instantiate.php 17.6 KB
Newer Older
Leigh B Stoller's avatar
Leigh B Stoller committed
1
2
<?php
#
3
# Copyright (c) 2000-2014 University of Utah and the Flux Group.
Leigh B Stoller's avatar
Leigh B Stoller committed
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
# 
# {{{EMULAB-LICENSE
# 
# This file is part of the Emulab network testbed software.
# 
# This file is free software: you can redistribute it and/or modify it
# under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at
# your option) any later version.
# 
# This file is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public
# License for more details.
# 
# You should have received a copy of the GNU Affero General Public License
# along with this file.  If not, see <http://www.gnu.org/licenses/>.
# 
# }}}
#
chdir("..");
include("defs.php3");
include_once("osinfo_defs.php");
include_once("geni_defs.php");
28
chdir("apt");
Leigh B Stoller's avatar
Leigh B Stoller committed
29
include("quickvm_sup.php");
Leigh B Stoller's avatar
Leigh B Stoller committed
30
include("instance_defs.php");
31
include("profile_defs.php");
Robert Ricci's avatar
Robert Ricci committed
32
$page_title = "Instantiate a Profile";
Leigh B Stoller's avatar
Leigh B Stoller committed
33
$dblink = GetDBLink("sa");
Leigh B Stoller's avatar
Leigh B Stoller committed
34

35
36
37
38
39
40
#
# Get current user but make sure coming in on SSL.
#
RedirectSecure();
$this_user = CheckLogin($check_status);

Leigh B Stoller's avatar
Leigh B Stoller committed
41
42
43
#
# Verify page arguments.
#
44
45
46
47
48
49
$optargs = OptionalPageArguments("create",        PAGEARG_STRING,
				 "profile",       PAGEARG_STRING,
				 "stuffing",      PAGEARG_STRING,
				 "verify",        PAGEARG_STRING,
				 "project",       PAGEARG_PROJECT,
				 "formfields",    PAGEARG_ARRAY,
Leigh B Stoller's avatar
Leigh B Stoller committed
50
51
52
53
54
55
56
57
58
				 "ajax_request",  PAGEARG_BOOLEAN,
				 "ajax_method",   PAGEARG_STRING,
				 "ajax_argument", PAGEARG_STRING);

#
# Deal with ajax requests.
#
if (isset($ajax_request)) {
    if ($ajax_method == "getprofile") {
59
60
61
62
63
64
65
66
	#
	# We require the UUID on this path, until proper permission
	# checks are done; too easy to guess an index.
	#
	if (!IsValidUUID($ajax_argument)) {
	    SPITAJAX_ERROR(1, "Not a valid UUID: $ajax_argument");
	    exit();
	}
67
68
69
	$obj = Profile::Lookup($ajax_argument);
	if (!$obj) {
	    SPITAJAX_ERROR(1, "No such profile $ajax_argument");
Leigh B Stoller's avatar
Leigh B Stoller committed
70
71
	    exit();
	}
72
73
74
75
76
77
	#
	# Need permission checks here.
	#
	SPITAJAX_RESPONSE(array('rspec'       => $obj->rspec(),
				'name'        => $obj->name(),
				'description' => $obj->description()));
Leigh B Stoller's avatar
Leigh B Stoller committed
78
79
    }
    exit();
80

Leigh B Stoller's avatar
Leigh B Stoller committed
81
}
Leigh B Stoller's avatar
Leigh B Stoller committed
82

Robert Ricci's avatar
Robert Ricci committed
83
$profile_default  = "OneVM";
Leigh B Stoller's avatar
Leigh B Stoller committed
84
$profile_array    = array();
Leigh B Stoller's avatar
Leigh B Stoller committed
85

86
87
88
89
#
# if using the super secret URL, make sure the profile exists, and
# add to the array now since it might not be public or belong to the user.
#
90
if (isset($profile)) {
91
92
93
94
95
96
97
98
99
100
101
102
103
104
    #
    # Guest users must use the uuid, but logged in users may use the
    # internal index.
    #
    if (! ($this_user || IsValidUUID($profile))) {
	SPITUSERERROR("Illegal profile for guest user: $profile");
	exit();
    }
    $obj = Profile::Lookup($profile);
    if (! $obj) {
	SPITUSERERROR("No such profile: $profile");
	exit();
    }
    if (IsValidUUID($profile)) {
105
106
107
108
	$profile_array[$profile] = $obj->name();
	$profilename = $obj->name();
    }
    else {
109
110
111
112
113
114
115
116
117
118
119
	#
	# Must be public or belong to user. 
	#
	if (! ($obj->ispublic() ||
	       $obj->creator_idx == $this_user->uid_idx())) {
	    SPITUSERERROR("No permission to use profile: $profile");
	    exit();
	}
	$profile = $obj->uuid();
	$profile_array[$profile] = $obj->name();
	$profilename = $obj->name();
120
    }
121
122
}

123
#
124
125
126
# Find all the public and user profiles. We use the UUID instead of
# indicies cause we do not want to leak internal DB state to guest
# users.
127
#
Leigh B Stoller's avatar
Leigh B Stoller committed
128
$query_result =
129
130
131
    DBQueryFatal("select * from apt_profiles ".
		 "where public=1 " .
		 ($this_user ? "or creator_idx=" . $this_user->uid_idx() : ""));
Leigh B Stoller's avatar
Leigh B Stoller committed
132
while ($row = mysql_fetch_array($query_result)) {
133
    $profile_array[$row["uuid"]] = $row["name"];
134
    if ($row["pid"] == $TBOPSPID && $row["name"] == $profile_default) {
135
	$profile_default = $row["uuid"];
136
    }
137
    if (isset($profile)) {
138
        # Look for the profile by project/name and switch to uuid.
139
140
141
	if (isset($project) &&
	    $row["pid"] == $project->pid() &&
	    $row["name"] == $profile) {
142
	    $profile = $row["uuid"];
143
	}
144
    }
Leigh B Stoller's avatar
Leigh B Stoller committed
145
}
Leigh B Stoller's avatar
Leigh B Stoller committed
146

147
function SPITFORM($formfields, $newuser, $errors)
Leigh B Stoller's avatar
Leigh B Stoller committed
148
149
{
    global $TBBASE, $TBMAIL_OPS;
150
    global $profile_array, $this_user, $profilename, $profile;
Leigh B Stoller's avatar
Leigh B Stoller committed
151

152
153
154
    # XSS prevention.
    while (list ($key, $val) = each ($formfields)) {
	$formfields[$key] = CleanString($val);
Leigh B Stoller's avatar
Leigh B Stoller committed
155
    }
156
    # XSS prevention.
Leigh B Stoller's avatar
Leigh B Stoller committed
157
    if ($errors) {
158
	while (list ($key, $val) = each ($errors)) {
159
160
161
162
163
	    # Skip internal error, we want the html in those errors
	    # ands we know it is safe.
	    if ($key == "error") {
		continue;
	    }
164
	    $errors[$key] = CleanString($val);
Leigh B Stoller's avatar
Leigh B Stoller committed
165
166
	}
    }
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181

    $formatter = function($field, $html) use ($errors) {
	$class = "form-group";
	if ($errors && array_key_exists($field, $errors)) {
	    $class .= " has-error";
	}
	echo "<div class='$class'>\n";
	echo "     $html\n";
	if ($errors && array_key_exists($field, $errors)) {
	    echo "<label class='control-label' for='inputError'>" .
		$errors[$field] . "</label>\n";
	}
	echo "</div>\n";
    };

Leigh B Stoller's avatar
Leigh B Stoller committed
182
    SPITHEADER(1);
Leigh B Stoller's avatar
Leigh B Stoller committed
183

184
    echo "<div class='row'>
Leigh B Stoller's avatar
Leigh B Stoller committed
185
          <div class='col-lg-6  col-lg-offset-3
186
                      col-md-6  col-md-offset-3
Leigh B Stoller's avatar
Leigh B Stoller committed
187
188
                      col-sm-8  col-sm-offset-2
                      col-xs-12 col-xs-offset-0'>\n";
Jonathon Duerig's avatar
Jonathon Duerig committed
189
190
191

    SpitAboutApt();

192
    echo "<form id='quickvm_form' role='form'
193
            enctype='multipart/form-data'
194
            method='post' action='instantiate.php'>\n";
195
196
197
    echo "<div class='panel panel-default'>
           <div class='panel-heading'>
              <h3 class='panel-title'>
198
199
200
201
202
              Run an Experiment";
    if (isset($profilename)) {
        echo " using profile &quot;$profilename&quot";
    }
    echo "</h3></div>
203
           <div class='panel-body'>\n";
204
205
206
207
208
    
    #
    # If linked to a specific profile, description goes here
    #
    if ($profile) {
209
        # Note: Following line is also duplicated below
210
211
212
213
        echo "  <span class='' style='display: inline-block; margin-bottom: 10px'
                      id='selected_profile_description'></span>\n";
    }

214
215
216
217
218
219
    echo "   <fieldset>\n";

    #
    # Look for non-specific error.
    #
    if ($errors && array_key_exists("error", $errors)) {
220
221
	echo "<font color=red><center>" . $errors["error"] .
	    "</center></font><br>";
222
    }
223
224
225
226

    #
    # Ask for user information
    #
227
228
229
230
231
232
233
234
235
236
237
238
    if (!isset($this_user)) {
	$formatter("username", 
		  "<input name=\"formfields[username]\"
		          value='" . $formfields["username"] . "'
                          class='form-control'
                          placeholder='Pick a user name'
                          autofocus type='text'>");
   
	$formatter("email", 
		  "<input name=\"formfields[email]\"
                          type='text'
                          value='" . $formfields["email"] . "'
239
                          class='form-control'
240
                          placeholder='Your email address' type='text'>");
Keith Downie's avatar
Keith Downie committed
241

242
243
244
245
246
	$formatter("keyfile",
		   "<span class='help-block'>
                     SSH Public Key (choose file or paste in)</span>".
		   "<input type=file name='keyfile'>");

247
248
	$formatter("sshkey", 
		  "<textarea name=\"formfields[sshkey]\" 
249
                             placeholder='Paste in your ssh public key.'
250
251
252
253
                             class='form-control'
                             rows=4 cols=45>" . $formfields["sshkey"] .
                  "</textarea>");
    }
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274

    #
    # Only print profile selection box if we weren't linked to a specific
    # profile
    #
    if (!isset($profile)) {
        echo "<div id='profile_well' class='form-group well well-md'>
                <span id='selected_profile_text' class='pull-left'>
                </span>
                <input id='selected_profile' type='hidden' 
                       name='formfields[profile]'/>
                  <button id='profile' class='btn btn-primary btn-xs pull-right' 
                         type='button' name='profile_button'>
                    Select a Profile
                  </button>\n";
        if ($errors && array_key_exists("profile", $errors)) {
            echo "<label class='control-label' for='inputError'>" .
                $errors["profile"] .
                " </label>\n";
        }
        echo " </div>\n";
275
        # Note: Following line is also duplicated above
276
277
        echo "  <span class=''
                      id='selected_profile_description'></span>\n";
278
    }
Leigh B Stoller's avatar
Leigh B Stoller committed
279
    else {
280
281
282
283
284
285
286
	echo "<input id='selected_profile' type='hidden'
                     name='formfields[profile]'
                     value='" . $formfields["profile"] . "'>\n";

	# Send the original argument for the initial array stuff above.
        # Needs more work.
	echo "<input type='hidden' name='profile' value='$profile'>\n";
Leigh B Stoller's avatar
Leigh B Stoller committed
287
    }
288
289
    echo "</fieldset>
           <button class='btn btn-success pull-right'
Keith Downie's avatar
Keith Downie committed
290
              type='submit' name='create'>Create!
291
292
           </button>
           <br> 
293
294
295
        </div>
        </div>
        </div>
Leigh B Stoller's avatar
Leigh B Stoller committed
296
        </div>\n";
297
298
    if (!isset($this_user)) {
	SpitVerifyModal("verify_modal", "Create");
299
    
300
301
302
303
304
305
306
307
	if ($newuser) {
	    if (is_string($newuser)) {
		$stuffing = $newuser;
	    }
	    else {
		$stuffing = substr(GENHASH(), 0, 16);
	    }
	    mail($formfields["email"],
308
		 "aptlab.net: Verification code for creating your experiment",
309
310
311
312
313
		 "Here is your user verification code. Please copy and\n".
		 "paste this code into the box on the experiment page.\n\n".
		 "      $stuffing\n",
		 "From: $TBMAIL_OPS");
	    echo "<input type='hidden' name='stuffing' value='$stuffing' />";
Leigh B Stoller's avatar
Leigh B Stoller committed
314
315
316
317
	}
    }
    echo "</form>\n";

318
    SpitTopologyViewModal("quickvm_topomodal", $profile_array);
Keith Downie's avatar
Keith Downie committed
319

320
    echo "<script type='text/javascript'>\n";
321
    echo "    window.PROFILE = '" . $formfields["profile"] . "';\n";
322
323
324
325
    if ($newuser) {
	echo "window.APT_OPTIONS.isNewUser = true;\n";
    }
    echo "</script>\n";
326
    echo "<script src='js/lib/require.js' data-main='js/instantiate'></script>";
Leigh B Stoller's avatar
Leigh B Stoller committed
327
328
329
}

if (!isset($create)) {
330
331
332
333
334
335
    $defaults = array();
    $defaults["username"] = "";
    $defaults["email"]    = "";
    $defaults["sshkey"]   = "";
    $defaults["profile"]  = (isset($profile) ? $profile : $profile_default);
	
336
    # 
337
    # Look for current user or cookie that tells us who the user is. 
338
    #
339
    if ($this_user) {
340
341
	$defaults["username"] = $this_user->uid();
	$defaults["email"]    = $this_user->email();
342
343
    }
    elseif (isset($_COOKIE['quickvm_user'])) {
Leigh B Stoller's avatar
Leigh B Stoller committed
344
345
346
347
348
349
	$geniuser = GeniUser::Lookup("sa", $_COOKIE['quickvm_user']);
	if ($geniuser) {
	    #
	    # Look for existing quickvm. User not allowed to create
	    # another one.
	    #
Leigh B Stoller's avatar
Leigh B Stoller committed
350
351
352
	    $instance = Instance::LookupByCreator($geniuser->uuid());
	    if ($instance && $instance->status() != "terminating") {
		header("Location: status.php?uuid=" . $instance->uuid());
Leigh B Stoller's avatar
Leigh B Stoller committed
353
354
		return;
	    }
355
356
357
	    $defaults["username"] = $geniuser->name();
	    $defaults["email"]    = $geniuser->email();
	    $defaults["sshkey"]   = $geniuser->SSHKey();
Leigh B Stoller's avatar
Leigh B Stoller committed
358
359
	}
    }
360
    SPITFORM($defaults, false, array());
Leigh B Stoller's avatar
Leigh B Stoller committed
361
362
363
364
365
366
367
368
369
    SPITFOOTER();
    return;
}
#
# Otherwise, must validate and redisplay if errors
#
$errors = array();
$args   = array();

370
371
372
373
if (!$this_user) {
    #
    # These check do not matter for a logged in user; we ignore the values.
    #
374
    if (!isset($formfields["email"]) || $formfields["email"] == "") {
375
376
	$errors["email"] = "Missing Field";
    }
377
    elseif (! TBvalid_email($formfields["email"])) {
378
379
	$errors["email"] = TBFieldErrorString();
    }
380
    if (!isset($formfields["username"]) || $formfields["username"] == "") {
381
382
	$errors["username"] = "Missing Field";
    }
383
    elseif (! TBvalid_uid($formfields["username"])) {
384
385
	$errors["username"] = TBFieldErrorString();
    }
386
    elseif (User::LookupByUid($formfields["username"])) {
387
388
389
        # Do not allow uid overlap with real users.
	$errors["username"] = "Already in use";
    }
Leigh B Stoller's avatar
Leigh B Stoller committed
390
}
391
if (!isset($formfields["profile"]) || $formfields["profile"] == "") {
Leigh B Stoller's avatar
Leigh B Stoller committed
392
    $errors["profile"] = "No selection made";
Leigh B Stoller's avatar
Leigh B Stoller committed
393
}
394
395
elseif (! array_key_exists($formfields["profile"], $profile_array)) {
    $errors["profile"] = "Invalid Profile: " . $formfields["profile"];
Leigh B Stoller's avatar
Leigh B Stoller committed
396
397
398
399
400
}

#
# More sanity checks. 
#
401
402
403
404
405
406
407
408
409
if ($this_user) {
    if (! $this_user->HasEncryptedCert(1)) {
	$url = CreateURL("gensslcert", $this_user);
    
	$errors["error"] = "Oops, registered Emulab users must create a ".
	    "<a href='$TBBASE/$url'>ssl certificate</a> first";
    }
}
else {
410
    $geniuser = GeniUser::LookupByEmail("sa", $formfields["email"]);
411
    if ($geniuser) {
412
	if ($geniuser->name() != $formfields["username"]) {    
413
414
415
	    $errors["email"] = "Already in use by another user";
	    unset($geniuser);
	}
Leigh B Stoller's avatar
Leigh B Stoller committed
416
417
    }
}
418
419
420
421
422
423
424

if (count($errors)) {
    SPITFORM($formfields, false, $errors);
    SPITFOOTER();
    return;
}

425
426
#
# SSH keys are now optional for guest users; they just have to
427
428
429
430
# use the web based ssh window.
#
# Backend verifies pubkey and returns error. We first look for a 
# file and then fall back to an inline field.
431
#
432
433
434
435
436
437
438
439
if (isset($_FILES['keyfile']) &&
    $_FILES['keyfile']['name'] != "" &&
    $_FILES['keyfile']['name'] != "none") {

    $localfile = $_FILES['keyfile']['tmp_name'];
    $args["sshkey"] = file_get_contents($localfile);
}
elseif (isset($formfields["sshkey"]) && $formfields["sshkey"] != "") {
440
    $args["sshkey"] = $formfields["sshkey"];
Leigh B Stoller's avatar
Leigh B Stoller committed
441
442
443
}

if (count($errors)) {
444
    SPITFORM($formfields, false, $errors);
Leigh B Stoller's avatar
Leigh B Stoller committed
445
446
447
    SPITFOOTER();
    return;
}
448
# Silently ignore the form for a logged in user. 
449
450
451
$args["username"] = ($this_user ? $this_user->uid() : $formfields["username"]);
$args["email"]    = ($this_user ? $this_user->email() : $formfields["email"]);
$args["profile"]  = $formfields["profile"];
Leigh B Stoller's avatar
Leigh B Stoller committed
452
453
454
455
456

#
# See if user exists and is verified. We send email with a code, which
# they have to paste back into a box we add to the form. See above.
#
Leigh B Stoller's avatar
Leigh B Stoller committed
457
458
459
460
461
# We also get here if the user exists, but the browser did not have
# the tokens, as will happen if switching to another browser. We
# force the user to repeat the verification with the same code we
# have stored in the DB.
#
462
463
464
if (!$this_user &&
    (!$geniuser || !isset($_COOKIE['quickvm_authkey']) ||
     $_COOKIE['quickvm_authkey'] != $geniuser->auth_token())) {
Leigh B Stoller's avatar
Leigh B Stoller committed
465
466
    if (isset($stuffing) && $stuffing != "") {
	if (! (isset($verify) && $verify == $stuffing)) {
467
	    SPITFORM($formfields, $stuffing, $errors);
Leigh B Stoller's avatar
Leigh B Stoller committed
468
469
470
	    SPITFOOTER();
	    return;
	}
Leigh B Stoller's avatar
Leigh B Stoller committed
471
472
473
474
475
	#
	# If this is an existing user and they give us the right code,
	# we can check again for an existing VM and redirect to the
	# status page, like we do above.
	#
476
	if ($geniuser) {
Leigh B Stoller's avatar
Leigh B Stoller committed
477
478
479
	    $instance = Instance::LookupByCreator($geniuser->uuid());
	    if ($instance && $instance->status() != "terminating") {
		header("Location: status.php?uuid=" . $instance->uuid());
Leigh B Stoller's avatar
Leigh B Stoller committed
480
481
482
		return;
	    }
	}
Leigh B Stoller's avatar
Leigh B Stoller committed
483
484
485
486
	# Pass to backend to save in user object.
	$args["auth_token"] = $stuffing;
    }
    else {
Leigh B Stoller's avatar
Leigh B Stoller committed
487
488
	# Existing user, use existing auth token.
	# New user, we create a new one.
489
	$token = ($geniuser ? $geniuser->auth_token() : true);
Leigh B Stoller's avatar
Leigh B Stoller committed
490

491
	SPITFORM($formfields, $token, $errors);
Leigh B Stoller's avatar
Leigh B Stoller committed
492
493
494
495
496
	SPITFOOTER();
	return;
    }
}

Leigh B Stoller's avatar
Leigh B Stoller committed
497
#
Leigh B Stoller's avatar
Leigh B Stoller committed
498
# This is so we can look up the slice after the backend creates it.
Leigh B Stoller's avatar
Leigh B Stoller committed
499
500
501
# We tell the backend what uuid to use.
#
$quickvm_uuid = NewUUID();
Leigh B Stoller's avatar
Leigh B Stoller committed
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526

#
# Generate a temporary file and write in the XML goo. 
#
$xmlname = tempnam("/tmp", "quickvm");
if (! $xmlname) {
    TBERROR("Could not create temporary filename", 0);
    $errors["internal"] = "Transient error(1); please try again later.";
}
elseif (! ($fp = fopen($xmlname, "w"))) {
    TBERROR("Could not open temp file $xmlname", 0);
    $errors["internal"] = "Transient error(2); please try again later.";
}
else {
    fwrite($fp, "<quickvm>\n");
    foreach ($args as $name => $value) {
	fwrite($fp, "<attribute name=\"$name\">");
	fwrite($fp, "  <value>" . htmlspecialchars($value) . "</value>");
	fwrite($fp, "</attribute>\n");
    }
    fwrite($fp, "</quickvm>\n");
    fclose($fp);
    chmod($xmlname, 0666);
}
if (count($errors)) {
527
    SPITFORM($formfields, false, $errors);
Leigh B Stoller's avatar
Leigh B Stoller committed
528
529
530
531
532
533
534
535
536
537
538
    SPITFOOTER();
    return;
}

#
# Invoke the backend. This will create the user and the slice record
# in the SA database, and then fork off in the background. If the
# first part works, we can return to the user and use some nifty ajax
# and javascript to watch for progress. We use a cookie that holds
# the slice uuid so that the JS code can ask about it.
#
539
540
# This option is used to tell the backend that it is okay to look
# in the emulab users table.
Leigh B Stoller's avatar
Leigh B Stoller committed
541
#
542
543
$opt = ($this_user ? "-l" : "");

Leigh B Stoller's avatar
Leigh B Stoller committed
544
545
$retval = SUEXEC("nobody", "nobody",
		 "webquickvm $opt -u $quickvm_uuid $xmlname",
Leigh B Stoller's avatar
Leigh B Stoller committed
546
		 SUEXEC_ACTION_CONTINUE);
Leigh B Stoller's avatar
Leigh B Stoller committed
547
548
549

if ($retval != 0) {
    if ($retval < 0) {
550
	$errors["error"] = "Transient error(3); please try again later.";
Leigh B Stoller's avatar
Leigh B Stoller committed
551
552
553
554
    }
    else {
	if (count($suexec_output_array)) {
	    $line = $suexec_output_array[$i];
555
	    $errors["error"] = $line;
Leigh B Stoller's avatar
Leigh B Stoller committed
556
557
	}
	else {
558
	    $errors["error"] = "Transient error(4); please try again later.";
Leigh B Stoller's avatar
Leigh B Stoller committed
559
560
	}
    }
561
    SPITFORM($formfields, false, $errors);
Leigh B Stoller's avatar
Leigh B Stoller committed
562
563
564
565
566
    SPITFOOTER();
    return;
}
unlink($xmlname);

Leigh B Stoller's avatar
Leigh B Stoller committed
567
568
$instance = Instance::Lookup($quickvm_uuid);
if (!$instance) {
569
570
    $errors["error"] = "Transient error(5); please try again later.";
    SPITFORM($formfields, false, $errors);
Leigh B Stoller's avatar
Leigh B Stoller committed
571
572
573
    SPITFOOTER();
    return;
}
574
575
576
577
if ($this_user) {
    $creator = $this_user;
}
else {
Leigh B Stoller's avatar
Leigh B Stoller committed
578
    $creator = GeniUser::Lookup("sa", $instance->creator_uuid());
579
}
Leigh B Stoller's avatar
Leigh B Stoller committed
580
if (! $creator) {
581
582
    $errors["error"] = "Transient error(6); please try again later.";
    SPITFORM($formfields, false, $errors);
Leigh B Stoller's avatar
Leigh B Stoller committed
583
584
585
    SPITFOOTER();
    return;
}
586
#
Leigh B Stoller's avatar
Leigh B Stoller committed
587
# Remember the user and auth key so that we can verify.
588
589
590
591
592
593
#
# The cookie handling is a pain since we run this under the aptlab
# virtual host, but the config uses a different domain, and so the
# cookies do not work. So, we have to look at our SERVER_NAME and
# set the cookie appropriately. 
#
594
if (!$this_user) {
Leigh B Stoller's avatar
Leigh B Stoller committed
595
596
    $cookiedomain = $TBAUTHDOMAIN;

597
598
599
600
601
602
    setcookie("quickvm_user",
	      $creator->uuid(), time() + (24 * 3600 * 30),
	      "/", $cookiedomain, 0);
    setcookie("quickvm_authkey",
	      $creator->auth_token(), time() + (24 * 3600 * 30),
	      "/", $cookiedomain, 0);
603
}
Leigh B Stoller's avatar
Leigh B Stoller committed
604
header("Location: status.php?uuid=" . $instance->uuid());
Leigh B Stoller's avatar
Leigh B Stoller committed
605
?>