toggle.php 3.81 KB
Newer Older
1
2
3
<?php
#
# EMULAB-COPYRIGHT
4
# Copyright (c) 2000-2003, 2005 University of Utah and the Flux Group.
5
6
7
8
9
10
11
12
13
14
15
# All rights reserved.
#
include("defs.php3");

#
# This page is a generic toggle page, like adminmode.php3, but more
# generalized. There are a set of things you can toggle, and each of
# those items has a permission check and a set (pair) of valid values.
#
# Usage: toggle.php?type=swappable&value=1&pid=foo&eid=bar
# (type & value are required, others are optional and vary by type)
16
17
18
19
20
21
#
# No PAGEHEADER since we spit out a Location header later. See below.
#
# Only known and logged in users can do this.
#
$uid = GETLOGIN();
22
LOGGEDINORDIE($uid, CHECKLOGIN_USERSTATUS|CHECKLOGIN_WEBONLY);
23
$isadmin = ISADMIN($uid);
24
25

# List of valid toggles
26
$toggles = array("adminoff", "webfreeze", "lockdown");
27
28

# list of valid values for each toggle
29
$values  = array("adminoff"  => array(0,1),
30
31
		 "webfreeze" => array(0,1),
		 "lockdown"  => array(0,1));
32
33

# list of valid extra variables for the each toggle, and mandatory flag.
34
$optargs = array("adminoff"  => array("target_uid" => 0),
35
36
		 "webfreeze" => array("target_uid" => 1),
		 "lockdown"  => array("pid" => 1, "eid" => 1));
37
38
39
40
41
42
43
44
45

# Mandatory page arguments.
$type  = $_GET['type'];
$value = $_GET['value'];

# Pedantic page argument checking. Good practice!
if (!isset($type) || !isset($value)) {
    PAGEARGERROR();
}
46
47

if (! in_array($type, $toggles)) {
48
    PAGEARGERROR("There is no toggle for $type!");
49
50
}
if (! in_array($value, $values[$type])) {
51
52
53
54
55
56
57
58
59
60
61
62
63
64
    PAGEARGERROR("The value '$value' is illegal for the $type toggle!");
}

# Check optional args and bind locally.
while (list ($arg, $required) = each ($optargs[$type])) {
    if (!isset($_GET[$arg])) {
	if ($required)
	    PAGEARGERROR("Toggle '$type' requires argument '$arg'");
	else
	    unset($$arg);
    }
    else {
	$$arg = addslashes($_GET[$arg]);
    }
65
66
67
68
69
}

#
# Permissions checks, and do the toggle...
#
70
if ($type == "adminoff") {
71
    # must be admin
72
    # Do not check if they are admin mode (ISADMIN), check if they
73
74
    # have the power to change to admin mode!
    if (! ($CHECKLOGIN_STATUS & CHECKLOGIN_ISADMIN) ) {
75
76
77
	USERERROR("You do not have permission to toggle $type!", 1);
    }
    # Admins can change status for other users.
78
79
80
81
    if (!isset($target_uid))
	$target_uid = $uid;
    elseif (!TBCurrentUser($target_uid)) {
	    PAGEARGERROR("Target user '$target_uid' is not a valid user!");
82
    }
83
84
    DBQueryFatal("update users set adminoff='$value' where uid='$target_uid'");
}
85
86
87
88
89
90
91
92
93
94
95
96
97
elseif ($type == "webfreeze") {
    # must be admin
    # Do not check if they are admin mode (ISADMIN), check if they
    # have the power to change to admin mode!
    if (! ($CHECKLOGIN_STATUS & CHECKLOGIN_ISADMIN) ) {
	USERERROR("You do not have permission to toggle $type!", 1);
    }
    if (!TBCurrentUser($target_uid)) {
	PAGEARGERROR("Target user '$target_uid' is not a valid user!");
    }
    DBQueryFatal("update users set weblogin_frozen='$value' ".
		 "where uid='$target_uid'");
}
98
99
100
101
102
103
104
105
106
107
108
elseif ($type == "lockdown") {
    # must be admin
    if (! $isadmin) {
	USERERROR("You do not have permission to toggle $type!", 1);
    }
    if (!TBValidExperiment($pid, $eid)) {
	PAGEARGERROR("Experiment $pid/$eid is not a valid experiment!");
    }
    DBQueryFatal("update experiments set lockdown='$value' ".
		 "where pid='$pid' and eid='$eid'");
}
109
else {
110
111
112
113
114
115
    USERERROR("Nobody has permission to toggle $type!", 1);
}
    
#
# Spit out a redirect 
#
116
117
118
if (isset($HTTP_REFERER) && $HTTP_REFERER != "" &&
    strpos($HTTP_REFERER,$_SERVER[SCRIPT_NAME])===false) {
    # Make sure the referer isn't me!
119
120
121
    header("Location: $HTTP_REFERER");
}
else {
122
123
124
125
126
127
128
    if (isset($target_uid)) {
	header("Location: $TBBASE/showuser.php3?target_uid=$target_uid");
    } elseif (isset($pid) && isset($eid)) {
	header("Location: $TBBASE/showexp.php3?pid=$pid&eid=$eid");
    } else {
	header("Location: $TBBASE/showuser.php3");
    }
129
130
131
}

?>