Commit 48acc8e3 authored by Leigh B. Stoller's avatar Leigh B. Stoller
Browse files

* Replace the argument processing code in all pages. Currently we rely on

  register_globals=1 to turn POST/GET/COOKIES arguments in local variables.
  This is known to be a terrible security risk, and we keep saying we are
  going to fix it, and now I am. In order to accomplish this on a
  transitional basis (since I don't want the entire web interface to stop
  working while I debug it), and because the code just needs the cleanup, I
  am doing it like this: Each page will sport new declarations at the top:

	RequiredPageArguments("experiment", PAGEARG_EXPERIMENT,
                              "template",   PAGEARG_TEMPLATE,
                              "instance",   PAGEARG_INSTANCE,
                              "metadata",   PAGEARG_METADATA,
                              "osinfo",     PAGEARG_OSINFO,
                              "image",      PAGEARG_IMAGE,
                              "project",    PAGEARG_PROJECT,
                              "group",      PAGEARG_GROUP,
                              "user",       PAGEARG_USER,
			      "node",       PAGEARG_NODE,
			      "yesno",      PAGEARG_BOOLEAN,
			      "message",    PAGEARG_STRING,
			      "age",        PAGEARG_INTEGER,
                              "cost",       PAGEARG_NUMERIC,
                              "formfields", PAGEARG_ARRAY,
                              "unknown",    PAGEARG_ANYTHING);

	OptionalPageArguments("canceled", PAGEARG_BOOLEAN);

  The first token in each pair is the name of the global variable to
  set, and the second token is the type. So, for "experiment" we look at
  the URL for a pid/eid or exptidx, etc, sanity check them (safe for a
  DB query), and then try to find that experiment in the DB. If it maps
  to an experiment, set global variable $experiment to the object. Since
  its a required argument, produce an error if not supplied. Similar
  treatment for optional arguments, with the obvious difference.

  The goal is to have ALL argument processing in one place, consistent,
  and correct. I've found numerous places where we leak unchecked
  arguments into queries. It also cuts out a lot of duplicated code.

* To make the above easier to deal with, I've been replacing lots of
  hardcoded URLS in the code of the form:

	foo.php3?pid=$pid&eid=$eid ...

  with

        CreateURL("foo", $experiment)

  which creates and returns the neccessary url string, by looking at
  the type of its arguments (experiment, template, instance, etc.)

  Eventually plan to replace them all so that URL handling throughout
  the code is all defined in one place (all the new URL code is in
  url_defs.php).

* I have cranked up error reporting to tell me anytime a variable is
  used before it is initialized, plus a bunch of other stuff that PHP
  deems improper. Think of it like -Wall ... and boy we get a lot of
  warnings.  A very large percentage of the diffs are to fix all these
  warnings.

  The warnings are currently going to /usr/testbed/log/php-errors.log,
  and I'll be adding a script to capture them each night and mail them
  to tbops. This file also gets errors (this will be a change for
  developers; rather then seeing errors and warnings dumped in the
  middle of web pages, they will go to this file instead).

* Major refactoring of the code. More objects (nodes, images, osids).
  Moving tons of queries into the objects in the hopes of someday
  getting to a point where we can split the web interface onto a
  different server.  Lots of general cleanup.
parent 62d25f4f
...@@ -17,6 +17,14 @@ PAGEHEADER("New Project Approved"); ...@@ -17,6 +17,14 @@ PAGEHEADER("New Project Approved");
$this_user = CheckLoginOrDie(); $this_user = CheckLoginOrDie();
$uid = $this_user->uid(); $uid = $this_user->uid();
# Verify page arguments.
$reqargs = RequiredPageArguments("project", PAGEARG_PROJECT,
"approval", PAGEARG_STRING);
$optargs = OptionalPageArguments("head_uid", PAGEARG_STRING,
"user_interface", PAGEARG_STRING,
"message", PAGEARG_STRING,
"silent", PAGEARG_BOOLEAN);
# #
# Of course verify that this uid has admin privs! # Of course verify that this uid has admin privs!
# #
...@@ -30,16 +38,19 @@ if (! $isadmin) { ...@@ -30,16 +38,19 @@ if (! $isadmin) {
# #
$FirstInitState = (TBGetFirstInitState() == "approveproject"); $FirstInitState = (TBGetFirstInitState() == "approveproject");
echo "<center><h1>
Approving Project '$pid' ...
</h1></center>";
# #
# Grab the head_uid for this project. This verifies it is a valid project. # Grab the head_uid for this project. This verifies it is a valid project.
# #
if (! ($this_project = Project::Lookup($pid))) { if (! ($this_project = $project)) {
TBERROR("Unknown project $pid", 1); TBERROR("Unknown project", 1);
} }
# For error messages.
$pid = $this_project->pid();
echo "<center><h2>
Approving Project '$pid' ...
</h2></center>";
if (! ($leader = $this_project->GetLeader())) { if (! ($leader = $this_project->GetLeader())) {
TBERROR("Error getting leader for $pid", 1); TBERROR("Error getting leader for $pid", 1);
} }
...@@ -131,7 +142,7 @@ elseif ((strcmp($approval, "deny") == 0) || ...@@ -131,7 +142,7 @@ elseif ((strcmp($approval, "deny") == 0) ||
SUEXEC($uid, $TBADMINGROUP, "webrmproj $pid", 1); SUEXEC($uid, $TBADMINGROUP, "webrmproj $pid", 1);
$sendemail = 1; $sendemail = 1;
if (isset($silent) && $silent == "Yep") { if (isset($silent) && $silent) {
$sendemail = 0; $sendemail = 0;
} }
......
<?php <?php
# #
# EMULAB-COPYRIGHT # EMULAB-COPYRIGHT
# Copyright (c) 2000-2003, 2005, 2006, 2007 University of Utah and the Flux Group. # Copyright (c) 2000-2007 University of Utah and the Flux Group.
# All rights reserved. # All rights reserved.
# #
include("defs.php3"); include("defs.php3");
include("showstuff.php3");
# #
# Standard Testbed Header # Standard Testbed Header
...@@ -27,19 +26,18 @@ if (! $isadmin) { ...@@ -27,19 +26,18 @@ if (! $isadmin) {
} }
# #
# Verify arguments. # Verify page arguments.
# #
if (!isset($pid) || $reqargs = RequiredPageArguments("project", PAGEARG_PROJECT);
strcmp($pid, "") == 0) {
USERERROR("You must provide a project ID.", 1);
}
# #
# Check to make sure thats this is a valid PID. # Check to make sure thats this is a valid PID.
# #
if (! ($this_project = Project::Lookup($pid))) { if (! ($this_project = $reqargs["project"])) {
USERERROR("Unknown project $pid", 1); USERERROR("Unknown project", 1);
} }
$pid = $this_project->pid();
$projleader = $this_project->GetLeader();
echo "<center><h3>You have the following choices:</h3></center> echo "<center><h3>You have the following choices:</h3></center>
<table class=stealth align=center border=0> <table class=stealth align=center border=0>
...@@ -86,7 +84,7 @@ echo "<center> ...@@ -86,7 +84,7 @@ echo "<center>
</center> </center>
<table align=center border=0>\n"; <table align=center border=0>\n";
SHOWUSER($projleader->uid()); $projleader->Show();
# #
# Check to make sure that the head user is 'unapproved' or 'active' # Check to make sure that the head user is 'unapproved' or 'active'
...@@ -106,7 +104,8 @@ echo "<center> ...@@ -106,7 +104,8 @@ echo "<center>
<h3>What would you like to do?</h3> <h3>What would you like to do?</h3>
</center> </center>
<table align=center border=1> <table align=center border=1>
<form action='approveproject.php3?pid=$pid' method='post'>\n"; <form action='" . CreateURL("approveproject", $project) .
"' method='post'>\n";
echo "<tr> echo "<tr>
<td align=center> <td align=center>
...@@ -177,13 +176,9 @@ echo " </select> ...@@ -177,13 +176,9 @@ echo " </select>
# Temporary Plab hack. # Temporary Plab hack.
# See if remote nodes requested and put up checkboxes to allow override. # See if remote nodes requested and put up checkboxes to allow override.
# #
$query_result =
DBQueryFatal("select num_pcplab,num_ron from projects where pid='$pid'");
$row = mysql_fetch_array($query_result);
# These are now booleans, not actual counts. # These are now booleans, not actual counts.
$num_pcplab = $row[num_pcplab]; $num_pcplab = $this_project->num_pcplab();
$num_ron = $row[num_ron]; $num_ron = $this_project->num_ron();
if ($num_ron || $num_pcplab) { if ($num_ron || $num_pcplab) {
echo "<tr> echo "<tr>
......
<?php <?php
# #
# EMULAB-COPYRIGHT # EMULAB-COPYRIGHT
# Copyright (c) 2000-2004, 2006 University of Utah and the Flux Group. # Copyright (c) 2000-2007 University of Utah and the Flux Group.
# All rights reserved. # All rights reserved.
# #
include("defs.php3"); include("defs.php3");
...@@ -16,15 +16,20 @@ PAGEHEADER("New Project Approval List"); ...@@ -16,15 +16,20 @@ PAGEHEADER("New Project Approval List");
# #
$this_user = CheckLoginOrDie(); $this_user = CheckLoginOrDie();
$uid = $this_user->uid(); $uid = $this_user->uid();
$isadmin = ISADMIN();
# #
# Of course verify that this uid has admin privs! # Of course verify that this uid has admin privs!
# #
$isadmin = ISADMIN();
if (! $isadmin) { if (! $isadmin) {
USERERROR("You do not have admin privileges to approve projects!", 1); USERERROR("You do not have admin privileges to approve projects!", 1);
} }
#
# The reason for this call is to make sure that globals are set properly.
#
$reqargs = RequiredPageArguments();
# #
# Look in the projects table to see which projects have not been approved. # Look in the projects table to see which projects have not been approved.
# Present a menu of options to either approve or deny the projects. # Present a menu of options to either approve or deny the projects.
...@@ -32,12 +37,9 @@ if (! $isadmin) { ...@@ -32,12 +37,9 @@ if (! $isadmin) {
# implies denying the project leader account, when there is just a single # implies denying the project leader account, when there is just a single
# project pending for that project leader. # project pending for that project leader.
# #
$query_result = DBQueryFatal("SELECT pid_idx, ". $projlist = Project::PendingProjectList();
" DATE_FORMAT(created, '%m/%d/%y') as day_created ".
" from projects ". if (count($projlist) == 0) {
"where approved='0' order by created desc");
if (mysql_num_rows($query_result) == 0) {
USERERROR("There are no projects to approve!", 1); USERERROR("There are no projects to approve!", 1);
} }
...@@ -63,13 +65,10 @@ echo "<tr> ...@@ -63,13 +65,10 @@ echo "<tr>
<th>Phone</th> <th>Phone</th>
</tr>\n"; </tr>\n";
while ($projectrow = mysql_fetch_array($query_result)) { foreach ($projlist as $project) {
$pid_idx = $projectrow["pid_idx"]; $pid_idx = $project->pid_idx();
$Pcreated = $projectrow["day_created"]; $Pcreated = $project->GetTempData();
if (! ($project = Project::Lookup($pid_idx))) {
TBERROR("Could not lookup project $pid_idx", 1);
}
if (! ($leader = $project->GetLeader())) { if (! ($leader = $project->GetLeader())) {
TBERROR("Could not get leader for project $pid_idx", 1); TBERROR("Could not get leader for project $pid_idx", 1);
} }
......
...@@ -17,8 +17,15 @@ PAGEHEADER("New Users Approved"); ...@@ -17,8 +17,15 @@ PAGEHEADER("New Users Approved");
$this_user = CheckLoginOrDie(); $this_user = CheckLoginOrDie();
$uid = $this_user->uid(); $uid = $this_user->uid();
#
# The reason for this call is to make sure that globals are set properly.
#
$reqargs = RequiredPageArguments();
# Local used below.
$projectchecks = array(); $projectchecks = array();
# Hmm, is this needed?
ignore_user_abort(1); ignore_user_abort(1);
# #
...@@ -26,8 +33,8 @@ ignore_user_abort(1); ...@@ -26,8 +33,8 @@ ignore_user_abort(1);
# See approveuser_form.php3: # See approveuser_form.php3:
# #
# uid menu project/group # uid menu project/group
# name=stoller$$approval-testbed/testbed value=approved,denied,postpone # name=Uxxxx$$approval-testbed/testbed value=approved,denied,postpone
# name=stoller$$trust-testbed/testbed value=user,local_root # name=Uxxxx$$trust-testbed/testbed value=user,local_root
# #
# We make two passes over the post vars. The first does a sanity check so # We make two passes over the post vars. The first does a sanity check so
# that we can bail out without doing anything. This allows the user to # that we can bail out without doing anything. This allows the user to
...@@ -52,7 +59,7 @@ while (list ($header, $value) = each ($HTTP_POST_VARS)) { ...@@ -52,7 +59,7 @@ while (list ($header, $value) = each ($HTTP_POST_VARS)) {
continue; continue;
} }
$user = substr($header, 0, strpos($header, "\$\$", 0)); $user = substr($header, 1, strpos($header, "\$\$", 0) - 1);
$projgrp = substr($approval_string, strlen("\$\$approval-")); $projgrp = substr($approval_string, strlen("\$\$approval-"));
$project = substr($projgrp, 0, strpos($projgrp, "/", 0)); $project = substr($projgrp, 0, strpos($projgrp, "/", 0));
$group = substr($projgrp, strpos($projgrp, "/", 0) + 1); $group = substr($projgrp, strpos($projgrp, "/", 0) + 1);
...@@ -75,8 +82,10 @@ while (list ($header, $value) = each ($HTTP_POST_VARS)) { ...@@ -75,8 +82,10 @@ while (list ($header, $value) = each ($HTTP_POST_VARS)) {
# There should be a corresponding trust variable in the POST vars. # There should be a corresponding trust variable in the POST vars.
# Note that we construct the variable name and indirect to it. # Note that we construct the variable name and indirect to it.
# #
$foo = "$user\$\$trust-$project/$group"; $foo = "U${user}\$\$trust-$project/$group";
$newtrust = $$foo; #echo "$foo<br>\n";
$newtrust = $HTTP_POST_VARS[$foo];
if (!$newtrust || strcmp($newtrust, "") == 0) { if (!$newtrust || strcmp($newtrust, "") == 0) {
TBERROR("Parse error finding trust in approveuser.php3", 1); TBERROR("Parse error finding trust in approveuser.php3", 1);
} }
...@@ -95,6 +104,7 @@ while (list ($header, $value) = each ($HTTP_POST_VARS)) { ...@@ -95,6 +104,7 @@ while (list ($header, $value) = each ($HTTP_POST_VARS)) {
if (! ($target_user = User::Lookup($user))) { if (! ($target_user = User::Lookup($user))) {
TBERROR("Trying to approve unknown user $user.", 1); TBERROR("Trying to approve unknown user $user.", 1);
} }
$target_uid = $target_user->uid();
# Ditto the project. # Ditto the project.
if (! ($target_project = Project::Lookup($project))) { if (! ($target_project = Project::Lookup($project))) {
...@@ -129,7 +139,7 @@ while (list ($header, $value) = each ($HTTP_POST_VARS)) { ...@@ -129,7 +139,7 @@ while (list ($header, $value) = each ($HTTP_POST_VARS)) {
# #
$target_group->IsMember($target_user, $isapproved); $target_group->IsMember($target_user, $isapproved);
if ($isapproved) { if ($isapproved) {
USERERROR("$user is already an approved member of ". USERERROR("$target_uid is already an approved member of ".
"$project/$group!", 1); "$project/$group!", 1);
} }
...@@ -170,9 +180,10 @@ while (list ($header, $value) = each ($HTTP_POST_VARS)) { ...@@ -170,9 +180,10 @@ while (list ($header, $value) = each ($HTTP_POST_VARS)) {
if (!$subgroup_approval || if (!$subgroup_approval ||
(strcmp($subgroup_approval, "deny") && (strcmp($subgroup_approval, "deny") &&
strcmp($subgroup_approval, "nuke"))) { strcmp($subgroup_approval, "nuke"))) {
USERERROR("If you wish to deny/nuke user $user in project ". USERERROR("If you wish to deny/nuke user $target_uid in ".
"$project then you must deny/nuke in all of the ". "project $project then you must deny/nuke in all ".
"subgroups $user is attempting to join.", 1); "of the subgroups $target_uid is attempting to ".
"join.", 1);
} }
} }
} }
...@@ -198,9 +209,9 @@ while (list ($header, $value) = each ($HTTP_POST_VARS)) { ...@@ -198,9 +209,9 @@ while (list ($header, $value) = each ($HTTP_POST_VARS)) {
# #
# Create and indirect through post var for project approval value. # Create and indirect through post var for project approval value.
# #
$foo = "$user\$\$approval-$project/$project"; $foo = "U${user}\$\$approval-$project/$project";
$bar = "$user\$\$trust-$project/$project"; $bar = "U${user}\$\$trust-$project/$project";
$default_approval = $$foo; $default_approval = $HTTP_POST_VARS[$foo];
if (!$default_approval || strcmp($default_approval, "") == 0) { if (!$default_approval || strcmp($default_approval, "") == 0) {
# Implicit group approval as user. # Implicit group approval as user.
...@@ -222,7 +233,7 @@ while (list ($header, $value) = each ($HTTP_POST_VARS)) { ...@@ -222,7 +233,7 @@ while (list ($header, $value) = each ($HTTP_POST_VARS)) {
} }
if (strcmp($approval, "approve") == 0 && if (strcmp($approval, "approve") == 0 &&
strcmp($default_approval, "approve")) { strcmp($default_approval, "approve")) {
USERERROR("You cannot approve $user in $project/$group without ". USERERROR("You cannot approve $target_uid in $project/$group without ".
"approval in the default group ($project/$project)!", 1); "approval in the default group ($project/$project)!", 1);
} }
} }
...@@ -251,6 +262,7 @@ while (list ($user, $value) = each ($projectchecks)) { ...@@ -251,6 +262,7 @@ while (list ($user, $value) = each ($projectchecks)) {
if (! ($target_user = User::Lookup($user))) { if (! ($target_user = User::Lookup($user))) {
TBERROR("Could not find user object for $user", 1); TBERROR("Could not find user object for $user", 1);
} }
$target_uid = $target_user->uid();
# #
# This looks for different trust levels in different subgroups # This looks for different trust levels in different subgroups
...@@ -260,8 +272,8 @@ while (list ($user, $value) = each ($projectchecks)) { ...@@ -260,8 +272,8 @@ while (list ($user, $value) = each ($projectchecks)) {
if (strcmp($pid, $gid)) { if (strcmp($pid, $gid)) {
if (isset($grouptrust[$pid]) && if (isset($grouptrust[$pid]) &&
strcmp($grouptrust[$pid], $trust)) { strcmp($grouptrust[$pid], $trust)) {
USERERROR("User $user may not have different trust levels in ". USERERROR("User $target_uid may not have different trust ".
"different subgroups of $pid!", 1); "levels in different subgroups of $pid!", 1);
} }
$grouptrust[$pid] = $trust; $grouptrust[$pid] = $trust;
} }
...@@ -293,7 +305,7 @@ while (list ($header, $value) = each ($POST_VARS_COPY)) { ...@@ -293,7 +305,7 @@ while (list ($header, $value) = each ($POST_VARS_COPY)) {
continue; continue;
} }
$user = substr($header, 0, strpos($header, "\$\$", 0)); $user = substr($header, 1, strpos($header, "\$\$", 0) - 1);
$projgrp = substr($approval_string, strlen("\$\$approval-")); $projgrp = substr($approval_string, strlen("\$\$approval-"));
$project = substr($projgrp, 0, strpos($projgrp, "/", 0)); $project = substr($projgrp, 0, strpos($projgrp, "/", 0));
$group = substr($projgrp, strpos($projgrp, "/", 0) + 1); $group = substr($projgrp, strpos($projgrp, "/", 0) + 1);
...@@ -302,8 +314,8 @@ while (list ($header, $value) = each ($POST_VARS_COPY)) { ...@@ -302,8 +314,8 @@ while (list ($header, $value) = each ($POST_VARS_COPY)) {
# #
# Corresponding trust value. # Corresponding trust value.
# #
$foo = "$user\$\$trust-$project/$group"; $foo = "U${user}\$\$trust-$project/$group";
$newtrust = $$foo; $newtrust = $HTTP_POST_VARS[$foo];
# #
# Get the current status for the user, which we might need to change. # Get the current status for the user, which we might need to change.
...@@ -319,6 +331,7 @@ while (list ($header, $value) = each ($POST_VARS_COPY)) { ...@@ -319,6 +331,7 @@ while (list ($header, $value) = each ($POST_VARS_COPY)) {
$curstatus = $target_user->status(); $curstatus = $target_user->status();
$user_email = $target_user->email(); $user_email = $target_user->email();
$user_name = $target_user->name(); $user_name = $target_user->name();
$user_uid = $target_user->uid();
#echo "Status = $curstatus, Email = $user_email<br>\n"; #echo "Status = $curstatus, Email = $user_email<br>\n";
# Ditto the project and group # Ditto the project and group
...@@ -346,7 +359,7 @@ while (list ($header, $value) = each ($POST_VARS_COPY)) { ...@@ -346,7 +359,7 @@ while (list ($header, $value) = each ($POST_VARS_COPY)) {
# #
if (strcmp($approval, "postpone") == 0) { if (strcmp($approval, "postpone") == 0) {
echo "<p> echo "<p>
Membership status for user $user in $project/$group was Membership status for user $user_uid in $project/$group was
<b>postponed</b> for later decision.\n"; <b>postponed</b> for later decision.\n";
continue; continue;
} }
...@@ -357,7 +370,7 @@ while (list ($header, $value) = each ($POST_VARS_COPY)) { ...@@ -357,7 +370,7 @@ while (list ($header, $value) = each ($POST_VARS_COPY)) {
# #
$target_group->DeleteMember($target_user); $target_group->DeleteMember($target_user);
TBMAIL("$user_name '$user' <$user_email>", TBMAIL("$user_name '$user_uid' <$user_email>",
"Membership Denied in '$project/$group'", "Membership Denied in '$project/$group'",
"\n". "\n".
"This message is to notify you that you have been denied\n". "This message is to notify you that you have been denied\n".
...@@ -371,7 +384,7 @@ while (list ($header, $value) = each ($POST_VARS_COPY)) { ...@@ -371,7 +384,7 @@ while (list ($header, $value) = each ($POST_VARS_COPY)) {
"Errors-To: $TBMAIL_WWW"); "Errors-To: $TBMAIL_WWW");
echo "<p> echo "<p>
User $user was <b>denied</b> membership in $project/$group. User $user_uid was <b>denied</b> membership in $project/$group.
<br> <br>
The user will need to reapply again if this was in error.\n"; The user will need to reapply again if this was in error.\n";
...@@ -394,7 +407,8 @@ while (list ($header, $value) = each ($POST_VARS_COPY)) { ...@@ -394,7 +407,8 @@ while (list ($header, $value) = each ($POST_VARS_COPY)) {
# #
if (count($project_list)) { if (count($project_list)) {
echo "<p> echo "<p>
User $user was <b>denied</b> membership in $project/$group. User $user_uid was <b>denied</b> membership in
$project/$group.
<br> <br>
Since the user is a member (or requesting membership) Since the user is a member (or requesting membership)
in other projects, the account cannot be safely removed.\n"; in other projects, the account cannot be safely removed.\n";
...@@ -411,17 +425,18 @@ while (list ($header, $value) = each ($POST_VARS_COPY)) { ...@@ -411,17 +425,18 @@ while (list ($header, $value) = each ($POST_VARS_COPY)) {
if (strcmp($curstatus, "newuser") && if (strcmp($curstatus, "newuser") &&
strcmp($curstatus, "unapproved")) { strcmp($curstatus, "unapproved")) {
echo "<p> echo "<p>
User $user was <b>denied</b> membership in $project/$group. User $user_uid was <b>denied</b> membership in
$project/$group.
<br> <br>
Since the user has been approved by, or was active in other Since the user has been approved by, or was active in other
projects in the past, the account cannot be safely removed. projects in the past, the account cannot be safely removed.
\n"; \n";
continue; continue;
} }
SUEXEC($uid, $TBADMINGROUP, "webrmuser -n -p $project $user", 1); SUEXEC($uid, $TBADMINGROUP, "webrmuser -n -p $project $user_uid", 1);
echo "<p> echo "<p>
User $user was <b>denied</b> membership in $project/$group. User $user_uid was <b>denied</b> membership in $project/$group.
<br> <br>
The account has also been <b>terminated</b>!\n"; The account has also been <b>terminated</b>!\n";
...@@ -449,17 +464,17 @@ while (list ($header, $value) = each ($POST_VARS_COPY)) { ...@@ -449,17 +464,17 @@ while (list ($header, $value) = each ($POST_VARS_COPY)) {
# #
# Create user account on control node. # Create user account on control node.
# #
SUEXEC($uid, $TBADMINGROUP, "webtbacct add $user", 1); SUEXEC($uid, $TBADMINGROUP, "webtbacct add $user_uid", 1);
} }
# #
# Only need to add new membership. # Only need to add new membership.
# #
SUEXEC($uid, $TBADMINGROUP, SUEXEC($uid, $TBADMINGROUP,
"webmodgroups -a $project:$group:$newtrust $user", 1); "webmodgroups -a $project:$group:$newtrust $user_uid", 1);
echo "<p> echo "<p>
User $user was <b>granted</b> membership in $project/$group User $user_uid was <b>granted</b> membership in
with $newtrust permissions.\n"; $project/$group with $newtrust permissions.\n";
continue; continue;
} }
......
<?php <?php
# #
# EMULAB-COPYRIGHT # EMULAB-COPYRIGHT
# Copyright (c) 2000-2003, 2006 University of Utah and the Flux Group. # Copyright (c) 2000-2003, 2006, 2007 University of Utah and the Flux Group.
# All rights reserved. # All rights reserved.
# #
include("defs.php3"); include("defs.php3");
...@@ -18,6 +18,11 @@ $this_user = CheckLoginOrDie(); ...@@ -18,6 +18,11 @@ $this_user = CheckLoginOrDie();
$auth_usr = $this_user->uid(); $auth_usr = $this_user->uid();
$auth_usridx = $this_user->uid_idx(); $auth_usridx = $this_user->uid_idx();
#
# The reason for this call is to make sure that globals are set properly.
#
$reqargs = RequiredPageArguments();
# #
# Find all of the groups that this person has project/group root in, and # Find all of the groups that this person has project/group root in, and
# then in all of those groups, all of the people who are awaiting to be # then in all of those groups, all of the people who are awaiting to be
...@@ -167,7 +172,7 @@ while (list ($uid_idx, $grouplist) = each ($approvelist)) { ...@@ -167,7 +172,7 @@ while (list ($uid_idx, $grouplist) = each ($approvelist)) {
<td rowspan=2>$gid</td> <td rowspan=2>$gid</td>
<td rowspan=2>$date_applied