joinproject.php3 27 KB
Newer Older
1
<?php
Leigh B. Stoller's avatar
Leigh B. Stoller committed
2 3
#
# EMULAB-COPYRIGHT
4
# Copyright (c) 2000-2008 University of Utah and the Flux Group.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
5 6
# All rights reserved.
#
7 8
include("defs.php3");

9 10 11 12 13 14 15 16 17 18
#
# This is a hack to support wikiregister.php3 - normally, this variable would
# be cleared by OptionalPageArguments()
#
if (isset($forwikionly) && $forwikionly == True) {
    $old_forwikionly = True;
} else {
    $old_forwikionly = False;
}

19 20
#
# No PAGEHEADER since we spit out a Location header later. See below.
21
#
22 23 24

#
# Get current user.
25 26
#
$this_user = CheckLogin($check_status);
27

28 29 30 31 32 33 34 35 36 37
#
# Verify page arguments.
#
$optargs = OptionalPageArguments("submit",       PAGEARG_STRING,
				 "forwikionly",  PAGEARG_BOOLEAN,
				 "finished",     PAGEARG_BOOLEAN,
				 "target_pid",   PAGEARG_STRING,
				 "target_gid",   PAGEARG_STRING,
				 "formfields",   PAGEARG_ARRAY);

38 39
#
# If a uid came in, then we check to see if the login is valid.
40
# We require that the user be logged in to start a second project.
41
#
42
if ($this_user) {
43 44
    # Allow unapproved users to join multiple groups ...
    # Must be verified though.
45 46 47
    CheckLoginOrDie(CHECKLOGIN_UNAPPROVED|
		    CHECKLOGIN_WEBONLY|CHECKLOGIN_WIKIONLY);
    $joining_uid = $this_user->uid();
48 49 50 51 52 53 54 55 56
    $returning = 1;
}
else {
    #
    # No uid, so must be new.
    #
    $returning = 0;
}

57 58 59
if ($old_forwikionly == True) {
    $forwikionly = True;
}
60
if (!isset($forwikionly)) {
61
    $forwikionly = False;
62
}
63
unset($addpubkeyargs);
64

Leigh B. Stoller's avatar
Leigh B. Stoller committed
65 66 67 68
$ACCOUNTWARNING =
    "Before continuing, please make sure your username " .
    "reflects your normal login name. ".
    "Emulab accounts are not to be shared amongst users!";
69

Leigh B. Stoller's avatar
Leigh B. Stoller committed
70 71 72
$EMAILWARNING =
    "Before continuing, please make sure the email address you have ".
    "provided is current and non-pseudonymic. Redirections and anonymous ".
73 74
    "email addresses are not allowed.";

75 76 77 78 79 80
#
# Spit the form out using the array of data. 
# 
function SPITFORM($formfields, $returning, $errors)
{
    global $TBDB_UIDLEN, $TBDB_PIDLEN, $TBDB_GIDLEN;
81
    global $ACCOUNTWARNING, $EMAILWARNING;
82
    global $WIKISUPPORT, $forwikionly, $WIKIHOME, $USERSELECTUIDS;
83 84 85 86 87

    if ($forwikionly)
	PAGEHEADER("Wiki Registration");
    else
	PAGEHEADER("Apply for Project Membership");
88

89
    if (! $returning) {
90 91 92 93 94 95 96
	echo "<center>\n";

	if ($forwikionly) {
	    echo "<font size=+2>Register for an Emulab Wiki account</font>
                  <br><br>\n";
	}
        echo "<font size=+1>
97 98 99
               If you already have an Emulab account,
               <a href=login.php3?refer=1>
               <font color=red>please log on first!</font></a>
100 101 102 103 104 105 106 107
              </font>\n";
	if ($forwikionly) {
	    echo "<br>(You will already have a wiki account)\n";
	}
	echo "</center><br>\n";	
    }
    elseif ($forwikionly) {
	USERERROR("You already have a Wiki account!", 1);
108 109
    }

110
    if ($errors) {
Chad Barb's avatar
 
Chad Barb committed
111 112
	echo "<table class=nogrid
                     align=center border=0 cellpadding=6 cellspacing=0>
113
              <tr>
Chad Barb's avatar
 
Chad Barb committed
114
                 <th align=center colspan=2>
115
                   <font size=+1 color=red>
Chad Barb's avatar
 
Chad Barb committed
116
                      &nbsp;Oops, please fix the following errors!&nbsp;
117 118 119 120 121 122
                   </font>
                 </td>
              </tr>\n";

	while (list ($name, $message) = each ($errors)) {
	    echo "<tr>
Chad Barb's avatar
 
Chad Barb committed
123 124 125 126
                     <td align=right>
                       <font color=red>$name:&nbsp;</font></td>
                     <td align=left>
                       <font color=red>$message</font></td>
127 128 129 130
                  </tr>\n";
	}
	echo "</table><br>\n";
    }
131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158
    echo "<SCRIPT LANGUAGE=JavaScript>
              function SetWikiName(theform) 
              {
	          var validchars = 'abcdefghijklmnopqrstuvwxyz0123456789';
                  var usrname    = theform['formfields[usr_name]'].value;
                  var wikiname   = '';
                  var docap      = 1;

		  for (var i = 0; i < usrname.length; i++) {
                      var letter = usrname.charAt(i).toLowerCase();

                      if (validchars.indexOf(letter) == -1) {
                          if (letter == ' ') {
                              docap = 1;
                          }
                          continue;
                      }
                      else {
                          if (docap == 1) {
                              letter = usrname.charAt(i).toUpperCase()
                              docap  = 0;
                          }
                          wikiname = wikiname + letter;
                      }
                  }
                  theform['formfields[wikiname]'].value = wikiname;
              }
          </SCRIPT>\n";
159 160 161

    echo "<table align=center border=1> 
          <tr>
162
            <td align=center colspan=3>
Chad Barb's avatar
 
Chad Barb committed
163
                Fields marked with * are required.
164 165 166
            </td>
          </tr>\n

167 168 169 170
          <form name=myform enctype=multipart/form-data
                action=" . ($forwikionly ?
			    "wikiregister.php3" : "joinproject.php3") . " " .
	        "method=post>\n";
171 172

    if (! $returning) {
173 174 175 176 177 178 179 180 181 182 183 184
	if ($USERSELECTUIDS) {
            #
            # UID.
            #
	    echo "<tr>
                      <td colspan=2>*<a
                             href='docwrapper.php3?docname=security.html'
                             target=_blank>Username</a>
                                (alphanumeric, lowercase):</td>
                      <td class=left>
                          <input type=text
                                 name=\"formfields[joining_uid]\"
185
                                 value=\"" . $formfields["joining_uid"] . "\"
186 187 188 189 190 191
	                         size=$TBDB_UIDLEN
                                 onchange=\"alert('$ACCOUNTWARNING')\"
	                         maxlength=$TBDB_UIDLEN>
                      </td>
                  </tr>\n";
	}
192 193 194 195 196

	#
	# Full Name
	#
        echo "<tr>
197
                  <td colspan=2>*Full Name (first and last):</td>
198 199 200
                  <td class=left>
                      <input type=text
                             name=\"formfields[usr_name]\"
201
                             onchange=\"SetWikiName(myform);\"
202
                             value=\"" . $formfields["usr_name"] . "\"
203 204 205 206 207
	                     size=30>
                  </td>
              </tr>\n";

	#
208
	# WikiName
209
	#
210 211
	if ($WIKISUPPORT) {
	    echo "<tr>
212 213
                      <td colspan=2>*<a
                            href=${WIKIHOME}/bin/view/TWiki/WikiName
214 215 216
                            target=_blank>WikiName</a>:<td class=left>
                          <input type=text
                                 name=\"formfields[wikiname]\"
217
                                 value=\"" . $formfields["wikiname"] . "\"
218 219 220 221 222 223 224 225 226 227
	                         size=30>
                      </td>
                  </tr>\n";
	}

	if (! $forwikionly) {
            #
            # Title/Position:
	    #
	    echo "<tr>
228
                      <td colspan=2>*Job Title/Position:</td>
229 230 231
                      <td class=left>
                          <input type=text
                                 name=\"formfields[usr_title]\"
232
                                 value=\"" . $formfields["usr_title"] . "\"
233 234 235 236 237 238 239 240
  	                         size=30>
                      </td>
                  </tr>\n";

            #
            # Affiliation:
            # 
	    echo "<tr>
241
                      <td colspan=2>*Institutional Affiliation:</td>
242
                      <td class=left>
243 244 245 246
			<table>
                          <tr>
                          <td>Name</td>
                          <td><input type=text
247
                                 name=\"formfields[usr_affil]\"
248
                                 value=\"" . $formfields["usr_affil"] . "\"
249 250 251 252 253 254 255 256 257
	                         size=40></td></tr>
			  <tr>
                          <td>Abbreviation:</td>
                          <td><input type=text
                                 name=\"formfields[usr_affil_abbrev]\"
                                 value=\"" . $formfields["usr_affil_abbrev"] . "\"
	                         size=16 maxlength=16> (e.g. MIT)</td>
			  </tr>
        		</table>
258 259 260 261 262 263
                      </td>
                  </tr>\n";

	    #
	    # User URL
	    #
264
	    echo "<tr>
265 266 267 268
                      <td colspan=2>Home Page URL:</td>
                      <td class=left>
                          <input type=text
                                 name=\"formfields[usr_URL]\"
269
                                 value=\"" . $formfields["usr_URL"] . "\"
270 271 272 273
	                         size=45>
                      </td>
                  </tr>\n";
	}
274 275 276 277 278

	#
	# Email:
	#
	echo "<tr>
279
                  <td colspan=2>*Email Address[<b>1</b>]:</td>
280 281 282
                  <td class=left>
                      <input type=text
                             name=\"formfields[usr_email]\"
283
                             value=\"" . $formfields["usr_email"] . "\"
284
                             onchange=\"alert('$EMAILWARNING')\"
285 286 287 288
	                     size=30>
                  </td>
              </tr>\n";

289 290 291 292 293 294 295 296 297
	if (! $forwikionly) {
	    #
	    # Postal Address
	    #
	    echo "<tr><td colspan=3>*Postal Address:<br /><center>
		    <table>
		      <tr><td>Line 1</td><td colspan=3>
                        <input type=text
                               name=\"formfields[usr_addr]\"
298
                               value=\"" . $formfields["usr_addr"] . "\"
299 300 301 302
	                       size=45></td></tr>
		      <tr><td>Line 2</td><td colspan=3>
                        <input type=text
                               name=\"formfields[usr_addr2]\"
303
                               value=\"" . $formfields["usr_addr2"] . "\"
304 305 306 307
	                       size=45></td></tr>
		      <tr><td>City</td><td>
                        <input type=text
                               name=\"formfields[usr_city]\"
308
                               value=\"" . $formfields["usr_city"] . "\"
309 310 311 312
	                       size=25></td>
		          <td>State/Province</td><td>
                        <input type=text
                               name=\"formfields[usr_state]\"
313
                               value=\"" . $formfields["usr_state"] . "\"
314 315 316 317
	                       size=2></td></tr>
		      <tr><td>ZIP/Postal Code</td><td>
                        <input type=text
                               name=\"formfields[usr_zip]\"
318
                               value=\"" . $formfields["usr_zip"] . "\"
319 320 321 322
	                       size=10></td>
		          <td>Country</td><td>
                        <input type=text
                               name=\"formfields[usr_country]\"
323
                               value=\"" . $formfields["usr_country"] . "\"
324 325 326 327 328 329 330 331 332 333 334
	                       size=15></td></tr>
                   </table></center></td></tr>";

	    #
	    # Phone
	    #
	    echo "<tr>
                      <td colspan=2>*Phone #:</td>
                      <td class=left>
                          <input type=text
                                 name=\"formfields[usr_phone]\"
335
                                 value=\"" . $formfields["usr_phone"] . "\"
336 337 338
	                         size=15>
                      </td>
                  </tr>\n";
339

340 341 342 343
	    #
	    # SSH public key
	    #
	    echo "<tr>
344 345 346 347
                     <td colspan=2>Upload your SSH Pub Key[<b>2</b>]:<br>
                                       (1K max)</td>
   
                     <td>
348 349
                          <input type=hidden name=MAX_FILE_SIZE value=1024>
                          <input type=file
350 351 352 353 354 355
                                 size=50
                                 name=usr_keyfile ";
	    if (isset($_FILES['usr_keyfile'])) {
		echo "        value=\"" .
		    $_FILES['usr_keyfile']['name'] . "\"";
	    }
Russ Fish's avatar
Russ Fish committed
356
	    echo         "> </td>
357 358
                  </tr>\n";
	}
359

360 361 362 363 364
	#
	# Password. Note that we do not resend the password. User
	# must retype on error.
	#
	echo "<tr>
365
                  <td colspan=2>*Password[<b>1</b>]:</td>
366 367 368
                  <td class=left>
                      <input type=password
                             name=\"formfields[password1]\"
369
                             value=\"" . $formfields["password1"] . "\"
370 371 372 373
                             size=8></td>
              </tr>\n";

        echo "<tr>
374
                  <td colspan=2>*Retype Password:</td>
375 376 377
                  <td class=left>
                      <input type=password
                             name=\"formfields[password2]\"
378
                             value=\"" . $formfields["password2"] . "\"
379 380 381 382
                             size=8></td>
             </tr>\n";
    }

383 384 385 386 387 388 389 390 391
    if (! $forwikionly) {
        #
        # Project Name:
        #
	echo "<tr>
                  <td colspan=2>*Project Name:</td>
                  <td class=left>
                      <input type=text
                             name=\"formfields[pid]\"
392
                             value=\"" . $formfields["pid"] . "\"
393 394 395
	                     size=$TBDB_PIDLEN maxlength=$TBDB_PIDLEN>
                  </td>
              </tr>\n";
396

397 398 399 400 401 402 403 404 405
        #
        # Group Name:
        #
	echo "<tr>
                  <td colspan=2>Group Name:<br>
                  (Leave blank unless you <em>know</em> the group name)</td>
                  <td class=left>
                      <input type=text
                             name=\"formfields[gid]\"
406
                             value=\"" . $formfields["gid"] . "\"
407 408 409 410
	                     size=$TBDB_GIDLEN maxlength=$TBDB_GIDLEN>
                  </td>
              </tr>\n";
    }
411 412

    echo "<tr>
413
              <td colspan=3 align=center>
414 415 416 417 418 419 420 421 422 423
                 <b><input type=submit name=submit value=Submit></b>
              </td>
          </tr>\n";

    echo "</form>
          </table>\n";

    echo "<h4><blockquote><blockquote>
          <ol>
            <li> Please consult our
424
                 <a href = 'docwrapper.php3?docname=security.html' target='_blank'>
425
                 security policies</a> for information
426
                 regarding passwords and email addresses.\n";
427
    if (!$returning && !$forwikionly) {
428
	echo "<li> If you want us to use your existing ssh public key,
429
                   then please specify the path to your
430
                   your identity.pub file.  <font color=red>NOTE:</font>
431
                   We use the <a href=http://www.openssh.org target='_blank'>OpenSSH</a>
Leigh B. Stoller's avatar
Leigh B. Stoller committed
432
                   key format,
433 434
                   which has a slightly different protocol 2 public key format
                   than some of the commercial vendors such as
435
                   <a href=http://www.ssh.com target='_blank'>SSH Communications</a>. If you
436
                   use one of these commercial vendors, then please
437 438
                   upload the public key file and we will convert it
                   for you.";
439 440
    }
    echo "</ol>
441 442 443 444 445 446 447
          </blockquote></blockquote>
          </h4>\n";
}

#
# The conclusion of a join request. See below.
# 
448
if (isset($finished)) {
449 450 451 452
    if ($forwikionly) 
	PAGEHEADER("Wiki Registration");
    else
	PAGEHEADER("Apply for Project Membership");
453 454 455 456

    #
    # Generate some warm fuzzies.
    #
457 458 459 460 461 462 463
    if ($forwikionly) {
	echo "An email message has been sent to your account so we may verify
              your email address. Please follow the instructions contained in
              that message, which will verify your account, and grant you
              access to the Wiki.\n";
    }
    elseif (! $returning) {
464 465
	echo "<p>
              As a pending user of the Testbed you will receive a key via email.
466
              When you receive the message, please follow the instructions
467 468 469 470 471
              contained in the message, which will verify your identity.
	      <br>
	      <p>
	      When you have done that, the project leader will be
	      notified of your application. ";
472 473
    }
    else {
474 475
          echo "<p>
	  	The project leader has been notified of your application. ";
476 477
    }

478 479 480 481
    echo "He/She will make a decision and either approve or deny your
          application, and you will be notified via email as soon as
	  that happens.\n";

482 483 484 485 486 487 488
    PAGEFOOTER();
    return;
}

#
# On first load, display a virgin form and exit.
#
489
if (! isset($submit)) {
490
    $defaults = array();
491 492 493 494 495 496 497 498 499 500 501 502 503 504
    $defaults["pid"]         = "";
    $defaults["gid"]         = "";
    $defaults["joining_uid"] = "";
    $defaults["usr_name"]    = "";
    $defaults["usr_email"]   = "";
    $defaults["usr_addr"]    = "";
    $defaults["usr_addr2"]   = "";
    $defaults["usr_city"]    = "";
    $defaults["usr_state"]   = "";
    $defaults["usr_zip"]     = "";
    $defaults["usr_country"] = "";
    $defaults["usr_phone"]   = "";
    $defaults["usr_title"]   = "";
    $defaults["usr_affil"]   = "";
505
    $defaults["usr_affil_abbrev"] = "";
506 507 508 509 510
    $defaults["password1"]   = "";
    $defaults["password2"]   = "";
    $defaults["wikiname"]    = "";
    $defaults["usr_URL"]     = "$HTTPTAG";
    $defaults["usr_country"] = "USA";
511 512 513 514 515

    #
    # These two allow presetting the pid/gid.
    # 
    if (isset($target_pid) && strcmp($target_pid, "")) {
516
	$defaults["pid"] = $target_pid;
517 518
    }
    if (isset($target_gid) && strcmp($target_gid, "")) {
519
	$defaults["gid"] = $target_gid;
520
    }
521 522 523 524 525
    
    SPITFORM($defaults, $returning, 0);
    PAGEFOOTER();
    return;
}
526 527 528
# Form submitted. Make sure we have a formfields array.
if (!isset($formfields)) {
    PAGEARGERROR("Invalid form arguments.");
529
}
530 531 532 533 534 535 536 537 538 539

#
# Otherwise, must validate and redisplay if errors
#
$errors = array();

#
# These fields are required!
#
if (! $returning) {
540
    if ($USERSELECTUIDS) {
541 542
	if (!isset($formfields["joining_uid"]) ||
	    strcmp($formfields["joining_uid"], "") == 0) {
543 544
	    $errors["Username"] = "Missing Field";
	}
545
	elseif (!TBvalid_uid($formfields["joining_uid"])) {
546 547
	    $errors["UserName"] = TBFieldErrorString();
	}
548 549
	elseif (User::Lookup($formfields["joining_uid"]) ||
		posix_getpwnam($formfields["joining_uid"])) {
550 551
	    $errors["UserName"] = "Already in use. Pick another";
	}
552
    }
553 554
    if (!isset($formfields["usr_name"]) ||
	strcmp($formfields["usr_name"], "") == 0) {
555 556
	$errors["Full Name"] = "Missing Field";
    }
557
    elseif (! TBvalid_usrname($formfields["usr_name"])) {
558
	$errors["Full Name"] = TBFieldErrorString();
559
    }
560
    # Make sure user name has at least two tokens!
561
    $tokens = preg_split("/[\s]+/", $formfields["usr_name"],
562 563 564 565
			 -1, PREG_SPLIT_NO_EMPTY);
    if (count($tokens) < 2) {
	$errors["Full Name"] = "Please provide a first and last name";
    }
566
    if ($WIKISUPPORT) {
567 568
	if (!isset($formfields["wikiname"]) ||
	    strcmp($formfields["wikiname"], "") == 0) {
569 570
	    $errors["WikiName"] = "Missing Field";
	}
571
	elseif (! TBvalid_wikiname($formfields["wikiname"])) {
572 573
	    $errors["WikiName"] = TBFieldErrorString();
	}
574
	elseif (User::LookupByWikiName($formfields["wikiname"])) {
575 576
	    $errors["WikiName"] = "Already in use. Pick another";
	}
577
    }
578
    if (!$forwikionly) {
579 580
	if (!isset($formfields["usr_title"]) ||
	    strcmp($formfields["usr_title"], "") == 0) {
581
	    $errors["Job Title/Position"] = "Missing Field";
582
	}
583
	elseif (! TBvalid_title($formfields["usr_title"])) {
584
	    $errors["Job Title/Position"] = TBFieldErrorString();
585
	}
586 587
	if (!isset($formfields["usr_affil"]) ||
	    strcmp($formfields["usr_affil"], "") == 0) {
588
	    $errors["Affiliation Name"] = "Missing Field";
589
	}
590
	elseif (! TBvalid_affiliation($formfields["usr_affil"])) {
591 592 593 594 595 596
	    $errors["Affiliation Name"] = TBFieldErrorString();
	}
	if (!isset($formfields["usr_affil_abbrev"]) ||
	    strcmp($formfields["usr_affil_abbrev"], "") == 0) {
	    $errors["Affiliation Abbreviation"] = "Missing Field";
	}
Kevin Atkinson's avatar
Kevin Atkinson committed
597
	elseif (! TBvalid_affiliation_abbreviation($formfields["usr_affil_abbrev"])) {
598
	    $errors["Affiliation Name"] = TBFieldErrorString();
599 600
	}
    }	
601 602
    if (!isset($formfields["usr_email"]) ||
	strcmp($formfields["usr_email"], "") == 0) {
603 604
	$errors["Email Address"] = "Missing Field";
    }
605
    elseif (! TBvalid_email($formfields["usr_email"])) {
606
	$errors["Email Address"] = TBFieldErrorString();
607
    }
608
    elseif (User::LookupByEmail($formfields["usr_email"])) {
609 610
	$errors["Email Address"] =
	    "Already in use. <b>Did you forget to login?</b>";
611
    }
612
    if (! $forwikionly) {
613 614 615 616
	if (isset($formfields["usr_URL"]) &&
	    strcmp($formfields["usr_URL"], "") &&
	    strcmp($formfields["usr_URL"], $HTTPTAG) &&
	    ! CHECKURL($formfields["usr_URL"], $urlerror)) {
617 618
	    $errors["Home Page URL"] = $urlerror;
	}
619 620
	if (!isset($formfields["usr_addr"]) ||
	    strcmp($formfields["usr_addr"], "") == 0) {
621 622
	    $errors["Address 1"] = "Missing Field";
	}
623
	elseif (! TBvalid_addr($formfields["usr_addr"])) {
624 625 626
	    $errors["Address 1"] = TBFieldErrorString();
	}
        # Optional
627 628
	if (isset($formfields["usr_addr2"]) &&
	    !TBvalid_addr($formfields["usr_addr2"])) {
629 630
	    $errors["Address 2"] = TBFieldErrorString();
	}
631 632
	if (!isset($formfields["usr_city"]) ||
	    strcmp($formfields["usr_city"], "") == 0) {
633 634
	    $errors["City"] = "Missing Field";
	}
635
	elseif (! TBvalid_city($formfields["usr_city"])) {
636 637
	    $errors["City"] = TBFieldErrorString();
	}
638 639
	if (!isset($formfields["usr_state"]) ||
	    strcmp($formfields["usr_state"], "") == 0) {
640 641
	    $errors["State"] = "Missing Field";
	}
642
	elseif (! TBvalid_state($formfields["usr_state"])) {
643 644
	    $errors["State"] = TBFieldErrorString();
	}
645 646
	if (!isset($formfields["usr_zip"]) ||
	    strcmp($formfields["usr_zip"], "") == 0) {
647 648
	    $errors["ZIP/Postal Code"] = "Missing Field";
	}
649
	elseif (! TBvalid_zip($formfields["usr_zip"])) {
650 651
	    $errors["Zip/Postal Code"] = TBFieldErrorString();
	}
652 653
	if (!isset($formfields["usr_country"]) ||
	    strcmp($formfields["usr_country"], "") == 0) {
654 655
	    $errors["Country"] = "Missing Field";
	}
656
	elseif (! TBvalid_country($formfields["usr_country"])) {
657 658
	    $errors["Country"] = TBFieldErrorString();
	}
659 660
	if (!isset($formfields["usr_phone"]) ||
	    strcmp($formfields["usr_phone"], "") == 0) {
661 662
	    $errors["Phone #"] = "Missing Field";
	}
663
	elseif (!TBvalid_phone($formfields["usr_phone"])) {
664 665
	    $errors["Phone #"] = TBFieldErrorString();
	}
666
    }
667 668
    if (!isset($formfields["password1"]) ||
	strcmp($formfields["password1"], "") == 0) {
669 670
	$errors["Password"] = "Missing Field";
    }
671 672
    if (!isset($formfields["password2"]) ||
	strcmp($formfields["password2"], "") == 0) {
673 674
	$errors["Confirm Password"] = "Missing Field";
    }
675
    elseif (strcmp($formfields["password1"], $formfields["password2"])) {
676 677
	$errors["Confirm Password"] = "Does not match Password";
    }
678
    elseif (! CHECKPASSWORD(($USERSELECTUIDS ?
679 680 681 682
			     $formfields["joining_uid"] : "ignored"),
			    $formfields["password1"],
			    $formfields["usr_name"],
			    $formfields["usr_email"], $checkerror)) {
683 684 685
	$errors["Password"] = "$checkerror";
    }
}
686
if (!$forwikionly) {
687
    if (!isset($formfields["pid"]) || $formfields["pid"] == "") {
688 689 690 691
	$errors["Project Name"] = "Missing Field";
    }
    else {
        # Confirm pid/gid early to avoid spamming the page.
692
	$pid = $formfields["pid"];
693

694 695
	if (isset($formfields["gid"]) && $formfields["gid"] != "") {
	    $gid = $formfields["gid"];
696 697 698 699 700
	}
	else {
	    $gid = $pid;
	}

701
	if (!TBvalid_pid($pid) || !Project::Lookup($pid)) {
702 703
	    $errors["Project Name"] = "Invalid Project Name";
	}
704
	elseif (!TBvalid_gid($gid) || !Group::LookupByPidGid($pid, $gid)) {
705 706 707
	    $errors["Group Name"] = "Invalid Group Name";
	}
    }
708 709
}

710
# Present these errors before we call out to do pubkey stuff; saves work.
711 712 713 714 715 716
if (count($errors)) {
    SPITFORM($formfields, $returning, $errors);
    PAGEFOOTER();
    return;
}

717 718 719
#
# Need the user, project and group objects for the rest of this.
#
720
if (!$forwikionly) {
721
    if (! ($project = Project::Lookup($pid))) {
722
	TBERROR("Could not lookup object for $pid!", 1);
723
    }
724 725
    if (! ($group = Group::LookupByPidGid($pid, $gid))) {
	TBERROR("Could not lookup object for $pid/$gid!", 1);
726
    }
727
    if ($returning) {
728 729
	$user = $this_user;
	if ($group->IsMember($user, $ignore)) {
730 731
	    $errors["Membership"] = "You are already a member";
	}
732
    }
733 734
}

735
# Done with sanity checks!
736 737 738 739 740 741 742
if (count($errors)) {
    SPITFORM($formfields, $returning, $errors);
    PAGEFOOTER();
    return;
}

#
743 744
# Create a new user. We do this by creating a little XML file to pass to
# the newuser script.
745 746
#
if (! $returning) {
747
    $args = array();
748 749 750 751 752 753 754 755 756
    $args["name"]	   = $formfields["usr_name"];
    $args["email"]         = $formfields["usr_email"];
    $args["address"]       = $formfields["usr_addr"];
    $args["address2"]      = $formfields["usr_addr2"];
    $args["city"]          = $formfields["usr_city"];
    $args["state"]         = $formfields["usr_state"];
    $args["zip"]           = $formfields["usr_zip"];
    $args["country"]       = $formfields["usr_country"];
    $args["phone"]         = $formfields["usr_phone"];
757
    $args["shell"]         = 'tcsh';
758 759
    $args["title"]         = $formfields["usr_title"];
    $args["affiliation"]   = $formfields["usr_affil"];
760
    $args["affiliation_abbreviation"] = $formfields["usr_affil_abbrev"];
761
    $args["password"]      = $formfields["password1"];
762 763 764
    if ($WIKISUPPORT) {
        $args["wikiname"] = $formfields["wikiname"];
    }
765

766 767
    if (isset($formfields["usr_URL"]) &&
	$formfields["usr_URL"] != $HTTPTAG && $formfields["usr_URL"] != "") {
Russ Fish's avatar
Russ Fish committed
768
	$args["URL"] = $formfields["usr_URL"];
769
    }
770
    if ($USERSELECTUIDS) {
771
	$args["login"] = $formfields["joining_uid"];
772 773
    }

774 775 776 777 778
    # Backend verifies pubkey and returns error.
    if (!$forwikionly) {
	if (isset($_FILES['usr_keyfile']) &&
	    $_FILES['usr_keyfile']['name'] != "" &&
	    $_FILES['usr_keyfile']['name'] != "none") {
779

780 781 782
	    $localfile = $_FILES['usr_keyfile']['tmp_name'];
	    $args["pubkey"] = file_get_contents($localfile);
	}
783
    }
784 785
    if (! ($user = User::NewNewUser(($forwikionly ?
				     TBDB_NEWACCOUNT_WIKIONLY : 0),
786 787 788 789 790 791
				    $args,
				    $error)) != 0) {
	$errors["Error Creating User"] = $error;
	SPITFORM($formfields, $returning, $errors);
	PAGEFOOTER();
	return;
792
    }
793
    $joining_uid = $user->uid();
794 795
}

796 797 798 799 800 801 802 803
#
# For wikionly registration, we are done.
# 
if ($forwikionly) {
    header("Location: wikiregister.php3?finished=1");
    exit();
}

804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839
#
# If this sitevar is set, check to see if this addition will create a
# mix of admin and non-admin people in the group. 
#
if ($ISOLATEADMINS &&
    !$project->IsMember($user, $ignore)) {
    $members = $project->MemberList();

    foreach ($members as $other_user) {
	if ($user->admin() != $other_user->admin()) {
	    if ($returning) {
		$errors["Joining Project"] =
		    "Improper mix of admin and non-admin users";
		SPITFORM($formfields, $returning, $errors);
		PAGEFOOTER();
		return;
	    }
	    else {
		#
		# The user creation still succeeds, which is good. Do not
		# want the effort to be wasted. But need to indicate that
		# something went wrong. Lets send email to tbops since this
		# should be an uncommon problem.
		#
		TBERROR("New user '$joining_uid' attempted to join project ".
			"'$pid'\n".
			"which would create a mix of admin and non-admin ".
			"users\n", 0);
		
		header("Location: joinproject.php3?finished=1");
		return;
	    }
	}
    }
}

840
#
841
# If joining a subgroup, also add to project group.
842
#
843
if ($pid != $gid && ! $project->IsMember($user, $ignore)) {
844 845 846
    if ($project->AddNewMember($user) < 0) {
	TBERROR("Could not add user $joining_uid to project group $pid", 1);
    }
847 848 849
}

#
850 851
# Add to the group, but with trust=none. The project/group leader will have
# to upgrade the trust level, making the new user real.
852
#
853 854
if ($group->AddNewMember($user) < 0) {
    TBERROR("Could not add user $joining_uid to group $pid/$gid", 1);
855 856
}

857 858 859
#
# Generate an email message to the proj/group leaders.
#
860
if ($returning) {
861
    $group->NewMemberNotify($user);
862
}
863 864 865 866 867 868 869

#
# Spit out a redirect so that the history does not include a post
# in it. The back button skips over the post and to the form.
# See above for conclusion.
# 
header("Location: joinproject.php3?finished=1");
Russ Fish's avatar
Russ Fish committed
870
?>