modusr_process.php3 3.2 KB
Newer Older
1 2 3
<?php
include("defs.php3");

4 5 6 7 8
#
# Standard Testbed Header
#
PAGEHEADER("Modify User Information");

9 10 11 12 13 14 15 16 17 18
#
# First off, sanity check the form to make sure all the required fields
# were provided. I do this on a per field basis so that we can be
# informative. Be sure to correlate these checks with any changes made to
# the project form. Note that this sequence of  statements results in
# only the last bad field being displayed, but thats okay. The user will
# eventually figure out that fields marked with * mean something!
#
if (!isset($uid) ||
    strcmp($uid, "") == 0) {
19
  FORMERROR("Username");
20 21 22
}
if (!isset($usr_name) ||
    strcmp($usr_name, "") == 0) {
23
  FORMERROR("Full Name");
24 25 26
}
if (!isset($usr_email) ||
    strcmp($usr_email, "") == 0) {
27
  FORMERROR("Email Address");
28 29 30
}
if (!isset($usr_addr) ||
    strcmp($usr_addr, "") == 0) {
31
  FORMERROR("Mailing Address");
32 33 34
}
if (!isset($usr_phone) ||
    strcmp($usr_phone, "") == 0) {
35
  FORMERROR("Phone #");
36
}
37 38
if (!isset($usr_title) ||
    strcmp($usr_title, "") == 0) {
39
  FORMERROR("Title/Position");
40 41 42
}
if (!isset($usr_affil) ||
    strcmp($usr_affil, "") == 0) {
43
  FORMERROR("Institutional Affiliation");
44 45 46
}

#
47
# Only known and logged in users can modify info.
48
#
49
LOGGEDINORDIE($uid);
50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99

#
# Now see if the user is requesting to change the password. We do the usual
# checks to make sure the two fields agree and that it passes our tests for
# safe passwords.
#
if (isset($new_password1) && strcmp($new_password2, "")) {
    if (strcmp($new_password1, $new_password2)) {
	USERERROR("You typed different passwords in each of the two password ".
		  "entry fields. <br> Please go back and correct them.", 1);
    }

    $mypipe = popen(escapeshellcmd(
    "/usr/testbed/bin/checkpass $new_password1 $uid '$usr_name:$usr_email'"),
    "w+");
    if ($mypipe) { 
        $retval=fgets($mypipe, 1024);
        if (strcmp($retval,"ok\n") != 0) {
	    USERERROR("The password you have chosen will not work: ".
		      "<br><br>$retval<br>", 1);
        } 
    }
    else {
	TBERROR("TESTBED: checkpass failure\n".
               "$usr_name ($uid) just tried change his password\n".
               "but checkpass pipe did not open (returned '$mypipe').", 1);
    }

    #
    # Password is good. Insert into database.
    #
    $encoding = crypt("$new_password1");
    $insert_result  = mysql_db_query($TBDBNAME, 
		"UPDATE users SET usr_pswd=\"$encoding\" WHERE uid=\"$uid\"");

    if (! $insert_result) {
        $err = mysql_error();
        TBERROR("Database Error changing password for $uid: $err", 1);
    }
}

array_walk($HTTP_POST_VARS, 'addslashes');

#
# Now change the rest of the information.
#
$insert_result = mysql_db_query($TBDBNAME, 
	"UPDATE users SET ".
	"usr_name=\"$usr_name\",       ".
	"usr_email=\"$usr_email\",     ".
Leigh B. Stoller's avatar
Leigh B. Stoller committed
100
	"usr_URL=\"$usr_url\",         ".
101 102
	"usr_addr=\"$usr_addr\",       ".
	"usr_phone=\"$usr_phone\",     ".
103 104 105
	"usr_expires=\"$usr_expires\", ".
	"usr_title=\"$usr_title\",     ".
	"usr_affil=\"$usr_affil\"      ".
106 107 108 109 110 111 112 113 114 115 116
	"WHERE uid=\"$uid\"");

if (! $insert_result) {
    $err = mysql_error();
    TBERROR("Database Error changing user info for $uid: $err", 1);
}

?>
<center>
<br>
<br>
117
<h3>User information successfully modified!</h3><p>
118
</center>
119 120 121 122 123 124 125

<?php
#
# Standard Testbed Footer
# 
PAGEFOOTER();
?>