--- loncom/interface/loncreateuser.pm	2001/12/19 17:17:46	1.22
+++ loncom/interface/loncreateuser.pm	2002/02/11 15:37:58	1.25
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Create a user
 #
-# $Id: loncreateuser.pm,v 1.22 2001/12/19 17:17:46 albertel Exp $
+# $Id: loncreateuser.pm,v 1.25 2002/02/11 15:37:58 matthew Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -45,8 +45,9 @@
 # April Guy Albertelli
 # 05/10,10/16 Gerd Kortemeyer 
 # 11/12,11/13,11/15 Scott Harrison
+# 02/11/02 Matthew Hall
 #
-# $Id: loncreateuser.pm,v 1.22 2001/12/19 17:17:46 albertel Exp $
+# $Id: loncreateuser.pm,v 1.25 2002/02/11 15:37:58 matthew Exp $
 ###
 
 package Apache::loncreateuser;
@@ -63,7 +64,7 @@ my $authformint;
 my $authformfsys;
 my $authformloc;
 
-sub BEGIN {
+BEGIN {
     $ENV{'SERVER_NAME'}=~/(\w+\.\w+)$/;
     my $krbdefdom=$1;
     $krbdefdom=~tr/a-z/A-Z/;
@@ -220,7 +221,7 @@ sub phase_two {
 
     $ccuname=~s/\W//g;
     $ccdomain=~s/\W//g;
-    $r->print(<<ENDENHEAD);
+    my $dochead =<<"ENDDOCHEAD";
 <html>
 <head>
 <title>The LearningOnline Network with CAPA</title>
@@ -250,44 +251,55 @@ sub phase_two {
 </script>
 </head>
 <body bgcolor="#FFFFFF">
-<img align=right src=/adm/lonIcons/lonlogos.gif>
-<h1>Create User, Change User Privileges</h1>
-<form action=/adm/createuser method=post name=cu>
-<input type=hidden name=phase value=three>
-<input type=hidden name=ccuname value=$ccuname>
-<input type=hidden name=ccdomain value=$ccdomain>
-<input type="hidden" value='' name="pres_value">
-<input type="hidden" value='' name="pres_type">
-<input type="hidden" value='' name="pres_marker">
-<input type=hidden name=cuname value="$ccuname">
-<input type=hidden name=cdomain value="$ccdomain">
-
-ENDENHEAD
+<img align="right" src="/adm/lonIcons/lonlogos.gif">
+ENDDOCHEAD
+    my $forminfo =<<"ENDFORMINFO";
+<form action="/adm/createuser" method="post" name="cu">
+<input type="hidden" name="phase"       value="three">
+<input type="hidden" name="ccuname"     value="$ccuname">
+<input type="hidden" name="ccdomain"    value="$ccdomain">
+<input type="hidden" name="pres_value"  value="" >
+<input type="hidden" name="pres_type"   value="" >
+<input type="hidden" name="pres_marker" value="" >
+<input type="hidden" name="cuname"      value="$ccuname">
+<input type="hidden" name="cdomain"     value="$ccdomain">
+ENDFORMINFO
     my $uhome=&Apache::lonnet::homeserver($ccuname,$ccdomain);
     my %incdomains; 
     my %inccourses;
-    map {
+    foreach (%Apache::lonnet::hostdom) {
        $incdomains{$_}=1;
-    } values %Apache::lonnet::hostdom;
-    map {
+    }
+    foreach (keys(%ENV)) {
 	if ($_=~/^user\.priv\.cm\.\/(\w+)\/(\w+)/) {
 	    $inccourses{$1.'_'.$2}=1;
         }
-    } %ENV;
+    }
     if ($uhome eq 'no_host') {
 	$r->print(<<ENDNUSER);
-<h2>New user $ccuname at $ccdomain</h2>
+$dochead
+<h1>Create New User</h1>
+$forminfo
+<h2>New user "$ccuname" in domain $ccdomain</h2>
 ENDNUSER
 	$r->print(<<ENDNUSER);
 $loginscript
 <input type='hidden' name='makeuser' value='1' />
 <h3>Personal Data</h3>
-First Name: <input type='text' name='cfirst' size='15' /><br />
-Middle Name: <input type='text' name='cmiddle' size='15' /><br />
-Last Name: <input type='text' name='clast' size='15' /><br />
-Generation: <input type='text' name='cgen' size='5' /><p>
+<p>
+<table>
+<tr><td>First Name  </td>
+    <td><input type='text' name='cfirst'  size='15' /></td></tr>
+<tr><td>Middle Name </td> 
+    <td><input type='text' name='cmiddle' size='15' /></td></tr>
+<tr><td>Last Name   </td>
+    <td><input type='text' name='clast'   size='15' /></td></tr>
+<tr><td>Generation  </td>
+    <td><input type='text' name='cgen'    size='5'  /></td></tr>
+</table>
+ID/Student Number <input type='text' name='cstid'   size='15' /></p>
 
-ID/Student Number: <input type='text' name='cstid' size='10' /></p>
+<hr />
 
 <h3>Login Data</h3>
 $generalrule
@@ -296,32 +308,40 @@ $authformint
 $authformfsys
 $authformloc
 ENDNUSER
-    } else {
-	$r->print('<h2>Existing user '.$ccuname.' at '.$ccdomain.'</h2>');
-
+    } else { # user already exists
+	$r->print(<<ENDCHUSER);
+$dochead
+<h1>Change User Privileges</h1>
+$forminfo
+<h2>User "$ccuname" in domain $ccdomain </h2>
+ENDCHUSER
         my $rolesdump=&Apache::lonnet::reply(
                                   "dump:$ccdomain:$ccuname:roles",$uhome);
+        # Build up table of user roles to allow revocation of a role.
         unless ($rolesdump eq 'con_lost') { 
            my $now=time;
            $r->print('<h4>Revoke Existing Roles</h4>'.
              '<table border=2><tr><th>Revoke</th><th>Role</th><th>Extent</th>'.
 		     '<th>Start</th><th>End</th>');
-           map {
+	   foreach (split(/&/,$rolesdump)) {
              if ($_!~/^rolesdef\&/) {
-
               my ($area,$role)=split(/=/,$_);
               my $thisrole=$area;
               $area=~s/\_\w\w$//;
-              my ($trole,$tend,$tstart)=split(/_/,$role);
+              my ($role_code,$role_end_time,$role_start_time)=split(/_/,$role);
               my $bgcol='ffffff';
               my $allows=0;
               if ($area=~/^\/(\w+)\/(\d\w+)/) {
                  my %coursedata=&Apache::lonnet::coursedescription($1.'_'.$2);
                  my $carea='Course: '.$coursedata{'description'};
                  $inccourses{$1.'_'.$2}=1;
-                 if (&Apache::lonnet::allowed('c'.$trole,$1.'/'.$2)) {
+                 if (&Apache::lonnet::allowed('c'.$role_code,$1.'/'.$2)) {
 		     $allows=1;
                  }
+		 # What follows is an odd computation.  It seems the value
+		 # of the $area variable above is used to compute the 
+		 # background color.  This makes sense, but I can't make 
+		 # heads or tail of the computation at this point..
                  $bgcol=$1.'_'.$2;
                  $bgcol=~s/[^8-9b-e]//g;
                  $bgcol=substr($bgcol.$bgcol.$bgcol.'ffffff',0,6);
@@ -331,36 +351,34 @@ ENDNUSER
                  $area=$carea;
 	      } else {
                  if ($area=~/^\/(\w+)\//) {
-                     if (&Apache::lonnet::allowed('c'.$trole,$1)) {
+                     if (&Apache::lonnet::allowed('c'.$role_code,$1)) {
 			 $allows=1;
                      }
                  } else {
-                     if (&Apache::lonnet::allowed('c'.$trole,'/')) {
+                     if (&Apache::lonnet::allowed('c'.$role_code,'/')) {
 			 $allows=1;
                      }
                  }
 	      }
 
               my $active=1;
-              if (($tend) && ($now>$tend)) { $active=0; }
-
-              $r->print('<tr bgcolor=#'.$bgcol.'><td>');
-              if ($active) {
-                  if ($allows) {
-		     $r->print(
-                             '<input type=checkbox name="rev:'.$thisrole.'">');
-		 } else {
-                     $r->print('&nbsp;');
-                 }
+              if (($role_end_time) && ($now>$role_end_time)) { $active=0; }
+              $r->print('<tr bgcolor=#"'.$bgcol.'"><td>');
+              if (!($active) && ($allows)) {
+		  $r->print('<input type=checkbox name="rev:'.$thisrole.'">');
               } else {
                   $r->print('&nbsp;');
               }
-              $r->print('</td><td>'.&Apache::lonnet::plaintext($trole).
+              $r->print('</td><td>'.&Apache::lonnet::plaintext($role_code).
                         '</td><td>'.$area.'</td><td>'.
-                        ($tstart?localtime($tstart):'&nbsp;').'</td><td>'.
-                        ($tend?localtime($tend):'&nbsp;')."</td></tr>\n");
+                        ($role_start_time ? localtime($role_start_time)
+                                          : '&nbsp;' )
+			.'</td><td>'.
+                        ($role_end_time   ? localtime($role_end_time)
+                                          : '&nbsp;' )
+			."</td></tr>\n");
 	     }
-	   } split(/&/,$rolesdump);
+	   } 
 	   $r->print('</table>');
          }   
 	my $currentauth=&Apache::lonnet::queryauthenticate($ccuname,$ccdomain);
@@ -369,12 +387,10 @@ ENDNUSER
 	    my $krbdefdom2=$1;
 	    $loginscript=~s/vf\.krbdom\.value='.*?';/vf.krbdom.value='$krbdefdom2';/;
 	}
-	# minor script hack here
-#	$loginscript=~s/login\[3\]/login\[4\]/; # loc
-#	$loginscript=~s/login\[2\]/login\[3\]/; # fsys
-#	$loginscript=~s/login\[1\]/login\[2\]/; # int
-#	$loginscript=~s/login\[0\]/login\[1\]/; # krb4
-
+	# Here is where we'll have to check against the permissions of the
+	# user attempting to modify this users data.  Only users with
+	# MAU (Modify Authentication User) permissions should be able to 
+	# make these changes.  I think a subroutine would be in order here.
         unless ($currentauth=~/^krb4:/ or
 		$currentauth=~/^unix:/ or
 		$currentauth=~/^internal:/ or
@@ -454,8 +470,8 @@ $authformcurrent
 <h3>Enter New Login Data</h3>
 $authformother
 END
-       }
-    }
+        }
+    } ## End of new user/old user logic
     $r->print('<hr /><h3>Add Roles</h3>');
 #
 # Co-Author
@@ -488,9 +504,9 @@ ENDCOAUTH
     $r->print('<h4>Domain Level</h4>'.
     '<table border=2><tr><th>Activate</th><th>Role</th><th>Extent</th>'.
     '<th>Start</th><th>End</th></tr>');
-    map {
+    foreach ( sort( keys(%incdomains))) {
 	my $thisdomain=$_;
-        map {
+        foreach ('dc','li','dg','au') {
             if (&Apache::lonnet::allowed('c'.$_,$thisdomain)) {
                my $plrole=&Apache::lonnet::plaintext($_);
                $r->print(<<ENDDROW);
@@ -507,8 +523,8 @@ ENDCOAUTH
 </tr>
 ENDDROW
             }
-        } ('dc','li','dg','au');
-    } sort keys %incdomains;
+        } 
+    }
     $r->print('</table>');
 #
 # Course level
@@ -516,7 +532,7 @@ ENDDROW
     $r->print('<h4>Course Level</h4>'.
     '<table border=2><tr><th>Activate</th><th>Role</th><th>Extent</th>'.
     '<th>Group/Section</th><th>Start</th><th>End</th></tr>');
-    map {
+    foreach (sort( keys(%inccourses))) {
 	my $thiscourse=$_;
 	my $protectedcourse=$_;
         $thiscourse=~s:_:/:g;
@@ -525,7 +541,7 @@ ENDDROW
         my $bgcol=$thiscourse;
         $bgcol=~s/[^8-9b-e]//g;
         $bgcol=substr($bgcol.$bgcol.$bgcol.'ffffff',0,6);
-        map {
+        foreach  ('st','ta','ep','ad','in','cc') {
             if (&Apache::lonnet::allowed('c'.$_,$thiscourse)) {
                my $plrole=&Apache::lonnet::plaintext($_);
                $r->print("
@@ -547,8 +563,8 @@ ENDDROW
 </tr>
 ENDROW
             }
-        } ('st','ta','ep','ad','in','cc');
-    } sort keys %inccourses;
+        }
+    } 
     $r->print('</table>');
     $r->print('<input type=submit value="Modify User">');
     $r->print('</form></body></html>');
@@ -641,7 +657,7 @@ ENDTHREEHEAD
    }
     my $now=time;
     $r->print('<h3>Modifying Roles</h3>');
-    map {
+    foreach (keys (%ENV)) {
 	if (($_=~/^form\.rev\:([^\_]+)\_([^\_]+)$/) && ($ENV{$_})) {
            $r->print('Revoking '.$2.' in '.$1.': '.
           &Apache::lonnet::assignrole($ENV{'form.cdomain'},$ENV{'form.cuname'},
@@ -658,8 +674,8 @@ ENDTHREEHEAD
 	              $ENV{'course.'.$cid.'.home'}).'<br>');
            }
 	}
-    } keys %ENV;
-    map {
+    } 
+    foreach (keys(%ENV)) {
 	if (($_=~/^form\.act\_([^\_]+)\_([^\_]+)\_([^\_]+)$/) && ($ENV{$_})) {
             my $url='/'.$1.'/'.$2;
             if ($ENV{'form.sec_'.$1.'_'.$2.'_'.$3}) {
@@ -701,7 +717,7 @@ ENDTHREEHEAD
           &Apache::lonnet::assignrole($ENV{'form.cdomain'},$ENV{'form.cuname'},
                                       $url,$2,$end,$start).'<br>');
         }
-    } keys %ENV;
+    }
     $r->print('</body></html>');
 }
 

Revoke	Role	Extent	Start	End
'); - if ($active) { - if ($allows) { - $r->print( - ''); - } else { - $r->print(' '); - } + if (($role_end_time) && ($now>$role_end_time)) { $active=0; } + $r->print('
'); + if (!($active) && ($allows)) { + $r->print(''); } else { $r->print(' '); } - $r->print('	'.&Apache::lonnet::plaintext($trole). + $r->print('	'.&Apache::lonnet::plaintext($role_code). '	'.$area.'	'. - ($tstart?localtime($tstart):' ').'	'. - ($tend?localtime($tend):' ')."
'. + ($role_end_time ? localtime($role_end_time) + : ' ' ) + ."