--- loncom/interface/lonuserutils.pm	2015/08/05 18:47:21	1.171
+++ loncom/interface/lonuserutils.pm	2016/07/24 14:34:59	1.174
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Utility functions for managing LON-CAPA user accounts
 #
-# $Id: lonuserutils.pm,v 1.171 2015/08/05 18:47:21 raeburn Exp $
+# $Id: lonuserutils.pm,v 1.174 2016/07/24 14:34:59 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -36,6 +36,7 @@ use Apache::loncommon();
 use Apache::lonhtmlcommon;
 use Apache::lonlocal;
 use Apache::longroup;
+use HTML::Entities;
 use LONCAPA qw(:DEFAULT :match);
 
 ###############################################################
@@ -2413,6 +2414,7 @@ sub make_keylist_array {
     $index->{'photo'} = &Apache::loncoursedata::CL_PHOTO();
     $index->{'thumbnail'} = &Apache::loncoursedata::CL_THUMBNAIL();
     $index->{'credits'} = &Apache::loncoursedata::CL_CREDITS();
+    $index->{'instsec'} = &Apache::loncoursedata::CL_INSTSEC();
     $index->{'authorquota'} = &Apache::loncoursedata::CL_AUTHORQUOTA();
     $index->{'authorusage'} = &Apache::loncoursedata::CL_AUTHORUSAGE();
     foreach my $key (keys(%{$index})) {
@@ -3056,13 +3058,14 @@ END
                                 if ($role eq 'st') {
                                     $checkval .= ':'.$in{'type'}.':'.
                                                  $in{'lockedtype'}.':'.
-                                                 $in{'credits'};
+                                                 $in{'credits'}.':'.
+                                                 &escape($in{'instsec'});
                                 }
                              }
                         }
                         if ($showcheckbox) {
                             $r->print('<td><input type="checkbox" name="'.
-                                      'actionlist" value="'.$checkval.'" /></td>');
+                                      'actionlist" value="'.&HTML::Entities::encode($checkval,'&<>"').'" /></td>');
                         } else {
                             $r->print('<td>&nbsp;</td>');
                         }
@@ -3077,7 +3080,7 @@ END
                 if ($item eq 'username') {
                     $r->print('<td>'.&print_username_link($mode,\%in).'</td>');
                 } elsif (($item eq 'start' || $item eq 'end') && ($actionselect)) {
-                    $r->print('<td>'.$in{$item}.'<input type="hidden" name="'.$checkval.'_'.$item.'" value="'.$sdata->[$index{$item}].'" /></td>'."\n");
+                    $r->print('<td>'.$in{$item}.'<input type="hidden" name="'.&HTML::Entities::encode($checkval.'_'.$item.'" value="'.$sdata->[$index{$item}],'&<>"').'" /></td>'."\n");
                 } elsif ($item eq 'status') {
                     my $showitem = $in{$item};
                     if (defined($ltstatus{$in{$item}})) {
@@ -4297,7 +4300,7 @@ sub upfile_drop_add {
         my $newuserdom = $env{'request.role.domain'};
         map { $cancreate{$_} = &can_create_user($newuserdom,$context,$_); } keys(%longtypes);
         # Get new users list
-        my (%existinguser,%userinfo,%disallow,%rulematch,%inst_results,%idinst_results,%alerts,%checkuname);
+        my (%existinguser,%userinfo,%disallow,%rulematch,%inst_results,%alerts,%checkuname);
         my $counter = -1;
         foreach my $line (@userdata) {
             $counter ++;
@@ -4507,7 +4510,7 @@ sub upfile_drop_add {
                         }
                         $checkid = 1;
                         $newuser = 1;
-                        $checkuname{$username.':'.$newuserdom} = { 'newuser' => 1, 'id' => 1 };
+                        $checkuname{$username.':'.$newuserdom} = { 'newuser' => $newuser, 'id' => $id };
                     } else {
                         if ($context eq 'course' || $context eq 'author') {
                             if ($userdomain eq $domain ) {
@@ -4566,34 +4569,41 @@ sub upfile_drop_add {
         } # end of foreach (@userdata)
         if ($counter > -1) {
             my $total = $counter + 1;
-            my %prog_state = &Apache::lonhtmlcommon::Create_PrgWin($r,$total);
             my %checkids;
-            if (keys(%existinguser)) {
-                foreach my $dom (keys(%existinguser)) {
-                    if (ref($existinguser{$dom}) eq 'HASH') {
-                        my %idhash = &Apache::lonnet::idrget($dom,keys(%{$existinguser{$dom}}));
-                        foreach my $username (keys(%{$existinguser{$dom}})) {
-                            if ($idhash{$username} ne $existinguser{$dom}{$username}) {
-                                $checkids{$username.':'.$dom} = { 'id' => $existinguser{$dom}{$username} };
+            if ((keys(%existinguser)) || (keys(%checkuname))) {
+                $r->print(&mt('Please be patient -- checking for institutional data ...'));
+                $r->rflush();
+                if (keys(%existinguser)) {
+                    foreach my $dom (keys(%existinguser)) {
+                        if (ref($existinguser{$dom}) eq 'HASH') {
+                            my %idhash = &Apache::lonnet::idrget($dom,keys(%{$existinguser{$dom}}));
+                            foreach my $username (keys(%{$existinguser{$dom}})) {
+                                if ($idhash{$username} ne $existinguser{$dom}{$username}) {
+                                    $checkids{$username.':'.$dom} = {
+                                                                    'id' => $existinguser{$dom}{$username},
+                                                                    };
+                                }
+                            }
+                            if (keys(%checkids)) {
+                                &Apache::loncommon::user_rule_check(\%checkids,{ 'id' => 1 },
+                                                                    \%alerts,\%rulematch,
+                                                                    \%inst_results,\%curr_rules,
+                                                                    \%got_rules);
                             }
-                        }
-                        if (keys(%checkids)) {
-                            &Apache::loncommon::user_rule_check(\%checkids,{ 'id' => 1 },
-                                                                \%alerts,\%rulematch,
-                                                                \%idinst_results,\%curr_rules,
-                                                                \%got_rules);
                         }
                     }
                 }
+                if (keys(%checkuname)) {
+                    &Apache::loncommon::user_rule_check(\%checkuname,{ 'username' => 1, 'id' => 1, },
+                                                        \%alerts,\%rulematch,\%inst_results,
+                                                        \%curr_rules,\%got_rules);
+                }
+                $r->print(' '.&mt('done').'<br /><br />');
+                $r->rflush();
             }
-            if (keys(%checkuname)) {
-                &Apache::loncommon::user_rule_check(\%checkuname,{ 'username' => 1 },
-                                                    \%alerts,\%rulematch,\%inst_results,
-                                                    \%curr_rules,\%got_rules);
-            }
+            my %prog_state = &Apache::lonhtmlcommon::Create_PrgWin($r,$total);
             $r->print('<ul>');
             for (my $i=0; $i<=$counter; $i++) {
-                &Apache::lonhtmlcommon::Increment_PrgWin($r,\%prog_state);
                 if ($disallow{$i}) {
                     $r->print('<li>'.$disallow{$i}.'</li>');
                 } elsif (ref($userinfo{$i}) eq 'HASH') {
@@ -4627,6 +4637,40 @@ sub upfile_drop_add {
                                 }
                             }
                         }
+                        if (ref($inst_results{$user}) eq 'HASH') {
+                            if ($inst_results{$user}{'firstname'} ne '') {
+                                $fname = $inst_results{$user}{'firstname'};
+                            }
+                            if ($inst_results{$user}{'middlename'} ne '') {
+                                $mname = $inst_results{$user}{'middlename'};
+                            }
+                            if ($inst_results{$user}{'lasttname'} ne '') {
+                                $lname = $inst_results{$user}{'lastname'};
+                            }
+                            if ($inst_results{$user}{'permanentemail'} ne '') {
+                                $email = $inst_results{$user}{'permanentemail'};
+                            }
+                            if ($inst_results{$user}{'id'} ne '') {
+                                $id = $inst_results{$user}{'id'};
+                                $checkid = 0;
+                            }
+                            if (ref($inst_results{$user}{'inststatus'}) eq 'ARRAY') {
+                                $inststatus = join(':',@{$inst_results{$user}{'inststatus'}});
+                            }
+                        }
+                        if (($checkid) && ($id ne '')) {
+                            if (ref($alerts{'id'}) eq 'HASH') {
+                                if (ref($alerts{'id'}{$userdomain}) eq 'HASH') {
+                                    if ($alerts{'id'}{$userdomain}{$username}) {
+                                        $r->print('<li>'.
+                                                  &mt('[_1]: has a student/employee ID matching the format at your institution, but the ID is not found by your directory service.',
+                                                  '<b>'.$username.'</b>').'<br />'.
+                                                  &mt('Consequently, the user was not created.').'</li>');
+                                        next;
+                                    }
+                                }
+                            }
+                        }
                         my $usertype = 'unofficial';
                         if (ref($rulematch{$user}) eq 'HASH') {
                             if ($rulematch{$user}{'username'}) {
@@ -4639,18 +4683,17 @@ sub upfile_drop_add {
                                       &mt('[_1]: The user does not exist, and you are not permitted to create users of type: [_2].','<b>'.$username.'</b>',$showtype).'</li>');
                             next;
                         }
-                    }
-                    if ($id ne '') {
+                    } elsif ($id ne '') {
                         if (exists($checkids{$user})) {
                             $checkid = 1; 
                             if (ref($alerts{'id'}) eq 'HASH') {
                                 if (ref($alerts{'id'}{$userdomain}) eq 'HASH') {
-                                    if ($alerts{'id'}{$userdomain}{$id}) {
+                                    if ($alerts{'id'}{$userdomain}{$username}) {
                                         $r->print('<li>'.
-                                                  &mt('[_1]: has a student/employee ID matching the format at your institution, but the ID is found by your directory service.',
+                                                  &mt('[_1]: has a student/employee ID matching the format at your institution, but the ID is not found by your directory service.',
                                                   '<b>'.$username.'</b>').'<br />'.
-                                                  &mt('Consequently, the user was not created.').'</li>');
-                                        next;
+                                                  &mt('Consequently, the ID was not changed.').'</li>');
+                                        $id = '';
                                     }
                                 }
                             }
@@ -4729,8 +4772,9 @@ sub upfile_drop_add {
                                                 $username,$userdomain,\%userchg);
                     }
                 }
-                $r->print('</ul>');
+                &Apache::lonhtmlcommon::Increment_PrgWin($r,\%prog_state,'last user');
             } # end of loop
+            $r->print('</ul>');
             &Apache::lonhtmlcommon::Close_PrgWin($r,\%prog_state);
         }
         # Flush the course logs so reverse user roles immediately updated
@@ -4939,7 +4983,7 @@ sub update_user_list {
     foreach my $item (@changelist) {
         my ($role,$uname,$udom,$cid,$sec,$scope,$result,$type,$locktype,
             @sections,$scopestem,$singlesec,$showsecs,$warn_singlesec,
-            $nothingtodo,$keepnosection,$credits);
+            $nothingtodo,$keepnosection,$credits,$instsec);
         if ($choice eq 'drop') {
             ($uname,$udom,$sec) = split(/:/,$item,-1);
             $role = 'st';
@@ -4952,8 +4996,9 @@ sub update_user_list {
                 $scope = $scopestem.'/'.$sec;
             }
         } elsif ($context eq 'course') {
-            ($uname,$udom,$role,$sec,$type,$locktype,$credits) =
-                split(/\:/,$item);
+            ($uname,$udom,$role,$sec,$type,$locktype,$credits,$instsec) =
+                split(/\:/,$item,8);
+            $instsec = &unescape($instsec);
             $cid = $env{'request.course.id'};
             $scopestem = '/'.$cid;
             $scopestem =~s/\_/\//g;
@@ -4972,8 +5017,9 @@ sub update_user_list {
             } elsif ($setting eq 'author') { 
                 ($uname,$udom,$role,$scope) = split(/\:/,$item);
             } elsif ($setting eq 'course') {
-                ($uname,$udom,$role,$cid,$sec,$type,$locktype,$credits) = 
-                    split(/\:/,$item);
+                ($uname,$udom,$role,$cid,$sec,$type,$locktype,$credits,$instsec) = 
+                    split(/\:/,$item,9);
+                $instsec = &unescape($instsec);
                 $scope = '/'.$cid;
                 $scope =~s/\_/\//g;
                 if ($sec ne '') {
@@ -4995,7 +5041,7 @@ sub update_user_list {
             $end = $now; 
             if ($role eq 'st') {
                 $result = 
-                    &Apache::lonnet::modify_student_enrollment($udom,$uname,undef,undef,undef,undef,undef,$sec,$end,$start,$type,$locktype,$cid,'',$context,$credits);
+                    &Apache::lonnet::modify_student_enrollment($udom,$uname,undef,undef,undef,undef,undef,$sec,$end,$start,$type,$locktype,$cid,'',$context,$credits,$instsec);
             } else {
                 $result = 
                     &Apache::lonnet::revokerole($udom,$uname,$scope,$role,
@@ -5003,7 +5049,7 @@ sub update_user_list {
             }
         } elsif ($choice eq 'delete') {
             if ($role eq 'st') {
-                &Apache::lonnet::modify_student_enrollment($udom,$uname,undef,undef,undef,undef,undef,$sec,$now,$start,$type,$locktype,$cid,'',$context,$credits);
+                &Apache::lonnet::modify_student_enrollment($udom,$uname,undef,undef,undef,undef,undef,$sec,$now,$start,$type,$locktype,$cid,'',$context,$credits,$instsec);
             }
             $result =
                 &Apache::lonnet::assignrole($udom,$uname,$scope,$role,$now,
@@ -5016,7 +5062,7 @@ sub update_user_list {
             }
             if ($choice eq 'reenable') {
                 if ($role eq 'st') {
-                    $result = &Apache::lonnet::modify_student_enrollment($udom,$uname,undef,undef,undef,undef,undef,$sec,$end,$start,$type,$locktype,$cid,'',$context,$credits);
+                    $result = &Apache::lonnet::modify_student_enrollment($udom,$uname,undef,undef,undef,undef,undef,$sec,$end,$start,$type,$locktype,$cid,'',$context,$credits,$instsec);
                 } else {
                     $result = 
                         &Apache::lonnet::assignrole($udom,$uname,$scope,$role,$end,
@@ -5024,14 +5070,14 @@ sub update_user_list {
                 }
             } elsif ($choice eq 'activate') {
                 if ($role eq 'st') {
-                    $result = &Apache::lonnet::modify_student_enrollment($udom,$uname,undef,undef,undef,undef,undef,$sec,$end,$start,$type,$locktype,$cid,'',$context,$credits);
+                    $result = &Apache::lonnet::modify_student_enrollment($udom,$uname,undef,undef,undef,undef,undef,$sec,$end,$start,$type,$locktype,$cid,'',$context,$credits,$instsec);
                 } else {
                     $result = &Apache::lonnet::assignrole($udom,$uname,$scope,$role,$end,
                                             $now,'','',$context);
                 }
             } elsif ($choice eq 'chgdates') {
                 if ($role eq 'st') {
-                    $result = &Apache::lonnet::modify_student_enrollment($udom,$uname,undef,undef,undef,undef,undef,$sec,$end,$start,$type,$locktype,$cid,'',$context,$credits);
+                    $result = &Apache::lonnet::modify_student_enrollment($udom,$uname,undef,undef,undef,undef,undef,$sec,$end,$start,$type,$locktype,$cid,'',$context,$credits,$instsec);
                 } else {
                     $result = &Apache::lonnet::assignrole($udom,$uname,$scope,$role,$end,
                                                 $start,'','',$context);
@@ -5101,7 +5147,7 @@ sub update_user_list {
                     } else {
                         if ($role eq 'st') {
                             $result = 
-                                &Apache::lonnet::modify_student_enrollment($udom,$uname,undef,undef,undef,undef,undef,undef,$end,$start,$type,$locktype,$cid,'',$context,$credits);
+                                &Apache::lonnet::modify_student_enrollment($udom,$uname,undef,undef,undef,undef,undef,undef,$end,$start,$type,$locktype,$cid,'',$context,$credits,$instsec);
                         } else {
                             my $newscope = $scopestem;
                             $result = &Apache::lonnet::assignrole($udom,$uname,$newscope,$role,$end,$start,'','',$context);
@@ -5115,7 +5161,7 @@ sub update_user_list {
                     foreach my $newsec (@newsecs) {
                         if (!grep(/^\Q$newsec\E$/,@retained)) {
                             if ($role eq 'st') {
-                                $result = &Apache::lonnet::modify_student_enrollment($udom,$uname,undef,undef,undef,undef,undef,$newsec,$end,$start,$type,$locktype,$cid,'',$context,$credits);
+                                $result = &Apache::lonnet::modify_student_enrollment($udom,$uname,undef,undef,undef,undef,undef,$newsec,$end,$start,$type,$locktype,$cid,'',$context,$credits,$instsec);
                                 if (@newsecs > 1) {
                                     my $showsingle; 
                                     if ($newsec eq '') {
@@ -6201,6 +6247,8 @@ sub get_extended_type {
     }
     if ($crstype eq 'Community') {
         $type = 'community';
+    } elsif ($crstype eq 'Placement') {
+        $type = 'placement';
     } elsif ($settings{'internal.coursecode'}) {
         $type = 'official';
     } elsif ($settings{'internal.textbook'}) {