usradded.php3 9.97 KB
Newer Older
1
2
3
<?php
include("defs.php3");

4
5
6
7
8
#
# Standard Testbed Header
#
PAGEHEADER("Join a Project");

9
10
11
12
#
# First off, sanity check the form to make sure all the required fields
# were provided. I do this on a per field basis so that we can be
# informative. Be sure to correlate these checks with any changes made to
13
# the project form. 
14
#
15
16
if (!isset($joining_uid) ||
    strcmp($joining_uid, "") == 0) {
17
  FORMERROR("UserName");
18
19
20
}
if (!isset($usr_email) ||
    strcmp($usr_email, "") == 0) {
21
  FORMERROR("Email Address");
22
23
24
}
if (!isset($usr_name) ||
    strcmp($usr_name, "") == 0) {
25
  FORMERROR("Full Name");
26
27
28
} else if (! ereg("^[a-zA-Z0-9 .\-]+$", $usr_name)) {
    USERERROR("Your Full Name can only contain alphanumeric characters, '-', " .
			"and '.'", 1);
29
}
30

31
32
if (!isset($pid) ||
    strcmp($pid, "") == 0) {
33
  FORMERROR("Project");
34
}
35
36
if (!isset($usr_affil) ||
    strcmp($usr_affil, "") == 0) {
37
  FORMERROR("Institutional Afilliation");
38
39
40
}
if (!isset($usr_title) ||
    strcmp($usr_title, "") == 0) {
41
  FORMERROR("Title/Position");
42
43
}

44
#
45
# Check joining_uid for sillyness.
46
#
47
if (! ereg("^[a-z0-9]+$", $joining_uid)) {
48
49
50
51
    USERERROR("Your username name must be lowercase alphanumeric characters ".
	      "only!", 1);
}

52
#
53
# Database limits
54
#
55
56
if (strlen($joining_uid) > $TBDB_UIDLEN) {
    USERERROR("The name \"$joining_uid\" is too long! ".
57
58
59
              "Please select another.", 1);
}

60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
#
# Check that email address looks reasonable. We need the domain for
# below anyway.
#
$email_domain = strstr($usr_email, "@");
if (! $email_domain ||
    strcmp($usr_email, $email_domain) == 0 ||
    strlen($email_domain) <= 1 ||
    ! strstr($email_domain, ".")) {
    USERERROR("The email address `$usr_email' looks invalid!. Please ".
	      "go back and fix it up", 1);
}
$email_domain = substr($email_domain, 1);
$email_user   = substr($usr_email, 0, strpos($usr_email, "@", 0));

75
76
77
78
79
80
81
82
#
# Check URLs. 
#
if (strcmp($usr_url, $HTTPTAG) == 0) {
    $usr_url = "";
}
VERIFYURL($usr_url);

83
84
85
86
87
88
89
90
#
# Certain of these values must be escaped or otherwise sanitized.
#
$usr_name  = addslashes($usr_name);
$usr_affil = addslashes($usr_affil);
$usr_title = addslashes($usr_title);
$usr_addr  = addslashes($usr_addr);

91
#
92
# See if this is a new user or one returning.
93
#
94
$query_result = mysql_db_query($TBDBNAME,
95
	"SELECT usr_pswd FROM users WHERE uid=\"$joining_uid\"");
96
97
if (! $query_result) {
    $err = mysql_error();
98
    TBERROR("Database Error retrieving info for $joining_uid: $err\n", 1);
99
}
100
if (mysql_num_rows($query_result) > 0) {
101
102
    $returning = 1;
}
103
104
105
106
107
108
109
110
111
else {
    $returning = 0;
}

#
# If a user returning, then the login must be valid to continue any further.
# For a new user, the password must pass our tests.
#
if ($returning) {
112
113
    if (CHECKLOGIN($joining_uid) != 1) {
        USERERROR("The Username '$joining_uid' is in use. ".
114
115
116
117
118
		  "If you already have an Emulab account, please go back ".
		  "and login before trying to join a new project.<br><br>".
		  "If you are a <em>new</em> Emulab user trying to join ".
                  "your first project, please go back and select a different ".
		  "Username.", 1);
119
120
    }
}
121
else {
122
123
124
125
126
127
128
129
130
    #
    # Check new username against CS logins so that external people do
    # not pick names that overlap with CS names.
    #
    if (! strstr($email_domain, "cs.utah.edu")) {
	$dbm = dbmopen($TBCSLOGINS, "r");
	if (! $dbm) {
	    TBERROR("Could not dbmopen $TBCSLOGINS from usradded.php3\n", 1);
	}
131
	if (dbmexists($dbm, $joining_uid)) {
132
	    dbmclose($dbm);
133
	    USERERROR("The username '$joining_uid' is already in use. ".
134
135
136
137
138
		      "Please go back and choose another.", 1);
	}
	dbmclose($dbm);
    }
    
139
    if (strcmp($password1, $password2)) {
140
141
142
        USERERROR("You typed different passwords in each of the two password ".
                  "entry fields. <br> Please go back and correct them.",
                  1);
143
144
    }
    $mypipe = popen(escapeshellcmd(
145
    "$TBCHKPASS_PATH $password1 $joining_uid '$usr_name:$usr_email'"),
146
147
148
149
    "w+");
    if ($mypipe) { 
        $retval=fgets($mypipe, 1024);
        if (strcmp($retval,"ok\n") != 0) {
150
151
            USERERROR("The password you have chosen will not work: ".
                      "<br><br>$retval<br>", 1);
152
153
154
        } 
    }
    else {
155
        TBERROR("TESTBED: checkpass failure\n".
156
                "\n$usr_name ($joining_uid) just tried to set up a testbed ".
157
158
                "account,\n".
                "but checkpass pipe did not open (returned '$mypipe').", 1);
159
160
161
    }
}

162
163
164
165
166
167
#
# Lets verify the project name and quit early if the project is bogus.
# We could let things continue, resulting in a valid account but no
# project membership, but I don't like that.
# 
$query_result = mysql_db_query($TBDBNAME,
168
	"SELECT pid FROM projects WHERE pid=\"$pid\"");
169
170
171
172
173
174
175
if (! $query_result) {
    $err = mysql_error();
    TBERROR("Database Error retrieving info for $pid: $err\n", 1);
}
if (mysql_num_rows($query_result) == 0) {
    USERERROR("No such project $pid. Please go back and try again.", 1);
}
176
177
178
179
180
181
182
#
# XXX String compare to ensure case match. 
#
$row = mysql_fetch_row($query_result);
if (strcmp($row[0], $pid)) {
    USERERROR("No such project $pid. Please go back and try again.", 1);
}
183

184
185
186
187
188
189
190
191
192
193
194
#
# For a new user:
# * Create a new account in the database.
# * Add user email to the list of email address.
# * Generate a mail message to the user with the verification key.
#
if (! $returning) {
    $encoding = crypt("$password1");

    $newuser_command = "INSERT INTO users ".
	"(uid,usr_created,usr_expires,usr_name,usr_email,usr_addr,".
Leigh B. Stoller's avatar
Leigh B. Stoller committed
195
	"usr_URL,usr_phone,usr_title,usr_affil,usr_pswd,unix_uid,status) ".
196
197
198
199
	"VALUES ('$joining_uid', now(), '$usr_expires', '$usr_name', ".
        "'$usr_email', ".
	"'$usr_addr', '$usr_url', '$usr_phone', '$usr_title', '$usr_affil',".
        "'$encoding', NULL, 'newuser')";
200
201
202
    $newuser_result  = mysql_db_query($TBDBNAME, $newuser_command);
    if (! $newuser_result) {
        $err = mysql_error();
203
204
        TBERROR("Database Error adding adding new user $joining_uid: ".
                "$err\n", 1);
205
206
    }

207
    $key = GENKEY($joining_uid);
208

209
    mail("$usr_name '$joining_uid' <$usr_email>", "TESTBED: Your New User Key",
210
	 "\n".
211
         "Dear $usr_name ($joining_uid):\n\n".
Leigh B. Stoller's avatar
Leigh B. Stoller committed
212
         "\tHere is your key to verify your account on the ".
213
         "Utah Network Testbed:\n\n".
214
215
216
217
         "\t\t$key\n\n".
         "Please return to $TBWWW and log in using\n".
	 "the user name and password you gave us when you applied. You will\n".
	 "then find an option on the menu called 'New User Verification'.\n".
218
	 "Select that option, and on that page enter your key.\n".
219
220
221
222
223
	 "You will then be verified as a user. When you have been both\n".
         "verified and approved by the head of the project, you will\n".
	 "be marked as an active user, and will be granted full access to\n".
  	 "your user account.\n\n".
         "Thanks,\n".
224
         "Testbed Ops\n".
225
         "Utah Network Testbed\n",
226
227
         "From: $TBMAIL_APPROVAL\n".
         "Bcc: $TBMAIL_APPROVAL\n".
228
229
230
231
232
         "Errors-To: $TBMAIL_WWW");

    #
    # Generate some warm fuzzies.
    #
233
234
235
    echo "<center><h1>Adding new Testbed User!</h1></center>";

    echo "<p>As a new user of the Testbed, for
236
237
238
          security purposes, you will receive by e-mail a key. When you
          receive it, come back to the site, and log in. When you do, you
          will see a new menu option called 'New User Verification'. On
239
          that page, enter in your key
240
          exactly as you received it in your e-mail. You will then be
241
242
          marked as a verified user.
          <p>Once you have been both verified
243
          and approved, you will be classified as an active user, and will 
244
          be granted full access to your user account.";
245
246
247
248
249
250
}

#
# Don't try to join twice!
# 
$query_result = mysql_db_query($TBDBNAME,
251
	"select * from proj_memb where uid='$joining_uid' and pid='$pid'");
252
253
if (mysql_num_rows($query_result) > 0) {
    die("<h3><br><br>".
254
        "You have already applied for membership in project: $pid.".
255
256
257
258
259
260
261
262
        "</h3>");
}

#
# Add to the project, but with trust=none. The project leader will have
# to upgrade the trust level, making the new user real.
#
$query_result = mysql_db_query($TBDBNAME,
263
	"insert into proj_memb (uid,pid,trust) ".
264
        "values ('$joining_uid','$pid','none');");
265
266
if (! $query_result) {
    $err = mysql_error();
267
    TBERROR("Database Error adding adding user $joining_uid to ".
268
            "project $pid: $err\n", 1);
269
270
271
272
273
274
275
}

#
# Generate an email message to the project leader. We have to get the
# email message out of the database, of course.
#
$query_result = mysql_db_query($TBDBNAME,
276
	"SELECT head_uid FROM projects WHERE pid='$pid'");
277
278
if (($row = mysql_fetch_row($query_result)) == 0) {
    $err = mysql_error();
279
280
    TBERROR("Database Error getting project leader for project $pid: $err\n",
             1);
281
}
282
$leader_uid = $row[0];
283
284

$query_result = mysql_db_query($TBDBNAME,
285
	"SELECT usr_name,usr_email FROM users WHERE uid='$leader_uid'");
286
287
if (($row = mysql_fetch_row($query_result)) == 0) {
    $err = mysql_error();
288
    TBERROR("Database Error getting email address for project leader ".
289
            "$leader_uid: $err\n", 1);
290
}
291
292
$leader_name = $row[0];
$leader_email = $row[1];
293

294
mail("$leader_name '$leader_uid' <$leader_email>",
295
296
     "TESTBED: $joining_uid $pid Project Join Request",
     "\n$usr_name ($joining_uid) is trying to join your project ($pid).\n".
297
     "$usr_name has the\n".
298
299
     "Testbed username $joining_uid and email address $usr_email.\n".
     "$usr_name's phone number is $usr_phone and address $usr_addr.\n\n".
300
301
302
303
     "Please return to $TBWWW\n".
     "log in, and select the 'New User Approval' page to enter your\n".
     "decision regarding $usr_name's membership in your project\n\n".
     "Thanks,\n".
304
     "Testbed Ops\n".
305
     "Utah Network Testbed\n",
306
307
     "From: $TBMAIL_APPROVAL\n".
     "Bcc: $TBMAIL_APPROVAL\n".
308
309
310
311
312
     "Errors-To: $TBMAIL_WWW");

#
# Generate some warm fuzzies.
#
313
echo "<br>
314
      <p>The leader of project '$pid' has been notified of your application.
315
      He/She will make a decision and either approve or deny your application,
316
      and you will be notified as soon as a decision has been made.";
317
318
319
320
321

#
# Standard Testbed Footer
# 
PAGEFOOTER();
322
?>