toggle.php 3.3 KB
Newer Older
1
2
3
<?php
#
# EMULAB-COPYRIGHT
4
# Copyright (c) 2000-2003 University of Utah and the Flux Group.
5
6
7
8
9
10
11
12
13
14
15
# All rights reserved.
#
include("defs.php3");

#
# This page is a generic toggle page, like adminmode.php3, but more
# generalized. There are a set of things you can toggle, and each of
# those items has a permission check and a set (pair) of valid values.
#
# Usage: toggle.php?type=swappable&value=1&pid=foo&eid=bar
# (type & value are required, others are optional and vary by type)
16
17
18
19
20
21
22
#
# No PAGEHEADER since we spit out a Location header later. See below.
#
# Only known and logged in users can do this.
#
$uid = GETLOGIN();
LOGGEDINORDIE($uid);
23
24

# List of valid toggles
25
$toggles = array("adminoff", "webfreeze");
26
27

# list of valid values for each toggle
28
29
$values  = array("adminoff"  => array(0,1),
		 "webfreeze" => array(0,1));
30
31

# list of valid extra variables for the each toggle, and mandatory flag.
32
33
$optargs = array("adminoff"  => array("target_uid" => 0),
		 "webfreeze" => array("target_uid" => 1));
34
35
36
37
38
39
40
41
42

# Mandatory page arguments.
$type  = $_GET['type'];
$value = $_GET['value'];

# Pedantic page argument checking. Good practice!
if (!isset($type) || !isset($value)) {
    PAGEARGERROR();
}
43
44

if (! in_array($type, $toggles)) {
45
    PAGEARGERROR("There is no toggle for $type!");
46
47
}
if (! in_array($value, $values[$type])) {
48
49
50
51
52
53
54
55
56
57
58
59
60
61
    PAGEARGERROR("The value '$value' is illegal for the $type toggle!");
}

# Check optional args and bind locally.
while (list ($arg, $required) = each ($optargs[$type])) {
    if (!isset($_GET[$arg])) {
	if ($required)
	    PAGEARGERROR("Toggle '$type' requires argument '$arg'");
	else
	    unset($$arg);
    }
    else {
	$$arg = addslashes($_GET[$arg]);
    }
62
63
64
65
66
}

#
# Permissions checks, and do the toggle...
#
67
if ($type == "adminoff") {
68
    # must be admin
69
    # Do not check if they are admin mode (ISADMIN), check if they
70
71
    # have the power to change to admin mode!
    if (! ($CHECKLOGIN_STATUS & CHECKLOGIN_ISADMIN) ) {
72
73
74
	USERERROR("You do not have permission to toggle $type!", 1);
    }
    # Admins can change status for other users.
75
76
77
78
    if (!isset($target_uid))
	$target_uid = $uid;
    elseif (!TBCurrentUser($target_uid)) {
	    PAGEARGERROR("Target user '$target_uid' is not a valid user!");
79
    }
80
81
    DBQueryFatal("update users set adminoff='$value' where uid='$target_uid'");
}
82
83
84
85
86
87
88
89
90
91
92
93
94
elseif ($type == "webfreeze") {
    # must be admin
    # Do not check if they are admin mode (ISADMIN), check if they
    # have the power to change to admin mode!
    if (! ($CHECKLOGIN_STATUS & CHECKLOGIN_ISADMIN) ) {
	USERERROR("You do not have permission to toggle $type!", 1);
    }
    if (!TBCurrentUser($target_uid)) {
	PAGEARGERROR("Target user '$target_uid' is not a valid user!");
    }
    DBQueryFatal("update users set weblogin_frozen='$value' ".
		 "where uid='$target_uid'");
}
95
else {
96
97
98
99
100
101
    USERERROR("Nobody has permission to toggle $type!", 1);
}
    
#
# Spit out a redirect 
#
102
103
104
if (isset($HTTP_REFERER) && $HTTP_REFERER != "" &&
    strpos($HTTP_REFERER,$_SERVER[SCRIPT_NAME])===false) {
    # Make sure the referer isn't me!
105
106
107
    header("Location: $HTTP_REFERER");
}
else {
108
109
110
111
112
113
114
    if (isset($target_uid)) {
	header("Location: $TBBASE/showuser.php3?target_uid=$target_uid");
    } elseif (isset($pid) && isset($eid)) {
	header("Location: $TBBASE/showexp.php3?pid=$pid&eid=$eid");
    } else {
	header("Location: $TBBASE/showuser.php3");
    }
115
116
117
}

?>