Commit 9ac3d870 authored by Leigh Stoller's avatar Leigh Stoller

A morass of form changes. The main goals are to avoid the loss of info

when backing up (cause of an error that needs to be fixed) since not
all browsers handle this the same. Instead, redraw the form with all
of the original info and a list of error messages at the top.
Conceptually simple change, but it turns out to be a pain to implement
since you need to combine the form and processing code in one page
(well, its just a lot easier to do that), and then change all of the
forms to deal with a "default" value. That is, each different kind of
input tag (text, radio, select, checkbox, etc.) requires slightly
different changes to do that. Lots of forms, lots of entries on the
forms, and its a long slow tedious process. Much nicer though, although
the code is a bit harder to grok. At the same time, I added a lot more
sanity checks of the information being passed in.

The other change is to deal with how browsers handle the back button
on a form thats been properly submitted. Not all browsers use
the cache directives the same, and I was often typing back, only to
have some form get reposted. Thats a major pain in the butt. The way
to deal with that is to have the processor send out a Location header,
which modifies the browser history so that the post is no longer in
the history. You back up straight to the unposted form (if its in the
cache). I've done this to only some forms, since its a bit of a pain
to rework things so that you can jump ahead to a page that spits out
the requisite warm fuzzies for the specific operation just completed.

I've done newproject, joinproject, update user info, newimageid, and
newimaged_dz forms.
parent f4fdddcf
<?php
include("defs.php3");
PAGEHEADER("Apply for Project Membership");
#
# Get current user.
#
$uid = GETLOGIN();
#
# If a uid came in, then we check to see if the login is valid.
# If the login is not valid, then quit cause we don't want to display the
# personal information for some random ?uid argument.
#
if ($uid) {
LOGGEDINORDIE($uid);
$query_result = mysql_db_query($TBDBNAME,
"SELECT * FROM users WHERE uid='$uid'");
if (! $query_result) {
$err = mysql_error();
TBERROR("Database Error confirming user $uid: $err\n", 1);
}
if (($row = mysql_fetch_array($query_result)) == 0) {
USERERROR("You do not appear to have an account!", 1);
}
$usr_expires = $row[usr_expires];
$usr_email = $row[usr_email];
$usr_URL = $row[usr_URL];
$usr_addr = $row[usr_addr];
$usr_name = $row[usr_name];
$usr_phone = $row[usr_phone];
$usr_title = $row[usr_title];
$usr_affil = $row[usr_affil];
$returning = 1;
}
else {
$returning = 0;
}
?>
<table align="center" border="1">
<tr>
<td align="center" colspan="2">
Fields marked with * are required.</td>
</tr>
<form action="usradded.php3" method="post">
<?php
if ($returning) {
echo "<tr>
<td>*Username (no blanks, lowercase):</td>
<td class=\"left\">
<input type=\"readonly\" name=\"joining_uid\"
value=\"$uid\"></td>
</tr>\n";
echo "<tr>
<td>*Full Name:</td>
<td class=\"left\">
<input type=\"readonly\" name=\"usr_name\"
value=\"$usr_name\"></td>
</tr>\n";
echo "<tr>
<td>*Title/Position:</td>
<td class=\"left\">
<input type=\"readonly\" name=\"usr_title\"
value=\"$usr_title\"></td>
</tr>\n";
echo "<tr>
<td>*Institutional<br>Affiliation:</td>
<td class=\"left\">
<input type=\"readonly\" name=\"usr_affil\"
value=\"$usr_affil\"></td>
</tr>\n";
echo "<tr>
<td>*Email Address:</td>
<td class=\"left\">
<input type=\"readonly\" name=\"usr_email\"
value=\"$usr_email\"></td>
</tr>\n";
echo "<tr>
<td>Home Page URL:</td>
<td class=\"left\">
<input type=\"readonly\" name=\"usr_url\"
value=\"$usr_URL\"></td>
</tr>\n";
echo "<tr>
<td>*Mailing Address:</td>
<td class=\"left\">
<input type=\"readonly\" name=\"usr_addr\"
value=\"$usr_addr\"></td>
</tr>\n";
echo "<tr>
<td>*Phone #:</td>
<td class=\"left\">
<input type=\"readonly\" name=\"usr_phone\"
value=\"$usr_phone\"></td>
</tr>\n";
echo "<tr>
<td>Expiration date:</td>
<td class=\"left\">
<input type=\"readonly\" name=\"usr_expires\"
value=\"$usr_expires\"</td>
</tr>\n";
}
else {
echo "<tr>
<td>*Username:</td>
<td class=\"left\">
<input type=\"text\" name=\"joining_uid\"
size=$TBDB_UIDLEN maxlength=$TBDB_UIDLEN></td>
</tr>\n";
echo "<tr>
<td>*Full Name:</td>
<td class=\"left\">
<input type=\"text\" name=\"usr_name\" size=30></td>
</tr>\n";
echo "<tr>
<td>*Title/Position:</td>
<td class=\"left\">
<input type=\"text\" name=\"usr_title\" size=30></td>
</tr>\n";
echo "<tr>
<td>*Institutional<br>Affiliation:</td>
<td class=\"left\">
<input type=\"text\" name=\"usr_affil\" size=40></td>
</tr>\n";
echo "<tr>
<td>*Email Address[1]:</td>
<td class=\"left\">
<input type=\"text\" name=\"usr_email\" size=30></td>
</tr>\n";
echo "<tr>
<td>Home Page URL:</td>
<td class=\"left\">
<input type=\"text\" name=\"usr_url\"
value=\"http://\" size=45></td>
</tr>\n";
echo "<tr>
<td>*Mailing Address:</td>
<td class=\"left\">
<input type\"text\" name=\"usr_addr\" size=40></td>
</tr>\n";
echo "<tr>
<td>*Phone #:</td>
<td class=\"left\">
<input type=\"text\" name=\"usr_phone\" size=16></td>
</tr>\n";
$expiretime = date("m/d/Y", time() + (86400 * 90)); #add 90 days
echo "<tr>
<td>Expiration date:</td>
<td class=\"left\">
<input type=\"text\" name=\"usr_expires\" size=10
value=\"$expiretime\"></td>
</tr>\n";
echo "<tr>
<td>*Password[1]:</td>
<td><input type=\"password\" name=\"password1\" size=12></td>
</tr>
<tr>
<td>*Retype Password:</td>
<td><input type=\"password\" name=\"password2\" size=12></td>
</tr>\n";
}
#
# The only common fields!
#
# Note PID max length.
#
echo "<tr>
<td>*Project:</td>
<td class=\"left\">
<input type=\"text\" name=\"pid\"
size=$TBDB_PIDLEN maxlength=$TBDB_PIDLEN></td>
</tr>\n";
#
# Note GID max length.
#
echo "<tr>
<td>Group:<br>
(Leave blank unless you <em>know</em> the group name)</td>
<td class=\"left\">
<input type=\"text\" name=\"gid\"
size=$TBDB_GIDLEN maxlength=$TBDB_GIDLEN></td>
</tr>\n";
?>
<td colspan="2" align="center">
<b><input type="submit" value="Submit"></b></td></tr>
</form>
</table>
<?php
echo "<h4><blockquote><blockquote>
<dl COMPACT>
<dt>[1]
<dd>Please consult our
<a href = 'docwrapper.php3?docname=security.html'>
security policies</a> for information
regarding passwords and email address.
</dl>
</blockquote></blockquote></h4>\n";
#
# Standard Testbed Footer
#
PAGEFOOTER();
?>
This diff is collapsed.
......@@ -2,11 +2,41 @@
include("defs.php3");
#
# Standard Testbed Header
# No PAGEHEADER since we spit out a Location header later. See below.
#
PAGEHEADER("Beginning a Testbed Experiment");
$mydebug = 0;
#
# Spit the form out using the array of data.
#
function SPITFORM($formfields, $errors)
{
global $TBDB_PIDLEN, $TBDB_GIDLEN;
PAGEHEADER("Begin a Testbed Experiment");
if ($errors) {
echo "<table align=center border=0 cellpadding=0 cellspacing=2>
<tr>
<td align=center colspan=3>
<font color=red>
Oops, please fix the following errors!
</font>
</td>
</tr>\n";
while (list ($name, $message) = each ($errors)) {
echo "<tr>
<td align=right><font color=red>$name:</font></td>
<td>&nbsp &nbsp</td>
<td align=left><font color=red>$message</font></td>
</tr>\n";
}
echo "</table><br>\n";
}
}
$delnsfile = 0;
#
......
This diff is collapsed.
......@@ -5,58 +5,108 @@
require("defs.php3");
#
# This page gets loaded as the result of a login click.
#
# $uid will be set by the login form. If the login is okay, we zap
# the user back to the main page. If the login fails, put continue
# with a normal page, but with an error message.
#
if (isset($login)) {
#
# Login button pressed.
#
if (!isset($uid) ||
strcmp($uid, "") == 0) {
$login_status = $STATUS_LOGINFAIL;
}
else {
#
# Look to see if already logged in. If the user hits reload,
# we are going to get another login post, and this could
# update the current login. Try to avoid that if possible.
#
if (CHECKLOGIN($uid) == 1) {
$login_status = $STATUS_LOGGEDIN;
}
elseif (DOLOGIN($uid, $password)) {
$login_status = $STATUS_LOGINFAIL;
}
else {
$login_status = $STATUS_LOGGEDIN;
}
# Must not be logged in already!
#
if (($known_uid = GETUID()) != FALSE) {
if (CHECKLOGIN($known_uid) == $CHECKLOGIN_LOGGEDIN) {
PAGEHEADER("Login");
echo "<h3>
You are still logged in. Please log out first if you want
to log in as another user!
</h3>\n";
PAGEFOOTER();
die("");
}
}
else {
$login_status = $STATUS_LOGGEDIN;
#
# Spit out the form.
#
function SPITFORM($uid, $failed)
{
global $TBDB_UIDLEN, $TBBASE;
PAGEHEADER("Login");
if ($failed) {
echo "<center>
<font size=+1 color=red>
Login attempt failed! Please try again.
</font>
</center><br>\n";
}
echo "<center>
<font size=+1>
Please login to our secure server.<br>
(You must have cookies enabled)
</font>
</center>\n";
echo "<table align=center border=1>
<form action='${TBBASE}/login.php3' method=post>
<tr>
<td>Username:</td>
<td><input type=text
value=\"$uid\"
name=uid size=$TBDB_UIDLEN></td>
</tr>
<tr>
<td>Password:</td>
<td><input type=password name=password size=12></td>
</tr>
<tr>
<td align=center colspan=2>
<b><input type=submit value=Login name=login></b></td>
</tr>
</form>
</table>\n";
echo "<center><h2>
<a href='password.php3'>Forgot your password?</a>
</h2></center>\n";
}
if ($login_status == $STATUS_LOGGEDIN) {
#
# Zap back to front page in secure mode.
#
header("Location: $TBBASE/");
#
# If not clicked, then put up a form.
#
if (! isset($login)) {
SPITFORM($known_uid, 0);
PAGEFOOTER();
return;
}
#
# Standard Testbed Header
#
PAGEHEADER("Login Failed");
# Login clicked.
#
if (!isset($uid) ||
strcmp($uid, "") == 0) {
$login_status = $STATUS_LOGINFAIL;
}
else {
if (DOLOGIN($uid, $password)) {
$login_status = $STATUS_LOGINFAIL;
}
else {
$login_status = $STATUS_LOGGEDIN;
}
}
echo "<center><h3>Login attempt failed! Please try again.</h3></center>\n";
#
# Failed, then try again with an error message.
#
if ($login_status == $STATUS_LOGINFAIL) {
SPITFORM($uid, 1);
PAGEFOOTER();
return;
}
#
# Standard Testbed Footer
# Zap back to front page in secure mode.
#
PAGEFOOTER();
header("Location: $TBBASE/");
return;
?>
<?php
include("defs.php3");
#
# Standard Testbed Header
#
PAGEHEADER("Login");
#
# Get the UID that came back in the cookie so that we can present a
# default login name to the user. If there is a UID from the browser,
# and the user is still logged in, then skip the form. Gotta log out
# first.
#
if (($known_uid = GETUID()) != FALSE) {
if (CHECKLOGIN($known_uid) == $CHECKLOGIN_LOGGEDIN) {
echo "<h3>
You are still logged in. Please log out first if you want
to log in as another user!
</h3>\n";
PAGEFOOTER();
die("");
}
}
else {
$known_uid = "";
}
echo "<center><h3>
Please login to our secure server.<br>
(You must have cookies enabled)
</h3></center>\n";
echo "<table align=center border=1>\n";
echo "<form action=\"${TBBASE}/login.php3\" method=post>\n";
echo "<tr>
<td>Username:</td>
<td><input type=text value=\"$known_uid\" name=uid size=8></td>
</tr>
<tr>
<td>Password:</td>
<td><input type=password name=password size=12></td>
</tr>
<tr>
<td align=center colspan=2>
<b><input type=submit value=Login name=login></b></td>
</tr>\n";
echo "</form>\n";
echo "</table>\n";
echo "<center><h2>
<a href='password.php3'>Forgot your password?</a>
</h2></center>\n";
#
# Standard Testbed Footer
#
PAGEFOOTER();
?>
......@@ -64,11 +64,11 @@ function WRITESIDEBAR() {
WRITESIDEBARBUTTON("Home", $TBDOCBASE, "index.php3");
WRITESIDEBARBUTTON("News (new Nov 29)", $TBDOCBASE,
"docwrapper.php3?docname=news.html");
WRITESIDEBARBUTTON("Publications", $TBDOCBASE, "pubs.php3");
WRITESIDEBARBUTTON("Tutorial", $TBDOCBASE, "tutorial/tutorial.php3");
WRITESIDEBARBUTTON("FAQ", $TBDOCBASE, "faq.php3");
WRITESIDEBARBUTTON("Documentation", $TBDOCBASE, "doc.php3");
WRITESIDEBARBUTTON("Search Documentation", $TBDOCBASE, "search.php3");
WRITESIDEBARBUTTON("FAQ", $TBDOCBASE, "faq.php3");
WRITESIDEBARBUTTON("Tutorial", $TBDOCBASE, "tutorial/tutorial.php3");
WRITESIDEBARBUTTON("Publications", $TBDOCBASE, "pubs.php3");
WRITESIDEBARBUTTON("People", $TBDOCBASE, "people.php3");
WRITESIDEBARBUTTON("The Gallery", $TBDOCBASE, "gallery/gallery.php3");
WRITESIDEBARBUTTON("Projects Using $THISHOMEBASE", $TBDOCBASE,
......@@ -126,7 +126,7 @@ function WRITESIDEBAR() {
if ($status == "active" && $pswd_expired) {
WRITESIDEBARBUTTON("Change your Password",
$TBBASE, "modusr_form.php3");
$TBBASE, "moduserinfo.php3");
}
elseif ($status == "active") {
WRITESIDEBARBUTTON("My $THISHOMEBASE",
......@@ -158,11 +158,11 @@ function WRITESIDEBAR() {
}
WRITESIDEBARBUTTON("Begin an Experiment",
$TBBASE, "beginexp_form.php3");
$TBBASE, "beginexp.php3");
WRITESIDEBARBUTTON("Experiment Information",
$TBBASE, "showexp_list.php3");
WRITESIDEBARBUTTON("Update user information",
$TBBASE, "modusr_form.php3");
$TBBASE, "moduserinfo.php3");
WRITESIDEBARBUTTON("Node Reservation Status",
$TBBASE, "reserved.php3");
WRITESIDEBARBUTTON("Node Up/Down Status",
......@@ -182,8 +182,8 @@ function WRITESIDEBAR() {
# Standard options for anyone.
#
if ($login_status != $STATUS_NOLOGINS) {
WRITESIDEBARBUTTON("Start Project", $TBBASE, "newproject_form.php3");
WRITESIDEBARBUTTON("Join Project", $TBBASE, "addusr.php3");
WRITESIDEBARBUTTON("Start Project", $TBBASE, "newproject.php3");
WRITESIDEBARBUTTON("Join Project", $TBBASE, "joinproject.php3");
}
switch ($login_status) {
......@@ -225,7 +225,7 @@ function WRITESIDEBAR() {
else {
echo "<tr>
<td align=center height=50 valign=center>
<a href=\"$TBBASE/login_form.php3\">
<a href=\"$TBBASE/login.php3\">
<img alt=\"logon\" border=0
src=\"$BASEPATH/logon.gif\"></a>
</td>
......@@ -280,11 +280,11 @@ function WRITEBANNER($title) {
echo "<!-- This is the page Banner -->\n";
echo "
<a href='$BASEPATH/pix/merge-med.jpg'>
<img src='$BASEPATH/pix/merge-mini.jpg'
border=2 align=right></a>
\n";
# echo "
# <a href='$BASEPATH/pix/merge-med.jpg'>
# <img src='$BASEPATH/pix/merge-mini.jpg'
# border=2 align=right></a>
# \n";
echo "<table cellpadding=0 cellspacing=0 border=0 width=50%>";
echo "<tr>
......@@ -420,6 +420,11 @@ function PAGEHEADER($title) {
$login_status = $STATUS_NOLOGINS;
}
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
echo "<html>
<head>
<title>$THISHOMEBASE - $title</title>\n";
......
This diff is collapsed.
<?php
include("defs.php3");
#
# Standard Testbed Header
#
PAGEHEADER("Modify User Information Form");
#
# Only known and logged in users can modify info.
#
# Note different test though, since we want to allow logged in
# users with expired passwords to change them.
#
$uid = GETLOGIN();
LOGGEDINORDIE_SPECIAL($uid);
$isadmin = ISADMIN($uid);
#
# The target uid and the current uid will generally be the same, unless
# its an admin user modifying someone elses data. Must verify this case.
#
if (! isset($target_uid)) {
$target_uid = $uid;
}
#
# Admin types can change anyone. Otherwise, must be project root, or group
# root in at least one of the same groups. This is not exactly perfect, but
# it will do. You should not make someone group root if you do not trust
# them to behave.
#
if ($uid != $target_uid) {
if (! $isadmin) {
if (! TBUserInfoAccessCheck($uid, $target_uid,
$TB_USERINFO_MODIFYINFO)) {
USERERROR("You do not have permission to modify user information ".
"for other users", 1);
}
}
}
?>
<center>
<table align="center" border="1">
<tr><td align="center" colspan="4">
Only fields marked with * are required
</td>
</tr>
<?php
#
# Suck the current info out of the database and break it apart.
#
$info_result = mysql_db_query($TBDBNAME,
"select * from users where uid='$target_uid'");
if (! $info_result) {
$err = mysql_error();
TBERROR("Database Error getting user info for $target_uid: $err\n", 1);
}
$row = mysql_fetch_array($info_result);
$usr_expires = $row[usr_expires];
$usr_email = $row[usr_email];
$usr_URL = $row[usr_URL];
$usr_addr = $row[usr_addr];
$usr_name = $row[usr_name];
$usr_phone = $row[usr_phone];
$usr_title = $row[usr_title];
$usr_affil = $row[usr_affil];
#
# Generate the form.
#
echo "<form action=\"modusr_process.php3\" method=\"post\">\n";
echo "<tr>
<td>Username:</td>
<td class=\"left\">
<input readonly type=readonly name=target_uid
value=\"$target_uid\"></td>
</tr>\n";
echo "<tr>
<td>*Full Name:</td>
<td class=\"left\">
<input type=\"text\" name=\"usr_name\" size=\"30\"
value=\"$usr_name\"></td>
</tr>\n";
#
# Only admins can change the email address.
#
echo "<tr>
<td>*Email Address[1]:</td>
<td class=left>\n";
if ($isadmin) {
echo "<input type=text ";
}
else {
echo "<input readonly type=readonly ";
}
echo " name='usr_email' size=30 value='$usr_email'></td>
</tr>\n";
echo "<tr>
<td>Home Page URL:</td>
<td class=\"left\">
<input type=\"text\" name=\"usr_url\" size=\"45\"
value=\"$usr_URL\"></td>
</tr>\n";
#echo "<tr>
# <td>Expiration date:</td>
# <td class=\"left\">
# <input type=\"text\" name=\"usr_expires\"
# value=\"$usr_expires\"></td>
# </tr>\n";
echo "<tr>
<td>Mailing Address:</td>
<td class=\"left\">
<input type=\"text\" name=\"usr_addr\" size=\"40\"
value=\"$usr_addr\"></td>
</tr>\n";
echo "<tr>
<td>Phone #:</td>
<td class=\"left\">
<input type=\"text\" name=\"usr_phone\" size=\"15\"
value=\"$usr_phone\"></td>
</tr>\n";
echo "<tr>
<td>*Title/Position:</td>
<td class=\"left\">
<input type=\"text\" name=\"usr_title\" size=\"30\"
value=\"$usr_title\"></td>
</tr>\n";
echo "<tr>
<td>*Institutional Affiliation:</td>
<td class=\"left\">
<input type=\"text\" name=\"usr_affil\" size=\"40\"
value=\"$usr_affil\"></td>
</tr>\n";
echo "<tr>
<td>New Password[1]:</td>
<td class=\"left\">
<input type=\"password\" name=\"new_password1\" size=\"8\"></td>
</tr>\n";
echo "<tr>
<td>Retype<br>New Password:</td>
<td class=\"left\">
<input type=\"password\" name=\"new_password2\" size=\"8\"></td>
</tr>\n";
?>
<td colspan="4" align="center">
<b><input type="submit" value="Submit"></b></td></tr>
</form>
</table>
</center>
<?php
echo "<h4><blockquote><blockquote>
<dl COMPACT>
<dt>[1]
<dd>Please consult our