Commit 41d37ee8 authored by Leigh Stoller's avatar Leigh Stoller

Allow user to specify email address when logging in. Some minor reorg

of the CHECKEMAIL function as a result.
parent dd1d9190
......@@ -5,6 +5,7 @@
$TBDBNAME = "@TBDBNAME@";
$TBOPSPID = "emulab-ops";
$TBDB_MINLEN = 2;
$TBDB_UIDLEN = 8;
$TBDB_PIDLEN = 12;
$TBDB_GIDLEN = 12;
......@@ -12,6 +13,7 @@ $TBDB_UNIXGLEN = 16;
$TBDB_NODEIDLEN = 10;
$TBDB_PHONELEN = 32;
$TBDB_USRNAMELEN= 64;
$TBDB_EMAILLEN = 64;
#
# Current policy is to prefix the EID with the PID. Make sure it is not
......@@ -135,21 +137,21 @@ define("TBDB_IFACEROLE_OTHER", "other");
# Some regex functions to check various arguments
function TBvalid_uid($uid) {
global $TBDB_UIDLEN;
global $TBDB_UIDLEN, $TBDB_MINLEN;
return (strlen($uid) <= $TBDB_UIDLEN) &&
return (strlen($uid) <= $TBDB_UIDLEN) && (strlen($uid) >= $TBDB_MINLEN) &&
preg_match("/^[a-zA-Z][-\w]+$/", $uid);
}
function TBvalid_pid($pid) {
global $TBDB_PIDLEN;
global $TBDB_PIDLEN, $TBDB_MINLEN;
return (strlen($pid) <= $TBDB_PIDLEN) &&
return (strlen($pid) <= $TBDB_PIDLEN) && (strlen($pid) >= $TBDB_MINLEN) &&
preg_match("/^[a-zA-Z][-\w]+$/", $pid);
}
function TBvalid_gid($gid) {
global $TBDB_GIDLEN;
global $TBDB_GIDLEN, $TBDB_MINLEN;
return (strlen($gid) <= $TBDB_GIDLEN) &&
return (strlen($gid) <= $TBDB_GIDLEN) && (strlen($gid) >= $TBDB_MINLEN) &&
preg_match("/^[a-zA-Z][-\w]+$/", $gid);
}
function TBvalid_phone($phone) {
......@@ -164,6 +166,24 @@ function TBvalid_usrname($name) {
return (strlen($name) <= $TBDB_USRNAMELEN) &&
preg_match("/^[-\w\. ]+$/", $name);
}
function TBvalid_email($email)
{
global $TBDB_EMAILLEN, $TBDB_MINLEN;
if (strlen($email) < $TBDB_MINLEN || strlen($email) > $TBDB_EMAILLEN)
return 0;
$parts = preg_split("/\@/", $email);
if (!isset($parts[0]) ||
!isset($parts[1]) ||
count($parts) != 2 ||
!preg_match("/^[-\w\+\.]+$/", $parts[0]) ||
!preg_match("/^[-\w\.]+$/", $parts[1]))
return 0;
return 1;
}
#
# Convert a trust string to the above numeric values.
......
......@@ -332,25 +332,6 @@ function CHECKPASSWORD($uid, $password, $name, $email, &$error)
"$TBCHKPASS_PATH $password $uid '$name:$email'", 1);
}
#
# Check an email address to make sure its a valid string.
#
function CHECKEMAIL($email)
{
if ($email == "")
return 0;
$parts = preg_split("/\@/", $email);
if (!isset($parts[0]) || !isset($parts[1]) || count($parts) != 2)
return 0;
if (! preg_match("/^[-\w\+\.]+$/", $parts[0]) ||
! preg_match("/^[-\w\.]+$/", $parts[1]))
return 0;
return 1;
}
function LASTNODELOGIN($node)
{
}
......
......@@ -444,7 +444,7 @@ if (! $returning) {
strcmp($formfields[usr_email], "") == 0) {
$errors["Email Address"] = "Missing Field";
}
elseif (! CHECKEMAIL($formfields[usr_email])) {
elseif (! TBvalid_email($formfields[usr_email])) {
$errors["Email Address"] = "Looks invalid!";
}
if (isset($formfields[usr_URL]) &&
......
......@@ -103,7 +103,7 @@ function SPITFORM($uid, $key, $referrer, $failed, $adminmode, $simple, $view)
<td>Username:</td>
<td><input type=text
value=\"$uid\"
name=uid size=$TBDB_UIDLEN></td>
name=uid size=20></td>
</tr>
<tr>
<td>Password:</td>
......
......@@ -432,7 +432,7 @@ if (!isset($formfields[usr_email]) ||
strcmp($formfields[usr_email], "") == 0) {
$errors["Email Address"] = "Missing Field";
}
elseif (! CHECKEMAIL($formfields[usr_email])) {
elseif (! TBvalid_email($formfields[usr_email])) {
$errors["Email Address"] = "Looks invalid!";
}
if (isset($formfields[usr_URL]) &&
......
......@@ -599,7 +599,7 @@ if (! $returning) {
strcmp($formfields[usr_email], "") == 0) {
$errors["Email Address"] = "Missing Field";
}
elseif (! CHECKEMAIL($formfields[usr_email])) {
elseif (! TBvalid_email($formfields[usr_email])) {
$errors["Email Address"] = "Looks invalid!";
}
if (isset($formfields[usr_URL]) &&
......
......@@ -442,13 +442,14 @@ function ISPLABUSER() {
#
# Attempt a login.
#
function DOLOGIN($uid, $password, $adminmode = 0) {
function DOLOGIN($token, $password, $adminmode = 0) {
global $TBAUTHCOOKIE, $TBAUTHDOMAIN, $TBAUTHTIMEOUT;
global $TBNAMECOOKIE, $TBLOGINCOOKIE, $TBSECURECOOKIES;
global $TBMAIL_OPS, $TBMAIL_AUDIT, $TBMAIL_WWW;
# Caller makes these checks too.
if (!TBvalid_uid($uid) || !isset($password) || $password == "") {
if ((!TBvalid_uid($token) && !TBvalid_email($token)) ||
!isset($password) || $password == "") {
return -1;
}
$now = time();
......@@ -479,16 +480,20 @@ function DOLOGIN($uid, $password, $adminmode = 0) {
}
$user_result =
DBQueryFatal("select usr_pswd,admin,weblogin_frozen,".
DBQueryFatal("select uid,usr_pswd,admin,weblogin_frozen,".
" weblogin_failcount,weblogin_failstamp, ".
" usr_email,usr_name ".
"from users where uid='$uid'");
"from users where ".
(TBvalid_email($token) ?
"usr_email='$token'" :
"uid='$token'"));
#
# Check password in the database against provided.
#
do {
if ($row = mysql_fetch_array($user_result)) {
$uid = $row['uid'];
$db_encoding = $row['usr_pswd'];
$isadmin = $row['admin'];
$frozen = $row['weblogin_frozen'];
......@@ -655,7 +660,7 @@ function DOLOGIN($uid, $password, $adminmode = 0) {
TBMAIL($TBMAIL_OPS,
"Web Login Freeze: '$IP'",
"Logins has been frozen because there were too many login\n".
"failures from $IP. Last attempted uid was '$uid'.\n\n",
"failures from $IP. Last attempted uid was '$token'.\n\n",
"From: $TBMAIL_OPS\n".
"Bcc: $TBMAIL_AUDIT\n".
"Errors-To: $TBMAIL_WWW");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment