Commit 846a98d6 authored by Kevin Atkinson's avatar Kevin Atkinson

If a known user (based on stored cookies) is not logged in than

redirect to the login page rather than printing a message with a link
to the page.  Otherwise send a "403 Forbidden" to keep robots from
indexing the page.  Also send appreciate HTTP responses on other
precheck errors to keep a robot from indexing the page.  In order to
do this the PAGEHEADER call needed to be moved to after
CheckLoginOrDie and Required/OptionalPageArguments on many pages.  A
warning will be printed if either CheckLoginOrDie or
Required/OptionalPageArguments detects that PAGEHEADER was already
called.

Also change the redirect in kb-show to be a permanent redirect (301)
rather than a temporary one (302) which is the default unless a status
code is given.
parent 2f8c0d21
......@@ -6,11 +6,6 @@
#
include("defs.php3");
#
# Standard Testbed Header
#
PAGEHEADER("New Project Approved");
#
# Only known and logged in users can do this.
#
......@@ -26,11 +21,17 @@ $optargs = OptionalPageArguments("head_uid", PAGEARG_STRING,
"silent", PAGEARG_BOOLEAN,
"pcplab_okay", PAGEARG_BOOLEAN,
"ron_okay", PAGEARG_BOOLEAN);
$sendemail = 1;
if (isset($silent) && $silent) {
$sendemail = 0;
}
#
# Standard Testbed Header
#
PAGEHEADER("New Project Approved");
#
# Of course verify that this uid has admin privs!
#
......
......@@ -6,11 +6,6 @@
#
include("defs.php3");
#
# Standard Testbed Header
#
PAGEHEADER("New Project Approval");
#
# Only known and logged in users can do this.
#
......@@ -46,6 +41,11 @@ if (! ($this_project = $reqargs["project"])) {
$pid = $this_project->pid();
$projleader = $this_project->GetLeader();
#
# Standard Testbed Header
#
PAGEHEADER("New Project Approval");
echo "<center><h3>You have the following choices:</h3></center>
<table class=stealth align=center border=0>
<tr>
......
......@@ -6,11 +6,6 @@
#
include("defs.php3");
#
# Standard Testbed Header
#
PAGEHEADER("New Project Approval List");
#
# Only known and logged in users can do this. uid came in with the URI.
#
......@@ -30,6 +25,11 @@ if (! $isadmin) {
#
$reqargs = RequiredPageArguments();
#
# Standard Testbed Header
#
PAGEHEADER("New Project Approval List");
#
# Look in the projects table to see which projects have not been approved.
# Present a menu of options to either approve or deny the projects.
......
......@@ -6,11 +6,6 @@
#
include("defs.php3");
#
# Standard Testbed Header
#
PAGEHEADER("New Users Approved");
#
# Only known and logged in users.
#
......@@ -22,6 +17,11 @@ $uid = $this_user->uid();
#
$reqargs = RequiredPageArguments();
#
# Standard Testbed Header
#
PAGEHEADER("New Users Approved");
# Local used below.
$projectchecks = array();
......
......@@ -6,11 +6,6 @@
#
include("defs.php3");
#
# Standard Testbed Header
#
PAGEHEADER("New User Approval");
#
# Only known and logged in users can be verified.
#
......@@ -34,6 +29,11 @@ if (count($approvelist) == 0) {
USERERROR("You have no new project members who need approval.", 1);
}
#
# Standard Testbed Header
#
PAGEHEADER("New User Approval");
echo "
<h2>Approve new users in your Project or Group</h2>
<p>
......
......@@ -6,11 +6,6 @@
#
include("defs.php3");
#
# Standard Testbed Header
#
PAGEHEADER("Widearea Accounts Approval Form");
#
# Only known and logged in users can be verified.
#
......@@ -109,6 +104,11 @@ while (list ($header, $value) = each ($HTTP_POST_VARS)) {
}
}
#
# Standard Testbed Header
#
PAGEHEADER("Widearea Accounts Approval Form");
reset($HTTP_POST_VARS);
#
......
......@@ -6,11 +6,6 @@
#
include("defs.php3");
#
# Standard Testbed Header
#
PAGEHEADER("Widearea Accounts Approval Form");
#
# Only admin types can use this page.
#
......@@ -22,6 +17,11 @@ if (! $isadmin) {
USERERROR("Only testbed administrators people can access this page!", 1);
}
#
# Standard Testbed Header
#
PAGEHEADER("Widearea Accounts Approval Form");
echo "
<h2>Approve local accounts on specific widearea nodes</h2>
......
......@@ -6,11 +6,6 @@
#
include("defs.php3");
#
# Standard Testbed Header
#
PAGEHEADER("Commit and Tag");
#
# Only known and logged in users can look at experiments.
#
......@@ -37,6 +32,11 @@ if (!$isadmin &&
"archive in $pid/$eid!", 1);
}
#
# Standard Testbed Header
#
PAGEHEADER("Commit and Tag");
function SPITFORM($formfields, $errors)
{
global $experiment, $TBDB_ARCHIVE_TAGLEN, $referrer;
......
......@@ -6,11 +6,6 @@
#
include("defs.php3");
#
# Standard Testbed Header
#
PAGEHEADER("Archive Tags");
#
# Only known and logged in users can end experiments.
#
......@@ -92,6 +87,11 @@ else {
PAGEARGERROR("Must provide a current or former experiment index");
}
#
# Standard Testbed Header
#
PAGEHEADER("Archive Tags");
# Show just the last N records unless request is different.
if (!isset($records)) {
$records = 100;
......
......@@ -8,8 +8,6 @@ chdir("..");
require("defs.php3");
chdir("buildui");
PAGEHEADER("NetBuild");
#
# Only known and logged in users can do this.
#
......@@ -32,6 +30,11 @@ if (isset($action) && $action == "modify") {
echo "<h3>Modifying $pid/$eid:</h3>";
}
#
# Standard Testbed Header
#
PAGEHEADER("NetBuild");
?>
<applet code="Netbuild.class" width=800 height=600 MAYSCRIPT>
......
......@@ -15,8 +15,6 @@ $view = array(
'hide_copyright' => 1
);
PAGEHEADER("Experiment Creation GUI", $view);
#
# Only known and logged in users can do this.
#
......@@ -30,6 +28,8 @@ $isadmin = ISADMIN();
$optargs = OptionalPageArguments("experiment", PAGEARG_EXPERIMENT,
"fallback", PAGEARG_BOOLEAN);
PAGEHEADER("Experiment Creation GUI", $view);
?>
<h3>Note: See the Help menu for quickstart and tips</h3>
......
......@@ -258,9 +258,14 @@ function TBERROR ($message, $death, $xmp = 0) {
}
#
# General user errors should print something warm and fuzzy
#
function USERERROR($message, $death = 1) {
# General user errors should print something warm and fuzzy. If a
# header is not already printed and the dealth paramater is true, then
# assume the error is a precheck error and send an appropriate HTTP
# response to prevent robots from indexing the page. This currently
# defaults to a "400 Bad Request", but that may change in the future.
#
function USERERROR($message, $death = 1,
$status_code = HTTP_400_BAD_REQUEST) {
global $TBMAILADDR;
global $session_interactive, $session_errorhandler;
......@@ -286,7 +291,7 @@ function USERERROR($message, $death = 1) {
</font>\n";
if ($death) {
PAGEERROR($msg);
PAGEERROR($msg, $status_code);
}
else
echo "$msg\n";
......@@ -310,7 +315,7 @@ function PAGEARGERROR($msg = 0) {
if ($msg) {
$default = "$default<br><br>$msg";
}
USERERROR($default, 1);
USERERROR($default, 1, HTTP_400_BAD_REQUEST);
}
#
......
......@@ -6,11 +6,6 @@
#
include("defs.php3");
#
# Standard Testbed Header
#
PAGEHEADER("Delay Control");
#
# Only known and logged in users can do this.
#
......@@ -32,6 +27,11 @@ $gid = $experiment->gid();
$state = $experiment->state();
$unix_gid = $experiment->UnixGID();
#
# Standard Testbed Header
#
PAGEHEADER("Delay Control");
#
# Look for transition and exit with error.
#
......
......@@ -6,11 +6,6 @@
#
include("defs.php3");
#
# Standard Testbed Header
#
PAGEHEADER("Delete a Group");
#
# Only known and logged in users.
#
......@@ -47,6 +42,11 @@ if (! $project->AccessCheck($this_user, $TB_PROJECT_DELGROUP)) {
1);
}
#
# Standard Testbed Header
#
PAGEHEADER("Delete a Group");
#
# Check to see if there are any active experiments. Abort if there are.
#
......
......@@ -7,11 +7,6 @@
include("defs.php3");
include("imageid_defs.php");
#
# Standard Testbed Header
#
PAGEHEADER("Delete an Image Descriptor");
#
# Only known and logged in users can end experiments.
#
......@@ -38,6 +33,11 @@ if (! $image->AccessCheck($this_user, $TB_IMAGEID_DESTROY)) {
USERERROR("You do not have permission to destroy ImageID $imageid!", 1);
}
#
# Standard Testbed Header
#
PAGEHEADER("Delete an Image Descriptor");
#
# Check to see if the imageid is being used in various places
#
......
......@@ -7,11 +7,6 @@
include("defs.php3");
include_once("node_defs.php");
#
# Standard Testbed Header
#
PAGEHEADER("Delete a Node Log Entry");
#
# Only known and logged in users can end experiments.
#
......@@ -37,6 +32,11 @@ if (! ($isadmin || OPSGUY())) {
# Need these below
$node_id = $node->node_id();
#
# Standard Testbed Header
#
PAGEHEADER("Delete a Node Log Entry");
#
# We run this twice. The first time we are checking for a confirmation
# by putting up a form. The next time through the confirmation will be
......
......@@ -7,11 +7,6 @@
include("defs.php3");
include_once("osinfo_defs.php");
#
# Standard Testbed Header
#
PAGEHEADER("Delete an OS Descriptor");
#
# Only known and logged in users can end experiments.
#
......@@ -38,6 +33,11 @@ if (!$osinfo->AccessCheck($this_user, $TB_OSID_DESTROY)) {
USERERROR("You do not have permission to delete OS Descriptor $osid!", 1);
}
#
# Standard Testbed Header
#
PAGEHEADER("Delete an OS Descriptor");
$conflicts = 0;
#
......
......@@ -6,11 +6,6 @@
#
include("defs.php3");
#
# Standard Testbed Header
#
PAGEHEADER("Terminating Project and Remove all Trace");
#
# Only known and logged in users can end experiments.
#
......@@ -36,6 +31,12 @@ $optargs = OptionalPageArguments("canceled", PAGEARG_BOOLEAN,
# Need these below.
$pid = $project->pid();
#
# Standard Testbed Header
#
PAGEHEADER("Terminating Project and Remove all Trace");
#
# Check to see if there are any active experiments. Abort if there are.
#
......
......@@ -6,11 +6,6 @@
#
include("defs.php3");
#
# Standard Testbed Header
#
PAGEHEADER("Remove User");
#
# Only known and logged in users allowed.
#
......@@ -32,6 +27,11 @@ $optargs = OptionalPageArguments("target_project", PAGEARG_PROJECT,
$target_dbuid = $target_user->uid();
$target_uid = $target_user->uid();
#
# Standard Testbed Header
#
PAGEHEADER("Remove User");
#
# Requesting? Fire off email and we are done.
#
......
......@@ -6,11 +6,6 @@
#
include("defs.php3");
#
# Standard Testbed Header
#
PAGEHEADER("Edit Group Membership");
#
# Only known and logged in users.
#
......@@ -42,6 +37,11 @@ if (! $group->AccessCheck($this_user, $TB_PROJECT_EDITGROUP)) {
"project $pid!", 1);
}
#
# Standard Testbed Header
#
PAGEHEADER("Edit Group Membership");
#
# See if user is allowed to add non-members to group.
#
......
......@@ -9,11 +9,6 @@ include_once("osiddefs.php3");
include_once("imageid_defs.php");
include_once("osinfo_defs.php");
#
# Standard Testbed Header
#
PAGEHEADER("Edit Image Descriptor");
#
# Only known and logged in users.
#
......@@ -38,6 +33,11 @@ if (!$image->AccessCheck($this_user, $TB_IMAGEID_MODIFYINFO)) {
USERERROR("You do not have permission to access ImageID $imageid!", 1);
}
#
# Standard Testbed Header
#
PAGEHEADER("Edit Image Descriptor");
#
# Need a list of node types. We join this over the nodes table so that
# we get a list of just the nodes that currently in the testbed, not
......
......@@ -6,11 +6,6 @@
#
include("defs.php3");
#
# Standard Testbed Header
#
PAGEHEADER("Edit Site Variables");
#
# Only known and logged in users can do this.
#
......@@ -33,6 +28,11 @@ $optargs = OptionalPageArguments(# Edit greenballs pull up an Edit subform.
"edited", PAGEARG_STRING,
"canceled", PAGEARG_STRING);
#
# Standard Testbed Header
#
PAGEHEADER("Edit Site Variables");
function SPIT_MSGS($message, $errors)
{
if ($message !== "") {
......
......@@ -7,8 +7,6 @@
include("defs.php3");
include("form_defs.php");
PAGEHEADER("Silly Forms example");
#
# Only known and logged in users.
#
......@@ -18,6 +16,8 @@ $uid = $this_user->uid();
$optargs = OptionalPageArguments("submit", PAGEARG_STRING,
"formfields", PAGEARG_ARRAY);
PAGEHEADER("Silly Forms example");
# The form attributes:
$form = array('#id' => 'form1',
'#caption' => 'My Form',
......
......@@ -7,8 +7,6 @@
include("defs.php3");
include_once("node_defs.php");
PAGEHEADER("Free Node");
#
# Only known and logged in users can do this.
#
......@@ -44,6 +42,11 @@ if (! ($isadmin || (OPSGUY()) && $pid == $TBOPSPID)) {
USERERROR("Not enough permission to free nodes!", 1);
}
#
# Standard Testbed Header
#
PAGEHEADER("Free Node");
#
# We run this twice. The first time we are checking for a confirmation
# by putting up a form. The next time through the confirmation will be
......
......@@ -6,11 +6,6 @@
#
include("defs.php3");
#
# Standard Testbed Header
#
PAGEHEADER("Freeze User Account");
#
# Only known and logged in users allowed.
#
......@@ -66,6 +61,11 @@ if (!strcmp($action, "freeze")) {
}
}
#
# Standard Testbed Header
#
PAGEHEADER("Freeze User Account");
#
# Requesting? Fire off email and we are done.
#
......
......@@ -18,14 +18,15 @@ if (isset($xref_tag) && $xref_tag != "") {
DBQueryFatal("select * from knowledge_base_entries ".
"where xref_tag='$xref_tag'");
if (! mysql_num_rows($query_result)) {
USERERROR("No such knowledge_base entry: $xref_tag", 1);
USERERROR("No such knowledge_base entry: $xref_tag", 1,
HTTP_404_NOT_FOUND);
}
$row = mysql_fetch_array($query_result);
$idx = $row['idx'];
}
if (isset($idx)) {
header("Location: $WIKIDOCURL/kb${idx}");
header("Location: $WIKIDOCURL/kb${idx}", TRUE, 301);
}
else {
header("Location: $WIKIDOCURL/KnowledgeBase");
header("Location: $WIKIDOCURL/KnowledgeBase", TRUE, 301);
}
......@@ -6,11 +6,6 @@
#
include("defs.php3");
#
# Standard Testbed Header
#
PAGEHEADER("Link Monitoring");
#
# Only known and logged in users.
#
......@@ -52,6 +47,11 @@ if (mysql_num_rows($query_result) == 0) {
USERERROR("No links are being traced/monitored in $eid/$pid!", 1);
}
#
# Standard Testbed Header
#
PAGEHEADER("Link Monitoring");
echo $experiment->PageHeader();
echo "<br /><br />\n";
......
......@@ -17,7 +17,8 @@ $optargs = OptionalPageArguments("login", PAGEARG_STRING,
"simple", PAGEARG_BOOLEAN,
"adminmode",PAGEARG_BOOLEAN,
"refer", PAGEARG_BOOLEAN,
"referrer", PAGEARG_STRING);
"referrer", PAGEARG_STRING,
"error", PAGEARG_STRING);
# Allow adminmode to be passed along to new login. Handy for letting admins
# log in when NOLOGINS() is on.
......@@ -31,8 +32,8 @@ if (! isset($simple)) {
if (! isset($key)) {
$key = null;
}
if (! isset($referrer)) {
$referrer = null;
if (! isset($error)) {
$error = null;
}
# See if referrer page requested that it be passed along so that it can be
......@@ -45,6 +46,10 @@ if (isset($refer) &&
# the user may have visited the last page with http. If they did, send them
# back through https
$referrer = preg_replace("/^http:/i","https:",$referrer);
} else if (isset($referrer)) {
$refer = true;
} else {
$referrer = null;
}
#
......@@ -90,23 +95,39 @@ if (($this_user = CheckLogin($status))) {
#
# The uid can be an email address, and in fact defaults to that now.
#
function SPITFORM($uid, $key, $referrer, $failed, $adminmode, $simple, $view)
function SPITFORM($uid, $key, $referrer, $error, $adminmode, $simple, $view)
{
global $TBDB_UIDLEN, $TBBASE;
PAGEHEADER("Login",$view);
if ($failed) {
echo "<center>
<font size=+1 color=red>
Login attempt failed! Please try again.
</font>
</center><br>\n";
$premessage = "Please login to our secure server.";
if ($error) {
echo "<center>";
echo "<font size=+1 color=red>";
switch ($error) {
case "failed":
echo "Login attempt failed! Please try again.";
break;
case "notloggedin":
echo "You do not appear to be logged in!";
$premessage = "Please log in again.";
break;
case "timedout":
echo "Your login has timed out!";
$premessage = "Please log in again.";
break;
default:
echo "Unknown Error ($error)!";
}
echo "</font>";
echo "</center><br>\n";
}
echo "<center>
<font size=+1>
Please login to our secure server.<br>
$premessage<br>
(You must have cookies enabled)
</font>
</center>\n";
......@@ -164,8 +185,8 @@ if (! isset($login)) {
else {
$login_id = REMEMBERED_ID();
}
SPITFORM($login_id, $key, $referrer, 0, $adminmode, $simple, $view);
SPITFORM($login_id, $key, $referrer, $error, $adminmode, $simple, $view);
PAGEFOOTER($view);
return;
}
......@@ -196,7 +217,7 @@ else {
# Failed, then try again with an error message.
#
if ($login_status == $STATUS_LOGINFAIL) {
SPITFORM($uid, $key, $referrer, 1, $adminmode, $simple, $view);
SPITFORM($uid, $key, $referrer, "failed", $adminmode, $simple, $view);
PAGEFOOTER($view);
return;
}
......
......@@ -1261,9 +1261,16 @@ function PAGEFOOTER($view = NULL) {
echo "</body></html>\n";
}
function PAGEERROR($msg) {
define("HTTP_400_BAD_REQUEST", 400);