--- loncom/interface/lonuserutils.pm	2010/01/20 18:22:35	1.97.2.5
+++ loncom/interface/lonuserutils.pm	2012/02/08 16:27:28	1.136.6.1
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Utility functions for managing LON-CAPA user accounts
 #
-# $Id: lonuserutils.pm,v 1.97.2.5 2010/01/20 18:22:35 raeburn Exp $
+# $Id: lonuserutils.pm,v 1.136.6.1 2012/02/08 16:27:28 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -47,7 +47,8 @@ sub modifystudent {
     # this one.  If $csec is defined, drop them from all other sections of
     # this course and add them to section $csec
     my ($cnum,$cdom) = &get_course_identity($courseid);
-    my %roles = &Apache::lonnet::dump('roles',$udom,$unam);
+    my $extra = &Apache::lonnet::freeze_escape({'skipcheck' => 1});
+    my %roles = &Apache::lonnet::dump('roles',$udom,$unam,'.',undef,$extra);
     my ($tmp) = keys(%roles);
     # Bail out if we were unable to get the students roles
     return "$1" if ($tmp =~ /^(con_lost|error|no_such_host)/i);
@@ -91,7 +92,7 @@ sub modifyuserrole {
     if ($setting eq 'course' || $context eq 'course') {
         $scope = '/'.$cid;
         $scope =~ s/\_/\//g;
-        if ($role ne 'cc' && $sec ne '') {
+        if (($role ne 'cc') && ($role ne 'co') && ($sec ne '')) {
             $scope .='/'.$sec;
         }
     } elsif ($context eq 'domain') {
@@ -295,7 +296,8 @@ sub hidden_input {
 }
 
 sub print_upload_manager_header {
-    my ($r,$datatoken,$distotal,$krbdefdom,$context,$permission)=@_;
+    my ($r,$datatoken,$distotal,$krbdefdom,$context,$permission,$crstype,
+        $can_assign)=@_;
     my $javascript;
     #
     if (! exists($env{'form.upfile_associate'})) {
@@ -309,9 +311,9 @@ sub print_upload_manager_header {
         }
     }
     if ($env{'form.upfile_associate'} eq 'reverse') {
-        $javascript=&upload_manager_javascript_reverse_associate();
+        $javascript=&upload_manager_javascript_reverse_associate($can_assign);
     } else {
-        $javascript=&upload_manager_javascript_forward_associate();
+        $javascript=&upload_manager_javascript_forward_associate($can_assign);
     }
     #
     # Deal with restored settings
@@ -332,7 +334,7 @@ sub print_upload_manager_header {
     my $javascript_validations =
         &javascript_validations('upload',$krbdefdom,$password_choice,undef,
                                 $env{'request.role.domain'},$context,
-                                $groupslist);
+                                $groupslist,$crstype);
     my $checked=(($env{'form.noFirstLine'})?' checked="checked"':'');
     $r->print('<p>'
              .&mt('Total number of records found in file: [_1]'
@@ -365,7 +367,7 @@ sub print_upload_manager_header {
 ###############################################################
 sub javascript_validations {
     my ($mode,$krbdefdom,$curr_authtype,$curr_authfield,$domain,
-        $context,$groupslist)=@_;
+        $context,$groupslist,$crstype)=@_;
     my %param = (
                   kerb_def_dom => $krbdefdom,
                   curr_authtype => $curr_authtype,
@@ -386,10 +388,10 @@ sub javascript_validations {
         if (($context eq 'course') || ($context eq 'domain')) {
             if ($context eq 'course') {
                 if ($env{'request.course.sec'} eq '') {
-                    $setsection_call = 'setSections(document.'.$param{'formname'}.');';
+                    $setsection_call = 'setSections(document.'.$param{'formname'}.",'$crstype'".');';
                     $setsections_js =
                         &setsections_javascript($param{'formname'},$groupslist,
-                                                $mode);
+                                                $mode,'',$crstype);
                 } else {
                     $setsection_call = "'ok'";
                 }
@@ -532,6 +534,7 @@ END
         if (message!='') {
             message+='\\n';
         }
+        message+='$alert{'section'}';
     }
     if (foundemail==0) {
         if (message!='') {
@@ -585,6 +588,46 @@ END
 ###############################################################
 ###############################################################
 sub upload_manager_javascript_forward_associate {
+    my ($can_assign) = @_;
+    my ($auth_update,$numbuttons,$argreset);
+    if (ref($can_assign) eq 'HASH') {
+        if ($can_assign->{'krb4'} || $can_assign->{'krb5'}) {
+            $argreset .= "      vf.krbarg.value='';\n";
+            $numbuttons ++ ;
+        }
+        if ($can_assign->{'int'}) {
+            $argreset .= "      vf.intarg.value='';\n";
+            $numbuttons ++;
+        }
+        if ($can_assign->{'loc'}) {
+            $argreset .= "      vf.locarg.value='';\n";
+            $numbuttons ++;
+        }
+        if (!$can_assign->{'int'}) {
+            my $warning = &mt('You may not specify an initial password for each user, as this is only available when new users use LON-CAPA internal authentication.\n').
+                          &mt('Your current role does not have rights to create users with that authentication type.');
+            $auth_update = <<"END";
+   // Currently the initial password field is only supported for internal auth
+   // (see bug 6368).
+   if (nw==9) {
+       eval('vf.f'+tf+'.selectedIndex=0;')
+       alert('$warning');
+   }
+END
+        } elsif ($numbuttons > 1) {
+            $auth_update = <<"END";
+   // If we set the password, make the password form below correspond to
+   // the new value.
+   if (nw==9) {
+      changed_radio('int',document.studentform);
+      set_auth_radio_buttons('int',document.studentform);
+$argreset
+   }
+
+END
+        }
+    }
+
     return(<<ENDPICK);
 function verify(vf,sec_caller) {
     var founduname=0;
@@ -661,15 +704,7 @@ function flip(vf,tf) {
          }
       }
    }
-   // If we set the password, make the password form below correspond to
-   // the new value.
-   if (nw==9) {
-       changed_radio('int',document.studentform);
-       set_auth_radio_buttons('int',document.studentform);
-       vf.intarg.value='';
-       vf.krbarg.value='';
-       vf.locarg.value='';
-   }
+   $auth_update
 }
 
 function clearpwd(vf) {
@@ -687,6 +722,45 @@ ENDPICK
 ###############################################################
 ###############################################################
 sub upload_manager_javascript_reverse_associate {
+    my ($can_assign) = @_;
+    my ($auth_update,$numbuttons,$argreset);
+    if (ref($can_assign) eq 'HASH') {
+        if ($can_assign->{'krb4'} || $can_assign->{'krb5'}) {
+            $argreset .= "      vf.krbarg.value='';\n";
+            $numbuttons ++ ;
+        }
+        if ($can_assign->{'int'}) {
+            $argreset .= "      vf.intarg.value='';\n";
+            $numbuttons ++;
+        }
+        if ($can_assign->{'loc'}) {
+            $argreset .= "      vf.locarg.value='';\n";
+            $numbuttons ++;
+        }
+        if (!$can_assign->{'int'}) {
+            my $warning = &mt('You may not specify an initial password, as this is only available when new users use LON-CAPA internal authentication.\n').
+                          &mt('Your current role does not have rights to create users with that authentication type.');
+            $auth_update = <<"END";
+   // Currently the initial password field is only supported for internal auth
+   // (see bug 6368).
+   if (tf==8 && nw!=0) {
+       eval('vf.f'+tf+'.selectedIndex=0;')
+       alert('$warning');
+   }
+END
+        } elsif ($numbuttons > 1) {
+            $auth_update = <<"END";
+   // initial password specified, pick internal authentication
+   if (tf==8 && nw!=0) {
+      changed_radio('int',document.studentform);
+      set_auth_radio_buttons('int',document.studentform);
+$argreset
+   }
+
+END
+        }
+    }
+
     return(<<ENDPICK);
 function verify(vf,sec_caller) {
     var founduname=0;
@@ -694,6 +768,7 @@ function verify(vf,sec_caller) {
     var foundname=0;
     var foundid=0;
     var foundsec=0;
+    var foundemail=0;
     var foundrole=0;
     var founddomain=0;
     var foundinststatus=0;
@@ -705,11 +780,12 @@ function verify(vf,sec_caller) {
         if (i==6 && tw!=0) { foundid=1; }
         if (i==7 && tw!=0) { foundsec=1; }
         if (i==8 && tw!=0) { foundpwd=1; }
-        if (i==9 && tw!=0) { foundrole=1; }
-        if (i==10 && tw!=0) { founddomain=1; }
-        if (i==13 && tw!=0) { foundinstatus=1; }
+        if (i==9 && tw!=0) { foundemail=1; }
+        if (i==10 && tw!=0) { foundrole=1; }
+        if (i==11 && tw!=0) { founddomain=1; }
+        if (i==12 && tw!=0) { foundinstatus=1; }
     }
-    verify_message(vf,founduname,foundpwd,foundname,foundid,foundsec,foundrole,founddomain,foundinststatus);
+    verify_message(vf,founduname,foundpwd,foundname,foundid,foundsec,foundemail,foundrole,founddomain,foundinststatus);
 }
 
 function flip(vf,tf) {
@@ -726,14 +802,7 @@ function flip(vf,tf) {
    if ((tf>=2) && (tf<=5) && (nw!=0)) {
       eval('vf.f1.selectedIndex=0;')
    }
-   // intial password specified, pick internal authentication
-   if (tf==8 && nw!=0) {
-       changed_radio('int',document.studentform);
-       set_auth_radio_buttons('int',document.studentform);
-       vf.krbarg.value='';
-       vf.intarg.value='';
-       vf.locarg.value='';
-   }
+   $auth_update
 }
 
 function clearpwd(vf) {
@@ -830,7 +899,7 @@ sub print_upload_manager_footer {
                .'&nbsp;'.&mt('Add a domain role').'</label>'
                .'&nbsp;&nbsp;&nbsp;<label>'
                .'<input type="radio" name="roleaction" value="course" />'
-               .'&nbsp;'.&mt('Add a course role').'</label>'
+               .'&nbsp;'.&mt('Add a course/community role').'</label>'
                .'</span>';
     } elsif ($context eq 'author') {
         $Str .= &Apache::lonhtmlcommon::row_title(
@@ -899,7 +968,7 @@ sub print_upload_manager_footer {
            .'<hr />';
     if ($context eq 'course') {
         $Str .= '<p class="LC_info">'
-               .&mt('Note: For large courses, this operation may be time consuming.')
+               .&mt('Note: This operation may be time consuming when adding several users.')
                .'</p>';
     }
     $Str .= '<p><input type="button"'
@@ -978,8 +1047,9 @@ sub print_upload_manager_form {
     my ($krbdef,$krbdefdom) =
         &Apache::loncommon::get_kerberos_defaults($defdom);
     #
+    my ($authnum,%can_assign) =  &Apache::loncommon::get_assignable_auth($defdom);
     &print_upload_manager_header($r,$datatoken,$distotal,$krbdefdom,$context,
-                                 $permission);
+                                 $permission,$crstype,\%can_assign);
     my $i;
     my $keyfields;
     if ($total>=0) {
@@ -1141,7 +1211,7 @@ sub date_setting_table {
 }
 
 sub make_dates_default {
-    my ($startdate,$enddate,$context,$crstype = @_;
+    my ($startdate,$enddate,$context,$crstype) = @_;
     my $result = '';
     if ($context eq 'course') {
         my ($cnum,$cdom) = &get_course_identity();
@@ -1176,7 +1246,7 @@ sub default_role_selector {
     my %customroles;
     my ($options,$coursepick,$cb_jscript);
     if ($context ne 'author') {
-        %customroles = &my_custom_roles();
+        %customroles = &my_custom_roles($crstype);
     }
 
     my %lt=&Apache::lonlocal::texthash(
@@ -1202,16 +1272,16 @@ sub default_role_selector {
            $options .= '  <option value="'.$role.'">'.$plrole.'</option>';
         }
         my $courseform = &Apache::loncommon::selectcourse_link
-            ('studentform','dccourse','dcdomain','coursedesc',"$env{'request.role.domain'}",undef,'Course');
+            ('studentform','dccourse','dcdomain','coursedesc',"$env{'request.role.domain'}",undef,'Course/Community');
         $cb_jscript = 
-            &Apache::loncommon::coursebrowser_javascript($env{'request.role.domain'},'currsec','studentform');
+            &Apache::loncommon::coursebrowser_javascript($env{'request.role.domain'},'currsec','studentform','courserole','Course/Community');
         $coursepick = &Apache::loncommon::start_data_table().
                       &Apache::loncommon::start_data_table_header_row().
                       '<th>'.$courseform.'</th><th>'.$lt{'rol'}.'</th>'.
                       '<th>'.$lt{'grs'}.'</th>'.
                       &Apache::loncommon::end_data_table_header_row().
                       &Apache::loncommon::start_data_table_row()."\n".
-                      '<td><input type="text" name="coursedesc" value="" onfocus="this.blur();opencrsbrowser('."'studentform','dccourse','dcdomain','coursedesc',''".')" /></td>'."\n".
+                      '<td><input type="text" name="coursedesc" value="" onfocus="this.blur();opencrsbrowser('."'studentform','dccourse','dcdomain','coursedesc','','','','crstype'".')" /></td>'."\n".
                       '<td><select name="courserole">'."\n".
                       &default_course_roles($context,$checkpriv,'Course',%customroles)."\n".
                       '</select></td><td>'.
@@ -1229,6 +1299,7 @@ sub default_role_selector {
                       $env{'request.role.domain'}.'" />'.
                       '<input type="hidden" name="dccourse" value="" />'.
                       '<input type="hidden" name="dcdomain" value="" />'.
+                      '<input type="hidden" name="crstype" value="" />'.
                       '</td></tr></table></td>'.
                       &Apache::loncommon::end_data_table_row().
                       &Apache::loncommon::end_data_table()."\n";
@@ -1349,10 +1420,14 @@ sub curr_role_permissions {
 # ======================================================= Existing Custom Roles
 
 sub my_custom_roles {
+    my ($crstype) = @_;
     my %returnhash=();
     my %rolehash=&Apache::lonnet::dump('roles');
-    foreach my $key (keys %rolehash) {
+    foreach my $key (keys(%rolehash)) {
         if ($key=~/^rolesdef\_(\w+)$/) {
+            if ($crstype eq 'Community') {
+                next if ($rolehash{$key} =~ /bre\&S/); 
+            }
             $returnhash{$1}=$1;
         }
     }
@@ -1442,14 +1517,18 @@ sub print_userlist {
         return;
     }
     if (!(($context eq 'domain') && 
-        (($env{'form.roletype'} eq 'course') || ($env{'form.roletype'} eq 'community')))) {
-        $r->print('&nbsp;'.&list_submit_button(&mt('Update Display')).
-                  "\n</p>\n");
+          (($env{'form.roletype'} eq 'course') || ($env{'form.roletype'} eq 'community')))) {
+        $r->print(
+            "\n</p>\n"
+           .'<p>'
+           .&list_submit_button(&mt('Update Display'))
+           ."</p>\n"
+        );
     }
     my ($indexhash,$keylist) = &make_keylist_array();
     my (%userlist,%userinfo,$clearcoursepick);
     if (($context eq 'domain') && 
-        ($env{'form.roletype'} eq 'course') ||
+        ($env{'form.roletype'} eq 'course') || 
         ($env{'form.roletype'} eq 'community')) {
         my ($crstype,$numcodes,$title,$warning);
         if ($env{'form.roletype'} eq 'course') {
@@ -1463,9 +1542,11 @@ sub print_userlist {
             $title = &mt('Select Communities');
             $warning = &mt('Warning: data retrieval for multiple communities can take considerable time, as this operation is not currently optimized.');
         }
+        my @standardnames = &Apache::loncommon::get_standard_codeitems();
         my $courseform =
             &Apache::lonhtmlcommon::course_selection($formname,$numcodes,
-                            $codetitles,$idlist,$idlist_titles,$crstype);
+                            $codetitles,$idlist,$idlist_titles,$crstype,
+                            \@standardnames);
         $r->print('<p>'.&Apache::lonhtmlcommon::start_pick_box()."\n".
                   &Apache::lonhtmlcommon::start_pick_box()."\n".
                   &Apache::lonhtmlcommon::row_title($title,'LC_oddrow_value')."\n".
@@ -1553,7 +1634,8 @@ sub print_userlist {
                         }
                     }
                 }
-            } elsif ($env{'form.roletype'} eq 'course') {
+            } elsif (($env{'form.roletype'} eq 'course') ||
+                     ($env{'form.roletype'} eq 'community')) {
                 if (($env{'form.coursepick'}) && (!$clearcoursepick)) {
                     my %courses = &process_coursepick();
                     my %allusers;
@@ -1682,7 +1764,7 @@ sub role_filter {
         $role_select .= '</select>';
         $output = '<label><span class="LC_nobreak">'
                  .&mt('Role: [_1]',$role_select)
-                 .'</span></label>';
+                 .'</span></label> ';
     }
     return $output;
 }
@@ -1711,7 +1793,7 @@ sub section_group_filter {
             $env{'form.'.$name{$item}} = 'all';
         }
         if ($item eq 'sec') {
-            if ($env{'form.showrole'} eq 'cc') {
+            if (($env{'form.showrole'} eq 'cc') || ($env{'form.showrole'} eq 'co')) {
                 $env{'form.'.$name{$item}} = 'none';
             }
             my %sections_count = &Apache::loncommon::get_sections($cdom,$cnum);
@@ -1722,7 +1804,7 @@ sub section_group_filter {
         }
         if (@options > 0) {
             my $currsel;
-            $markup = '<select name="'.$name{$item}.'" />'."\n";
+            $markup = '<select name="'.$name{$item}.'">'."\n";
             foreach my $option ('all','none',@options) { 
                 $currsel = '';
                 if ($env{'form.'.$name{$item}} eq $option) {
@@ -1737,7 +1819,9 @@ sub section_group_filter {
                 $markup .= '</option>'."\n";
             }
             $markup .= '</select>'."\n";
-            $output .= ('&nbsp;'x3).'<label>'.$title{$item}.': '.$markup.'</label>';
+            $output .= ('&nbsp;'x3).'<span class="LC_nobreak">'
+                      .'<label>'.$title{$item}.': '.$markup.'</label>'
+                      .'</span> ';
         }
     }
     return $output;
@@ -1911,7 +1995,7 @@ function setCourseCat(formname) {
     if (formname.Year.options[formname.Year.selectedIndex].value == -1) {
         return;
     }
-    courseSet('Year');
+    courseSet('$codetitles[0]');
     for (var j=0; j<formname.Semester.length; j++) {
         if (formname.Semester.options[j].value == "$env{'form.Semester'}") {
             formname.Semester.options[j].selected = true;
@@ -1920,7 +2004,7 @@ function setCourseCat(formname) {
     if (formname.Semester.options[formname.Semester.selectedIndex].value == -1) {
         return;
     }
-    courseSet('Semester');
+    courseSet('$codetitles[1]');
     for (var j=0; j<formname.Department.length; j++) {
         if (formname.Department.options[j].value == "$env{'form.Department'}") {            formname.Department.options[j].selected = true;
         }
@@ -1928,7 +2012,7 @@ function setCourseCat(formname) {
     if (formname.Department.options[formname.Department.selectedIndex].value == -1) {
         return;
     }
-    courseSet('Department');
+    courseSet('$codetitles[2]');
     for (var j=0; j<formname.Number.length; j++) {
         if (formname.Number.options[j].value == "$env{'form.Number'}") {
             formname.Number.options[j].selected = true;
@@ -1957,13 +2041,17 @@ sub process_coursepick {
     my $coursefilter = $env{'form.coursepick'};
     my $cdom = $env{'request.role.domain'};
     my %courses;
+    my $crssrch = 'Course';
+    if ($env{'form.roletype'} eq 'community') {
+        $crssrch = 'Community';
+    }
     if ($coursefilter eq 'all') {
         %courses = &Apache::lonnet::courseiddump($cdom,'.','.','.','.','.',
-                                                 undef,undef,'Course');
+                                                 undef,undef,$crssrch);
     } elsif ($coursefilter eq 'category') {
         my $instcode = &instcode_from_coursefilter();
         %courses = &Apache::lonnet::courseiddump($cdom,'.','.',$instcode,'.','.',
-                                                 undef,undef,'Course');
+                                                 undef,undef,$crssrch);
     } elsif ($coursefilter eq 'specific') {
         if ($env{'form.coursetotal'} > 1) {
             my @course_ids = split(/&&/,$env{'form.courselist'});
@@ -2148,7 +2236,7 @@ END
     } elsif ($context eq 'domain') {
         if ($setting eq 'community') {
             $crstype = 'Community';
-        } elsif ($crstype eq 'course') {
+        } elsif ($setting eq 'course') {
             $crstype = 'Course';
         }
     }
@@ -2233,6 +2321,7 @@ END
                        'type'       => "enroll type/action",
                        'email'      => "e-mail address",
                        'photo'      => "photo",
+                       'lastlogin'  => "last login"
                        'extent'     => "extent",
                        'pr'         => "Proceed",
                        'ca'         => "check all",
@@ -2261,7 +2350,7 @@ END
             push(@cols,'section');
         }
         if (!($context eq 'domain' && ($env{'form.roletype'} eq 'course')
-                              && ($env{'form.roletype'} eq 'community'))) {
+                              && ($env{'form.roletype'} eq 'community'))) { 
             push(@cols,('start','end'));
         }
         if ($env{'form.showrole'} eq 'Any' || $env{'form.showrole'} eq 'cr') {
@@ -2272,7 +2361,7 @@ END
                                     $env{'form.roletype'} eq 'community')) {
             push (@cols,'extent');
         }
-        if (($statusmode eq 'Any') &&
+        if (($statusmode eq 'Any') && 
             (!($context eq 'domain' && (($env{'form.roletype'} eq 'course')
              || ($env{'form.roletype'} eq 'community'))))) {
             push(@cols,'status');
@@ -2281,26 +2370,32 @@ END
             push(@cols,'groups');
         }
         push(@cols,'email');
+        if ($context eq 'course') {
+            push(@cols,'lastlogin');
+        }
     }
 
     my $rolefilter = $env{'form.showrole'};
     if ($env{'form.showrole'} eq 'cr') {
         $rolefilter = &mt('custom');  
     } elsif ($env{'form.showrole'} ne 'Any') {
-        $rolefilter = &Apache::lonnet::plaintext($env{'form.showrole'});
+        $rolefilter = &Apache::lonnet::plaintext($env{'form.showrole'},$crstype);
     }
     my $results_description;
     if ($mode ne 'autoenroll') {
         $results_description = &results_header_row($rolefilter,$statusmode,
                                                    $context,$permission,$mode,$crstype);
-
         $r->print('<b>'.$results_description.'</b><br /><br />');
     }
     my ($output,$actionselect,%canchange,%canchangesec);
     if ($mode eq 'html' || $mode eq 'view' || $mode eq 'autoenroll' || $mode eq 'pickauthor') {
         if ($mode ne 'autoenroll' && $mode ne 'pickauthor') {
             if ($permission->{'cusr'}) {
-                $actionselect = &select_actions($context,$setting,$statusmode,$formname);
+                unless (($context eq 'domain') && 
+                        (($setting eq 'course') || ($setting eq 'community'))) {
+                    $actionselect = 
+                        &select_actions($context,$setting,$statusmode,$formname);
+                }
             }
             $r->print(<<END);
 <input type="hidden" name="srchby"  value="uname" />
@@ -2311,7 +2406,7 @@ END
 END
             if ($actionselect) {
                 $output .= <<"END";
-<div class="LC_left_float"><fieldset><legend><b>$lt{'ac'}</b></legend>
+<div class="LC_left_float"><fieldset><legend>$lt{'ac'}</legend>
 $actionselect
 <br/><br /><input type="button" value="$lt{'ca'}" onclick="javascript:checkAll(document.$formname.actionlist)" /> &nbsp;
 <input type="button" value="$lt{'ua'}" onclick="javascript:uncheckAll(document.$formname.actionlist)" /><br /><input type="button" value="$lt{'pr'}" onclick="javascript:verify_action('actionlist')" /></fieldset></div>
@@ -2356,7 +2451,7 @@ END
                     }
                 }
             }
-            $output .= '<div class="LC_left_float"><fieldset><legend><b>'.$lt{'link'}.'</b></legend>'.
+            $output .= '<div class="LC_left_float"><fieldset><legend>'.$lt{'link'}.'</legend>'.
                        '<table><tr>';
             my @linkdests = ('aboutme');
             if ($permission->{'cusr'}) {
@@ -2367,6 +2462,7 @@ END
                                          $env{'request.course.sec'})) {
                 push(@linkdests,'track');
             }
+
             $output .= '<td>';
             my $usernamelink = $env{'form.usernamelink'};
             if ($usernamelink eq '') {
@@ -2383,7 +2479,7 @@ END
             if ($env{'form.userwin'}) {
                 $checkwin = ' checked="checked"';
             }
-            $output .= '</td><td valign="top"><span class="LC_nobreak"><input type="checkbox" name="userwin" value="1"'.$checkwin.' />'.$lt{'owin'}.'</span></td></tr></table></fieldset></div>';
+            $output .= '</td><td valign="top"  style="border-left: 1px solid;"><span class="LC_nobreak"><input type="checkbox" name="userwin" value="1"'.$checkwin.' />'.$lt{'owin'}.'</span></td></tr></table></fieldset></div>';
         }
         $output .= "\n".'<div class="LC_clear_float_footer">&nbsp;</div>'."\n".
                   &Apache::loncommon::start_data_table().
@@ -2393,11 +2489,7 @@ END
  <th><a href=\"javascript:document.$formname.sortby.value='type';document.$formname.submit();\">$lt{'type'}</a></th>
             ";
         } else {
-            if ($mode eq 'pickauthor') {
-                $output .= "\n".'<th>&nbsp;</th>'."\n";
-            } else { 
-                $output .= "\n".'<th>'.&mt('Count').'</th>'."\n";
-            }
+            $output .= "\n".'<th>&nbsp;</th>'."\n";
             if ($actionselect) {
                 $output .= '<th>'.&mt('Select').'</th>'."\n";
             }
@@ -2452,9 +2544,13 @@ END
                        time.'_'.rand(1000000000).'.csv';
         unless ($CSVfile = Apache::File->new('>/home/httpd'.$CSVfilename)) {
             $r->log_error("Couldn't open $CSVfilename for output $!");
-            $r->print(&mt('Problems occurred in writing the CSV file. '
-                         .'This error has been logged. '
-                         .'Please alert your LON-CAPA administrator.'));
+            $r->print(
+                '<p class="LC_error">'
+               .&mt('Problems occurred in writing the CSV file.')
+               .' '.&mt('This error has been logged.')
+               .' '.&mt('Please alert your LON-CAPA administrator.')
+               .'</p>'
+            );
             $CSVfile = undef;
         }
         #
@@ -2501,6 +2597,11 @@ END
                                                 Future  => 'Future',
                                                 Expired => 'Expired',
                                                );
+    # If this is for a single course get last course "log-in".
+    my %crslogins;
+    if ($context eq 'course') {
+        %crslogins=&Apache::lonnet::dump('nohist_crslastlogin',$cdom,$cnum);
+    }
     # Get groups, role, permanent e-mail so we can sort on them if
     # necessary.
     foreach my $user (keys(%{$userlist})) {
@@ -2636,16 +2737,24 @@ END
         if ($clickers!~/\w/) { $clickers='-'; }
         $in{'clicker'} = $clickers; 
 	my $role = $in{'role'};
-        $in{'role'}=&Apache::lonnet::plaintext($sdata->[$index{'role'}],$crstype); 
-        if (! defined($in{'start'}) || $in{'start'} == 0) {
-            $in{'start'} = &mt('none');
-        } else {
-            $in{'start'} = &Apache::lonlocal::locallocaltime($in{'start'});
+        $in{'role'}=&Apache::lonnet::plaintext($sdata->[$index{'role'}],$crstype);
+        unless ($mode eq 'excel') {
+            if (! defined($in{'start'}) || $in{'start'} == 0) {
+                $in{'start'} = &mt('none');
+            } else {
+                $in{'start'} = &Apache::lonlocal::locallocaltime($in{'start'});
+            }
+            if (! defined($in{'end'}) || $in{'end'} == 0) {
+                $in{'end'} = &mt('none');
+            } else {
+                $in{'end'} = &Apache::lonlocal::locallocaltime($in{'end'});
+            }
         }
-        if (! defined($in{'end'}) || $in{'end'} == 0) {
-            $in{'end'} = &mt('none');
-        } else {
-            $in{'end'} = &Apache::lonlocal::locallocaltime($in{'end'});
+        if ($context eq 'course') {
+            my $lastlogin = $crslogins{$in{'username'}.':'.$in{'domain'}.':'.$in{'section'}.':'.$role};
+            if ($lastlogin ne '') {
+                $in{'lastlogin'} = &Apache::lonlocal::locallocaltime($lastlogin);
+            }
         }
         if ($mode eq 'view' || $mode eq 'html' || $mode eq 'autoenroll' || $mode eq 'pickauthor') {
             $r->print(&Apache::loncommon::start_data_table_row());
@@ -2747,16 +2856,6 @@ END
         } elsif ($mode eq 'csv') {
             next if (! defined($CSVfile));
             # no need to bother with $linkto
-            if (! defined($in{'start'}) || $in{'start'} == 0) {
-                $in{'start'} = &mt('none');
-            } else {
-                $in{'start'} = &Apache::lonlocal::locallocaltime($in{'start'});
-            }
-            if (! defined($in{'end'}) || $in{'end'} == 0) {
-                $in{'end'} = &mt('none');
-            } else {
-                $in{'end'} = &Apache::lonlocal::locallocaltime($in{'end'});
-            }
             my @line = ();
             foreach my $item (@cols) {
                 push @line,&Apache::loncommon::csv_translate($in{$item});
@@ -2766,9 +2865,9 @@ END
             my $col = 0;
             foreach my $item (@cols) {
                 if ($item eq 'start' || $item eq 'end') {
-                    if (defined($item) && $item != 0) {
+                    if ((defined($in{$item})) && ($in{$item} != 0)) {
                         $excel_sheet->write($row,$col++,
-                            &Apache::lonstathelpers::calc_serial($in{item}),
+                            &Apache::lonstathelpers::calc_serial($in{$item}),
                                     $format->{'date'});
                     } else {
                         $excel_sheet->write($row,$col++,'none');
@@ -2923,7 +3022,7 @@ sub print_username_link {
         $output = $in->{'username'};
     } else {
         $output = '<a href="javascript:username_display_launch('.
-                  "'$in->{'username'}','$in->{'domain'}'".')" />'.
+                  "'$in->{'username'}','$in->{'domain'}'".')">'.
                   $in->{'username'}.'</a>';
     }
     return $output;
@@ -2935,7 +3034,6 @@ sub role_type_names {
                          'author' => 'Co-Author Roles',
                          'course' => 'Course Roles',
                          'community' => 'Community Roles',
-
              );
     return %lt;
 }
@@ -3097,7 +3195,7 @@ END
         } else {
             opener.document.$callingform.retainsec.value = formname.retainsec.value;
         }
-        setSections(formname);
+        setSections(formname,'$crstype');
         if (seccheck == 'ok') {
             opener.document.$callingform.newsecs.value = formname.sections.value;
         }
@@ -3154,10 +3252,10 @@ ENDJS
     my %lt = &Apache::lonlocal::texthash (
                  chac => 'Access dates to apply for selected users',
                  chse => 'Changes in section affiliation to apply to selected users',
-                 fors => 'For student roles changing the section, will result in a section switch as students may only be in one section of a course at a time.',
-                 forn => 'For a role in a course that is not a student role, a user may have roles in more than one section of a course at a time.',
-                 reta => "Retain each user's current section affiliations?", 
-                 dnap => '(Does not apply to student roles).', 
+                 fors => 'For student roles, changing the section will result in a section switch as students may only be in one section of a course at a time.',
+                 forn => 'For a course role that is not "student", users may have roles in more than one section at a time.',
+                 reta => "Retain each user's current section affiliations?",
+                 dnap => '(Does not apply to student roles).',
             );
     my ($date_items,$headertext);
     if ($env{'form.bulkaction'} eq 'chgsec') {
@@ -3174,10 +3272,15 @@ ENDJS
                                           $permission,$crstype);
     }
     $output .= '<h3>'.$headertext.'</h3>'.
-               '<form name="'.$formname.'" method="post">'."\n".
+               '<form name="'.$formname.'" method="post" action="">'."\n".
                 $date_items;
     if ($context eq 'course' && $env{'form.bulkaction'} eq 'chgsec') {
         my ($cnum,$cdom) = &get_course_identity();
+        if ($crstype eq 'Community') {
+            $lt{'fors'} = &mt('For member roles, changing the section will result in a section switch, as members may only be in one section of a community at a time.');
+            $lt{'forn'} = &mt('For a community role that is not "member", users may have roles in more than one section at a time.');
+            $lt{'dnap'} = &mt('(Does not apply to member roles).'); 
+        }
         my $info;
         if ($env{'form.showrole'} eq 'st') {
             $output .= '<p>'.$lt{'fors'}.'</p>'; 
@@ -3216,7 +3319,7 @@ sub section_picker {
     my ($cdom,$cnum,$role,$rowtitle,$permission,$context,$mode,$crstype) = @_;
     my %sections_count = &Apache::loncommon::get_sections($cdom,$cnum);
     my $sections_select .= &course_sections(\%sections_count,$role);
-    my $secbox = '<p>'.&Apache::lonhtmlcommon::start_pick_box()."\n";
+    my $secbox = '<div>'.&Apache::lonhtmlcommon::start_pick_box()."\n";
     if ($mode eq 'upload') {
         my ($options,$cb_script,$coursepick) =
             &default_role_selector($context,1,$crstype);
@@ -3229,7 +3332,7 @@ sub section_picker {
                    '<td align="center">'.&mt('Existing sections')."\n".
                    '<br />'.$sections_select.'</td><td align="center">'.
                    &mt('New section').'<br />'."\n".
-                   '<input type="text" name="newsec" size="15" />'."\n".
+                   '<input type="text" name="newsec" size="15" value="" />'."\n".
                    '<input type="hidden" name="sections" value="" />'."\n".
                    '</td></tr></table>'."\n";
     } else {
@@ -3238,7 +3341,7 @@ sub section_picker {
                    $env{'request.course.sec'};
     }
     $secbox .= &Apache::lonhtmlcommon::row_closure(1)."\n".
-               &Apache::lonhtmlcommon::end_pick_box().'</p>';
+               &Apache::lonhtmlcommon::end_pick_box().'</div>';
     return $secbox;
 }
 
@@ -3294,7 +3397,7 @@ sub results_header_row {
         if ($viewablesec ne '') {
             if ($env{'form.showrole'} eq 'st') {
                 $constraint = &mt('only users in section "[_1]"',$viewablesec);
-            } elsif ($env{'form.showrole'} ne 'cc') {
+            } elsif (($env{'form.showrole'} ne 'cc') && ($env{'form.showrole'} ne 'co')) {
                 $constraint = &mt('only users affiliated with no section or section "[_1]"',$viewablesec);
             }
             if (($env{'form.grpfilter'} ne 'all') && ($env{'form.grpfilter'} ne '')) {
@@ -3379,12 +3482,11 @@ sub results_header_row {
                 if ($rolefilter eq 'Any') {
                     $description .= &mt('All users with co-author roles in domain',$showfilter);
                 } else {
-                    $description .= &mt('All co-authors in domain  with [_1] roles',$rolefilter);
+                    $description .= &mt('All co-authors in domain with [_1] roles',$rolefilter);
                 }
             }
         } elsif (($env{'form.roletype'} eq 'course') || 
                  ($env{'form.roletype'} eq 'community')) {
-
             my $coursefilter = $env{'form.coursepick'};
             if ($env{'form.roletype'} eq 'course') {
                 if ($coursefilter eq 'category') {
@@ -3637,24 +3739,26 @@ sub print_first_users_upload_form {
     $str .= '<input type="hidden" name="action" value="upload" />';
     $str .= '<input type="hidden" name="state"  value="got_file" />';
 
-
     $str .= '<h2>'.&mt('Upload a file containing information about users').'</h2>'."\n";
 
     # Excel and CSV Help
-    $str .= '<p>'
+    $str .= '<div class="LC_left_float">'
            .&Apache::loncommon::help_open_topic("Course_Create_Class_List",
                 &mt("How do I create a users list from a spreadsheet"))
-           ."<br />\n"
+           .'</div><div class="LC_left_float">'."\n"
            .&Apache::loncommon::help_open_topic("Course_Convert_To_CSV",
                 &mt("How do I create a CSV file from a spreadsheet"))
-           ."</p>\n";
-
+           .'</div><br clear="all" />'."\n";
     $str .= &Apache::lonhtmlcommon::start_pick_box()
-           .&Apache::lonhtmlcommon::row_title(&mt('File'))
-           .'<p class="LC_info">'."\n"
-           .&mt('Please upload an UTF8 encoded file to ensure a correct character encoding in your classlist.')."\n"
-           .'</p>'."\n"
-           .&Apache::loncommon::upfile_select_html()
+           .&Apache::lonhtmlcommon::row_title(&mt('File'));
+    if (&Apache::lonlocal::current_language() ne 'en') {
+        if ($context eq 'course') { 
+            $str .= '<p class="LC_info">'."\n"
+                   .&mt('Please upload an UTF8 encoded file to ensure a correct character encoding in your classlist.')."\n"
+                   .'</p>'."\n";
+        }
+    }
+    $str .= &Apache::loncommon::upfile_select_html()
            .&Apache::lonhtmlcommon::row_closure()
            .&Apache::lonhtmlcommon::row_title(
                 '<label for="noFirstLine">'
@@ -3668,8 +3772,6 @@ sub print_first_users_upload_form {
            .'<input type="submit" name="fileupload" value="'.&mt('Next').'" />'
            .'</p>';
 
-    $str .= &Apache::loncommon::end_page();
-
     $r->print($str);
     return;
 }
@@ -3731,7 +3833,7 @@ sub upfile_drop_add {
     }
     my ($startdate,$enddate) = &get_dates_from_form();
     if ($env{'form.makedatesdefault'}) {
-        $r->print(&make_dates_default($startdate,$enddate,$context,$crstype);
+        $r->print(&make_dates_default($startdate,$enddate,$context,$crstype));
     }
     # Determine domain and desired host (home server)
     my $defdom=$env{'request.role.domain'};
@@ -3790,7 +3892,7 @@ sub upfile_drop_add {
         } elsif ($setting eq 'course') {
             $defaultrole = $env{'form.courserole'};
             $defaultsec = $env{'form.sections'};
-        }
+        }  
     } elsif ($context eq 'author') {
         $defaultrole = $env{'form.defaultrole'};
     } elsif ($context eq 'course') {
@@ -3897,15 +3999,22 @@ sub upfile_drop_add {
                 $r->print($groupwarn.'<br />');
             }
         }
-        my (%curr_rules,%got_rules,%alerts);
-        my %customroles = &my_custom_roles();
+        my (%curr_rules,%got_rules,%alerts,%cancreate);
+        my %customroles = &my_custom_roles($crstype);
         my @permitted_roles = 
-            &roles_on_upload($context,$setting,$crstype,%customroles); 
+            &roles_on_upload($context,$setting,$crstype,%customroles);
+        my %longtypes = &Apache::lonlocal::texthash(
+                            official   => 'Institutional',
+                            unofficial => 'Non-institutional',
+                        );
+        my $newuserdom = $env{'request.role.domain'};
+        map { $cancreate{$_} = &can_create_user($newuserdom,$context,$_); } keys(%longtypes);
         # Get new users list
         foreach my $line (@userdata) {
             my @secs;
             my %entries=&Apache::loncommon::record_sep($line);
             # Determine user name
+            $entries{$fields{'username'}} =~ s/^\s+|\s+$//g;
             unless (($entries{$fields{'username'}} eq '') ||
                     (!defined($entries{$fields{'username'}}))) {
                 my ($fname, $mname, $lname,$gen) = ('','','','');
@@ -3926,13 +4035,20 @@ sub upfile_drop_add {
                         $gen=$entries{$fields{'gen'}};
                     }
                 }
+
                 if ($entries{$fields{'username'}}
                     ne &LONCAPA::clean_username($entries{$fields{'username'}})) {
+                    my $nowhitespace;
+                    if ($entries{$fields{'username'}} =~ /\s/) {
+                        $nowhitespace = ' - '.&mt('usernames may not contain spaces.');
+                    }
                     $r->print('<br />'.
       &mt('[_1]: Unacceptable username for user [_2] [_3] [_4] [_5]',
-          '<b>'.$entries{$fields{'username'}}.'</b>',$fname,$mname,$lname,$gen));
+          '<b>'.$entries{$fields{'username'}}.'</b>',$fname,$mname,$lname,$gen).
+                              $nowhitespace);
                     next;
                 } else {
+                    $entries{$fields{'domain'}} =~ s/^\s+|\s+$//g;
                     if ($entries{$fields{'domain'}} 
                         ne &LONCAPA::clean_domain($entries{$fields{'domain'}})) {
                         $r->print('<br />'. '<b>'.$entries{$fields{'domain'}}.
@@ -3991,6 +4107,7 @@ sub upfile_drop_add {
                     # determine email address
                     my $email='';
                     if (defined($fields{'email'})) {
+                        $entries{$fields{'email'}} =~ s/^\s+|\s+$//g;
                         if (defined($entries{$fields{'email'}})) {
                             $email=$entries{$fields{'email'}};
                             unless ($email=~/^[^\@]+\@[^\@]+$/) { $email=''; }
@@ -4037,7 +4154,7 @@ sub upfile_drop_add {
                         $role = $defaultrole;
                     }
                     # Clean up whitespace
-                    foreach (\$id,\$fname,\$mname,\$lname,\$gen) {
+                    foreach (\$id,\$fname,\$mname,\$lname,\$gen,\$inststatus) {
                         $$_ =~ s/(\s+$|^\s+)//g;
                     }
                     # check against rules
@@ -4046,20 +4163,52 @@ sub upfile_drop_add {
                     my (%rulematch,%inst_results,%idinst_results);
                     my $uhome=&Apache::lonnet::homeserver($username,$userdomain);
                     if ($uhome eq 'no_host') {
-                        next if ($userdomain ne $domain);
+                        if ($userdomain ne $newuserdom) {
+                            if ($context eq 'course') {
+                                $r->print('<br />'.
+                                          &mt('[_1]: The domain specified ([_2]) is different to that of the course.',
+                                          '<b>'.$username.'</b>',$userdomain).'<br />');
+                            } elsif ($context eq 'author') {
+                                $r->print(&mt('[_1]: The domain specified ([_2]) is different to that of the author.',
+                                        '<b>'.$username.'</b>',$userdomain).'<br />'); 
+                            } else {
+                                $r->print(&mt('[_1]: The domain specified ([_2]) is different to that of your current role.',
+                                        '<b>'.$username.'</b>',$userdomain).'<br />');
+                            }
+                            $r->print(&mt('The user does not already exist, and you may not create a new user in a different domain.'));
+                            next;
+                        }
                         $checkid = 1;
                         $newuser = 1;
+                        my $user = $username.':'.$newuserdom;
                         my $checkhash;
                         my $checks = { 'username' => 1 };
-                        $checkhash->{$username.':'.$domain} = { 'newuser' => 1, };
+                        $checkhash->{$username.':'.$newuserdom} = { 'newuser' => 1, };
                         &Apache::loncommon::user_rule_check($checkhash,$checks,
                             \%alerts,\%rulematch,\%inst_results,\%curr_rules,
                             \%got_rules);
                         if (ref($alerts{'username'}) eq 'HASH') {
-                            if (ref($alerts{'username'}{$domain}) eq 'HASH') {
-                                next if ($alerts{'username'}{$domain}{$username});
+                            if (ref($alerts{'username'}{$newuserdom}) eq 'HASH') {
+                                if ($alerts{'username'}{$newuserdom}{$username}) {
+                                    $r->print('<br />'.
+                                              &mt('[_1]: matches the username format at your institution, but is not known to your directory service.','<b>'.$username.'</b>').'<br />'.
+                                              &mt('Consequently, the user was not created.'));
+                                    next;
+                                }
+                            }
+                        }
+                        my $usertype = 'unofficial';
+                        if (ref($rulematch{$user}) eq 'HASH') {
+                            if ($rulematch{$user}{'username'}) {
+                                $usertype = 'official';
                             }
                         }
+                        unless ($cancreate{$usertype}) {
+                            my $showtype = $longtypes{$usertype};
+                            $r->print('<br />'.
+                                      &mt('[_1]: The user does not exist, and you are not permitted to create users of type: [_2].','<b>'.$username.'</b>',$showtype));
+                            next;
+                        }
                     } else {
                         if ($context eq 'course' || $context eq 'author') {
                             if ($userdomain eq $domain ) {
@@ -4110,7 +4259,12 @@ sub upfile_drop_add {
                                 \%got_rules);
                             if (ref($alerts{'id'}) eq 'HASH') {
                                 if (ref($alerts{'id'}{$userdomain}) eq 'HASH') {
-                                    next if ($alerts{'id'}{$userdomain}{$id});
+                                    if ($alerts{'id'}{$userdomain}{$id}) {
+                                        $r->print(&mt('[_1]: has a student/employee ID matching the format at your institution, but the ID is found by your directory service.',
+                                                  '<b>'.$username.'</b>').'<br />'.
+                                                  &mt('Consequently, the user was not created.'));
+                                        next;
+                                    }
                                 }
                             }
                         }
@@ -4142,7 +4296,7 @@ sub upfile_drop_add {
                                         $role = 'cr_'.$env{'user.domain'}.'_'.
                                                 $env{'user.name'}.'_'.$role;
                                     }
-                                    if ($role ne 'cc') { 
+                                    if (($role ne 'cc') && ($role ne 'co')) { 
                                         if (@secs > 1) {
                                             $multiple = 1;
                                             foreach my $sec (@secs) {
@@ -4205,7 +4359,7 @@ sub upfile_drop_add {
             }
         } # end of foreach (@userdata)
         # Flush the course logs so reverse user roles immediately updated
-        &Apache::lonnet::flushcourselogs();
+        $r->register_cleanup(\&Apache::lonnet::flushcourselogs);
         $r->print("</p>\n<p>\n".&mt('Processed [quant,_1,user].',$counts{'user'}).
                   "</p>\n");
         if ($counts{'role'} > 0) {
@@ -4369,10 +4523,9 @@ sub print_drop_menu {
 # ================================================================== Phase four
 
 sub update_user_list {
-    my ($r,$context,$setting,$choice) = @_;
+    my ($r,$context,$setting,$choice,$crstype) = @_;
     my $now = time;
     my $count=0;
-    my $crstype;
     if ($context eq 'course') {
         $crstype = &Apache::loncommon::course_type();
     }
@@ -4387,7 +4540,7 @@ sub update_user_list {
                                    'reenable' => 'Re-enabled',
                                    'activate' => 'Activated',
                                    'chgdates' => 'Changed Access Dates for',
-                                   'chgsec'   => 'Changed section for',
+                                   'chgsec'   => 'Changed section(s) for',
                                    'drop'     => 'Dropped',
                                  },
                         error => {'revoke'    => 'revoking',
@@ -4404,8 +4557,9 @@ sub update_user_list {
         ($startdate,$enddate) = &get_dates_from_form();
     }
     foreach my $item (@changelist) {
-        my ($role,$uname,$udom,$cid,$sec,$scope,$result,$type,$locktype,@sections,
-            $scopestem);
+        my ($role,$uname,$udom,$cid,$sec,$scope,$result,$type,$locktype,
+            @sections,$scopestem,$singlesec,$showsecs,$warn_singlesec,
+            $nothingtodo,$keepnosection);
         if ($choice eq 'drop') {
             ($uname,$udom,$sec) = split(/:/,$item,-1);
             $role = 'st';
@@ -4503,15 +4657,24 @@ sub update_user_list {
                 }
             } elsif ($choice eq 'chgsec') {
                 my (@newsecs,$revresult,$nochg,@retained);
-                if ($role ne 'cc') {
-                    @newsecs = split(/,/,$env{'form.newsecs'});
+                if (($role ne 'cc') && ($role ne 'co')) {
+                    my @secs = sort(split(/,/,$env{'form.newsecs'}));
+                    if (@secs) {
+                        my %curr_groups = &Apache::longroup::coursegroups();
+                        foreach my $sec (@secs) {
+                            next if (($sec =~ /\W/) || ($sec eq 'none') ||
+                            (exists($curr_groups{$sec})));
+                            push(@newsecs,$sec);
+                        }
+                    }
                 }
                 # remove existing section if not to be retained.   
-                if (!$env{'form.retainsec'}) {
+                if (!$env{'form.retainsec'} || ($role eq 'st')) {
                     if ($sec eq '') {
                         if (@newsecs == 0) {
-                            $result = &mt('No change in section assignment (none)');
+                            $result = 'ok';
                             $nochg = 1;
+                            $nothingtodo = 1;
                         } else {
                             $revresult =
                                 &Apache::lonnet::revokerole($udom,$uname,
@@ -4538,13 +4701,23 @@ sub update_user_list {
                 } else {
                     if ($sec eq '') {
                         $nochg = 1;
-                    } else { 
+                        $keepnosection = 1;
+                    } else {
                         push(@retained,$sec);
                     }
                 }
                 # add new sections
+                my (@diffs,@shownew);
+                if (@retained) {
+                    @diffs = &Apache::loncommon::compare_arrays(\@retained,\@newsecs);
+                } else {
+                    @diffs = @newsecs;
+                }
                 if (@newsecs == 0) {
-                    if (!$nochg) {
+                    if ($nochg) {
+                        $result = 'ok';
+                        $nothingtodo = 1;
+                    } else {
                         if ($role eq 'st') {
                             $result = 
                                 &Apache::lonnet::modify_student_enrollment($udom,$uname,undef,undef,undef,undef,undef,undef,$end,$start,$type,$locktype,$cid,'',$context);
@@ -4553,22 +4726,58 @@ sub update_user_list {
                             $result = &Apache::lonnet::assignrole($udom,$uname,$newscope,$role,$end,$start,'','',$context);
                         }
                     }
+                    $showsecs = &mt('No section');
+                } elsif (@diffs == 0) {
+                    $result = 'ok';
+                    $nothingtodo = 1;
                 } else {
-                    foreach my $newsec (@newsecs) { 
+                    foreach my $newsec (@newsecs) {
                         if (!grep(/^\Q$newsec\E$/,@retained)) {
                             if ($role eq 'st') {
                                 $result = &Apache::lonnet::modify_student_enrollment($udom,$uname,undef,undef,undef,undef,undef,$newsec,$end,$start,$type,$locktype,$cid,'',$context);
+                                if (@newsecs > 1) {
+                                    my $showsingle; 
+                                    if ($newsec eq '') {
+                                        $showsingle = &mt('No section');
+                                    } else {
+                                        $showsingle = $newsec;
+                                    }
+                                    if ($crstype eq 'Community') {
+                                        $warn_singlesec = &mt('Although more than one section was indicated, a role was only added for the first section - [_1], as each community member may only be in one section at a time.','<i>'.$showsingle.'</i>');
+                                    } else { 
+                                        $warn_singlesec = &mt('Although more than one section was indicated, a role was only added for the first section - [_1], as each student may only be in one section of a course at a time.','<i>'.$showsingle.'</i>');
+                                    }
+                                    $showsecs = $showsingle; 
+                                    last;
+                                } else {
+                                    if ($newsec eq '') {
+                                        $showsecs = &mt('No section');
+                                    } else {
+                                        $showsecs = $newsec;
+                                    }
+                                }
                             } else {
                                 my $newscope = $scopestem;
                                 if ($newsec ne '') {
                                    $newscope .= '/'.$newsec;
+                                   push(@shownew,$newsec); 
                                 }
                                 $result = &Apache::lonnet::assignrole($udom,$uname,
                                                         $newscope,$role,$end,$start);
+                                
                             }
                         }
                     }
                 }
+                unless ($role eq 'st') {
+                    unless ($showsecs) {
+                        my @tolist = sort(@shownew,@retained);
+                        if ($keepnosection) {
+                            push(@tolist,&mt('No section'));
+                        }
+                        $showsecs = join(', ',@tolist);
+                    }
+                }
             }
         }
         my $extent = $scope;
@@ -4579,13 +4788,48 @@ sub update_user_list {
             }
         }
         if ($result eq 'ok' || $result eq 'ok:') {
-            $r->print(&mt("$result_text{'ok'}{$choice} role of '[_1]' in [_2] for [_3]",
-                          $plrole,$extent,$uname.':'.$udom).'<br />');
-            $count++;
+            my $dates;
+            if (($choice eq 'chgsec') || ($choice eq 'chgdates')) {
+                $dates = &dates_feedback($start,$end,$now);
+            }
+            if ($choice eq 'chgsec') {
+                if ($nothingtodo) {
+                    $r->print(&mt("Section assignment for role of '[_1]' in [_2] for '[_3]' unchanged.",$plrole,$extent,'<i>'.
+                          &Apache::loncommon::plainname($uname,$udom).
+                          '</i>').' ');
+                    if ($sec eq '') {
+                        $r->print(&mt('[_1]No section[_2] - [_3]','<b>','</b>',$dates));
+                    } else {
+                        $r->print(&mt('Section(s): [_1] - [_2]',
+                                      '<b>'.$showsecs.'</b>',$dates));
+                    }
+                    $r->print('<br />');
+                } else {
+                    $r->print(&mt("$result_text{'ok'}{$choice} role of '[_1]' in [_2] for '[_3]' to [_4] - [_5]",$plrole,$extent,
+                        '<i>'.&Apache::loncommon::plainname($uname,$udom).'</i>',
+                        '<b>'.$showsecs.'</b>',$dates).'<br />');
+                   $count ++;
+               }
+               if ($warn_singlesec) {
+                   $r->print('<div class="LC_warning">'.$warn_singlesec.'</div>');
+               }
+            } elsif ($choice eq 'chgdates') {
+                $r->print(&mt("$result_text{'ok'}{$choice} role of '[_1]' in [_2] for '[_3]' - [_4]",$plrole,$extent, 
+                      '<i>'.&Apache::loncommon::plainname($uname,$udom).'</i>',
+                      $dates).'<br />');
+               $count ++;
+            } else {
+                $r->print(&mt("$result_text{'ok'}{$choice} role of '[_1]' in [_2] for '[_3]'.",$plrole,$extent,
+                      '<i>'.&Apache::loncommon::plainname($uname,$udom).'</i>').
+                          '<br />');
+                $count ++;
+            }
         } else {
             $r->print(
-                &mt("Error $result_text{'error'}{$choice} [_1] in [_2] for [_3]: [_4].",
-                    $plrole,$extent,$uname.':'.$udom,$result).'<br />');
+                &mt("Error $result_text{'error'}{$choice} [_1] in [_2] for '[_3]': [_4].",
+                    $plrole,$extent,
+                    '<i>'.&Apache::loncommon::plainname($uname,$udom).'</i>',
+                    $result).'<br />');
         }
     }
     $r->print('<form name="studentform" method="post" action="/adm/createuser">'."\n");
@@ -4601,13 +4845,13 @@ sub update_user_list {
             }
         }
     }
-    $r->print('<p><b>'.&mt("$result_text{'ok'}{$choice} role(s) for [quant,_1,user,users,no users].",$count).'</b></p>');
+    $r->print('<p><b>'.&mt("$result_text{'ok'}{$choice} for [quant,_1,user role,user roles,no user roles].",$count).'</b></p>');
     if ($count > 0) {
         if ($choice eq 'revoke' || $choice eq 'drop') {
             $r->print('<p>'.&mt('Re-enabling will re-activate data for the role.').'</p>');
         }
         # Flush the course logs so reverse user roles immediately updated
-        &Apache::lonnet::flushcourselogs();
+        $r->register_cleanup(\&Apache::lonnet::flushcourselogs);
     }
     if ($env{'form.makedatesdefault'}) {
         if ($choice eq 'chgdates' || $choice eq 'reenable' || $choice eq 'activate') {
@@ -4621,6 +4865,27 @@ sub update_user_list {
     $r->print('<a href="javascript:document.studentform.submit()">'.$linktext.'</a></form>'."\n");
 }
 
+sub dates_feedback {
+    my ($start,$end,$now) = @_;
+    my $dates;
+    if ($start < $now) {
+        if ($end == 0) {
+            $dates .= &mt('role(s) active now; no end date');
+        } elsif ($end > $now) {
+            $dates = &mt('role(s) active now; ends [_1].',&Apache::lonlocal::locallocaltime($end));
+        } else {
+            $dates = &mt('role(s) expired: [_1].',&Apache::lonlocal::locallocaltime($end));
+        }
+     } else {
+        if ($end == 0 || $end > $now) {
+            $dates = &mt('future role(s); starts: [_1].',&Apache::lonlocal::locallocaltime($start));
+        } else {
+            $dates = &mt('role(s) expired: [_1].',&Apache::lonlocal::locallocaltime($end));
+        }
+    }
+    return $dates;
+}
+
 sub classlist_drop {
     my ($scope,$uname,$udom,$now) = @_;
     my ($cdom,$cnum) = ($scope=~m{^/($match_domain)/($match_courseid)});
@@ -4758,7 +5023,7 @@ sub get_groupslist {
 }
 
 sub setsections_javascript {
-    my ($formname,$groupslist,$mode,$checkauth) = @_;
+    my ($formname,$groupslist,$mode,$checkauth,$crstype) = @_;
     my ($checkincluded,$finish,$rolecode,$setsection_js);
     if ($mode eq 'upload') {
         $checkincluded = 'formname.name == "'.$formname.'"';
@@ -4797,8 +5062,11 @@ sub setsections_javascript {
     }
     my %alerts = &Apache::lonlocal::texthash(
                     secd => 'Section designations do not apply to Course Coordinator roles.',
+                    sedn => 'Section designations do not apply to Coordinator roles.',
                     accr => 'A course coordinator role will be added with access to all sections.',
+                    acor => 'A coordinator role will be added with access to all sections',
                     inea => 'In each course, each user may only have one student role at a time.',
+                    inco => 'In each community, each user may only have one member role at a time.',
                     youh => 'You had selected ',
                     secs => 'sections.',
                     plmo => 'Please modify your selections so they include no more than one section.',
@@ -4806,78 +5074,123 @@ sub setsections_javascript {
                     plch => 'Please choose a different section name.',
                     mnot => 'may not be used as a section name, as it is the name of a course group.',
                     secn => 'Section names and group names must be distinct. Please choose a different section name.',
+                    nonw => 'Section names may only contain letters or numbers.',
                  );                
     $setsection_js .= <<"ENDSECCODE";
 
-function setSections(formname) {
+function setSections(formname,crstype) {
     var re1 = /^currsec_/;
+    var re2 =/\\W/;
+    var trimleading = /^\\s+/;
+    var trimtrailing = /\\s+\$/;
     var groups = new Array($groupslist);
     for (var i=0;i<formname.elements.length;i++) {
         var str = formname.elements[i].name;
         var checkcurr = str.match(re1);
         if (checkcurr != null) {
+            var num = i;
             if ($checkincluded) {
                 $rolecode
-                if (role == 'cc') {
-                    alert("$alerts{'secd'}\\n$alerts{'accr'}");
-                }
-                else {
+                if (role == 'cc' || role == 'co') {
+                    if (role == 'cc') {
+                        alert("$alerts{'secd'}\\n$alerts{'accr'}");
+                    } else {
+                        alert("$alerts{'sedn'}\\n$alerts{'acor'}");
+                    }
+                } else {
                     var sections = '';
                     var numsec = 0;
-                    var sections;
-                    for (var j=0; j<formname.elements[i].length; j++) {
-                        if (formname.elements[i].options[j].selected == true ) {
-                            if (formname.elements[i].options[j].value != "") {
+                    var fromexisting = new Array();
+                    for (var j=0; j<formname.elements[num].length; j++) {
+                        if (formname.elements[num].options[j].selected == true ) {
+                            var addsec = formname.elements[num].options[j].value;
+                            if ((addsec != "") && (addsec != null)) {
+                                fromexisting.push(addsec);
                                 if (numsec == 0) {
-                                    if (formname.elements[i].options[j].value != "") {
-                                        sections = formname.elements[i].options[j].value;
-                                        numsec ++;
-                                    }
-                                }
-                                else {
-                                    sections = sections + "," +  formname.elements[i].options[j].value
-                                    numsec ++;
+                                    sections = addsec;
+                                } else {
+                                    sections = sections + "," +  addsec;
                                 }
+                                numsec ++;
                             }
                         }
                     }
-                    if (numsec > 0) {
-                        if (formname.elements[i+1].value != "" && formname.elements[i+1].value != null) {
-                            sections = sections + "," +  formname.elements[i+1].value;
-                        }
-                    }
-                    else {
-                        sections = formname.elements[i+1].value;
-                    }
-                    var newsecs = formname.elements[i+1].value;
-                    var numsplit;
+                    var newsecs = formname.elements[num+1].value;
+                    var validsecs = new Array();
+                    var validsecstr = '';
+                    var badsecs = new Array();
                     if (newsecs != null && newsecs != "") {
-                        numsplit = newsecs.split(/,/g);
-                        numsec = numsec + numsplit.length;
+                        var numsplit;
+                        if (newsecs.indexOf(',') == -1) {
+                            numsplit = new Array(newsecs);
+                        } else {
+                            numsplit = newsecs.split(/,/g);
+                        }
+                        for (var m=0; m<numsplit.length; m++) {
+                            var newsec = numsplit[m];
+                            newsec = newsec.replace(trimleading,'');
+                            newsec = newsec.replace(trimtrailing,'');
+                            if (re2.test(newsec) == true) {
+                                badsecs.push(newsec);
+                            } else {
+                                if (newsec != '') {
+                                    var isnew = 1;
+                                    if (fromexisting != null) {
+                                        for (var n=0; n<fromexisting.length; n++) {
+                                            if (newsec == fromexisting[n]) {
+                                                isnew = 0;
+                                            }
+                                        }
+                                    }
+                                    if (isnew == 1) {
+                                        validsecs.push(newsec);
+                                    }
+                                }
+                            }
+                        }
+                        if (badsecs.length > 0) {
+                            alert("$alerts{'nonw'}\\n$alerts{'plch'}");
+                            return;
+                        }
+                        numsec = numsec + validsecs.length;
                     }
-
                     if ((role == 'st') && (numsec > 1)) {
-                        alert("$alerts{'inea'} $alerts{'youh'} "+numsec+" $alerts{'secs'}\\n$alerts{'plmo'}")
+                        if (crstype == 'Community') {
+                            alert("$alerts{'inea'} $alerts{'youh'} "+numsec+" $alerts{'secs'}\\n$alerts{'plmo'}");
+                        } else {
+                            alert("$alerts{'inco'} $alerts{'youh'} "+numsec+" $alerts{'secs'}\\n$alerts{'plmo'}");
+                        }
                         return;
-                    }
-                    else {
-                        if (numsplit != null) {
-                            for (var j=0; j<numsplit.length; j++) {
-                                if ((numsplit[j] == 'all') ||
-                                    (numsplit[j] == 'none')) {
-                                    alert("'"+numsplit[j]+"' $alerts{'mayn'}\\n$alerts{'plch'}");
+                    } else {
+                        if (validsecs != null) {
+                            for (var j=0; j<validsecs.length; j++) {
+                                if (validsecstr == '' || validsecstr == null) {
+                                    validsecstr = validsecs[j];
+                                } else {
+                                    validsecstr += ','+validsecs[j];
+                                }
+                                if ((validsecs[j] == 'all') ||
+                                    (validsecs[j] == 'none')) {
+                                    alert("'"+validsecs[j]+"' $alerts{'mayn'}\\n$alerts{'plch'}");
                                     return;
                                 }
                                 for (var k=0; k<groups.length; k++) {
-                                    if (numsplit[j] == groups[k]) {
-                                        alert("'"+numsplit[j]+"' $alerts{'mnot'}\\n$alerts{'secn'}");
+                                    if (validsecs[j] == groups[k]) {
+                                        alert("'"+validsecs[j]+"' $alerts{'mnot'}\\n$alerts{'secn'}");
                                         return;
                                     }
                                 }
                             }
                         }
-                        formname.elements[i+2].value = sections;
                     }
+                    if ((validsecstr != '') && (validsecstr != null)) {
+                        if ((sections == '') || (sections == null)) {
+                            sections = validsecstr;
+                        } else {
+                            sections = sections + "," + validsecstr;
+                        }
+                    }
+                    formname.elements[num+2].value = sections;
                 }
             }
         }
@@ -4974,18 +5287,40 @@ sub can_modify_userinfo {
 }
 
 sub check_usertype {
-    my ($dom,$uname,$rules) = @_;
+    my ($dom,$uname,$rules,$curr_rules,$got_rules) = @_;
     my $usertype;
-    if (ref($rules) eq 'HASH') {
-        my @user_rules = keys(%{$rules});
-        if (@user_rules > 0) {
-            my %rule_check = &Apache::lonnet::inst_rulecheck($dom,$uname,undef,'username',\@user_rules);
-            if (keys(%rule_check) > 0) {
-                $usertype = 'unofficial';
-                foreach my $item (keys(%rule_check)) {
-                    if ($rule_check{$item}) {
-                        $usertype = 'official';
-                        last;
+    if ((ref($got_rules) eq 'HASH') && (ref($curr_rules) eq 'HASH')) {
+        if (!$got_rules->{$dom}) {
+            my %domconfig = &Apache::lonnet::get_dom('configuration',
+                                              ['usercreation'],$dom);
+            if (ref($domconfig{'usercreation'}) eq 'HASH') {
+                foreach my $item ('username','id') {
+                    if (ref($domconfig{'usercreation'}{$item.'_rule'}) eq 'ARRAY') {
+                        $curr_rules->{$dom}{$item} =
+                                $domconfig{'usercreation'}{$item.'_rule'};
+                    }
+                }
+            }
+            $got_rules->{$dom} = 1;
+        }
+        if (ref($rules) eq 'HASH') {
+            my @user_rules;
+            if (ref($curr_rules->{$dom}{'username'}) eq 'ARRAY') {
+                foreach my $rule (keys(%{$rules})) {
+                    if (grep(/^\Q$rule\E/,@{$curr_rules->{$dom}{'username'}})) {
+                        push(@user_rules,$rule);
+                    }
+                } 
+            }
+            if (@user_rules > 0) {
+                my %rule_check = &Apache::lonnet::inst_rulecheck($dom,$uname,undef,'username',\@user_rules);
+                if (keys(%rule_check) > 0) {
+                    $usertype = 'unofficial';
+                    foreach my $item (keys(%rule_check)) {
+                        if ($rule_check{$item}) {
+                            $usertype = 'official';
+                            last;
+                        }
                     }
                 }
             }
@@ -5131,6 +5466,7 @@ sub dc_setcourse_js {
     my ($formname,$mode,$context) = @_;
     my ($dc_setcourse_code,$authen_check);
     my $cctext = &Apache::lonnet::plaintext('cc');
+    my $cotext = &Apache::lonnet::plaintext('co');
     my %alerts = &sectioncheck_alerts();
     my $role = 'role';
     if ($mode eq 'upload') {
@@ -5177,7 +5513,11 @@ function setCourse() {
             numsections = numsections + newsecs.length;
         }
         if ((userrole == 'st') && (numsections > 1)) {
-            alert("$alerts{'inea'}. $alerts{'youh'} "+numsections+" $alerts{'sect'}.\\n$alerts{'plsm'}.")
+            if (document.$formname.crstype.value == 'Community') {
+                alert("$alerts{'inco'}. $alerts{'youh'} "+numsections+" $alerts{'sect'}.\\n$alerts{'plsm'}.")
+            } else {
+                alert("$alerts{'inea'}. $alerts{'youh'} "+numsections+" $alerts{'sect'}.\\n$alerts{'plsm'}.")
+            }
             return;
         }
         for (var j=0; j<newsecs.length; j++) {
@@ -5189,7 +5529,11 @@ function setCourse() {
                 var groups = document.$formname.groups.value.split(/,/g);
                 for (var k=0; k<groups.length; k++) {
                     if (newsecs[j] == groups[k]) {
-                        alert("'"+newsecs[j]+"' $alerts{'mayt'}.\\n$alerts{'secn'}. $alerts{'plsc'}.");
+                        if (document.$formname.crstype.value == 'Community') {
+                            alert("'"+newsecs[j]+"' $alerts{'mayc'}.\\n$alerts{'secn'}. $alerts{'plsc'}.");
+                        } else {
+                            alert("'"+newsecs[j]+"' $alerts{'mayt'}.\\n$alerts{'secn'}. $alerts{'plsc'}.");
+                        }
                         return;
                     }
                 }
@@ -5199,13 +5543,21 @@ function setCourse() {
             alert("$alerts{'secd'} $cctext $alerts{'role'}.\\n$alerts{'accr'}.");
             section = "";
         }
+        if ((userrole == 'co') && (numsections > 0)) {
+            alert("$alerts{'secd'} $cotext $alerts{'role'}.\\n$alerts{'accr'}.");
+            section = "";
+        }
 SCRIPTTOP
     if ($mode ne 'upload') {
         $dc_setcourse_code .= (<<"ENDSCRIPT");
         var coursename = "_$env{'request.role.domain'}"+"_"+course+"_"+userrole
         var numcourse = getIndex(document.$formname.dccourse);
         if (numcourse == "-1") {
-            alert("$alerts{'thwa'}");
+            if (document.$formname.type == 'Community') {
+                alert("$alerts{'thwc'}");
+            } else {
+                alert("$alerts{'thwa'}");
+            }
             return;
         }
         else {
@@ -5314,19 +5666,22 @@ ENDSCRIPT
 
 sub sectioncheck_alerts {
     my %alerts = &Apache::lonlocal::texthash(
-                    curd => 'You must select a course in the current domain',
+                    curd => 'You must select a course or community in the current domain',
                     inea => 'In each course, each user may only have one student role at a time',
+                    inco => 'In each community, each user may only have one member role at a time', 
                     youh => 'You had selected',
                     sect => 'sections',
                     plsm => 'Please modify your selections so they include no more than one section',
                     mayn => 'may not be used as the name for a section, as it is a reserved word',
                     plsc => 'Please choose a different section name',
                     mayt => 'may not be used as the name for a section, as it is the name of a course group',
+                    mayc => 'may not be used as the name for a section, as it is the name of a community group',
                     secn => 'Section names and group names must be distinct',
                     secd => 'Section designations do not apply to ',
                     role => 'roles',
                     accr => 'role will be added with access to all sections',
-                    thwa => 'There was a problem with your course selection'
+                    thwa => 'There was a problem with your course selection',
+                    thwc => 'There was a problem with your community selection',
                  );
     return %alerts;
 }