manage_profile.php 11.3 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
<?php
#
# Copyright (c) 2000-2014 University of Utah and the Flux Group.
# 
# {{{EMULAB-LICENSE
# 
# This file is part of the Emulab network testbed software.
# 
# This file is free software: you can redistribute it and/or modify it
# under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at
# your option) any later version.
# 
# This file is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public
# License for more details.
# 
# You should have received a copy of the GNU Affero General Public License
# along with this file.  If not, see <http://www.gnu.org/licenses/>.
# 
# }}}
#
chdir("..");
include("defs.php3");
chdir("apt");
include("quickvm_sup.php");

#
# Get current user.
#
$this_user = CheckLogin($check_status);

#
# Verify page arguments.
#
$optargs = OptionalPageArguments("create",      PAGEARG_STRING,
				 "formfields",  PAGEARG_ARRAY);

#
# Spit the form
#
43
function SPITFORM($formfields, $errors)
44
{
45
    global $this_user, $projlist;
46
47
48
49
50
51
52
53
54
55
56
57

    # XSS prevention.
    while (list ($key, $val) = each ($formfields)) {
	$formfields[$key] = CleanString($val);
    }
    # XSS prevention.
    if ($errors) {
	while (list ($key, $val) = each ($errors)) {
	    $errors[$key] = CleanString($val);
	}
    }

58
    $formatter = function($field, $label, $html, $help = null) use ($errors) {
59
60
61
62
63
64
	$class = "form-group";
	if ($errors && array_key_exists($field, $errors)) {
	    $class .= " has-error";
	}
	echo "<div class='$class'>\n";
	echo "  <label for='$field' ".
65
66
67
68
69
70
71
	"         class='col-sm-3 control-label'>$label ";
	if ($help) {
	    echo "<a href='#' data-toggle='tooltip' title='$help'>".
		"<span class='glyphicon glyphicon-question-sign'></span></a>";
	}
	echo "  </label>\n";
	echo "  <div class='col-sm-7'>\n";
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
	echo "     $html\n";
	if ($errors && array_key_exists($field, $errors)) {
	    echo "<label class='control-label' for='inputError'>" .
		$errors[$field] . "</label>\n";
	}
	echo "  </div>\n";
	echo "</div>\n";
    };

    SPITHEADER(1);

    echo "<div class='row'>
           <div class='col-lg-8  col-lg-offset-2
                       col-md-10 col-md-offset-1
                       col-sm-10 col-sm-offset-1
                       col-xs-12'>\n";
    echo "  <div class='panel panel-default'>
             <div class='panel-heading'>
              <h3 class='panel-title'>
                Create Profile
              </h3>
             </div>
             <div class='panel-body'>\n";
95

96
97
98
99
100
101
102
103
    echo "   <form id='quickvm_create_profile_form'
                   class='form-horizontal' role='form'
                   enctype='multipart/form-data'
                   method='post' action='manage_profile.php'>\n";
    echo "    <div class='row'>\n";
    echo "     <div class='col-sm-12'>\n";
    echo "      <fieldset>\n";

104
105
106
107
108
109
    #
    # Look for non-specific error.
    #
    if ($errors && array_key_exists("error", $errors)) {
	echo "<font color=red>" . $errors["error"] . "</font>";
    }
110
111
112
113
114
115

    $formatter("profile_name", "Profile Name",
	       "<input name=\"formfields[profile_name]\"
		       id='profile_name'
		       value='" . $formfields["profile_name"] . "'
                       class='form-control'
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
                       placeholder='' type='text'>",
	       "alphanumeric, dash, underscore, no whitespace");
    #
    # If user is a member of only one project, then just pass it
    # through, no need for the user to see it. Otherwise we have
    # to let the user choose.
    #
    if (count($projlist) == 1) {
	echo "<input type='hidden' name='formfields[profile_pid]' ".
	    "value='" . $projlist[0] . "'>\n";
    }
    else {
	$pid_options = "";
	while (list($project) = each($projlist)) {
	    $selected = "";
	    if ($formfields["profile_pid"] == $project) {
		$selected = "selected";
	    }
	    $pid_options .= 
		"<option $selected value='$project'>$project</option>\n";
	}
	$formatter("profile_pid", "Project",
		   "<select name=\"formfields[profile_pid]\"
		            id='profile_pid' class='form-control'
                            placeholder='Please Select'>$pid_options</select>");
    }
       
143
144
145
146
147
148
149
150
151
152
153
154
    $formatter("profile_description", "Description",
	       "<textarea name=\"formfields[profile_description]\"
		          id='profile_description'
		          rows=4
                          class='form-control'
                          placeholder=''
                          type='textarea'>" .
		    $formfields["profile_description"] . "</textarea>");
    $formatter("rspecfile", "Your rspec",
	       "<input name='rspecfile' id='rspecfile'
                       type=file class='form-control'>");

155
156
157
158
159
160
161
162
    $formatter("profile_public", "Public?",
	       "<div class='checkbox'>
                <label><input name=\"formfields[profile_public]\" ".
	               $formfields["profile_public"] .
	       "       id='profile_public' value=checked
                       type=checkbox> ".
	       "List on the public page for anyone to use?</label></div>");

163
164
165
166
    echo "      </fieldset>\n";

    echo "<div class='form-group'>
            <div class='col-sm-offset-2 col-sm-10'>
167
               <button class='btn btn-primary btm-sm pull-right'
168
169
170
171
                   id='profile_submit_button'
                   type='submit' name='create'>Create</button>
            </div>
          </div>\n";
172

173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
    echo "     </div>\n";
    echo "    </div>\n";
    echo "   </form></div>\n";
    echo "  </div>\n";
    echo " </div>\n";
    echo "</div>\n";

    echo "<!-- This is the topology view modal -->
          <div id='quickvm_topomodal' class='modal fade'>
          <div class='modal-dialog' id='showtopo_dialog'>
            <div class='modal-content'>
               <div class='modal-header'>
                <button type='button' class='close' data-dismiss='modal'
                   aria-hidden='true'>
                   &times;</button>
                <h3>Topology Viewer</h3>
               </div>
               <div class='modal-body'>
                 <!-- This topo diagram goes inside this div -->
                 <div class='panel panel-default'
                            id='showtopo_container'>
                    <div class='panel-body'>
                     <div id='showtopo_div'></div>
                    </div>
                 </div>
               </div>
            </div>
          </div>
          </div>\n";
    
    echo "<script type='text/javascript'>\n";
    echo "window.APT_OPTIONS = {\n";
    echo "  pageType: 'manage_profile',\n";
    echo "};\n";
    echo "</script>\n";
    
    SPITFOOTER();
}
211

212
#
213
# The user must be logged in.
214
#
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
if (!$this_user) {
    if (isset($formfields)) {
	$_SESSION["formfields"] = $formfields;
    }
    # HTTP_REFERER will not work reliably when redirecting so
    # pass in the URI for this page as an argument
    header("Location: login.php?referrer=".
	   urlencode($_SERVER['REQUEST_URI']));
    # Use exit because of the session. 
    exit();
}

#
# See what projects the user can do this in.
#
$projlist = $this_user->ProjectAccessList($TB_PROJECT_MAKEIMAGEID);
231
232

if (! isset($create)) {
233
234
    $errors = array();
    
235
236
237
238
239
240
    if (isset($_SESSION["formfields"])) {
	$defaults = $_SESSION["formfields"];
    }
    else {
	$defaults = array();
    }
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
    if (! (isset($projlist) && count($projlist))) {
	$errors["error"] =
	    "You do not appear to be a member of any projects in which ".
	    "you have permission to create new profiles";
    }
    SPITFORM($defaults, $errors);
    return;
}

#
# Otherwise, must validate and redisplay if errors
#
$errors = array();

#
# Quick check for required fields.
#
$required = array("pid", "name", "description");
		  
foreach ($required as $key) {
    if (!isset($formfields["profile_${key}"]) ||
	strcmp($formfields["profile_${key}"], "") == 0) {
	$errors["profile_${key}"] = "Missing Field";
    }
    elseif (! TBcheck_dbslot($formfields["profile_${key}"], "apt_profiles", $key,
			     TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR)) {
	$errors["profile_${key}"] = TBFieldErrorString();
    }
}

#
# The rspec has to be treated specially of course.
#
if (isset($_FILES['rspecfile']) &&
    $_FILES['rspecfile']['name'] != "" &&
    $_FILES['rspecfile']['name'] != "none") {

    $rspec = file_get_contents($_FILES['rspecfile']['tmp_name']);
    if (!$rspec) {
	$errors["rspecfile"] = "Could not process file";
    }
    elseif (! TBvalid_html_fulltext($rspec)) {
	$errors["rspecfile"] = TBFieldErrorString();	
    }
}
else {
    $errors["rspecfile"] = "Missing Field";
}

#
# Project has to exist. We need to know it for the SUEXEC call
# below. 
#
$project = Project::LookupByPid($formfields["profile_pid"]);
if (!$project) {
    $errors["profile_pid"] = "No such project";
}
298

299
300
301
# Present these errors before we call out to do anything else.
if (count($errors)) {
    SPITFORM($formfields, $errors);
302
303
304
305
    return;
}

#
306
307
308
# Pass to the backend as an XML data file. If this gets too complicated,
# we might eed to do all the checking in the backend and have it pass
# back the error set. 
309
#
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
# Generate a temporary file and write in the XML goo.
#
$xmlname = tempnam("/tmp", "newprofile");
if (! $xmlname) {
    TBERROR("Could not create temporary filename", 0);
    $errors["error"] = "Internal error; Could not create temp file";
}
elseif (! ($fp = fopen($xmlname, "w"))) {
    TBERROR("Could not open temp file $xmlname", 0);
    $errors["error"] = "Internal error; Could not open temp file";
}
else {
    fwrite($fp, "<profile>\n");
    fwrite($fp, "<attribute name='profile_pid'>");
    fwrite($fp, "  <value>" . $formfields["profile_pid"] . "</value>");
    fwrite($fp, "</attribute>\n");
    fwrite($fp, "<attribute name='profile_name'>");
    fwrite($fp, "  <value>" .
	   htmlspecialchars($formfields["profile_name"]) . "</value>");
    fwrite($fp, "</attribute>\n");
    fwrite($fp, "<attribute name='profile_description'>");
    fwrite($fp, "  <value>" .
	   htmlspecialchars($formfields["profile_description"]) . "</value>");
    fwrite($fp, "</attribute>\n");
    fwrite($fp, "<attribute name='rspec'>");
    fwrite($fp, "  <value>" . htmlspecialchars($rspec) . "</value>");
    fwrite($fp, "</attribute>\n");
    if (isset($formfields["profile_public"]) &&
	$formfields["profile_public"] == "checked") {
	fwrite($fp, "<attribute name='profile_public'>");
	fwrite($fp, "  <value>1</value>");
	fwrite($fp, "</attribute>\n");
342
    }
343
344
345
346
347
348
349
350
    fwrite($fp, "</profile>\n");
    fclose($fp);
    chmod($xmlname, 0666);
}
if (count($errors)) {
    unlink($xmlname);
    SPITFORM($formfields, $errors);
    return;
351
352
}

353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
#
# Call out to the backend.
#
$retval = SUEXEC($this_user->uid(), $project->unix_gid(),
		 "webmanage_profile $xmlname",
		 SUEXEC_ACTION_IGNORE);
if ($retval) {
    if ($retval < 0) {
	$errors["error"] = "Internal Error; please try again later.";
	SUEXECERROR(SUEXEC_ACTION_CONTINUE);
    }
    else {
	#
	# Decode simple XML that is returned. 
	#
	$parsed = simplexml_load_string($suexec_output);
	if (!$parsed) {
	    $errors["error"] = "Internal Error; please try again later.";
	    TBERROR("Could not parse XML output:\n$suexec_output\n", 0);
	}
	else {
	    foreach ($parsed->error as $error) {
		$errors[(string)$error['name']] = $error;
	    }
	}
    }
}
if (count($errors)) {
    unlink($xmlname);
    SPITFORM($formfields, $errors);
    return;
}
Leigh B Stoller's avatar
Leigh B Stoller committed
385
header("Location: $APTBASE/quickvm.php");
386
387

?>