Commit 22eb2fa8 authored by Leigh Stoller's avatar Leigh Stoller

Add new approve projects page for administrators only.

parent ce480dda
<html>
<head>
<title>New Users Approved</title>
<link rel='stylesheet' href='tbstyle.css' type='text/css'>
</head>
<body>
<?php
include("defs.php3");
#
# Only known and logged in users can be verified.
#
$uid = "";
if (ereg("php3\?([[:alnum:]]+)", $REQUEST_URI, $Vals)) {
$uid=$Vals[1];
addslashes($uid);
}
else {
unset($uid);
}
LOGGEDINORDIE($uid);
#
# Of course verify that this uid has admin privs!
#
$query_result = mysql_db_query($TBDBNAME,
"SELECT admin from users where uid='$uid' and admin='1'" );
if (! $query_result) {
$err = mysql_error();
TBERROR("Database Error getting admin status for $uid: $err\n", 1);
}
if (mysql_num_rows($query_result) == 0) {
USERERROR("You do not have admin privledges to approve projects!", 1);
}
echo "<center><h1>
Project Approval Results
</h1></center>";
#
# Walk the list of post variables, looking for the special post format.
# See approveproject_form.php3:
#
# project option
# name=testbed$$approval value=approve,deny,postpone
#
while (list ($header, $value) = each ($HTTP_POST_VARS)) {
#echo "$header: $value<br>\n";
$approval_string = strstr($header, "\$\$approval");
if (! $approval_string) {
continue;
}
$project = substr($header, 0, strpos($header, "\$\$", 0));
$approval = $value;
if (!$project || strcmp($project, "") == 0) {
TBERROR("Parse error finding project in approveproject.php3", 1);
}
if (!$approval || strcmp($approval, "") == 0) {
TBERROR("Parse error finding approval in approveproject.php3", 1);
}
#echo "Project $project, Approval $approval<br>\n";
#
# Grab the head_uid for this project. This verifies it is a valid project.
#
$query_result = mysql_db_query($TBDBNAME,
"SELECT head_uid from projects where pid='$project'");
if (! $query_result) {
TBERROR("Database Error restrieving project leader for $projecr", 1);
}
if (($row = mysql_fetch_row($query_result)) == 0) {
TBERROR("Unknown project $project", 1);
}
$headuid = $row[0];
#
# Get the current status for the headuid, which we might need to change
# anyway, and to verify that the user is a valid user. We also need
# the email address to let the user know what happened.
#
# We change the status only if this person is starting his first project.
# In this case, the status will be either "newuser" or "unapproved",
# and we will change it to "unapproved" or "active", respectively.
# If the status is "active", we leave it alone.
#
$query_result = mysql_db_query($TBDBNAME,
"SELECT status,usr_email from users where uid='$headuid'");
if (! $query_result) {
TBERROR("Database Error restrieving user status for $headuid", 1);
}
if (mysql_num_rows($query_result) == 0) {
TBERROR("Unknown user $headuid", 1);
}
$row = mysql_fetch_row($query_result);
$curstatus = $row[0];
$headuid_email = $row[1];
#echo "Status = $curstatus, Email = $headuid_email<br>\n";
#
# Then we check that the headuid is really listed in the proj_memb
# table, just to be sure.
#
$query_result = mysql_db_query($TBDBNAME,
"SELECT trust from proj_memb where uid='$headuid' and pid='$project'");
if (! $query_result) {
TBERROR("Database Error retrieving trust for $headuid in $project", 1);
}
if (mysql_num_rows($query_result) == 0) {
USERERROR("User $headuid is not the leader of project $project.", 1);
}
#
# Well, looks like everything is okay. Change the project approval
# value appropriately.
#
if (strcmp($approval, "postpone") == 0) {
echo "<p><h3>
Project approval for project $project (User: $headuid) was
postponed for later decision.
</h3>\n";
continue;
}
if ((strcmp($approval, "deny") == 0) ||
(strcmp($approval, "destroy") == 0)) {
#
# Must delete the proj_memb and project records since we require a
# new application once denied. Send the luser email to let him know.
#
$query_result = mysql_db_query($TBDBNAME,
"delete from proj_memb where uid='$headuid' and pid='$project'");
if (! $query_result) {
TBERROR("Database Error removing project membership record for ".
"project $project (user: $headuid) after being denied.",
1);
}
$query_result = mysql_db_query($TBDBNAME,
"delete from projects where pid='$project'");
if (! $query_result) {
TBERROR("Database Error removing project record for project ".
"project $project (user: $headuid) after being denied.",
1);
}
mail("$headuid_email",
"TESTBED: Project Denied",
"\n".
"This message is to notify you that your project application\n".
"for $project has been denied\n".
"\n\n".
"Thanks,\n".
"Testbed Ops\n".
"Utah Network Testbed\n",
"From: $TBMAIL_CONTROL\n".
"Cc: $TBMAIL_CONTROL\n".
"Errors-To: $TBMAIL_WWW");
#
# Well, if the "destroy" option was given, kill the users account
# from the database.
#
if (strcmp($approval, "destroy") == 0) {
$query_result = mysql_db_query($TBDBNAME,
"delete from users where uid='$headuid'");
if (! $query_result) {
TBERROR("Database Error removing user record for $headuid ".
"after project $project was denied(destroyed).",
1);
}
mail("$headuid_email",
"TESTBED: Account Terminated",
"\n".
"This message is to notify you that your account has been \n".
"terminated because your project $project was denied\n".
"\n\n".
"Thanks,\n".
"Testbed Ops\n".
"Utah Network Testbed\n",
"From: $TBMAIL_CONTROL\n".
"Cc: $TBMAIL_CONTROL\n".
"Errors-To: $TBMAIL_WWW");
}
echo "<h3><p>
Project $project (User: $headuid) has been denied.
</h3>\n";
continue;
}
if (strcmp($approval, "approve") == 0) {
#
# Change the trust value in proj_memb to group_root, and set the
# project "approved" field to true.
#
$query_result = mysql_db_query($TBDBNAME,
"UPDATE proj_memb set trust='group_root' ".
"WHERE uid='$headuid' and pid='$project'");
if (! $query_result) {
TBERROR("Database Error adding $headuid to project $project.", 1);
}
$query_result = mysql_db_query($TBDBNAME,
"UPDATE projects set approved='1' WHERE pid='$project'");
if (! $query_result) {
TBERROR("Database Error setting approved field for ".
"project $project.", 1);
}
#
# Change the status if necessary. This only happens for new users
# being approved in their first project. After this, the status is
# going to be "active", and we just leave it that way.
#
if (strcmp($curstatus, "active")) {
if (strcmp($curstatus, "newuser") == 0) {
$newstatus = "unverified";
}
elseif (strcmp($curstatus, "unapproved") == 0) {
$newstatus = "active";
}
else {
TBERROR("Invalid $headuid status $curstatus in ".
"approveproject.php3", 1);
}
$query_result = mysql_db_query($TBDBNAME,
"UPDATE users set status='$newstatus' WHERE uid='$headuid'");
if (! $query_result) {
TBERROR("Database Error changing $headuid status to ".
"$newstatus.",
1);
}
}
mail("$headuid_email",
"TESTBED: Project Membership Approval",
"\n".
"This message is to notify you that your project $project\n".
"has been approved.\n".
"\n\n".
"Thanks,\n".
"Testbed Ops\n".
"Utah Network Testbed\n",
"From: $TBMAIL_CONTROL\n".
"Cc: $TBMAIL_CONTROL\n".
"Errors-To: $TBMAIL_WWW");
echo "<h3><p>
Project $project (User: $headuid) has been approved.
</h3>\n";
continue;
}
TBERROR("Invalid approval value $approval in approveproject.php3.", 1);
}
?>
</body>
</html>
<html>
<head>
<title>New Project Approval</title>
<link rel='stylesheet' href='tbstyle.css' type='text/css'>
</head>
<body>
<?php
include("defs.php3");
#
# Only known and logged in users can do this.
#
$uid = "";
if (ereg("php3\?([[:alnum:]]+)", $REQUEST_URI, $Vals)) {
$uid=$Vals[1];
addslashes($uid);
}
else {
unset($uid);
}
LOGGEDINORDIE($uid);
echo "<center><h1>Approve New Projects</h1></center>\n";
#
# Of course verify that this uid has admin privs!
#
$query_result = mysql_db_query($TBDBNAME,
"SELECT admin from users where uid='$uid' and admin='1'" );
if (! $query_result) {
$err = mysql_error();
TBERROR("Database Error getting admin status for $uid: $err\n", 1);
}
if (mysql_num_rows($query_result) == 0) {
USERERROR("You do not have admin privledges to approve projects!", 1);
}
#
# Look in the projects table to see which projects have not been approved.
# Present a menu of options to either approve or deny the projects.
# Approving a project implies approving the project leader. Denying a project
# implies denying the project leader account, when there is just a single
# project pending for that project leader.
#
$query_result = mysql_db_query($TBDBNAME,
"SELECT * from projects where approved='0'");
if (! $query_result) {
$err = mysql_error();
TBERROR("Database Error getting unapproved project list: $err\n", 1);
}
if (mysql_num_rows($query_result) == 0) {
USERERROR("There are no projects to approve!", 1);
}
echo "For each project waiting to be approved, you may select on of the
following choices:
<table align=center border=0>
<tr>
<td>Deny</td>
<td>-</td>
<td>Deny project application (kills project records)</td>
</tr>
<tr>
<td>Destroy</td>
<td>-</td>
<td>Deny project application, and kill the user account</td>
</tr>
<tr>
<td>Approve</td>
<td>-</td>
<td>Approve the project</td>
</tr>
<tr>
<td>Postpone</td>
<td>-</td>
<td>Twiddle your thumbs some more</td>
</tr>
</table>\n";
#
# Now build a table with a bunch of selections. The thing to note about the
# form inside this table is that the selection fields are constructed with
# name= on the fly, from the uid of the user to be approved. In other words:
#
# project menu
# name=testbed$$approval value=approve,deny,murder,postpone
#
# so that we can go through the entire list of post variables, looking
# for these. The alternative is to work backwards, and I don't like that.
#
echo "<table width=\"100%\" border=2 cellpadding=0 cellspacing=2
align='center'>\n";
echo "<tr>
<td rowspan=2>Project</td>
<td rowspan=2>User</td>
<td rowspan=2>Action</td>
<td>User Name</td>
<td>Title</td>
<td>User Affil</td>
<td>E-mail</td>
</tr>
<tr>
<td>Proj Name</td>
<td>URL</td>
<td>Proj Affil</td>
<td>Phone</td>
</tr>\n";
echo "<form action='approveproject.php3?$uid' method='post'>\n";
while ($projectrow = mysql_fetch_array($query_result)) {
$pid = $projectrow[pid];
$headuid = $projectrow[head_uid];
$Purl = $projectrow[URL];
$Pname = $projectrow[name];
$Paffil = $projectrow[affil];
$userinfo_result = mysql_db_query($TBDBNAME,
"SELECT * from users where uid=\"$headuid\"");
$row = mysql_fetch_array($userinfo_result);
$name = $row[usr_name];
$email = $row[usr_email];
$title = $row[usr_title];
$affil = $row[usr_affil];
$addr = $row[usr_addr];
$addr2 = $row[usr_addr2];
$city = $row[usr_city];
$state = $row[usr_state];
$zip = $row[usr_zip];
$phone = $row[usr_phone];
echo "<tr>
<td colspan=7> </td>
</tr>
<tr>
<td rowspan=2>$pid</td>
<td rowspan=2>$headuid</td>
<td rowspan=2>
<select name=\"$pid\$\$approval\">
<option value='postpone'>Postpone</option>
<option value='approve'>Approve</option>
<option value='deny'>Deny</option>
<option value='destroy'>Destroy</option>
</select>
</td>\n";
echo " <td>$name</td>
<td>$title</td>
<td>$affil</td>
<td>$email</td>
</tr>\n";
echo "<tr>
<td>$Pname</td>
<td>$Purl</td>
<td>$Paffil</td>
<td>$phone</td>
</tr>\n";
}
echo "<tr>
<td align=center colspan=7>
<b><input type='submit' value='Submit' name='OK'></td>
</tr>
</form>
</table>\n";
?>
</body>
</html>
......@@ -78,17 +78,29 @@ echo "<base href=\"$TBBASE\" target=\"dynamic\">\n";
if (isset($uid)) {
echo "<hr>";
$query_result = mysql_db_query($TBDBNAME,
"SELECT status FROM users WHERE uid='$uid'");
"SELECT status,admin FROM users WHERE uid='$uid'");
$row = mysql_fetch_row($query_result);
$status = $row[0];
$admin = $row[1];
#
# See if group_root in any projects, not just the last one in the DB!
#
$query_result = mysql_db_query($TBDBNAME,
"SELECT trust FROM proj_memb WHERE uid='$uid'");
$row = mysql_fetch_row($query_result);
$trust = $row[0];
"SELECT trust FROM proj_memb WHERE uid='$uid' and trust='group_root'");
if (mysql_num_rows($query_result)) {
$trusted = 1;
}
else {
$trusted = 0;
}
if ($status == "active") {
if ($trust == "group_root") {
if ($admin) {
echo "<A href='approveproject_form.php3?$uid'>
New Project Approval</A><p>\n";
}
if ($trusted) {
# Only group leaders can do these options
echo "<A href='approveuser_form.php3?$uid'>
New User Approval</A>\n";
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment