usradded.php3 9.82 KB
Newer Older
1
2
3
<?php
include("defs.php3");

4
5
6
7
8
#
# Standard Testbed Header
#
PAGEHEADER("Join a Project");

9
10
11
12
#
# First off, sanity check the form to make sure all the required fields
# were provided. I do this on a per field basis so that we can be
# informative. Be sure to correlate these checks with any changes made to
13
# the project form. 
14
#
15
16
if (!isset($joining_uid) ||
    strcmp($joining_uid, "") == 0) {
17
  FORMERROR("UserName");
18
19
20
}
if (!isset($usr_email) ||
    strcmp($usr_email, "") == 0) {
21
  FORMERROR("Email Address");
22
23
24
}
if (!isset($usr_name) ||
    strcmp($usr_name, "") == 0) {
25
  FORMERROR("Full Name");
26
}
27
28
if (!isset($pid) ||
    strcmp($pid, "") == 0) {
29
  FORMERROR("Project");
30
}
31
32
if (!isset($usr_affil) ||
    strcmp($usr_affil, "") == 0) {
33
  FORMERROR("Institutional Afilliation");
34
35
36
}
if (!isset($usr_title) ||
    strcmp($usr_title, "") == 0) {
37
  FORMERROR("Title/Position");
38
39
}

40
#
41
# Check joining_uid for sillyness.
42
#
43
if (! ereg("^[a-z0-9]+$", $joining_uid)) {
44
45
46
47
    USERERROR("Your username name must be lowercase alphanumeric characters ".
	      "only!", 1);
}

48
#
49
# Database limits
50
#
51
52
if (strlen($joining_uid) > $TBDB_UIDLEN) {
    USERERROR("The name \"$joining_uid\" is too long! ".
53
54
55
              "Please select another.", 1);
}

56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
#
# Check that email address looks reasonable. We need the domain for
# below anyway.
#
$email_domain = strstr($usr_email, "@");
if (! $email_domain ||
    strcmp($usr_email, $email_domain) == 0 ||
    strlen($email_domain) <= 1 ||
    ! strstr($email_domain, ".")) {
    USERERROR("The email address `$usr_email' looks invalid!. Please ".
	      "go back and fix it up", 1);
}
$email_domain = substr($email_domain, 1);
$email_user   = substr($usr_email, 0, strpos($usr_email, "@", 0));

71
72
73
74
75
76
77
78
#
# Check URLs. 
#
if (strcmp($usr_url, $HTTPTAG) == 0) {
    $usr_url = "";
}
VERIFYURL($usr_url);

79
80
81
82
83
84
85
86
#
# Certain of these values must be escaped or otherwise sanitized.
#
$usr_name  = addslashes($usr_name);
$usr_affil = addslashes($usr_affil);
$usr_title = addslashes($usr_title);
$usr_addr  = addslashes($usr_addr);

87
#
88
# See if this is a new user or one returning.
89
#
90
$query_result = mysql_db_query($TBDBNAME,
91
	"SELECT usr_pswd FROM users WHERE uid=\"$joining_uid\"");
92
93
if (! $query_result) {
    $err = mysql_error();
94
    TBERROR("Database Error retrieving info for $joining_uid: $err\n", 1);
95
}
96
if (mysql_num_rows($query_result) > 0) {
97
98
    $returning = 1;
}
99
100
101
102
103
104
105
106
107
else {
    $returning = 0;
}

#
# If a user returning, then the login must be valid to continue any further.
# For a new user, the password must pass our tests.
#
if ($returning) {
108
109
    if (CHECKLOGIN($joining_uid) != 1) {
        USERERROR("The Username '$joining_uid' is in use. ".
110
111
112
113
114
		  "If you already have an Emulab account, please go back ".
		  "and login before trying to join a new project.<br><br>".
		  "If you are a <em>new</em> Emulab user trying to join ".
                  "your first project, please go back and select a different ".
		  "Username.", 1);
115
116
    }
}
117
else {
118
119
120
121
122
123
124
125
126
    #
    # Check new username against CS logins so that external people do
    # not pick names that overlap with CS names.
    #
    if (! strstr($email_domain, "cs.utah.edu")) {
	$dbm = dbmopen($TBCSLOGINS, "r");
	if (! $dbm) {
	    TBERROR("Could not dbmopen $TBCSLOGINS from usradded.php3\n", 1);
	}
127
	if (dbmexists($dbm, $joining_uid)) {
128
	    dbmclose($dbm);
129
	    USERERROR("The username '$joining_uid' is already in use. ".
130
131
132
133
134
		      "Please go back and choose another.", 1);
	}
	dbmclose($dbm);
    }
    
135
    if (strcmp($password1, $password2)) {
136
137
138
        USERERROR("You typed different passwords in each of the two password ".
                  "entry fields. <br> Please go back and correct them.",
                  1);
139
140
    }
    $mypipe = popen(escapeshellcmd(
141
    "$TBCHKPASS_PATH $password1 $joining_uid '$usr_name:$usr_email'"),
142
143
144
145
    "w+");
    if ($mypipe) { 
        $retval=fgets($mypipe, 1024);
        if (strcmp($retval,"ok\n") != 0) {
146
147
            USERERROR("The password you have chosen will not work: ".
                      "<br><br>$retval<br>", 1);
148
149
150
        } 
    }
    else {
151
        TBERROR("TESTBED: checkpass failure\n".
152
                "\n$usr_name ($joining_uid) just tried to set up a testbed ".
153
154
                "account,\n".
                "but checkpass pipe did not open (returned '$mypipe').", 1);
155
156
157
    }
}

158
159
160
161
162
163
#
# Lets verify the project name and quit early if the project is bogus.
# We could let things continue, resulting in a valid account but no
# project membership, but I don't like that.
# 
$query_result = mysql_db_query($TBDBNAME,
164
	"SELECT pid FROM projects WHERE pid=\"$pid\"");
165
166
167
168
169
170
171
if (! $query_result) {
    $err = mysql_error();
    TBERROR("Database Error retrieving info for $pid: $err\n", 1);
}
if (mysql_num_rows($query_result) == 0) {
    USERERROR("No such project $pid. Please go back and try again.", 1);
}
172
173
174
175
176
177
178
#
# XXX String compare to ensure case match. 
#
$row = mysql_fetch_row($query_result);
if (strcmp($row[0], $pid)) {
    USERERROR("No such project $pid. Please go back and try again.", 1);
}
179

180
181
182
183
184
185
186
187
188
189
190
#
# For a new user:
# * Create a new account in the database.
# * Add user email to the list of email address.
# * Generate a mail message to the user with the verification key.
#
if (! $returning) {
    $encoding = crypt("$password1");

    $newuser_command = "INSERT INTO users ".
	"(uid,usr_created,usr_expires,usr_name,usr_email,usr_addr,".
Leigh B. Stoller's avatar
Leigh B. Stoller committed
191
	"usr_URL,usr_phone,usr_title,usr_affil,usr_pswd,unix_uid,status) ".
192
193
194
195
	"VALUES ('$joining_uid', now(), '$usr_expires', '$usr_name', ".
        "'$usr_email', ".
	"'$usr_addr', '$usr_url', '$usr_phone', '$usr_title', '$usr_affil',".
        "'$encoding', NULL, 'newuser')";
196
197
198
    $newuser_result  = mysql_db_query($TBDBNAME, $newuser_command);
    if (! $newuser_result) {
        $err = mysql_error();
199
200
        TBERROR("Database Error adding adding new user $joining_uid: ".
                "$err\n", 1);
201
202
    }

203
    $key = GENKEY($joining_uid);
204

205
    mail("$usr_name '$joining_uid' <$usr_email>", "TESTBED: Your New User Key",
206
	 "\n".
207
         "Dear $usr_name ($joining_uid):\n\n".
Leigh B. Stoller's avatar
Leigh B. Stoller committed
208
         "\tHere is your key to verify your account on the ".
209
         "Utah Network Testbed:\n\n".
210
211
212
213
         "\t\t$key\n\n".
         "Please return to $TBWWW and log in using\n".
	 "the user name and password you gave us when you applied. You will\n".
	 "then find an option on the menu called 'New User Verification'.\n".
214
	 "Select that option, and on that page enter your key.\n".
215
216
217
218
219
	 "You will then be verified as a user. When you have been both\n".
         "verified and approved by the head of the project, you will\n".
	 "be marked as an active user, and will be granted full access to\n".
  	 "your user account.\n\n".
         "Thanks,\n".
220
         "Testbed Ops\n".
221
         "Utah Network Testbed\n",
222
223
         "From: $TBMAIL_APPROVAL\n".
         "Bcc: $TBMAIL_APPROVAL\n".
224
225
226
227
228
         "Errors-To: $TBMAIL_WWW");

    #
    # Generate some warm fuzzies.
    #
229
230
231
    echo "<center><h1>Adding new Testbed User!</h1></center>";

    echo "<p>As a new user of the Testbed, for
232
233
234
          security purposes, you will receive by e-mail a key. When you
          receive it, come back to the site, and log in. When you do, you
          will see a new menu option called 'New User Verification'. On
235
          that page, enter in your key
236
          exactly as you received it in your e-mail. You will then be
237
238
          marked as a verified user.
          <p>Once you have been both verified
239
          and approved, you will be classified as an active user, and will 
240
          be granted full access to your user account.";
241
242
243
244
245
246
}

#
# Don't try to join twice!
# 
$query_result = mysql_db_query($TBDBNAME,
247
	"select * from proj_memb where uid='$joining_uid' and pid='$pid'");
248
249
if (mysql_num_rows($query_result) > 0) {
    die("<h3><br><br>".
250
        "You have already applied for membership in project: $pid.".
251
252
253
254
255
256
257
258
        "</h3>");
}

#
# Add to the project, but with trust=none. The project leader will have
# to upgrade the trust level, making the new user real.
#
$query_result = mysql_db_query($TBDBNAME,
259
	"insert into proj_memb (uid,pid,trust) ".
260
        "values ('$joining_uid','$pid','none');");
261
262
if (! $query_result) {
    $err = mysql_error();
263
    TBERROR("Database Error adding adding user $joining_uid to ".
264
            "project $pid: $err\n", 1);
265
266
267
268
269
270
271
}

#
# Generate an email message to the project leader. We have to get the
# email message out of the database, of course.
#
$query_result = mysql_db_query($TBDBNAME,
272
	"SELECT head_uid FROM projects WHERE pid='$pid'");
273
274
if (($row = mysql_fetch_row($query_result)) == 0) {
    $err = mysql_error();
275
276
    TBERROR("Database Error getting project leader for project $pid: $err\n",
             1);
277
}
278
$leader_uid = $row[0];
279
280

$query_result = mysql_db_query($TBDBNAME,
281
	"SELECT usr_name,usr_email FROM users WHERE uid='$leader_uid'");
282
283
if (($row = mysql_fetch_row($query_result)) == 0) {
    $err = mysql_error();
284
    TBERROR("Database Error getting email address for project leader ".
285
            "$leader_uid: $err\n", 1);
286
}
287
288
$leader_name = $row[0];
$leader_email = $row[1];
289

290
mail("$leader_name '$leader_uid' <$leader_email>",
291
292
     "TESTBED: $joining_uid $pid Project Join Request",
     "\n$usr_name ($joining_uid) is trying to join your project ($pid).\n".
293
     "$usr_name has the\n".
294
295
     "Testbed username $joining_uid and email address $usr_email.\n".
     "$usr_name's phone number is $usr_phone and address $usr_addr.\n\n".
296
297
298
299
     "Please return to $TBWWW\n".
     "log in, and select the 'New User Approval' page to enter your\n".
     "decision regarding $usr_name's membership in your project\n\n".
     "Thanks,\n".
300
     "Testbed Ops\n".
301
     "Utah Network Testbed\n",
302
303
     "From: $TBMAIL_APPROVAL\n".
     "Bcc: $TBMAIL_APPROVAL\n".
304
305
306
307
308
     "Errors-To: $TBMAIL_WWW");

#
# Generate some warm fuzzies.
#
309
echo "<br>
310
      <p>The leader of project '$pid' has been notified of your application.
311
      He/She will make a decision and either approve or deny your application,
312
      and you will be notified as soon as a decision has been made.";
313
314
315
316
317

#
# Standard Testbed Footer
# 
PAGEFOOTER();
318
?>