Commit 16f09b2b authored by Leigh B Stoller's avatar Leigh B Stoller

Cleanup after rename. Remove form fields for logged in users.

parent b6db685e
......@@ -39,14 +39,12 @@ $this_user = CheckLogin($check_status);
#
# Verify page arguments.
#
$optargs = OptionalPageArguments("create", PAGEARG_STRING,
"username", PAGEARG_STRING,
"email", PAGEARG_STRING,
"profile", PAGEARG_STRING,
"stuffing", PAGEARG_STRING,
"verify", PAGEARG_STRING,
"sshkey", PAGEARG_STRING,
"project", PAGEARG_PROJECT,
$optargs = OptionalPageArguments("create", PAGEARG_STRING,
"profile", PAGEARG_STRING,
"stuffing", PAGEARG_STRING,
"verify", PAGEARG_STRING,
"project", PAGEARG_PROJECT,
"formfields", PAGEARG_ARRAY,
"ajax_request", PAGEARG_BOOLEAN,
"ajax_method", PAGEARG_STRING,
"ajax_argument", PAGEARG_STRING);
......@@ -77,10 +75,6 @@ if (isset($ajax_request)) {
exit();
}
# Form defaults.
$username_default = "Pick a user name";
$email_default = "Your email address";
$sshkey_default = "Your SSH public key";
$profile_default = "ThreeVMs";
$profile_array = array();
......@@ -107,166 +101,149 @@ while ($row = mysql_fetch_array($query_result)) {
}
}
function SPITFORM($username, $email, $sshkey, $profile, $newuser, $errors)
function SPITFORM($formfields, $newuser, $errors)
{
global $TBBASE, $TBMAIL_OPS;
global $username_default, $email_default, $sshkey_default;
global $profile_default, $profile_array;
global $profile_array, $this_user;
$username_value = "";
$email_value = "";
$sshkey_value = "";
$profile_value = "";
$username_error = "";
$email_error = "";
$sshkey_error = "";
$profile_error = "";
$internal_error = null;
if (isset($username) && $username != "") {
$username_value = CleanString($username);
}
if (isset($email) && $email != "") {
$email_value = CleanString($email);
}
if (isset($sshkey) && $sshkey != "") {
$sshkey_value = CleanString($sshkey);
}
if (isset($profile) && $profile != "") {
$profile_value = CleanString($profile);
# XSS prevention.
while (list ($key, $val) = each ($formfields)) {
$formfields[$key] = CleanString($val);
}
# XSS prevention.
if ($errors) {
while (list ($name, $message) = each ($errors)) {
# XSS prevention.
$message = CleanString($message);
if ($name == "username")
$username_error = $message;
elseif ($name == "email")
$email_error = $message;
elseif ($name == "sshkey")
$sshkey_error = $message;
elseif ($name == "profile")
$profile_error = $message;
elseif ($name == "internal") {
$internal_error = $message;
}
while (list ($key, $val) = each ($errors)) {
$errors[$key] = CleanString($val);
}
}
$formatter = function($field, $html) use ($errors) {
$class = "form-group";
if ($errors && array_key_exists($field, $errors)) {
$class .= " has-error";
}
echo "<div class='$class'>\n";
echo " $html\n";
if ($errors && array_key_exists($field, $errors)) {
echo "<label class='control-label' for='inputError'>" .
$errors[$field] . "</label>\n";
}
echo "</div>\n";
};
SPITHEADER(1);
if ($internal_error) {
echo "<center><h2>$internal_error</h2></center><br>\n";
}
echo "<div class='row'>
<div class='col-lg-6 col-lg-offset-3
col-md-6 col-md-offset-3
col-sm-8 col-sm-offset-2
col-xs-12 col-xs-offset-0'>\n";
echo "<form id='quickvm_form' role='form'
method='post' action='quickv.php'>\n";
method='post' action='instantiate.php'>\n";
echo "<div class='panel panel-default'>
<div class='panel-heading'>
<h3 class='panel-title'>
Create an Experiment</h3></div>
<div class='panel-body'>
<div class='form-group'>
<input name='username' id='username'
value='$username_value'
class='form-control'
placeholder='$username_default' autofocus type='text'>
<label style='color: red'
for='username'>$username_error</label>
</div>
<div class='form-group'>
<input name='email' id='email' type='text'
value='$email_value'
class='form-control'
placeholder='$email_default' type='text' />
<label
style='color: red'
for='email'>$email_error</label>
</div>
<div class='form-group'>
<textarea id='sshkey' name='sshkey'
placeholder='$sshkey_default'
<div class='panel-body'>\n";
echo " <fieldset>\n";
#
# Look for non-specific error.
#
if ($errors && array_key_exists("error", $errors)) {
echo "<font color=red><center>" . $errors["error"] . "</center></font>";
}
if (!isset($this_user)) {
$formatter("username",
"<input name=\"formfields[username]\"
value='" . $formfields["username"] . "'
class='form-control'
placeholder='Pick a user name'
autofocus type='text'>");
$formatter("email",
"<input name=\"formfields[email]\"
type='text'
value='" . $formfields["email"] . "'
class='form-control'
rows=4 cols=45>$sshkey_value</textarea>
<label
style='color: red'
for='sshkey'>$sshkey_error</label>
</div>
<div id='profile_well' class='form-group well well-md'>
placeholder='Your email address' type='text'>");
$formatter("sshkey",
"<textarea name=\"formfields[sshkey]\"
placeholder='Your ssh public key'
class='form-control'
rows=4 cols=45>" . $formfields["sshkey"] .
"</textarea>");
}
echo "<div id='profile_well' class='form-group well well-md'>
<span id='selected_profile_text' class='pull-left'>
</span>
<input id='selected_profile' type='hidden' name='profile'/>
<input id='selected_profile' type='hidden'
name='formfields[profile]'/>
<button id='profile' class='btn btn-primary btn-xs pull-right'
type='button' name='profile_button'>
Select a Profile
type='button' name='profile_button'>
Select a Profile
</button>\n";
echo " <label
style='color: red'
for='profile'>$profile_error</label>
</div>
<button class='btn btn-primary btn-sm pull-left'
type='button' name='reset' id='reset-form'>
Reset Form</button>
<button class='btn btn-success pull-right'
if ($errors && array_key_exists("profile", $errors)) {
echo "<label class='control-label' for='inputError'>" .
$errors["profile"] .
" </label>\n";
}
echo " </div>\n";
echo "</fieldset>
<button class='btn btn-success pull-right'
type='submit' name='create'>Create!
</button>
<br>
</button>
<br>
</div>
</div>
</div>
</div>\n";
SpitVerifyModal("verify_modal", "Create");
if (!isset($this_user)) {
SpitVerifyModal("verify_modal", "Create");
if ($newuser) {
if (is_string($newuser)) {
$stuffing = $newuser;
}
else {
$stuffing = substr(GENHASH(), 0, 16);
if ($newuser) {
if (is_string($newuser)) {
$stuffing = $newuser;
}
else {
$stuffing = substr(GENHASH(), 0, 16);
}
mail($formfields["email"],
"Confirm your email to create your Experiment",
"Here is your user verification code. Please copy and\n".
"paste this code into the box on the experiment page.\n\n".
" $stuffing\n",
"From: $TBMAIL_OPS");
echo "<input type='hidden' name='stuffing' value='$stuffing' />";
}
mail($email, "Confirm your email to create your Experiment",
"Here is your user verification code. Please copy and\n".
"paste this code into the box on the experiment page.\n\n".
" $stuffing\n",
"From: $TBMAIL_OPS");
echo "<input type='hidden' name='stuffing' value='$stuffing' />";
}
echo "</form>\n";
SpitTopologyViewModal("quickvm_topomodal", $profile_array);
echo "<script type='text/javascript'>\n";
if (isset($profile) && $profile != "") {
echo "window.PROFILE = '$profile_value';\n";
}
else {
echo "window.PROFILE = '$profile_default';\n";
}
echo " window.PROFILE = '" . $formfields["profile"] . "';\n";
if ($newuser) {
echo "window.APT_OPTIONS.isNewUser = true;\n";
}
echo "</script>\n";
echo "<script src='js/lib/require.js' data-main='js/quickvm'></script>";
echo "<script src='js/lib/require.js' data-main='js/instantiate'></script>";
}
if (!isset($create)) {
$username = null;
$email = null;
$sshkey = null;
$defaults = array();
$defaults["username"] = "";
$defaults["email"] = "";
$defaults["sshkey"] = "";
$defaults["profile"] = (isset($profile) ? $profile : $profile_default);
#
# Look for current user or cookie that tells us who the user is.
#
if ($this_user) {
$username = $this_user->uid();
$email = $this_user->email();
$defaults["username"] = $this_user->uid();
$defaults["email"] = $this_user->email();
}
elseif (isset($_COOKIE['quickvm_user'])) {
$geniuser = GeniUser::Lookup("sa", $_COOKIE['quickvm_user']);
......@@ -277,15 +254,15 @@ if (!isset($create)) {
#
$quickvm = QuickVM::LookupByCreator($geniuser->uuid());
if ($quickvm && $quickvm->status() != "terminating") {
header("Location: quickvm_status.php?uuid=" . $quickvm->uuid());
header("Location: status.php?uuid=" . $quickvm->uuid());
return;
}
$username = $geniuser->name();
$email = $geniuser->email();
$sshkey = $geniuser->SSHKey();
$defaults["username"] = $geniuser->name();
$defaults["email"] = $geniuser->email();
$defaults["sshkey"] = $geniuser->SSHKey();
}
}
SPITFORM($username, $email, $sshkey, $profile, false, null);
SPITFORM($defaults, false, array());
SPITFOOTER();
return;
}
......@@ -299,33 +276,32 @@ if (!$this_user) {
#
# These check do not matter for a logged in user; we ignore the values.
#
if (!isset($email) || $email == "" || $email == $email_default) {
if (!isset($formfields["email"]) || $formfields["email"] == "") {
$errors["email"] = "Missing Field";
}
elseif (! TBvalid_email($email)) {
elseif (! TBvalid_email($formfields["email"])) {
$errors["email"] = TBFieldErrorString();
}
if (!isset($username) || $username == "" ||
$username == $username_default) {
if (!isset($formfields["username"]) || $formfields["username"] == "") {
$errors["username"] = "Missing Field";
}
elseif (! TBvalid_uid($username)) {
elseif (! TBvalid_uid($formfields["username"])) {
$errors["username"] = TBFieldErrorString();
}
elseif (User::LookupByUid($username)) {
elseif (User::LookupByUid($formfields["username"])) {
# Do not allow uid overlap with real users.
$errors["username"] = "Already in use";
}
}
if (!isset($profile) || $profile == "") {
if (!isset($formfields["profile"]) || $formfields["profile"] == "") {
$errors["profile"] = "No selection made";
}
elseif (! array_key_exists($profile, $profile_array)) {
$errors["profile"] = "Invalid Profile: $profile";
elseif (! array_key_exists($formfields["profile"], $profile_array)) {
$errors["profile"] = "Invalid Profile: " . $formfields["profile"];
}
if (count($errors)) {
SPITFORM($username, $email, $sshkey, $profile, false, $errors);
SPITFORM($formfields, false, $errors);
SPITFOOTER();
return;
}
......@@ -334,34 +310,34 @@ if (count($errors)) {
# More sanity checks.
#
if (!$this_user) {
$geniuser = GeniUser::LookupByEmail("sa", $email);
$geniuser = GeniUser::LookupByEmail("sa", $formfields["email"]);
if ($geniuser) {
if ($geniuser->name() != $username) {
if ($geniuser->name() != $formfields["username"]) {
$errors["email"] = "Already in use by another user";
unset($geniuser);
}
}
}
# Existing users are allowed to resuse their ssh key, but can supply
# Existing guest users are allowed to resuse their ssh key, but can supply
# a new one if they want.
if (!isset($sshkey) || $sshkey == "" || $sshkey == $sshkey_default) {
if (!isset($formfields["sshkey"]) || $formfields["sshkey"] == "") {
if (!($geniuser || $this_user)) {
$errors["sshkey"] = "Missing Field";
}
}
else {
$args["sshkey"] = $sshkey;
$args["sshkey"] = $formfields["sshkey"];
}
if (count($errors)) {
SPITFORM($username, $email, $sshkey, $profile, false, $errors);
SPITFORM($formfields, false, $errors);
SPITFOOTER();
return;
}
# Silently ignore the form for a logged in user.
$args["username"] = ($this_user ? $this_user->uid() : $username);
$args["email"] = ($this_user ? $this_user->email() : $email);
$args["profile"] = $profile;
$args["username"] = ($this_user ? $this_user->uid() : $formfields["username"]);
$args["email"] = ($this_user ? $this_user->email() : $formfields["email"]);
$args["profile"] = $formfields["profile"];
#
# See if user exists and is verified. We send email with a code, which
......@@ -377,7 +353,7 @@ if (!$this_user &&
$_COOKIE['quickvm_authkey'] != $geniuser->auth_token())) {
if (isset($stuffing) && $stuffing != "") {
if (! (isset($verify) && $verify == $stuffing)) {
SPITFORM($username, $email, $sshkey, $profile, $stuffing, $errors);
SPITFORM($formfields, $stuffing, $errors);
SPITFOOTER();
return;
}
......@@ -389,7 +365,7 @@ if (!$this_user &&
if ($geniuser) {
$quickvm = QuickVM::LookupByCreator($geniuser->uuid());
if ($quickvm && $quickvm->status() != "terminating") {
header("Location: quickvm_status.php?uuid=" . $quickvm->uuid());
header("Location: status.php?uuid=" . $quickvm->uuid());
return;
}
}
......@@ -401,7 +377,7 @@ if (!$this_user &&
# New user, we create a new one.
$token = ($geniuser ? $geniuser->auth_token() : true);
SPITFORM($username, $email, $sshkey, $profile, $token, $errors);
SPITFORM($formfields, $token, $errors);
SPITFOOTER();
return;
}
......@@ -434,7 +410,7 @@ else {
chmod($xmlname, 0666);
}
if (count($errors)) {
SPITFORM($username, $email, $sshkey, $profile, false, $errors);
SPITFORM($formfields, false, $errors);
SPITFOOTER();
return;
}
......@@ -456,18 +432,18 @@ $retval = SUEXEC("nobody", "nobody", "webquickvm $opt $xmlname",
if ($retval != 0) {
if ($retval < 0) {
$errors["internal"] = "Transient error(3); please try again later.";
$errors["error"] = "Transient error(3); please try again later.";
}
else {
if (count($suexec_output_array)) {
$line = $suexec_output_array[$i];
$errors["internal"] = $line;
$errors["error"] = $line;
}
else {
$errors["internal"] = "Transient error(4); please try again later.";
$errors["error"] = "Transient error(4); please try again later.";
}
}
SPITFORM($username, $email, $sshkey, $profile, false, $errors);
SPITFORM($formfields, false, $errors);
SPITFOOTER();
return;
}
......@@ -475,8 +451,8 @@ unlink($xmlname);
$quickvm = QuickVM::LookupByName($args["name"]);
if (!$quickvm) {
$errors["internal"] = "Transient error(5); please try again later.";
SPITFORM($username, $email, $sshkey, $profile, false, $errors);
$errors["error"] = "Transient error(5); please try again later.";
SPITFORM($formfields, false, $errors);
SPITFOOTER();
return;
}
......@@ -487,8 +463,8 @@ else {
$creator = GeniUser::Lookup("sa", $quickvm->creator_uuid());
}
if (! $creator) {
$errors["internal"] = "Transient error(6); please try again later.";
SPITFORM($username, $email, $sshkey, $profile, false, $errors);
$errors["error"] = "Transient error(6); please try again later.";
SPITFORM($formfields, false, $errors);
SPITFOOTER();
return;
}
......@@ -510,5 +486,5 @@ if (!$this_user) {
$creator->auth_token(), time() + (24 * 3600 * 30),
"/", $cookiedomain, 0);
}
header("Location: quickvm_status.php?uuid=" . $quickvm->uuid());
header("Location: status.php?uuid=" . $quickvm->uuid());
?>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment