GitLab

determine if the user actually changed anything that requires a
callout to the scripts, and to determine if email needs to be sent.
Remove change password indicator since the audit list sees that anyway
via new "tbacct passwd" command. Change BCC/CC on the email. The
informative email goes to the user only now (audit list gets the
script mail), but CC audit whenever the email address is changed.

protected page except those that are explicitly deemed okay for a
webonly user. This makes me feel better and safer!

determine if user has a real account.

person logged in is an admin, and doesn't have adminoff set, set it.
(We have to prepend an HTTP_ so that it will make it through suexec.)

This is needed by, for example Mac's/Kirk's idlecheck/slothd stuff.

Banner bar to indicate what you are. Click the dot toggles the mode.
Might have the colors backwards though. Perhaps green dot should
indicate adminmode is off and red dot indicate on?

changes that have to go in now!

netscape gives when logged in using another browser. Most of the
problems stems from the desire to allow users to refer to the main
page in http mode even when logged in. I want to draw the menu as if
logged in, but have the actual pages demand https mode. I'm also
trying to catch the case where users have turned off cookies. I think
Mac's idea is the way to go, but I don't want to mess with it right
now. These changes will avoid the worst problem.

* Cleanup! A lot of the structure derived from the early frame days,
  which had a noticable (and bad) effect on how I wrote the stuff.  I
  cleaned up most of that yuckyness.

* In process, optimize a little bit on the queries. The old code did
  about 9 queries just to write out the menu options, and then
  repeated most of those queries again in the page guts. I've
  consolidated the queries as much as possible (to 3) and cache all
  the results.

* Fix up problem with users who forget their passwords before
  verification. Basically, I fixed the more general problem of not
  being able to update your user info before verification/approval;
  users now get that menu option no matter their status.

* Fix up problem of users being able to access pages before
  verification (but after approval) by going around the menu options.
  The page level check (after the menu is drawn) now checks all
  conditions (password expired, unverified, unapproved, timedout, and
  also nologins()).

* Minor change in approveuser; do not show the new account to the
  project leader until the new user has verified his account.

* Change verification method, as reqwuested by Dave.  In addition to
  providing the key, also provide a web link to take the user straight
  to verification. I actually take them direct to the login page, and
  pass the key in as an argument. If the user is already logged in,
  bypass and go directly to the verify page (not the form page of
  course).  If the user is not logged in, let him log in, and then
  forward the key onward to the verify page. Basically, bypass the
  form all the time, and just do the verification.

* Minor change in showuser; Do not show pid/groups not approved in,
  and if the count is zero, do not draw the table headings.

when backing up (cause of an error that needs to be fixed) since not
all browsers handle this the same. Instead, redraw the form with all
of the original info and a list of error messages at the top.
Conceptually simple change, but it turns out to be a pain to implement
since you need to combine the form and processing code in one page
(well, its just a lot easier to do that), and then change all of the
forms to deal with a "default" value. That is, each different kind of
input tag (text, radio, select, checkbox, etc.) requires slightly
different changes to do that. Lots of forms, lots of entries on the
forms, and its a long slow tedious process. Much nicer though, although
the code is a bit harder to grok. At the same time, I added a lot more
sanity checks of the information being passed in.

The other change is to deal with how browsers handle the back button
on a form thats been properly submitted. Not all browsers use
the cache directives the same, and I was often typing back, only to
have some form get reposted. Thats a major pain in the butt. The way
to deal with that is to have the processor send out a Location header,
which modifies the browser history so that the post is no longer in
the history. You back up straight to the unposted form (if its in the
cache). I've done this to only some forms, since its a bit of a pain
to rework things so that you can jump ahead to a page that spits out
the requisite warm fuzzies for the specific operation just completed.

I've done newproject, joinproject, update user info, newimageid, and
newimaged_dz forms.

finished.

capability. New DB field in the users table (pswd_expires) which is a
date field that initially gets set to one year after the user account
is created. When the password is changed via the web form, it gets
bumped 1 more year into the future *unless* the current uid is
different from the target_uid (ie: you are changing a password for
someone else). In that case, the expiration is set to the current
date, which forces the target user to change his password next time he
logs in. I've changed the menu/auth code to look for password
expiration, and when expired the menu options contain just a single
option to change the password. All other https pages will fail with a
password expired message. Normal text pages will work of course.

I added a DB table to record last Web login, and I've added a backed
program (lastlogin.c) to get the lastlogin information from
users:/var/log/lastlog (mounted on boss:/usr/testbed/usersvar). These
two bits of info are now displayed in the user infomation page.

instead of https. Present doc links as http all the time.  Required
lot of little changes.

replaced by the "images" table. New os_info table is added. New web
pages to add and delete OSIDs to/from the os_info table, for use in
the NS file. tb-create-os is gone. handle_os no longer operates on the
tbcmds file, and no longer writes anything into the ir file. Moved the
setting up of os state (nodes table) from os_setup to handle_os, where
it should be. os_load and sched_reload now take a single argument, the
name of the imageid from the images table.

interface options (but leave the documentation and web page running),
simply do this in mysql:

	insert into nologins (nologins) values(1);

To turn the interface back on:

	delete from nologins;

who the user is instead of passing ?uid to every page all the way down.
Update login timeout with each useful operation (done in checklogin).
Put default user name in the login box when visiting the page.