usradded.php3 8.1 KB
Newer Older
1
2
3
<?php
include("defs.php3");

4
5
6
7
8
#
# Standard Testbed Header
#
PAGEHEADER("Join a Project");

9
10
11
12
#
# First off, sanity check the form to make sure all the required fields
# were provided. I do this on a per field basis so that we can be
# informative. Be sure to correlate these checks with any changes made to
13
# the project form. 
14
15
16
#
if (!isset($uid) ||
    strcmp($uid, "") == 0) {
17
  FORMERROR("UserName");
18
19
20
}
if (!isset($usr_email) ||
    strcmp($usr_email, "") == 0) {
21
  FORMERROR("Email Address");
22
23
24
}
if (!isset($usr_name) ||
    strcmp($usr_name, "") == 0) {
25
  FORMERROR("Full Name");
26
}
27
28
if (!isset($pid) ||
    strcmp($pid, "") == 0) {
29
  FORMERROR("Project");
30
}
31
32
if (!isset($usr_affil) ||
    strcmp($usr_affil, "") == 0) {
33
  FORMERROR("Institutional Afilliation");
34
35
36
}
if (!isset($usr_title) ||
    strcmp($usr_title, "") == 0) {
37
  FORMERROR("Title/Position");
38
39
}

40
#
41
# Database limits
42
#
43
if (strlen($uid) > $TBDB_UIDLEN) {
44
45
46
47
    USERERROR("The name \"$uid\" is too long! ".
              "Please select another.", 1);
}

48
49
50
51
52
53
54
55
#
# Certain of these values must be escaped or otherwise sanitized.
#
$usr_name  = addslashes($usr_name);
$usr_affil = addslashes($usr_affil);
$usr_title = addslashes($usr_title);
$usr_addr  = addslashes($usr_addr);

56
#
57
# See if this is a new user or one returning.
58
#
59
60
61
62
63
$query_result = mysql_db_query($TBDBNAME,
	"SELECT usr_pswd FROM users WHERE uid=\"$uid\"");
if (! $query_result) {
    $err = mysql_error();
    TBERROR("Database Error retrieving info for $uid: $err\n", 1);
64
}
65
if (mysql_num_rows($query_result) > 0) {
66
67
    $returning = 1;
}
68
69
70
71
72
73
74
75
76
77
78
79
80
else {
    $returning = 0;
}

#
# If a user returning, then the login must be valid to continue any further.
# For a new user, the password must pass our tests.
#
if ($returning) {
    if (CHECKLOGIN($uid) != 1) {
        USERERROR("You are not logged in. Please log in and try again.", 1);
    }
}
81
82
else {
    if (strcmp($password1, $password2)) {
83
84
85
        USERERROR("You typed different passwords in each of the two password ".
                  "entry fields. <br> Please go back and correct them.",
                  1);
86
87
    }
    $mypipe = popen(escapeshellcmd(
88
    "$TBCHKPASS_PATH $password1 $uid '$usr_name:$usr_email'"),
89
90
91
92
    "w+");
    if ($mypipe) { 
        $retval=fgets($mypipe, 1024);
        if (strcmp($retval,"ok\n") != 0) {
93
94
            USERERROR("The password you have chosen will not work: ".
                      "<br><br>$retval<br>", 1);
95
96
97
        } 
    }
    else {
98
99
100
101
        TBERROR("TESTBED: checkpass failure\n".
                "\n$usr_name ($uid) just tried to set up a testbed ".
                "account,\n".
                "but checkpass pipe did not open (returned '$mypipe').", 1);
102
103
104
    }
}

105
106
107
108
109
110
#
# Lets verify the project name and quit early if the project is bogus.
# We could let things continue, resulting in a valid account but no
# project membership, but I don't like that.
# 
$query_result = mysql_db_query($TBDBNAME,
111
	"SELECT pid FROM projects WHERE pid=\"$pid\"");
112
113
114
115
116
117
118
if (! $query_result) {
    $err = mysql_error();
    TBERROR("Database Error retrieving info for $pid: $err\n", 1);
}
if (mysql_num_rows($query_result) == 0) {
    USERERROR("No such project $pid. Please go back and try again.", 1);
}
119
120
121
122
123
124
125
#
# XXX String compare to ensure case match. 
#
$row = mysql_fetch_row($query_result);
if (strcmp($row[0], $pid)) {
    USERERROR("No such project $pid. Please go back and try again.", 1);
}
126

127
128
129
130
131
132
133
134
135
136
137
#
# For a new user:
# * Create a new account in the database.
# * Add user email to the list of email address.
# * Generate a mail message to the user with the verification key.
#
if (! $returning) {
    $encoding = crypt("$password1");

    $newuser_command = "INSERT INTO users ".
	"(uid,usr_created,usr_expires,usr_name,usr_email,usr_addr,".
Leigh B. Stoller's avatar
Leigh B. Stoller committed
138
	"usr_URL,usr_phone,usr_title,usr_affil,usr_pswd,unix_uid,status) ".
139
	"VALUES ('$uid',now(),'$usr_expires','$usr_name','$usr_email',".
Leigh B. Stoller's avatar
Leigh B. Stoller committed
140
	"'$usr_addr', '$usr_url', '$usr_phone','$usr_title','$usr_affil',".
141
        "'$encoding',NULL,'newuser')";
142
143
144
145
146
147
148
149
    $newuser_result  = mysql_db_query($TBDBNAME, $newuser_command);
    if (! $newuser_result) {
        $err = mysql_error();
        TBERROR("Database Error adding adding new user $uid: $err\n", 1);
    }

    $key = GENKEY($uid);

150
    mail("$usr_name '$uid' <$usr_email>", "TESTBED: Your New User Key",
151
	 "\n".
152
         "Dear $usr_name ($uid):\n\n".
Leigh B. Stoller's avatar
Leigh B. Stoller committed
153
         "\tHere is your key to verify your account on the ".
154
         "Utah Network Testbed:\n\n".
155
156
157
158
         "\t\t$key\n\n".
         "Please return to $TBWWW and log in using\n".
	 "the user name and password you gave us when you applied. You will\n".
	 "then find an option on the menu called 'New User Verification'.\n".
159
	 "Select that option, and on that page enter your key.\n".
160
161
162
163
164
	 "You will then be verified as a user. When you have been both\n".
         "verified and approved by the head of the project, you will\n".
	 "be marked as an active user, and will be granted full access to\n".
  	 "your user account.\n\n".
         "Thanks,\n".
165
         "Testbed Ops\n".
166
167
         "Utah Network Testbed\n",
         "From: $TBMAIL_CONTROL\n".
168
         "Cc: $TBMAIL_CONTROL\n".
169
170
171
172
173
         "Errors-To: $TBMAIL_WWW");

    #
    # Generate some warm fuzzies.
    #
174
175
176
    echo "<center><h1>Adding new Testbed User!</h1></center>";

    echo "<p>As a new user of the Testbed, for
177
178
179
          security purposes, you will receive by e-mail a key. When you
          receive it, come back to the site, and log in. When you do, you
          will see a new menu option called 'New User Verification'. On
180
          that page, enter in your key
181
          exactly as you received it in your e-mail. You will then be
182
183
          marked as a verified user.
          <p>Once you have been both verified
184
          and approved, you will be classified as an active user, and will 
185
          be granted full access to your user account.";
186
187
188
189
190
191
}

#
# Don't try to join twice!
# 
$query_result = mysql_db_query($TBDBNAME,
192
	"select * from proj_memb where uid='$uid' and pid='$pid'");
193
194
if (mysql_num_rows($query_result) > 0) {
    die("<h3><br><br>".
195
        "You have already applied for membership in project: $pid.".
196
197
198
199
200
201
202
203
        "</h3>");
}

#
# Add to the project, but with trust=none. The project leader will have
# to upgrade the trust level, making the new user real.
#
$query_result = mysql_db_query($TBDBNAME,
204
205
	"insert into proj_memb (uid,pid,trust) ".
        "values ('$uid','$pid','none');");
206
207
if (! $query_result) {
    $err = mysql_error();
208
209
    TBERROR("Database Error adding adding user $uid to ".
            "project $pid: $err\n", 1);
210
211
212
213
214
215
216
}

#
# Generate an email message to the project leader. We have to get the
# email message out of the database, of course.
#
$query_result = mysql_db_query($TBDBNAME,
217
	"SELECT head_uid FROM projects WHERE pid='$pid'");
218
219
if (($row = mysql_fetch_row($query_result)) == 0) {
    $err = mysql_error();
220
221
    TBERROR("Database Error getting project leader for project $pid: $err\n",
             1);
222
}
223
$leader_uid = $row[0];
224
225

$query_result = mysql_db_query($TBDBNAME,
226
	"SELECT usr_name,usr_email FROM users WHERE uid='$leader_uid'");
227
228
if (($row = mysql_fetch_row($query_result)) == 0) {
    $err = mysql_error();
229
    TBERROR("Database Error getting email address for project leader ".
230
            "$leader_uid: $err\n", 1);
231
}
232
233
$leader_name = $row[0];
$leader_email = $row[1];
234

235
236
mail("$leader_name '$leader_uid' <$leader_email>",
     "TESTBED: $uid $pid Project Join Request",
237
     "\n$usr_name ($uid) is trying to join your project ($pid).\n".
238
239
240
241
242
243
244
     "$usr_name has the\n".
     "Testbed username $uid and email address $usr_email.\n$usr_name's ".
     "phone number is $usr_phone and address $usr_addr.\n\n".
     "Please return to $TBWWW\n".
     "log in, and select the 'New User Approval' page to enter your\n".
     "decision regarding $usr_name's membership in your project\n\n".
     "Thanks,\n".
245
     "Testbed Ops\n".
246
247
     "Utah Network Testbed\n",
     "From: $TBMAIL_CONTROL\n".
248
     "Cc: $TBMAIL_CONTROL\n".
249
250
251
252
253
     "Errors-To: $TBMAIL_WWW");

#
# Generate some warm fuzzies.
#
254
echo "<br>
255
      <p>The leader of project '$pid' has been notified of your application.
256
      He/She will make a decision and either approve or deny your application,
257
      and you will be notified as soon as a decision has been made.";
258
259
260
261
262

#
# Standard Testbed Footer
# 
PAGEFOOTER();
263
?>