Commit 0db1b771 authored by Leigh B. Stoller's avatar Leigh B. Stoller

A set of changes to the login mechanism. Use the cookie to determine

who the user is instead of passing ?uid to every page all the way down.
Update login timeout with each useful operation (done in checklogin).
Put default user name in the login box when visiting the page.
parent 8ca84bb5
...@@ -8,9 +8,10 @@ importance should be obvious. Whoever does this work *will* program in the ...@@ -8,9 +8,10 @@ importance should be obvious. Whoever does this work *will* program in the
dominate style of the existing, newly written, 4500 lines of code! Now, if dominate style of the existing, newly written, 4500 lines of code! Now, if
I could just figure out how to add a php mode to emacs ... I could just figure out how to add a php mode to emacs ...
* Add password hint for the clueless users who forget their passwords. * Add DB connect as authorized user so we can track whats going in
the DB log files.
* tbend should work from the database, not the .ir file. * Add password hint for the clueless users who forget their passwords.
* Put a limit on the number of new users/projects that can be * Put a limit on the number of new users/projects that can be
unapproved (to prevent DOS attacks on the database). unapproved (to prevent DOS attacks on the database).
...@@ -30,11 +31,7 @@ I could just figure out how to add a php mode to emacs ... ...@@ -30,11 +31,7 @@ I could just figure out how to add a php mode to emacs ...
include the uid in the existing cookie (the one I added to send back the include the uid in the existing cookie (the one I added to send back the
hash key). hash key).
* Look at the 'suexec' program from the Apache distribution and use it * Fix the email list problem. Right now we add people to the two
as the basis for the "run as a user" program. Instead of checking
the home directory, it'll check the database.
* Fix the email list problem. Right now we add people people to the two
email list files in /usr/testbed/www/maillist when they apply. We should email list files in /usr/testbed/www/maillist when they apply. We should
either delay that until they are approved, or make sure they get taken either delay that until they are approved, or make sure they get taken
back out when denied. back out when denied.
...@@ -54,19 +51,12 @@ I could just figure out how to add a php mode to emacs ... ...@@ -54,19 +51,12 @@ I could just figure out how to add a php mode to emacs ...
certificates. I'm not too crazy about this unless its easy to do all of it certificates. I'm not too crazy about this unless its easy to do all of it
on my home machine (apache server). on my home machine (apache server).
* Continue to hook up the backend parts of the system, which right now is a
major unfinished piece of business.
* More linking of information in the forms. There are some obvious places * More linking of information in the forms. There are some obvious places
where stuff should be presented as hypertext links so that navigation is where stuff should be presented as hypertext links so that navigation is
easier. easier.
* Backup links in all the pages. * Backup links in all the pages.
* Change to ?uid=stoller&pid=testbed style arguments in all the pages I
have not yet fixed (that is, get rid of that regex thing at the top of
the page to find the arguments).
* Admin page to remove a project. * Admin page to remove a project.
* Admin page to remove a user. * Admin page to remove a user.
...@@ -82,8 +72,6 @@ I could just figure out how to add a php mode to emacs ... ...@@ -82,8 +72,6 @@ I could just figure out how to add a php mode to emacs ...
experiment name, downcase it. Mac was going to do this, but I don't know experiment name, downcase it. Mac was going to do this, but I don't know
if he got to it. if he got to it.
* Get people to go use the pages (including modify user information!).
* Lastly, macrofy the entire thing and get rid the damn frames! I hate * Lastly, macrofy the entire thing and get rid the damn frames! I hate
frames! frames!
......
...@@ -3,20 +3,17 @@ include("defs.php3"); ...@@ -3,20 +3,17 @@ include("defs.php3");
PAGEHEADER("New User"); PAGEHEADER("New User");
$uid = ""; #
if ( ereg("php3\?([[:alnum:]]+)",$REQUEST_URI,$Vals) ) { # Get current user.
$uid=$Vals[1]; #
addslashes($uid); $uid = GETLOGIN();
} else {
unset($uid);
}
# #
# If a uid came in, then we check to see if the login is valid. # If a uid came in, then we check to see if the login is valid.
# If the login is not valid, then quit cause we don't want to display the # If the login is not valid, then quit cause we don't want to display the
# personal information for some random ?uid argument. # personal information for some random ?uid argument.
# #
if (isset($uid)) { if ($uid) {
if (CHECKLOGIN($uid) != 1) { if (CHECKLOGIN($uid) != 1) {
USERERROR("You are not logged in. Please log in and try again.", 1); USERERROR("You are not logged in. Please log in and try again.", 1);
} }
......
...@@ -9,6 +9,7 @@ PAGEHEADER("New Project Approved"); ...@@ -9,6 +9,7 @@ PAGEHEADER("New Project Approved");
# #
# Only known and logged in users can do this. # Only known and logged in users can do this.
# #
$uid = GETLOGIN();
LOGGEDINORDIE($uid); LOGGEDINORDIE($uid);
# #
......
...@@ -9,6 +9,7 @@ PAGEHEADER("New Project Approval"); ...@@ -9,6 +9,7 @@ PAGEHEADER("New Project Approval");
# #
# Only known and logged in users can do this. # Only known and logged in users can do this.
# #
$uid = GETLOGIN();
LOGGEDINORDIE($uid); LOGGEDINORDIE($uid);
# #
...@@ -19,6 +20,14 @@ if (! $isadmin) { ...@@ -19,6 +20,14 @@ if (! $isadmin) {
USERERROR("You do not have admin privledges to approve projects!", 1); USERERROR("You do not have admin privledges to approve projects!", 1);
} }
#
# Verify arguments.
#
if (!isset($pid) ||
strcmp($pid, "") == 0) {
USERERROR("You must provide a project ID.", 1);
}
echo "<center><h1>Approve a Project</h1></center>\n"; echo "<center><h1>Approve a Project</h1></center>\n";
# #
...@@ -75,7 +84,7 @@ echo "<center> ...@@ -75,7 +84,7 @@ echo "<center>
<h3>What would you like to do?</h3> <h3>What would you like to do?</h3>
</center> </center>
<table align=center border=1> <table align=center border=1>
<form action='approveproject.php3?uid=$uid&pid=$pid' method='post'>\n"; <form action='approveproject.php3?pid=$pid' method='post'>\n";
echo "<tr> echo "<tr>
<td align=center> <td align=center>
......
...@@ -9,6 +9,7 @@ PAGEHEADER("New Project Approval List"); ...@@ -9,6 +9,7 @@ PAGEHEADER("New Project Approval List");
# #
# Only known and logged in users can do this. uid came in with the URI. # Only known and logged in users can do this. uid came in with the URI.
# #
$uid = GETLOGIN();
LOGGEDINORDIE($uid); LOGGEDINORDIE($uid);
echo "<center><h1>Approve New Projects List</h1></center>\n"; echo "<center><h1>Approve New Projects List</h1></center>\n";
...@@ -87,12 +88,12 @@ while ($projectrow = mysql_fetch_array($query_result)) { ...@@ -87,12 +88,12 @@ while ($projectrow = mysql_fetch_array($query_result)) {
</tr> </tr>
<tr> <tr>
<td align=center rowspan=2> <td align=center rowspan=2>
<A href='approveproject_form.php3?uid=$uid&pid=$pid'> <A href='approveproject_form.php3?pid=$pid'>
<img alt=\"o\" src=\"redball.gif\"></A></td> <img alt=\"o\" src=\"redball.gif\"></A></td>
<td rowspan=2> <td rowspan=2>
<A href='showproject.php3?uid=$uid&pid=$pid'>$pid</A></td> <A href='showproject.php3?pid=$pid'>$pid</A></td>
<td rowspan=2> <td rowspan=2>
<A href='showuser.php3?uid=$uid&target_uid=$headuid'> <A href='showuser.php3?target_uid=$headuid'>
$headuid</A></td> $headuid</A></td>
<td>$name</td> <td>$name</td>
<td>$title</td> <td>$title</td>
......
...@@ -9,14 +9,7 @@ PAGEHEADER("New Users Approved"); ...@@ -9,14 +9,7 @@ PAGEHEADER("New Users Approved");
# #
# Only known and logged in users can be verified. # Only known and logged in users can be verified.
# #
$uid = ""; $uid = GETLOGIN();
if (ereg("php3\?([[:alnum:]]+)", $REQUEST_URI, $Vals)) {
$uid=$Vals[1];
addslashes($uid);
}
else {
unset($uid);
}
LOGGEDINORDIE($uid); LOGGEDINORDIE($uid);
echo "<center><h1> echo "<center><h1>
......
...@@ -9,14 +9,7 @@ PAGEHEADER("New Users Approval Form"); ...@@ -9,14 +9,7 @@ PAGEHEADER("New Users Approval Form");
# #
# Only known and logged in users can be verified. # Only known and logged in users can be verified.
# #
$auth_usr = ""; $auth_usr = GETLOGIN();
if (ereg("php3\?([[:alnum:]]+)", $REQUEST_URI, $Vals)) {
$auth_usr=$Vals[1];
addslashes($auth_usr);
}
else {
unset($auth_usr);
}
LOGGEDINORDIE($auth_usr); LOGGEDINORDIE($auth_usr);
echo " echo "
...@@ -105,7 +98,7 @@ echo "<tr> ...@@ -105,7 +98,7 @@ echo "<tr>
<td>Zip</td> <td>Zip</td>
</tr>\n"; </tr>\n";
echo "<form action='approveuser.php3?$auth_usr' method='post'>\n"; echo "<form action='approveuser.php3' method='post'>\n";
while ($usersrow = mysql_fetch_array($query_result)) { while ($usersrow = mysql_fetch_array($query_result)) {
$newuid = $usersrow[uid]; $newuid = $usersrow[uid];
......
...@@ -9,13 +9,7 @@ PAGEHEADER("Begin an Experiment Form"); ...@@ -9,13 +9,7 @@ PAGEHEADER("Begin an Experiment Form");
# #
# Only known and logged in users can begin experiments. # Only known and logged in users can begin experiments.
# #
$uid = ""; $uid = GETLOGIN();
if ( ereg("php3\?([[:alnum:]]+)",$REQUEST_URI,$Vals) ) {
$uid=$Vals[1];
addslashes($uid);
} else {
unset($uid);
}
LOGGEDINORDIE($uid); LOGGEDINORDIE($uid);
# #
......
...@@ -36,7 +36,8 @@ if (!isset($exp_created) || ...@@ -36,7 +36,8 @@ if (!isset($exp_created) ||
} }
# #
# Only known and logged in users can begin experiments. # Only known and logged in users can begin experiments. Name came in as
# a POST var.
# #
LOGGEDINORDIE($uid); LOGGEDINORDIE($uid);
......
...@@ -27,6 +27,7 @@ $TBUSER_DIR = "/users/"; ...@@ -27,6 +27,7 @@ $TBUSER_DIR = "/users/";
$TBNSSUBDIR = "nsdir"; $TBNSSUBDIR = "nsdir";
$TBAUTHCOOKIE = "HashCookie"; $TBAUTHCOOKIE = "HashCookie";
$TBNAMECOOKIE = "MyUidCookie";
$TBAUTHTIMEOUT = 10800; $TBAUTHTIMEOUT = 10800;
$TBAUTHDOMAIN = ".emulab.net"; $TBAUTHDOMAIN = ".emulab.net";
#$TBAUTHDOMAIN = "golden-gw.ballmoss.com"; #$TBAUTHDOMAIN = "golden-gw.ballmoss.com";
......
...@@ -9,13 +9,7 @@ PAGEHEADER("Terminate Experiment"); ...@@ -9,13 +9,7 @@ PAGEHEADER("Terminate Experiment");
# #
# Only known and logged in users can end experiments. # Only known and logged in users can end experiments.
# #
$uid = ""; $uid = GETLOGIN();
if ( ereg("php3\?([[:alnum:]]+)",$REQUEST_URI,$Vals) ) {
$uid=$Vals[1];
addslashes($uid);
} else {
unset($uid);
}
LOGGEDINORDIE($uid); LOGGEDINORDIE($uid);
# #
......
...@@ -9,13 +9,7 @@ PAGEHEADER("Terminate Experiment Form"); ...@@ -9,13 +9,7 @@ PAGEHEADER("Terminate Experiment Form");
# #
# Only known and logged in users can end experiments. # Only known and logged in users can end experiments.
# #
$uid = ""; $uid = GETLOGIN();
if ( ereg("php3\?([[:alnum:]]+)",$REQUEST_URI,$Vals) ) {
$uid=$Vals[1];
addslashes($uid);
} else {
unset($uid);
}
LOGGEDINORDIE($uid); LOGGEDINORDIE($uid);
# #
...@@ -59,7 +53,7 @@ you are a member of.</h2> ...@@ -59,7 +53,7 @@ you are a member of.</h2>
<table align="center" border="1"> <table align="center" border="1">
<?php <?php
echo "<form action=\"endexp.php3?$uid\" method=\"post\">"; echo "<form action=\"endexp.php3\" method=\"post\">";
echo "<tr> echo "<tr>
<td align='center'>Project/Experiment</td> <td align='center'>Project/Experiment</td>
</tr>\n"; </tr>\n";
......
...@@ -10,8 +10,6 @@ if (isset($login)) { ...@@ -10,8 +10,6 @@ if (isset($login)) {
# #
# Login button pressed. # Login button pressed.
# #
unset($login);
if (!isset($uid) || if (!isset($uid) ||
strcmp($uid, "") == 0) { strcmp($uid, "") == 0) {
$login_status = "Login Failed"; $login_status = "Login Failed";
...@@ -31,20 +29,17 @@ elseif (isset($logout)) { ...@@ -31,20 +29,17 @@ elseif (isset($logout)) {
# #
# Logout button pressed. # Logout button pressed.
# #
unset($logout);
DOLOGOUT($uid); DOLOGOUT($uid);
$login_status = "$uid Logged Out"; $login_status = "$uid Logged Out";
unset($uid); unset($uid);
} }
elseif (isset($uid)) { elseif ($uid = GETUID()) {
# #
# Check to make sure the UID is logged in (not timed out). # Check to make sure the UID is logged in (not timed out).
# #
$status = CHECKLOGIN($uid); $status = CHECKLOGIN($uid);
switch ($status) { switch ($status) {
case 0: case 0:
$login_status = "$uid Not Logged In";
unset($uid); unset($uid);
break; break;
case 1: case 1:
...@@ -97,28 +92,28 @@ if (isset($uid)) { ...@@ -97,28 +92,28 @@ if (isset($uid)) {
if ($status == "active") { if ($status == "active") {
if ($admin) { if ($admin) {
echo "<A href='approveproject_list.php3?uid=$uid'> echo "<A href='approveproject_list.php3'>
New Project Approval</A><p>\n"; New Project Approval</A><p>\n";
echo "<A href='showproject_list.php3?uid=$uid'> echo "<A href='showproject_list.php3'>
Project Information</A><p>\n"; Project Information</A><p>\n";
echo "<A href='nodecontrol_list.php3?uid=$uid'> echo "<A href='nodecontrol_list.php3'>
Node Control</A><p>\n"; Node Control</A><p>\n";
} }
if ($trusted) { if ($trusted) {
# Only group leaders can do these options # Only group leaders can do these options
echo "<A href='approveuser_form.php3?$uid'> echo "<A href='approveuser_form.php3'>
New User Approval</A>\n"; New User Approval</A>\n";
} }
# Since a user can be a member of more than one project, # Since a user can be a member of more than one project,
# display this option, and let the form decide if the user is # display this option, and let the form decide if the user is
# allowed to do this. # allowed to do this.
echo "<p><A href='beginexp_form.php3?$uid'> echo "<p><A href='beginexp_form.php3'>
Begin an Experiment</A>\n"; Begin an Experiment</A>\n";
echo "<p><A href='endexp_form.php3?$uid'> echo "<p><A href='endexp_form.php3'>
End an Experiment</A>\n"; End an Experiment</A>\n";
echo "<p><A href='showexp_form.php3?$uid'> echo "<p><A href='showexp_form.php3'>
Experiment Information</A>\n"; Experiment Information</A>\n";
echo "<p><A href='modusr_form.php3?$uid'> echo "<p><A href='modusr_form.php3'>
Update user information</A>\n"; Update user information</A>\n";
echo "<p><A href='reserved.php3'> echo "<p><A href='reserved.php3'>
Node Reservation Status</A>\n"; Node Reservation Status</A>\n";
...@@ -131,7 +126,7 @@ if (isset($uid)) { ...@@ -131,7 +126,7 @@ if (isset($uid)) {
"Please try back later", 1); "Please try back later", 1);
} }
elseif (($status == "newuser") || ($status == "unverified")) { elseif (($status == "newuser") || ($status == "unverified")) {
echo "<A href='verifyusr_form.php3?$uid'>New User Verification</A>\n"; echo "<A href='verifyusr_form.php3'>New User Verification</A>\n";
} }
elseif (($status == "frozen") || ($status == "other")) { elseif (($status == "frozen") || ($status == "other")) {
USERERROR("Your account has been changed to status $status, and is ". USERERROR("Your account has been changed to status $status, and is ".
...@@ -143,14 +138,9 @@ if (isset($uid)) { ...@@ -143,14 +138,9 @@ if (isset($uid)) {
# #
# Standard options for anyone. # Standard options for anyone.
# #
if (isset($uid)) { echo "<p><A href=\"newproject_form.php3\">Start Project</A>\n";
echo "<p><A href=\"newproject_form.php3?$uid\">Start a Project</A>\n"; echo "<p><A href=\"addusr.php3\">Join Project</A>\n";
echo "<p><A href=\"addusr.php3?$uid\">Join a Project</A>\n";
}
else {
echo "<p><A href=\"newproject_form.php3\">Start a Project</A>\n";
echo "<p><A href=\"addusr.php3\">Join a Project</A>\n";
}
echo "<hr>"; echo "<hr>";
echo "<table cellpadding=\"0\" cellspacing=\"0\" width=\"100%\">"; echo "<table cellpadding=\"0\" cellspacing=\"0\" width=\"100%\">";
echo "<form action=\"index.php3\" method=\"post\" target=\"fixed\">"; echo "<form action=\"index.php3\" method=\"post\" target=\"fixed\">";
...@@ -168,8 +158,16 @@ if (isset($uid)) { ...@@ -168,8 +158,16 @@ if (isset($uid)) {
</tr>\n"; </tr>\n";
} }
else { else {
#
# Get the UID that came back in the cookie so that we can present a
# default login name to the user.
#
if (($uid = GETUID()) == FALSE)
$uid = "";
echo "<tr> echo "<tr>
<td>Username:<input type='text' name='uid' size=8></td> <td>Username:<input type='text' value='$uid'
name='uid' size=8></td>
</tr> </tr>
<tr> <tr>
<td>Password:<input type='password' name='password' size=12></td> <td>Password:<input type='password' name='password' size=12></td>
......
...@@ -9,14 +9,7 @@ PAGEHEADER("Modify User Information Form"); ...@@ -9,14 +9,7 @@ PAGEHEADER("Modify User Information Form");
# #
# Only known and logged in users can modify info. # Only known and logged in users can modify info.
# #
$uid = ""; $uid = GETLOGIN();
if (ereg("php3\?([[:alnum:]]+)", $REQUEST_URI, $Vals)) {
$uid=$Vals[1];
addslashes($uid);
}
else {
unset($uid);
}
LOGGEDINORDIE($uid); LOGGEDINORDIE($uid);
?> ?>
...@@ -55,7 +48,7 @@ $usr_affil = $row[usr_affil]; ...@@ -55,7 +48,7 @@ $usr_affil = $row[usr_affil];
# #
# Generate the form. # Generate the form.
# #
echo "<form action=\"modusr_process.php3?$uid\" method=\"post\">\n"; echo "<form action=\"modusr_process.php3\" method=\"post\">\n";
echo "<tr> echo "<tr>
<td>Username:</td> <td>Username:</td>
<td class=\"left\"> <td class=\"left\">
......
...@@ -44,7 +44,7 @@ if (!isset($usr_affil) || ...@@ -44,7 +44,7 @@ if (!isset($usr_affil) ||
} }
# #
# Only known and logged in users can modify info. # Only known and logged in users can modify info. uid came in as a POST var.
# #
LOGGEDINORDIE($uid); LOGGEDINORDIE($uid);
......
...@@ -3,20 +3,17 @@ include("defs.php3"); ...@@ -3,20 +3,17 @@ include("defs.php3");
PAGEHEADER("Start a New Project"); PAGEHEADER("Start a New Project");
$uid = ""; #
if ( ereg("php3\?([[:alnum:]]+)",$REQUEST_URI,$Vals) ) { # Get current user.
$uid=$Vals[1]; #
addslashes($uid); $uid = GETLOGIN();
} else {
unset($uid);
}
# #
# If a uid came in, then we check to see if the login is valid. # If a uid came in, then we check to see if the login is valid.
# If the login is not valid, then quit cause we don't want to display the # If the login is not valid, then quit cause we don't want to display the
# personal information for some random ?uid argument. # personal information for some random ?uid argument.
# #
if (isset($uid)) { if ($uid) {
if (CHECKLOGIN($uid) != 1) { if (CHECKLOGIN($uid) != 1) {
USERERROR("You are not logged in. Please log in and try again.", 1); USERERROR("You are not logged in. Please log in and try again.", 1);
} }
......
...@@ -7,6 +7,7 @@ include("defs.php3"); ...@@ -7,6 +7,7 @@ include("defs.php3");
# #
# Only known and logged in users can do this. # Only known and logged in users can do this.
# #
$uid = GETLOGIN();
LOGGEDINORDIE($uid); LOGGEDINORDIE($uid);
# #
...@@ -63,10 +64,10 @@ if (! $insert_result) { ...@@ -63,10 +64,10 @@ if (! $insert_result) {
# Zap back to the referrer. Seems better than a silly "we did it" message. # Zap back to the referrer. Seems better than a silly "we did it" message.
# #
if ($refer == "list") { if ($refer == "list") {
header("Location: nodecontrol_list.php3?uid=$uid"); header("Location: nodecontrol_list.php3");
} }
else { else {
header("Location: showexp.php3?uid=$uid&exp_pideid=$refer"); header("Location: showexp.php3?exp_pideid=$refer");
} }
# #
......
...@@ -9,8 +9,17 @@ PAGEHEADER("Node Control Form"); ...@@ -9,8 +9,17 @@ PAGEHEADER("Node Control Form");
# #
# Only known and logged in users can do this. # Only known and logged in users can do this.
# #
$uid = GETLOGIN();
LOGGEDINORDIE($uid); LOGGEDINORDIE($uid);
#
# Verify form arguments.
#
if (!isset($node_id) ||
strcmp($node_id, "") == 0) {
USERERROR("You must provide a node ID.", 1);