Commit 63ea5bbe authored by Leigh Stoller's avatar Leigh Stoller

Clean up addusr pages and add authentication.

parent 4e44c781
......@@ -16,9 +16,14 @@ if ( ereg("php3\?([[:alnum:]]+)",$REQUEST_URI,$Vals) ) {
}
#
# If a uid came in, verify that it is known in the database
# If a uid came in, then we check to see if the login is valid.
# If the login is not valid, then quit cause we don't want to display the
# personal information for some random ?uid argument.
#
if (isset($uid)) {
if (CHECKLOGIN($uid) != 1) {
USERERROR("You are not logged in. Please log in and try again.", 1);
}
$query_result = mysql_db_query($TBDBNAME,
"SELECT * FROM users WHERE uid='$uid'");
if (! $query_result) {
......@@ -36,90 +41,158 @@ if (isset($uid)) {
$usr_passwd = $row[usr_pswd];
$usr_title = $row[usr_title];
$usr_affil = $row[usr_affil];
$returning = 1;
}
else {
$returning = 0;
}
?>
echo "<h1>Apply for Project Membership</h1>\n";
echo "<table align=\"center\" border=\"1\">\n";
echo "<tr><td align='center' colspan=\"4\">\n";
echo "Only fields marked with * are required</td></tr>\n";
if (isset($uid)) {
echo "<form action=\"usradded.php3?$uid\" method=\"post\">\n";
echo "<input type=\"hidden\" name=\"logged_in\" value=\"true\">";
echo "<tr><td>*Username:</td><td class=\"left\">";
echo "<input type=\"readonly\" name=\"uid\" value=\"$uid\"></td>";
echo "<td>Expiration date:</td>";
echo "<td class=\"left\"><input type=\"readonly\" name=\"usr_expires\" ";
echo "value=\"$usr_expires\"</td></tr>\n";
echo "<tr><td>*Email Address:</td><td class=\"left\"><input type=\"readonly\" ";
echo "name=\"usr_email\" value=\"$usr_email\"></td>";
echo "<td>Mailing Address:</td><td class=\"left\">";
echo "<input type=\"readonly\" name=\"usr_addr\" ";
echo "value=\"$usr_addr\"></td></tr>";
echo "<tr><td>*Full Name:</td><td class=\"left\">";
echo "<input type=\"readonly\" name=\"usr_name\" ";
echo "value=\"$usr_name\"></td>";
echo "<td>Phone #:</td><td class=\"left\">";
echo "<input type=\"readonly\" name=\"usr_phone\" ";
echo "value=\"$usr_phone\"></td></tr>";
echo "<tr><td>*Password:</td><td>";
echo "<input type=\"password\" name=\"password1\"></td>";
echo "<td>*Title/Position:</td><td class=\"left\">";
echo "<input type=\"readonly\" name=\"usr_title\"";
echo "value=\"$usr_title\"></td>";
echo "</tr>";
echo "<tr><td></td><td></td>";
echo "<td>*Institutional<br>Affiliation:</td><td class=\"left\">";
echo "<input type=\"readonly\" name=\"usr_affil\"";
echo "value=\"$usr_affil\"></td>";
echo "</tr>";
} else {
echo "<form action=\"usradded.php3\" method=\"post\">\n";
echo "<tr><td>*Username:</td><td><input type=\"text\" name=\"uid\" ";
echo "size=\"8\" maxlength=\"8\"></td>";
echo "<td>Expiration date:</td>";
echo "<td><input type=\"text\" name=\"usr_expires\"";
$time = date("m/d/Y", time() + (86400 * 90)); #add 90 days
echo "value=\"$time\"></td></tr>\n";
echo "<tr><td>*Email Address:</td><td><input type=\"text\" name=\"usr_email\"></td>";
echo "<td>Mailing Address:</td><td>";
echo "<input type\"text\" name=\"usr_addr\"></td></tr>";
echo "<tr><td>*Full Name:</td><td>";
echo "<input type=\"text\" name=\"usr_name\"></td>";
echo "<td>Phone #:</td><td>";
echo "<input type=\"text\" name=\"usr_phone\"></td></tr>";
echo "<tr><td>*Password:</td><td>";
echo "<input type=\"password\" name=\"password1\"></td>";
echo "<td>*Title/Position:</td>";
echo "<td><input type=\"text\" name=\"usr_title\"></td>";
echo "</tr>";
echo "<tr><td>*Retype<br>Password:</td><td>";
echo "<input type=\"password\" name=\"password2\"></td>";
echo "<td>*Institutional<br>Affiliation:</td>";
echo "<td><input type=\"text\" name=\"usr_affil\"></td>";
echo "</tr>";
<table align="center" border="1">
<tr>
<td colspan="2">
<h1 align="center">Apply for Project Membership</h1></td>
</tr>
<tr>
<td align="center" colspan="2">
Fields marked with * are required.</td>
</tr>
<form action="usradded.php3" method="post">
<?php
if ($returning) {
echo "<tr>
<td>*Username:</td>
<td class=\"left\">
<input type=\"readonly\" name=\"uid\" value=\"$uid\"></td>
</tr>\n";
echo "<tr>
<td>*Full Name:</td>
<td class=\"left\">
<input type=\"readonly\" name=\"usr_name\"
value=\"$usr_name\"></td>
</tr>\n";
echo "<tr>
<td>*Title/Position:</td>
<td class=\"left\">
<input type=\"readonly\" name=\"usr_title\"
value=\"$usr_title\"></td>
</tr>\n";
echo "<tr>
<td>*Institutional<br>Affiliation:</td>
<td class=\"left\">
<input type=\"readonly\" name=\"usr_affil\"
value=\"$usr_affil\"></td>
</tr>\n";
echo "<tr>
<td>*Email Address:</td>
<td class=\"left\">
<input type=\"readonly\" name=\"usr_email\"
value=\"$usr_email\"></td>
</tr>\n";
echo "<tr>
<td>Mailing Address:</td>
<td class=\"left\">
<input type=\"readonly\" name=\"usr_addr\"
value=\"$usr_addr\"></td>
</tr>\n";
echo "<tr>
<td>Phone #:</td>
<td class=\"left\">
<input type=\"readonly\" name=\"usr_phone\"
value=\"$usr_phone\"></td>
</tr>\n";
echo "<tr>
<td>Expiration date:</td>
<td class=\"left\">
<input type=\"readonly\" name=\"usr_expires\"
value=\"$usr_expires\"</td>
</tr>\n";
}
else {
echo "<tr>
<td>*Username:</td>
<td class=\"left\">
<input type=\"text\" name=\"uid\" size=8 maxlength=8></td>
</tr>\n";
echo "<tr>
<td>*Full Name:</td>
<td class=\"left\">
<input type=\"text\" name=\"usr_name\" size=30></td>
</tr>\n";
echo "<tr>
<td>*Title/Position:</td>
<td class=\"left\">
<input type=\"text\" name=\"usr_title\" size=30></td>
</tr>\n";
echo "<tr>
<td>*Institutional<br>Affiliation:</td>
<td class=\"left\">
<input type=\"text\" name=\"usr_affil\" size=40></td>
</tr>\n";
echo "<tr>
<td>*Email Address:</td>
<td class=\"left\">
<input type=\"text\" name=\"usr_email\" size=30></td>
</tr>\n";
echo "<tr>
<td>Mailing Address:</td>
<td class=\"left\">
<input type\"text\" name=\"usr_addr\" size=40></td>
</tr>\n";
echo "<tr>
<td>Phone #:</td>
<td class=\"left\">
<input type=\"text\" name=\"usr_phone\" size=16></td>
</tr>\n";
$expiretime = date("m/d/Y", time() + (86400 * 90)); #add 90 days
echo "<tr>
<td>Expiration date:</td>
<td class=\"left\">
<input type=\"text\" name=\"usr_expires\" size=10
value=\"$expiretime\"></td>
</tr>\n";
echo "<tr>
<td>*Password:</td>
<td><input type=\"password\" name=\"password1\" size=12></td>
</tr>
<tr>
<td>*Retype Password:</td>
<td><input type=\"password\" name=\"password2\" size=12></td>
</tr>\n";
}
echo "<tr><td>*Project:</td><td>";
echo "<input type=\"text\" name=\"grp\"></td>";
echo "</tr>";
# This used to give the selection box with all the groups...
#$query = "SELECT gid FROM groups";
#$result = mysql_db_query("tbdb", $query);
#$n = mysql_num_rows($result);
#if ($n == 1) { # if only one option make a readonly field
# $row = mysql_fetch_row($result);
# echo "<input type=\"readonly\" value=\"$row[0]\" name=\"grp\"></td>\n";
#} elseif ($n > 1) { # if more than one option make a select button
# echo "<select name=\"grp\">\n";
# while ($row = mysql_fetch_row($result)) {
# $gid = $row[0];
# echo "<option value=$gid>$gid</option>\n";
# }
# echo "</select></td>\n";
#} else { # if no options say this
# echo "There don't seem to be any groups in the database</td>\n";
#}
#
# The only common field!
#
# XXX Note CONSTANT size in expression: PID is 12 chars max.
#
echo "<tr>
<td>*Project:</td>
<td class=\"left\">
<input type=\"text\" name=\"pid\" size=12></td>
</tr>\n";
?>
<td colspan="4" align="center">
<td colspan="2" align="center">
<b><input type="submit" value="Submit"></b></td></tr>
</form>
</table>
......
......@@ -3,10 +3,16 @@
# Standard definitions!
#
$TBWWW = "<https://www.emulab.net/tbdb.html>";
$TBBASE = "https://www.emulab.net/";
$TBMAIL_CONTROL = "Testbed Ops <testbed-ops@flux.cs.utah.edu>";
$TBMAIL_WWW = "Testbed WWW <testbed-www@flux.cs.utah.edu>";
#$TBMAIL_WWW = "Testbed WWW <stoller@fast.cs.utah.edu>";
$TBMAIL_APPROVE = "Testbed Approval <testbed-approval@flux.cs.utah.edu>";
#$TBBASE = "http://golden-gw.ballmoss.com:8080/src/testbed/www/";
#$TBMAIL_CONTROL = "Testbed Ops <stoller@fast.cs.utah.edu>";
#$TBMAIL_WWW = "Testbed WWW <stoller@fast.cs.utah.edu>";
#$TBMAIL_APPROVE = "Testbed Approval <stoller@fast.cs.utah.edu>";
$TBDBNAME = "tbdb";
$TBDIR = "/usr/testbed/";
$TBWWW_DIR = "$TBDIR"."www/";
......@@ -22,7 +28,7 @@ $TBNSSUBDIR = "nsdir";
$TBAUTHCOOKIE = "HashCookie";
$TBAUTHTIMEOUT = 10800;
$TBAUTHDOMAIN = ".emulab.net";
#$TBAUTHDOMAIN = "C884963-A.crvlls1.or.home.com";
#$TBAUTHDOMAIN = "golden-gw.ballmoss.com";
#
# Generate the KEY from a name
......
......@@ -62,7 +62,14 @@ elseif (isset($uid)) {
<head>
<title>Utah Network Testbed</title>
<link rel='stylesheet' href='tbstyle.css' type='text/css'>
<base href='https://www.emulab.net/' target='dynamic'>
<?php
#
# So I can test on my home machine easily.
#
echo "<base href=\"$TBBASE\" target=\"dynamic\">\n";
?>
</head>
<body>
<a href="welcome.html"><h3>Utah Network Testbed</h3></a>
......@@ -149,7 +156,7 @@ else {
<td>Username:<input type='text' name='uid' size=8></td>
</tr>
<tr>
<td>Password:<input type='password' name='password' size=8></td>
<td>Password:<input type='password' name='password' size=12></td>
</tr>
<tr>
<td align='center'>
......
......@@ -28,8 +28,8 @@ if (!isset($usr_name) ||
strcmp($usr_name, "") == 0) {
$formerror = "Full Name";
}
if (!isset($grp) ||
strcmp($grp, "") == 0) {
if (!isset($pid) ||
strcmp($pid, "") == 0) {
$formerror = "Project";
}
if (!isset($usr_affil) ||
......@@ -40,14 +40,6 @@ if (!isset($usr_title) ||
strcmp($usr_title, "") == 0) {
$formerror = "Title/Position";
}
#
# The first password field must always be filled in. The second only
# if a new user, and we will catch that later.
#
if (!isset($password1) ||
strcmp($password1, "") == 0) {
$formerror = "Password";
}
if ($formerror != "No Error") {
echo "<h3><br><br>
......@@ -69,34 +61,35 @@ if (strlen($uid) > 8) {
}
#
# See if this is a new user or one returning. We have to query the database
# for the uid, and then do the password thing. For a user returning, the
# password must be valid. For a new user, the password must pass our tests.
# See if this is a new user or one returning.
#
$pswd_query = "SELECT usr_pswd FROM users WHERE uid=\"$uid\"";
$pswd_result = mysql_db_query($TBDBNAME, $pswd_query);
if (!$pswd_result) {
TBERROR("Database Error retrieving password for $uid: $err\n", 1);
$query_result = mysql_db_query($TBDBNAME,
"SELECT usr_pswd FROM users WHERE uid=\"$uid\"");
if (! $query_result) {
$err = mysql_error();
TBERROR("Database Error retrieving info for $uid: $err\n", 1);
}
if ($row = mysql_fetch_row($pswd_result)) {
$db_encoding = $row[0];
$salt = substr($db_encoding,0,2);
if ($salt[0] == $salt[1]) { $salt = $salt[0]; }
$encoding = crypt("$password1", $salt);
if (strcmp($encoding, $db_encoding)) {
die("<h3><br><br>".
"The password provided was incorrect. ".
"Please go back and retype the password.\n".
"</h3>");
}
if (mysql_num_rows($query_result) > 0) {
$returning = 1;
}
else {
$returning = 0;
}
#
# If a user returning, then the login must be valid to continue any further.
# For a new user, the password must pass our tests.
#
if ($returning) {
if (CHECKLOGIN($uid) != 1) {
USERERROR("You are not logged in. Please log in and try again.", 1);
}
}
else {
if (strcmp($password1, $password2)) {
die("<h3><br><br>".
"You typed different passwords in each of the two password ".
"entry fields. <br> Please go back and correct them.\n".
"</h3>");
USERERROR("You typed different passwords in each of the two password ".
"entry fields. <br> Please go back and correct them.",
1);
}
$mypipe = popen(escapeshellcmd(
"/usr/testbed/bin/checkpass $password1 $uid '$usr_name:$usr_email'"),
......@@ -104,20 +97,16 @@ else {
if ($mypipe) {
$retval=fgets($mypipe, 1024);
if (strcmp($retval,"ok\n") != 0) {
die("<h3><br><br>".
"The password you have chosen will not work: ".
"<br><br>$retval<br>".
"</h3>");
USERERROR("The password you have chosen will not work: ".
"<br><br>$retval<br>", 1);
}
}
else {
mail($TBMAIL_WWW, "TESTBED: checkpass failure",
"\n$usr_name ($uid) just tried to set up a testbed ".
"account,\n".
"but checkpass pipe did not open (returned '$mypipe').\n".
"\nThanks\n");
TBERROR("TESTBED: checkpass failure\n".
"\n$usr_name ($uid) just tried to set up a testbed ".
"account,\n".
"but checkpass pipe did not open (returned '$mypipe').", 1);
}
$returning = 0;
}
#
......@@ -204,10 +193,10 @@ if (! $returning) {
# Don't try to join twice!
#
$query_result = mysql_db_query($TBDBNAME,
"select * from grp_memb where uid='$uid' and gid='$grp'");
"select * from grp_memb where uid='$uid' and gid='$pid'");
if (mysql_num_rows($query_result) > 0) {
die("<h3><br><br>".
"You have already applied for membership in project: $grp.".
"You have already applied for membership in project: $pid.".
"</h3>");
}
......@@ -216,10 +205,10 @@ if (mysql_num_rows($query_result) > 0) {
# to upgrade the trust level, making the new user real.
#
$query_result = mysql_db_query($TBDBNAME,
"insert into grp_memb (uid,gid,trust) values ('$uid','$grp','none');");
"insert into grp_memb (uid,gid,trust) values ('$uid','$pid','none');");
if (! $query_result) {
$err = mysql_error();
TBERROR("Database Error adding adding user $uid to group $grp: $err\n", 1);
TBERROR("Database Error adding adding user $uid to group $pid: $err\n", 1);
}
#
......@@ -227,10 +216,10 @@ if (! $query_result) {
# email message out of the database, of course.
#
$query_result = mysql_db_query($TBDBNAME,
"SELECT grp_head_uid FROM groups WHERE gid='$grp'");
"SELECT grp_head_uid FROM groups WHERE gid='$pid'");
if (($row = mysql_fetch_row($query_result)) == 0) {
$err = mysql_error();
TBERROR("Database Error getting project leader for group $grp: $err\n", 1);
TBERROR("Database Error getting project leader for group $pid: $err\n", 1);
}
$group_leader_uid = $row[0];
......@@ -245,7 +234,7 @@ $group_leader_email = $row[0];
mail("$group_leader_email",
"TESTBED: New Project Member",
"\n$usr_name ($uid) is trying to join your project ($grp).\n".
"\n$usr_name ($uid) is trying to join your project ($pid).\n".
"$usr_name has the\n".
"Testbed username $uid and email address $usr_email.\n$usr_name's ".
"phone number is $usr_phone and address $usr_addr.\n\n".
......@@ -263,7 +252,7 @@ mail("$group_leader_email",
# Generate some warm fuzzies.
#
echo "<br>
<p>The leader of project '$grp' has been notified of your application.
<p>The leader of project '$pid' has been notified of your application.
He/She will make a decision and either approve or deny your application,
and you will be notified as soon as a decision has been made.";
?>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment