moduserinfo.php3 19.8 KB
Newer Older
1
<?php
Leigh Stoller's avatar
Leigh Stoller committed
2
#
3
# Copyright (c) 2000-2015 University of Utah and the Flux Group.
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
# 
# {{{EMULAB-LICENSE
# 
# This file is part of the Emulab network testbed software.
# 
# This file is free software: you can redistribute it and/or modify it
# under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at
# your option) any later version.
# 
# This file is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public
# License for more details.
# 
# You should have received a copy of the GNU Affero General Public License
# along with this file.  If not, see <http://www.gnu.org/licenses/>.
# 
# }}}
Leigh Stoller's avatar
Leigh Stoller committed
23
#
24 25 26
include("defs.php3");

#
27
# No PAGEHEADER here since we spit out a Location header later. See below.
28
# 
29
# We want to allow logged in users with expired passwords to change them.
30
#
31 32 33 34
$this_user = CheckLoginOrDie(CHECKLOGIN_USERSTATUS|CHECKLOGIN_PSWDEXPIRED|
			     CHECKLOGIN_WEBONLY|CHECKLOGIN_WIKIONLY);
$uid       = $this_user->uid();
$isadmin   = ISADMIN();
35

Leigh Stoller's avatar
Leigh Stoller committed
36
# Shell options we support. Maybe stick in DB someday.
Mike Hibler's avatar
Mike Hibler committed
37
$shelllist = array( 'tcsh', 'bash', 'csh', 'sh', 'zsh' );
38

39
# Used if db slot for user is NULL (should not happen.)
40 41
$defaultshell = 'tcsh';

42 43 44
# See below.
$wikionly = 0;

45 46 47 48 49 50 51
#
# Verify page arguments.
#
$optargs = OptionalPageArguments("target_user", PAGEARG_USER,
				 "submit",      PAGEARG_STRING,
				 "formfields",  PAGEARG_ARRAY);

52 53 54 55 56 57
#
# Spit the form out using the array of data and error strings (if any).
# 
function SPITFORM($formfields, $errors)
{
    global $TBDB_UIDLEN, $TBDB_PIDLEN, $TBDB_GIDLEN, $isadmin;
58
    global $target_user, $wikionly;
59
    global $shelllist, $defaultshell;
60
    global $WIKIDOCURL;
61 62 63 64

    $username = $target_user->uid();
    $uid_idx  = $target_user->uid_idx();
    $webid    = $target_user->webid();
65 66 67 68 69 70
    
    #
    # Standard Testbed Header. Written late cause of password
    # expiration interaction. See below.
    #
    PAGEHEADER("Modify User Information");
71
    ###STARTBUSY("Making user profile changes");
72 73

    if ($errors) {
74 75
	echo "<table class=nogrid
                     align=center border=0 cellpadding=6 cellspacing=0>
76
              <tr>
77
                 <th align=center colspan=2>
78
                   <font size=+1 color=red>
79
                      &nbsp;Oops, please fix the following errors!&nbsp;
80 81 82 83 84
                   </font>
                 </td>
              </tr>\n";

	while (list ($name, $message) = each ($errors)) {
85 86
            # XSS prevention.
	    $message = CleanString($message);
87
	    echo "<tr>
88 89 90 91
                     <td align=right>
                       <font color=red>$name:&nbsp;</font></td>
                     <td align=left>
                       <font color=red>$message</font></td>
92 93 94 95
                  </tr>\n";
	}
	echo "</table><br>\n";
    }
96 97 98 99
    # XSS prevention.
    while (list ($key, $val) = each ($formfields)) {
	$formfields[$key] = CleanString($val);
    }
100

101 102
    # For indicating that fields are optional or not.
    $optfield = ($wikionly ? "" : "*");
103
    $url      = CreateURL("moduserinfo", $target_user);
104

105 106
    echo "<table align=center border=1> 
          <tr>
107 108 109 110
             <td align=center colspan=3>
                 <em>(Fields marked with * are required)</em>
             </td>
          </tr>
111
          <form action='$url' method=post>\n";
112 113 114 115 116

        #
        # UserName. This is a constant field. 
        #
        echo "<tr>
117
                  <td colspan=2>Username:</td>
118
                  <td class=left>$username ($uid_idx)
119 120 121 122 123 124 125
              </td>
             </tr>\n";

	#
	# Full Name
	#
        echo "<tr>
126
                  <td colspan=2>*Full Name:</td>
127 128 129
                  <td class=left>
                      <input type=text
                             name=\"formfields[usr_name]\"
130
                             value=\"" . $formfields["usr_name"] . "\"
131 132 133 134 135 136 137 138
	                     size=30>
                  </td>
              </tr>\n";

        #
	# Title/Position:
	# 
	echo "<tr>
139
                  <td colspan=2>${optfield}Job Title/Position:</td>
140 141 142
                  <td class=left>
                      <input type=text
                             name=\"formfields[usr_title]\"
143
                             value=\"" . $formfields["usr_title"] . "\"
144 145
	                     size=30>
                  </td>
146
               </tr>\n";
147 148

        #
149
   	# Affiliation:
150 151
	# 
	echo "<tr>
152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169
                      <td colspan=2>*Institutional Affiliation:</td>
                      <td class=left>
			<table>
                          <tr>
                          <td>Name</td>
                          <td><input type=text
                                 name=\"formfields[usr_affil]\"
                                 value=\"" . $formfields["usr_affil"] . "\"
	                         size=40></td></tr>
			  <tr>
                          <td>Abbreviation:</td>
                          <td><input type=text
                                 name=\"formfields[usr_affil_abbrev]\"
                                 value=\"" . $formfields["usr_affil_abbrev"] . "\"
	                         size=16 maxlength=16> (e.g. MIT)</td>
			  </tr>
        		</table>
                      </td>
170 171 172 173 174 175
              </tr>\n";

	#
	# User URL
	#
	echo "<tr>
176
                  <td colspan=2>Home Page URL:</td>
177 178 179
                  <td class=left>
                      <input type=text
                             name=\"formfields[usr_URL]\"
180
                             value=\"" . $formfields["usr_URL"] . "\"
181 182 183 184 185 186 187 188
	                     size=45>
                  </td>
              </tr>\n";

	#
	# Email:
	#
	echo "<tr>
189
                  <td colspan=2>Email Address[<b>1</b>]:</td>
190 191 192 193 194 195 196 197
                  <td class=left> ";
	if ($isadmin)
	    echo "    <input type=text ";
	else
	    echo "    $formfields[usr_email]
                      <input type=hidden ";

	echo "               name=\"formfields[usr_email]\"
198
                             value=\"" . $formfields["usr_email"] . "\"
199 200 201 202
	                     size=30>";
        echo "    </td>
              </tr>\n";

203 204 205
        #
        # Country needs a default for older users.
        #
Leigh Stoller's avatar
Leigh Stoller committed
206 207 208
	if (!isset($formfields["usr_country"]) ||
	    $formfields["usr_country"] == "") {
	    $formfields["usr_country"] = "USA";
209
	}
210

211 212 213 214 215
	#
	# Postal Address
        #
	echo "<tr><td colspan=3>${optfield}Address:<br /><center>
	      <table>
216 217 218
		  <tr><td>Line 1</td><td colspan=3>
                    <input type=text
                           name=\"formfields[usr_addr]\"
219
                           value=\"" . $formfields["usr_addr"] . "\"
220 221 222 223
	                   size=45></td></tr>
		  <tr><td>Line 2</td><td colspan=3>
                    <input type=text
                           name=\"formfields[usr_addr2]\"
224
                           value=\"" . $formfields["usr_addr2"] . "\"
225 226 227 228
	                   size=45></td></tr>
		  <tr><td>City</td><td>
                    <input type=text
                           name=\"formfields[usr_city]\"
229
                           value=\"" . $formfields["usr_city"] . "\"
230 231 232 233
	                   size=25></td>
		      <td>State/Province</td><td>
                    <input type=text
                           name=\"formfields[usr_state]\"
234
                           value=\"" . $formfields["usr_state"] . "\"
235 236 237 238
	                   size=2></td></tr>
		  <tr><td>ZIP/Postal Code</td><td>
                    <input type=text
                           name=\"formfields[usr_zip]\"
239
                           value=\"" . $formfields["usr_zip"] . "\"
240 241 242 243
	                   size=10></td>
		      <td>Country</td><td>
                    <input type=text
                           name=\"formfields[usr_country]\"
244
                           value=\"" . $formfields["usr_country"] . "\"
245 246
	                   size=15></td></tr>
               </table></center></td></tr>";
247

248 249
        # Default Shell
	echo "<tr><td colspan=2>Shell:</td>
250
                  <td class=left>";
251
	echo "<select name=\"formfields[usr_shell]\">";
252
	foreach ($shelllist as $s) {
253 254
	    $selected = "";

255
	    if ((!isset($formfields["usr_shell"]) &&
256 257 258
		 strcmp($defaultshell, $s) == 0) ||
		strcmp($formfields["usr_shell"],$s) == 0) {
		$selected = "selected";
259
	    }
260
	    echo "<option $selected value='$s'>$s</option>";
261
	}	
262
	echo "</select></td></tr>";
263

264 265 266 267
	#
	# Phone
	#
	echo "<tr>
268
                  <td colspan=2>${optfield}Phone #:</td>
269 270 271
                  <td class=left>
                      <input type=text
                             name=\"formfields[usr_phone]\"
272
                             value=\"" . $formfields["usr_phone"] . "\"
273 274 275 276 277 278 279 280
	                     size=15>
                  </td>
              </tr>\n";

	#
	# Password. Note that we do not resend the password. User
	# must retype on error.
	#
281
	echo "<tr></tr>\n";
282
	echo "<tr>
283
                  <td colspan=2>Password[<b>1</b>]:</td>
284 285 286
                  <td class=left>
                      <input type=password
                             name=\"formfields[password1]\"
287
                             value=\"" . $formfields["password1"] . "\"
288 289 290 291
                             size=8></td>
              </tr>\n";

        echo "<tr>
292
                  <td colspan=2>Retype Password:</td>
293 294 295
                  <td class=left>
                      <input type=password
                             name=\"formfields[password2]\"
296
                             value=\"" . $formfields["password2"] . "\"
297 298 299
                             size=8></td>
             </tr>\n";

300 301 302 303 304 305 306
	if (!$wikionly) {
	    #
            # Windows Password.  Initial random default is based on the Unix
	    # password hash.
	    #   
	    # A separate password is kept for experiment nodes running Windows.
	    # It is presented behind-the-scenes to rdesktop and Samba by our
307
	    # Web interface, but you may still need to type it.
308 309 310 311 312 313 314 315
	    # The default password is randomly generated.
	    # You may change it to something easier to remember.
	    #
	    echo "<tr>
                      <td colspan=2>Windows Password[<b>1,4</b>]:</td>
                      <td class=left>
                          <input type=text
                                 name=\"formfields[w_password1]\"
316
                                 value=\"" . $formfields["w_password1"] . "\"
317 318
                                 size=8></td>
                  </tr>\n";
Russ Fish's avatar
Russ Fish committed
319

320 321 322 323 324 325 326 327 328 329 330 331
	    echo "<tr>
                      <td colspan=2>Retype Windows Password:</td>
                      <td class=left>
                          <input type=text
                                 name=\"formfields[w_password2]\"
                                 size=8></td>
                 </tr>\n";

            #
	    # Planetlab bit. This should really be a drop down menu of the
	    #                choices.
            #
Leigh Stoller's avatar
Leigh Stoller committed
332 333 334 335
	    if (isset($formfields["user_interface"]))
		$checked = $formfields["user_interface"];
	    else
		$checked = "";
336 337 338 339 340
	    echo "<tr>
		      <td colspan=2>Use simplified PlanetLab view:</td>
		      <td class=left>
		         <input type='checkbox'
                                name=\"formfields[user_interface]\"
341
                                value=checked $checked>
342 343
		      </td>
	          </tr>\n";
344 345
	}

346 347 348 349 350 351 352 353 354
        #
	# Notes
	#
	if ($isadmin) {
	    echo "<tr>
                      <td colspan=2>Admin Notes:</td>
                      <td class=left>
                         <textarea name=\"formfields[notes]\"
                                   rows=2 cols=40>" .
355
		                   str_replace("\r", "",
356
						$formfields["notes"]) .
357 358 359 360 361
		        "</textarea>
                      </td>
                  </tr>\n";
	}

362
    echo "<tr>
363 364
              <td align=center colspan=3>
                  <b><input type=submit name=submit value=Submit></b>
365 366 367 368 369 370 371 372 373
              </td>
          </tr>\n";

    echo "</form>
          </table>\n";

    echo "<h4><blockquote><blockquote>
          <ol>
            <li> Please consult our
374
                 <a href = '$WIKIDOCURL/SecReqs'>
375
                 security policies</a> for information
376 377
                 regarding passwords and email addresses.\n";
    if (!$wikionly) {
378
	$pubkey_url = CreateURL("ssh-keys", $target_user);
379
	
380
	echo "<li> You can also
381
                 <a href='$pubkey_url'>edit your ssh public keys</a>.
382 383
            <li> The City, State, ZIP/Postal Code, and Country fields 
                 were added later, so
384 385
                 some early users will be forced to adjust their addresses
                 before they can proceed. Sorry for the inconvenience.
Russ Fish's avatar
Russ Fish committed
386 387 388 389
            <li> A separate password is kept for experiment nodes running
                 Windows.  It is presented behind-the-scenes to rdesktop and
                 Samba by our Web interface, but you may still need to type
                 it.  The default password is randomly generated.  You may
390 391 392
                 change it to something easier to remember.\n";
    }
    echo "</ol>
393 394 395 396
          </blockquote></blockquote>
          </h4>\n";
}

397 398 399
# Early error checking on $target_user.
$errors  = array();

400
#
Leigh Stoller's avatar
Leigh Stoller committed
401 402
# The target uid and the current uid will be the same, unless its a priv user
# (admin,PI) modifying someone elses data. Must verify this case. Note that
403
# the target uid comes initially as a page arg, but later as a form argument
404
#
405
if (!isset($submit)) {
406 407 408
    if (!isset($target_user)) {
	$target_user = $this_user;
    }
409 410
}
else {
411
    if (!isset($target_user) || !isset($formfields)) {
412
	$errors["Args"] = "Invalid form arguments!";
Leigh Stoller's avatar
Leigh Stoller committed
413 414 415
    }
}

416
# Need this below.
417
$target_uid = $target_user->uid();
418 419

#
420
# Admin types can change anyone. 
421
#
422 423
if (!$isadmin && 
    !$target_user->AccessCheck($this_user, $TB_USERINFO_MODIFYINFO)) {
424 425 426
    $errors["Project"] = 
	"You do not have permission to modify information for ".
	    "user: $target_uid!";
427 428
}

429
#
430
# On first load, display a form consisting of current user values, and exit.
431
#
432 433 434 435 436 437 438 439 440 441 442 443 444 445 446
if (!isset($submit)) {
    $defaults = array();
    $defaults["user"]        = $target_user->webid();
    $defaults["usr_email"]   = $target_user->email();
    $defaults["usr_URL"]     = $target_user->URL();
    $defaults["usr_addr"]    = $target_user->addr();
    $defaults["usr_addr2"]   = $target_user->addr2();
    $defaults["usr_city"]    = $target_user->city();
    $defaults["usr_state"]   = $target_user->state();
    $defaults["usr_zip"]     = $target_user->zip();
    $defaults["usr_country"] = $target_user->country();
    $defaults["usr_name"]    = $target_user->name();
    $defaults["usr_phone"]   = $target_user->phone();
    $defaults["usr_title"]   = $target_user->title();
    $defaults["usr_affil"]   = $target_user->affil();
447
    $defaults["usr_affil_abbrev"] = $target_user->affil_abbrev();
448 449 450 451
    $defaults["usr_shell"]   = $target_user->shell();
    $defaults["notes"]       = $target_user->notes();
    $defaults["password1"]   = "";
    $defaults["password2"]   = "";
452 453 454
    $defaults["user_interface"] =
	($target_user->user_interface() == TBDB_USER_INTERFACE_PLAB ?
	 "checked" : "");
455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482

    $wikionly                = $target_user->wikionly();

    # Show and keep the Windows password if user-set, otherwise fill in the
    # random one.
    if ($target_user->w_pswd() != "") {
	$defaults["w_password1"] =
	    $defaults["w_password2"] = $target_user->w_pswd();
    }
    else {
	#
	# The initial random default for the Windows Password is based on the
	# Unix encrypted password, in particular the random salt if it's an
	# MD5 crypt, consisting of the 8 chars after an initial "$1$" and
	# followed by "$".
	#
	$unixpwd = explode('$', $target_user->pswd());
	if (strlen($unixpwd[0]) > 0)
	    # When there's no $ at the beginning, its not an MD5 hash.
	    $randpwd = substr($unixpwd[0],0,8);
	else
	    $randpwd = substr($unixpwd[2],0,8); # The MD5 salt string.
	$defaults["w_password1"] = $defaults["w_password2"] = $randpwd;
    }

    SPITFORM($defaults, $errors);
    PAGEFOOTER();
    return;
Russ Fish's avatar
Russ Fish committed
483 484
}

485
#
486 487 488 489 490
# If any errors, respit the form with the current values and the
# error messages displayed. Iterate until happy.
# 
if (count($errors)) {
    SPITFORM($formfields, $errors);
491 492 493 494 495
    PAGEFOOTER();
    return;
}

#
496
# Build up argument array to pass along.
497
#
498
$args = array();
499

500 501 502
# Always pass the password fields if specified.
if (isset($formfields["password1"]) && $formfields["password1"] != "") {
    $args["password1"] = $formfields["password1"];
503
}
504 505
if (isset($formfields["password2"]) && $formfields["password2"] != "") {
    $args["password2"] = $formfields["password2"];
506
}
507 508
if (isset($formfields["w_password1"]) && $formfields["w_password1"] != "") {
    $args["w_password1"] = $formfields["w_password1"];
509
}
510 511
if (isset($formfields["w_password2"]) && $formfields["w_password2"] != "") {
    $args["w_password2"] = $formfields["w_password2"];
512
}
513 514 515 516 517

# Skip passing ones that are not changing from the default (DB state.)
if (isset($formfields["usr_name"]) && $formfields["usr_name"] != "" &&
    ($formfields["usr_name"] != $target_user->name())) {
    $args["usr_name"]	= $formfields["usr_name"];
518
}
519 520 521
if (isset($formfields["usr_email"]) && $formfields["usr_email"] != "" &&
    ($formfields["usr_email"] != $target_user->email())) {
    $args["usr_email"]	= $formfields["usr_email"];
522
}
523 524 525
if (isset($formfields["usr_title"]) && $formfields["usr_title"] != "" &&
    $formfields["usr_title"] != $target_user->title()) {
    $args["usr_title"]	= $formfields["usr_title"];
526
}
527 528 529
if (isset($formfields["usr_affil"]) && $formfields["usr_affil"] != "" &&
    $formfields["usr_affil"] != $target_user->affil()) {
    $args["usr_affil"]	= $formfields["usr_affil"];
530
}
531 532 533 534
if (isset($formfields["usr_affil_abbrev"]) && $formfields["usr_affil_abbrev"] != "" &&
    $formfields["usr_affil"] != $target_user->affil_abbrev()) {
    $args["usr_affil_abbrev"]	= $formfields["usr_affil_abbrev"];
}
535 536 537
if (isset($formfields["usr_shell"]) && $formfields["usr_shell"] != "" &&
    $formfields["usr_shell"] != $target_user->shell()) {
    $args["usr_shell"]	= $formfields["usr_shell"];
538
}
539 540 541
if (isset($formfields["usr_URL"]) && $formfields["usr_URL"] != "" &&
    $formfields["usr_URL"] != $target_user->URL()) {
    $args["usr_URL"]	= $formfields["usr_URL"];
542
}
543 544 545
if (isset($formfields["usr_addr"]) && $formfields["usr_addr"] != "" &&
    $formfields["usr_addr"] != $target_user->addr()) {
    $args["usr_addr"]	= $formfields["usr_addr"];
546
}
547
if (isset($formfields["usr_addr2"]) &&
548
    $formfields["usr_addr2"] != $target_user->addr2()) {
549
    $args["usr_addr2"]	= $formfields["usr_addr2"];
Leigh Stoller's avatar
Leigh Stoller committed
550
}
551 552 553
if (isset($formfields["usr_city"]) && $formfields["usr_city"] != "" &&
    $formfields["usr_city"] != $target_user->city()) {
    $args["usr_city"]	= $formfields["usr_city"];
554
}
555 556 557
if (isset($formfields["usr_state"]) && $formfields["usr_state"] != "" &&
    $formfields["usr_state"] != $target_user->state()) {
    $args["usr_state"]	= $formfields["usr_state"];
558
}
559 560 561
if (isset($formfields["usr_zip"]) && $formfields["usr_zip"] != "" &&
    $formfields["usr_zip"] != $target_user->zip()) {
    $args["usr_zip"]	= $formfields["usr_zip"];
562
}
563 564 565
if (isset($formfields["usr_country"]) && $formfields["usr_country"] != "" &&
    $formfields["usr_country"] != $target_user->country()) {
    $args["usr_country"]	= $formfields["usr_country"];
566
}
567
if (isset($formfields["usr_phone"]) && $formfields["usr_phone"] != "" &&
568 569
    $formfields["usr_phone"] != $target_user->phone()) {
    $args["usr_phone"]	= $formfields["usr_phone"];
570
}
571 572 573 574 575 576 577 578 579
if (isset($formfields["user_interface"]) &&
    $formfields["user_interface"] == "checked") {
    $desired_interface = TBDB_USER_INTERFACE_PLAB;
}
else {
    $desired_interface = TBDB_USER_INTERFACE_EMULAB;
}
if ($desired_interface != $target_user->user_interface()) {
    $args["user_interface"] = $desired_interface;
580
}
581

582
if (isset($formfields["notes"]) &&
583 584
    $formfields["notes"] != $target_user->notes()) {
    $args["notes"]	= $formfields["notes"];
Russ Fish's avatar
Russ Fish committed
585
}
586

587
if (! ($result = User::ModUserInfo($target_user, $uid, $args, $errors))) {
588 589
    # Always respit the form so that the form fields are not lost.
    # I just hate it when that happens so lets not be guilty of it ourselves.
590 591 592 593 594
    SPITFORM($formfields, $errors);
    PAGEFOOTER();
    return;
}

595
PAGEHEADER("Modify User Information");
596

597 598
###STOPBUSY();

599
echo "<center><h3>Done!</h3></center>\n";
600
PAGEREPLACE(CreateURL("showuser", $target_user) . "#PROFILE");
601

602 603 604 605
#
# Standard Testbed Footer
# 
PAGEFOOTER();
606
?>