newproject.php3 39.2 KB
Newer Older
1
<?php
Leigh B. Stoller's avatar
Leigh B. Stoller committed
2
3
#
# EMULAB-COPYRIGHT
4
# Copyright (c) 2000-2003, 2005 University of Utah and the Flux Group.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
5
6
# All rights reserved.
#
7
8
include("defs.php3");

9
#
10
11
12
# No PAGEHEADER since we spit out a Location header later. See below.
# 

13
#
14
15
16
# Get current user.
# 
$uid = GETLOGIN();
17

18
19
20
21
22
#
# See if we are in an initial Emulab setup.
#
$FirstInitState = (TBGetFirstInitState() == "createproject");

23
#
24
25
26
# If a uid came in, then we check to see if the login is valid.
# If the login is not valid. We require that the user be logged in
# to start a second project.
27
#
28
if ($uid && !$FirstInitState) {
29
30
    # Allow unapproved users to create multiple projects ...
    # Must be verified though.
31
    LOGGEDINORDIE($uid, CHECKLOGIN_UNAPPROVED|CHECKLOGIN_WEBONLY);
32
33
    $proj_head_uid = $uid;
    $returning = 1;
34
}
35
36
37
38
39
else {
    #
    # No uid, so must be new.
    #
    $returning = 0;
40
}
41

Leigh B. Stoller's avatar
Leigh B. Stoller committed
42
43
44
$ACCOUNTWARNING =
    "Before continuing, please make sure your username " .
    "reflects your normal login name. ".
45
    "Emulab accounts are not to be shared amongst users!";
46

Leigh B. Stoller's avatar
Leigh B. Stoller committed
47
48
49
$EMAILWARNING =
    "Before continuing, please make sure the email address you have ".
    "provided is current and non-pseudonymic. Redirections and anonymous ".
50
51
    "email addresses are not allowed.";

52
53
54
55
56
#
# Spit the form out using the array of data. 
# 
function SPITFORM($formfields, $returning, $errors)
{
57
    global $TBDB_UIDLEN, $TBDB_PIDLEN, $TBDOCBASE, $WWWHOST;
58
    global $usr_keyfile, $FirstInitState;
59
    global $ACCOUNTWARNING, $EMAILWARNING;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
60
    global $WIKISUPPORT, $WIKIHOME;
61
    
62
    PAGEHEADER("Start a New Testbed Project");
63

64
65
66
67
68
69
70
71
72
73
74
    #
    # First initialization gets different text
    #
    if ($FirstInitState == "createproject") {
	echo "<center><font size=+1>
	      Please create your initial project.<br> A good Project Name
              for your first project is probably 'testbed', but you can
              choose anything you like.
              </font></center><br>\n";
    }
    else {
75
	echo "<center><font size=+1>
76
77
78
                 If you are a <font color=red>student
                 (undergrad or graduate)</font>, please
                 do not try to start a project! <br>Your advisor must do it.
79
                 <a href=docwrapper.php3?docname=auth.html target='_blank'>
80
                 Read this for more info.</a>
81
              </font></center><br>\n";
82
83
84
85
86
87
88
89

	if (! $returning) {
	    echo "<center><font size=+1>
                   If you already have an Emulab account,
                   <a href=login.php3?refer=1>
                   <font color=red>please log on first!</font></a>
                   </font></center><br>\n";
	}
90
91
    }

92
    if ($errors) {
Chad Barb's avatar
   
Chad Barb committed
93
94
	echo "<table class=nogrid
                     align=center border=0 cellpadding=6 cellspacing=0>
95
              <tr>
Chad Barb's avatar
   
Chad Barb committed
96
                 <th align=center colspan=2>
97
                   <font size=+1 color=red>
Chad Barb's avatar
   
Chad Barb committed
98
                      &nbsp;Oops, please fix the following errors!&nbsp;
99
100
101
102
103
104
                   </font>
                 </td>
              </tr>\n";

	while (list ($name, $message) = each ($errors)) {
	    echo "<tr>
Chad Barb's avatar
   
Chad Barb committed
105
106
107
108
                     <td align=right>
                       <font color=red>$name:&nbsp;</font></td>
                     <td align=left>
                       <font color=red>$message</font></td>
109
110
111
112
                  </tr>\n";
	}
	echo "</table><br>\n";
    }
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
    echo "<SCRIPT LANGUAGE=JavaScript>
              function SetWikiName(theform) 
              {
	          var validchars = 'abcdefghijklmnopqrstuvwxyz0123456789';
                  var usrname    = theform['formfields[usr_name]'].value;
                  var wikiname   = '';
                  var docap      = 1;

		  for (var i = 0; i < usrname.length; i++) {
                      var letter = usrname.charAt(i).toLowerCase();

                      if (validchars.indexOf(letter) == -1) {
                          if (letter == ' ') {
                              docap = 1;
                          }
                          continue;
                      }
                      else {
                          if (docap == 1) {
                              letter = usrname.charAt(i).toUpperCase()
                              docap  = 0;
                          }
                          wikiname = wikiname + letter;
                      }
                  }
                  theform['formfields[wikiname]'].value = wikiname;
              }
          </SCRIPT>\n";
141
142
143

    echo "<table align=center border=1> 
          <tr>
144
            <td align=center colspan=3>
Chad Barb's avatar
   
Chad Barb committed
145
                Fields marked with * are required.
146
147
148
            </td>
          </tr>\n

149
          <form enctype=multipart/form-data name=myform
Leigh B. Stoller's avatar
Leigh B. Stoller committed
150
                action=newproject.php3 method=post>\n";
151
152
153
154
155
156

    if (! $returning) {
        #
        # Start user information stuff. Presented for new users only.
        #
	echo "<tr>
Chad Barb's avatar
   
Chad Barb committed
157
                  <th colspan=3>
158
159
160
                      Project Head Information:&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp
                      <font size=-2>
                       (Prospective project leaders please read our
161
                       <a href='docwrapper.php3?docname=policies.html' target='_blank'>
162
                       Administrative Policies</a>)</font>
Chad Barb's avatar
   
Chad Barb committed
163
                  </th>
164
165
166
167
168
169
              </tr>\n";

        #
        # UserName:
        #
        echo "<tr>
170
171
172
173
                  <td colspan=2>*<a
                         href='docwrapper.php3?docname=security.html'
                         target=_blank>Username</a>
                            (alphanumeric, lowercase):</td>
174
175
176
177
178
                  <td class=left>
                      <input type=text
                             name=\"formfields[proj_head_uid]\"
                             value=\"" . $formfields[proj_head_uid] . "\"
	                     size=$TBDB_UIDLEN
179
                             onchange=\"alert('$ACCOUNTWARNING')\"
180
181
182
183
184
185
186
187
	                     maxlength=$TBDB_UIDLEN>
                  </td>
              </tr>\n";

	#
	# Full Name
	#
        echo "<tr>
188
                  <td colspan=2>*Full Name:</td>
189
190
191
192
                  <td class=left>
                      <input type=text
                             name=\"formfields[usr_name]\"
                             value=\"" . $formfields[usr_name] . "\"
193
                             onchange=\"SetWikiName(myform);\"
194
195
196
197
	                     size=30>
                  </td>
              </tr>\n";

198
199
200
201
202
203
	#
	# WikiName
	#
	if ($WIKISUPPORT) {
	    echo "<tr>
                      <td colspan=2>*
Leigh B. Stoller's avatar
Leigh B. Stoller committed
204
                          <a href=${WIKIHOME}/bin/view/TWiki/WikiName
205
206
207
208
209
210
211
212
213
                            target=_blank>WikiName</a>:<td class=left>
                          <input type=text
                                 name=\"formfields[wikiname]\"
                                 value=\"" . $formfields[wikiname] . "\"
	                         size=30>
                      </td>
                  </tr>\n";
	}

214
215
216
217
        #
	# Title/Position:
	# 
	echo "<tr>
218
                  <td colspan=2>*Title/Position:</td>
219
220
221
222
223
224
225
226
227
228
229
230
                  <td class=left>
                      <input type=text
                             name=\"formfields[usr_title]\"
                             value=\"" . $formfields[usr_title] . "\"
	                     size=30>
                  </td>
              </tr>\n";

        #
	# Affiliation:
	# 
	echo "<tr>
231
                  <td colspan=2>*Institutional<br>Affiliation:</td>
232
233
234
235
236
237
238
239
240
241
242
243
                  <td class=left>
                      <input type=text
                             name=\"formfields[usr_affil]\"
                             value=\"" . $formfields[usr_affil] . "\"
	                     size=40>
                  </td>
              </tr>\n";

	#
	# User URL
	#
	echo "<tr>
244
                  <td colspan=2>Home Page URL:</td>
245
246
247
248
249
250
251
252
253
254
255
256
                  <td class=left>
                      <input type=text
                             name=\"formfields[usr_URL]\"
                             value=\"" . $formfields[usr_URL] . "\"
	                     size=45>
                  </td>
              </tr>\n";

	#
	# Email:
	#
	echo "<tr>
257
                  <td colspan=2>*Email Address[<b>1</b>]:</td>
258
259
260
261
                  <td class=left>
                      <input type=text
                             name=\"formfields[usr_email]\"
                             value=\"" . $formfields[usr_email] . "\"
262
                             onchange=\"alert('$EMAILWARNING')\"
263
264
265
266
267
	                     size=30>
                  </td>
              </tr>\n";


Chad Barb's avatar
   
Chad Barb committed
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
	echo "<tr><td colspan=3>*Postal Address:<br /><center>
		<table>
		  <tr><td>Line 1</td><td colspan=3>
                    <input type=text
                           name=\"formfields[usr_addr]\"
                           value=\"" . $formfields[usr_addr] . "\"
	                   size=45></td></tr>
		  <tr><td>Line 2</td><td colspan=3>
                    <input type=text
                           name=\"formfields[usr_addr2]\"
                           value=\"" . $formfields[usr_addr2] . "\"
	                   size=45></td></tr>
		  <tr><td>City</td><td>
                    <input type=text
                           name=\"formfields[usr_city]\"
                           value=\"" . $formfields[usr_city] . "\"
	                   size=25></td>
		      <td>State/Province</td><td>
                    <input type=text
                           name=\"formfields[usr_state]\"
                           value=\"" . $formfields[usr_state] . "\"
	                   size=2></td></tr>
		  <tr><td>ZIP/Postal Code</td><td>
                    <input type=text
                           name=\"formfields[usr_zip]\"
                           value=\"" . $formfields[usr_zip] . "\"
	                   size=10></td>
		      <td>Country</td><td>
                    <input type=text
                           name=\"formfields[usr_country]\"
                           value=\"" . $formfields[usr_country] . "\"
	                   size=15></td></tr>
               </table></center></td></tr>";
301

302
303
304
305
	#
	# Phone
	#
	echo "<tr>
306
                  <td colspan=2>*Phone #:</td>
307
308
309
310
311
312
313
314
                  <td class=left>
                      <input type=text
                             name=\"formfields[usr_phone]\"
                             value=\"" . $formfields[usr_phone] . "\"
	                     size=15>
                  </td>
              </tr>\n";

315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
	#
	# SSH public key
	#
	echo "<tr>
                  <td rowspan><center>
                               Your SSH Pub Key: &nbsp<br>
                                    [<b>2</b>]
                              </center></td>

                  <td rowspan><center>Upload (1K max)[<b>3</b>]<br>
                                  <b>Or</b><br>
                                 Insert Key
                              </center></td>

                  <td rowspan>
                      <input type=hidden name=MAX_FILE_SIZE value=1024>
                      <input type=file
                             name=usr_keyfile
333
                             value=\"" . $_FILES['usr_keyfile']['name'] . "\"
334
335
336
337
338
	                     size=50>
                      <br>
                      <br>
	              <input type=text
                             name=\"formfields[usr_key]\"
339
                             value=\"$formfields[usr_key]\"
340
341
342
343
344
	                     size=50
	                     maxlength=1024>
                  </td>
              </tr>\n";

345
346
347
348
349
	#
	# Password. Note that we do not resend the password. User
	# must retype on error.
	#
	echo "<tr>
350
                  <td colspan=2>*Password[<b>1</b>]:</td>
351
352
353
354
355
356
357
                  <td class=left>
                      <input type=password
                             name=\"formfields[password1]\"
                             size=8></td>
              </tr>\n";

        echo "<tr>
358
                  <td colspan=2>*Retype Password:</td>
359
360
361
362
363
364
365
366
367
368
                  <td class=left>
                      <input type=password
                             name=\"formfields[password2]\"
                             size=8></td>
             </tr>\n";
    }

    #
    # Project information
    #
Chad Barb's avatar
   
Chad Barb committed
369
370
371
372
    echo "<tr><th colspan=3>
               Project Information: 
               <!-- <em>(replace the example entries)</em> -->
              </th>
373
374
375
376
377
378
          </tr>\n";

    #
    # Project Name:
    #
    echo "<tr>
379
              <td colspan=2>*Project Name (alphanumeric):</td>
380
381
382
383
384
385
386
387
388
389
390
391
              <td class=left>
                  <input type=text
                         name=\"formfields[pid]\"
                         value=\"" . $formfields[pid] . "\"
	                 size=$TBDB_PIDLEN maxlength=$TBDB_PIDLEN>
              </td>
          </tr>\n";

    #
    # Project Description:
    #
    echo "<tr>
392
              <td colspan=2>*Project Description:</td>
393
394
395
396
397
398
399
400
401
402
403
404
              <td class=left>
                  <input type=text
                         name=\"formfields[proj_name]\"
                         value=\"" . $formfields[proj_name] . "\"
	                 size=40>
              </td>
          </tr>\n";

    #
    # URL:
    #
    echo "<tr>
405
              <td colspan=2>*URL:</td>
406
407
408
409
410
411
412
413
414
415
416
417
              <td class=left>
                  <input type=text
                         name=\"formfields[proj_URL]\"
                         value=\"" . $formfields[proj_URL] . "\"
                         size=45>
              </td>
          </tr>\n";

    #
    # Publicly visible.
    #
    echo "<tr>
418
419
              <td colspan=2>*Can we list your project publicly as
                             an \"Emulab User?\":
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
                  <br>
                  (See our <a href=\"projectlist.php3\"
                              target=\"Users\">Users</a> page)
              </td>
              <td><input type=checkbox value=checked
                         name=\"formfields[proj_public]\"
                         " . $formfields[proj_public] . ">
                         Yes &nbsp
 	          <br>
                  *If \"No\" please tell us why not:<br>
                  <input type=text
                         name=\"formfields[proj_whynotpublic]\"
                         value=\"" . $formfields[proj_whynotpublic] . "\"
	                 size=45>
             </td>
      </tr>\n";

437
438
439
440
441
    #
    # Will you add a link?
    #
    echo "<tr>
              <td colspan=2>*Will you add a link on your project page
442
                             to <a href=\"$TBDOCBASE\" target='_blank'>$WWWHOST</a>?
443
444
445
446
447
448
449
450
              </td>
              <td><input type=checkbox value=checked
                         name=\"formfields[proj_linked]\"
                         " . $formfields[proj_linked] . ">
                         Yes &nbsp
              </td>
      </tr>\n";

451
452
453
454
    #
    # Funders/Grant numbers
    #
    echo "<tr>
455
              <td colspan=2>*Funding Sources and Grant Numbers:<br>
456
457
458
459
460
461
462
463
464
465
466
467
468
                  (Type \"none\" if not funded)</td>
              <td class=left>
                  <input type=text
                         name=\"formfields[proj_funders]\"
                         value=\"" . $formfields[proj_funders] . "\"
	                 size=45>
              </td>
          </tr>\n";

    #
    # Nodes and PCs and Users
    #
    echo "<tr>
469
              <td colspan=2>*Estimated #of Project Members:</td>
470
471
472
473
474
475
476
477
478
              <td class=left>
                  <input type=text
                         name=\"formfields[proj_members]\" 
                         value=\"" . $formfields[proj_members] . "\"
                         size=4>
              </td>
          </tr>\n";

    echo "<tr>
479
              <td colspan=2>*Estimated #of
480
        <a href=\"$TBDOCBASE/docwrapper.php3?docname=hardware.html#tbpcs\" target='_blank'>
481
                             PCs</a>:</td>
482
483
484
485
486
487
488
489
490
              <td class=left>
                  <input type=text
                         name=\"formfields[proj_pcs]\"
                         value=\"" . $formfields[proj_pcs] . "\"
                         size=4>
              </td>
          </tr>\n";

    echo "<tr>
491
              <td colspan=2>*Estimated #of
492
        <a href=\"$TBDOCBASE/docwrapper.php3?docname=widearea.html\" target='_blank'>
493
                             Planetlab PCs</a>:</td>
494
495
              <td class=left>
                  <input type=text
496
497
498
499
500
501
502
503
                         name=\"formfields[proj_plabpcs]\"
                         value=\"" . $formfields[proj_plabpcs] . "\"
                         size=4>
              </td>
          </tr>\n";

    echo "<tr>
              <td colspan=2>*Estimated #of
504
        <a href=\"$TBDOCBASE/docwrapper.php3?docname=widearea.html\" target='_blank'>
Leigh B. Stoller's avatar
Leigh B. Stoller committed
505
                             wide-area PCs</a>:</td>
506
507
508
509
              <td class=left>
                  <input type=text
                         name=\"formfields[proj_ronpcs]\"
                         value=\"" . $formfields[proj_ronpcs] . "\"
510
511
512
513
514
515
516
517
                         size=4>
              </td>
          </tr>\n";

    #
    # Why!
    # 
    echo "<tr>
518
              <td colspan=3>
519
520
521
522
               *Please describe how and why you'd like to use the testbed.
              </td>
          </tr>
          <tr>
523
              <td colspan=3 align=center class=left>
524
525
526
527
528
529
530
531
                  <textarea name=\"formfields[proj_why]\"
                    rows=10 cols=60>" .
	            ereg_replace("\r", "", $formfields[proj_why]) .
	            "</textarea>
              </td>
          </tr>\n";

    echo "<tr>
532
              <td colspan=3 align=center>
533
534
535
536
537
538
539
540
541
542
                 <b><input type=submit name=submit value=Submit></b>
              </td>
          </tr>\n";

    echo "</form>
          </table>\n";

    echo "<h4><blockquote><blockquote>
          <ol>
            <li> Please consult our
543
                 <a href = 'docwrapper.php3?docname=security.html' target='_blank'>
544
                 security policies</a> for information
545
546
547
548
                 regarding passwords and email addresses.\n";
    if (! $returning) {
	echo "<li> If you want us to use your existing ssh public key,
                   then either paste it in or specify the path to your
549
                   your identity.pub file. <font color=red>NOTE:</font>
550
                   We use the <a href=http://www.openssh.org target='_blank'>OpenSSH</a>
Leigh B. Stoller's avatar
Leigh B. Stoller committed
551
                   key format,
552
553
                   which has a slightly different protocol 2 public key format
                   than some of the commercial vendors such as
554
                   <a href=http://www.ssh.com target='_blank'>SSH Communications</a>. If you
555
556
557
558
                   use one of these commercial vendors, then please
                   upload the public  key file and we will convert it
                   for you. <i>Please do not paste it in.</i>\n

559
              <li> Note to <a href=http://www.opera.com target='_blank'><b>Opera 5</b></a>
560
561
562
563
564
                   users: The file upload mechanism is broken in Opera, so
                   you cannot specify a local file for upload. Instead,
                   please paste your public key in.\n";
    }
    echo "</ol>
565
566
          </blockquote></blockquote>
          </h4>\n";
567
}
568
569
570
571

#
# The conclusion of a newproject request. See below.
# 
572
if (isset($_GET['finished'])) {
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
    PAGEHEADER("Start a New Testbed Project");

    echo "<center><h2>
           Your project request has been successfully queued.
          </h2></center>
          Testbed Operations has been notified of your application.
          Most applications are reviewed within a day; some even within
          the hour, but sometimes as long as a week (rarely). We will notify
          you by e-mail when a decision has been made.\n";

    if (! $returning) {
	echo "<br>
              <p>
              In the meantime, as a new user of the Testbed you will receive
              a key via email.
              When you receive the message, please follow the instructions
              contained in the message on how to verify your account.\n";
    }
    PAGEFOOTER();
    return;
593
}
594
595
596
597

#
# On first load, display a virgin form and exit.
#
598
if (! isset($_POST['submit'])) {
599
600
601
    $defaults = array();
    $defaults[proj_URL] = "$HTTPTAG";
    $defaults[usr_URL] = "$HTTPTAG";
Chad Barb's avatar
   
Chad Barb committed
602
    $defaults[usr_country] = "USA";
603
604
    $defaults[proj_ronpcs]  = "0";
    $defaults[proj_plabpcs] = "0";
605
    $defaults[proj_public] = "checked";
606
    $defaults[proj_linked] = "checked";
607
608
609
610
611
612
613
614
615
616

    if ($FirstInitState == "createproject") {
	$defaults[pid]          = "testbed";
	$defaults[proj_pcs]     = "256";
	$defaults[proj_members] = "256";
	$defaults[proj_funders] = "none";
	$defaults[proj_name]    = "Your Testbed Project";
	$defaults[proj_why]     = "This project is used for testbed ".
	    "administrators to develop and test new software. ";
    }
617
618
619
620
    
    SPITFORM($defaults, $returning, 0);
    PAGEFOOTER();
    return;
621
}
622
623
624
else {
    # Form submitted. Make sure we have a formfields array and a target_uid.
    if (!isset($_POST['formfields']) ||
625
	!is_array($_POST['formfields'])) {
626
627
628
629
	PAGEARGERROR("Invalid form arguments.");
    }
    $formfields = $_POST['formfields'];
}
630
631
632
633
634
635
636
637
638
639
640
641
642
643

#
# Otherwise, must validate and redisplay if errors
#
$errors = array();

#
# These fields are required!
#
if (! $returning) {
    if (!isset($formfields[proj_head_uid]) ||
	strcmp($formfields[proj_head_uid], "") == 0) {
	$errors["Username"] = "Missing Field";
    }
644
645
    elseif (!TBvalid_uid($formfields[proj_head_uid])) {
	$errors["UserName"] = TBFieldErrorString();
646
    }
647
648
    elseif (TBCurrentUser($formfields[proj_head_uid]) ||
	    posix_getpwnam($formfields[proj_head_uid])) {
649
650
	$errors["UserName"] = "Already in use. Pick another";
    }
651
652
653
654
    if (!isset($formfields[usr_title]) ||
	strcmp($formfields[usr_title], "") == 0) {
	$errors["Title/Position"] = "Missing Field";
    }
655
656
657
    elseif (! TBvalid_title($formfields[usr_title])) {
	$errors["Title/Position"] = TBFieldErrorString();
    }
658
659
660
661
    if (!isset($formfields[usr_name]) ||
	strcmp($formfields[usr_name], "") == 0) {
	$errors["Full Name"] = "Missing Field";
    }
662
    elseif (! TBvalid_usrname($formfields[usr_name])) {
663
	$errors["Full Name"] = TBFieldErrorString();
664
    }
665
666
667
668
669
670
    # Make sure user name has at least two tokens!
    $tokens = preg_split("/[\s]+/", $formfields[usr_name],
			 -1, PREG_SPLIT_NO_EMPTY);
    if (count($tokens) < 2) {
	$errors["Full Name"] = "Please provide a first and last name";
    }
671
672
673
674
675
676
677
678
679
680
681
682
    if ($WIKISUPPORT) {
	if (!isset($formfields[wikiname]) ||
	    strcmp($formfields[wikiname], "") == 0) {
	    $errors["WikiName"] = "Missing Field";
	}
	elseif (! TBvalid_wikiname($formfields[wikiname])) {
	    $errors["WikiName"] = TBFieldErrorString();
	}
	elseif (TBCurrentWikiName($formfields[wikiname])) {
	    $errors["WikiName"] = "Already in use. Pick another";
	}
    }
683
684
685
686
    if (!isset($formfields[usr_affil]) ||
	strcmp($formfields[usr_affil], "") == 0) {
	$errors["Affiliation"] = "Missing Field";
    }
687
688
689
    elseif (! TBvalid_affiliation($formfields[usr_affil])) {
	$errors["Affiliation"] = TBFieldErrorString();
    }
690
691
692
693
    if (!isset($formfields[usr_email]) ||
	strcmp($formfields[usr_email], "") == 0) {
	$errors["Email Address"] = "Missing Field";
    }
694
    elseif (! TBvalid_email($formfields[usr_email])) {
695
	$errors["Email Address"] = TBFieldErrorString();
696
    }
697
698
699
700
701
702
703
704
705
706
    elseif (TBCurrentEmail($formfields[usr_email])) {
        #
        # Treat this error separate. Not allowed.
        #
	PAGEHEADER("Start a New Testbed Project");
	USERERROR("The email address '$formfields[usr_email]' is already in ".
		  "use by another user.<br>Perhaps you have ".
		  "<a href='password.php3?email=$formfields[usr_email]'>".
		  "forgotten your username.</a>", 1);
    }
707
708
709
710
711
712
713
714
    if (isset($formfields[usr_URL]) &&
	strcmp($formfields[usr_URL], "") &&
	strcmp($formfields[usr_URL], $HTTPTAG) &&
	! CHECKURL($formfields[usr_URL], $urlerror)) {
	$errors["Home Page URL"] = $urlerror;
    }
    if (!isset($formfields[usr_addr]) ||
	strcmp($formfields[usr_addr], "") == 0) {
715
716
717
718
719
720
721
722
723
	$errors["Address 1"] = "Missing Field";
    }
    elseif (! TBvalid_addr($formfields[usr_addr])) {
	$errors["Address 1"] = TBFieldErrorString();
    }
    # Optional
    if (isset($formfields[usr_addr2]) &&
	!TBvalid_addr($formfields[usr_addr2])) {
	$errors["Address 2"] = TBFieldErrorString();
724
    }
725
726
727
728
    if (!isset($formfields[usr_city]) ||
	strcmp($formfields[usr_city], "") == 0) {
	$errors["City"] = "Missing Field";
    }
729
730
731
    elseif (! TBvalid_city($formfields[usr_city])) {
	$errors["City"] = TBFieldErrorString();
    }
732
733
734
735
    if (!isset($formfields[usr_state]) ||
	strcmp($formfields[usr_state], "") == 0) {
	$errors["State"] = "Missing Field";
    }
736
737
738
    elseif (! TBvalid_state($formfields[usr_state])) {
	$errors["State"] = TBFieldErrorString();
    }
739
740
    if (!isset($formfields[usr_zip]) ||
	strcmp($formfields[usr_zip], "") == 0) {
Chad Barb's avatar
   
Chad Barb committed
741
742
	$errors["ZIP/Postal Code"] = "Missing Field";
    }
743
744
745
    elseif (! TBvalid_zip($formfields[usr_zip])) {
	$errors["Zip/Postal Code"] = TBFieldErrorString();
    }
Chad Barb's avatar
   
Chad Barb committed
746
747
748
    if (!isset($formfields[usr_country]) ||
	strcmp($formfields[usr_country], "") == 0) {
	$errors["Country"] = "Missing Field";
749
    }
750
751
752
    elseif (! TBvalid_country($formfields[usr_country])) {
	$errors["Country"] = TBFieldErrorString();
    }
753
754
755
756
    if (!isset($formfields[usr_phone]) ||
	strcmp($formfields[usr_phone], "") == 0) {
	$errors["Phone #"] = "Missing Field";
    }
757
    elseif (!TBvalid_phone($formfields[usr_phone])) {
758
	$errors["Phone #"] = TBFieldErrorString();
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
    }
    if (!isset($formfields[password1]) ||
	strcmp($formfields[password1], "") == 0) {
	$errors["Password"] = "Missing Field";
    }
    if (!isset($formfields[password2]) ||
	strcmp($formfields[password2], "") == 0) {
	$errors["Confirm Password"] = "Missing Field";
    }
    elseif (strcmp($formfields[password1], $formfields[password2])) {
	$errors["Confirm Password"] = "Does not match Password";
    }
    elseif (! CHECKPASSWORD($formfields[proj_head_uid],
			    $formfields[password1],
			    $formfields[usr_name],
			    $formfields[usr_email], $checkerror)) {
	$errors["Password"] = "$checkerror";
    }
777
}
778
779
780
781

if (!isset($formfields[pid]) ||
    strcmp($formfields[pid], "") == 0) {
    $errors["Project Name"] = "Missing Field";
782
}
783
else {
784
    if (!TBvalid_newpid($formfields[pid])) {
785
	$errors["Project Name"] = TBFieldErrorString();
786
787
788
789
790
    }
    elseif (TBValidProject($formfields[pid])) {
	$errors["Project Name"] =
	    "Already in use. Select another";
    }
791
}
792

793
794
795
if (!isset($formfields[proj_name]) ||
    strcmp($formfields[proj_name], "") == 0) {
    $errors["Project Description"] = "Missing Field";
796
}
797
798
799
elseif (! TBvalid_description($formfields[proj_name])) {
    $errors["Project Description"] = TBFieldErrorString();
}
800
801
802
803
if (!isset($formfields[proj_URL]) ||
    strcmp($formfields[proj_URL], "") == 0 ||
    strcmp($formfields[proj_URL], $HTTPTAG) == 0) {    
    $errors["Project URL"] = "Missing Field";
804
}
805
806
elseif (! CHECKURL($formfields[proj_URL], $urlerror)) {
    $errors["Project URL"] = $urlerror;
807
}
808
809
810
if (!isset($formfields[proj_funders]) ||
    strcmp($formfields[proj_funders], "") == 0) {
    $errors["Funding Sources"] = "Missing Field";
811
}
812
813
814
elseif (! TBvalid_description($formfields[proj_funders])) {
    $errors["Funding Sources"] = TBFieldErrorString();
}
815
816
817
if (!isset($formfields[proj_members]) ||
    strcmp($formfields[proj_members], "") == 0) {
    $errors["#of Members"] = "Missing Field";
818
}
819
820
elseif (! TBvalid_num_members($formfields[proj_members])) {
    $errors["#of Members"] = TBFieldErrorString();
821
}
822
823
824
if (!isset($formfields[proj_pcs]) ||
    strcmp($formfields[proj_pcs], "") == 0) {
    $errors["#of PCs"] = "Missing Field";
825
}
826
827
elseif (! TBvalid_num_pcs($formfields[proj_pcs])) {
    $errors["#of PCs"] = TBFieldErrorString();
828
}
829
830
831
832
if (!isset($formfields[proj_plabpcs]) ||
    strcmp($formfields[proj_plabpcs], "") == 0) {
    $errors["#of Planetlab PCs"] = "Missing Field";
}
833
834
elseif (! TBvalid_num_pcplab($formfields[proj_plabpcs])) {
    $errors["#of Planetlab PCs"] = TBFieldErrorString();
835
836
837
838
}
if (!isset($formfields[proj_ronpcs]) ||
    strcmp($formfields[proj_ronpcs], "") == 0) {
    $errors["#of RON PCs"] = "Missing Field";
839
}
840
841
elseif (! TBvalid_num_ron($formfields[proj_ronpcs])) {
    $errors["#of RON PCs"] = TBFieldErrorString();
842
}
843
844
if (!isset($formfields[proj_why]) ||
    strcmp($formfields[proj_why], "") == 0) {
845
    $errors["How and Why?"] = "Missing Field";
846
}
847
848
elseif (! TBvalid_why($formfields[proj_why])) {
    $errors["How and Why?"] = TBFieldErrorString();
849
}
850
851
852
853
854
if ((!isset($formfields[proj_public]) ||
     strcmp($formfields[proj_public], "checked")) &&
    (!isset($formfields[proj_whynotpublic]) ||
     strcmp($formfields[proj_whynotpublic], "") == 0)) {
    $errors["Why Not Public?"] = "Missing Field";
855
}
856
857
858
859
860
if (isset($formfields[proj_linked]) &&
    strcmp($formfields[proj_linked], "") &&
    strcmp($formfields[proj_linked], "checked")) {
    $errors["Link to Us"] = "Bad Value";
}
861

862
863
864
865
if (count($errors)) {
    SPITFORM($formfields, $returning, $errors);
    PAGEFOOTER();
    return;
866
867
}

868
869
#
# Certain of these values must be escaped or otherwise sanitized.
870
#
871
872
873
874
875
876
877
if (!$returning) {
    $proj_head_uid     = $formfields[proj_head_uid];
    $usr_title         = addslashes($formfields[usr_title]);
    $usr_name          = addslashes($formfields[usr_name]);
    $usr_affil         = addslashes($formfields[usr_affil]);
    $usr_email         = $formfields[usr_email];
    $usr_addr          = addslashes($formfields[usr_addr]);
878
879
880
    $usr_city          = addslashes($formfields[usr_city]);
    $usr_state         = addslashes($formfields[usr_state]);
    $usr_zip           = addslashes($formfields[usr_zip]);
Chad Barb's avatar
   
Chad Barb committed
881
    $usr_country       = addslashes($formfields[usr_country]);
882
883
884
    $usr_phone         = $formfields[usr_phone];
    $password1         = $formfields[password1];
    $password2         = $formfields[password2];
885
    $wikiname          = ($WIKISUPPORT ? $formfields[wikiname] : "");
886
    $usr_returning     = "No";
887
888
889
890
891
892
893

    if (! isset($formfields[usr_URL]) ||
	strcmp($formfields[usr_URL], "") == 0 ||
	strcmp($formfields[usr_URL], $HTTPTAG) == 0) {
	$usr_URL = "";
    }
    else {
894
	$usr_URL = addslashes($formfields[usr_URL]);
895
    }
896
    
897
898
899
900
901
902
903
    if (! isset($formfields[usr_addr2])) {
	$usr_addr2 = "";
    }
    else {
	$usr_addr2 = addslashes($formfields[usr_addr2]);
    }

904
    #
905
906
    # Pub Key.
    #
907
908
    if (isset($formfields[usr_key]) &&
	strcmp($formfields[usr_key], "")) {
909
        #
910
911
        # This is passed off to the shell, so taint check it.
        # 
912
913
914
915
	if (! preg_match("/^[-\w\s\.\@\+\/\=]*$/", $formfields[usr_key])) {
	    $errors["PubKey"] = "Invalid characters";
	}
	else {
916
917
918
919
920
921
922
            #
            # Replace any embedded newlines first.
            #
	    $formfields[usr_key] =
		ereg_replace("[\n]", "", $formfields[usr_key]);
	    $usr_key = $formfields[usr_key];
	    $addpubkeyargs = "-k $proj_head_uid '$usr_key' ";
923
	}
924
    }
925

926
927
928
    #
    # If usr provided a file for the key, it overrides the paste in text.
    #
929
930
931
932
933
    if (isset($_FILES['usr_keyfile']) &&
	$_FILES['usr_keyfile']['name'] != "" &&
	$_FILES['usr_keyfile']['name'] != "none") {

	$localfile = $_FILES['usr_keyfile']['tmp_name'];
934

935
	if (! stat($localfile)) {
936
	    $errors["PubKey File"] = "No such file";
937
	}
938
939
940
941
        # Taint check shell arguments always! 
	elseif (! preg_match("/^[-\w\.\/]*$/", $localfile)) {
	    $errors["PubKey File"] = "Invalid characters";
	}
942
943
	else {
	    $addpubkeyargs = "$proj_head_uid $usr_keyfile";
944
	    chmod($usr_keyfile, 0644);	
945
	}
946
947
948
949
950
    }
    #
    # Verify key format.
    #
    if (isset($addpubkeyargs) &&
951
	ADDPUBKEY($proj_head_uid, "webaddpubkey -n $addpubkeyargs")) {
952
953
954
955
956
957
958
	$errors["Pubkey Format"] = "Could not be parsed. Is it a public key?";
    }

    if (count($errors)) {
	SPITFORM($formfields, $returning, $errors);
	PAGEFOOTER();
	return;
959
    }
960
961
}
else {
962
963
964
965
966
967
968
969
970
971
972
973
974
    #
    # Grab info from the DB for the email message below. Kinda silly.
    #
    $query_result =
	DBQueryFatal("select * from users where uid='$proj_head_uid'");
    
    $row = mysql_fetch_array($query_result);
    
    $usr_title	   = $row[usr_title];
    $usr_name	   = $row[usr_name];
    $usr_affil	   = $row[usr_affil];
    $usr_email	   = $row[usr_email];
    $usr_addr	   = $row[usr_addr];
975
976
977
978
    $usr_addr2     = $row[usr_addr2];
    $usr_city	   = $row[usr_city];
    $usr_state	   = $row[usr_state];
    $usr_zip	   = $row[usr_zip];
Chad Barb's avatar
   
Chad Barb committed
979
    $usr_country   = $row[usr_country];
980
981
    $usr_phone	   = $row[usr_phone];
    $usr_URL       = $row[usr_URL];
982
    $wikiname      = $row[wikiname];
983
    $usr_returning = "Yes";
984
}
985
986
$pid               = $formfields[pid];
$proj_name	   = addslashes($formfields[proj_name]);
987
$proj_URL          = addslashes($formfields[proj_URL]);
988
989
990
991
$proj_funders      = addslashes($formfields[proj_funders]);
$proj_whynotpublic = addslashes($formfields[proj_whynotpublic]);
$proj_members      = $formfields[proj_members];
$proj_pcs          = $formfields[proj_pcs];
992
$proj_plabpcs      = $formfields[proj_plabpcs];
993
$proj_ronpcs       = $formfields[proj_ronpcs];
994
995
$proj_why	   = addslashes($formfields[proj_why]);
$proj_expires      = date("Y:m:d", time() + (86400 * 120));
996

997
998
999
1000
if (!isset($formfields[proj_public]) ||
    strcmp($formfields[proj_public], "checked")) {
    $proj_public = "No";
    $public = 0;
For faster browsing, not all history is shown. View entire blame