1. 19 Dec, 2003 2 commits
  2. 18 Dec, 2003 3 commits
    • Leigh B. Stoller's avatar
      Added check to make sure that uid does not already exist. This is · 7e50b223
      Leigh B. Stoller authored
      usually handled via uid cookie we get back from the browser, but if
      the user Clicks stop or maybe has cookies off, we don't that info.
    • Leigh B. Stoller's avatar
      First try at solving the problem of validating user input for the · 8dbead16
      Leigh B. Stoller authored
      zillions of DB fields that we have to set. My solution was to add a
      meta table that describes what is a legal value for each table/slot
      for which we take from user input. The table looks like this right
      now, but is likely to adapt as we get more experience with this
      approach (or it might get tossed if it turns out to be a pain in the
      	CREATE TABLE table_regex (
      	  table_name varchar(64) NOT NULL default '',
      	  column_name varchar(64) NOT NULL default '',
      	  column_type enum('text','int','float') default NULL,
      	  check_type enum('regex','function','redirect') default NULL,
      	  check tinytext NOT NULL,
      	  min int(11) NOT NULL default '0',
      	  max int(11) NOT NULL default '0',
      	  comment tinytext,
      	  UNIQUE KEY table_name (table_name,column_name)
      	) TYPE=MyISAM;
      Entries in this table look like this:
      Which says that the vname slot of the virt_nodes table (which we trust the
      user to give us in some form) is a text field to be checked with the given
      regex (perlre of course), and that the min/max length of the text field is
      1 and 32 chars respectively.
      Now, you wouldn't want to write the same regex over and over, and since we
      use the same fields in many tables (like pid, eid, vname, etc) there is an
      option to redirect to another entry (recursively). So, for "PID" I do this:
      which redirects to:
      And, for many fields you just want to describe generically what could go
      into it. For that I have defined some default fields. For example, a user
      which redirects to:
      and this says that a tinytext (in our little corner of the database
      universe) field can have printable characters (but not a newline), and
      since its a tinytext field, its maxlen is 256 chars.
      You also have integer fields, but these are little more irksome in the
      and you would use this anyplace you do not care about the min/max values
      being something specific in the tinyint range. The range for a float is of
      course stated as an integer, and thats kinda bogus, but we do not have many
      floats, and they generally do not take on specific values anyway.
      A note about the min/max fields and redirecting. If the initial entry has
      non-zero min/max fields, those are the min mac fields used. Otherwise they
      come from the default. So for example, you can do this:
      So, you can redirect to the standard "tinyint" regular expression, but you
      still get to define min/max for the specific field.
      Isn't this is really neat and really obtuse too? Sure, you can say it.
      Anyway, xmlconvert now sends all of its input through these checks (its
      all wrapped up in library calls), and if a slot does not have an entry, it
      throws an error so that we are forced to define entries for new slots as we
      add them.
      In the web page, I have changed all of the public pages (login, join
      project, new project, and a couple of others) to also use these checks.
      As with the perl code, its all wrapped up in a library. Lots more code
      needs to be changed of course, but this is a start.
    • Leigh B. Stoller's avatar
      Minor changes and cleanup. Also fix up the problem with duplicate · da4a4125
      Leigh B. Stoller authored
      addslashes getting called, once in the web interface and again in the
      perl backend.
  3. 16 Dec, 2003 7 commits
  4. 15 Dec, 2003 4 commits
    • Leigh B. Stoller's avatar
    • Shashi Guruprasad's avatar
      Added question TR-6: "I wrote a small TCP application to test the · 5019322b
      Shashi Guruprasad authored
      bandwidth of a link/LAN. I do not observe the bandwidth that I
      asked for. Why?"
    • Leigh B. Stoller's avatar
      My own top bar image. · e510dc6f
      Leigh B. Stoller authored
    • Leigh B. Stoller's avatar
      Commit functioning XML interface. At present, only isadmin people will · 51310e62
      Leigh B. Stoller authored
      see this new page. That allows me to inflict pain on testbed
      developers while we work out any kinks. These new pages implement an
      XML interface to experiment creation.
      Some new files:
      beginexp_html.php3: A wrapper for the actual beginexp form. This page
      includes the form, and then invokes the XMLRPC backend page.
      beginexp_form.html: The original form code, split out from beginexp
      and turned into a module that can be included into another file.  It
      is slightly reorganized to make it easier to include as a module.  The
      idea is that the plab_ez form will be recast in this model, reducing
      some redundant complexity.
      beginexp_xml.php3: The XML backend. The idea is that the html page
      packages up the form arguments as an XMLRPC message, and invokes this
      page with the XML goo encoded in the URL. It also passes along the
      uid/cookie so that the authentication happens properly (https of
      course). The page decodes the URL into PHP datatypes, and does much of
      the same argument checking that beginexp used to do. Errors are stored
      up in the same manner, but instead of spitting back html, it now spits
      back a "structure", encoded in XML so that the _html page can put up a
      new form. Basically, all output is sent back via an XML encoded
      structure and displayed in a form that the invoking script deems
      This gives us a pure XMLRPC interface, which we wrap with a form interface
      so that it looks just like it did before.
      The next step is to provide an alternate front end, but that will require
      some certificate stuff that I have not worked out yet.
      Oh, one more item. The syntax check stuff has been altered a bit.
      Instead of invoking the beginexp page, which meant a zillion special
      tests, I now invoke nscheck.php3 directly from the button. Took a few
      extra lines of Javascript to do this, so watch out for problems there
  5. 12 Dec, 2003 1 commit
  6. 11 Dec, 2003 5 commits
  7. 10 Dec, 2003 5 commits
    • Jay Lepreau's avatar
    • Leigh B. Stoller's avatar
      New pages to allow users to reset their forgotten passwords without · 315e11ab
      Leigh B. Stoller authored
      invovling testbed ops. Split into two parts:
      * password.php3 gives the user a form to specify their email address
        and their phone number. We look for a match in the DB, with the
        phone number stripped of all non-numeric characters and the email
        addresses lowercased. If we find a matching user in the database,
        generate a unique key and store that into the DB along with a
        timestamp that allows the key to be used for a short time period
        (currently 30 minutes). The key is split into two parts, with half
        stored in the users browser (secure mode), and the other half sent
        to the user in an email message that contains a URL that allows the
        user to reset their password.
      * chpasswd.php3 does the rest of the operation. It takes half the key
        from the URL, and sucks the other half from the user's browser,
        combining the two halves and matching it against the key that is
        stored in the DB. If the key matches and the timeout has not
        expired, the user is given a form to specify a new password. From
        this point on its just a standard change password operation.
      Both pages are audited with email sent to the user, tbops and the
      audit list.
    • Leigh B. Stoller's avatar
    • Leigh B. Stoller's avatar
      Minor cosmetic change. · f68d3b80
      Leigh B. Stoller authored
    • Leigh B. Stoller's avatar
  8. 09 Dec, 2003 3 commits
  9. 08 Dec, 2003 1 commit
  10. 05 Dec, 2003 3 commits
    • Robert Ricci's avatar
      Add a 'Create a PlanetLab Slice' link for users who are allowed to · b0fc6b58
      Robert Ricci authored
      use pcplab nodes.
    • Robert Ricci's avatar
      Add $CHECKLOGIN_NODETYPES, which is a hash (indexed by node type) · 7d531def
      Robert Ricci authored
      containing the set of node types a user is allowed to use. Add
      a NODETYPE_ALLOWED() function to check against this hash.
    • Leigh B. Stoller's avatar
      Move setting the node permission table for a project from the web · 4931fecf
      Leigh B. Stoller authored
      interface to the backend. mkproj now looks at the pcremote_ok set
      and makes the proper calls to grantnodetype. This reduces the amount
      of hardwired goo in the web interface.
      Still, there is a bit of hardwired stuff in mkproj. At present we do
      not form a relationship between a phys node type and the types we
      assign to the virtual nodes. Thats is, nothing says that a pcplabphys
      implies the right to use pcplabinet, etc. With only 3 remote phys
      types, I just hardwired it into mkproj calling grantnodetype with type
      pcplab (the class for the virtnodes) for pcplabphys. Same for pcron
      and pcwa, (both get pcvwa). Ultimately we need a better type system.
      In general the type system is pretty screwy.
  11. 04 Dec, 2003 3 commits
  12. 03 Dec, 2003 2 commits
  13. 02 Dec, 2003 1 commit