Commit 90dcbbe2 authored by Leigh B. Stoller's avatar Leigh B. Stoller
Browse files

Okay, I think I am finally done with WikiWhacking (or WhackingTheWiki?)

for the near future. Two big changes:

* Add WikiOnly accounts. An external user can register for an account on
  the wiki. Rather then use the registration stuff that comes with TWiki,
  redirect to new Emulab web page so we can manage all of the wiki accounts
  from one place. I modified the joinproject page to spit out a subset of
  the required fields so that its simple to get a wiki only account (just a
  few things to fill in).

  In keeping with current security practices, we still generate a
  verification email message to ensure the email address works. However,
  when the user completes the verification, the wiki account is created right
  away, rather then waiting for someone to approve it (since that would
  defeat the entire point of the wiki).

  Aside: I have not thought much about the conversion from a wiki-only
  account to a real account. That is going to happen, and it would be nice
  if that step did not require one of use to go in and hack the DB. Will
  cross that moat later.

  Aside: Rather beat up on the modify user info page too much, I continue
  to spit out the same form, but mark most of the fields as not required,
  and allow wiki-only people to not specify them.

* Both the joinproject and newproject pages sport a new WikiName field so
  that users can select their own WikiName. I added some JavaScript to
  both pages that generate a suitable wikiname from the FullName field, so
  that as soon as the user clicks out of the FullName, a default wikiname is
  inserted in the field.

  Both pages verify the wikinames by checking to make sure it is not
  already in use, and that it meets the WikiRules for WikiTopic names.
  (someone please shoot me if I continue to use WikiNotation).
parent 1b22ebcc
...@@ -58,6 +58,7 @@ ifeq ($(EVENTSYS),1) ...@@ -58,6 +58,7 @@ ifeq ($(EVENTSYS),1)
endif endif
@$(MAKE) -C mote post-install @$(MAKE) -C mote post-install
@$(MAKE) -C tools post-install @$(MAKE) -C tools post-install
@$(MAKE) -C wiki post-install
# #
# For installation on the 'ops' or 'users' node (okay, plastic) # For installation on the 'ops' or 'users' node (okay, plastic)
......
...@@ -167,7 +167,8 @@ if (AuditStart(0)) { ...@@ -167,7 +167,8 @@ if (AuditStart(0)) {
# #
$query_result = $query_result =
DBQueryFatal("select u.usr_pswd,u.unix_uid,u.usr_name, ". DBQueryFatal("select u.usr_pswd,u.unix_uid,u.usr_name, ".
" u.usr_email,u.status,u.webonly,u.usr_shell,admin,u.usr_w_pswd ". " u.usr_email,u.status,u.webonly,u.usr_shell,admin, ".
" u.usr_w_pswd,u.wikionly ".
"from users as u ". "from users as u ".
"where u.uid='$user'"); "where u.uid='$user'");
...@@ -184,6 +185,7 @@ my $webonly = $row[5]; ...@@ -184,6 +185,7 @@ my $webonly = $row[5];
my $usr_shell = $row[6]; my $usr_shell = $row[6];
my $usr_admin = $row[7]; my $usr_admin = $row[7];
my $wpswd = $row[8]; my $wpswd = $row[8];
my $wikionly = $row[9];
# #
# Get the users earliest project membership to use as the default group # Get the users earliest project membership to use as the default group
...@@ -273,10 +275,20 @@ sub AddUser() ...@@ -273,10 +275,20 @@ sub AddUser()
# #
# Check status. Only active users get accounts built. # Check status. Only active users get accounts built.
# #
if ($webonly || $status ne USERSTATUS_ACTIVE) { if ($webonly || $wikionly || $status ne USERSTATUS_ACTIVE) {
if ($webonly) { if ($webonly) {
return 0; return 0;
} }
if ($wikionly) {
$EUID = $UID;
# And to the wiki if enabled.
system("$ADDWIKIUSER $user")
if ($WIKISUPPORT && !$batch);
$EUID = 0;
return 0;
}
fatal("$user is not active! Cannot build an account!"); fatal("$user is not active! Cannot build an account!");
} }
......
...@@ -5,7 +5,7 @@ area for your project (or group). If you are not familiar with the ...@@ -5,7 +5,7 @@ area for your project (or group). If you are not familiar with the
information on how to write and create TWiki pages. information on how to write and create TWiki pages.
* YourFirstWikiTopic (See TWiki.WikiTopic for a brief description) * YourFirstWikiTopic (See TWiki.WikiTopic for a brief description)
* *
__This project wiki can be accessed externally as:__ [[%SCRIPTURL%/view/%WEB%][%SCRIPTURL%/view/%WEB%]] __This project wiki can be accessed externally as:__ [[%SCRIPTURL%/view/%WEB%][%SCRIPTURL%/view/%WEB%]]
......
...@@ -200,6 +200,10 @@ function TBvalid_usrname($token) { ...@@ -200,6 +200,10 @@ function TBvalid_usrname($token) {
return TBcheck_dbslot($token, "users", "usr_name", return TBcheck_dbslot($token, "users", "usr_name",
TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR); TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
} }
function TBvalid_wikiname($token) {
return TBcheck_dbslot($token, "users", "wikiname",
TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
}
function TBvalid_email($token) { function TBvalid_email($token) {
return TBcheck_dbslot($token, "users", "usr_email", return TBcheck_dbslot($token, "users", "usr_email",
TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR); TBDB_CHECKDBSLOT_WARN|TBDB_CHECKDBSLOT_ERROR);
......
...@@ -863,6 +863,21 @@ function TBCurrentUser($uid) ...@@ -863,6 +863,21 @@ function TBCurrentUser($uid)
return mysql_num_rows($query_result); return mysql_num_rows($query_result);
} }
#
# Confirm a current WikiName or not.
#
# usage TBCurrentWikiName($uid)
# returns 1 if a current wikiname.
# returns 0 if not a current wikiname
#
function TBCurrentWikiName($wikiname)
{
$query_result =
DBQueryFatal("SELECT usr_pswd FROM users WHERE wikiname='$wikiname'");
return mysql_num_rows($query_result);
}
# #
# Check to see if an email is being used twice. # Check to see if an email is being used twice.
# #
...@@ -1502,6 +1517,14 @@ function TBCvswebAllowed($uid) { ...@@ -1502,6 +1517,14 @@ function TBCvswebAllowed($uid) {
return mysql_num_rows($query_result); return mysql_num_rows($query_result);
} }
function TBWikiOnlyUser($uid) {
$query_result =
DBQueryFatal("select wikionly from users ".
"WHERE uid='$uid' and wikionly=1");
return mysql_num_rows($query_result);
}
# #
# Returns > 0 if a node has a serial console, 0 if it does not # Returns > 0 if a node has a serial console, 0 if it does not
# #
......
This diff is collapsed.
...@@ -357,10 +357,18 @@ function WRITESIDEBAR() { ...@@ -357,10 +357,18 @@ function WRITESIDEBAR() {
WRITESIDEBARBUTTON("Change Your Password", WRITESIDEBARBUTTON("Change Your Password",
$TBBASE, "moduserinfo.php3"); $TBBASE, "moduserinfo.php3");
} }
elseif ($login_status & CHECKLOGIN_WEBONLY) { elseif ($login_status & CHECKLOGIN_WEBONLY|CHECKLOGIN_WIKIONLY) {
WRITESIDEBARBUTTON("My Emulab", WRITESIDEBARBUTTON("My Emulab",
$TBBASE, $TBBASE,
"showuser.php3?target_uid=$login_uid"); "showuser.php3?target_uid=$login_uid");
if ($WIKISUPPORT && $CHECKLOGIN_WIKINAME != "") {
$wikiname = $CHECKLOGIN_WIKINAME;
WRITESIDEBARBUTTON_ABSCOOL("My Wikis",
"${WIKIURL}/Main/$wikiname",
"${WIKIURL}/Main/$wikiname");
}
WRITESIDEBARBUTTON("Update User Information", WRITESIDEBARBUTTON("Update User Information",
$TBBASE, "moduserinfo.php3"); $TBBASE, "moduserinfo.php3");
......
...@@ -19,7 +19,8 @@ include("showstuff.php3"); ...@@ -19,7 +19,8 @@ include("showstuff.php3");
# #
$uid = GETLOGIN(); $uid = GETLOGIN();
LOGGEDINORDIE($uid, LOGGEDINORDIE($uid,
CHECKLOGIN_USERSTATUS|CHECKLOGIN_PSWDEXPIRED|CHECKLOGIN_WEBONLY); CHECKLOGIN_USERSTATUS|CHECKLOGIN_PSWDEXPIRED|
CHECKLOGIN_WEBONLY|CHECKLOGIN_WIKIONLY);
$isadmin = ISADMIN($uid); $isadmin = ISADMIN($uid);
...@@ -29,13 +30,16 @@ $shelllist = array( 'tcsh', 'bash', 'csh', 'sh' ); ...@@ -29,13 +30,16 @@ $shelllist = array( 'tcsh', 'bash', 'csh', 'sh' );
# used if db slot for user is NULL (should not happen.) # used if db slot for user is NULL (should not happen.)
$defaultshell = 'tcsh'; $defaultshell = 'tcsh';
# See below.
$wikionly = 0;
# #
# Spit the form out using the array of data and error strings (if any). # Spit the form out using the array of data and error strings (if any).
# #
function SPITFORM($formfields, $errors) function SPITFORM($formfields, $errors)
{ {
global $TBDB_UIDLEN, $TBDB_PIDLEN, $TBDB_GIDLEN, $isadmin; global $TBDB_UIDLEN, $TBDB_PIDLEN, $TBDB_GIDLEN, $isadmin;
global $target_uid; global $target_uid, $wikionly;
global $shelllist, $defaultshell; global $shelllist, $defaultshell;
# #
...@@ -66,10 +70,13 @@ function SPITFORM($formfields, $errors) ...@@ -66,10 +70,13 @@ function SPITFORM($formfields, $errors)
echo "</table><br>\n"; echo "</table><br>\n";
} }
# For indicating that fields are optional or not.
$optfield = ($wikionly ? "" : "*");
echo "<table align=center border=1> echo "<table align=center border=1>
<tr> <tr>
<td align=center colspan=3> <td align=center colspan=3>
Fields marked with * are required. <b>Fields marked with * are required.</b>
</td> </td>
</tr>\n </tr>\n
...@@ -107,20 +114,20 @@ function SPITFORM($formfields, $errors) ...@@ -107,20 +114,20 @@ function SPITFORM($formfields, $errors)
# Title/Position: # Title/Position:
# #
echo "<tr> echo "<tr>
<td colspan=2>*Title/Position:</td> <td colspan=2>${optfield}Title/Position:</td>
<td class=left> <td class=left>
<input type=text <input type=text
name=\"formfields[usr_title]\" name=\"formfields[usr_title]\"
value=\"" . $formfields[usr_title] . "\" value=\"" . $formfields[usr_title] . "\"
size=30> size=30>
</td> </td>
</tr>\n"; </tr>\n";
# #
# Affiliation: # Affiliation:
# #
echo "<tr> echo "<tr>
<td colspan=2>*Institutional<br>Affiliation:</td> <td colspan=2>${optfield}Institutional<br>Affiliation:</td>
<td class=left> <td class=left>
<input type=text <input type=text
name=\"formfields[usr_affil]\" name=\"formfields[usr_affil]\"
...@@ -146,7 +153,7 @@ function SPITFORM($formfields, $errors) ...@@ -146,7 +153,7 @@ function SPITFORM($formfields, $errors)
# Email: # Email:
# #
echo "<tr> echo "<tr>
<td colspan=2>*Email Address[<b>1</b>]:</td> <td colspan=2>Email Address[<b>1</b>]:</td>
<td class=left> "; <td class=left> ";
if ($isadmin) if ($isadmin)
echo " <input type=text "; echo " <input type=text ";
...@@ -167,8 +174,11 @@ function SPITFORM($formfields, $errors) ...@@ -167,8 +174,11 @@ function SPITFORM($formfields, $errors)
$formfields[usr_country] = "USA"; $formfields[usr_country] = "USA";
} }
echo "<tr><td colspan=3>*Address:<br /><center> #
<table> # Postal Address
#
echo "<tr><td colspan=3>${optfield}Address:<br /><center>
<table>
<tr><td>Line 1</td><td colspan=3> <tr><td>Line 1</td><td colspan=3>
<input type=text <input type=text
name=\"formfields[usr_addr]\" name=\"formfields[usr_addr]\"
...@@ -201,17 +211,13 @@ function SPITFORM($formfields, $errors) ...@@ -201,17 +211,13 @@ function SPITFORM($formfields, $errors)
size=15></td></tr> size=15></td></tr>
</table></center></td></tr>"; </table></center></td></tr>";
# # Default Shell
# Default Group echo "<tr><td colspan=2>Shell:</td>
#
# Default Shell
echo "<tr><td colspan=2>Shell:</td>
<td class=left>"; <td class=left>";
echo "<select name=\"formfields[usr_shell]\">"; echo "<select name=\"formfields[usr_shell]\">";
foreach ($shelllist as $s) { foreach ($shelllist as $s) {
if ((!isset($formfields[usr_shell]) && if ((!isset($formfields[usr_shell]) &&
0 == strcmp($defaultshell, $s)) || 0 == strcmp($defaultshell, $s)) ||
0 == strcmp($formfields[usr_shell],$s)) { 0 == strcmp($formfields[usr_shell],$s)) {
$sel = "selected='1'"; $sel = "selected='1'";
} else { } else {
...@@ -219,13 +225,13 @@ function SPITFORM($formfields, $errors) ...@@ -219,13 +225,13 @@ function SPITFORM($formfields, $errors)
} }
echo "<option value='$s' $sel>$s</option>"; echo "<option value='$s' $sel>$s</option>";
} }
echo "</select></td></tr>"; echo "</select></td></tr>";
# #
# Phone # Phone
# #
echo "<tr> echo "<tr>
<td colspan=2>*Phone #:</td> <td colspan=2>${optfield}Phone #:</td>
<td class=left> <td class=left>
<input type=text <input type=text
name=\"formfields[usr_phone]\" name=\"formfields[usr_phone]\"
...@@ -238,6 +244,7 @@ function SPITFORM($formfields, $errors) ...@@ -238,6 +244,7 @@ function SPITFORM($formfields, $errors)
# Password. Note that we do not resend the password. User # Password. Note that we do not resend the password. User
# must retype on error. # must retype on error.
# #
echo "<tr></tr>\n";
echo "<tr> echo "<tr>
<td colspan=2>Password[<b>1</b>]:</td> <td colspan=2>Password[<b>1</b>]:</td>
<td class=left> <td class=left>
...@@ -254,51 +261,55 @@ function SPITFORM($formfields, $errors) ...@@ -254,51 +261,55 @@ function SPITFORM($formfields, $errors)
size=8></td> size=8></td>
</tr>\n"; </tr>\n";
# Windows Password. Initial random default is based on the Unix if (!$wikionly) {
# password hash. #
# # Windows Password. Initial random default is based on the Unix
# A separate password is kept for experiment nodes running Windows. # password hash.
# It is presented behind-the-scenes to rdesktop and Samba by our Web #
# interface, but you may still need to type it. The default password # A separate password is kept for experiment nodes running Windows.
# is randomly generated. You may change it to something easier to # It is presented behind-the-scenes to rdesktop and Samba by our
# remember. # Web# interface, but you may still need to type it.
# # The default password is randomly generated.
echo "<tr> # You may change it to something easier to remember.
<td colspan=2>Windows Password[<b>1,4</b>]:</td> #
<td class=left> echo "<tr>
<input type=text <td colspan=2>Windows Password[<b>1,4</b>]:</td>
name=\"formfields[w_password1]\" <td class=left>
value=\"" . $formfields[w_password1] . "\" <input type=text
size=8></td> name=\"formfields[w_password1]\"
</tr>\n"; value=\"" . $formfields[w_password1] . "\"
size=8></td>
</tr>\n";
echo "<tr> echo "<tr>
<td colspan=2>Retype Windows Password:</td> <td colspan=2>Retype Windows Password:</td>
<td class=left> <td class=left>
<input type=text <input type=text
name=\"formfields[w_password2]\" name=\"formfields[w_password2]\"
size=8></td> size=8></td>
</tr>\n"; </tr>\n";
#
# Planetlab bit. This should really be a drop down menu of the
# choices.
#
if ($formfields[user_interface] == TBDB_USER_INTERFACE_PLAB) {
$checked = "checked";
} else {
$checked = "";
}
# echo "<tr>
# Planetlab bit. This should really be a drop down menu of the choices. <td colspan=2>Use simplified PlanetLab view:</td>
# <td class=left>
if ($formfields[user_interface] == TBDB_USER_INTERFACE_PLAB) { <input type='checkbox'
$checked = "checked"; name=\"formfields[user_interface]\"
} else { value=\"" . TBDB_USER_INTERFACE_PLAB . "\"
$checked = ""; $checked>
</td>
</tr>\n";
} }
echo "<tr>
<td colspan=2>Use simplified PlanetLab view:</td>
<td class=left>
<input type='checkbox'
name=\"formfields[user_interface]\"
value=\"" . TBDB_USER_INTERFACE_PLAB . "\"
$checked>
</td>
</tr>\n";
# #
# Notes # Notes
# #
...@@ -328,8 +339,9 @@ function SPITFORM($formfields, $errors) ...@@ -328,8 +339,9 @@ function SPITFORM($formfields, $errors)
<li> Please consult our <li> Please consult our
<a href = 'docwrapper.php3?docname=security.html'> <a href = 'docwrapper.php3?docname=security.html'>
security policies</a> for information security policies</a> for information
regarding passwords and email addresses. regarding passwords and email addresses.\n";
<li> You can also if (!$wikionly) {
echo "<li> You can also
<a href='showpubkeys.php3?target_uid=$target_uid'> <a href='showpubkeys.php3?target_uid=$target_uid'>
edit your ssh public keys</a> and your edit your ssh public keys</a> and your
<a href='showsfskeys.php3?target_uid=$target_uid'> <a href='showsfskeys.php3?target_uid=$target_uid'>
...@@ -342,8 +354,9 @@ function SPITFORM($formfields, $errors) ...@@ -342,8 +354,9 @@ function SPITFORM($formfields, $errors)
Windows. It is presented behind-the-scenes to rdesktop and Windows. It is presented behind-the-scenes to rdesktop and
Samba by our Web interface, but you may still need to type Samba by our Web interface, but you may still need to type
it. The default password is randomly generated. You may it. The default password is randomly generated. You may
change it to something easier to remember. change it to something easier to remember.\n";
</ol> }
echo "</ol>
</blockquote></blockquote> </blockquote></blockquote>
</h4>\n"; </h4>\n";
} }
...@@ -422,6 +435,7 @@ $defaults[usr_affil] = $row[usr_affil]; ...@@ -422,6 +435,7 @@ $defaults[usr_affil] = $row[usr_affil];
$defaults[usr_shell] = $row[usr_shell]; $defaults[usr_shell] = $row[usr_shell];
$defaults[notes] = $row[notes]; $defaults[notes] = $row[notes];
$defaults[user_interface] = $row[user_interface]; $defaults[user_interface] = $row[user_interface];
$wikionly = $row[wikionly];
# Show and keep the Windows password if user-set, otherwise fill in the random one. # Show and keep the Windows password if user-set, otherwise fill in the random one.
if (strcmp($row[usr_w_pswd],"")) if (strcmp($row[usr_w_pswd],""))
...@@ -456,13 +470,6 @@ $errors = array(); ...@@ -456,13 +470,6 @@ $errors = array();
# #
# These fields are required! # These fields are required!
# #
if (!isset($formfields[usr_title]) ||
strcmp($formfields[usr_title], "") == 0) {
$errors["Title/Position"] = "Missing Field";
}
elseif (! TBvalid_title($formfields[usr_title])) {
$errors["Title/Position"] = TBFieldErrorString();
}
if (!isset($formfields[usr_name]) || if (!isset($formfields[usr_name]) ||
strcmp($formfields[usr_name], "") == 0) { strcmp($formfields[usr_name], "") == 0) {
$errors["Full Name"] = "Missing Field"; $errors["Full Name"] = "Missing Field";
...@@ -476,18 +483,35 @@ $tokens = preg_split("/[\s]+/", $formfields[usr_name], ...@@ -476,18 +483,35 @@ $tokens = preg_split("/[\s]+/", $formfields[usr_name],
if (count($tokens) < 2) { if (count($tokens) < 2) {
$errors["Full Name"] = "Please provide a first and last name"; $errors["Full Name"] = "Please provide a first and last name";
} }
if (!$wikionly) {
if (!isset($formfields[usr_affil]) || # WikiOnly can leave these fields blank, but must error check them anyway.
strcmp($formfields[usr_affil], "") == 0) { if (!isset($formfields[usr_title]) ||
$errors["Affiliation"] = "Missing Field"; strcmp($formfields[usr_title], "") == 0) {
$errors["Title/Position"] = "Missing Field";
}
if (!isset($formfields[usr_affil]) ||
strcmp($formfields[usr_affil], "") == 0) {
$errors["Affiliation"] = "Missing Field";
}
}
if (isset($formfields[usr_title]) &&
! TBvalid_title($formfields[usr_title])) {
$errors["Title/Position"] = TBFieldErrorString();
} }
elseif (! TBvalid_affiliation($formfields[usr_affil])) { if (isset($formfields[usr_affil]) &&
! TBvalid_affiliation($formfields[usr_affil])) {
$errors["Affiliation"] = TBFieldErrorString(); $errors["Affiliation"] = TBFieldErrorString();
} }
if (!isset($formfields[usr_shell]) || if (!isset($formfields[usr_shell]) ||
!in_array($formfields[usr_shell], $shelllist)) { !in_array($formfields[usr_shell], $shelllist)) {
$errors["Shell"] = "Invalid Shell"; $errors["Shell"] = "Invalid Shell";
} }
if (isset($formfields[usr_URL]) &&
strcmp($formfields[usr_URL], "") &&
strcmp($formfields[usr_URL], $HTTPTAG) &&
! CHECKURL($formfields[usr_URL], $urlerror)) {
$errors["Home Page URL"] = $urlerror;
}
if (!isset($formfields[usr_email]) || if (!isset($formfields[usr_email]) ||
strcmp($formfields[usr_email], "") == 0) { strcmp($formfields[usr_email], "") == 0) {
$errors["Email Address"] = "Missing Field"; $errors["Email Address"] = "Missing Field";
...@@ -495,13 +519,7 @@ if (!isset($formfields[usr_email]) || ...@@ -495,13 +519,7 @@ if (!isset($formfields[usr_email]) ||
elseif (! TBvalid_email($formfields[usr_email])) { elseif (! TBvalid_email($formfields[usr_email])) {
$errors["Email Address"] = TBFieldErrorString(); $errors["Email Address"] = TBFieldErrorString();
} }
if (isset($formfields[usr_URL]) && if (!$isadmin && !$wikionly) {
strcmp($formfields[usr_URL], "") &&
strcmp($formfields[usr_URL], $HTTPTAG) &&
! CHECKURL($formfields[usr_URL], $urlerror)) {
$errors["Home Page URL"] = $urlerror;
}
if (!$isadmin) {
# Admins can leave these fields blank, but must error check them anyway. # Admins can leave these fields blank, but must error check them anyway.
if (!isset($formfields[usr_addr]) || if (!isset($formfields[usr_addr]) ||
strcmp($formfields[usr_addr], "") == 0) { strcmp($formfields[usr_addr], "") == 0) {
...@@ -553,7 +571,7 @@ if (isset($formfields[usr_country]) && ...@@ -553,7 +571,7 @@ if (isset($formfields[usr_country]) &&
!TBvalid_country($formfields[usr_zip])) { !TBvalid_country($formfields[usr_zip])) {
$errors["Zip/Postal Code"] = TBFieldErrorString(); $errors["Zip/Postal Code"] = TBFieldErrorString();
} }
if (isset($formfields[usr_phone]) && if (isset($formfields[usr_phone]) && $formfields[usr_phone] != "" &&
!TBvalid_phone($formfields[usr_phone])) { !TBvalid_phone($formfields[usr_phone])) {
$errors["Phone #"] = TBFieldErrorString(); $errors["Phone #"] = TBFieldErrorString();
} }
...@@ -596,10 +614,12 @@ if (count($errors)) { ...@@ -596,10 +614,12 @@ if (count($errors)) {
return; return;
} }
$usr_title = addslashes($formfields[usr_title]);
$usr_name = addslashes($formfields[usr_name]); $usr_name = addslashes($formfields[usr_name]);
$usr_affil = addslashes($formfields[