom_form($currdom,'srchdomain',1,1);
     my $srchinsel = ' <select name="srchin">';
 
@@ -9538,10 +9678,10 @@ sub user_picker {
         next if ($option eq 'crs' && !$env{'request.course.id'});
         if ($curr_selected{'srchin'} eq $option) {
             $srchinsel .= ' 
-   <option value="'.$option.'" selected="selected">'.$lt{$option}.'</option>';
+   <option value="'.$option.'" selected="selected">'.$html_lt{$option}.'</option>';
         } else {
             $srchinsel .= '
-   <option value="'.$option.'">'.$lt{$option}.'</option>';
+   <option value="'.$option.'">'.$html_lt{$option}.'</option>';
         }
     }
     $srchinsel .= "\n  </select>\n";
@@ -9550,10 +9690,10 @@ sub user_picker {
     foreach my $option ('lastname','lastfirst','uname') {
         if ($curr_selected{'srchby'} eq $option) {
             $srchbysel .= '
-   <option value="'.$option.'" selected="selected">'.$lt{$option}.'</option>';
+   <option value="'.$option.'" selected="selected">'.$html_lt{$option}.'</option>';
         } else {
             $srchbysel .= '
-   <option value="'.$option.'">'.$lt{$option}.'</option>';
+   <option value="'.$option.'">'.$html_lt{$option}.'</option>';
          }
     }
     $srchbysel .= "\n  </select>\n";
@@ -9562,10 +9702,10 @@ sub user_picker {
     foreach my $option ('begins','contains','exact') {
         if ($curr_selected{'srchtype'} eq $option) {
             $srchtypesel .= '
-   <option value="'.$option.'" selected="selected">'.$lt{$option}.'</option>';
+   <option value="'.$option.'" selected="selected">'.$html_lt{$option}.'</option>';
         } else {
             $srchtypesel .= '
-   <option value="'.$option.'">'.$lt{$option}.'</option>';
+   <option value="'.$option.'">'.$html_lt{$option}.'</option>';
         }
     }
     $srchtypesel .= "\n  </select>\n";
@@ -9650,46 +9790,46 @@ function validateEntry(callingForm) {
 
     if (srchterm == "") {
         checkok = 0;
-        msg += "$lt{'youm'}\\n";
+        msg += "$js_lt{'youm'}\\n";
     }
 
     if (srchtype== 'begins') {
         if (srchterm.length < 2) {
             checkok = 0;
-            msg += "$lt{'thte'}\\n";
+            msg += "$js_lt{'thte'}\\n";
         }
     }
 
     if (srchtype== 'contains') {
         if (srchterm.length < 3) {
             checkok = 0;
-            msg += "$lt{'thet'}\\n";
+            msg += "$js_lt{'thet'}\\n";
         }
     }
     if (srchin == 'instd') {
         if (srchdomain == '') {
             checkok = 0;
-            msg += "$lt{'yomc'}\\n";
+            msg += "$js_lt{'yomc'}\\n";
         }
     }
     if (srchin == 'dom') {
         if (srchdomain == '') {
             checkok = 0;
-            msg += "$lt{'ymcd'}\\n";
+            msg += "$js_lt{'ymcd'}\\n";
         }
     }
     if (srchby == 'lastfirst') {
         if (srchterm.indexOf(",") == -1) {
             checkok = 0;
-            msg += "$lt{'whus'}\\n";
+            msg += "$js_lt{'whus'}\\n";
         }
         if (srchterm.indexOf(",") == srchterm.length -1) {
             checkok = 0;
-            msg += "$lt{'whse'}\\n";
+            msg += "$js_lt{'whse'}\\n";
         }
     }
     if (checkok == 0) {
-        alert("$lt{'thfo'}\\n"+msg);
+        alert("$js_lt{'thfo'}\\n"+msg);
         return;
     }
     if (checkok == 1) {
@@ -9707,10 +9847,10 @@ $new_user_create
 END_BLOCK
 
     $output .= &Apache::lonhtmlcommon::start_pick_box().
-               &Apache::lonhtmlcommon::row_title($lt{'doma'}).
+               &Apache::lonhtmlcommon::row_title($html_lt{'doma'}).
                $domform.
                &Apache::lonhtmlcommon::row_closure().
-               &Apache::lonhtmlcommon::row_title($lt{'usr'}).
+               &Apache::lonhtmlcommon::row_title($html_lt{'usr'}).
                $srchbysel.
                $srchtypesel. 
                '<input type="text" size="15" name="srchterm" value="'.$srchterm.'" />'.
@@ -9723,56 +9863,160 @@ END_BLOCK
 
 sub user_rule_check {
     my ($usershash,$checks,$alerts,$rulematch,$inst_results,$curr_rules,$got_rules) = @_;
-    my $response;
+    my ($response,%inst_response);
     if (ref($usershash) eq 'HASH') {
-        foreach my $user (keys(%{$usershash})) {
-            my ($uname,$udom) = split(/:/,$user);
-            next if ($udom eq '' || $uname eq '');
-            my ($id,$newuser);
-            if (ref($usershash->{$user}) eq 'HASH') {
-                $newuser = $usershash->{$user}->{'newuser'};
-                $id = $usershash->{$user}->{'id'};
-            }
-            my $inst_response;
+        if (keys(%{$usershash}) > 1) {
+            my (%by_username,%by_id,%userdoms);
+            my $checkid; 
             if (ref($checks) eq 'HASH') {
-                if (defined($checks->{'username'})) {
-                    ($inst_response,%{$inst_results->{$user}}) = 
-                        &Apache::lonnet::get_instuser($udom,$uname);
-                } elsif (defined($checks->{'id'})) {
-                    ($inst_response,%{$inst_results->{$user}}) =
-                        &Apache::lonnet::get_instuser($udom,undef,$id);
+                if ((!defined($checks->{'username'})) && (defined($checks->{'id'}))) {
+                    $checkid = 1;
+                }
+            }
+            foreach my $user (keys(%{$usershash})) {
+                my ($uname,$udom) = split(/:/,$user);
+                if ($checkid) {
+                    if (ref($usershash->{$user}) eq 'HASH') {
+                        if ($usershash->{$user}->{'id'} ne '') {
+                            $by_id{$udom}{$usershash->{$user}->{'id'}} = $uname; 
+                            $userdoms{$udom} = 1;
+                            if (ref($inst_results) eq 'HASH') {
+                                $inst_results->{$uname.':'.$udom} = {};
+                            }
+                        }
+                    }
+                } else {
+                    $by_username{$udom}{$uname} = 1;
+                    $userdoms{$udom} = 1;
+                    if (ref($inst_results) eq 'HASH') {
+                        $inst_results->{$uname.':'.$udom} = {};
+                    }
+                }
+            }
+            foreach my $udom (keys(%userdoms)) {
+                if (!$got_rules->{$udom}) {
+                    my %domconfig = &Apache::lonnet::get_dom('configuration',
+                                                             ['usercreation'],$udom);
+                    if (ref($domconfig{'usercreation'}) eq 'HASH') {
+                        foreach my $item ('username','id') {
+                            if (ref($domconfig{'usercreation'}{$item.'_rule'}) eq 'ARRAY') {
+                                $$curr_rules{$udom}{$item} =
+                                    $domconfig{'usercreation'}{$item.'_rule'};
+                            }
+                        }
+                    }
+                    $got_rules->{$udom} = 1;
+                }
+            }
+            if ($checkid) {
+                foreach my $udom (keys(%by_id)) {
+                    my ($outcome,$results) = &Apache::lonnet::get_multiple_instusers($udom,$by_id{$udom},'id');
+                    if ($outcome eq 'ok') {
+                        foreach my $id (keys(%{$by_id{$udom}})) {
+                            my $uname = $by_id{$udom}{$id};
+                            $inst_response{$uname.':'.$udom} = $outcome;
+                        }
+                        if (ref($results) eq 'HASH') {
+                            foreach my $uname (keys(%{$results})) {
+                                if (exists($inst_response{$uname.':'.$udom})) {
+                                    $inst_response{$uname.':'.$udom} = $outcome;
+                                    $inst_results->{$uname.':'.$udom} = $results->{$uname};
+                                }
+                            }
+                        }
+                    }
                 }
             } else {
-                ($inst_response,%{$inst_results->{$user}}) =
-                    &Apache::lonnet::get_instuser($udom,$uname);
-                return;
+                foreach my $udom (keys(%by_username)) {
+                    my ($outcome,$results) = &Apache::lonnet::get_multiple_instusers($udom,$by_username{$udom});
+                    if ($outcome eq 'ok') {
+                        foreach my $uname (keys(%{$by_username{$udom}})) {
+                            $inst_response{$uname.':'.$udom} = $outcome;
+                        }
+                        if (ref($results) eq 'HASH') {
+                            foreach my $uname (keys(%{$results})) {
+                                $inst_results->{$uname.':'.$udom} = $results->{$uname};
+                            }
+                        }
+                    }
+                }
             }
-            if (!$got_rules->{$udom}) {
-                my %domconfig = &Apache::lonnet::get_dom('configuration',
-                                                  ['usercreation'],$udom);
-                if (ref($domconfig{'usercreation'}) eq 'HASH') {
-                    foreach my $item ('username','id') {
-                        if (ref($domconfig{'usercreation'}{$item.'_rule'}) eq 'ARRAY') {
-                            $$curr_rules{$udom}{$item} = 
-                                $domconfig{'usercreation'}{$item.'_rule'};
+        } elsif (keys(%{$usershash}) == 1) {
+            my $user = (keys(%{$usershash}))[0];
+            my ($uname,$udom) = split(/:/,$user);
+            if (($udom ne '') && ($uname ne '')) {
+                if (ref($usershash->{$user}) eq 'HASH') {
+                    if (ref($checks) eq 'HASH') {
+                        if (defined($checks->{'username'})) {
+                            ($inst_response{$user},%{$inst_results->{$user}}) = 
+                                &Apache::lonnet::get_instuser($udom,$uname);
+                        } elsif (defined($checks->{'id'})) {
+                            if ($usershash->{$user}->{'id'} ne '') {
+                                ($inst_response{$user},%{$inst_results->{$user}}) =
+                                    &Apache::lonnet::get_instuser($udom,undef,
+                                                                  $usershash->{$user}->{'id'});
+                            } else {
+                                ($inst_response{$user},%{$inst_results->{$user}}) =
+                                    &Apache::lonnet::get_instuser($udom,$uname);
+                            }
+                        }
+                    } else {
+                       ($inst_response{$user},%{$inst_results->{$user}}) =
+                            &Apache::lonnet::get_instuser($udom,$uname);
+                       return;
+                    }
+                    if (!$got_rules->{$udom}) {
+                        my %domconfig = &Apache::lonnet::get_dom('configuration',
+                                                                 ['usercreation'],$udom);
+                        if (ref($domconfig{'usercreation'}) eq 'HASH') {
+                            foreach my $item ('username','id') {
+                                if (ref($domconfig{'usercreation'}{$item.'_rule'}) eq 'ARRAY') {
+                                   $$curr_rules{$udom}{$item} = 
+                                       $domconfig{'usercreation'}{$item.'_rule'};
+                                }
+                            }
                         }
+                        $got_rules->{$udom} = 1;
                     }
                 }
-                $got_rules->{$udom} = 1;  
+            } else {
+                return;
+            }
+        } else {
+            return;
+        }
+        foreach my $user (keys(%{$usershash})) {
+            my ($uname,$udom) = split(/:/,$user);
+            next if (($udom eq '') || ($uname eq ''));
+            my $id;
+            if (ref($inst_results) eq 'HASH') {
+                if (ref($inst_results->{$user}) eq 'HASH') {
+                    $id = $inst_results->{$user}->{'id'};
+                }
+            }
+            if ($id eq '') { 
+                if (ref($usershash->{$user})) {
+                    $id = $usershash->{$user}->{'id'};
+                }
             }
             foreach my $item (keys(%{$checks})) {
                 if (ref($$curr_rules{$udom}) eq 'HASH') {
                     if (ref($$curr_rules{$udom}{$item}) eq 'ARRAY') {
                         if (@{$$curr_rules{$udom}{$item}} > 0) {
-                            my %rule_check = &Apache::lonnet::inst_rulecheck($udom,$uname,$id,$item,$$curr_rules{$udom}{$item});
+                            my %rule_check = &Apache::lonnet::inst_rulecheck($udom,$uname,$id,$item,
+                                                                             $$curr_rules{$udom}{$item});
                             foreach my $rule (@{$$curr_rules{$udom}{$item}}) {
                                 if ($rule_check{$rule}) {
                                     $$rulematch{$user}{$item} = $rule;
-                                    if ($inst_response eq 'ok') {
+                                    if ($inst_response{$user} eq 'ok') {
                                         if (ref($inst_results) eq 'HASH') {
                                             if (ref($inst_results->{$user}) eq 'HASH') {
                                                 if (keys(%{$inst_results->{$user}}) == 0) {
                                                     $$alerts{$item}{$udom}{$uname} = 1;
+                                                } elsif ($item eq 'id') {
+                                                    if ($inst_results->{$user}->{'id'} eq '') {
+                                                        $$alerts{$item}{$udom}{$uname} = 1;
+                                                    }
                                                 }
                                             }
                                         }
@@ -10058,13 +10302,35 @@ future_reservable - ref to hash of stude
 
 sub get_future_slots {
     my ($cnum,$cdom,$now,$symb) = @_;
+    my $map;
+    if ($symb) {
+        ($map) = &Apache::lonnet::decode_symb($symb);
+    }
     my (%reservable_now,%future_reservable,@sorted_reservable,@sorted_future);
     my %slots = &Apache::lonnet::get_course_slots($cnum,$cdom);
     foreach my $slot (keys(%slots)) {
         next unless($slots{$slot}->{'type'} eq 'schedulable_student');
         if ($symb) {
-            next if (($slots{$slot}->{'symb'} ne '') && 
-                     ($slots{$slot}->{'symb'} ne $symb));
+            if ($slots{$slot}->{'symb'} ne '') {
+                my $canuse;
+                my %oksymbs;
+                my @slotsymbs = split(/\s*,\s*/,$slots{$slot}->{'symb'});
+                map { $oksymbs{$_} = 1; } @slotsymbs;
+                if ($oksymbs{$symb}) {
+                    $canuse = 1;
+                } else {
+                    foreach my $item (@slotsymbs) {
+                        if ($item =~ /\.(page|sequence)$/) {
+                            (undef,undef,my $sloturl) = &Apache::lonnet::decode_symb($item);
+                            if (($map ne '') && ($map eq $sloturl)) {
+                                $canuse = 1;
+                                last;
+                            }
+                        }
+                    }
+                }
+                next unless ($canuse);
+            }
         }
         if (($slots{$slot}->{'starttime'} > $now) &&
             ($slots{$slot}->{'endtime'} > $now)) {
@@ -13812,6 +14078,87 @@ sub build_recipient_list {
 
 =pod
 
+=over 4
+
+=item * &mime_email()
+
+Sends an email with a possible attachment
+
+Inputs:
+
+=over 4
+
+from -              Sender's email address
+
+to -                Email address of recipient
+
+subject -           Subject of email
+
+body -              Body of email
+
+cc_string -         Carbon copy email address
+
+bcc -               Blind carbon copy email address
+
+type -              File type of attachment
+
+attachment_path -   Path of file to be attached
+
+file_name -         Name of file to be attached
+
+attachment_text -   The body of an attachment of type "TEXT"
+
+=back
+
+=back
+
+=cut
+
+############################################################
+############################################################
+
+sub mime_email {
+    my ($from, $to, $subject, $body, $cc_string, $bcc, $attachment_path, 
+        $file_name, $attachment_text) = @_;
+    my $msg = MIME::Lite->new(
+             From    => $from,
+             To      => $to,
+             Subject => $subject,
+             Type    =>'TEXT',
+             Data    => $body,
+             );
+    if ($cc_string ne '') {
+        $msg->add("Cc" => $cc_string);
+    }
+    if ($bcc ne '') {
+        $msg->add("Bcc" => $bcc);
+    }
+    $msg->attr("content-type"         => "text/plain");
+    $msg->attr("content-type.charset" => "UTF-8");
+    # Attach file if given
+    if ($attachment_path) {
+        unless ($file_name) {
+            if ($attachment_path =~ m-/([^/]+)$-) { $file_name = $1; }
+        }
+        my ($type, $encoding) = MIME::Types::by_suffix($attachment_path);
+        $msg->attach(Type     => $type,
+                     Path     => $attachment_path,
+                     Filename => $file_name
+                     );
+    # Otherwise attach text if given
+    } elsif ($attachment_text) {
+        $msg->attach(Type => 'TEXT',
+                     Data => $attachment_text);
+    }
+    # Send it
+    $msg->send('sendmail');
+}
+
+############################################################
+############################################################
+
+=pod
+
 =head1 Course Catalog Routines
 
 =over 4
@@ -14380,34 +14727,92 @@ sub check_clone {
             (&Apache::lonnet::allowed('ccc',$env{'request.role.domain'}))) {
 	    $can_clone = 1;
 	} else {
-	    my %clonehash = &Apache::lonnet::get('environment',['cloners'],
+	    my %clonehash = &Apache::lonnet::get('environment',['cloners','internal.coursecode'],
 						 $args->{'clonedomain'},$args->{'clonecourse'});
-	    my @cloners = split(/,/,$clonehash{'cloners'});
-            if (grep(/^\*$/,@cloners)) {
-                $can_clone = 1;
-            } elsif (grep(/^\*\:\Q$args->{'ccdomain'}\E$/,@cloners)) {
-                $can_clone = 1;
+            if ($clonehash{'cloners'} eq '') {
+                my %domdefs = &Apache::lonnet::get_domain_defaults($args->{'course_domain'});
+                if ($domdefs{'canclone'}) {
+                    unless ($domdefs{'canclone'} eq 'none') {
+                        if ($domdefs{'canclone'} eq 'domain') {
+                            if ($args->{'ccdomain'} eq $args->{'clonedomain'}) {
+                                $can_clone = 1;
+                            }
+                        } elsif (($clonehash{'internal.coursecode'}) && ($args->{'crscode'}) && 
+                                 ($args->{'clonedomain'} eq  $args->{'course_domain'})) {
+                            if (&Apache::lonnet::default_instcode_cloning($args->{'clonedomain'},$domdefs{'canclone'},
+                                                                          $clonehash{'internal.coursecode'},$args->{'crscode'})) {
+                                $can_clone = 1;
+                            }
+                        }
+                    }
+                }
             } else {
+	        my @cloners = split(/,/,$clonehash{'cloners'});
+                if (grep(/^\*$/,@cloners)) {
+                    $can_clone = 1;
+                } elsif (grep(/^\*\:\Q$args->{'ccdomain'}\E$/,@cloners)) {
+                    $can_clone = 1;
+                } elsif (grep(/^\Q$args->{'ccuname'}\E:\Q$args->{'ccdomain'}\E$/,@cloners)) {
+                    $can_clone = 1;
+                }
+                unless ($can_clone) {
+                    if (($clonehash{'internal.coursecode'}) && ($args->{'crscode'}) && 
+                        ($args->{'clonedomain'} eq  $args->{'course_domain'})) {
+                        my (%gotdomdefaults,%gotcodedefaults);
+                        foreach my $cloner (@cloners) {
+                            if (($cloner ne '*') && ($cloner !~ /^\*\:$match_domain$/) &&
+                                ($cloner !~ /^$match_username\:$match_domain$/) && ($cloner ne '')) {
+                                my (%codedefaults,@code_order);
+                                if (ref($gotcodedefaults{$args->{'clonedomain'}}) eq 'HASH') {
+                                    if (ref($gotcodedefaults{$args->{'clonedomain'}}{'defaults'}) eq 'HASH') {
+                                        %codedefaults = %{$gotcodedefaults{$args->{'clonedomain'}}{'defaults'}};
+                                    }
+                                    if (ref($gotcodedefaults{$args->{'clonedomain'}}{'order'}) eq 'ARRAY') {
+                                        @code_order = @{$gotcodedefaults{$args->{'clonedomain'}}{'order'}};
+                                    }
+                                } else {
+                                    &Apache::lonnet::auto_instcode_defaults($args->{'clonedomain'},
+                                                                            \%codedefaults,
+                                                                            \@code_order);
+                                    $gotcodedefaults{$args->{'clonedomain'}}{'defaults'} = \%codedefaults;
+                                    $gotcodedefaults{$args->{'clonedomain'}}{'order'} = \@code_order;
+                                }
+                                if (@code_order > 0) {
+                                    if (&Apache::lonnet::check_instcode_cloning(\%codedefaults,\@code_order,
+                                                                                $cloner,$clonehash{'internal.coursecode'},
+                                                                                $args->{'crscode'})) {
+                                        $can_clone = 1;
+                                        last;
+                                    }
+                                }
+                            }
+                        }
+                    }
+                }
+            }
+            unless ($can_clone) {
                 my $ccrole = 'cc';
                 if ($args->{'crstype'} eq 'Community') {
                     $ccrole = 'co';
                 }
 	        my %roleshash =
 		    &Apache::lonnet::get_my_roles($args->{'ccuname'},
-					 $args->{'ccdomain'},
-                                         'userroles',['active'],[$ccrole],
-					 [$args->{'clonedomain'}]);
-	        if (($roleshash{$args->{'clonecourse'}.':'.$args->{'clonedomain'}.':'.$ccrole}) || (grep(/^\Q$args->{'ccuname'}\E:\Q$args->{'ccdomain'}\E$/,@cloners))) {
+					          $args->{'ccdomain'},
+                                                  'userroles',['active'],[$ccrole],
+					          [$args->{'clonedomain'}]);
+	        if ($roleshash{$args->{'clonecourse'}.':'.$args->{'clonedomain'}.':'.$ccrole}) {
                     $can_clone = 1;
-                } elsif (&Apache::lonnet::is_course_owner($args->{'clonedomain'},$args->{'clonecourse'},$args->{'ccuname'},$args->{'ccdomain'})) {
+                } elsif (&Apache::lonnet::is_course_owner($args->{'clonedomain'},$args->{'clonecourse'},
+                                                          $args->{'ccuname'},$args->{'ccdomain'})) {
                     $can_clone = 1;
+                }
+            }
+            unless ($can_clone) {
+                if ($args->{'crstype'} eq 'Community') {
+                    $clonemsg = &mt('No new community created.').$linefeed.&mt('The new community could not be cloned from the existing community because the new community owner ([_1]) does not have cloning rights in the existing community ([_2]).',$args->{'ccuname'}.':'.$args->{'ccdomain'},$clonedesc{'description'});
                 } else {
-                    if ($args->{'crstype'} eq 'Community') {
-                        $clonemsg = &mt('No new community created.').$linefeed.&mt('The new community could not be cloned from the existing community because the new community owner ([_1]) does not have cloning rights in the existing community ([_2]).',$args->{'ccuname'}.':'.$args->{'ccdomain'},$clonedesc{'description'});
-                    } else {
-                        $clonemsg = &mt('No new course created.').$linefeed.&mt('The new course could not be cloned from the existing course because the new course owner ([_1]) does not have cloning rights in the existing course ([_2]).',$args->{'ccuname'}.':'.$args->{'ccdomain'},$clonedesc{'description'});
-                    }
-	        }
+                    $clonemsg = &mt('No new course created.').$linefeed.&mt('The new course could not be cloned from the existing course because the new course owner ([_1]) does not have cloning rights in the existing course ([_2]).',$args->{'ccuname'}.':'.$args->{'ccdomain'},$clonedesc{'description'});
+                }
 	    }
         }
     }
@@ -15620,11 +16025,18 @@ cloneruname - optional username of new c
 
 clonerudom - optional domain of new course owner
 
-domcloner - Optional "domcloner" flag; has value=1 if user has ccc priv in domain being filtered by, 
+domcloner - optional "domcloner" flag; has value=1 if user has ccc priv in domain being filtered by, 
             (used when DC is using course creation form)
 
 codetitles - reference to array of titles of components in institutional codes (official courses).
 
+cc_clone - escaped comma separated list of courses for which course cloner has active CC role
+           (and so can clone automatically)
+
+reqcrsdom - domain of new course, where search_courses is used to identify potential courses to clone
+
+reqinstcode - institutional code of new course, where search_courses is used to identify potential 
+              courses to clone 
 
 Returns: %courses - hash of courses satisfying search criteria, keys = course IDs, values are corresponding colon-separated escaped description, institutional code, owner and type.
 
@@ -15635,7 +16047,8 @@ Side Effects: None
 
 
 sub search_courses {
-    my ($dom,$type,$filter,$numtitles,$cloneruname,$clonerudom,$domcloner,$codetitles) = @_;
+    my ($dom,$type,$filter,$numtitles,$cloneruname,$clonerudom,$domcloner,$codetitles,
+        $cc_clone,$reqcrsdom,$reqinstcode) = @_;
     my (%courses,%showcourses,$cloner);
     if (($filter->{'ownerfilter'} ne '') ||
         ($filter->{'ownerdomfilter'} ne '')) {
@@ -15683,10 +16096,10 @@ sub search_courses {
                                              $filter->{'combownerfilter'},
                                              $filter->{'coursefilter'},
                                              undef,undef,$type,$regexpok,undef,undef,
-                                             undef,undef,$cloner,$env{'form.cc_clone'},
+                                             undef,undef,$cloner,$cc_clone,
                                              $filter->{'cloneableonly'},
                                              $createdbefore,$createdafter,undef,
-                                             $domcloner);
+                                             $domcloner,undef,$reqcrsdom,$reqinstcode);
     if (($filter->{'personfilter'} ne '') && ($filter->{'persondomfilter'} ne '')) {
         my $ccrole;
         if ($type eq 'Community') {
@@ -15931,7 +16344,7 @@ sub update_content_constraints {
     my ($reqdmajor,$reqdminor) = split(/\./,$curr_reqd_hash{'internal.releaserequired'});
     my %checkresponsetypes;
     foreach my $key (keys(%Apache::lonnet::needsrelease)) {
-        my ($item,$name,$value) = split(/:/,$key);
+        my ($item,$name,$value,$valmatch) = split(/:/,$key);
         if ($item eq 'resourcetag') {
             if ($name eq 'responsetype') {
                 $checkresponsetypes{$value} = $Apache::lonnet::needsrelease{$key}
@@ -16106,29 +16519,30 @@ sub symb_to_docspath {
 sub captcha_display {
     my ($context,$lonhost) = @_;
     my ($output,$error);
-    my ($captcha,$pubkey,$privkey) = &get_captcha_config($context,$lonhost);
+    my ($captcha,$pubkey,$privkey,$version) = 
+        &get_captcha_config($context,$lonhost);
     if ($captcha eq 'original') {
         $output = &create_captcha();
         unless ($output) {
             $error = 'captcha';
         }
     } elsif ($captcha eq 'recaptcha') {
-        $output = &create_recaptcha($pubkey);
+        $output = &create_recaptcha($pubkey,$version);
         unless ($output) {
             $error = 'recaptcha';
         }
     }
-    return ($output,$error,$captcha);
+    return ($output,$error,$captcha,$version);
 }
 
 sub captcha_response {
     my ($context,$lonhost) = @_;
     my ($captcha_chk,$captcha_error);
-    my ($captcha,$pubkey,$privkey) = &get_captcha_config($context,$lonhost);
+    my ($captcha,$pubkey,$privkey,$version) = &get_captcha_config($context,$lonhost);
     if ($captcha eq 'original') {
         ($captcha_chk,$captcha_error) = &check_captcha();
     } elsif ($captcha eq 'recaptcha') {
-        $captcha_chk = &check_recaptcha($privkey);
+        $captcha_chk = &check_recaptcha($privkey,$version);
     } else {
         $captcha_chk = 1;
     }
@@ -16137,7 +16551,7 @@ sub captcha_response {
 
 sub get_captcha_config {
     my ($context,$lonhost) = @_;
-    my ($captcha,$pubkey,$privkey,$hashtocheck);
+    my ($captcha,$pubkey,$privkey,$version,$hashtocheck);
     my $hostname = &Apache::lonnet::hostname($lonhost);
     my $serverhomeID = &Apache::lonnet::get_server_homeID($hostname);
     my $serverhomedom = &Apache::lonnet::host_domain($serverhomeID);
@@ -16153,6 +16567,10 @@ sub get_captcha_config {
                     }
                     if ($privkey && $pubkey) {
                         $captcha = 'recaptcha';
+                        $version = $hashtocheck->{'recaptchaversion'};
+                        if ($version ne '2') {
+                            $version = 1;
+                        }
                     } else {
                         $captcha = 'original';
                     }
@@ -16170,6 +16588,10 @@ sub get_captcha_config {
             $privkey = $domconfhash{$serverhomedom.'.login.recaptchakeys_private'};
             if ($privkey && $pubkey) {
                 $captcha = 'recaptcha';
+                $version = $domconfhash{$serverhomedom.'.login.recaptchaversion'};
+                if ($version ne '2') {
+                    $version = 1; 
+                }
             } else {
                 $captcha = 'original';
             }
@@ -16177,7 +16599,7 @@ sub get_captcha_config {
             $captcha = 'original';
         }
     }
-    return ($captcha,$pubkey,$privkey);
+    return ($captcha,$pubkey,$privkey,$version);
 }
 
 sub create_captcha {
@@ -16236,32 +16658,55 @@ sub check_captcha {
 }
 
 sub create_recaptcha {
-    my ($pubkey) = @_;
-    my $use_ssl;
-    if ($ENV{'SERVER_PORT'} == 443) {
-        $use_ssl = 1;
-    }
-    my $captcha = Captcha::reCAPTCHA->new;
-    return $captcha->get_options_setter({theme => 'white'})."\n".
-           $captcha->get_html($pubkey,undef,$use_ssl).
-           &mt('If the text is hard to read, [_1] will replace them.',
-               '<img src="/res/adm/pages/refresh.gif" alt="reCAPTCHA refresh" />').
-           '<br /><br />';
+    my ($pubkey,$version) = @_;
+    if ($version >= 2) {
+        return '<div class="g-recaptcha" data-sitekey="'.$pubkey.'"></div>';
+    } else {
+        my $use_ssl;
+        if ($ENV{'SERVER_PORT'} == 443) {
+            $use_ssl = 1;
+        }
+        my $captcha = Captcha::reCAPTCHA->new;
+        return $captcha->get_options_setter({theme => 'white'})."\n".
+               $captcha->get_html($pubkey,undef,$use_ssl).
+               &mt('If the text is hard to read, [_1] will replace them.',
+                   '<img src="/res/adm/pages/refresh.gif" alt="reCAPTCHA refresh" />').
+               '<br /><br />';
+    }
 }
 
 sub check_recaptcha {
-    my ($privkey) = @_;
+    my ($privkey,$version) = @_;
     my $captcha_chk;
-    my $captcha = Captcha::reCAPTCHA->new;
-    my $captcha_result =
-        $captcha->check_answer(
-                                $privkey,
-                                $ENV{'REMOTE_ADDR'},
-                                $env{'form.recaptcha_challenge_field'},
-                                $env{'form.recaptcha_response_field'},
-                              );
-    if ($captcha_result->{is_valid}) {
-        $captcha_chk = 1;
+    if ($version >= 2) {
+        my $ua = LWP::UserAgent->new;
+        $ua->timeout(10);
+        my %info = (
+                     secret   => $privkey, 
+                     response => $env{'form.g-recaptcha-response'},
+                     remoteip => $ENV{'REMOTE_ADDR'},
+                   );
+        my $response = $ua->post('https://www.google.com/recaptcha/api/siteverify',\%info);
+        if ($response->is_success)  {
+            my $data = JSON::DWIW->from_json($response->decoded_content);
+            if (ref($data) eq 'HASH') {
+                if ($data->{'success'}) {
+                    $captcha_chk = 1;
+                }
+            }
+        }
+    } else {
+        my $captcha = Captcha::reCAPTCHA->new;
+        my $captcha_result =
+            $captcha->check_answer(
+                                    $privkey,
+                                    $ENV{'REMOTE_ADDR'},
+                                    $env{'form.recaptcha_challenge_field'},
+                                    $env{'form.recaptcha_response_field'},
+                                  );
+        if ($captcha_result->{is_valid}) {
+            $captcha_chk = 1;
+        }
     }
     return $captcha_chk;
 }
@@ -16355,11 +16800,19 @@ sub des_decrypt {
     } else {
         $cypher=new DES $keybin;
     }
-    my $plaintext=
-        $cypher->decrypt(unpack("a8",pack("H16",substr($cyphertext,0,16))));
-    $plaintext.=
-        $cypher->decrypt(unpack("a8",pack("H16",substr($cyphertext,16,16))));
-    $plaintext=substr($plaintext,1,ord(substr($plaintext,0,1)) );
+    my $plaintext='';
+    my $cypherlength = length($cyphertext);
+    my $numchunks = int($cypherlength/32);
+    for (my $j=0; $j<$numchunks; $j++) {
+        my $start = $j*32;
+        my $cypherblock = substr($cyphertext,$start,32);
+        my $chunk =
+            $cypher->decrypt(unpack("a8",pack("H16",substr($cypherblock,0,16))));
+        $chunk .=
+            $cypher->decrypt(unpack("a8",pack("H16",substr($cypherblock,16,16))));
+        $chunk=substr($chunk,1,ord(substr($chunk,0,1)) );
+        $plaintext .= $chunk;
+    }
     return $plaintext;
 }