--- loncom/lonsql	2013/12/01 21:29:07	1.93
+++ loncom/lonsql	2017/10/13 20:37:46	1.96
@@ -3,7 +3,7 @@
 # The LearningOnline Network
 # lonsql - LON TCP-MySQL-Server Daemon for handling database requests.
 #
-# $Id: lonsql,v 1.93 2013/12/01 21:29:07 raeburn Exp $
+# $Id: lonsql,v 1.96 2017/10/13 20:37:46 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -458,6 +458,8 @@ sub make_new_child {
 		$result = &do_inst_dir_search($searchdomain,$arg1,$arg2,$arg3);
             } elsif ($query eq 'getinstuser') {
                 $result = &get_inst_user($searchdomain,$arg1,$arg2);
+            } elsif ($query eq 'getmultinstusers') {
+                $result = &get_multiple_instusers($searchdomain,$arg3);
             } elsif ($query eq 'prepare activity log') {
                 my ($cid,$domain) = map {&unescape($_);} ($arg1,$arg2);
                 &logthis('preparing activity log tables for '.$cid);
@@ -488,6 +490,7 @@ sub make_new_child {
                 $userdata{'domain'} = $udom;
                 $result = &allusers_table_update($query,$uname,$udom,\%userdata);
             } else {
+                # Sanity checking of $query needed.
                 # Do an sql query
                 $result = &do_sql_query($query,$arg1,$arg2,$arg3,$searchdomain);
             }
@@ -539,13 +542,20 @@ sub do_user_search {
         my %srchfield = (
                           uname    => 'username',
                           lastname => 'lastname',
+                          email    => 'permanentemail',
                         );
-        if ($srchtype eq 'exact') {
-            $query .= $srchfield{$srchby}.' = '.$dbh->quote($srchterm);
-        } elsif ($srchtype eq 'begins') {
-             $query .= $srchfield{$srchby}.' LIKE '.$dbh->quote($srchterm.'%');
+        if (exists($srchfield{$srchby})) {
+            if ($srchtype eq 'exact') {
+                $query .= $srchfield{$srchby}.' = '.$dbh->quote($srchterm);
+            } elsif ($srchtype eq 'begins') {
+                $query .= $srchfield{$srchby}.' LIKE '.$dbh->quote($srchterm.'%');
+            } else {
+                $query .= $srchfield{$srchby}.' LIKE '.$dbh->quote('%'.$srchterm.'%');
+            }
         } else {
-             $query .= $srchfield{$srchby}.' LIKE '.$dbh->quote('%'.$srchterm.'%');
+            &logthis('<font color="blue">'.
+                     'WARNING: Invalid srchby: '.$srchby.'</font>');  
+            return $result;
         }
     }
     $query .= ") ORDER BY username ";
@@ -619,6 +629,34 @@ sub get_inst_user {
     }
     return $response;
 }
+
+sub get_multiple_instusers {
+    my ($domain,$data) = @_;
+    my ($type,$users) = split(/=/,$data,2);
+    my $requested = &Apache::lonnet::thaw_unescape($users);
+    my $response;
+    if (ref($requested) eq 'HASH') {
+        my (%instusers,%instids,$result);
+        eval {
+            local($SIG{__DIE__})='DEFAULT';
+            $result=&localenroll::get_multusersinfo($domain,$type,$requested,\%instusers,
+                                                    \%instids);
+        };
+        if ($@) {
+            $response = 'error';
+        } elsif ($result eq 'ok') {
+            $response = $result;
+            if (keys(%instusers)) {
+                $response .= '='.&Apache::lonnet::freeze_escape(\%instusers);
+            }
+        } elsif ($result eq 'unavailable') {
+            $response = $result;
+        }
+    } else {
+        $response = 'invalid';
+    }
+    return $response;
+}
 
 ########################################################
 ########################################################