newproject.php3 10.4 KB
Newer Older
1 2
<html>
<head>
3
<title>Utah Testbed Project Request</title>
4
<link rel='stylesheet' href='tbstyle.css' type='text/css'>
5 6 7
</head>
<body>
<?php
8 9
include("defs.php3");

10 11 12 13
#
# First off, sanity check the form to make sure all the required fields
# were provided. I do this on a per field basis so that we can be
# informative. Be sure to correlate these checks with any changes made to
14
# the project form. Note that this sequence of  statements results in
15 16 17 18
# only the last bad field being displayed, but thats okay. The user will
# eventually figure out that fields marked with * mean something!
#
$formerror="No Error";
19 20
if (!isset($pid) ||
    strcmp($pid, "ucb-omcast") == 0) {
21 22
  $formerror = "Name";
}
23 24
if (!isset($proj_head_uid) ||
    strcmp($proj_head_uid, "") == 0) {
25 26
  $formerror = "Username";
}
27 28
if (!isset($proj_name) ||
    strcmp($proj_name, "UCB Overlay Multicast") == 0) {
29 30
  $formerror = "Long Name";
}
31 32 33 34
if (!isset($proj_members) ||
    strcmp($proj_members, "") == 0) {
  $formerror = "Estimated #of Project Members";
}
35 36
if (!isset($proj_pcs) ||
    strcmp($proj_pcs, "") == 0) {
37 38
  $formerror = "Estimated #of PCs";
}
39 40
if (!isset($proj_sharks) ||
    strcmp($proj_sharks, "") == 0) {
41 42
  $formerror = "Estimated #of Sharks";
}
43 44 45 46
if (!isset($proj_why) ||
    strcmp($proj_why, "") == 0) {
  $formerror = "Please describe your project";
}
47 48 49 50
if (!isset($usr_name) ||
    strcmp($usr_name, "") == 0) {
  $formerror = "Full Name";
}
51 52
if (!isset($proj_URL) ||
    strcmp($proj_URL, "http://www.cs.berkeley.edu/netgrp/omcast/") == 0) {
Leigh B. Stoller's avatar
Leigh B. Stoller committed
53
  $formerror = "Project URL";
54
}
55 56
if (!isset($usr_email) ||
    strcmp($usr_email, "") == 0) {
57 58 59 60
  $formerror = "Email Address";
}
if (!isset($usr_addr) ||
    strcmp($usr_addr, "") == 0) {
Jay Lepreau's avatar
Jay Lepreau committed
61
  $formerror = "Postal Address";
62
}
63 64 65 66 67
if (!isset($usr_affil) ||
    strcmp($usr_affil, "UCB Networks Group") == 0) {
  $formerror = "Institutional Afilliation";
}
if (!isset($usr_title) ||
68
    strcmp($usr_title, "Professor Emeritus") == 0) {
69
  $formerror = "Title/Position";
70 71 72 73 74 75 76
}
if (!isset($usr_phones) ||
    strcmp($usr_phones, "") == 0) {
  $formerror = "Phone #";
}

if ($formerror != "No Error") {
77 78
  USERERROR("Missing field; ".
            "Please go back and fill out the \"$formerror\" field!", 1);
79 80
}

81 82 83 84 85 86
#
# Database limit; PID must be 12 chars or less.
#                 UID must be 8 chars or less.
#
# XXX Note CONSTANT in expression!
#
87 88
if (strlen($pid) > 12) {
    USERERROR("The project name \"$pid\" is too long! ".
89 90
              "Please select another.", 1);
}
91 92
if (strlen($proj_head_uid) > 8) {
    USERERROR("The name \"$proj_head_uid\" is too long! ".
93 94 95
              "Please select another.", 1);
}

96 97 98 99 100 101
#
# Certain of these values must be escaped or otherwise sanitized.
# 
$proj_why  = addslashes($proj_why);
$proj_name = addslashes($proj_name);

102 103 104
#
# This is a new project request. Make sure it does not already exist.
#
105
$project_query  = "SELECT pid FROM projects WHERE pid=\"$pid\"";
106 107 108
$project_result = mysql_db_query($TBDBNAME, $project_query);

if ($row = mysql_fetch_row($project_result)) {
109
  USERERROR("The project name \"$pid\" you have chosen is already in use. ".
110
            "Please select another.", 1);
111 112 113
}

#
114
# See if this is a new user or one returning.
115
#
116
$pswd_query  = "SELECT usr_pswd FROM users WHERE uid=\"$proj_head_uid\"";
117 118
$pswd_result = mysql_db_query($TBDBNAME, $pswd_query);
if (!$pswd_result) {
119
    $err = mysql_error();
120
    TBERROR("Database Error retrieving info for $proj_head_uid: $err\n", 1);
121 122 123 124
}
if ($row = mysql_fetch_row($pswd_result)) {
    $returning = 1;
}
125 126 127 128 129 130 131 132
else {
    $returning = 0;
}

#
# If a user returning, then the login must be valid to continue any further.
# For a new user, the password must pass our tests.
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
133
if ($returning) {
134
    if (CHECKLOGIN($proj_head_uid) != 1) {
135 136 137
        USERERROR("You are not logged in. Please log in and try again.", 1);
    }
}
138 139
else {
    if (strcmp($password1, $password2)) {
140 141 142
        USERERROR("You typed different passwords in each of the two password ".
                  "entry fields. <br> Please go back and correct them.",
                  1);
143 144
    }
    $mypipe = popen(escapeshellcmd(
145
    "/usr/testbed/bin/checkpass $password1 $proj_head_uid '$usr_name:$usr_email'"),
146
    "w+");
147 148 149
    if ($mypipe) { 
        $retval=fgets($mypipe, 1024);
        if (strcmp($retval,"ok\n") != 0) {
150 151
            USERERROR("The password you have chosen will not work: ".
                      "<br><br>$retval<br>", 1);
152 153 154
        } 
    }
    else {
155
        TBERROR("TESTBED: checkpass failure\n".
156
                "\n$usr_name ($proj_head_uid) just tried to set up a testbed ".
157 158
                "account,\n".
                "but checkpass pipe did not open (returned '$mypipe').", 1);
159
    }
160 161 162 163 164 165 166 167 168 169 170 171 172
}

array_walk($HTTP_POST_VARS, 'addslashes');

#
# For a new user:
# * Create a new account in the database.
# * Generate a mail message to the user with the verification key.
# 
if (! $returning) {
    $unixuid_query  = "SELECT unix_uid FROM users ORDER BY unix_uid DESC";
    $unixuid_result = mysql_db_query($TBDBNAME, $unixuid_query);
    $row = mysql_fetch_row($unixuid_result);
173
    $unix_uid = $row[0];
174 175 176 177
    $unix_uid++;
    $encoding = crypt("$password1");
    $newuser_command = "INSERT INTO users ".
        "(uid,usr_created,usr_expires,usr_name,usr_email,usr_addr,".
178
        "usr_URL,usr_title,usr_affil,usr_phone,usr_pswd,unix_uid,status) ".
179
        "VALUES ('$proj_head_uid', now(), '$proj_expires', '$usr_name', ".
180
        "'$usr_email', '$usr_addr', '$usr_url', '$usr_title', '$usr_affil', ".
181
        "'$usr_phones', '$encoding', ".
182 183 184 185
        "'$unix_uid', 'newuser')";
    $newuser_result  = mysql_db_query($TBDBNAME, $newuser_command);
    if (! $newuser_result) {
        $err = mysql_error();
186
        TBERROR("Database Error adding adding new user $proj_head_uid: $err\n",
187
                1);
188
    }
189
    $key = GENKEY($proj_head_uid);
190

191
    mail("$usr_email", "TESTBED: Your New User Key",
192 193
	 "\n".
         "Dear $usr_name:\n\n".
Leigh B. Stoller's avatar
Leigh B. Stoller committed
194
         "    Here is your key to verify your account on the ".
195
         "Utah Network Testbed:\n\n".
196 197 198 199
         "\t\t$key\n\n".
         "Please return to $TBWWW and log in using\n".
	 "the user name and password you gave us when you applied. You will\n".
	 "then find an option on the menu called 'New User Verification'.\n".
200
	 "Select that option, and on that page enter your key.\n".
201
	 "You will then be verified as a user. When you have been both\n".
202
         "verified and approved by Testbed Operations, you will\n".
203 204 205
	 "be marked as an active user, and will be granted full access to\n".
  	 "your user account.\n\n".
         "Thanks,\n".
206
         "Testbed Ops\n".
207 208
         "Utah Network Testbed\n",
         "From: $TBMAIL_CONTROL\n".
209
         "Cc: $TBMAIL_CONTROL\n".
210 211 212 213 214
         "Errors-To: $TBMAIL_WWW");
}

#
# Now for the new Project
215 216
# * Create a new project in the database.
# * Create a new project_membership entry in the database, default trust=none.
217
# * Generate a mail message to testbed ops.
218
#
219
$newproj_command = "INSERT INTO projects ".
220
     "(pid, created, expires, name, URL, head_uid, ".
221
     " num_members, num_pcs, num_sharks, why, unix_gid)".
222
     "VALUES ('$pid', now(), '$proj_expires','$proj_name','$proj_URL',".
223
     "'$proj_head_uid', '$proj_members', '$proj_pcs', '$proj_sharks', ".
224
     "'$proj_why', NULL)";
225 226 227
$newproj_result  = mysql_db_query($TBDBNAME, $newproj_command);
if (! $newproj_result) {
    $err = mysql_error();
228
    TBERROR("Database Error adding new project $pid: $err\n", 1);
229 230 231
}

$newmemb_result = mysql_db_query($TBDBNAME,
232 233
			"insert into proj_memb (uid,pid,trust)".
			"values ('$proj_head_uid','$pid','none');");
234 235
if (! $newmemb_result) {
    $err = mysql_error();
236
    TBERROR("Database Error adding new project membership: $pid: $err\n", 1);
237
}
238

239 240 241 242 243 244 245 246 247 248 249
#
# Grab the unix GID that was assigned.
# 
$unixgid_result = mysql_db_query($TBDBNAME,
	"SELECT unix_gid FROM projects where pid='$pid'");
$row = mysql_fetch_row($unixgid_result);
$unix_gid = $row[0];

#
# The mail message to the approval list.
# 
250
mail($TBMAIL_APPROVAL,
251
     "TESTBED: New Project", "'$usr_name' wants to start project '$pid'.\n".
252
     "Contact Info:\n".
253 254
     "Name:          $usr_name ($proj_head_uid)\n".
     "Email:         $usr_email\n".
255
     "User URL:      $usr_url\n".
256
     "Project:       $proj_name\n".
257
     "Expires:	     $proj_expires\n".
258
     "Project URL:   $proj_URL\n".
259 260 261
     "Title:         $usr_title\n".
     "Affiliation:   $usr_affil\n".
     "Address:       $usr_addr\n".
262
     "Phone:         $usr_phones\n".
263
     "Members:       $proj_members\n".
264 265
     "PCs:           $proj_pcs\n".
     "Sharks:        $proj_sharks\n".
266
     "Unix GID:      $unix_gid\n".
267
     "Reasons:\n$proj_why\n\n".
268
     "Please review the application and when you have\n".
269
     "made a decision, go to $TBWWW and\n".
270
     "select the 'Project Approval' page.\n\nThey are expecting a result ".
271
     "within 72 hours.\n", 
272
     "From: $usr_name <$usr_email>\n".
273
     "Cc: $TBMAIL_CONTROL\n".
274
     "Errors-To: $TBMAIL_WWW");
275

276 277 278 279 280 281 282 283 284 285 286 287 288 289
#
# For new leaders, write their email addresses to files to be used for
# generating messages.
#
# Note, we should do this after the user comes back and does the
# verification step! This ensures we have a valid email address
# and the user really wants to use the testbed.
#
if (! $returning) {
    $fp = fopen($TBLIST_LEADERS, "a");
    if (! $fp) {
        TBERROR("Could not open $TBLIST_LEADERS to add new project leader", 0);
    }
    else {
290
        fwrite($fp, "$usr_email\n");
291 292 293 294 295 296 297 298
        fclose($fp);
    }

    $fp = fopen($TBLIST_USERS, "a");
    if (! $fp) {
        TBERROR("Could not open $TBLIST_USERS to add new project leader", 0);
    }
    else {
299
        fwrite($fp, "$usr_email\n");
300 301 302 303 304 305 306
        fclose($fp);
    }
}

#
# Now give the user some warm fuzzies
#
307
echo "<center><h1>Project '$pid' successfully queued.</h1></center>
308
      Testbed Operations has been notified of your application.
309
      Most applications are reviewed within one week. We will notify
310 311
      you by e-mail at '$usr_name&nbsp;&lt;$usr_email>' of their decision
      regarding your proposed project '$pid'.\n";
312 313 314 315 316 317

if (! $returning) {
    echo "<p>In the meantime, for
          security purposes, you will receive by e-mail a key. When you
          receive it, come back to the site, and log in. When you do, you
          will see a new menu option called 'New User Verification'. On
318
          that page, enter in your key,
319 320 321 322
          exactly as you received it in your e-mail. You will then be
          marked as a verified user.
          <p>Once you have been both verified
          and approved, you will be classified as an active user, and will 
323
          be granted full access to your user account.";
324 325 326 327
}
?>
</body>
</html>