GitLab

deal with the issue of what a hidden run means when doing a replay, cause
more generally, replay needs a lot of work.

table. Note that workbench permission implies archive permission too.
Added the toggle to the project page.

Added a "stud" toggle to the user page while I was there.

  register_globals=1 to turn POST/GET/COOKIES arguments in local variables.
  This is known to be a terrible security risk, and we keep saying we are
  going to fix it, and now I am. In order to accomplish this on a
  transitional basis (since I don't want the entire web interface to stop
  working while I debug it), and because the code just needs the cleanup, I
  am doing it like this: Each page will sport new declarations at the top:

	RequiredPageArguments("experiment", PAGEARG_EXPERIMENT,
                              "template",   PAGEARG_TEMPLATE,
                              "instance",   PAGEARG_INSTANCE,
                              "metadata",   PAGEARG_METADATA,
                              "osinfo",     PAGEARG_OSINFO,
                              "image",      PAGEARG_IMAGE,
                              "project",    PAGEARG_PROJECT,
                              "group",      PAGEARG_GROUP,
                              "user",       PAGEARG_USER,
			      "node",       PAGEARG_NODE,
			      "yesno",      PAGEARG_BOOLEAN,
			      "message",    PAGEARG_STRING,
			      "age",        PAGEARG_INTEGER,
                              "cost",       PAGEARG_NUMERIC,
                              "formfields", PAGEARG_ARRAY,
                              "unknown",    PAGEARG_ANYTHING);

	OptionalPageArguments("canceled", PAGEARG_BOOLEAN);

  The first token in each pair is the name of the global variable to
  set, and the second token is the type. So, for "experiment" we look at
  the URL for a pid/eid or exptidx, etc, sanity check them (safe for a
  DB query), and then try to find that experiment in the DB. If it maps
  to an experiment, set global variable $experiment to the object. Since
  its a required argument, produce an error if not supplied. Similar
  treatment for optional arguments, with the obvious difference.

  The goal is to have ALL argument processing in one place, consistent,
  and correct. I've found numerous places where we leak unchecked
  arguments into queries. It also cuts out a lot of duplicated code.

* To make the above easier to deal with, I've been replacing lots of
  hardcoded URLS in the code of the form:

	foo.php3?pid=$pid&eid=$eid ...

  with

        CreateURL("foo", $experiment)

  which creates and returns the neccessary url string, by looking at
  the type of its arguments (experiment, template, instance, etc.)

  Eventually plan to replace them all so that URL handling throughout
  the code is all defined in one place (all the new URL code is in
  url_defs.php).

* I have cranked up error reporting to tell me anytime a variable is
  used before it is initialized, plus a bunch of other stuff that PHP
  deems improper. Think of it like -Wall ... and boy we get a lot of
  warnings.  A very large percentage of the diffs are to fix all these
  warnings.

  The warnings are currently going to /usr/testbed/log/php-errors.log,
  and I'll be adding a script to capture them each night and mail them
  to tbops. This file also gets errors (this will be a change for
  developers; rather then seeing errors and warnings dumped in the
  middle of web pages, they will go to this file instead).

* Major refactoring of the code. More objects (nodes, images, osids).
  Moving tons of queries into the objects in the hopes of someday
  getting to a point where we can split the web interface onto a
  different server.  Lots of general cleanup.

converting to locally unique ids and later globally unique ids.

The adminon/off bit is now kept in the login table instead of the
users table so that you can be reddot on a per-browser (login) basis.

described elsewhere ...

Note that until Jay approves the new menu config, mere users will *not*
see the new collaboration menu. Only STUDLY() users will see the new
menu, although everyone will see the rest of the front page menu changes
since they are fairly minor.

table that will prevent an experiment from being swapped/modified. The
toggle is on the showexp page, and the toggle is *not* admin
over-ridable; you must turn the toggle off (and of course, you must be
an admin to do that).

toggle.php, and make the admin bit override the webonly bit for
permissions checks.

* Add slots to users table to track number of failures in the last N
  seconds. If a threshold is passed (currently 4 failures in the last
  minute), the web login is disabled. Note that I do not disable the
  ops shell login at this time. Aging is passive; the values are cleared
  when login is successful, or when more then one minute has passed
  since the last failure. In other words, a burst of failures will
  disable the login, but failures over time are okay.

* Add login_failures table to do exactly the same as above, except it
  is on an IP basis (REMOTE_ADDR in the server). Currently the
  threshold is 8 failures in the last two minutes, at which time all
  logins from that IP are disabled.

In both cases email is sent to tbops (and the user).

The constants are defined at the top of www/tbauth.in, rather then as
site variables, to avoid pounding the DB when an attack is being
launched.

To clear a user freeze, go to the user profile page and use the
"toggle" near the bottom.

To clear an IP freeze: delete from login_failures were IP='1.1.1.1'

coding practices. Comments welcome; the page certainly did not need
this much added goo, but it looks nice!

based page that looks like the original Begin Experiment page. Be sure
to look at the page in both admin mode and non-admin mode since I had
some trouble determining how swappable is treated these days.

Oh, added the ability to convert non-batch experiments into batch, and
back. The experiment must be unlocked and in the swapped state to go
in either direction.

Also added the cpu_usage and mem_usage slots for editing. I added a
comment about planetlab only, since otherwise we would just confuse
normal users who have no idea what they mean. I could conditionalize
them on having plab nodes, but thats difficult to figure out in the
web page when the experiment is swapped out, so lets not worry about
it.

the swap/idle settings on their own experiments. This accounts for
90% of the idle settings email, 90% of which is Mike playing with red
and green dots.

more useful, by including the reasons and such.

Also add a similar email message when they change the reasons or timeouts.

name, your idleswap time, and your unswappable/noidleswap reasons if
applicable. Also, make toggle send mail if people try to go unswappable or
turn off their idleswap bit.

them.

Make user profile toggle for admin mode use toggle.php too.)

Fix Eric's nit about showing no estimate before we have one to offer.

soon be used by admins only to grant swappability. For now, it is open to
anyone who has expt modify access as well.

The change is visible everywhere SHOWEXP is called, like showexp.php3 for
instance.

Also introduced toggle.php, a generic toggle script, similar to
adminmode.php, but useful for just about anything. To add something, just
add it to the list, specify the valid values it can have, and add its
permission check and action. Now you don't need a different php page for
each toggle switch. This page is already set up to take over from
adminmode.php, but I didn't change things over just yet.

(Should this go in the changelog?)