diff --git a/html/inc/submit_util.inc b/html/inc/submit_util.inc
index 34f11eae03..281bede8d1 100644
--- a/html/inc/submit_util.inc
+++ b/html/inc/submit_util.inc
@@ -54,7 +54,25 @@ function job_file_name($md5) {
     return "jf_$md5";
 }
 
-function authenticate_user($r, $app) {
+// does user have submit permissions?
+//
+function submit_permissions($user) {
+    return BoincUserSubmit::lookup_userid($user->id);
+}
+
+// does user have submit permissions for given app?
+//
+function submit_permissions_app($user, $app) {
+    return BoincUserSubmitApp::lookup("user_id=$user->id and app_id=$app->id");
+}
+
+// check whether user has permissions for a remote job submission
+// or job file request.
+// $r is a request message that includes an 'authenticator' field
+// $app is the app being submitted to (or null if file op)
+// returns [user, UserSubmit], or give XML error
+//
+function check_remote_submit_permissions($r, $app) {
     $auth = (string)$r->authenticator;
     if (!$auth) {
         log_write("no authenticator");
@@ -66,13 +84,13 @@ function authenticate_user($r, $app) {
         log_write("bad authenticator");
         xml_error(-1, "bad authenticator");
     }
-    $user_submit = BoincUserSubmit::lookup_userid($user->id);
+    $user_submit = submit_permissions($user);
     if (!$user_submit) {
         log_write("no submit access");
         xml_error(-1, "no submit access");
     }
     if ($app && !$user_submit->submit_all) {
-        $usa = BoincUserSubmitApp::lookup("user_id=$user->id and app_id=$app->id");
+        $usa = submit_permissions_app($user, $app);
         if (!$usa) {
             log_write("no app submit access");
             xml_error(-1, "no app submit access");
diff --git a/html/user/job_file.php b/html/user/job_file.php
index e8c711edb1..630bf442da 100644
--- a/html/user/job_file.php
+++ b/html/user/job_file.php
@@ -16,7 +16,7 @@
 // You should have received a copy of the GNU Lesser General Public License
 // along with BOINC.  If not, see <http://www.gnu.org/licenses/>.
 
-// Web RPCs for managing job input files on the server.
+// Web RPCs for managing input files for remote job submission
 //
 // Issues:
 //
@@ -99,7 +99,7 @@ function upload_error_description($errno) {
 
 function query_files($r) {
     xml_start_tag("query_files");
-    list($user, $user_submit) = authenticate_user($r, null);
+    list($user, $user_submit) = check_remote_submit_permissions($r, null);
     $absent_files = array();
     $now = time();
     $delete_time = (int)$r->delete_time;
@@ -175,7 +175,7 @@ function delete_uploaded_files() {
 
 function upload_files($r) {
     xml_start_tag("upload_files");
-    list($user, $user_submit) = authenticate_user($r, null);
+    list($user, $user_submit) = check_remote_submit_permissions($r, null);
     $fanout = parse_config(get_config(), "<uldl_dir_fanout>");
     $delete_time = (int)$r->delete_time;
     $batch_id = (int)$r->batch_id;
diff --git a/html/user/sandbox.php b/html/user/sandbox.php
index b648b15f53..536793e1bb 100644
--- a/html/user/sandbox.php
+++ b/html/user/sandbox.php
@@ -37,16 +37,17 @@ ini_set('display_startup_errors', true);
 
 require_once("../inc/sandbox.inc");
 require_once("../inc/submit_db.inc");
+require_once("../inc/submit_util.inc");
 
 function list_files($user, $err_msg) {
     $dir = sandbox_dir($user);
     $d = opendir($dir);
     if (!$d) error_page("Can't open sandbox directory");
-    page_head("File sandbox for $user->name");
+    page_head("File sandbox");
     echo "
         <form action=sandbox.php method=post ENCTYPE=\"multipart/form-data\">
         <input type=hidden name=action value=upload_file>
-        Upload a file to your sandbox:
+        Upload files to your sandbox:
         <p><input size=80 type=file name=\"new_file[]\" multiple=\"multiple\">
         <p> <input class=\"btn btn-default\" type=submit value=Upload>
         </form>
@@ -131,7 +132,7 @@ function upload_file($user) {
             $dir = sandbox_dir($user);
             $link_path = "$dir/$name";
             sandbox_write_link_file($link_path, $size, $md5);
-            $notice .= "Successfully uploaded file <strong>$name</strong>!<br/>";
+            $notice .= "Uploaded file <strong>$name</strong><br/>";
         }
     }
     list_files($user, $notice);
@@ -186,9 +187,7 @@ function view_file($user) {
 }
 
 $user = get_logged_in_user();
-//print_r($user);
-$user_submit = BoincUserSubmit::lookup_userid($user->id);
-if (!$user_submit) error_page("no job submission access");
+if (!submit_permissions($user)) error_page("no job submission access");
 
 $action = get_str('action', true);
 if (!$action) $action = post_str('action', true);
diff --git a/html/user/submit.php b/html/user/submit.php
index 9e59616320..1ea17f4c26 100644
--- a/html/user/submit.php
+++ b/html/user/submit.php
@@ -206,7 +206,7 @@ function handle_main($user) {
     if (isset($submit_urls)) {
         // show links to per-app job submission pages
         //
-        echo "<h2>Submit jobs</h2>
+        echo "<h3>Submit jobs</h3>
             <ul>
         ";
         foreach ($submit_urls as $appname=>$submit_url) {
@@ -232,7 +232,7 @@ function handle_main($user) {
         }
     }
     if ($user_submit->manage_all || $app_admin) {
-        echo "<h2>Administrative functions</h2><ul>\n";
+        echo "<h3>Administrative functions</h3><ul>\n";
         if ($user_submit->manage_all) {
             echo "<li>All applications<br>
                 <a href=submit.php?action=admin&app_id=0>Batches</a>
diff --git a/html/user/submit_rpc_handler.php b/html/user/submit_rpc_handler.php
index 0f8bb7c98c..f026c84bb3 100644
--- a/html/user/submit_rpc_handler.php
+++ b/html/user/submit_rpc_handler.php
@@ -128,7 +128,7 @@ function check_max_jobs_in_progress($r, $user_submit) {
 function estimate_batch($r) {
     xml_start_tag("estimate_batch");
     $app = get_submit_app((string)($r->batch->app_name));
-    list($user, $user_submit) = authenticate_user($r, $app);
+    list($user, $user_submit) = check_remote_submit_permissions($r, $app);
 
     $template = read_input_template($app, $r);
     $e = est_elapsed_time($r, $template);
@@ -444,7 +444,7 @@ function logical_end_time($r, $jobs, $user, $app) {
 function submit_batch($r) {
     xml_start_tag("submit_batch");
     $app = get_submit_app((string)($r->batch->app_name));
-    list($user, $user_submit) = authenticate_user($r, $app);
+    list($user, $user_submit) = check_remote_submit_permissions($r, $app);
     $jobs = xml_get_jobs($r);
     $template = read_input_template($app, $r);
     if ($template) {
@@ -546,7 +546,7 @@ function submit_batch($r) {
 function create_batch($r) {
     xml_start_tag("create_batch");
     $app = get_submit_app((string)($r->app_name));
-    list($user, $user_submit) = authenticate_user($r, $app);
+    list($user, $user_submit) = check_remote_submit_permissions($r, $app);
     $now = time();
     $batch_name = (string)($r->batch_name);
     $batch_name = BoincDb::escape_string($batch_name);
@@ -589,7 +589,7 @@ function print_batch_params($batch, $get_cpu_time) {
 
 function query_batches($r) {
     xml_start_tag("query_batches");
-    list($user, $user_submit) = authenticate_user($r, null);
+    list($user, $user_submit) = check_remote_submit_permissions($r, null);
     $batches = BoincBatch::enum("user_id = $user->id");
     $get_cpu_time = (int)($r->get_cpu_time);
     foreach ($batches as $batch) {
@@ -691,7 +691,7 @@ function get_batch($r) {
 
 function query_batch($r) {
     xml_start_tag("query_batch");
-    list($user, $user_submit) = authenticate_user($r, null);
+    list($user, $user_submit) = check_remote_submit_permissions($r, null);
     $batch = get_batch($r);
     if ($batch->user_id != $user->id) {
         log_write("not owner of batch");
@@ -733,7 +733,7 @@ function results_sent($wu) {
 //
 function query_batch2($r) {
     xml_start_tag("query_batch2");
-    list($user, $user_submit) = authenticate_user($r, null);
+    list($user, $user_submit) = check_remote_submit_permissions($r, null);
     $batch_names = $r->batch_name;
     $batches = array();
     foreach ($batch_names as $b) {
@@ -792,7 +792,7 @@ function query_batch2($r) {
 
 function query_job($r) {
     xml_start_tag("query_job");
-    list($user, $user_submit) = authenticate_user($r, null);
+    list($user, $user_submit) = check_remote_submit_permissions($r, null);
     $job_id = (int)($r->job_id);
     $wu = BoincWorkunit::lookup_id($job_id);
     if (!$wu) {
@@ -835,7 +835,7 @@ function query_job($r) {
 //
 function query_completed_job($r) {
     xml_start_tag("query_completed_job");
-    list($user, $user_submit) = authenticate_user($r, null);
+    list($user, $user_submit) = check_remote_submit_permissions($r, null);
     $job_name = (string)($r->job_name);
     $job_name = BoincDb::escape_string($job_name);
     $wu = BoincWorkunit::lookup("name='$job_name'");
@@ -884,7 +884,7 @@ function query_completed_job($r) {
 
 function handle_abort_batch($r) {
     xml_start_tag("abort_batch");
-    list($user, $user_submit) = authenticate_user($r, null);
+    list($user, $user_submit) = check_remote_submit_permissions($r, null);
     $batch = get_batch($r);
     if ($batch->user_id != $user->id) {
         log_write("not owner");
@@ -900,7 +900,7 @@ function handle_abort_batch($r) {
 //
 function handle_abort_jobs($r) {
     xml_start_tag("abort_jobs");
-    list($user, $user_submit) = authenticate_user($r, null);
+    list($user, $user_submit) = check_remote_submit_permissions($r, null);
     $batch = null;
     foreach ($r->job_name as $job_name) {
         $job_name = BoincDb::escape_string($job_name);
@@ -930,7 +930,7 @@ function handle_abort_jobs($r) {
 
 function handle_retire_batch($r) {
     xml_start_tag("retire_batch");
-    list($user, $user_submit) = authenticate_user($r, null);
+    list($user, $user_submit) = check_remote_submit_permissions($r, null);
     $batch = get_batch($r);
     if ($batch->user_id != $user->id) {
         log_write("not owner of batch");
@@ -944,7 +944,7 @@ function handle_retire_batch($r) {
 
 function handle_set_expire_time($r) {
     xml_start_tag("set_expire_time");
-    list($user, $user_submit) = authenticate_user($r, null);
+    list($user, $user_submit) = check_remote_submit_permissions($r, null);
     $batch = get_batch($r);
     if ($batch->user_id != $user->id) {
         log_write("not owner of batch");
@@ -971,7 +971,7 @@ function get_templates($r) {
         $app = BoincApp::lookup_id($wu->appid);
     }
 
-    list($user, $user_submit) = authenticate_user($r, $app);
+    list($user, $user_submit) = check_remote_submit_permissions($r, $app);
     $in = file_get_contents(project_dir() . "/templates/".$app->name."_in");
     $out = file_get_contents(project_dir() . "/templates/".$app->name."_out");
     if ($in === false || $out === false) {