Commit 1f912844 authored by Leigh B. Stoller's avatar Leigh B. Stoller
Browse files

Clean up the verification pages, and rename to be more clear:

verify.php3 renamed to verifyusr_form.php3
verified.php3 renamed to verifyusr.php3
parent b3157659
......@@ -104,7 +104,7 @@ if (isset($uid)) {
"Please try back later", 1);
}
elseif (($status == "newuser") || ($status == "unverified")) {
echo "<A href='verify.php3?$uid'>New User Verification</A>\n";
echo "<A href='verifyusr_form.php3?$uid'>New User Verification</A>\n";
}
elseif (($status == "frozen") || ($status == "other")) {
USERERROR("Your account has been changed to status $status, and is ".
......
<html>
<head>
<title>Confirming Verification</title>
<link rel="stylesheet" href="tbstyle.css" type="text/css">
</head>
<body>
<?php
include("defs.php3");
$auth_usr = "";
if ( ereg("php3\?([[:alnum:]]+)",$REQUEST_URI,$Vals) ) {
$auth_usr=$Vals[1];
addslashes($auth_usr);
$query = "SELECT timeout FROM login WHERE uid=\"$auth_usr\"";
$result = mysql_db_query("tbdb", $query);
$n = mysql_num_rows($result);
if ($n == 0) {
echo "<h3>You are not logged in. Please go back to the
<a href=\"tbdb.html\">Home Page</a> and log in first.</h3></body></html>";
exit;
} else {
$row = mysql_fetch_row($result);
if ($row[0] < time()) { # if their login expired
echo "<h3>You have been logged out due to inactivity.
Please log in again.</h3>\n</body></html>";
$cmnd = "DELETE FROM login WHERE uid=\"$auth_usr\"";
mysql_db_query("tbdb", $cmnd);
exit;
} else {
$timeout = time() + 86400;
$cmnd = "UPDATE login SET timeout=\"$timeout\" where uid=\"$auth_usr\"";
mysql_db_query("tbdb", $cmnd);
}
}
} else {
unset($auth_usr);
}
?>
<h1>Confirming Verification...</h1>
<?php
if (isset($uid) && isset($pswd) && isset($key)) {
$match = GENKEY($uid);
if ($key==$match) {
$cmd = "select usr_pswd from users where uid='$uid'";
$result = mysql_db_query("tbdb", $cmd);
$row = mysql_fetch_row($result);
$usr_pswd = $row[0];
$salt = substr($usr_pswd,0,2);
if ($salt[0] == $salt[1]) { $salt = $salt[0]; }
$PSWD = crypt("$pswd",$salt);
if ($PSWD == $usr_pswd) {
$cmd = "select status from users where uid='$uid'";
$result = mysql_db_query("tbdb", $cmd);
$row = mysql_fetch_row($result);
$status = $row[0];
if ($status=="unverified") {
$cmd = "update users set status='active' where uid='$uid'";
mysql_db_query("tbdb", $cmd);
echo "<h3>Because your group leader has already approved ".
"your membership in the group, you are now an active user ".
"of the Testbed. Reload this page, and any options that are ".
"now available to you will appear. ".
"Thanks for using the Testbed!</h3>\n";
} elseif ($status=="newuser") {
$cmd = "update users set status='unapproved' where uid='$uid'";
mysql_db_query("tbdb", $cmd);
echo "<h3>You have now been verified. However, your application ".
"has not yet been approved by the group leader. You will receive ".
"email when that decision has been made. Thanks for ".
"using the Testbed!</h3>\n";
} else {
echo "<h3>You have already been verified, $uid. If you did not ".
"perform this verification, please notify ".
"<a href=\"mailto:testbed-ops@flux.cs.utah.edu\">".
"Testbed Ops (testbed-ops@flux.cs.utah.edu)</a> immediately.</h3>\n";
}
} else {
echo "<h3>The given password is incorrect. Please go back to ".
"<a href=\"verify.php3?$uid\">New User Verification</a> and ".
"enter the correct password and key.</h3>\n";
}
} else {
echo "<h3>The given key is incorrect. Please go back to ".
"<a href=\"verify.php3?$uid\">New User Verification</a> and ".
"enter the correct password and key.</h3>\n";
}
} else {
echo "<h3>The username, password or key are invalid. Please go back to ".
"<a href=\"verify.php3?$uid\">New User Verification</a> and ".
"enter the correct password and key.</h3>\n";
}
?>
<p>Please contact
<a href="mailto:testbed-ops@flux.cs.utah.edu">
Testbed Ops (testbed-ops@flux.cs.utah.edu)</a>
if you need further assistance.
</p>
</body>
</html>
<html>
<head>
<title>New User Verification</title>
<link rel="stylesheet" href="tbstyle.css" type="text/css">
</head>
<body>
<?php
$auth_usr = "";
if ( ereg("php3\?([[:alnum:]]+)",$REQUEST_URI,$Vals) ) {
$auth_usr=$Vals[1];
addslashes($auth_usr);
$query = "SELECT timeout FROM login WHERE uid=\"$auth_usr\"";
$result = mysql_db_query("tbdb", $query);
$n = mysql_num_rows($result);
if ($n == 0) {
echo "<h3>You are not logged in. Please go back to the ";
echo "<a href=\"tbdb.html\" target=\"_top\"> Home Page </a> ";
echo "and log in first.</h3></body></html>";
exit;
} else {
$row = mysql_fetch_row($result);
if ($row[0] < time()) { # if their login expired
echo "<h3>You have been logged out due to inactivity.
Please log in again.</h3>\n</body></html>";
$cmnd = "DELETE FROM login WHERE uid=\"$auth_usr\"";
mysql_db_query("tbdb", $cmnd);
exit;
} else {
$timeout = time() + 86400;
$cmnd = "UPDATE login SET timeout=\"$timeout\" where uid=\"$auth_usr\"";
mysql_db_query("tbdb", $cmnd);
}
}
} else {
unset($auth_usr);
}
?>
<h1>New User Verification</h1>
<p> The purpose of this page is to verify, for security purposes, that
information given in your application is correct. If you never received a
key at the email address given on your application, please contact
<a href="mailto:testbed-ops@flux.cs.utah.edu">
Testbed Ops (testbed-ops@flux.cs.utah.edu)</a>
for further assistance.
</p>
<?php
if (isset($auth_usr)) {
echo "<table align=\"center\" border=\"1\">\n";
echo "<form action=\"verified.php3?$auth_usr\" method=\"post\">\n";
echo "<tr><td>Username:</td><td>\n";
echo "<input type=\"readonly\" name=\"uid\" value=\"$auth_usr\" size=15>\n";
echo "</td>\n";
echo "<tr><td>Password:</td><td><input type=\"password\" name=\"pswd\" size=15></td></tr>\n";
echo "<tr><td>Key:</td><td><input type=\"text\" name=\"key\" size=15></td></tr>\n";
echo "<td colspan=\"2\" align=\"center\">\n";
echo "<b><input type=\"submit\" value=\"Submit\"></b></td></tr>\n";
echo "</form>\n";
echo "</table>\n";
} else {
echo "
<h3>You are not logged in. You must first log in before attempting to
use this page.</h3>
";
}
?>
</body>
</html>
<html>
<head>
<title>Confirming Verification</title>
<link rel="stylesheet" href="tbstyle.css" type="text/css">
</head>
<body>
<?php
include("defs.php3");
#
# Only known and logged in users can be verified.
#
$uid = "";
if (ereg("php3\?([[:alnum:]]+)", $REQUEST_URI, $Vals)) {
$uid=$Vals[1];
addslashes($uid);
}
else {
unset($uid);
}
LOGGEDINORDIE($uid);
#
# Must provide the key!
#
if (!isset($key) || strcmp($key, "") == 0) {
USERERROR("Missing field; ".
"Please go back and fill out the \"key\" field!", 1);
}
echo "<h1>Confirming Verification</h1><p>";
#
# The user is logged in, so all we need to do is confirm the key.
# Make sure it matches.
#
$keymatch = GENKEY($uid);
if (strcmp($key, $keymatch)) {
USERERROR("The given key \"$key\" is incorrect. Please go back and ".
"enter the correct key.", 1);
}
#
# Grab the status and do the modification.
#
$query_result = mysql_db_query($TBDBNAME,
"select status from users where uid='$uid'");
if (!$query_result ||
(($row = mysql_fetch_row($query_result)) == 0)) {
$err = mysql_error();
TBERROR("Database Error retrieving status for $uid: $err\n", 1);
}
$status = $row[0];
if (strcmp($status, "unverified") == 0) {
$query_result = mysql_db_query($TBDBNAME,
"update users set status='active' where uid='$uid'");
if (!$query_result) {
$err = mysql_error();
TBERROR("Database Error setting status for $uid: $err\n", 1);
}
echo "<h3>Because your group leader has already approved ".
"your membership in the group, you are now an active user ".
"of the Testbed. Reload the frame at your left, and any options ".
"that are now available to you will appear.</h3>\n";
}
elseif (strcmp($status, "newuser") == 0) {
$query_result = mysql_db_query($TBDBNAME,
"update users set status='unapproved' where uid='$uid'");
if (!$query_result) {
$err = mysql_error();
TBERROR("Database Error setting status for $uid: $err\n", 1);
}
echo "<h3>You have now been verified. However, your application ".
"has not yet been approved by the group leader. You will receive ".
"email when that has been done.</h3>\n";
}
else {
USERERROR("You have already been verified, $uid. If you did not perform ".
"this verification, please notify Testbed Operations.", 1);
}
?>
</body>
</html>
<html>
<head>
<title>New User Verification</title>
<link rel="stylesheet" href="tbstyle.css" type="text/css">
</head>
<body>
<?php
include("defs.php3");
#
# Only known and logged in users can be verified.
#
$uid = "";
if (ereg("php3\?([[:alnum:]]+)", $REQUEST_URI, $Vals)) {
$uid=$Vals[1];
addslashes($uid);
}
else {
unset($uid);
}
LOGGEDINORDIE($uid);
$foo = GENKEY($uid);
echo "Key = $foo";
?>
<h1>New User Verification</h1>
<p>
The purpose of this page is to verify, for security purposes, that
information given in your application is correct. If you never
received a key at the email address given on your application, please
contact <a href="mailto:testbed-ops@flux.cs.utah.edu"> Testbed Ops
(testbed-ops@flux.cs.utah.edu)</a> for further assistance.
<p>
<?php
echo "<table align=\"center\" border=\"1\">
<form action=\"verifyusr.php3?$uid\" method=\"post\">\n";
echo "<tr>
<td>Username:</td>
<td><input type=\"readonly\" name=\"uid\" value=\"$uid\"></td>
</tr>\n";
echo "<tr>
<td>Key:</td>
<td><input type=\"text\" name=\"key\" size=20></td>
</tr>\n";
echo "<tr>
<td colspan=\"2\" align=\"center\">
<b><input type=\"submit\" value=\"Submit\"></b></td>
</tr>\n";
echo "</form>\n";
echo "</table>\n";
?>
</body>
</html>
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment