newproject.php3 37.8 KB
Newer Older
1
<?php
Leigh B. Stoller's avatar
Leigh B. Stoller committed
2
3
#
# EMULAB-COPYRIGHT
4
# Copyright (c) 2000-2003, 2005, 2006 University of Utah and the Flux Group.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
5
6
# All rights reserved.
#
7
8
include("defs.php3");

9
#
10
11
12
# No PAGEHEADER since we spit out a Location header later. See below.
# 

13
#
14
15
16
# Get current user.
# 
$uid = GETLOGIN();
17

18
19
20
21
22
#
# See if we are in an initial Emulab setup.
#
$FirstInitState = (TBGetFirstInitState() == "createproject");

23
#
24
25
26
# If a uid came in, then we check to see if the login is valid.
# If the login is not valid. We require that the user be logged in
# to start a second project.
27
#
28
if ($uid && !$FirstInitState) {
29
30
    # Allow unapproved users to create multiple projects ...
    # Must be verified though.
31
    LOGGEDINORDIE($uid, CHECKLOGIN_UNAPPROVED|CHECKLOGIN_WEBONLY);
32
33
    $proj_head_uid = $uid;
    $returning = 1;
34
}
35
36
37
38
39
else {
    #
    # No uid, so must be new.
    #
    $returning = 0;
40
}
41
unset($addpubkeyargs);
42

Leigh B. Stoller's avatar
Leigh B. Stoller committed
43
44
45
$ACCOUNTWARNING =
    "Before continuing, please make sure your username " .
    "reflects your normal login name. ".
46
    "Emulab accounts are not to be shared amongst users!";
47

Leigh B. Stoller's avatar
Leigh B. Stoller committed
48
49
50
$EMAILWARNING =
    "Before continuing, please make sure the email address you have ".
    "provided is current and non-pseudonymic. Redirections and anonymous ".
51
52
    "email addresses are not allowed.";

53
54
55
56
57
#
# Spit the form out using the array of data. 
# 
function SPITFORM($formfields, $returning, $errors)
{
58
    global $TBDB_UIDLEN, $TBDB_PIDLEN, $TBDOCBASE, $WWWHOST;
59
    global $usr_keyfile, $FirstInitState;
60
    global $ACCOUNTWARNING, $EMAILWARNING;
61
    global $WIKISUPPORT, $WIKIHOME, $USERSELECTUIDS;
62
    
63
    PAGEHEADER("Start a New Testbed Project");
64

65
66
67
68
69
70
71
72
73
74
75
    #
    # First initialization gets different text
    #
    if ($FirstInitState == "createproject") {
	echo "<center><font size=+1>
	      Please create your initial project.<br> A good Project Name
              for your first project is probably 'testbed', but you can
              choose anything you like.
              </font></center><br>\n";
    }
    else {
76
	echo "<center><font size=+1>
77
78
79
                 If you are a <font color=red>student
                 (undergrad or graduate)</font>, please
                 do not try to start a project! <br>Your advisor must do it.
80
                 <a href=docwrapper.php3?docname=auth.html target='_blank'>
81
                 Read this for more info.</a>
82
              </font></center><br>\n";
83
84
85
86
87
88
89
90

	if (! $returning) {
	    echo "<center><font size=+1>
                   If you already have an Emulab account,
                   <a href=login.php3?refer=1>
                   <font color=red>please log on first!</font></a>
                   </font></center><br>\n";
	}
91
92
    }

93
    if ($errors) {
Chad Barb's avatar
   
Chad Barb committed
94
95
	echo "<table class=nogrid
                     align=center border=0 cellpadding=6 cellspacing=0>
96
              <tr>
Chad Barb's avatar
   
Chad Barb committed
97
                 <th align=center colspan=2>
98
                   <font size=+1 color=red>
Chad Barb's avatar
   
Chad Barb committed
99
                      &nbsp;Oops, please fix the following errors!&nbsp;
100
101
102
103
104
105
                   </font>
                 </td>
              </tr>\n";

	while (list ($name, $message) = each ($errors)) {
	    echo "<tr>
Chad Barb's avatar
   
Chad Barb committed
106
107
108
109
                     <td align=right>
                       <font color=red>$name:&nbsp;</font></td>
                     <td align=left>
                       <font color=red>$message</font></td>
110
111
112
113
                  </tr>\n";
	}
	echo "</table><br>\n";
    }
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
    echo "<SCRIPT LANGUAGE=JavaScript>
              function SetWikiName(theform) 
              {
	          var validchars = 'abcdefghijklmnopqrstuvwxyz0123456789';
                  var usrname    = theform['formfields[usr_name]'].value;
                  var wikiname   = '';
                  var docap      = 1;

		  for (var i = 0; i < usrname.length; i++) {
                      var letter = usrname.charAt(i).toLowerCase();

                      if (validchars.indexOf(letter) == -1) {
                          if (letter == ' ') {
                              docap = 1;
                          }
                          continue;
                      }
                      else {
                          if (docap == 1) {
                              letter = usrname.charAt(i).toUpperCase()
                              docap  = 0;
                          }
                          wikiname = wikiname + letter;
                      }
                  }
                  theform['formfields[wikiname]'].value = wikiname;
              }
          </SCRIPT>\n";
142
143
144

    echo "<table align=center border=1> 
          <tr>
145
            <td align=center colspan=3>
Chad Barb's avatar
   
Chad Barb committed
146
                Fields marked with * are required.
147
148
149
            </td>
          </tr>\n

150
          <form enctype=multipart/form-data name=myform
Leigh B. Stoller's avatar
Leigh B. Stoller committed
151
                action=newproject.php3 method=post>\n";
152
153
154
155
156
157

    if (! $returning) {
        #
        # Start user information stuff. Presented for new users only.
        #
	echo "<tr>
Chad Barb's avatar
   
Chad Barb committed
158
                  <th colspan=3>
159
160
161
                      Project Head Information:&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp
                      <font size=-2>
                       (Prospective project leaders please read our
162
                       <a href='docwrapper.php3?docname=policies.html' target='_blank'>
163
                       Administrative Policies</a>)</font>
Chad Barb's avatar
   
Chad Barb committed
164
                  </th>
165
166
167
              </tr>\n";

        #
168
        # UID:
169
        #
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
	if ($USERSELECTUIDS || $FirstInitState == "createproject") {
	    echo "<tr>
                      <td colspan=2>*<a
                             href='docwrapper.php3?docname=security.html'
                             target=_blank>Username</a>
                                (alphanumeric, lowercase):</td>
                      <td class=left>
                          <input type=text
                                 name=\"formfields[proj_head_uid]\"
                                 value=\"" . $formfields[proj_head_uid] . "\"
	                         size=$TBDB_UIDLEN
                                 onchange=\"alert('$ACCOUNTWARNING')\"
	                         maxlength=$TBDB_UIDLEN>
                      </td>
                  </tr>\n";
	}
186
187
188
189
190

	#
	# Full Name
	#
        echo "<tr>
191
                  <td colspan=2>*Full Name (first and last):</td>
192
193
194
195
                  <td class=left>
                      <input type=text
                             name=\"formfields[usr_name]\"
                             value=\"" . $formfields[usr_name] . "\"
196
                             onchange=\"SetWikiName(myform);\"
197
198
199
200
	                     size=30>
                  </td>
              </tr>\n";

201
202
203
204
205
206
	#
	# WikiName
	#
	if ($WIKISUPPORT) {
	    echo "<tr>
                      <td colspan=2>*
Leigh B. Stoller's avatar
Leigh B. Stoller committed
207
                          <a href=${WIKIHOME}/bin/view/TWiki/WikiName
208
209
210
211
212
213
214
215
216
                            target=_blank>WikiName</a>:<td class=left>
                          <input type=text
                                 name=\"formfields[wikiname]\"
                                 value=\"" . $formfields[wikiname] . "\"
	                         size=30>
                      </td>
                  </tr>\n";
	}

217
218
219
220
        #
	# Title/Position:
	# 
	echo "<tr>
221
                  <td colspan=2>*Job Title/Position:</td>
222
223
224
225
226
227
228
229
230
231
232
233
                  <td class=left>
                      <input type=text
                             name=\"formfields[usr_title]\"
                             value=\"" . $formfields[usr_title] . "\"
	                     size=30>
                  </td>
              </tr>\n";

        #
	# Affiliation:
	# 
	echo "<tr>
234
                  <td colspan=2>*Institutional<br>Affiliation:</td>
235
236
237
238
239
240
241
242
243
244
245
246
                  <td class=left>
                      <input type=text
                             name=\"formfields[usr_affil]\"
                             value=\"" . $formfields[usr_affil] . "\"
	                     size=40>
                  </td>
              </tr>\n";

	#
	# User URL
	#
	echo "<tr>
247
                  <td colspan=2>Home Page URL:</td>
248
249
250
251
252
253
254
255
256
257
258
259
                  <td class=left>
                      <input type=text
                             name=\"formfields[usr_URL]\"
                             value=\"" . $formfields[usr_URL] . "\"
	                     size=45>
                  </td>
              </tr>\n";

	#
	# Email:
	#
	echo "<tr>
260
                  <td colspan=2>*Email Address[<b>1</b>]:</td>
261
262
263
264
                  <td class=left>
                      <input type=text
                             name=\"formfields[usr_email]\"
                             value=\"" . $formfields[usr_email] . "\"
265
                             onchange=\"alert('$EMAILWARNING')\"
266
267
268
269
270
	                     size=30>
                  </td>
              </tr>\n";


Chad Barb's avatar
   
Chad Barb committed
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
	echo "<tr><td colspan=3>*Postal Address:<br /><center>
		<table>
		  <tr><td>Line 1</td><td colspan=3>
                    <input type=text
                           name=\"formfields[usr_addr]\"
                           value=\"" . $formfields[usr_addr] . "\"
	                   size=45></td></tr>
		  <tr><td>Line 2</td><td colspan=3>
                    <input type=text
                           name=\"formfields[usr_addr2]\"
                           value=\"" . $formfields[usr_addr2] . "\"
	                   size=45></td></tr>
		  <tr><td>City</td><td>
                    <input type=text
                           name=\"formfields[usr_city]\"
                           value=\"" . $formfields[usr_city] . "\"
	                   size=25></td>
		      <td>State/Province</td><td>
                    <input type=text
                           name=\"formfields[usr_state]\"
                           value=\"" . $formfields[usr_state] . "\"
	                   size=2></td></tr>
		  <tr><td>ZIP/Postal Code</td><td>
                    <input type=text
                           name=\"formfields[usr_zip]\"
                           value=\"" . $formfields[usr_zip] . "\"
	                   size=10></td>
		      <td>Country</td><td>
                    <input type=text
                           name=\"formfields[usr_country]\"
                           value=\"" . $formfields[usr_country] . "\"
	                   size=15></td></tr>
               </table></center></td></tr>";
304

305
306
307
308
	#
	# Phone
	#
	echo "<tr>
309
                  <td colspan=2>*Phone #:</td>
310
311
312
313
314
315
316
317
                  <td class=left>
                      <input type=text
                             name=\"formfields[usr_phone]\"
                             value=\"" . $formfields[usr_phone] . "\"
	                     size=15>
                  </td>
              </tr>\n";

318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
	#
	# SSH public key
	#
	echo "<tr>
                  <td rowspan><center>
                               Your SSH Pub Key: &nbsp<br>
                                    [<b>2</b>]
                              </center></td>

                  <td rowspan><center>Upload (1K max)[<b>3</b>]<br>
                                  <b>Or</b><br>
                                 Insert Key
                              </center></td>

                  <td rowspan>
                      <input type=hidden name=MAX_FILE_SIZE value=1024>
                      <input type=file
                             name=usr_keyfile
336
                             value=\"" . $_FILES['usr_keyfile']['name'] . "\"
337
338
339
340
341
	                     size=50>
                      <br>
                      <br>
	              <input type=text
                             name=\"formfields[usr_key]\"
342
                             value=\"$formfields[usr_key]\"
343
344
345
346
347
	                     size=50
	                     maxlength=1024>
                  </td>
              </tr>\n";

348
349
350
351
352
	#
	# Password. Note that we do not resend the password. User
	# must retype on error.
	#
	echo "<tr>
353
                  <td colspan=2>*Password[<b>1</b>]:</td>
354
355
356
                  <td class=left>
                      <input type=password
                             name=\"formfields[password1]\"
357
                             value=\"$formfields[password1]\"
358
359
360
361
                             size=8></td>
              </tr>\n";

        echo "<tr>
362
                  <td colspan=2>*Retype Password:</td>
363
364
365
                  <td class=left>
                      <input type=password
                             name=\"formfields[password2]\"
366
                             value=\"$formfields[password2]\"
367
368
369
370
371
372
373
                             size=8></td>
             </tr>\n";
    }

    #
    # Project information
    #
Chad Barb's avatar
   
Chad Barb committed
374
375
376
377
    echo "<tr><th colspan=3>
               Project Information: 
               <!-- <em>(replace the example entries)</em> -->
              </th>
378
379
380
381
382
383
          </tr>\n";

    #
    # Project Name:
    #
    echo "<tr>
384
              <td colspan=2>*Project Name (alphanumeric):</td>
385
386
387
388
389
390
391
392
393
394
395
396
              <td class=left>
                  <input type=text
                         name=\"formfields[pid]\"
                         value=\"" . $formfields[pid] . "\"
	                 size=$TBDB_PIDLEN maxlength=$TBDB_PIDLEN>
              </td>
          </tr>\n";

    #
    # Project Description:
    #
    echo "<tr>
397
              <td colspan=2>*Project Description:</td>
398
399
400
401
402
403
404
405
406
407
408
409
              <td class=left>
                  <input type=text
                         name=\"formfields[proj_name]\"
                         value=\"" . $formfields[proj_name] . "\"
	                 size=40>
              </td>
          </tr>\n";

    #
    # URL:
    #
    echo "<tr>
410
              <td colspan=2>*URL:</td>
411
412
413
414
415
416
417
418
419
420
421
422
              <td class=left>
                  <input type=text
                         name=\"formfields[proj_URL]\"
                         value=\"" . $formfields[proj_URL] . "\"
                         size=45>
              </td>
          </tr>\n";

    #
    # Publicly visible.
    #
    echo "<tr>
423
424
              <td colspan=2>*Can we list your project publicly as
                             an \"Emulab User?\":
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
                  <br>
                  (See our <a href=\"projectlist.php3\"
                              target=\"Users\">Users</a> page)
              </td>
              <td><input type=checkbox value=checked
                         name=\"formfields[proj_public]\"
                         " . $formfields[proj_public] . ">
                         Yes &nbsp
 	          <br>
                  *If \"No\" please tell us why not:<br>
                  <input type=text
                         name=\"formfields[proj_whynotpublic]\"
                         value=\"" . $formfields[proj_whynotpublic] . "\"
	                 size=45>
             </td>
      </tr>\n";

442
443
444
445
446
    #
    # Will you add a link?
    #
    echo "<tr>
              <td colspan=2>*Will you add a link on your project page
447
                             to <a href=\"$TBDOCBASE\" target='_blank'>$WWWHOST</a>?
448
449
450
451
452
453
454
455
              </td>
              <td><input type=checkbox value=checked
                         name=\"formfields[proj_linked]\"
                         " . $formfields[proj_linked] . ">
                         Yes &nbsp
              </td>
      </tr>\n";

456
457
458
459
    #
    # Funders/Grant numbers
    #
    echo "<tr>
460
              <td colspan=2>*Funding Sources and Grant Numbers:<br>
461
462
463
464
465
466
467
468
469
470
471
472
473
                  (Type \"none\" if not funded)</td>
              <td class=left>
                  <input type=text
                         name=\"formfields[proj_funders]\"
                         value=\"" . $formfields[proj_funders] . "\"
	                 size=45>
              </td>
          </tr>\n";

    #
    # Nodes and PCs and Users
    #
    echo "<tr>
474
              <td colspan=2>*Estimated #of Project Members:</td>
475
476
477
478
479
480
481
482
483
              <td class=left>
                  <input type=text
                         name=\"formfields[proj_members]\" 
                         value=\"" . $formfields[proj_members] . "\"
                         size=4>
              </td>
          </tr>\n";

    echo "<tr>
484
              <td colspan=2>*Estimated #of
485
        <a href=\"$TBDOCBASE/docwrapper.php3?docname=hardware.html#tbpcs\" target='_blank'>
486
                             PCs</a>:</td>
487
488
489
490
491
492
493
494
495
              <td class=left>
                  <input type=text
                         name=\"formfields[proj_pcs]\"
                         value=\"" . $formfields[proj_pcs] . "\"
                         size=4>
              </td>
          </tr>\n";

    echo "<tr>
496
              <td colspan=2>Request Access to 
497
        <a href=\"$TBDOCBASE/docwrapper.php3?docname=widearea.html\" target='_blank'>
498
                             Planetlab PCs</a>:</td>
499
              <td class=left>
500
                  <input type=checkbox value=checked
501
                         name=\"formfields[proj_plabpcs]\"
502
503
                         " . $formfields[proj_plabpcs] . ">
                         Yes &nbsp
504
505
506
507
              </td>
          </tr>\n";

    echo "<tr>
508
              <td colspan=2>Request Access to 
509
        <a href=\"$TBDOCBASE/docwrapper.php3?docname=widearea.html\" target='_blank'>
Leigh B. Stoller's avatar
Leigh B. Stoller committed
510
                             wide-area PCs</a>:</td>
511
              <td class=left>
512
                  <input type=checkbox value=checked
513
                         name=\"formfields[proj_ronpcs]\"
514
515
                         " . $formfields[proj_ronpcs] . ">
                         Yes &nbsp
516
517
518
519
520
521
522
              </td>
          </tr>\n";

    #
    # Why!
    # 
    echo "<tr>
523
              <td colspan=3>
524
525
526
527
               *Please describe how and why you'd like to use the testbed.
              </td>
          </tr>
          <tr>
528
              <td colspan=3 align=center class=left>
529
530
531
532
533
534
535
536
                  <textarea name=\"formfields[proj_why]\"
                    rows=10 cols=60>" .
	            ereg_replace("\r", "", $formfields[proj_why]) .
	            "</textarea>
              </td>
          </tr>\n";

    echo "<tr>
537
              <td colspan=3 align=center>
538
539
540
541
542
543
544
545
546
547
                 <b><input type=submit name=submit value=Submit></b>
              </td>
          </tr>\n";

    echo "</form>
          </table>\n";

    echo "<h4><blockquote><blockquote>
          <ol>
            <li> Please consult our
548
                 <a href = 'docwrapper.php3?docname=security.html' target='_blank'>
549
                 security policies</a> for information
550
551
552
553
                 regarding passwords and email addresses.\n";
    if (! $returning) {
	echo "<li> If you want us to use your existing ssh public key,
                   then either paste it in or specify the path to your
554
                   your identity.pub file. <font color=red>NOTE:</font>
555
                   We use the <a href=http://www.openssh.org target='_blank'>OpenSSH</a>
Leigh B. Stoller's avatar
Leigh B. Stoller committed
556
                   key format,
557
558
                   which has a slightly different protocol 2 public key format
                   than some of the commercial vendors such as
559
                   <a href=http://www.ssh.com target='_blank'>SSH Communications</a>. If you
560
561
562
563
                   use one of these commercial vendors, then please
                   upload the public  key file and we will convert it
                   for you. <i>Please do not paste it in.</i>\n

564
              <li> Note to <a href=http://www.opera.com target='_blank'><b>Opera 5</b></a>
565
566
567
568
569
                   users: The file upload mechanism is broken in Opera, so
                   you cannot specify a local file for upload. Instead,
                   please paste your public key in.\n";
    }
    echo "</ol>
570
571
          </blockquote></blockquote>
          </h4>\n";
572
}
573
574
575
576

#
# The conclusion of a newproject request. See below.
# 
577
if (isset($_GET['finished'])) {
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
    PAGEHEADER("Start a New Testbed Project");

    echo "<center><h2>
           Your project request has been successfully queued.
          </h2></center>
          Testbed Operations has been notified of your application.
          Most applications are reviewed within a day; some even within
          the hour, but sometimes as long as a week (rarely). We will notify
          you by e-mail when a decision has been made.\n";

    if (! $returning) {
	echo "<br>
              <p>
              In the meantime, as a new user of the Testbed you will receive
              a key via email.
              When you receive the message, please follow the instructions
              contained in the message on how to verify your account.\n";
    }
    PAGEFOOTER();
    return;
598
}
599
600
601
602

#
# On first load, display a virgin form and exit.
#
603
if (! isset($_POST['submit'])) {
604
605
606
    $defaults = array();
    $defaults[proj_URL] = "$HTTPTAG";
    $defaults[usr_URL] = "$HTTPTAG";
Chad Barb's avatar
   
Chad Barb committed
607
    $defaults[usr_country] = "USA";
608
609
    $defaults[proj_ronpcs]  = "";
    $defaults[proj_plabpcs] = "";
610
    $defaults[proj_public] = "checked";
611
    $defaults[proj_linked] = "checked";
612
613
614
615
616
617
618
619
620
621

    if ($FirstInitState == "createproject") {
	$defaults[pid]          = "testbed";
	$defaults[proj_pcs]     = "256";
	$defaults[proj_members] = "256";
	$defaults[proj_funders] = "none";
	$defaults[proj_name]    = "Your Testbed Project";
	$defaults[proj_why]     = "This project is used for testbed ".
	    "administrators to develop and test new software. ";
    }
622
623
624
625
    
    SPITFORM($defaults, $returning, 0);
    PAGEFOOTER();
    return;
626
}
627
628
629
else {
    # Form submitted. Make sure we have a formfields array and a target_uid.
    if (!isset($_POST['formfields']) ||
630
	!is_array($_POST['formfields'])) {
631
632
633
634
	PAGEARGERROR("Invalid form arguments.");
    }
    $formfields = $_POST['formfields'];
}
635
636
637
638
639
640
641
642
643
644

#
# Otherwise, must validate and redisplay if errors
#
$errors = array();

#
# These fields are required!
#
if (! $returning) {
645
646
647
648
649
650
651
652
653
654
655
656
    if ($USERSELECTUIDS || $FirstInitState == "createproject") {
	if (!isset($formfields[proj_head_uid]) ||
	    strcmp($formfields[proj_head_uid], "") == 0) {
	    $errors["Username"] = "Missing Field";
	}
	elseif (!TBvalid_uid($formfields[proj_head_uid])) {
	    $errors["UserName"] = TBFieldErrorString();
	}
	elseif (TBCurrentUser($formfields[proj_head_uid]) ||
		posix_getpwnam($formfields[proj_head_uid])) {
	    $errors["UserName"] = "Already in use. Pick another";
	}
657
    }
658
659
    if (!isset($formfields[usr_title]) ||
	strcmp($formfields[usr_title], "") == 0) {
660
	$errors["Job Title/Position"] = "Missing Field";
661
    }
662
    elseif (! TBvalid_title($formfields[usr_title])) {
663
	$errors["Job Title/Position"] = TBFieldErrorString();
664
    }
665
666
667
668
    if (!isset($formfields[usr_name]) ||
	strcmp($formfields[usr_name], "") == 0) {
	$errors["Full Name"] = "Missing Field";
    }
669
    elseif (! TBvalid_usrname($formfields[usr_name])) {
670
	$errors["Full Name"] = TBFieldErrorString();
671
    }
672
673
674
675
676
677
    # Make sure user name has at least two tokens!
    $tokens = preg_split("/[\s]+/", $formfields[usr_name],
			 -1, PREG_SPLIT_NO_EMPTY);
    if (count($tokens) < 2) {
	$errors["Full Name"] = "Please provide a first and last name";
    }
678
679
680
681
682
683
684
685
686
687
688
689
    if ($WIKISUPPORT) {
	if (!isset($formfields[wikiname]) ||
	    strcmp($formfields[wikiname], "") == 0) {
	    $errors["WikiName"] = "Missing Field";
	}
	elseif (! TBvalid_wikiname($formfields[wikiname])) {
	    $errors["WikiName"] = TBFieldErrorString();
	}
	elseif (TBCurrentWikiName($formfields[wikiname])) {
	    $errors["WikiName"] = "Already in use. Pick another";
	}
    }
690
691
692
693
    if (!isset($formfields[usr_affil]) ||
	strcmp($formfields[usr_affil], "") == 0) {
	$errors["Affiliation"] = "Missing Field";
    }
694
695
696
    elseif (! TBvalid_affiliation($formfields[usr_affil])) {
	$errors["Affiliation"] = TBFieldErrorString();
    }
697
698
699
700
    if (!isset($formfields[usr_email]) ||
	strcmp($formfields[usr_email], "") == 0) {
	$errors["Email Address"] = "Missing Field";
    }
701
    elseif (! TBvalid_email($formfields[usr_email])) {
702
	$errors["Email Address"] = TBFieldErrorString();
703
    }
704
705
706
707
    elseif (TBCurrentEmail($formfields[usr_email])) {
        #
        # Treat this error separate. Not allowed.
        #
708
709
	$errors["Email Address"] =
	    "Already in use. <b>Did you forget to login?</b>";
710
    }
711
712
713
714
715
716
717
718
    if (isset($formfields[usr_URL]) &&
	strcmp($formfields[usr_URL], "") &&
	strcmp($formfields[usr_URL], $HTTPTAG) &&
	! CHECKURL($formfields[usr_URL], $urlerror)) {
	$errors["Home Page URL"] = $urlerror;
    }
    if (!isset($formfields[usr_addr]) ||
	strcmp($formfields[usr_addr], "") == 0) {
719
720
721
722
723
724
725
726
727
	$errors["Address 1"] = "Missing Field";
    }
    elseif (! TBvalid_addr($formfields[usr_addr])) {
	$errors["Address 1"] = TBFieldErrorString();
    }
    # Optional
    if (isset($formfields[usr_addr2]) &&
	!TBvalid_addr($formfields[usr_addr2])) {
	$errors["Address 2"] = TBFieldErrorString();
728
    }
729
730
731
732
    if (!isset($formfields[usr_city]) ||
	strcmp($formfields[usr_city], "") == 0) {
	$errors["City"] = "Missing Field";
    }
733
734
735
    elseif (! TBvalid_city($formfields[usr_city])) {
	$errors["City"] = TBFieldErrorString();
    }
736
737
738
739
    if (!isset($formfields[usr_state]) ||
	strcmp($formfields[usr_state], "") == 0) {
	$errors["State"] = "Missing Field";
    }
740
741
742
    elseif (! TBvalid_state($formfields[usr_state])) {
	$errors["State"] = TBFieldErrorString();
    }
743
744
    if (!isset($formfields[usr_zip]) ||
	strcmp($formfields[usr_zip], "") == 0) {
Chad Barb's avatar
   
Chad Barb committed
745
746
	$errors["ZIP/Postal Code"] = "Missing Field";
    }
747
748
749
    elseif (! TBvalid_zip($formfields[usr_zip])) {
	$errors["Zip/Postal Code"] = TBFieldErrorString();
    }
Chad Barb's avatar
   
Chad Barb committed
750
751
752
    if (!isset($formfields[usr_country]) ||
	strcmp($formfields[usr_country], "") == 0) {
	$errors["Country"] = "Missing Field";
753
    }
754
755
756
    elseif (! TBvalid_country($formfields[usr_country])) {
	$errors["Country"] = TBFieldErrorString();
    }
757
758
759
760
    if (!isset($formfields[usr_phone]) ||
	strcmp($formfields[usr_phone], "") == 0) {
	$errors["Phone #"] = "Missing Field";
    }
761
    elseif (!TBvalid_phone($formfields[usr_phone])) {
762
	$errors["Phone #"] = TBFieldErrorString();
763
764
765
766
767
768
769
770
771
772
773
774
    }
    if (!isset($formfields[password1]) ||
	strcmp($formfields[password1], "") == 0) {
	$errors["Password"] = "Missing Field";
    }
    if (!isset($formfields[password2]) ||
	strcmp($formfields[password2], "") == 0) {
	$errors["Confirm Password"] = "Missing Field";
    }
    elseif (strcmp($formfields[password1], $formfields[password2])) {
	$errors["Confirm Password"] = "Does not match Password";
    }
775
776
777
    elseif (! CHECKPASSWORD((($USERSELECTUIDS ||
			     $FirstInitState == "createproject") ?
			     $formfields[proj_head_uid] : "ignored"),
778
779
780
781
782
			    $formfields[password1],
			    $formfields[usr_name],
			    $formfields[usr_email], $checkerror)) {
	$errors["Password"] = "$checkerror";
    }
783
}
784
785
786
787

if (!isset($formfields[pid]) ||
    strcmp($formfields[pid], "") == 0) {
    $errors["Project Name"] = "Missing Field";
788
}
789
else {
790
    if (!TBvalid_newpid($formfields[pid])) {
791
	$errors["Project Name"] = TBFieldErrorString();
792
793
794
795
796
    }
    elseif (TBValidProject($formfields[pid])) {
	$errors["Project Name"] =
	    "Already in use. Select another";
    }
797
}
798

799
800
801
if (!isset($formfields[proj_name]) ||
    strcmp($formfields[proj_name], "") == 0) {
    $errors["Project Description"] = "Missing Field";
802
}
803
804
805
elseif (! TBvalid_description($formfields[proj_name])) {
    $errors["Project Description"] = TBFieldErrorString();
}
806
807
808
809
if (!isset($formfields[proj_URL]) ||
    strcmp($formfields[proj_URL], "") == 0 ||
    strcmp($formfields[proj_URL], $HTTPTAG) == 0) {    
    $errors["Project URL"] = "Missing Field";
810
}
811
812
elseif (! CHECKURL($formfields[proj_URL], $urlerror)) {
    $errors["Project URL"] = $urlerror;
813
}
814
815
816
if (!isset($formfields[proj_funders]) ||
    strcmp($formfields[proj_funders], "") == 0) {
    $errors["Funding Sources"] = "Missing Field";
817
}
818
819
820
elseif (! TBvalid_description($formfields[proj_funders])) {
    $errors["Funding Sources"] = TBFieldErrorString();
}
821
822
823
if (!isset($formfields[proj_members]) ||
    strcmp($formfields[proj_members], "") == 0) {
    $errors["#of Members"] = "Missing Field";
824
}
825
826
elseif (! TBvalid_num_members($formfields[proj_members])) {
    $errors["#of Members"] = TBFieldErrorString();
827
}
828
829
830
if (!isset($formfields[proj_pcs]) ||
    strcmp($formfields[proj_pcs], "") == 0) {
    $errors["#of PCs"] = "Missing Field";
831
}
832
833
elseif (! TBvalid_num_pcs($formfields[proj_pcs])) {
    $errors["#of PCs"] = TBFieldErrorString();
834
}
835
836
837
838
839

if (isset($formfields[proj_plabpcs]) &&
    strcmp($formfields[proj_plabpcs], "") &&
    strcmp($formfields[proj_plabpcs], "checked")) {
    $errors["Planetlab Access"] = "Bad Value";
840
}
841
842
843
844
if (isset($formfields[proj_ronpcs]) &&
    strcmp($formfields[proj_ronpcs], "") &&
    strcmp($formfields[proj_ronpcs], "checked")) {
    $errors["Ron Access"] = "Bad Value";
845
}
846
847
if (!isset($formfields[proj_why]) ||
    strcmp($formfields[proj_why], "") == 0) {
848
    $errors["How and Why?"] = "Missing Field";
849
}
850
851
elseif (! TBvalid_why($formfields[proj_why])) {
    $errors["How and Why?"] = TBFieldErrorString();
852
}
853
854
855
856
857
if ((!isset($formfields[proj_public]) ||
     strcmp($formfields[proj_public], "checked")) &&
    (!isset($formfields[proj_whynotpublic]) ||
     strcmp($formfields[proj_whynotpublic], "") == 0)) {
    $errors["Why Not Public?"] = "Missing Field";
858
}
859
860
861
862
863
if (isset($formfields[proj_linked]) &&
    strcmp($formfields[proj_linked], "") &&
    strcmp($formfields[proj_linked], "checked")) {
    $errors["Link to Us"] = "Bad Value";
}
864

865
# Present these errors before we call out to do pubkey stuff; saves work.
866
867
868
869
if (count($errors)) {
    SPITFORM($formfields, $returning, $errors);
    PAGEFOOTER();
    return;
870
871
}

872
# Okay, do pubkey checks.
873
if (!$returning) {
874
    #
875
876
    # Pub Key.
    #
877
878
    if (isset($formfields[usr_key]) &&
	strcmp($formfields[usr_key], "")) {
879
        #
880
881
        # This is passed off to the shell, so taint check it.
        # 
882
883
884
885
	if (! preg_match("/^[-\w\s\.\@\+\/\=]*$/", $formfields[usr_key])) {
	    $errors["PubKey"] = "Invalid characters";
	}
	else {
886
887
888
889
890
891
            #
            # Replace any embedded newlines first.
            #
	    $formfields[usr_key] =
		ereg_replace("[\n]", "", $formfields[usr_key]);
	    $usr_key = $formfields[usr_key];
892
893
894
895
896
897
898
899
900
901
902

            #
            # Verify key format.
            #
	    if (ADDPUBKEY(null, "webaddpubkey -n -k '$usr_key' ")) {
		$errors["Pubkey Format"] =
		    "Could not be parsed. Is it a public key?";
	    }
	    else {
		$addpubkeyargs = "-k '$usr_key' ";
	    }
903
	}
904
    }
905

906
907
908
    #
    # If usr provided a file for the key, it overrides the paste in text.
    #
909
910
911
912
913
    if (isset($_FILES['usr_keyfile']) &&
	$_FILES['usr_keyfile']['name'] != "" &&
	$_FILES['usr_keyfile']['name'] != "none") {

	$localfile = $_FILES['usr_keyfile']['tmp_name'];
914

915
	if (! stat($localfile)) {
916
	    $errors["PubKey File"] = "No such file";
917
	}
918
919
920
921
        # Taint check shell arguments always! 
	elseif (! preg_match("/^[-\w\.\/]*$/", $localfile)) {
	    $errors["PubKey File"] = "Invalid characters";
	}
922
	else {
923
924
925
926
927
928
929
930
931
932
933
934
935
	    chmod($localfile, 0644);

            #
            # Verify key format.
            #
	    if (ADDPUBKEY(null, "webaddpubkey -n $localfile ")) {
		$errors["Pubkey Format"] =
		    "Could not be parsed. Is it a public key?";
	    }
	    else {
		$addpubkeyargs = "$localfile";
	    }
	    
936
	}
937
    }
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
}

# Done with sanity checks!
if (count($errors)) {
    SPITFORM($formfields, $returning, $errors);
    PAGEFOOTER();
    return;
}

#
# Certain of these values must be escaped or otherwise sanitized.
#
if (!$returning) {
    $proj_head_uid     = (($USERSELECTUIDS ||
			   $FirstInitState == "createproject") ?
Leigh B. Stoller's avatar
Leigh B. Stoller committed
953
			  $formfields[proj_head_uid] : null);
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
    $usr_title         = addslashes($formfields[usr_title]);
    $usr_name          = addslashes($formfields[usr_name]);
    $usr_affil         = addslashes($formfields[usr_affil]);
    $usr_email         = $formfields[usr_email];
    $usr_addr          = addslashes($formfields[usr_addr]);
    $usr_city          = addslashes($formfields[usr_city]);
    $usr_state         = addslashes($formfields[usr_state]);
    $usr_zip           = addslashes($formfields[usr_zip]);
    $usr_country       = addslashes($formfields[usr_country]);
    $usr_phone         = $formfields[usr_phone];
    $password1         = $formfields[password1];
    $password2         = $formfields[password2];
    $wikiname          = ($WIKISUPPORT ? $formfields[wikiname] : "");
    $usr_returning     = "No";

    if (! isset($formfields[usr_URL]) ||
	strcmp($formfields[usr_URL], "") == 0 ||
	strcmp($formfields[usr_URL], $HTTPTAG) == 0) {
	$usr_URL = "";
    }
    else {
	$usr_URL = addslashes($formfields[usr_URL]);
    }
    
    if (! isset($formfields[usr_addr2])) {
	$usr_addr2 = "";
    }
    else {
	$usr_addr2 = addslashes($formfields[usr_addr2]);
983
984
    }

985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
    $args = array();
    $args["usr_expires"]   = $proj_expires;
    $args["usr_name"]	   = $usr_name;
    $args["usr_email"]     = $usr_email;
    $args["usr_addr"]      = $usr_addr;
    $args["usr_addr2"]     = $usr_addr2;
    $args["usr_city"]      = $usr_city;
    $args["usr_state"]     = $usr_state;
    $args["usr_zip"]       = $usr_zip;
    $args["usr_country"]   = $usr_country;
    $args["usr_URL"]       = $usr_URL;
    $args["usr_phone"]     = $usr_phone;
    $args["usr_shell"]     = 'tcsh';
    $args["usr_title"]     = $usr_title;
    $args["usr_affil"]     = $usr_affil;
    $args["usr_pswd"]      = crypt("$password1");
    $args["wikiname"]      = $wikiname;

    if (! ($leader = User::NewUser($proj_head_uid, 1, 0, $args))) {
	TBERROR("Could not create new user '$usr_email'!", 1);
    }
    # If null; used below
    $proj_head_uid = $leader->uid();

    if (isset($addpubkeyargs)) {
	ADDPUBKEY($proj_head_uid,
		  "webaddpubkey -u $proj_head_uid $addpubkeyargs");
1012
    }
1013
1014
}
else {
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
    if (! ($leader = User::LookupByUid($proj_head_uid))) {
	TBERROR("Could not lookup project leader '$proj_head_uid'!", 1);
    }

    $usr_title	   = $leader->title();
    $usr_name	   = $leader->name();
    $usr_affil	   = $leader->affil();
    $usr_email	   = $leader->email();
    $usr_addr	   = $leader->addr();
    $usr_addr2     = $leader->addr2();
    $usr_city	   = $leader->city();
    $usr_state	   = $leader->state();
    $usr_zip	   = $leader->zip();
    $usr_country   = $leader->country();
    $usr_phone	   = $leader->phone();
    $usr_URL       = $leader->URL();
    $wikiname      = $leader->wikiname();
1032
    $usr_returning = "Yes";
1033
}
1034
1035

# And the project details.
1036
1037
$pid               = $formfields[pid];
$proj_name	   = addslashes($formfields[proj_name]);
1038
$proj_URL          = addslashes($formfields[proj_URL]);
1039
1040
1041
1042
1043
1044
$proj_funders      = addslashes($formfields[proj_funders]);
$proj_whynotpublic = addslashes($formfields[proj_whynotpublic]);
$proj_members      = $formfields[proj_members];
$proj_pcs          = $formfields[proj_pcs];
$proj_why	   = addslashes($formfields[proj_why]);
$proj_expires      = date("Y:m:d", time() + (86400 * 120));
1045

1046
1047
1048
1049
1050
1051
1052
1053
if (!isset($formfields[proj_public]) ||
    strcmp($formfields[proj_public], "checked")) {
    $proj_public = "No";
    $public = 0;
}
else {
    $proj_public = "Yes";
    $public = 1;
1054
}
1055
1056
1057
if (!isset($formfields[proj_linked]) ||
    strcmp($formfields[proj_linked], "checked")) {
    $proj_linked = "No";
1058
    $linked = 0;
1059
1060
1061
}
else {
    $proj_linked = "Yes";
1062
    $linked = 1;
1063
}
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
if (isset($formfields[proj_plabpcs]) &&
    $formfields[proj_plabpcs] == "checked") {
    $proj_plabpcs = "Yes";
    $plabpcs = 1;
}
else {
    $proj_plabpcs = "No";
    $plabpcs = 0;
}
if (isset($formfields[proj_ronpcs]) &&
    $formfields[proj_ronpcs] == "checked") {
    $proj_ronpcs = "Yes";
    $ronpcs = 1;
}
else {
    $proj_ronpcs = "No";
    $ronpcs = 0;
}
1082
1083
1084
1085
1086


#
# Now for the new Project
#
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
$args = array();
$args["expires"]       = $proj_expires;
$args["name"]	       = $proj_name;
$args["URL"]           = $proj_URL;
$args["num_members"]   = $proj_members;
$args["num_pcs"]       = $proj_pcs;
$args["why"]           = $proj_why;
$args["funders"]       = $proj_funders;
$args["num_pcplab"]    = $plabpcs;
$args["num_ron"]       = $ronpcs;
$args["public"]        = $public;
$args["public_whynot"] = $proj_whynotpublic;
$args["linked_to_us"]  = $linked;

if (! ($project = Project::NewProject($pid, $leader, $args))) {
	TBERROR("Could not create new project '$pid'!", 1);
}
1104

1105
#
1106
# If a new user, do not send the full blown message until verified.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
1107
#
1108
if ($returning || $FirstInitState) {
1109
1110
    $unix_gid  = $project->unix_gid();
    $unix_name = $project->unix_name();
1111

1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
    #
    # The mail message to the approval list.
    # 
    TBMAIL($TBMAIL_APPROVAL,
	   "New Project '$pid' ($proj_head_uid)",
	   "'$usr_name' wants to start project '$pid'.\n".
	   "\n".
	   "Name:            $usr_name ($proj_head_uid)\n".
	   "Returning User?: $usr_returning\n".
	   "Email:           $usr_email\n".
	   "User URL:        $usr_URL\n".
	   "Project:         $proj_name\n".
	   "Expires:         $proj_expires\n".
	   "Project URL:     $proj_URL\n".
	   "Public URL:      $proj_public\n".
	   "Why Not Public:  $proj_whynotpublic\n".
	   "Link to Us?:     $proj_linked\n".
	   "Funders:         $proj_funders\n".
1130
	   "Job Title:       $usr_title\n".
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
	   "Affiliation:     $usr_affil\n".
	   "Address 1:       $usr_addr\n".
	   "Address 2:       $usr_addr2\n".
	   "City:            $usr_city\n".
	   "State:           $usr_state\n".
	   "ZIP/Postal Code: $usr_zip\n".
	   "Country:         $usr_country\n".
	   "Phone:           $usr_phone\n".
	   "Members:         $proj_members\n".
	   "PCs:             $proj_pcs\n".
	   "Planetlab PCs:   $proj_plabpcs\n".
	   "RON PCs:         $proj_ronpcs\n".
	   "Unix GID:        $unix_name ($unix_gid)\n".
	   "Reasons:\n$proj_why\n\n".
	   "Please review the application and when you have made a \n".
	   "decision, go to $TBWWW and\n".
	   "select the 'Project Approval' page.\n\n".
	   "They are expecting a result within 72 hours.\n", 
	   "From: $usr_name '$proj_head_uid' <$usr_email>\n".
	   "Reply-To: $TBMAIL_APPROVAL\n".
	   "Errors-To: $TBMAIL_WWW");
}
else {
    TBMAIL($TBMAIL_APPROVAL,
	   "New Project '$pid' ($proj_head_uid)",
	   "'$usr_name' wants to start project '$pid'.\n".
	   "\n".
	   "Name:            $usr_name ($proj_head_uid)\n".
1159
	   "Email:           $usr_email\n".
1160
1161
1162
1163
1164
1165
1166
	   "Returning User?: No\n".
	   "\n".
	   "No action is necessary until the user has verified the account.\n",
	   "From: $usr_name '$proj_head_uid' <$usr_email>\n".
	   "Reply-To: $TBMAIL_APPROVAL\n".
	   "Errors-To: $TBMAIL_WWW");
}
1167

1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
if ($FirstInitState) {
    #
    # The first user gets admin status and some extra groups, etc.
    #
    DBQueryFatal("update users set ".
		 "  admin=1,status='". TBDB_USERSTATUS_UNAPPROVED . "' " .
		 "where uid='$proj_head_uid'");

    DBQueryFatal("insert into unixgroup_membership set ".
		 "uid='$proj_head_uid', gid='wheel'");
    
    DBQueryFatal("insert into unixgroup_membership set ".
		 "uid='$proj_head_uid', gid='$TBADMINGROUP'");

1182
1183
    Group::Initialize($proj_head_uid, $pid);
    
1184
1185
1186
1187
1188
1189
1190
1191
1192
    #
    # Move to next phase. 
    # 
    TBSetFirstInitPid($pid);
    TBSetFirstInitState("approveproject");
    header("Location: approveproject.php3?pid=$pid&approval=approve");
    return;
}

1193
#
1194
1195
1196
# Spit out a redirect so that the history does not include a post
# in it. The back button skips over the post and to the form.
# See above for conclusion.
1197
# 
1198
1199
header("Location: newproject.php3?finished=1");

1200
?>