Commit 5cf1ef67 authored by Mac Newbold's avatar Mac Newbold
Browse files

No longer needed. Also in Old/ for reference.

parent 91f7493f
<?php
if (!isset($PHP_AUTH_USER)) {
Header("WWW-Authenticate: Basic realm=\"testbed\"");
Header("HTTP/1.0 401 Unauthorized");
echo "User authenication is required to view these pages\n";
exit;
} else {
addslashes($PHP_AUTH_USER);
$PSWD = crypt("$PHP_AUTH_PW", strlen($PHP_AUTH_USER));
$query = "SELECT * FROM users WHERE uid=\"$PHP_AUTH_USER\" AND usr_pswd=\"$PSWD\"";
$result = mysql_db_query("tbdb", $query);
$numusers = mysql_num_rows($result);
$query2 = "SELECT timeout FROM login WHERE uid=\"$PHP_AUTH_USER\"";
$result2 = mysql_db_query("tbdb", $query2);
$n = mysql_num_rows($result2);
$row = mysql_fetch_row($result2);
if (($n == 0) || ($numusers == 0) || ($row[0] < time())) {
$cmnd = "DELETE FROM login WHERE uid=\"$PHP_AUTH_USER\"";
mysql_db_query("tbdb", $cmnd);
Header("WWW-Authenticate: Basic realm=\"testbed\"");
Header("HTTP/1.0 401 Unauthorized");
die ("Authorization Failed\n");
}
$timeout = time() + 1800;
$cmnd = "UPDATE login SET timeout=\"$timeout\" where uid=\"$PHP_AUTH_USER\"";
mysql_db_query("tbdb", $cmnd);
}
?>
<html>
<head>
<title>New Experiment</title>
<link rel="stylesheet" href="tbstyle.css" type="text/css">
</head>
<body>
<H1>Begin an experiment on the testbed</h1>
<table border="1" align="center">
<tr><td colspan="2">Only those fields in bold, red type are required.</td></tr>
<form action=added.php3 method="post">
<tr><th>Experiment Name:</th><td><input type="text" name="eid"></td></tr>
<?php
addslashes($PHP_AUTH_USER);
$query = "SELECT pid FROM proj_memb WHERE uid=\"$PHP_AUTH_USER\"";
$result = mysql_db_query("tbdb", $query);
$n = mysql_num_rows($result);
if ($n == 1) {
echo "<tr><th>Project ID:</th>";
$row = mysql_fetch_row($result);
echo "<td><input type=\"readonly\" value=\"$row[0]\" name=\"proj\"></td></tr>\n";
} elseif ($n > 1) {
echo "<tr><th>Project ID:</th><td><select name=\"proj\">\n";
while ($row = mysql_fetch_row($result)) {
echo "<option value=\"$row[0]\">$row[0]</option>\n";
}
echo "</select></td></tr>\n";
} else {
echo "<tr><th colspan=\"2\">You must be part of a project if you wan to run an experiment</th></tr>";
}
$utime = time();
$year = date("Y", $utime);
$month = date("m", $utime);
$thismonth = $month++;
if ($month > 12) {
$month -= 12;
$month = "0".$month;
}
$rest = date("d H:i:s", $utime);
echo "<tr><th>Expiration date:</th><td><input type=\"text\" value=\"$year:$month:$rest\" name=\"expt_expires\"></td></tr>
<tr><td>Experiment long name:</td><td><input type=\"text\" name=\"expt_name\"></td></tr>
<tr><td>Experiment starts:</td><td><input type=\"text\" value=\"$year:$thismonth:$rest\" name=\"expt_start\"></td></tr>
<tr><td>Experiment ends:</td><td><input type=\"text\" value=\"$year:$month:$rest\" name=\"expt_end\"></td></tr>
<tr><th colspan=\"2\"><input type=\"submit\" value=\"Submit\"></th></tr>\n";
?>
</form>
</table>
</body>
</html>
\ No newline at end of file
<html>
<head>
<title>New Project</title>
<link rel="stylesheet" href="tbstyle.css" type="text/css">
</head>
<body>
<H1>Create a New Project</h1>
<?php
$auth_usr = "";
if ( ereg("php3\?([[:alnum:]]+)",$REQUEST_URI,$Vals) ) {
$auth_usr=$Vals[1];
addslashes($auth_usr);
$query = "SELECT timeout FROM login WHERE uid=\"$auth_usr\"";
$result = mysql_db_query("tbdb", $query);
$n = mysql_num_rows($result);
if ($n == 0) {
echo "<h3>You are not logged in. Please go back to the ";
echo "<a href=\"tbdb.html\" target=\"_top\"> Home Page </a> ";
echo "and log in first.</h3></body></html>";
exit;
} else {
$row = mysql_fetch_row($result);
if ($row[0] < time()) { # if their login expired
echo "<h3>You have been logged out due to inactivity.
Please log in again.</h3>\n</body></html>";
$cmnd = "DELETE FROM login WHERE uid=\"$auth_usr\"";
mysql_db_query("tbdb", $cmnd);
exit;
} else {
$timeout = time() + 86400;
$cmnd = "UPDATE login SET timeout=\"$timeout\" where uid=\"$auth_usr\"";
mysql_db_query("tbdb", $cmnd);
}
}
} else {
unset($auth_usr);
}
?>
<?php
addslashes($PHP_AUTH_USER);
$utime = time();
$year = date("Y", $utime);
$month = date("m", $utime);
$month += 6;
if ($month > 12) {
$month -= 12;
$month = "0".$month;
}
$rest = date("d H:i:s", $utime);
echo "<table border=\"1\" align=\"center\">
<form action=added.php3 method=\"post\">
<tr><td colspan=\"2\">Only fields in bold red are required</td></tr>
<tr><th>Project Name:</th><td><input type=\"text\" name=\"pid\"></td></tr>
<tr><th>Group association:</th>\n";
$query = "SELECT gid FROM grp_memb WHERE uid=\"$PHP_AUTH_USER\"";
$result = mysql_db_query("tbdb", $query);
$n = mysql_num_rows($result);
if ($n > 1) {
echo "<td><select name=\"grp_assoc\">\n";
while ($row = mysql_fetch_row($result)) {
echo "<option value=\"$row[0]\">$row[0]</option>\n";
}
echo "</select></td></tr>\n";
} else {
$row = mysql_fetch_row($result);
echo "<td><input type=\"readonly\" value=\"$row[0]\" name=\"grp_assoc\"></td></tr>\n";
}
echo "<tr><th>Expiration date:</th><td><input type=\"text\" value=\"$year:$month:$rest\" name=\"proj_expires\"></td></tr>\n";
?>
<tr><td>Project Long Name:</td><td><input type="text" name="proj_name"></td></tr>
<tr><td>Project Members:</td><td><textarea cols="20" rows="2" name="proj_memb"></textarea></td>
<tr><th colspan="2"><input type="submit" value="Submit"></th></tr>
</form>
</table>
</body>
</html>
<?php
if (!isset($PHP_AUTH_USER) || !empty($HTTP_GET_VARS)) {
Header("WWW-Authenticate: Basic realm=\"testbed\"");
Header("HTTP/1.0 401 Unauthorized");
echo ("User authentication is required to view these pages\n");
} else {
addslashes($PHP_AUTH_USER);
$PSWD = crypt("$PHP_AUTH_PW", strlen($PHP_AUTH_USER));
$query = "SELECT trust_level FROM users WHERE uid='$PHP_AUTH_USER' AND usr_pswd='$PSWD' AND trust_level > 0";
$result = mysql_db_query("tbdb", $query);
$valid = mysql_num_rows($result);
$tlrow = mysql_fetch_row($result);
$trust = $tlrow[0];
$query2 = "SELECT timeout FROM login WHERE uid=\"$PHP_AUTH_USER\"";
$result2 = mysql_db_query("tbdb", $query2);
$n = mysql_num_rows($result2);
$row = mysql_fetch_row($result2);
if (($n == 0) || ($valid == 0) || ($row[0] < time())) {
$cmnd = "DELETE FROM login WHERE uid=\"$PHP_AUTH_USER\"";
mysql_db_query("tbdb", $cmnd);
Header("WWW-Authenticate: Basic realm=\"testbed\"");
Header("HTTP/1.0 401 Unauthorized");
die ("Authorization Failed\n");
}
$timeout = time() + 1800;
$cmnd = "UPDATE login SET timeout=\"$timeout\" where uid=\"$PHP_AUTH_USER\"";
mysql_db_query("tbdb", $cmnd);
}
echo "
<html>
<head>
<title>Modify $uid</title>
<link rel='stylesheet' href='tbstyle.css' type='text/css'>
</head>
<body>
";
if (isset($HTTP_POST_VARS)) {
array_walk($HTTP_POST_VARS, "addslashes");
}
if (isset($update)) { #if the form was submitted with the update button, update the database
echo "<H1>Updating the Database...</h1>\n";
$cmnd = "UPDATE users SET usr_expires=\"$usr_expires\",
usr_name=\"$usr_name\",
usr_email=\"$usr_email\",
usr_addr=\"$usr_addr\",
usr_phones=\"$usr_phones\",
trust_level=\"$trust_level\" WHERE uid=\"$uid\"";
$result = mysql_db_query("tbdb", $cmnd);
$succ = mysql_affected_rows($result);
if ($succ == 0) {
$err = mysql_error();
echo "<H3>Could not query database: $err</h3>\n";
exit;
} elseif (($old_pw != $new_pw) && ($new_pw == $new_pw2)) {
$enc = crypt("$new_pw", strlen($uid));
$pwcom = "UPDATE users SET usr_pswd=\"$enc\" WHERE uid=\"$uid\"";
$pres = mysql_db_query("tbdb", $pwcom);
if (!$pres) {
$err = mysql_error();
die ("<H3>Failed to change password: $err</h3>");
}
}
echo "<H3>$uid UPDATED</h3>";
} elseif (isset($delete)) { #if the form was submitted with the delete button, delete the user
$cmnd = "DELETE FROM users WHERE uid=\"$uid\"";
$result = mysql_db_query("tbdb", $cmnd);
$succ = mysql_affected_rows($result);
if ($succ == 0) {
$err = mysql_error();
die ("<H3 color=red>Could not query database: $err</h3>\n");
}
$cmnd2 = "DELETE FROM grp_memb WHERE uid=\"$uid\"";
mysql_db_query("tbdb", $cmnd2);
$cmnd3 = "DELETE FROM proj_memb WHERE uid=\"$uid\"";
mysql_db_query("tbdb", $cmnd3);
echo "<H3>$uid DELETED</h3>";
} elseif (isset($uid)) { #when coming from usrs.php3, display user info in a form to be altered
echo "<H3>Modify only those entries you wish to change</h3>
<table border = \"1\" summary=\"Modify entries in the table and submit it to change the databse\">
<form action=\"usrmod.php3\" method=\"post\">\n";
$cmnd = "SELECT * FROM users WHERE uid=\"$uid\"";
$result = mysql_db_query("tbdb", $cmnd);
$row = mysql_fetch_array($result);
print "<tr><th>Username</th>
<td><input type=\"text\" name=\"uid\" value=$uid></td></tr>\n";
print "<tr><th>Full Name</th>
<td><input type=\"text\" name=\"usr_name\" value=\"$row[usr_name]\"></td></tr>\n";
print "<tr><th>Email</th>
<td><input type=\"text\" name=\"usr_email\" value=$row[usr_email]></td></tr>\n";
print "<tr><th>Mailing Address</th>
<td><input type=\"text\" name=\"usr_addr\" value=\"$row[usr_addr]\"></td></tr>\n";
print "<tr><th>Phone Number</th>
<td><input type=\"text\" name=\"usr_phones\" value=$row[usr_phones]></td></tr>\n";
print "<tr><th>User Expires</th>
<td><input type=\"text\" name=\"usr_expires\" value=\"$row[usr_expires]\"></td></tr>\n";
if ($trust == 1) {
$type = "readonly";
} else {
$type = "text";
}
print "<tr><th>Trust Level</th>
<td><input type='$type' name=\"trust_level\" value=$row[trust_level]></td></tr>
<tr><th>Old Password</th><td><input type=\"password\" name=\"old_pw\"></td></tr>
<tr><th>New Password</th><td><input type=\"password\" name=\"new_pw\"></td></tr>
<tr><th>Retype New Password</th><td><input type=\"password\" name=\"new_pw2\"></td></tr>
</table>
<p>
<input type=\"submit\" value=\"Update\" name=\"update\">
<input type=\"submit\" value=\"Delete User\" name=\"delete\">
</p>
</form>
<form action=usrmod.php3 method=\"post\">
<input type=\"submit\" value=\"Cancel\">
</form>\n";
} else { #when no variable are passed to the form, ask for some
echo "<H1>Please provide a testbed username</h1>";
}
echo "
</body>
</html>
";
?>
<?php
if (!isset($PHP_AUTH_USER)) {
Header("WWW-Authenticate: Basic realm=\"testbed\"");
Header("HTTP/1.0 401 Unauthorized");
die("User authentication is required to view these pages\n");
} else {
addslashes($PHP_AUTH_USER);
$PSWD = crypt("$PHP_AUTH_PW", strlen($PHP_AUTH_USER));
$query = "SELECT * FROM users WHERE uid=\"$PHP_AUTH_USER\" AND usr_pswd=\"$PSWD\" AND trust_level > 0";
$result = mysql_db_query("tbdb", $query);
$valid = mysql_num_rows($result);
$query2 = "SELECT timeout FROM login WHERE uid=\"$PHP_AUTH_USER\"";
$result2 = mysql_db_query("tbdb", $query2);
$n = mysql_num_rows($result2);
$row = mysql_fetch_row($result2);
if (($n == 0) || ($valid == 0) || ($row[0] < time())) {
$cmnd = "DELETE FROM login WHERE uid=\"$PHP_AUTH_USER\"";
mysql_db_query("tbdb", $cmnd);
Header("WWW-Authenticate: Basic realm=\"testbed\"");
Header("HTTP/1.0 401 Unauthorized");
die ("Authorization Failed\n");
}
$timeout = time() + 1800;
$cmnd = "UPDATE login SET timeout=\"$timeout\" where uid=\"$PHP_AUTH_USER\"";
mysql_db_query("tbdb", $cmnd);
}
echo "
<html>
<head>
<title>Users</title>
</head>
<body>
<form action=\"usrmod.php3\" target=\"modify\" method=\"post\">
<table border=\"1\"><tr><th>Select the user to be modified</th></tr>
<tr><td>\n";
$query = "SELECT gid FROM grp_memb where uid=\"$PHP_AUTH_USER\"";
$response = mysql_db_query("tbdb", $query);
$select = "SELECT";
while ($row = mysql_fetch_row($response)) {
$gid = $row[0];
if ($select == "SELECT") {
$select .= " DISTINCT uid FROM grp_memb WHERE gid='$gid'";
} else {
$select .= " OR gid='$gid'";
}
}
$selected = mysql_db_query("tbdb", $select);
if (!$selected) die("Failure in execution of database query</td></tr></table></body></html>");
$n = mysql_num_rows($selected);
if ($n == 1) {
$uid_row = mysql_fetch_row($selected);
echo "<input type='readonly' value='$uid_row[0]' name='uid'>\n";
} else {
echo "<select name='uid'>\n";
while ($uid_row = mysql_fetch_row($selected)) {
echo "<option value='$uid_row[0]'>$uid_row[0]</option>\n";
}
echo "</select>\n";
}
?>
<input type="submit" value="Okay">
</td></tr>
</table>
</form>
</body>
</html>
<?php
include("defs.php3");
echo "<html>
<head>
<title>Joining a project</title>
<link rel='stylesheet' href='tbstyle.css' type='text/css'>
</head>
<body>";
#
# First off, sanity check the form to make sure all the required fields
# were provided. I do this on a per field basis so that we can be
# informative. Be sure to correlate these checks with any changes made to
# the project form. Note that this sequence of statements results in
# only the last bad field being displayed, but thats okay. The user will
# eventually figure out that fields marked with * mean something!
#
$formerror="No Error";
if (!isset($uid) ||
strcmp($uid, "") == 0) {
$formerror = "UserName";
}
if (!isset($usr_email) ||
strcmp($usr_email, "") == 0) {
$formerror = "Email Address";
}
if (!isset($usr_name) ||
strcmp($usr_name, "") == 0) {
$formerror = "Full Name";
}
if (!isset($grp) ||
strcmp($grp, "") == 0) {
$formerror = "Project";
}
#
# Not sure about the passwd. If the user is already known, then is he
# supposed to plug his passwd in?
#
if ((!isset($pswd) || strcmp($pswd, "") == 0) ||
(!isset($pswd2) || strcmp($pswd2, "") == 0)) {
$formerror = "Password";
}
if ($formerror != "No Error") {
echo "<h3><br><br>
Missing field; Please go back and fill out the \"$formerror\" field!\n
</h3>
</body>
</html>";
die("");
}
echo "<h1>Adding information to the Testbed Database</h1>\n";
$my_passwd=$pswd;
$mypipe = popen(escapeshellcmd(
"/usr/testbed/bin/checkpass $my_passwd $grp_head_uid '$usr_name:$email'"),
"w+");
if ($mypipe) {
$retval=fgets($mypipe,1024);
if (strcmp($retval,"ok\n")!=0) {
die("<h3>The password you have chosen will not work:<p>$retval</h3>");
}
} else {
mail("testbed-www@flux.cs.utah.edu","TESTBED: checkpass failure",
"\n$usr_name ($grp_head_uid) just tried to set up a testbed account,\n".
"but checkpass pipe did not open (returned '$mypipe').\n".
"\nThanks\n");
}
$enc = crypt("$my_passwd");
array_walk($HTTP_POST_VARS, 'addslashes');
if (isset($pid)) { #add a project to the database
if ($trust == 2) {
$cmnd = "INSERT INTO projects VALUES ".
"('$pid',now(),'$proj_expires','$proj_name','$PHP_AUTH_USER')";
$result = mysql_db_query("tbdb", $cmnd);
if (!$result) {
$err = mysql_error();
echo "<H3>Couldn't add project to the database: $err</h3>\n";
exit;
}
$cmnd2 = "INSERT INTO proj_grps VALUES ('$pid', '$grp_assoc')";
mysql_db_query("tbdb", $cmnd2);
$cmnd3 = "INSERT INTO proj_memb VALUES ('$PHP_AUTH_USER', '$pid')";
mysql_db_query("tbdb", $cmnd3);
if ($proj_memb != "") {
$memb = preg_split("/\s/", "$proj_memb");
function add_memb ($item) {
global $pid;
trim($item);
$insert = "INSERT INTO proj_memb VALUES ('$item', '$pid')";
mysql_db_query("tbdb", $insert);
}
array_walk ($memb, "add_memb");
}
echo "<h1>Success</h1>";
} else {
mysql_db_query("tbdb","select usr_name,usr_email from groups as g ".
"left join users as u on g.grp_head_uid=u.uid ".
"where g.gid = '$grp_assoc'");
$row = mysql_fetch_row($head);
$grp_head = $row[0];
$email = $row[1];
echo "<h1>Add Project Failed:</h1>\n<h3>You are not authorized to add ".
"projects in group '$grp_assoc'. If you feel you have reached this ".
"message in error, please contact the project head, ".
"'$grp_head <$email>'.</h3>";
}
} elseif ( !empty($uid) && !empty($usr_email) &&
(($pswd == $pswd2) || ($enc == $pswd2)) ) {
$query = "SELECT unix_uid FROM users ORDER BY unix_uid DESC";
$res = mysql_db_query("tbdb", $query);
$row = mysql_fetch_row($res);
$unix_uid = $row[0];
++$unix_uid;
$query = "SELECT usr_pswd FROM users WHERE uid=\"$uid\"";
$result = mysql_db_query("tbdb", $query);
if ($row = mysql_fetch_row($result)) {
# returning user, joining new group
$usr_pswd = $row[0];
if ($usr_pswd != $enc) {
die("<H3>The username that you have chosen is already in use. ".
"Please select another.</h3>\n");
}
} else { # new user
$newuser=1;
$cmnd = "INSERT INTO users ".
"(uid,usr_created,usr_expires,usr_name,usr_email,usr_addr,".
"usr_phone,usr_pswd,unix_uid,status) ".
"VALUES ('$uid',now(),'$usr_expires','$usr_name','$usr_email',".
"'$usr_addr','$usr_phone','$enc','$unix_uid','newuser')";
$result = mysql_db_query("tbdb", $cmnd);
if (!$result) {
$err = mysql_error();
echo "<H3>Could not add user to the database: $err</h3>\n";
exit;
}
$fp = fopen("/usr/testbed/www/maillist/users.txt","a");
fwrite($fp, "$usr_email\n");
}
$result=mysql_db_query("tbdb","select * from grp_memb where ".
"uid='$uid' and gid='$grp'");
if (mysql_num_rows($result) > 0) {
# Already in that group (or applied)
echo "<h3>You have already applied for membership in that project.</h3>\n";
echo "</body></html>\n";
exit;
}
mysql_db_query("tbdb","insert into grp_memb (uid,gid,trust)".
"values ('$uid','$grp','none');");
$que = "SELECT grp_head_uid FROM groups WHERE gid='$grp'";
$res = mysql_db_query("tbdb", $que);
$resrow = mysql_fetch_row($res);
$ghid = $resrow[0];
$mque = "SELECT usr_email FROM users WHERE uid='$ghid'";
$mres = mysql_db_query("tbdb", $mque);
$mresrow = mysql_fetch_row($mres);
$grp_email = $mresrow[0];
mail("$grp_email", "TESTBED: New Project Member",
"\n$usr_name ($uid) is trying to join your project.\n".
"$usr_name has the\n".
"Testbed username $uid and email address $usr_email.\n$usr_name's ".
"phone number is $usr_phone and address $usr_addr.\n".
"\nPlease return ".
"to $TBWWW, log in,\nand select the ".
"'New User Approval' page to enter your decision regarding\n".
"$usr_name's membership in your project".
"\n\nThanks,\nTestbed Ops\nUtah Network Testbed\n",
"From: Testbed Ops <testbed-ops@flux.cs.utah.edu>\n".
"Cc: Testbed WWW <testbed-www@flux.cs.utah.edu>\n".
"Errors-To: Testbed WWW <testbed-www@flux.cs.utah.edu>");
if ($newuser==1) {
mail("$usr_email","TESTBED: Your New User Key",
"\nDear $usr_name:\n\n\tThank you for applying to use the Utah ".
"Network Testbed. As promised,\nhere is your key to verify your ".
"account. Your key is:\n\n".
crypt("TB_".$uid."_USR",strlen($uid)+13)."\n\n\t Please ".
"return to $TBWWW and log in,\n".
"using the user name and password you gave us when you applied. ".
"You will\nthen find an option on the menu called ".
"'New User Verification'. Select it,\nand on that page enter in ".
"your user name, password, and your key,\nand you will be ".
"verified as a user. When you have been ".
"both verified and\napproved by the head of your project, you will be ".
"marked as an active user,\nand will be granted full access to your ".
"user account.\n\nThanks,\nTestbed Ops\nUtah Network Testbed\n",
"From: Testbed Ops <testbed-ops@flux.cs.utah.edu>\n".
"Cc: Testbed WWW <testbed-www@flux.cs.utah.edu>\n".
"Errors-To: Testbed WWW <testbed-www@flux.cs.utah.edu>");
echo "
<h3> As a new user of the Testbed, for
security purposes, you will receive by e-mail a key. When you
receive it, come back to the site, and log in. When you do, you
will see a new menu option called 'New User Verification'. On
that page, enter in your username, password, and the key,
exactly as you received it in your e-mail. You will then be
marked as a verified user.</h3>
<h3>Once you have been both verified
and approved, you will be classified as an active user, and will
be granted full access to your user account.</h3>
";
}
echo "
<h3>The leader of project '$grp' has been notified of your application. He
will make a decision and either approve or deny your application, and you
will be notified as soon as a decision has been made.
Thanks for using the Testbed! </h3>
";
} elseif (isset($eid) && isset($proj)) { #start an experiment for a project
$cmnd = "INSERT INTO experiments VALUES ('$eid','$proj',now(),".
"'$expt_expires','expt_name','$PHP_AUTH_USER','$expt_start','$expt_end')";
$result = mysql_db_query("tbdb", $cmnd);
if (!result) {
$err = mysql_error();
echo "<H3>Failed to add experiment: $err</h3>\n";
exit;
}
} else {
echo "<H3>There was a problem with the information received, please return to the form and check to be sure you have correctly filled all required fields. </h3>\n";
}
?>
</body>
</html>
<?php
if (!isset($PHP_AUTH_USER)) {
Header("WWW-Authenticate: Basic realm=\"testbed\"");
Header("HTTP/1.0 401 Unauthorized");
echo "User authenication is required to view these pages\n";
exit;
} else {
addslashes($PHP_AUTH_USER);
$PSWD = crypt("$PHP_AUTH_PW", strlen($PHP_AUTH_USER));
$query = "SELECT * FROM users WHERE uid=\"$PHP_AUTH_USER\" AND usr_pswd=\"$PSWD\"";
$result = mysql_db_query("tbdb", $query);
$numusers = mysql_num_rows($result);
$query2 = "SELECT timeout FROM login WHERE uid=\"$PHP_AUTH_USER\"";
$result2 = mysql_db_query("tbdb", $query2);
$n = mysql_num_rows($result2);
if (($n == 0) && ($numusers != 0)) {
$cmnd = "INSERT INTO login VALUES ('$PHP_AUTH_USER', '0')";
mysql_db_query("tbdb", $cmnd);
} else {
$row = mysql_fetch_row($result2);
if (($numusers == 0) || ($row[0] < time())) {
$cmnd = "DELETE FROM login WHERE uid=\"$PHP_AUTH_USER\"";
mysql_db_query("tbdb", $cmnd);
Header("WWW-Authenticate: Basic realm=\"testbed\"");
Header("HTTP/1.0 401 Unauthorized");
die ("Authorization Failed\n");
}
}
$timeout = time() + 1800;
$cmnd = "UPDATE login SET timeout=\"$timeout\" where uid=\"$PHP_AUTH_USER\"";
mysql_db_query("tbdb", $cmnd);
}
?>
<html>