Commit badf515c authored by Leigh B. Stoller's avatar Leigh B. Stoller

Check in lots of fixes and changes. Apply for a project now works after

fixing several password and key bugs. I think this problem persists in
other pages though. Also some Jay changes to docs.
parent 74906078
......@@ -17,10 +17,10 @@ if ($mypipe) {
die("<h3>The password you have chosen will not work:<p>$retval</h3>");
}
} else {
mail("newbold@cs.utah.edu","TESTBED: checkpass failure",
mail("testbed-www@flux.cs.utah.edu","TESTBED: checkpass failure",
"\n$usr_name ($grp_head_uid) just tried to set up a testbed account,\n".
"but checkpass pipe did not open (returned '$mypipe').\n".
"\nThanks,\nMac\n");
"\nThanks\n");
}
$enc = crypt("$my_passwd");
array_walk($HTTP_POST_VARS, 'addslashes');
......@@ -119,9 +119,10 @@ if (isset($pid)) { #add a project to the database
"to <https://plastic.cs.utah.edu/tbdb.html>, log in,\nand select the ".
"'New User Approval' page to enter your decision regarding\n".
"$usr_name's membership in your group.".
"\n\nThanks,\nMac Newbold\nUtah Network Testbed\n",
"From: Mac Newbold <newbold@cs.utah.edu>\nCc: newbold@cs.utah.edu\n".
"Errors-To: newbold@cs.utah.edu");
"\n\nThanks,\nTestbed Control\nUtah Network Testbed\n",
"From: Testbed Control <testbed-control@flux.cs.utah.edu>\n".
"Cc: Testbed WWW <testbed-www@flux.cs.utah.edu>\n".
"Errors-To: Testbed WWW <testbed-www@flux.cs.utah.edu>");
if ($newuser==1) {
mail("$usr_email","TESTBED: Your New User Key",
"\nDear $usr_name:\n\n\tThank you for applying to use the Utah ".
......@@ -136,9 +137,10 @@ if (isset($pid)) { #add a project to the database
"verified as a user. When you have been ".
"both verified and\napproved by the head of your group, you will be ".
"marked as an active user,\nand will be granted full access to your ".
"user account.\n\nThanks,\nMac Newbold\nUtah Network Testbed\n",
"From: Mac Newbold <newbold@cs.utah.edu>\nCc: newbold@cs.utah.edu\n".
"Errors-To: newbold@cs.utah.edu");
"user account.\n\nThanks,\nTestbed Control\nUtah Network Testbed\n",
"From: Testbed Control <testbed-control@flux.cs.utah.edu>\n".
"Cc: Testbed WWW <testbed-www@flux.cs.utah.edu>\n".
"Errors-To: Testbed WWW <testbed-www@flux.cs.utah.edu>");
echo "
<h3> As a new user of the Testbed, for
security purposes, you will receive by e-mail a key. When you
......
......@@ -22,7 +22,8 @@ Only fields marked with * are required</td></tr>
<form action=grpadded.php3 method="post">
<tr><td colspan=2>Project Information</td>
<td colspan=2>Project Head Information</td></tr>
<tr><td>*Project Name:</td><td><input type="text" name="gid"></td>
<tr><td>*Name:</td><td><input type="text" name="gid" value="TestNet-One">
</td>
<td>*Username:</td><td class="left">
<?php
if (isset($auth_usr)) {
......@@ -36,15 +37,19 @@ Only fields marked with * are required</td></tr>
} else {
echo "<input type=\"text\" name=\"grp_head_uid\"></td></tr>\n";
}
echo "<tr><td>*Project long name:</td><td><input type=\"text\" name=\"grp_name\"></td>
<td>*Full Name:</td><td class=\"left\">";
echo "<tr><td>*Long name:</td><td>
<input type=\"text\" name=\"grp_name\" value=\"Test Networks One\">
</td>
<td>*Full Name:</td><td class=\"left\">";
if (isset($row)) {
echo "<input type=\"readonly\" value=\"$row[usr_name]\"";
} else {
echo "<input type=\"text\"";
}
echo "name=\"usr_name\"></td></tr>
<tr><td>Project URL:</td><td><input type=\"text\" name=\"grp_URL\"></td>
<tr><td>URL:</td><td><input type=\"text\" name=\"grp_URL\"
value=\"http://www.testnetworks.org\">
</td>
<td>*Email<br>Address:</td><td class=\"left\">";
if (isset($row)) {
echo "<input type=\"readonly\" value=\"$row[usr_email]\" ";
......@@ -64,7 +69,7 @@ if (isset($row)) {
echo "<input type=\"text\" name=\"usr_addr\">";
}
echo "</td></tr>
<tr><td>*Project Affiliation:</td><td><input type=\"text\" name=\"grp_affil\"></td>
<tr><td>*Your Research<br>Affiliation:</td><td><input type=\"text\" name=\"grp_affil\" value=\"UofX Networks Group\"></td>
<td>*Phone #:</td><td class=\"left\"><input ";
if (isset($row)) {
echo "type=\"readonly\" value=\"$row[usr_phone]\"";
......@@ -73,7 +78,10 @@ if (isset($row)) {
}
echo "name=\"usr_phones\"></td></tr>\n";
?>
<tr><td>*Password:</td><td><input type="password" name="password1"></td>
<tr>
<td>*Password:</td><td><input type="password" name="password1"></td>
</tr>
<tr>
<td>*Retype<br>Password:</td><td><input
<?php
if (isset($row)) {
......@@ -86,7 +94,7 @@ name="password2">&nbsp;</td></tr>
<tr><td colspan="4">*Please describe how and why you plan
to use the Testbed:</td></tr>
<tr><td colspan="4" class="left"><textarea name="why"
rows="10" cols="62"></textarea></td></tr>
rows="10" cols="70"></textarea></td></tr>
<tr><td colspan="4" align="center"><b><input type="submit"
value="Submit"></b></td></tr>
</form>
......
......@@ -38,8 +38,8 @@ if (isset($uid)) {
echo "<input type=\"readonly\" name=\"usr_phone\" ";
echo "value=\"$row[4]\"></td></tr>";
echo "<tr><td>*Password:</td><td>";
echo "<input type=\"password\" name=\"pswd\"></td>";
echo "<td>*Retype Password:</td><td>";
echo "<input type=\"password\" name=\"pswd\"></td></tr>";
echo "<tr><td>*Retype<br>Password:</td><td>";
echo "<input type=\"hidden\" name=\"pswd2\" ";
echo "value=\"$row[5]\">&nbsp;</td></tr>";
} else {
......@@ -57,12 +57,13 @@ if (isset($uid)) {
echo "<td>Phone #:</td><td>";
echo "<input type=\"text\" name=\"usr_phone\"></td></tr>";
echo "<tr><td>*Password:</td><td>";
echo "<input type=\"password\" name=\"pswd\"></td>";
echo "<td>*Retype Password:</td><td>";
echo "<input type=\"password\" name=\"pswd\"></td></tr>";
echo "<tr><td>*Retype<br>Password:</td><td>";
echo "<input type=\"password\" name=\"pswd2\"></td></tr>";
}
echo "<tr><td>*Project:</td><td><b>";
}
echo "<tr><td>*Project:</td><td>";
echo "<input type=\"text\" name=\"grp\"></td>";
echo "</tr>";
# This used to give the selection box with all the groups...
#$query = "SELECT gid FROM groups";
#$result = mysql_db_query("tbdb", $query);
......@@ -81,7 +82,7 @@ echo "<input type=\"text\" name=\"grp\"></td>";
# echo "There don't seem to be any groups in the database</td>\n";
#}
?>
<td colspan="2" align="center">
<td colspan="4" align="center">
<b><input type="submit" value="Submit"></b></td></tr>
</form>
</table>
......
......@@ -35,17 +35,17 @@ Please log in again.</h3>\n</body></html>";
unset($auth_usr);
}
echo "
<h1>Approve new users in your group</h1>
<h1>Approve new users in your Project</h1>
<h3><p>
This page will let you approve new members of your group. Once approved,
they will be able to log into machines in your group's experiments.</p>
This page will let you approve new members of your Project. Once approved,
they will be able to log into machines in your Projects's experiments.</p>
<p> If you desire, you may set their trust/privilege levels to give them
more or less access to your nodes:
<ol>
<li>User - Can log into machines in your experiments.
<li>Local Root - Can have root access on machines, can create new experiments.
";
#echo "<li>Group Root - Can approve users, create projects, and update any group info or personal info for group members.";
#echo "<li>Group Root - Can approve users, create projects, and update any project info or personal info for project members.";
echo "</ol>
</p></h3>\n";
$query="SELECT gid FROM grp_memb WHERE uid='$auth_usr' and trust='group_root'";
......@@ -77,7 +77,7 @@ while ($row = mysql_fetch_row($selected)) {
$find .= ")";
$found = mysql_db_query("tbdb", $find);
if ( mysql_num_rows($found) == 0 ) {
echo "<h3>You have no new group members who need approval</h3>\n";
echo "<h3>You have no new project members who need approval</h3>\n";
} else {
echo "<table width=\"100%\" border=2 cellpadding=0 cellspacing=2 align='center'>
<tr>
......
......@@ -94,10 +94,10 @@ while ($row = mysql_fetch_row($found)) {
"\nThis message is to notify you that you have been approved ".
"as a member of \nthe $gid group with $trust permissions.\n".
"\nYour status as a Testbed user is now $newstatus.".
"\n\nThanks,\nMac Newbold\nUtah Network Testbed\n",
"From: Mac Newbold <newbold@cs.utah.edu>\n".
"Cc: newbold@cs.utah.edu\n".
"Errors-To: newbold@cs.utah.edu");
"\n\nThanks,\nTestbed Control\nUtah Network Testbed\n",
"From: Testbed Control <testbed-control@flux.cs.utah.edu>\n".
"Cc: Testbed WWW <testbed-www@flux.cs.utah.edu>\n".
"Errors-To: Testbed WWW <testbed-www@flux.cs.utah.edu>");
echo "<h3><p>User $uid was changed to status $newstatus and ";
echo "granted $trust permissions for group $gid.</p></h3>\n";
} elseif ( $$uid == "deny") {
......@@ -113,10 +113,10 @@ while ($row = mysql_fetch_row($found)) {
"\nThis message is to notify you that you have been denied ".
"as a member of \nthe $gid group.\n".
"\nYour status as a Testbed user is still $status.".
"\n\nThanks,\nMac Newbold\nUtah Network Testbed\n",
"From: Mac Newbold <newbold@cs.utah.edu>\n".
"Cc: newbold@cs.utah.edu\n".
"Errors-To: newbold@cs.utah.edu");
"\n\nThanks,\nTestbed Control\nUtah Network Testbed\n",
"From: Testbed Control <testbed-control@flux.cs.utah.edu>\n".
"Cc: Testbed WWW <testbed-www@flux.cs.utah.edu>\n".
"Errors-To: Testbed WWW <testbed-www@flux.cs.utah.edu>");
echo "<h3><p>User $uid was denied membership in your group.</p></h3>\n";
} else {
echo "<h3><p>User $uid was postponed for later decision.</p></h3>\n";
......
......@@ -44,15 +44,15 @@
project leader is held responsible for the actions of members of
his/her project. The leader can allow users to join the project
and use the Testbed as a member of his/her project. To create a
project, click on the link in the side bar titled 'Apply to
Start a Project'. Fill out the requested information, and your
request will be submitted to the Testbed Approval Committee.
project, click on the link in the side bar titled 'Start a
Project'. Fill out the requested information, and your request
will be submitted to the Testbed Approval Committee.
</p>
<li><h3>Someone told me to join their project. How do I do
that?</h3>
<p>The process of joining an existing project is quite
simple. Go to the 'Apply to Join a Project' page, fill out the
simple. Go to the 'Join a Project' page, fill out the
form, and wait for the project leader to approve you. Once
approved, you can log into the Testbed. Your project leader will
control how much access you have to Testbed resources, within
......
......@@ -16,10 +16,10 @@ if ($mypipe) {
die("<h3>The password you have chosen will not work:<p>$retval</h3>");
}
} else {
mail("newbold@cs.utah.edu","TESTBED: checkpass failure",
mail("testbed-www@flux.cs.utah.edu","TESTBED: checkpass failure",
"\n$usr_name ($grp_head_uid) just tried to set up a testbed account,\n".
"but checkpass pipe did not open (returned '$mypipe').\n".
"\nThanks,\nMac\n");
"\nThanks\n");
}
$enc = crypt("$my_passwd");
array_walk($HTTP_POST_VARS, 'addslashes');
......@@ -83,7 +83,7 @@ if (isset($gid) && isset($password1) && isset($email) &&
fwrite($fp, "$email\n"); #Writes the email address to mailing lists
fwrite($fp2, "$email\n");
# mail("lepreau@cs.utah.edu,calfeld@cs.utah.edu",
mail("newbold@cs.utah.edu",
mail("newbold@cs.utah.edu,stoller@cs.utah.edu",
"TESTBED: New Group", "'$usr_name' wants to start group ".
"'$gid'.\nContact Info:\nName:\t\t$usr_name ($grp_head_uid)\n".
"Email:\t\t$email\nGroup:\t\t$grp_name\nURL:\t\t$grp_URL\n".
......@@ -93,14 +93,14 @@ if (isset($gid) && isset($password1) && isset($email) &&
"made a decision, go to <https://plastic.cs.utah.edu/tbdb.html> and\n".
"select the 'Group Approval' page.\n\nThey are expecting a result ".
"within 72 hours.\n",
"From: $usr_name <$email>\nCc: newbold@cs.utah.edu\n".
"Errors-To: newbold@cs.utah.edu");
"From: $usr_name <$email>\nCc: testbed-www@flux.cs.utah.edu\n".
"Errors-To: testbed-www@flux.cs.utah.edu");
if (! $returning) {
mail("$email","TESTBED: Your New User Key",
"\nDear $usr_name:\n\n\tThank you for applying to use the Utah ".
"Network Testbed. As promised,\nhere is your key to verify your ".
"account. Your key is:\n\n".
crypt("TB_".$uid."_USR",strlen($uid)+13)."\n\n\t Please ".
crypt("TB_".$grp_head_uid."_USR",strlen($grp_head_uid)+13)."\n\n\t Please ".
"return to <https://plastic.cs.utah.edu/tbdb.html> and log in,\nusing ".
"the user name and password you gave us when you applied. You will\n".
"then find an option on the menu called 'New User Verification'. ".
......@@ -108,9 +108,10 @@ if (isset($gid) && isset($password1) && isset($email) &&
"your key,\nand you will be verified as a user. When you have been ".
"both verified and\napproved by the Approval Committee, you will be ".
"marked as an active user,\nand will be granted full access to your ".
"user account.\n\nThanks,\nMac Newbold\nUtah Network Testbed\n",
"From: Mac Newbold <newbold@cs.utah.edu>\nCc: newbold@cs.utah.edu\n".
"Errors-To: newbold@cs.utah.edu");
"user account.\n\nThanks,\nTestbed Control\nUtah Network Testbed\n",
"From: Testbed Control <testbed-control@flux.cs.utah.edu>\n".
"Cc: Testbed WWW <testbed-www@flux.cs.utah.edu>\n".
"Errors-To: Testbed WWW <testbed-www@flux.cs.utah.edu>");
}
echo "
<H1>Group '$gid' successfully added.</h1>
......
......@@ -5,7 +5,7 @@
<base href='https://plastic.cs.utah.edu/' target='dynamic'>
</head>
<body>
<h3>Welcome to the Utah Network Testbed</h3>
<a href="welcome.html"><h3>Utah Network Testbed</h3></a>
<?php
if (isset($login)) {
unset($login);
......@@ -33,13 +33,13 @@ if (isset($login)) {
$c="insert into login (uid,timeout) values ('$auth_usr','$timeout')";
mysql_db_query("tbdb", $c);
}
echo "Welcome to the Testbed, $auth_usr!";
echo "$auth_usr Logged in!";
} else {
echo "<h3>Login Failed</h3>\n";
echo "Login Failed\n";
unset($auth_usr);
}
} else {
echo "<h3>Login Failed</h3>\n";
echo "Login Failed\n";
unset($auth_usr);
}
} elseif (isset($logout)) { # a logout clause
......@@ -110,8 +110,8 @@ if (isset($auth_usr)) {
} elseif ($status == "unapproved") {
echo "Your account has not been approved yet. Please try back ";
echo "later. Contact ";
echo "<a href=\"mailto:newbold@cs.utah.edu\">";
echo "Mac Newbold (newbold@cs.utah.edu)</a>";
echo "<a href=\"mailto:testbed-control@flux.cs.utah.edu\">";
echo "Testbed Control (testbed-control@flux.cs.utah.edu)</a>";
echo " for further assistance.\n";
} elseif (($status == "newuser") || ($status == "unverified")) {
echo "<A href='verify.php3?$auth_usr'>New User Verification</A>\n";
......@@ -119,8 +119,8 @@ if (isset($auth_usr)) {
echo "Your account has been changed to status $status, and is ";
echo "currently unusable. Please contact your group leader to find out ";
echo "why. If you need further help, contact ";
echo "<a href=\"mailto:newbold@cs.utah.edu\">";
echo "Mac Newbold (newbold@cs.utah.edu)</a>.";
echo "<a href=\"mailto:testbed-control@flux.cs.utah.edu\">";
echo "Testbed Control (testbed-control@flux.cs.utah.edu)</a>.";
}
}
?>
......@@ -128,12 +128,12 @@ if (isset($auth_usr)) {
<?php
echo "<A href='addgrp.php3";
if (isset($auth_usr)) { echo "?$auth_usr"; }
echo "'>Apply to Start a Project</A>\n";
echo "'>Start a Project</A>\n";
echo "<p><A href='addusr.php3";
if (isset($auth_usr)) { echo "?$auth_usr"; }
echo "'>Apply to Join a Project</A>";
echo "'>Join a Project</A>";
?>
<hr><A href='faq.html'>Frequently<br>Asked<br>Questions</a></p>
<hr><A href='faq.html'>Testbed FAQ</a></p>
<table cellpadding='0' cellspacing='0' width="100%">
<form action="index.php3" method='post' target='fixed'>
<?php
......
......@@ -7,6 +7,7 @@ TD.left {color: #802020; text-align: left; font-weight: bold;}
H1 {color: #802020; text-align: center; font-weight: bold;font-size: x-large; }
H2 {color: #802020; text-align: center; font-weight: bold;font-size: large; }
H3 {color: #802020; text-align: center; font-weight: bold;font-size: medium; }
H4 {color: #000000; text-align: center; font-weight: bold;font-size: medium; }
H3 P {color: #001080; text-align: left; font-weight: bold;font-size: medium; }
OL,UL,DL { color: #001080; text-align: left; font-weight: bold;}
OL H3 {color: #001080; text-align: left;}
......
......@@ -38,11 +38,17 @@ Please log in again.</h3>\n</body></html>";
<?php
if (isset($uid) && isset($pswd) && isset($key)) {
$match = crypt("TB_".$uid."_USR",strlen($uid)+13);
$passwd = crypt($pswd,strlen($uid));
if ($key==$match) {
$cmd = "select status from users where uid='$uid' and usr_pswd='$passwd'";
$cmd = "select usr_pswd from users where uid='$uid'";
$result = mysql_db_query("tbdb", $cmd);
if (mysql_num_rows($result) == 1) {
$row = mysql_fetch_row($result);
$usr_pswd = $row[0];
$salt = substr($usr_pswd,0,2);
if ($salt[0] == $salt[1]) { $salt = $salt[0]; }
$PSWD = crypt("$pswd",$salt);
if ($PSWD == $usr_pswd) {
$cmd = "select status from users where uid='$uid'";
$result = mysql_db_query("tbdb", $cmd);
$row = mysql_fetch_row($result);
$status = $row[0];
if ($status=="unverified") {
......@@ -63,27 +69,28 @@ if (isset($uid) && isset($pswd) && isset($key)) {
} else {
echo "<h3>You have already been verified, $uid. If you did not ".
"perform this verification, please notify ".
"<a href=\"mailto:newbold@cs.utah.edu\">Mac Newbold ".
"(newbold@cs.utah.edu)</a> immediately.</h3>\n";
"<a href=\"mailto:testbed-control@flux.cs.utah.edu\">".
"Testbed Control (testbed-control@flux.cs.utah.edu)</a> immediately.</h3>\n";
}
} else {
echo "<h3>The given password and key are incorrect. Please go back to ".
echo "<h3>The given password is incorrect. Please go back to ".
"<a href=\"verify.php3?$uid\">New User Verification</a> and ".
"enter the correct password and key.</h3>\n";
}
} else {
echo "<h3>The given password and key are incorrect. Please go back to ".
echo "<h3>The given key is incorrect. Please go back to ".
"<a href=\"verify.php3?$uid\">New User Verification</a> and ".
"enter the correct password and key.</h3>\n";
}
} else {
echo "<h3>The given password and key are incorrect. Please go back to ".
echo "<h3>The username, password or key are invalid. Please go back to ".
"<a href=\"verify.php3?$uid\">New User Verification</a> and ".
"enter the correct password and key.</h3>\n";
}
?>
<p>Please contact
<a href="mailto:newbold@cs.utah.edu">Mac Newbold (newbold@cs.utah.edu)</a>
<a href="mailto:testbed-control@flux.cs.utah.edu">Testbed Control
(testbed-control@flux.cs.utah.edu)</a>
if you need further assistance.
</p>
</body>
......
......@@ -39,7 +39,8 @@ Please log in again.</h3>\n</body></html>";
<p> The purpose of this page is to verify, for security purposes, that
information given in your application is correct. If you never received a
key at the email address given on your application, please contact
<a href="mailto:newbold@cs.utah.edu">Mac Newbold (newbold@cs.utah.edu)</a>
<a href="mailto:testbed-control@flux.cs.utah.edu">
Testbed Control (testbed-control@flux.cs.utah.edu)</a>
for further assistance.
</p>
<?php
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment