Commit 824024b2 authored by Leigh Stoller's avatar Leigh Stoller

Add sanity checking to ensure that required fields are filled in!

parent 85ef0eca
......@@ -5,8 +5,51 @@ echo "
<title>Adding to the database</title>
<link rel='stylesheet' href='tbstyle.css' type='text/css'>
</head>
<body>
<h1>Adding information to the Testbed Database</h1>\n";
<body>";
#
# First off, sanity check the form to make sure all the required fields
# were provided. I do this on a per field basis so that we can be
# informative. Be sure to correlate these checks with any changes made to
# the project form. Note that this sequence of statements results in
# only the last bad field being displayed, but thats okay. The user will
# eventually figure out that fields marked with * mean something!
#
$formerror="No Error";
if (!isset($uid) ||
strcmp($uid, "") == 0) {
$formerror = "UserName";
}
if (!isset($usr_email) ||
strcmp($usr_email, "") == 0) {
$formerror = "Email Address";
}
if (!isset($usr_name) ||
strcmp($usr_name, "") == 0) {
$formerror = "Full Name";
}
if (!isset($grp) ||
strcmp($grp, "") == 0) {
$formerror = "Project";
}
#
# Not sure about the passwd. If the user is already known, then is he
# supposed to plug his passwd in?
#
if ((!isset($pswd) || strcmp($pswd, "") == 0) ||
(!isset($pswd2) || strcmp($pswd2, "") == 0)) {
$formerror = "Password";
}
if ($formerror != "No Error") {
echo "<h3><br><br>
Missing field; Please go back and fill out the \"$formerror\" field!\n
</h3>
</body>
</html>";
die("");
}
echo "<h1>Adding information to the Testbed Database</h1>\n";
$my_passwd=$pswd;
$mypipe = popen(escapeshellcmd(
"/usr/testbed/bin/checkpass $my_passwd $grp_head_uid '$usr_name:$email'"),
......@@ -58,7 +101,7 @@ if (isset($pid)) { #add a project to the database
$email = $row[1];
echo "<h1>Add Project Failed:</h1>\n<h3>You are not authorized to add ".
"projects in group '$grp_assoc'. If you feel you have reached this ".
"message in error, please contact the group head, ".
"message in error, please contact the project head, ".
"'$grp_head <$email>'.</h3>";
}
} elseif ( !empty($uid) && !empty($usr_email) &&
......@@ -97,7 +140,7 @@ if (isset($pid)) { #add a project to the database
"uid='$uid' and gid='$grp'");
if (mysql_num_rows($result) > 0) {
# Already in that group (or applied)
echo "<h3>You have already applied for membership in that group.</h3>\n";
echo "<h3>You have already applied for membership in that project.</h3>\n";
echo "</body></html>\n";
exit;
}
......@@ -111,14 +154,15 @@ if (isset($pid)) { #add a project to the database
$mres = mysql_db_query("tbdb", $mque);
$mresrow = mysql_fetch_row($mres);
$grp_email = $mresrow[0];
mail("$grp_email", "TESTBED: New Group Member",
"\n$usr_name ($uid) is trying to join your group. $usr_name has the\n".
mail("$grp_email", "TESTBED: New Project Member",
"\n$usr_name ($uid) is trying to join your project.\n".
"$usr_name has the\n".
"Testbed username $uid and email address $usr_email.\n$usr_name's ".
"phone number is $usr_phone and address $usr_addr.\n".
"\nPlease return ".
"to <https://plastic.cs.utah.edu/tbdb.html>, log in,\nand select the ".
"'New User Approval' page to enter your decision regarding\n".
"$usr_name's membership in your group.".
"$usr_name's membership in your project".
"\n\nThanks,\nTestbed Control\nUtah Network Testbed\n",
"From: Testbed Control <testbed-control@flux.cs.utah.edu>\n".
"Cc: Testbed WWW <testbed-www@flux.cs.utah.edu>\n".
......@@ -135,7 +179,7 @@ if (isset($pid)) { #add a project to the database
"'New User Verification'. Select it,\nand on that page enter in ".
"your user name, password, and your key,\nand you will be ".
"verified as a user. When you have been ".
"both verified and\napproved by the head of your group, you will be ".
"both verified and\napproved by the head of your project, you will be ".
"marked as an active user,\nand will be granted full access to your ".
"user account.\n\nThanks,\nTestbed Control\nUtah Network Testbed\n",
"From: Testbed Control <testbed-control@flux.cs.utah.edu>\n".
......@@ -155,7 +199,7 @@ be granted full access to your user account.</h3>
";
}
echo "
<h3>The leader of group '$grp' has been notified of your application. He
<h3>The leader of project '$grp' has been notified of your application. He
will make a decision and either approve or deny your application, and you
will be notified as soon as a decision has been made.
Thanks for using the Testbed! </h3>
......
......@@ -26,7 +26,7 @@ if (isset($uid)) {
echo "<td>Expiration date:</td>";
echo "<td class=\"left\"><input type=\"readonly\" name=\"usr_expires\" ";
echo "value=\"$row[0]\"</td></tr>\n";
echo "<tr><td>*Email:</td><td class=\"left\"><input type=\"readonly\" ";
echo "<tr><td>*Email Address:</td><td class=\"left\"><input type=\"readonly\" ";
echo "name=\"usr_email\" value=\"$row[1]\"></td>";
echo "<td>Mailing Address:</td><td class=\"left\">";
echo "<input type=\"readonly\" name=\"usr_addr\" ";
......@@ -49,7 +49,7 @@ if (isset($uid)) {
echo "<td><input type=\"text\" name=\"usr_expires\"";
$time = date("m/d/Y", time() + (86400 * 90)); #add 90 days
echo "value=\"$time\"></td></tr>\n";
echo "<tr><td>*Email:</td><td><input type=\"text\" name=\"usr_email\"></td>";
echo "<tr><td>*Email Address:</td><td><input type=\"text\" name=\"usr_email\"></td>";
echo "<td>Mailing Address:</td><td>";
echo "<input type\"text\" name=\"usr_addr\"></td></tr>";
echo "<tr><td>*Full Name:</td><td>";
......
<html>
<head>
<title>Group Request</title>
<title>Utah Testbed Project Request</title>
<link rel='stylesheet' href='tbstyle.css' type='text/css'>
</head>
<body>
<?php
#
# First off, sanity check the form to make sure all the required fields
# were provided. I do this on a per field basis so that we can be
# informative. Be sure to correlate these checks with any changes made to
# the project form. Note that this sequence of statements results in
# only the last bad field being displayed, but thats okay. The user will
# eventually figure out that fields marked with * mean something!
#
$formerror="No Error";
if (!isset($gid) ||
strcmp($gid, "TestNet-One") == 0) {
$formerror = "Name";
}
if (!isset($grp_head_uid) ||
strcmp($grp_head_uid, "") == 0) {
$formerror = "Username";
}
if (!isset($grp_name) ||
strcmp($grp_name, "Test Networks One") == 0) {
$formerror = "Long Name";
}
if (!isset($usr_name) ||
strcmp($usr_name, "") == 0) {
$formerror = "Full Name";
}
if (!isset($grp_URL) ||
strcmp($grp_URL, "http://www.testnetworks.org") == 0) {
$formerror = "URL";
}
if (!isset($email) ||
strcmp($email, "") == 0) {
$formerror = "Email Address";
}
if (!isset($usr_addr) ||
strcmp($usr_addr, "") == 0) {
$formerror = "Mailing Address";
}
if (!isset($grp_affil) ||
strcmp($grp_affil, "UofX Networks Group") == 0) {
$formerror = "Research Afilliation";
}
if (!isset($usr_phones) ||
strcmp($usr_phones, "") == 0) {
$formerror = "Phone #";
}
#
# Not sure about the passwd. If the user is already known, then is he
# supposed to plug his passwd in?
#
if ((!isset($password1) || strcmp($password1, "") == 0) ||
(!isset($password2) || strcmp($password2, "") == 0)) {
$formerror = "Password";
}
if ($formerror != "No Error") {
echo "<h3><br><br>
Missing field; Please go back and fill out the \"$formerror\" field!\n
</h3>
</body>
</html>";
die("");
}
$returning=0;
$my_passwd = $password1;
$mypipe = popen(escapeshellcmd(
......@@ -31,7 +94,7 @@ if (isset($gid) && isset($password1) && isset($email) &&
$query2 = "SELECT gid FROM groups WHERE gid=\"$gid\"";
$result2 = mysql_db_query("tbdb", $query2);
if ($row = mysql_fetch_row($result2)) {
die("<h3>The group name you have chosen is already in use. ".
die("<h3>The project name you have chosen is already in use. ".
"Please select another. If you are a returning user, you must ".
"log in and use your current password.</h3>");
} elseif ($row = mysql_fetch_row($result)) {
......@@ -73,7 +136,7 @@ if (isset($gid) && isset($password1) && isset($email) &&
$cresult = mysql_db_query("tbdb", $cmnd2);
if (!cresult) {
$err = mysql_error();
echo "<H3>Failed to add group $gid to the database: $err</h3>\n";
echo "<H3>Failed to add project $gid to the database: $err</h3>\n";
exit;
}
mysql_db_query("tbdb","insert into grp_memb (uid,gid,trust)".
......@@ -83,7 +146,7 @@ if (isset($gid) && isset($password1) && isset($email) &&
fwrite($fp, "$email\n"); #Writes the email address to mailing lists
fwrite($fp2, "$email\n");
# mail("lepreau@cs.utah.edu,calfeld@cs.utah.edu",
mail("newbold@cs.utah.edu,stoller@cs.utah.edu",
mail("newbold@cs.utah.edu,stoller@cs.utah.edu,lepreau@cs.utah.edu",
"TESTBED: New Group", "'$usr_name' wants to start group ".
"'$gid'.\nContact Info:\nName:\t\t$usr_name ($grp_head_uid)\n".
"Email:\t\t$email\nGroup:\t\t$grp_name\nURL:\t\t$grp_URL\n".
......@@ -114,7 +177,7 @@ if (isset($gid) && isset($password1) && isset($email) &&
"Errors-To: Testbed WWW <testbed-www@flux.cs.utah.edu>");
}
echo "
<H1>Group '$gid' successfully added.</h1>
<H1>Project '$gid' successfully added.</h1>
<h2>The review committee has been notified of your application.
Most applications are reviewed within one week. We will notify
you by e-mail at '$usr_name&nbsp;&lt;$email>' of their decision
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment