newproject.php3 28.5 KB
Newer Older
1
<?php
Leigh B. Stoller's avatar
Leigh B. Stoller committed
2
3
4
5
6
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2002 University of Utah and the Flux Group.
# All rights reserved.
#
7
8
include("defs.php3");

9
#
10
11
12
# No PAGEHEADER since we spit out a Location header later. See below.
# 

13
#
14
15
16
# Get current user.
# 
$uid = GETLOGIN();
17

18
#
19
20
21
# If a uid came in, then we check to see if the login is valid.
# If the login is not valid. We require that the user be logged in
# to start a second project.
22
#
23
if ($uid) {
24
25
26
    # Allow unapproved users to create multiple projects ...
    # Must be verified though.
    LOGGEDINORDIE($uid, CHECKLOGIN_UNAPPROVED);
27
28
    $proj_head_uid = $uid;
    $returning = 1;
29
}
30
31
32
33
34
else {
    #
    # No uid, so must be new.
    #
    $returning = 0;
35
}
36
37
38
39
40
41

#
# Spit the form out using the array of data. 
# 
function SPITFORM($formfields, $returning, $errors)
{
42
    global $TBDB_UIDLEN, $TBDB_PIDLEN, $TBDOCBASE, $WWWHOST;
43
    global $usr_keyfile;
44
45
46
47
48
49
50
51
52
53

    PAGEHEADER("Start a New Testbed Project");
    
    echo "<center><font size=+1>
             If you are a student
             <font color=red>(undergrad or graduate)</font>, please
             <a href=auth.html>read this first</a>!
          </font></center><br>\n";

    if ($errors) {
Chad Barb's avatar
   
Chad Barb committed
54
55
	echo "<table class=nogrid
                     align=center border=0 cellpadding=6 cellspacing=0>
56
              <tr>
Chad Barb's avatar
   
Chad Barb committed
57
                 <th align=center colspan=2>
58
                   <font size=+1 color=red>
Chad Barb's avatar
   
Chad Barb committed
59
                      &nbsp;Oops, please fix the following errors!&nbsp;
60
61
62
63
64
65
                   </font>
                 </td>
              </tr>\n";

	while (list ($name, $message) = each ($errors)) {
	    echo "<tr>
Chad Barb's avatar
   
Chad Barb committed
66
67
68
69
                     <td align=right>
                       <font color=red>$name:&nbsp;</font></td>
                     <td align=left>
                       <font color=red>$message</font></td>
70
71
72
73
74
75
76
                  </tr>\n";
	}
	echo "</table><br>\n";
    }

    echo "<table align=center border=1> 
          <tr>
77
            <td align=center colspan=3>
78
79
80
81
82
                Fields marked with * are required;
                those marked + are highly recommended.
            </td>
          </tr>\n

Leigh B. Stoller's avatar
Leigh B. Stoller committed
83
84
          <form enctype=multipart/form-data
                action=newproject.php3 method=post>\n";
85
86
87
88
89
90

    if (! $returning) {
        #
        # Start user information stuff. Presented for new users only.
        #
	echo "<tr>
Chad Barb's avatar
   
Chad Barb committed
91
92
93
                  <th colspan=3>
                      Project Head Information:
                  </th>
94
95
96
97
98
99
              </tr>\n";

        #
        # UserName:
        #
        echo "<tr>
100
                  <td colspan=2>*Username (no blanks, lowercase):</td>
101
102
103
104
105
106
107
108
109
110
111
112
113
                  <td class=left>
                      <input type=text
                             name=\"formfields[proj_head_uid]\"
                             value=\"" . $formfields[proj_head_uid] . "\"
	                     size=$TBDB_UIDLEN
	                     maxlength=$TBDB_UIDLEN>
                  </td>
              </tr>\n";

	#
	# Full Name
	#
        echo "<tr>
114
                  <td colspan=2>*Full Name:</td>
115
116
117
118
119
120
121
122
123
124
125
126
                  <td class=left>
                      <input type=text
                             name=\"formfields[usr_name]\"
                             value=\"" . $formfields[usr_name] . "\"
	                     size=30>
                  </td>
              </tr>\n";

        #
	# Title/Position:
	# 
	echo "<tr>
127
                  <td colspan=2>*Title/Position:</td>
128
129
130
131
132
133
134
135
136
137
138
139
                  <td class=left>
                      <input type=text
                             name=\"formfields[usr_title]\"
                             value=\"" . $formfields[usr_title] . "\"
	                     size=30>
                  </td>
              </tr>\n";

        #
	# Affiliation:
	# 
	echo "<tr>
140
                  <td colspan=2>*Institutional<br>Affiliation:</td>
141
142
143
144
145
146
147
148
149
150
151
152
                  <td class=left>
                      <input type=text
                             name=\"formfields[usr_affil]\"
                             value=\"" . $formfields[usr_affil] . "\"
	                     size=40>
                  </td>
              </tr>\n";

	#
	# User URL
	#
	echo "<tr>
153
                  <td colspan=2>Home Page URL:</td>
154
155
156
157
158
159
160
161
162
163
164
165
                  <td class=left>
                      <input type=text
                             name=\"formfields[usr_URL]\"
                             value=\"" . $formfields[usr_URL] . "\"
	                     size=45>
                  </td>
              </tr>\n";

	#
	# Email:
	#
	echo "<tr>
166
                  <td colspan=2>*Email Address[<b>1</b>]:</td>
167
168
169
170
171
172
173
174
175
176
177
178
                  <td class=left>
                      <input type=text
                             name=\"formfields[usr_email]\"
                             value=\"" . $formfields[usr_email] . "\"
	                     size=30>
                  </td>
              </tr>\n";

	#
	# Postal Address
	#
	echo "<tr>
179
                  <td colspan=2>*Postal Address:</td>
180
181
182
183
184
185
186
187
188
189
190
191
                  <td class=left>
                      <input type=text
                             name=\"formfields[usr_addr]\"
                             value=\"" . $formfields[usr_addr] . "\"
	                     size=40>
                  </td>
              </tr>\n";

	#
	# Phone
	#
	echo "<tr>
192
                  <td colspan=2>*Phone #:</td>
193
194
195
196
197
198
199
200
                  <td class=left>
                      <input type=text
                             name=\"formfields[usr_phone]\"
                             value=\"" . $formfields[usr_phone] . "\"
	                     size=15>
                  </td>
              </tr>\n";

201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
	#
	# SSH public key
	#
	echo "<tr>
                  <td rowspan><center>
                               Your SSH Pub Key: &nbsp<br>
                                    [<b>2</b>]
                              </center></td>

                  <td rowspan><center>Upload (1K max)[<b>3</b>]<br>
                                  <b>Or</b><br>
                                 Insert Key
                              </center></td>

                  <td rowspan>
                      <input type=hidden name=MAX_FILE_SIZE value=1024>
                      <input type=file
                             name=usr_keyfile
                             value=\"" . $usr_keyfile . "\"
	                     size=50>
                      <br>
                      <br>
	              <input type=text
                             name=\"formfields[usr_key]\"
225
                             value=\"$formfields[usr_key]\"
226
227
228
229
230
	                     size=50
	                     maxlength=1024>
                  </td>
              </tr>\n";

231
232
233
234
235
	#
	# Password. Note that we do not resend the password. User
	# must retype on error.
	#
	echo "<tr>
236
                  <td colspan=2>*Password[<b>1</b>]:</td>
237
238
239
240
241
242
243
                  <td class=left>
                      <input type=password
                             name=\"formfields[password1]\"
                             size=8></td>
              </tr>\n";

        echo "<tr>
244
                  <td colspan=2>*Retype Password:</td>
245
246
247
248
249
250
251
252
253
254
                  <td class=left>
                      <input type=password
                             name=\"formfields[password2]\"
                             size=8></td>
             </tr>\n";
    }

    #
    # Project information
    #
Chad Barb's avatar
   
Chad Barb committed
255
256
257
258
    echo "<tr><th colspan=3>
               Project Information: 
               <!-- <em>(replace the example entries)</em> -->
              </th>
259
260
261
262
263
264
          </tr>\n";

    #
    # Project Name:
    #
    echo "<tr>
265
              <td colspan=2>*Project Name (no blanks):</td>
266
267
268
269
270
271
272
273
274
275
276
277
              <td class=left>
                  <input type=text
                         name=\"formfields[pid]\"
                         value=\"" . $formfields[pid] . "\"
	                 size=$TBDB_PIDLEN maxlength=$TBDB_PIDLEN>
              </td>
          </tr>\n";

    #
    # Project Description:
    #
    echo "<tr>
278
              <td colspan=2>*Project Description:</td>
279
280
281
282
283
284
285
286
287
288
289
290
              <td class=left>
                  <input type=text
                         name=\"formfields[proj_name]\"
                         value=\"" . $formfields[proj_name] . "\"
	                 size=40>
              </td>
          </tr>\n";

    #
    # URL:
    #
    echo "<tr>
291
              <td colspan=2>*URL:</td>
292
293
294
295
296
297
298
299
300
301
302
303
              <td class=left>
                  <input type=text
                         name=\"formfields[proj_URL]\"
                         value=\"" . $formfields[proj_URL] . "\"
                         size=45>
              </td>
          </tr>\n";

    #
    # Publicly visible.
    #
    echo "<tr>
304
305
              <td colspan=2>*Can we list your project publicly as
                             an \"Emulab User?\":
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
                  <br>
                  (See our <a href=\"projectlist.php3\"
                              target=\"Users\">Users</a> page)
              </td>
              <td><input type=checkbox value=checked
                         name=\"formfields[proj_public]\"
                         " . $formfields[proj_public] . ">
                         Yes &nbsp
 	          <br>
                  *If \"No\" please tell us why not:<br>
                  <input type=text
                         name=\"formfields[proj_whynotpublic]\"
                         value=\"" . $formfields[proj_whynotpublic] . "\"
	                 size=45>
             </td>
      </tr>\n";

323
324
325
326
327
328
329
330
331
332
333
334
335
336
    #
    # Will you add a link?
    #
    echo "<tr>
              <td colspan=2>*Will you add a link on your project page
                             to <a href=\"$TBDOCBASE\">$WWWHOST</a>?
              </td>
              <td><input type=checkbox value=checked
                         name=\"formfields[proj_linked]\"
                         " . $formfields[proj_linked] . ">
                         Yes &nbsp
              </td>
      </tr>\n";

337
338
339
340
    #
    # Funders/Grant numbers
    #
    echo "<tr>
341
              <td colspan=2>*Funding Sources and Grant Numbers:<br>
342
343
344
345
346
347
348
349
350
351
352
353
354
                  (Type \"none\" if not funded)</td>
              <td class=left>
                  <input type=text
                         name=\"formfields[proj_funders]\"
                         value=\"" . $formfields[proj_funders] . "\"
	                 size=45>
              </td>
          </tr>\n";

    #
    # Nodes and PCs and Users
    #
    echo "<tr>
355
              <td colspan=2>*Estimated #of Project Members:</td>
356
357
358
359
360
361
362
363
364
              <td class=left>
                  <input type=text
                         name=\"formfields[proj_members]\" 
                         value=\"" . $formfields[proj_members] . "\"
                         size=4>
              </td>
          </tr>\n";

    echo "<tr>
365
366
367
              <td colspan=2>*Estimated #of
        <a href=\"$TBDOCBASE/docwrapper.php3?docname=hardware.html#tbpcs\">
                             PCs</a>:</td>
368
369
370
371
372
373
374
375
              <td class=left>
                  <input type=text
                         name=\"formfields[proj_pcs]\"
                         value=\"" . $formfields[proj_pcs] . "\"
                         size=4>
              </td>
          </tr>\n";

376
    if (0) {
377
    echo "<tr>
378
              <td colspan=2>*Estimated #of
379
380
        <a href=\"$TBDOCBASE/docwrapper.php3?docname=widearea.html\">
                             Planetlab PCs</a>:</td>
381
382
              <td class=left>
                  <input type=text
383
384
385
386
387
                         name=\"formfields[proj_plabpcs]\"
                         value=\"" . $formfields[proj_plabpcs] . "\"
                         size=4>
              </td>
          </tr>\n";
388
    }
389
390
391
392

    echo "<tr>
              <td colspan=2>*Estimated #of
        <a href=\"$TBDOCBASE/docwrapper.php3?docname=widearea.html\">
393
                             MIT Testbed PCs</a>:</td>
394
395
396
397
              <td class=left>
                  <input type=text
                         name=\"formfields[proj_ronpcs]\"
                         value=\"" . $formfields[proj_ronpcs] . "\"
398
399
400
401
402
403
404
405
                         size=4>
              </td>
          </tr>\n";

    #
    # Why!
    # 
    echo "<tr>
406
              <td colspan=3>
407
408
409
410
               *Please describe how and why you'd like to use the testbed.
              </td>
          </tr>
          <tr>
411
              <td colspan=3 align=center class=left>
412
413
414
415
416
417
418
419
                  <textarea name=\"formfields[proj_why]\"
                    rows=10 cols=60>" .
	            ereg_replace("\r", "", $formfields[proj_why]) .
	            "</textarea>
              </td>
          </tr>\n";

    echo "<tr>
420
              <td colspan=3 align=center>
421
422
423
424
425
426
427
428
429
430
431
432
                 <b><input type=submit name=submit value=Submit></b>
              </td>
          </tr>\n";

    echo "</form>
          </table>\n";

    echo "<h4><blockquote><blockquote>
          <ol>
            <li> Please consult our
                 <a href = 'docwrapper.php3?docname=security.html'>
                 security policies</a> for information
433
434
435
436
                 regarding passwords and email addresses.\n";
    if (! $returning) {
	echo "<li> If you want us to use your existing ssh public key,
                   then either paste it in or specify the path to your
437
438
439
440
441
442
443
444
445
                   your identity.pub file. <font color=red>NOTE:</font>
                   We use the <a href=www.openssh.org>OpenSSH</a> key format,
                   which has a slightly different protocol 2 public key format
                   than some of the commercial vendors such as
                   <a href=www.ssh.com>SSH Communications</a>. If you
                   use one of these commercial vendors, then please
                   upload the public  key file and we will convert it
                   for you. <i>Please do not paste it in.</i>\n

446
447
448
449
450
451
              <li> Note to <a href=http://www.opera.com><b>Opera 5</b></a>
                   users: The file upload mechanism is broken in Opera, so
                   you cannot specify a local file for upload. Instead,
                   please paste your public key in.\n";
    }
    echo "</ol>
452
453
          </blockquote></blockquote>
          </h4>\n";
454
}
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479

#
# The conclusion of a newproject request. See below.
# 
if (isset($finished)) {
    PAGEHEADER("Start a New Testbed Project");

    echo "<center><h2>
           Your project request has been successfully queued.
          </h2></center>
          Testbed Operations has been notified of your application.
          Most applications are reviewed within a day; some even within
          the hour, but sometimes as long as a week (rarely). We will notify
          you by e-mail when a decision has been made.\n";

    if (! $returning) {
	echo "<br>
              <p>
              In the meantime, as a new user of the Testbed you will receive
              a key via email.
              When you receive the message, please follow the instructions
              contained in the message on how to verify your account.\n";
    }
    PAGEFOOTER();
    return;
480
}
481
482
483
484
485
486
487
488

#
# On first load, display a virgin form and exit.
#
if (! isset($submit)) {
    $defaults = array();
    $defaults[proj_URL] = "$HTTPTAG";
    $defaults[usr_URL] = "$HTTPTAG";
489
490
    $defaults[proj_ronpcs]  = "0";
    $defaults[proj_plabpcs] = "0";
491
    $defaults[proj_public] = "checked";
492
    $defaults[proj_linked] = "checked";
493
494
495
496
    
    SPITFORM($defaults, $returning, 0);
    PAGEFOOTER();
    return;
497
}
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534

#
# Otherwise, must validate and redisplay if errors
#
$errors = array();

#
# These fields are required!
#
if (! $returning) {
    if (!isset($formfields[proj_head_uid]) ||
	strcmp($formfields[proj_head_uid], "") == 0) {
	$errors["Username"] = "Missing Field";
    }
    else {
	if (! ereg("^[a-zA-Z][-_a-zA-Z0-9]+$", $formfields[proj_head_uid])) {
	    $errors["UserName"] =
		"Must be lowercase alphanumeric only<br>".
		"and must begin with a lowercase alpha";
	}
	elseif (strlen($formfields[proj_head_uid]) > $TBDB_UIDLEN) {
	    $errors["UserName"] =
		"Too long! Must be less than or equal to $TBDB_UIDLEN";
	}
	elseif (TBCurrentUser($formfields[proj_head_uid])) {
	    $errors["UserName"] =
		"Already in use. Select another";
	}
    }
    if (!isset($formfields[usr_title]) ||
	strcmp($formfields[usr_title], "") == 0) {
	$errors["Title/Position"] = "Missing Field";
    }
    if (!isset($formfields[usr_name]) ||
	strcmp($formfields[usr_name], "") == 0) {
	$errors["Full Name"] = "Missing Field";
    }
535
536
537
    elseif (! preg_match("/^[-\w\. ]*$/", $formfields[usr_name])) {
	$errors["Full Name"] = "Invalid characters";
    }
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
    if (!isset($formfields[usr_affil]) ||
	strcmp($formfields[usr_affil], "") == 0) {
	$errors["Affiliation"] = "Missing Field";
    }
    if (!isset($formfields[usr_email]) ||
	strcmp($formfields[usr_email], "") == 0) {
	$errors["Email Address"] = "Missing Field";
    }
    else {
	$usr_email    = $formfields[usr_email];
	$email_domain = strstr($usr_email, "@");
    
	if (! $email_domain ||
	    strcmp($usr_email, $email_domain) == 0 ||
	    strlen($email_domain) <= 1 ||
	    ! strstr($email_domain, ".")) {
	    $errors["Email Address"] = "Looks invalid!";
	}
    }
    if (isset($formfields[usr_URL]) &&
	strcmp($formfields[usr_URL], "") &&
	strcmp($formfields[usr_URL], $HTTPTAG) &&
	! CHECKURL($formfields[usr_URL], $urlerror)) {
	$errors["Home Page URL"] = $urlerror;
    }
    if (!isset($formfields[usr_addr]) ||
	strcmp($formfields[usr_addr], "") == 0) {
	$errors["Postal Address"] = "Missing Field";
    }
    if (!isset($formfields[usr_phone]) ||
	strcmp($formfields[usr_phone], "") == 0) {
	$errors["Phone #"] = "Missing Field";
    }
571
    elseif (! ereg("^[\(]*[0-9][-\(\) 0-9ext]+$", $formfields[usr_phone])) {
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
	$errors["Phone"] = "Invalid characters";
    }
    if (!isset($formfields[password1]) ||
	strcmp($formfields[password1], "") == 0) {
	$errors["Password"] = "Missing Field";
    }
    if (!isset($formfields[password2]) ||
	strcmp($formfields[password2], "") == 0) {
	$errors["Confirm Password"] = "Missing Field";
    }
    elseif (strcmp($formfields[password1], $formfields[password2])) {
	$errors["Confirm Password"] = "Does not match Password";
    }
    elseif (! CHECKPASSWORD($formfields[proj_head_uid],
			    $formfields[password1],
			    $formfields[usr_name],
			    $formfields[usr_email], $checkerror)) {
	$errors["Password"] = "$checkerror";
    }
591
}
592
593
594
595

if (!isset($formfields[pid]) ||
    strcmp($formfields[pid], "") == 0) {
    $errors["Project Name"] = "Missing Field";
596
}
597
598
599
600
601
602
603
604
605
606
607
608
609
610
else {
    if (! ereg("^[a-zA-Z][-_a-zA-Z0-9]+$", $formfields[pid])) {
	$errors["Project Name"] =
	    "Must be alphanumeric (includes _ and -)<br>".
	    "and must begin with an alpha";
    }
    elseif (strlen($formfields[pid]) > $TBDB_PIDLEN) {
	$errors["Project Name"] =
	    "Too long! Must be less than or equal to $TBDB_PIDLEN";
    }
    elseif (TBValidProject($formfields[pid])) {
	$errors["Project Name"] =
	    "Already in use. Select another";
    }
611
}
612
613
614
if (!isset($formfields[proj_name]) ||
    strcmp($formfields[proj_name], "") == 0) {
    $errors["Project Description"] = "Missing Field";
615
}
616
617
618
619
if (!isset($formfields[proj_URL]) ||
    strcmp($formfields[proj_URL], "") == 0 ||
    strcmp($formfields[proj_URL], $HTTPTAG) == 0) {    
    $errors["Project URL"] = "Missing Field";
620
}
621
622
elseif (! CHECKURL($formfields[proj_URL], $urlerror)) {
    $errors["Project URL"] = $urlerror;
623
}
624
625
626
if (!isset($formfields[proj_funders]) ||
    strcmp($formfields[proj_funders], "") == 0) {
    $errors["Funding Sources"] = "Missing Field";
627
}
628
629
630
if (!isset($formfields[proj_members]) ||
    strcmp($formfields[proj_members], "") == 0) {
    $errors["#of Members"] = "Missing Field";
631
}
632
633
elseif (! ereg("^[0-9]+$", $formfields[proj_members])) {
    $errors["#of Members"] = "Must be numeric";
634
}
635
636
637
if (!isset($formfields[proj_pcs]) ||
    strcmp($formfields[proj_pcs], "") == 0) {
    $errors["#of PCs"] = "Missing Field";
638
}
639
640
elseif (! ereg("^[0-9]+$", $formfields[proj_pcs])) {
    $errors["#of PCs"] = "Must be numeric";
641

642
}
643
if (0) {
644
645
646
647
648
649
650
if (!isset($formfields[proj_plabpcs]) ||
    strcmp($formfields[proj_plabpcs], "") == 0) {
    $errors["#of Planetlab PCs"] = "Missing Field";
}
elseif (! ereg("^[0-9]+$", $formfields[proj_plabpcs])) {
    $errors["#of Planetlab PCs"] = "Must be numeric";
}
651
} 
652
653
654
if (!isset($formfields[proj_ronpcs]) ||
    strcmp($formfields[proj_ronpcs], "") == 0) {
    $errors["#of RON PCs"] = "Missing Field";
655
}
656
657
elseif (! ereg("^[0-9]+$", $formfields[proj_ronpcs])) {
    $errors["#of RON PCs"] = "Must be numeric";
658
}
659
660
661
if (!isset($formfields[proj_why]) ||
    strcmp($formfields[proj_why], "") == 0) {
    $errors["Why?"] = "Missing Field";
662
}
663
664
665
666
667
if ((!isset($formfields[proj_public]) ||
     strcmp($formfields[proj_public], "checked")) &&
    (!isset($formfields[proj_whynotpublic]) ||
     strcmp($formfields[proj_whynotpublic], "") == 0)) {
    $errors["Why Not Public?"] = "Missing Field";
668
}
669
670
671
672
673
if (isset($formfields[proj_linked]) &&
    strcmp($formfields[proj_linked], "") &&
    strcmp($formfields[proj_linked], "checked")) {
    $errors["Link to Us"] = "Bad Value";
}
674

675
676
677
678
if (count($errors)) {
    SPITFORM($formfields, $returning, $errors);
    PAGEFOOTER();
    return;
679
680
}

681
682
#
# Certain of these values must be escaped or otherwise sanitized.
683
#
684
685
686
687
688
689
690
691
692
693
if (!$returning) {
    $proj_head_uid     = $formfields[proj_head_uid];
    $usr_title         = addslashes($formfields[usr_title]);
    $usr_name          = addslashes($formfields[usr_name]);
    $usr_affil         = addslashes($formfields[usr_affil]);
    $usr_email         = $formfields[usr_email];
    $usr_addr          = addslashes($formfields[usr_addr]);
    $usr_phone         = $formfields[usr_phone];
    $password1         = $formfields[password1];
    $password2         = $formfields[password2];
694
    $usr_returning     = "No";
695
696
697
698
699
700
701
702
703

    if (! isset($formfields[usr_URL]) ||
	strcmp($formfields[usr_URL], "") == 0 ||
	strcmp($formfields[usr_URL], $HTTPTAG) == 0) {
	$usr_URL = "";
    }
    else {
	$usr_URL = $formfields[usr_URL];
    }
704
705
    
    #
706
707
    # Pub Key.
    #
708
709
    if (isset($formfields[usr_key]) &&
	strcmp($formfields[usr_key], "")) {
710
        #
711
712
        # This is passed off to the shell, so taint check it.
        # 
713
714
715
716
	if (! preg_match("/^[-\w\s\.\@\+\/\=]*$/", $formfields[usr_key])) {
	    $errors["PubKey"] = "Invalid characters";
	}
	else {
717
718
719
720
721
722
723
            #
            # Replace any embedded newlines first.
            #
	    $formfields[usr_key] =
		ereg_replace("[\n]", "", $formfields[usr_key]);
	    $usr_key = $formfields[usr_key];
	    $addpubkeyargs = "-k $proj_head_uid '$usr_key' ";
724
	}
725
    }
726

727
728
729
730
731
732
733
    #
    # If usr provided a file for the key, it overrides the paste in text.
    #
    if (isset($usr_keyfile) &&
	strcmp($usr_keyfile, "") &&
	strcmp($usr_keyfile, "none")) {

734
735
	if (! stat($usr_keyfile)) {
	    $errors["PubKey File"] = "No such file";
736
	}
737
738
739
	else {
	    $addpubkeyargs = "$proj_head_uid $usr_keyfile";
	    chmod($usr_keyfile, 0640);	
740
	}
741
742
743
744
745
746
747
748
749
750
751
752
753
    }
    #
    # Verify key format.
    #
    if (isset($addpubkeyargs) &&
	ADDPUBKEY("nobody", "webaddpubkey -n $addpubkeyargs")) {
	$errors["Pubkey Format"] = "Could not be parsed. Is it a public key?";
    }

    if (count($errors)) {
	SPITFORM($formfields, $returning, $errors);
	PAGEFOOTER();
	return;
754
    }
755
756
}
else {
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
    #
    # Grab info from the DB for the email message below. Kinda silly.
    #
    $query_result =
	DBQueryFatal("select * from users where uid='$proj_head_uid'");
    
    $row = mysql_fetch_array($query_result);
    
    $usr_title	   = $row[usr_title];
    $usr_name	   = $row[usr_name];
    $usr_affil	   = $row[usr_affil];
    $usr_email	   = $row[usr_email];
    $usr_addr	   = $row[usr_addr];
    $usr_phone	   = $row[usr_phone];
    $usr_URL       = $row[usr_URL];
    $usr_returning = "Yes";
773
}
774
775
776
777
778
779
780
$pid               = $formfields[pid];
$proj_name	   = addslashes($formfields[proj_name]);
$proj_URL          = $formfields[proj_URL];
$proj_funders      = addslashes($formfields[proj_funders]);
$proj_whynotpublic = addslashes($formfields[proj_whynotpublic]);
$proj_members      = $formfields[proj_members];
$proj_pcs          = $formfields[proj_pcs];
781
782
#$proj_plabpcs      = $formfields[proj_plabpcs];
$proj_plabpcs      = 0;
783
$proj_ronpcs       = $formfields[proj_ronpcs];
784
785
$proj_why	   = addslashes($formfields[proj_why]);
$proj_expires      = date("Y:m:d", time() + (86400 * 120));
786

787
788
789
790
791
792
793
794
if (!isset($formfields[proj_public]) ||
    strcmp($formfields[proj_public], "checked")) {
    $proj_public = "No";
    $public = 0;
}
else {
    $proj_public = "Yes";
    $public = 1;
795
}
796
797
798
799
800
801
802
if (!isset($formfields[proj_linked]) ||
    strcmp($formfields[proj_linked], "checked")) {
    $proj_linked = "No";
}
else {
    $proj_linked = "Yes";
}
803

804
#
805
# Check that we can guarantee uniqueness of the unix group name.
806
807
808
809
810
811
812
813
# 
$query_result =
    DBQueryFatal("select gid from groups where unix_name='$pid'");

if (mysql_num_rows($query_result)) {
    TBERROR("Could not form a unique Unix group name for $pid!", 1);
}

814
815
816
817
818
819
820
#
# For a new user:
# * Create a new account in the database.
# * Generate a mail message to the user with the verification key.
# 
if (! $returning) {
    $encoding = crypt("$password1");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
821

822
823
824
825
826
827
828
829
    #
    # Must be done before user record is inserted!
    # XXX Since, user does not exist, must run as nobody. Script checks. 
    # 
    if (isset($addpubkeyargs)) {
	ADDPUBKEY("nobody", "webaddpubkey $addpubkeyargs");
    }

830
831
832
    DBQueryFatal("INSERT INTO users ".
	 "(uid,usr_created,usr_expires,usr_name,usr_email,usr_addr,".
	 " usr_URL,usr_title,usr_affil,usr_phone,usr_pswd,unix_uid,".
833
	 " status,pswd_expires,usr_modified) ".
834
835
836
	 "VALUES ('$proj_head_uid', now(), '$proj_expires', '$usr_name', ".
	 "'$usr_email', '$usr_addr', '$usr_URL', '$usr_title', '$usr_affil', ".
	 "'$usr_phone', '$encoding', NULL, 'newuser', ".
837
	 "date_add(now(), interval 1 year), now())");
Leigh B. Stoller's avatar
Leigh B. Stoller committed
838

839
    $key = TBGenVerificationKey($proj_head_uid);
840

841
    TBMAIL("$usr_name '$proj_head_uid' <$usr_email>",
842
843
844
845
846
847
848
849
850
851
852
853
854
      "Your New User Key",
      "\n".
      "Dear $usr_name:\n\n".
      "This is your account verification key: $key\n\n".
      "Please use this link to verify your user account:\n".
      "\n".
      "    ${TBBASE}/login.php3?vuid=$proj_head_uid&key=$key\n".
      "\n".
      "You will then be verified as a user. When you have been both\n".
      "verified and approved by Testbed Operations, you will be marked\n".
      "as an active user and granted full access to your account.\n".
      "\n".
      "Thanks,\n".
855
      "Testbed Operations\n",
856
857
858
      "From: $TBMAIL_APPROVAL\n".
      "Bcc: $TBMAIL_AUDIT\n".
      "Errors-To: $TBMAIL_WWW");
859
860
861
862
}

#
# Now for the new Project
863
# * Create a new project in the database.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
864
865
# * Create a new default group for the project.
# * Create a new group_membership entry in the database, default trust=none.
866
# * Generate a mail message to testbed ops.
867
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
868
869
DBQueryFatal("INSERT INTO projects ".
	     "(pid, created, expires, name, URL, head_uid, ".
870
871
	     " num_members, num_pcs, why, funders, unix_gid, ".
	     " num_pcplab, num_ron, public, public_whynot)".
Leigh B. Stoller's avatar
Leigh B. Stoller committed
872
873
	     "VALUES ('$pid', now(), '$proj_expires','$proj_name', ".
	     "        '$proj_URL', '$proj_head_uid', '$proj_members', ".
874
875
876
	     "        '$proj_pcs', '$proj_why', ".
	     "        '$proj_funders', NULL, $proj_plabpcs, $proj_ronpcs, ".
	     "         $public, '$proj_whynotpublic')");
877

Leigh B. Stoller's avatar
Leigh B. Stoller committed
878
879
880
881
882
883
884
885
DBQueryFatal("INSERT INTO groups ".
	     "(pid, gid, leader, created, description, unix_gid, unix_name) ".
	     "VALUES ('$pid', '$pid', '$proj_head_uid', now(), ".
	     "        'Default Group', NULL, '$pid')");

DBQueryFatal("insert into group_membership ".
	     "(uid, gid, pid, trust, date_applied) ".
	     "values ('$proj_head_uid','$pid','$pid','none', now())");
886

887
888
#
# Grab the unix GID that was assigned.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
889
890
#
TBGroupUnixInfo($pid, $pid, $unix_gid, $unix_name);
891
892
893
894

#
# The mail message to the approval list.
# 
895
896
TBMAIL($TBMAIL_APPROVAL,
     "New Project '$pid' ($proj_head_uid)",
Leigh B. Stoller's avatar
Leigh B. Stoller committed
897
     "'$usr_name' wants to start project '$pid'.\n".
898
     "\n".
899
     "Name:            $usr_name ($proj_head_uid)\n".
900
     "Returning User?: $usr_returning\n".
901
     "Email:           $usr_email\n".
902
     "User URL:        $usr_URL\n".
903
     "Project:         $proj_name\n".
904
     "Expires:         $proj_expires\n".
905
906
907
     "Project URL:     $proj_URL\n".
     "Public URL:      $proj_public\n".
     "Why Not Public:  $proj_whynotpublic\n".
908
     "Link to Us?:     $proj_linked\n".
909
910
911
912
     "Funders:         $proj_funders\n".
     "Title:           $usr_title\n".
     "Affiliation:     $usr_affil\n".
     "Address:         $usr_addr\n".
913
     "Phone:           $usr_phone\n".
914
915
     "Members:         $proj_members\n".
     "PCs:             $proj_pcs\n".
916
917
     "Planetlab PCs:   $proj_plabpcs\n".
     "RON PCs:         $proj_ronpcs\n".
Leigh B. Stoller's avatar
Leigh B. Stoller committed
918
     "Unix GID:        $unix_name ($unix_gid)\n".
919
     "Reasons:\n$proj_why\n\n".
920
921
     "Please review the application and when you have made a decision,\n".
     "go to $TBWWW and\n".
922
     "select the 'Project Approval' page.\n\nThey are expecting a result ".
923
     "within 72 hours.\n", 
924
     "From: $usr_name '$proj_head_uid' <$usr_email>\n".
925
     "Reply-To: $TBMAIL_APPROVAL\n".
926
     "Errors-To: $TBMAIL_WWW");
927

928
#
929
930
931
# Spit out a redirect so that the history does not include a post
# in it. The back button skips over the post and to the form.
# See above for conclusion.
932
# 
933
934
header("Location: newproject.php3?finished=1");

935
?>