toggle.php 2.37 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90
<?php
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2002 University of Utah and the Flux Group.
# All rights reserved.
#
include("defs.php3");

#
# No PAGEHEADER since we spit out a Location header later. See below.
# 

#
# Only known and logged in users can do this.
#
# Note different test though, since we want to allow logged in
# users with expired passwords to change them.
#
$uid = GETLOGIN();
LOGGEDINORDIE($uid);

#
# This page is a generic toggle page, like adminmode.php3, but more
# generalized. There are a set of things you can toggle, and each of
# those items has a permission check and a set (pair) of valid values.
#

# Usage: toggle.php?type=swappable&value=1&pid=foo&eid=bar
# (type & value are required, others are optional and vary by type)

# List of valid toggles
$toggles = array("adminoff", "swappable");

# list of valid values for each toggle
$values  = array("adminoff"  => array(0,1),
		 "swappable" => array(0,1) );

if (! in_array($type, $toggles)) {
    USERERROR("There is no toggle for $type!", 1);
}
if (! in_array($value, $values[$type])) {
    USERERROR("The value '$value' is illegal for the $type toggle!", 1);
}

#
# Permissions checks, and do the toggle...
#
if ($type=="adminoff") {
    # must be admin
    if (! ($CHECKLOGIN_STATUS & CHECKLOGIN_ISADMIN)) {
	USERERROR("You do not have permission to toggle $type!", 1);
    }
    # Admins can change status for other users.
    if (!isset($target_uid)) { $target_uid = $uid; }

    DBQueryFatal("update users set adminoff=$value where uid='$target_uid'");
    
} elseif ($type=="swappable") {
    # must be admin OR must have permission to modify the expt...
    if (! ($CHECKLOGIN_STATUS & CHECKLOGIN_ISADMIN) ||
	! TBExptAccessCheck($uid, $pid, $eid, $TB_EXPT_MODIFY)) {
	USERERROR("You do not have permission to toggle $type!", 1);
    }
    # require pid/eid
    if (!isset($pid) || !isset($eid) ||
	!TBValidExperiment($pid, $eid)) {
	USERERROR("Experiment '$pid/$eid' is not valid!", 1);
    }
    
    DBQueryFatal("update experiments set swappable=$value ".
		 "where pid='$pid' and eid='$eid'");

#} elseif ($type=="foo") {
# Add more here...
#
} else {
    USERERROR("Nobody has permission to toggle $type!", 1);
}
    
#
# Spit out a redirect 
#
if (isset($HTTP_REFERER) && strcmp($HTTP_REFERER, "")) {
    header("Location: $HTTP_REFERER");
}
else {
    header("Location: $TBBASE/showuser.php3?target_uid=$target_uid");
}

?>