Commit 41d37ee8 authored by Leigh B. Stoller's avatar Leigh B. Stoller

Allow user to specify email address when logging in. Some minor reorg

of the CHECKEMAIL function as a result.
parent dd1d9190
...@@ -5,6 +5,7 @@ ...@@ -5,6 +5,7 @@
$TBDBNAME = "@TBDBNAME@"; $TBDBNAME = "@TBDBNAME@";
$TBOPSPID = "emulab-ops"; $TBOPSPID = "emulab-ops";
$TBDB_MINLEN = 2;
$TBDB_UIDLEN = 8; $TBDB_UIDLEN = 8;
$TBDB_PIDLEN = 12; $TBDB_PIDLEN = 12;
$TBDB_GIDLEN = 12; $TBDB_GIDLEN = 12;
...@@ -12,6 +13,7 @@ $TBDB_UNIXGLEN = 16; ...@@ -12,6 +13,7 @@ $TBDB_UNIXGLEN = 16;
$TBDB_NODEIDLEN = 10; $TBDB_NODEIDLEN = 10;
$TBDB_PHONELEN = 32; $TBDB_PHONELEN = 32;
$TBDB_USRNAMELEN= 64; $TBDB_USRNAMELEN= 64;
$TBDB_EMAILLEN = 64;
# #
# Current policy is to prefix the EID with the PID. Make sure it is not # Current policy is to prefix the EID with the PID. Make sure it is not
...@@ -135,21 +137,21 @@ define("TBDB_IFACEROLE_OTHER", "other"); ...@@ -135,21 +137,21 @@ define("TBDB_IFACEROLE_OTHER", "other");
# Some regex functions to check various arguments # Some regex functions to check various arguments
function TBvalid_uid($uid) { function TBvalid_uid($uid) {
global $TBDB_UIDLEN; global $TBDB_UIDLEN, $TBDB_MINLEN;
return (strlen($uid) <= $TBDB_UIDLEN) && return (strlen($uid) <= $TBDB_UIDLEN) && (strlen($uid) >= $TBDB_MINLEN) &&
preg_match("/^[a-zA-Z][-\w]+$/", $uid); preg_match("/^[a-zA-Z][-\w]+$/", $uid);
} }
function TBvalid_pid($pid) { function TBvalid_pid($pid) {
global $TBDB_PIDLEN; global $TBDB_PIDLEN, $TBDB_MINLEN;
return (strlen($pid) <= $TBDB_PIDLEN) && return (strlen($pid) <= $TBDB_PIDLEN) && (strlen($pid) >= $TBDB_MINLEN) &&
preg_match("/^[a-zA-Z][-\w]+$/", $pid); preg_match("/^[a-zA-Z][-\w]+$/", $pid);
} }
function TBvalid_gid($gid) { function TBvalid_gid($gid) {
global $TBDB_GIDLEN; global $TBDB_GIDLEN, $TBDB_MINLEN;
return (strlen($gid) <= $TBDB_GIDLEN) && return (strlen($gid) <= $TBDB_GIDLEN) && (strlen($gid) >= $TBDB_MINLEN) &&
preg_match("/^[a-zA-Z][-\w]+$/", $gid); preg_match("/^[a-zA-Z][-\w]+$/", $gid);
} }
function TBvalid_phone($phone) { function TBvalid_phone($phone) {
...@@ -164,6 +166,24 @@ function TBvalid_usrname($name) { ...@@ -164,6 +166,24 @@ function TBvalid_usrname($name) {
return (strlen($name) <= $TBDB_USRNAMELEN) && return (strlen($name) <= $TBDB_USRNAMELEN) &&
preg_match("/^[-\w\. ]+$/", $name); preg_match("/^[-\w\. ]+$/", $name);
} }
function TBvalid_email($email)
{
global $TBDB_EMAILLEN, $TBDB_MINLEN;
if (strlen($email) < $TBDB_MINLEN || strlen($email) > $TBDB_EMAILLEN)
return 0;
$parts = preg_split("/\@/", $email);
if (!isset($parts[0]) ||
!isset($parts[1]) ||
count($parts) != 2 ||
!preg_match("/^[-\w\+\.]+$/", $parts[0]) ||
!preg_match("/^[-\w\.]+$/", $parts[1]))
return 0;
return 1;
}
# #
# Convert a trust string to the above numeric values. # Convert a trust string to the above numeric values.
......
...@@ -332,25 +332,6 @@ function CHECKPASSWORD($uid, $password, $name, $email, &$error) ...@@ -332,25 +332,6 @@ function CHECKPASSWORD($uid, $password, $name, $email, &$error)
"$TBCHKPASS_PATH $password $uid '$name:$email'", 1); "$TBCHKPASS_PATH $password $uid '$name:$email'", 1);
} }
#
# Check an email address to make sure its a valid string.
#
function CHECKEMAIL($email)
{
if ($email == "")
return 0;
$parts = preg_split("/\@/", $email);
if (!isset($parts[0]) || !isset($parts[1]) || count($parts) != 2)
return 0;
if (! preg_match("/^[-\w\+\.]+$/", $parts[0]) ||
! preg_match("/^[-\w\.]+$/", $parts[1]))
return 0;
return 1;
}
function LASTNODELOGIN($node) function LASTNODELOGIN($node)
{ {
} }
......
...@@ -444,7 +444,7 @@ if (! $returning) { ...@@ -444,7 +444,7 @@ if (! $returning) {
strcmp($formfields[usr_email], "") == 0) { strcmp($formfields[usr_email], "") == 0) {
$errors["Email Address"] = "Missing Field"; $errors["Email Address"] = "Missing Field";
} }
elseif (! CHECKEMAIL($formfields[usr_email])) { elseif (! TBvalid_email($formfields[usr_email])) {
$errors["Email Address"] = "Looks invalid!"; $errors["Email Address"] = "Looks invalid!";
} }
if (isset($formfields[usr_URL]) && if (isset($formfields[usr_URL]) &&
......
...@@ -103,7 +103,7 @@ function SPITFORM($uid, $key, $referrer, $failed, $adminmode, $simple, $view) ...@@ -103,7 +103,7 @@ function SPITFORM($uid, $key, $referrer, $failed, $adminmode, $simple, $view)
<td>Username:</td> <td>Username:</td>
<td><input type=text <td><input type=text
value=\"$uid\" value=\"$uid\"
name=uid size=$TBDB_UIDLEN></td> name=uid size=20></td>
</tr> </tr>
<tr> <tr>
<td>Password:</td> <td>Password:</td>
......
...@@ -432,7 +432,7 @@ if (!isset($formfields[usr_email]) || ...@@ -432,7 +432,7 @@ if (!isset($formfields[usr_email]) ||
strcmp($formfields[usr_email], "") == 0) { strcmp($formfields[usr_email], "") == 0) {
$errors["Email Address"] = "Missing Field"; $errors["Email Address"] = "Missing Field";
} }
elseif (! CHECKEMAIL($formfields[usr_email])) { elseif (! TBvalid_email($formfields[usr_email])) {
$errors["Email Address"] = "Looks invalid!"; $errors["Email Address"] = "Looks invalid!";
} }
if (isset($formfields[usr_URL]) && if (isset($formfields[usr_URL]) &&
......
...@@ -599,7 +599,7 @@ if (! $returning) { ...@@ -599,7 +599,7 @@ if (! $returning) {
strcmp($formfields[usr_email], "") == 0) { strcmp($formfields[usr_email], "") == 0) {
$errors["Email Address"] = "Missing Field"; $errors["Email Address"] = "Missing Field";
} }
elseif (! CHECKEMAIL($formfields[usr_email])) { elseif (! TBvalid_email($formfields[usr_email])) {
$errors["Email Address"] = "Looks invalid!"; $errors["Email Address"] = "Looks invalid!";
} }
if (isset($formfields[usr_URL]) && if (isset($formfields[usr_URL]) &&
......
...@@ -442,13 +442,14 @@ function ISPLABUSER() { ...@@ -442,13 +442,14 @@ function ISPLABUSER() {
# #
# Attempt a login. # Attempt a login.
# #
function DOLOGIN($uid, $password, $adminmode = 0) { function DOLOGIN($token, $password, $adminmode = 0) {
global $TBAUTHCOOKIE, $TBAUTHDOMAIN, $TBAUTHTIMEOUT; global $TBAUTHCOOKIE, $TBAUTHDOMAIN, $TBAUTHTIMEOUT;
global $TBNAMECOOKIE, $TBLOGINCOOKIE, $TBSECURECOOKIES; global $TBNAMECOOKIE, $TBLOGINCOOKIE, $TBSECURECOOKIES;
global $TBMAIL_OPS, $TBMAIL_AUDIT, $TBMAIL_WWW; global $TBMAIL_OPS, $TBMAIL_AUDIT, $TBMAIL_WWW;
# Caller makes these checks too. # Caller makes these checks too.
if (!TBvalid_uid($uid) || !isset($password) || $password == "") { if ((!TBvalid_uid($token) && !TBvalid_email($token)) ||
!isset($password) || $password == "") {
return -1; return -1;
} }
$now = time(); $now = time();
...@@ -479,16 +480,20 @@ function DOLOGIN($uid, $password, $adminmode = 0) { ...@@ -479,16 +480,20 @@ function DOLOGIN($uid, $password, $adminmode = 0) {
} }
$user_result = $user_result =
DBQueryFatal("select usr_pswd,admin,weblogin_frozen,". DBQueryFatal("select uid,usr_pswd,admin,weblogin_frozen,".
" weblogin_failcount,weblogin_failstamp, ". " weblogin_failcount,weblogin_failstamp, ".
" usr_email,usr_name ". " usr_email,usr_name ".
"from users where uid='$uid'"); "from users where ".
(TBvalid_email($token) ?
"usr_email='$token'" :
"uid='$token'"));
# #
# Check password in the database against provided. # Check password in the database against provided.
# #
do { do {
if ($row = mysql_fetch_array($user_result)) { if ($row = mysql_fetch_array($user_result)) {
$uid = $row['uid'];
$db_encoding = $row['usr_pswd']; $db_encoding = $row['usr_pswd'];
$isadmin = $row['admin']; $isadmin = $row['admin'];
$frozen = $row['weblogin_frozen']; $frozen = $row['weblogin_frozen'];
...@@ -655,7 +660,7 @@ function DOLOGIN($uid, $password, $adminmode = 0) { ...@@ -655,7 +660,7 @@ function DOLOGIN($uid, $password, $adminmode = 0) {
TBMAIL($TBMAIL_OPS, TBMAIL($TBMAIL_OPS,
"Web Login Freeze: '$IP'", "Web Login Freeze: '$IP'",
"Logins has been frozen because there were too many login\n". "Logins has been frozen because there were too many login\n".
"failures from $IP. Last attempted uid was '$uid'.\n\n", "failures from $IP. Last attempted uid was '$token'.\n\n",
"From: $TBMAIL_OPS\n". "From: $TBMAIL_OPS\n".
"Bcc: $TBMAIL_AUDIT\n". "Bcc: $TBMAIL_AUDIT\n".
"Errors-To: $TBMAIL_WWW"); "Errors-To: $TBMAIL_WWW");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment