Commit b54fa6e2 authored by Mac Newbold's avatar Mac Newbold

Updated web interface. Major/incompatible changes since Logan's last update.

_*.php3 names are old versions that need to be updated.
parent 98e31231
<?php
if (!isset($PHP_AUTH_USER)) {
Header("WWW-Authenticate: Basic realm=\"testbed\"");
Header("HTTP/1.0 401 Unauthorized");
echo "User authenication is required to view these pages\n";
exit;
} else {
addslashes($PHP_AUTH_USER);
$PSWD = crypt("$PHP_AUTH_PW", strlen($PHP_AUTH_USER));
$query = "SELECT * FROM users WHERE uid=\"$PHP_AUTH_USER\" AND usr_pswd=\"$PSWD\"";
$result = mysql_db_query("tbdb", $query);
$numusers = mysql_num_rows($result);
$query2 = "SELECT timeout FROM login WHERE uid=\"$PHP_AUTH_USER\"";
$result2 = mysql_db_query("tbdb", $query2);
$n = mysql_num_rows($result2);
$row = mysql_fetch_row($result2);
if (($n == 0) || ($numusers == 0) || ($row[0] < time())) {
$cmnd = "DELETE FROM login WHERE uid=\"$PHP_AUTH_USER\"";
mysql_db_query("tbdb", $cmnd);
Header("WWW-Authenticate: Basic realm=\"testbed\"");
Header("HTTP/1.0 401 Unauthorized");
die ("Authorization Failed\n");
}
$timeout = time() + 1800;
$cmnd = "UPDATE login SET timeout=\"$timeout\" where uid=\"$PHP_AUTH_USER\"";
mysql_db_query("tbdb", $cmnd);
}
?>
<html>
<head>
<title>New Experiment</title>
<link rel="stylesheet" href="tbstyle.css" type="text/css">
</head>
<body>
<H1>Begin an experiment on the testbed</h1>
<table border="1" align="center">
<tr><td colspan="2">Only those fields in bold, red type are required.</td></tr>
<form action=added.php3 method="post">
<tr><th>Experiment Name:</th><td><input type="text" name="eid"></td></tr>
<?php
addslashes($PHP_AUTH_USER);
$query = "SELECT pid FROM proj_memb WHERE uid=\"$PHP_AUTH_USER\"";
$result = mysql_db_query("tbdb", $query);
$n = mysql_num_rows($result);
if ($n == 1) {
echo "<tr><th>Project ID:</th>";
$row = mysql_fetch_row($result);
echo "<td><input type=\"readonly\" value=\"$row[0]\" name=\"proj\"></td></tr>\n";
} elseif ($n > 1) {
echo "<tr><th>Project ID:</th><td><select name=\"proj\">\n";
while ($row = mysql_fetch_row($result)) {
echo "<option value=\"$row[0]\">$row[0]</option>\n";
}
echo "</select></td></tr>\n";
} else {
echo "<tr><th colspan=\"2\">You must be part of a project if you wan to run an experiment</th></tr>";
}
$utime = time();
$year = date("Y", $utime);
$month = date("m", $utime);
$thismonth = $month++;
if ($month > 12) {
$month -= 12;
$month = "0".$month;
}
$rest = date("d H:i:s", $utime);
echo "<tr><th>Expiration date:</th><td><input type=\"text\" value=\"$year:$month:$rest\" name=\"expt_expires\"></td></tr>
<tr><td>Experiment long name:</td><td><input type=\"text\" name=\"expt_name\"></td></tr>
<tr><td>Experiment starts:</td><td><input type=\"text\" value=\"$year:$thismonth:$rest\" name=\"expt_start\"></td></tr>
<tr><td>Experiment ends:</td><td><input type=\"text\" value=\"$year:$month:$rest\" name=\"expt_end\"></td></tr>
<tr><th colspan=\"2\"><input type=\"submit\" value=\"Submit\"></th></tr>\n";
?>
</form>
</table>
</body>
</html>
\ No newline at end of file
<?php
if (!isset($PHP_AUTH_USER)) {
Header("WWW-Authenticate: Basic realm=\"testbed\"");
Header("HTTP/1.0 401 Unauthorized");
die("User authenication is required to view these pages\n");
} else {
addslashes($PHP_AUTH_USER);
$PSWD = crypt("$PHP_AUTH_PW", strlen($PHP_AUTH_USER));
$query = "SELECT * FROM users WHERE uid=\"$PHP_AUTH_USER\" AND usr_pswd=\"$PSWD\" AND trust_level > 0";
$result = mysql_db_query("tbdb", $query);
$numusers = mysql_num_rows($result);
$query2 = "SELECT timeout FROM login WHERE uid=\"$PHP_AUTH_USER\"";
$result2 = mysql_db_query("tbdb", $query2);
$n = mysql_num_rows($result2);
$row = mysql_fetch_row($result2);
if (($n == 0) || ($numusers == 0) || ($row[0] < time())) {
$cmnd = "DELETE FROM login WHERE uid=\"$PHP_AUTH_USER\"";
mysql_db_query("tbdb", $cmnd);
Header("WWW-Authenticate: Basic realm=\"testbed\"");
Header("HTTP/1.0 401 Unauthorized");
die ("Authorization Failed\n");
}
$timeout = time() + 1800;
$cmnd = "UPDATE login SET timeout=\"$timeout\" where uid=\"$PHP_AUTH_USER\"";
mysql_db_query("tbdb", $cmnd);
}
?>
<html>
<head>
<title>New Project</title>
<link rel="stylesheet" href="tbstyle.css" type="text/css">
</head>
<body>
<H1>Begin a project</h1>
<?php
addslashes($PHP_AUTH_USER);
$utime = time();
$year = date("Y", $utime);
$month = date("m", $utime);
$month += 6;
if ($month > 12) {
$month -= 12;
$month = "0".$month;
}
$rest = date("d H:i:s", $utime);
echo "<table border=\"1\" align=\"center\">
<form action=added.php3 method=\"post\">
<tr><td colspan=\"2\">Only fields in bold red are required</td></tr>
<tr><th>Project Name:</th><td><input type=\"text\" name=\"pid\"></td></tr>
<tr><th>Group association:</th>\n";
$query = "SELECT gid FROM grp_memb WHERE uid=\"$PHP_AUTH_USER\"";
$result = mysql_db_query("tbdb", $query);
$n = mysql_num_rows($result);
if ($n > 1) {
echo "<td><select name=\"grp_assoc\">\n";
while ($row = mysql_fetch_row($result)) {
echo "<option value=\"$row[0]\">$row[0]</option>\n";
}
echo "</select></td></tr>\n";
} else {
$row = mysql_fetch_row($result);
echo "<td><input type=\"readonly\" value=\"$row[0]\" name=\"grp_assoc\"></td></tr>\n";
}
echo "<tr><th>Expiration date:</th><td><input type=\"text\" value=\"$year:$month:$rest\" name=\"proj_expires\"></td></tr>\n";
?>
<tr><td>Project Long Name:</td><td><input type="text" name="proj_name"></td></tr>
<tr><td>Project Members:</td><td><textarea cols="20" rows="2" name="proj_memb"></textarea></td>
<tr><th colspan="2"><input type="submit" value="Submit"></th></tr>
</form>
</table>
</body>
</html>
\ No newline at end of file
<?php
if (!isset($PHP_AUTH_USER) || !empty($HTTP_GET_VARS)) {
Header("WWW-Authenticate: Basic realm=\"testbed\"");
Header("HTTP/1.0 401 Unauthorized");
echo ("User authentication is required to view these pages\n");
} else {
addslashes($PHP_AUTH_USER);
$PSWD = crypt("$PHP_AUTH_PW", strlen($PHP_AUTH_USER));
$query = "SELECT trust_level FROM users WHERE uid='$PHP_AUTH_USER' AND usr_pswd='$PSWD' AND trust_level > 0";
$result = mysql_db_query("tbdb", $query);
$valid = mysql_num_rows($result);
$tlrow = mysql_fetch_row($result);
$trust = $tlrow[0];
$query2 = "SELECT timeout FROM login WHERE uid=\"$PHP_AUTH_USER\"";
$result2 = mysql_db_query("tbdb", $query2);
$n = mysql_num_rows($result2);
$row = mysql_fetch_row($result2);
if (($n == 0) || ($valid == 0) || ($row[0] < time())) {
$cmnd = "DELETE FROM login WHERE uid=\"$PHP_AUTH_USER\"";
mysql_db_query("tbdb", $cmnd);
Header("WWW-Authenticate: Basic realm=\"testbed\"");
Header("HTTP/1.0 401 Unauthorized");
die ("Authorization Failed\n");
}
$timeout = time() + 1800;
$cmnd = "UPDATE login SET timeout=\"$timeout\" where uid=\"$PHP_AUTH_USER\"";
mysql_db_query("tbdb", $cmnd);
}
echo "
<html>
<head>
<title>Modify $uid</title>
<link rel='stylesheet' href='tbstyle.css' type='text/css'>
</head>
<body>
";
if (isset($HTTP_POST_VARS)) {
array_walk($HTTP_POST_VARS, "addslashes");
}
if (isset($update)) { #if the form was submitted with the update button, update the database
echo "<H1>Updating the Database...</h1>\n";
$cmnd = "UPDATE users SET usr_expires=\"$usr_expires\",
usr_name=\"$usr_name\",
usr_email=\"$usr_email\",
usr_addr=\"$usr_addr\",
usr_phones=\"$usr_phones\",
trust_level=\"$trust_level\" WHERE uid=\"$uid\"";
$result = mysql_db_query("tbdb", $cmnd);
$succ = mysql_affected_rows($result);
if ($succ == 0) {
$err = mysql_error();
echo "<H3>Could not query database: $err</h3>\n";
exit;
} elseif (($old_pw != $new_pw) && ($new_pw == $new_pw2)) {
$enc = crypt("$new_pw", strlen($uid));
$pwcom = "UPDATE users SET usr_pswd=\"$enc\" WHERE uid=\"$uid\"";
$pres = mysql_db_query("tbdb", $pwcom);
if (!$pres) {
$err = mysql_error();
die ("<H3>Failed to change password: $err</h3>");
}
}
echo "<H3>$uid UPDATED</h3>";
} elseif (isset($delete)) { #if the form was submitted with the delete button, delete the user
$cmnd = "DELETE FROM users WHERE uid=\"$uid\"";
$result = mysql_db_query("tbdb", $cmnd);
$succ = mysql_affected_rows($result);
if ($succ == 0) {
$err = mysql_error();
die ("<H3 color=red>Could not query database: $err</h3>\n");
}
$cmnd2 = "DELETE FROM grp_memb WHERE uid=\"$uid\"";
mysql_db_query("tbdb", $cmnd2);
$cmnd3 = "DELETE FROM proj_memb WHERE uid=\"$uid\"";
mysql_db_query("tbdb", $cmnd3);
echo "<H3>$uid DELETED</h3>";
} elseif (isset($uid)) { #when coming from usrs.php3, display user info in a form to be altered
echo "<H3>Modify only those entries you wish to change</h3>
<table border = \"1\" summary=\"Modify entries in the table and submit it to change the databse\">
<form action=\"usrmod.php3\" method=\"post\">\n";
$cmnd = "SELECT * FROM users WHERE uid=\"$uid\"";
$result = mysql_db_query("tbdb", $cmnd);
$row = mysql_fetch_array($result);
print "<tr><th>Username</th>
<td><input type=\"text\" name=\"uid\" value=$uid></td></tr>\n";
print "<tr><th>Full Name</th>
<td><input type=\"text\" name=\"usr_name\" value=\"$row[usr_name]\"></td></tr>\n";
print "<tr><th>Email</th>
<td><input type=\"text\" name=\"usr_email\" value=$row[usr_email]></td></tr>\n";
print "<tr><th>Mailing Address</th>
<td><input type=\"text\" name=\"usr_addr\" value=\"$row[usr_addr]\"></td></tr>\n";
print "<tr><th>Phone Number</th>
<td><input type=\"text\" name=\"usr_phones\" value=$row[usr_phones]></td></tr>\n";
print "<tr><th>User Expires</th>
<td><input type=\"text\" name=\"usr_expires\" value=\"$row[usr_expires]\"></td></tr>\n";
if ($trust == 1) {
$type = "readonly";
} else {
$type = "text";
}
print "<tr><th>Trust Level</th>
<td><input type='$type' name=\"trust_level\" value=$row[trust_level]></td></tr>
<tr><th>Old Password</th><td><input type=\"password\" name=\"old_pw\"></td></tr>
<tr><th>New Password</th><td><input type=\"password\" name=\"new_pw\"></td></tr>
<tr><th>Retype New Password</th><td><input type=\"password\" name=\"new_pw2\"></td></tr>
</table>
<p>
<input type=\"submit\" value=\"Update\" name=\"update\">
<input type=\"submit\" value=\"Delete User\" name=\"delete\">
</p>
</form>
<form action=usrmod.php3 method=\"post\">
<input type=\"submit\" value=\"Cancel\">
</form>\n";
} else { #when no variable are passed to the form, ask for some
echo "<H1>Please provide a testbed username</h1>";
}
echo "
</body>
</html>
";
?>
<?php
if (!isset($PHP_AUTH_USER)) {
Header("WWW-Authenticate: Basic realm=\"testbed\"");
Header("HTTP/1.0 401 Unauthorized");
die("User authentication is required to view these pages\n");
} else {
addslashes($PHP_AUTH_USER);
$PSWD = crypt("$PHP_AUTH_PW", strlen($PHP_AUTH_USER));
$query = "SELECT * FROM users WHERE uid=\"$PHP_AUTH_USER\" AND usr_pswd=\"$PSWD\" AND trust_level > 0";
$result = mysql_db_query("tbdb", $query);
$valid = mysql_num_rows($result);
$query2 = "SELECT timeout FROM login WHERE uid=\"$PHP_AUTH_USER\"";
$result2 = mysql_db_query("tbdb", $query2);
$n = mysql_num_rows($result2);
$row = mysql_fetch_row($result2);
if (($n == 0) || ($valid == 0) || ($row[0] < time())) {
$cmnd = "DELETE FROM login WHERE uid=\"$PHP_AUTH_USER\"";
mysql_db_query("tbdb", $cmnd);
Header("WWW-Authenticate: Basic realm=\"testbed\"");
Header("HTTP/1.0 401 Unauthorized");
die ("Authorization Failed\n");
}
$timeout = time() + 1800;
$cmnd = "UPDATE login SET timeout=\"$timeout\" where uid=\"$PHP_AUTH_USER\"";
mysql_db_query("tbdb", $cmnd);
}
echo "
<html>
<head>
<title>Users</title>
</head>
<body>
<form action=\"usrmod.php3\" target=\"modify\" method=\"post\">
<table border=\"1\"><tr><th>Select the user to be modified</th></tr>
<tr><td>\n";
$query = "SELECT gid FROM grp_memb where uid=\"$PHP_AUTH_USER\"";
$response = mysql_db_query("tbdb", $query);
$select = "SELECT";
while ($row = mysql_fetch_row($response)) {
$gid = $row[0];
if ($select == "SELECT") {
$select .= " DISTINCT uid FROM grp_memb WHERE gid='$gid'";
} else {
$select .= " OR gid='$gid'";
}
}
$selected = mysql_db_query("tbdb", $select);
if (!$selected) die("Failure in execution of database query</td></tr></table></body></html>");
$n = mysql_num_rows($selected);
if ($n == 1) {
$uid_row = mysql_fetch_row($selected);
echo "<input type='readonly' value='$uid_row[0]' name='uid'>\n";
} else {
echo "<select name='uid'>\n";
while ($uid_row = mysql_fetch_row($selected)) {
echo "<option value='$uid_row[0]'>$uid_row[0]</option>\n";
}
echo "</select>\n";
}
?>
<input type="submit" value="Okay">
</td></tr>
</table>
</form>
</body>
</html>
This diff is collapsed.
<html>
<head>
<title>New Group</title>
<link rel="stylesheet" href="tbstyle.css" type="text/css">
<title>New Group</title>
<link rel="stylesheet" href="tbstyle.css" type="text/css">
</head>
<body>
<H1 align="center">Apply to use the University of Utah's network testbed</h1>
<table align="center" width="80%" border="1">
<tr><td colspan="4">Only fields in bold, red type are required</td></tr>
<?php
$auth_usr = "";
if ( ereg("php3\?([[:alnum:]]+)",$REQUEST_URI,$Vals) ) {
$auth_usr=$Vals[1];
addslashes($auth_usr);
} else {
unset($auth_usr);
}
?>
<table align="center" border="1">
<tr><td colspan="4">
<H1 align="center">Apply to use the Utah&nbsp;Network&nbsp;Testbed</h1>
</td></tr>
<form action=grpadded.php3 method="post">
<tr><th colspan=2>Group Information</th>
<th colspan=2>Group Head Information</th></tr>
<tr><th>Group Name:</th><td><input type="text" name="gid"></td>
<th>Username</th><td>
<?php
if (isset($PHP_AUTH_USER)) {
/* if this person is logged into the database,
fill the user info fields with info from the database */
$uid = addslashes($PHP_AUTH_USER);
$query = "SELECT * FROM users WHERE uid=\"$uid\"";
$result = mysql_db_query("tbdb", $query);
$row = mysql_fetch_array($result);
echo "<input type=\"readonly\" value=\"$row[uid]\" name=\"grp_head_uid\"></td></tr>\n";
<tr><td colspan=2>Group Information</td>
<td colspan=2>Group Head Information</td></tr>
<tr><td>Group Name:</td><td><input type="text" name="gid"></td>
<td>Username:</td><td class="left">
<?php
if (isset($auth_usr)) {
/* if this person is logged into the database,
fill the user info fields with info from the database */
$uid = addslashes($auth_usr);
$query = "SELECT * FROM users WHERE uid=\"$uid\"";
$result = mysql_db_query("tbdb", $query);
$row = mysql_fetch_array($result);
echo "<input type=\"readonly\" value=\"$row[uid]\" name=\"grp_head_uid\"></td></tr>\n";
} else {
echo "<input type=\"text\" name=\"grp_head_uid\"></td></tr>\n";
echo "<input type=\"text\" name=\"grp_head_uid\"></td></tr>\n";
}
echo "<tr><td>Group long name:</td><td><input type=\"text\" name=\"grp_name\"></td>
<th>Full Name:</th><td>";
if (isset($row)) {
echo "<input type=\"readonly\" value=\"$row[usr_name]\"";
} else {
echo "<input type=\"text\"";
}
echo "name=\"usr_name\"></td></tr>
<tr><td>Group URL:</td><td><input type=\"text\" name=\"grp_URL\"></td>
<th>Email Address:</th><td>";
if (isset($row)) {
echo "<input type=\"readonly\" value=\"$row[usr_email]\" ";
} else {
echo "<input type=\"text\" ";
}
echo "name=\"email\"></td></tr>
<tr><th>When do you expect to be done using the testbed?</th>
<td><input type=\"text\" value="; #set a default expiration date
$time = time();
$year = date("Y", $time);
++$year;
$mytime = date("m:d H:i:s", $time);
echo "\"$year:$mytime\"";
echo "name=\"grp_expires\"></td>
<th>Mailing Address:</th><td>";
if (isset($row)) {
echo "<input type=\"readonly\" value=\"$row[usr_addr]\" name=\"usr_addr\">";
} else {
echo "<tr><td>Group long name:</td><td><input type=\"text\" name=\"grp_name\"></td>
<td>Full Name:</td><td class=\"left\">";
if (isset($row)) {
echo "<input type=\"readonly\" value=\"$row[usr_name]\"";
} else {
echo "<input type=\"text\"";
}
echo "name=\"usr_name\"></td></tr>
<tr><td>Group URL:</td><td><input type=\"text\" name=\"grp_URL\"></td>
<td>Email<br>Address:</td><td class=\"left\">";
if (isset($row)) {
echo "<input type=\"readonly\" value=\"$row[usr_email]\" ";
} else {
echo "<input type=\"text\" ";
}
echo "name=\"email\"></td></tr>
<tr><td>When&nbsp;do&nbsp;you<br>expect&nbsp;to&nbsp;be&nbsp;done
<br>using&nbsp;the&nbsp;testbed?</td>
<td><input type=\"text\" value="; #set a default expiration date
$mytime = date("m/d/Y", time() + (86400 * 90)); #add 30 days
echo "\"$mytime\"";
echo "name=\"grp_expires\"></td>
<td>Mailing<br>Address:</td><td class=\"left\">";
if (isset($row)) {
echo "<input type=\"readonly\" value=\"$row[usr_addr]\" name=\"usr_addr\">";
} else {
echo "<input type=\"text\" name=\"usr_addr\">";
}
echo "</td></tr>
<tr><td>Group Affiliation:</td><td><input type=\"text\" name=\"grp_affil\"></td>
<th>Phone #:</th><td><input ";
if (isset($row)) {
echo "type=\"readonly\" value=\"$row[usr_phones]\"";
} else {
echo "type=\"text\"";
}
echo "name=\"usr_phones\"></td></tr>\n";
?>
<tr><th>Password:</th><td><input type="password" name="password1"></td>
<th>Retype Password:</th><td><input type="password" name="password2"></td></tr>
<tr><th colspan="4">Please describe how and why you plan to use the testbed</th></tr>
<tr><td colspan="4" align="center"><textarea name="why" rows="10" cols="70"></textarea></td></tr>
<tr><th colspan="4" align="center"><input type="submit" value="Submit"></th></tr>
</form>
}
echo "</td></tr>
<tr><td>Group Affiliation:</td><td><input type=\"text\" name=\"grp_affil\"></td>
<td>Phone #:</td><td class=\"left\"><input ";
if (isset($row)) {
echo "type=\"readonly\" value=\"$row[usr_phone]\"";
} else {
echo "type=\"text\"";
}
echo "name=\"usr_phones\"></td></tr>\n";
?>
<tr><td>Password:</td><td><input type="password" name="password1"></td>
<td>Retype<br>Password:</td><td><input
<?php
if (isset($row)) {
echo "type=\"hidden\" value=\"$row[usr_pswd]\"";
} else {
echo "type=\"password\"";
}
?>
name="password2">&nbsp;</td></tr>
<tr><td colspan="4">Please describe how and why you plan
to use the Testbed</td></tr>
<tr><td colspan="4" class="left"><textarea name="why"
rows="10" cols="62"></textarea></td></tr>
<tr><td colspan="4" align="center"><input type="submit"
value="Submit"></td></tr>
</form>
</table>
</body>
</html>
......
<?php
if (!isset($PHP_AUTH_USER)) {
Header("WWW-Authenticate: Basic realm=\"Testbed\"");
Header("HTTP/1.0 401 Unauthorized");
echo "User authentication is required to view these pages\n";
exit;
} else {
addslashes($PHP_AUTH_USER);
$PSWD = crypt("$PHP_AUTH_PW", strlen($PHP_AUTH_USER));
$query = "SELECT * FROM users WHERE uid=\"$PHP_AUTH_USER\" AND usr_pswd=\"$PSWD\" AND trust_level > 0";
$result = mysql_db_query("tbdb", $query);
$numusers = mysql_num_rows($result);
$query2 = "SELECT timeout FROM login WHERE uid=\"$PHP_AUTH_USER\"";
$result2 = mysql_db_query("tbdb", $query2);
$n = mysql_num_rows($result2);
if (($n == 0) && ($numusers != 0)) {
$cmnd = "INSERT INTO login VALUES ('$PHP_AUTH_USER', '0')";
mysql_db_query("tbdb", $cmnd);
} else {
$row = mysql_fetch_row($result2);
if (($numusers == 0) || ($row[0] < time())) {
$cmnd = "DELETE FROM login WHERE uid=\"$PHP_AUTH_USER\"";
mysql_db_query("tbdb", $cmnd);
Header("WWW-Authenticate: Basic realm=\"Testbed\"");
Header("HTTP/1.0 401 Unauthorized");
die ("Authorization Failed\n");
}
}
$timeout = time() + 1800;
$cmnd = "UPDATE login SET timeout=\"$timeout\" where uid=\"$PHP_AUTH_USER\"";
mysql_db_query("tbdb", $cmnd);
}
echo "
<html>
<head>
<title>New User</title>
<link rel=\"stylesheet\" href=\"tbstyle.css\" type=\"text/css\">
<link rel="stylesheet" href="tbstyle.css" type="text/css">
</head>
<body>
<H1>Add a new user to the testbed database</h1>\n";
$utime = time();
$year = date("Y", $utime);
++$year;
$time = date("m:d H:i:s", $utime);
echo "<table align=\"center\" border=\"1\">
<tr><td colspan=\"4\">Only fields in bold, red type are required</td></tr>
<form enctype=\"multipart/form-data\" action=\"added.php3\" method=\"post\">
<tr><th>Username:</th><td><input type=\"text\" name=\"uid\"></td>
<td>Expiration date:</td><td><input type=\"text\" name=\"usr_expires\" value=\"$year:$time\"></td></tr>
<tr><th>email:</th><td><input type=\"text\" name=\"usr_email\"></td>
<td>Mailing Address:</td><td><input type\"text\" name=\"usr_addr\"></td></tr>
<tr><th>Full Name:</th><td><input type=\"text\" name=\"usr_name\"></td>
<td>Phone #:</td><td><input type=\"text\" name=\"usr_phones\"></td></tr>
<tr><th>Password:</th><td><input type=\"password\" name=\"pswd\"></td>
<td rowspan=\"3\" colspan=\"2\">Or enter the name of a file containing a list of users to be added. Users should be separated by a newline. Each field of information should be separated by a tab. The second field should be \"now\". Each of these users will be given the password specified in the form above and assigned to the specified group.</td></tr>
<tr><th>Retype Password:</th><td><input type=\"password\" name=\"pswd2\"></td></tr>
<tr><th>Group:</th><th>\n";
$query = "SELECT gid FROM grp_memb WHERE uid=\"$PHP_AUTH_USER\"";
$result = mysql_db_query("tbdb", $query);
$n = mysql_num_rows($result);
if ($n == 1) { # if only one option make a readonly field
$row = mysql_fetch_row($result);
echo "<input type=\"readonly\" value=\"$row[0]\" name=\"grp\"></th></tr>\n";
} elseif ($n > 1) { # if more than one option make a select button
echo "<select name=\"grp\">\n";
while ($row = mysql_fetch_row($result)) {
$gid = $row[0];
echo "<option value=$gid>$gid</option>\n";
}
echo "</select></th></tr>\n";
} else { # if no options say this
echo "You don't seem to belong to any group. This may be a problem.</th></tr>\n";
}
<?php
$uid = "";
if ( ereg("php3\?([[:alnum:]]+)",$REQUEST_URI,$Vals) ) {
$uid=$Vals[1];
addslashes($uid);
} else {
unset($uid);
}
echo "<h1>Apply for Group Membership</h1>\n";
echo "<table align=\"center\" border=\"1\">\n";
echo "<tr><td align='center' colspan=\"4\">\n";
echo "Only fields in bold, red type are required</td></tr>\n";
if (isset($uid)) {
echo "<form action=\"added.php3?$uid\" method=\"post\">\n";
echo "<input type=\"hidden\" name=\"logged_in\" value=\"true\">";
echo "<tr><td>Username:</td><td class=\"left\">";
echo "<input type=\"readonly\" name=\"uid\" value=\"$uid\"></td>";
$query = mysql_db_query("tbdb","select usr_expires,usr_email,usr_addr,usr_name,usr_phone,usr_pswd from users where uid='$uid'");
$row = mysql_fetch_row($query);
echo "<td>Expiration date:</td>";
echo "<td class=\"left\"><input type=\"readonly\" name=\"usr_expires\" ";
echo "value=\"$row[0]\"</td></tr>\n";
echo "<tr><td>email:</td><td class=\"left\"><input type=\"readonly\" ";
echo "name=\"usr_email\" value=\"$row[1]\"></td>";
echo "<td>Mailing Address:</td><td class=\"left\">";
echo "<input type=\"readonly\" name=\"usr_addr\" ";
echo "value=\"$row[2]\"></td></tr>";
echo "<tr><td>Full Name:</td><td class=\"left\">";
echo "<input type=\"readonly\" name=\"usr_name\" ";
echo "value=\"$row[3]\"></td>";
echo "<td>Phone #:</td><td class=\"left\">";
echo "<input type=\"readonly\" name=\"usr_phone\" ";
echo "value=\"$row[4]\"></td></tr>";
echo "<tr><td>Password:</td><td>";
echo "<input type=\"password\" name=\"pswd\"></td>";
echo "<td>Retype Password:</td><td>";
echo "<input type=\"hidden\" name=\"pswd2\" ";
echo "value=\"$row[5]\">&nbsp;</td></tr>";
} else {
echo "<form action=\"added.php3\" method=\"post\">\n";
echo "<tr><td>Username:</td><td><input type=\"text\" name=\"uid\"></td>";
echo "<td>Expiration date:</td>";
echo "<td><input type=\"text\" name=\"usr_expires\"";
$time = date("m/d/Y", time() + (86400 * 90)); #add 90 days
echo "value=\"$time\"></td></tr>\n";
echo "<tr><td>email:</td><td><input type=\"text\" name=\"usr_email\"></td>";
echo "<td>Mailing Address:</td><td>";
echo "<input type\"text\" name=\"usr_addr\"></td></tr>";
echo "<tr><td>Full Name:</td><td>";
echo "<input type=\"text\" name=\"usr_name\"></td>";
echo "<td>Phone #:</td><td>";
echo "<input type=\"text\" name=\"usr_phone\"></td></tr>";
echo "<tr><td>Password:</td><td>";
echo "<input type=\"password\" name=\"pswd\"></td>";
echo "<td>Retype Password:</td><td>";
echo "<input type=\"password\" name=\"pswd2\"></td></tr>";
}
echo "<tr><td>Group:</td><td><b>";
$query = "SELECT gid FROM groups";
$result = mysql_db_query("tbdb", $query);
$n = mysql_num_rows($result);
if ($n == 1) { # if only one option make a readonly field
$row = mysql_fetch_row($result);
echo "<input type=\"readonly\" value=\"$row[0]\" name=\"grp\"></td>\n";
} elseif ($n > 1) { # if more than one option make a select button
echo "<select name=\"grp\">\n";
while ($row = mysql_fetch_row($result)) {
$gid = $row[0];
echo "<option value=$gid>$gid</option>\n";
}
echo "</select></td>\n";
} else { # if no options say this
echo "There don't seem to be any groups in the database</td>\n";
}
?>
<tr><th colspan="2" align="center"><input type="submit" value="Submit"></th>
<td>Filename:</td><td><input type="file" name="filename"></td></tr>
<td colspan="2" align="center">
<b><input type="submit" value="Submit"></b></td></tr>
</form>
</table>
</body>
</html>
......
<html>
<head>
<title>New User Approval</title>
<link rel='stylesheet' href='tbstyle.css' type='text/css'>
</head>
<body>
<?php
if (!isset($PHP_AUTH_USER) || !empty($HTTP_GET_VARS)) {
Header("WWW-Authenticate: Basic realm=\"Testbed\"");
Header("HTTP/1.0 401 Unauthorized");
echo "User authentication is required to view these pages\n";
exit;
} else {
$USER = addslashes($PHP_AUTH_USER);
$PSWD = crypt("$PHP_AUTH_PW", strlen($USER));
$query = "SELECT * FROM users WHERE uid=\"$USER\" AND usr_pswd=\"$PSWD\" AND trust_level > 1";
$auth_usr = "";
if ( ereg("php3\?([[:alnum:]]+)",$REQUEST_URI,$Vals) ) {
$auth_usr=$Vals[1];
addslashes($auth_usr);
$query = "SELECT timeout FROM login WHERE uid=\"$auth_usr\"";
$result = mysql_db_query("tbdb", $query);
$numusers = mysql_num_rows($result);
$query2 = "SELECT timeout FROM login WHERE uid=\"$USER\"";
$result2 = mysql_db_query("tbdb", $query2);
$n = mysql_num_rows($result2);
$row = mysql_fetch_row($result2);
if (($n == 0) && ($numusers != 0)) {
$cmnd = "INSERT INTO login VALUES ('$USER', '0')";
mysql_db_query("tbdb", $cmnd);
} elseif (($numusers == 0) || ($row[0] < time())) {
$cmnd = "DELETE FROM login WHERE uid=\"$USER\"";
mysql_db_query("tbdb", $cmnd);
Header("WWW-Authenticate: Basic realm=\"Testbed\"");
Header("HTTP/1.0 401 Unauthorized");