approveuser_form.php3 5.29 KB
Newer Older
1 2 3
<?php
include("defs.php3");

4 5 6 7 8
#
# Standard Testbed Header
#
PAGEHEADER("New Users Approval Form");

9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136
#
# Only known and logged in users can be verified.
#
$auth_usr = "";
if (ereg("php3\?([[:alnum:]]+)", $REQUEST_URI, $Vals)) {
    $auth_usr=$Vals[1];
    addslashes($auth_usr);
}
else {
    unset($auth_usr);
}
LOGGEDINORDIE($auth_usr);

echo "
      <h1>Approve new users in your Project</h1>
      Use this page to approve new members of your Project.  Once
      approved, they will be able to log into machines in your Project's
      experiments.
      <p> If you desire, you may set their trust/privilege
      levels to give them more or less access to your nodes:
      <ul>
        <li>Deny - Deny access to your project.
	<li>User - Can log into machines in your experiments.
	<li>Root - Granted root access on your project's machines;
                   can create new experiments.
      </ul>\n";

#
# Find all of the groups that this person has group_root in, and then in
# all of those groups, all of the people who are awaiting to be approved
# (status = none).
#
# First off, just determine if this person has group_root anywhere.
#
$query_result = mysql_db_query($TBDBNAME,
	"SELECT pid FROM proj_memb WHERE uid='$auth_usr' ".
                "and trust='group_root'");
if (! $query_result) {
    $err = mysql_error();
    TBERROR("Database Error getting project info for $auth_usr: $err\n", 1);
}
if (mysql_num_rows($query_result) == 0) {
    USERERROR("You do not have Project Root permissions in any Project.", 1);
}

#
# Okay, so this operation sucks out the right people by joining the
# proj_memb table with itself. Kinda obtuse if you are not a natural
# DB guy. Sorry. Well, obtuse to me.
# 
$query_result = mysql_db_query($TBDBNAME,
	"SELECT proj_memb.* ".
        "FROM proj_memb LEFT JOIN proj_memb as authed ".
        "ON proj_memb.pid=authed.pid and proj_memb.uid!='$auth_usr' ".
           "and proj_memb.trust='none' ".
        "WHERE authed.uid='$auth_usr' and authed.trust='group_root'");
if (! $query_result) {
    $err = mysql_error();
    TBERROR("Database Error getting approvable users for $auth_usr: $err\n",
             1);
}
if (mysql_num_rows($query_result) == 0) {
    USERERROR("You have no new project members who need approval.", 1);
}

#
# Now build a table with a bunch of selections. The thing to note about the
# form inside this table is that the selection fields are constructed with
# name= on the fly, from the uid of the user to be approved. In other words:
#
#             uid     menu     project
#	name=stoller$$approval-testbed value=approved,denied,postpone
#	name=stoller$$trust-testbed value=user,local_root
#
# so that we can go through the entire list of post variables, looking
# for these. The alternative is to work backwards, and I don't like that.
# 
echo "<table width=\"100%\" border=2 cellpadding=0 cellspacing=2
       align='center'>\n";

echo "<tr>
          <td rowspan=2>User</td>
          <td rowspan=2>Project</td>
          <td rowspan=2>Action</td>
          <td rowspan=2>Trust</td>
          <td>Name</td>
          <td>Title</td>
          <td>Affil</td>
          <td>E-mail</td>
          <td>Phone</td>
      </tr>
      <tr>
          <td>Addr</td>
          <td>Addr2</td>
          <td>City</td>
          <td>State</td>
          <td>Zip</td>
      </tr>\n";

echo "<form action='approveuser.php3?$auth_usr' method='post'>\n";

while ($usersrow = mysql_fetch_array($query_result)) {
    $newuid = $usersrow[uid];
    $pid    = $usersrow[pid];

    $userinfo_result = mysql_db_query($TBDBNAME,
	"SELECT * from users where uid=\"$newuid\"");

    $row	= mysql_fetch_array($userinfo_result);
    $name	= $row[usr_name];
    $email	= $row[usr_email];
    $title	= $row[usr_title];
    $affil	= $row[usr_affil];
    $addr	= $row[usr_addr];
    $addr2	= $row[usr_addr2];
    $city	= $row[usr_city];
    $state	= $row[usr_state];
    $zip	= $row[usr_zip];
    $phone	= $row[usr_phone];

    echo "<tr>
              <td colspan=9> </td>
          </tr>
          <tr>
              <td rowspan=2>$newuid</td>
              <td rowspan=2>$pid</td>
              <td rowspan=2>
                  <select name=\"$newuid\$\$approval-$pid\">
137
                          <option value='postpone'>Postpone</option>
138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167
                          <option value='approve'>Approve</option>
                          <option value='deny'>Deny</option>
                  </select>
              </td>
              <td rowspan=2>
                  <select name=\"$newuid\$\$trust-$pid\">
                          <option value='user'>User</option>
                          <option value='local_root'>Root</option>
                  </select>
              </td>\n";

    echo "    <td>&nbsp;$name&nbsp;</td>
              <td>&nbsp;$title&nbsp;</td>
              <td>&nbsp;$affil&nbsp;</td>
              <td>&nbsp;$email&nbsp;</td>
              <td>&nbsp;$phone&nbsp;</td>
          </tr>\n";
    echo "<tr>
              <td>&nbsp;$addr&nbsp;</td>
              <td>&nbsp;$addr2&nbsp;</td>
              <td>&nbsp;$city&nbsp;</td>
              <td>&nbsp;$state&nbsp;</td>
              <td>&nbsp;$zip&nbsp;</td>
          </tr>\n";
}
echo "<tr>
          <td align=center colspan=9>
              <b><input type='submit' value='Submit' name='OK'></td>
      </tr>
      </form>
168 169 170 171 172 173
      </table>\n";

#
# Standard Testbed Footer
# 
PAGEFOOTER();
174
?>