diff --git a/www/TODO b/www/TODO
index 09b351bc62a32df6e29c862bcf6b3081a433f95e..c66320a01fa72036de1f48164f7fa446addb8301 100644
--- a/www/TODO
+++ b/www/TODO
@@ -8,9 +8,10 @@ importance should be obvious. Whoever does this work *will* program in the
 dominate style of the existing, newly written, 4500 lines of code! Now, if
 I could just figure out how to add a php mode to emacs ...
 
-* Add password hint for the clueless users who forget their passwords.
+* Add DB connect as authorized user so we can track whats going in
+  the DB log files.
 
-* tbend should work from the database, not the .ir file.
+* Add password hint for the clueless users who forget their passwords.
 
 * Put a limit on the number of new users/projects that can be
   unapproved (to prevent DOS attacks on the database).
@@ -30,11 +31,7 @@ I could just figure out how to add a php mode to emacs ...
   include the uid in the existing cookie (the one I added to send back the
   hash key).
 
-* Look at the 'suexec' program from the Apache distribution and use it
-  as the basis for the "run as a user" program.  Instead of checking
-  the home directory, it'll check the database.
-
-* Fix the email list problem. Right now we add people people to the two
+* Fix the email list problem. Right now we add people to the two
   email list files in /usr/testbed/www/maillist when they apply. We should
   either delay that until they are approved, or make sure they get taken
   back out when denied.
@@ -54,19 +51,12 @@ I could just figure out how to add a php mode to emacs ...
   certificates. I'm not too crazy about this unless its easy to do all of it
   on my home machine (apache server).
 
-* Continue to hook up the backend parts of the system, which right now is a
-  major unfinished piece of business.
-
 * More linking of information in the forms. There are some obvious places
   where stuff should be presented as hypertext links so that navigation is
   easier.
 
 * Backup links in all the pages.
 
-* Change to ?uid=stoller&pid=testbed style arguments in all the pages I
-  have not yet fixed (that is, get rid of that regex thing at the top of
-  the page to find the arguments).
-
 * Admin page to remove a project.
 
 * Admin page to remove a user.
@@ -82,8 +72,6 @@ I could just figure out how to add a php mode to emacs ...
   experiment name, downcase it. Mac was going to do this, but I don't know
   if he got to it. 
 
-* Get people to go use the pages (including modify user information!).
-
 * Lastly, macrofy the entire thing and get rid the damn frames! I hate
   frames!
 
diff --git a/www/addusr.php3 b/www/addusr.php3
index a98ec9643a8dc0e10a4a701d0b4ef83af4d5f443..978a60dffe5b46b938e7ae1a5b9bdd4ecb464f9f 100755
--- a/www/addusr.php3
+++ b/www/addusr.php3
@@ -3,20 +3,17 @@ include("defs.php3");
 
 PAGEHEADER("New User");
 
-$uid = "";
-if ( ereg("php3\?([[:alnum:]]+)",$REQUEST_URI,$Vals) ) {
-  $uid=$Vals[1];
-  addslashes($uid);
-} else {
-  unset($uid);
-}
+#
+# Get current user.
+# 
+$uid = GETLOGIN();
 
 #
 # If a uid came in, then we check to see if the login is valid.
 # If the login is not valid, then quit cause we don't want to display the
 # personal information for some random ?uid argument.
 #
-if (isset($uid)) {
+if ($uid) {
     if (CHECKLOGIN($uid) != 1) {
         USERERROR("You are not logged in. Please log in and try again.", 1);
     }
diff --git a/www/approveproject.php3 b/www/approveproject.php3
index 51c6fbe2e4089b9a8231fbcc97d0cb8a06414c8c..996532b6bad90282e5c476832f17626d85426e9a 100644
--- a/www/approveproject.php3
+++ b/www/approveproject.php3
@@ -9,6 +9,7 @@ PAGEHEADER("New Project Approved");
 #
 # Only known and logged in users can do this.
 #
+$uid = GETLOGIN();
 LOGGEDINORDIE($uid);
 
 #
diff --git a/www/approveproject_form.php3 b/www/approveproject_form.php3
index 873d3d0e9cbe83c51725fa26a52c2a5fb6e7d7f4..a86ba0eaca7916f9c091b703b9cb3e7c57719ebf 100755
--- a/www/approveproject_form.php3
+++ b/www/approveproject_form.php3
@@ -9,6 +9,7 @@ PAGEHEADER("New Project Approval");
 #
 # Only known and logged in users can do this.
 #
+$uid = GETLOGIN();
 LOGGEDINORDIE($uid);
 
 #
@@ -19,6 +20,14 @@ if (! $isadmin) {
     USERERROR("You do not have admin privledges to approve projects!", 1);
 }
 
+#
+# Verify arguments.
+# 
+if (!isset($pid) ||
+    strcmp($pid, "") == 0) {
+    USERERROR("You must provide a project ID.", 1);
+}
+
 echo "<center><h1>Approve a Project</h1></center>\n";
 
 #
@@ -75,7 +84,7 @@ echo "<center>
       <h3>What would you like to do?</h3>
       </center>
       <table align=center border=1>
-      <form action='approveproject.php3?uid=$uid&pid=$pid' method='post'>\n";
+      <form action='approveproject.php3?pid=$pid' method='post'>\n";
 
 echo "<tr>
           <td align=center>
diff --git a/www/approveproject_list.php3 b/www/approveproject_list.php3
index 5879e2375a52992fc28043d2b6c5e61b2b13212c..d2e0e2085c65dcfdf050910483f646e4eb629eef 100755
--- a/www/approveproject_list.php3
+++ b/www/approveproject_list.php3
@@ -9,6 +9,7 @@ PAGEHEADER("New Project Approval List");
 #
 # Only known and logged in users can do this. uid came in with the URI.
 #
+$uid = GETLOGIN();
 LOGGEDINORDIE($uid);
 
 echo "<center><h1>Approve New Projects List</h1></center>\n";
@@ -87,12 +88,12 @@ while ($projectrow = mysql_fetch_array($query_result)) {
           </tr>
           <tr>
               <td align=center rowspan=2>
-                  <A href='approveproject_form.php3?uid=$uid&pid=$pid'>
+                  <A href='approveproject_form.php3?pid=$pid'>
                      <img alt=\"o\" src=\"redball.gif\"></A></td>
               <td rowspan=2>
-                  <A href='showproject.php3?uid=$uid&pid=$pid'>$pid</A></td>
+                  <A href='showproject.php3?pid=$pid'>$pid</A></td>
               <td rowspan=2>
-                  <A href='showuser.php3?uid=$uid&target_uid=$headuid'>
+                  <A href='showuser.php3?target_uid=$headuid'>
                      $headuid</A></td>
               <td>$name</td>
               <td>$title</td>
diff --git a/www/approveuser.php3 b/www/approveuser.php3
index fc78b8c979cfe9da1b855ff4ec67d398f7f6250f..5e7fdabdba80e52792808fad1823a2a09f90ae8b 100644
--- a/www/approveuser.php3
+++ b/www/approveuser.php3
@@ -9,14 +9,7 @@ PAGEHEADER("New Users Approved");
 #
 # Only known and logged in users can be verified.
 #
-$uid = "";
-if (ereg("php3\?([[:alnum:]]+)", $REQUEST_URI, $Vals)) {
-    $uid=$Vals[1];
-    addslashes($uid);
-}
-else {
-    unset($uid);
-}
+$uid = GETLOGIN();
 LOGGEDINORDIE($uid);
 
 echo "<center><h1>
diff --git a/www/approveuser_form.php3 b/www/approveuser_form.php3
index 8a5443ebef9a7c805f3565b2cf00478315e2f9ee..1791cc7d8d4f63b5e12bd460a2e67eb62cdbb3ab 100755
--- a/www/approveuser_form.php3
+++ b/www/approveuser_form.php3
@@ -9,14 +9,7 @@ PAGEHEADER("New Users Approval Form");
 #
 # Only known and logged in users can be verified.
 #
-$auth_usr = "";
-if (ereg("php3\?([[:alnum:]]+)", $REQUEST_URI, $Vals)) {
-    $auth_usr=$Vals[1];
-    addslashes($auth_usr);
-}
-else {
-    unset($auth_usr);
-}
+$auth_usr = GETLOGIN();
 LOGGEDINORDIE($auth_usr);
 
 echo "
@@ -105,7 +98,7 @@ echo "<tr>
           <td>Zip</td>
       </tr>\n";
 
-echo "<form action='approveuser.php3?$auth_usr' method='post'>\n";
+echo "<form action='approveuser.php3' method='post'>\n";
 
 while ($usersrow = mysql_fetch_array($query_result)) {
     $newuid = $usersrow[uid];
diff --git a/www/beginexp_form.php3 b/www/beginexp_form.php3
index eedb56e63a0e0fe1a579472f9ea741538a061304..ac1de3b8e514809dc95f77ae9c2c01ed4900dbbf 100644
--- a/www/beginexp_form.php3
+++ b/www/beginexp_form.php3
@@ -9,13 +9,7 @@ PAGEHEADER("Begin an Experiment Form");
 #
 # Only known and logged in users can begin experiments.
 #
-$uid = "";
-if ( ereg("php3\?([[:alnum:]]+)",$REQUEST_URI,$Vals) ) {
-    $uid=$Vals[1];
-    addslashes($uid);
-} else {
-    unset($uid);
-}
+$uid = GETLOGIN();
 LOGGEDINORDIE($uid);
 
 #
diff --git a/www/beginexp_process.php3 b/www/beginexp_process.php3
index bb08bbcc2e7c297d7096ca4eb6a2ee45b6dc7544..542ae9e88332c7ff59857ed8f471347513b18266 100644
--- a/www/beginexp_process.php3
+++ b/www/beginexp_process.php3
@@ -36,7 +36,8 @@ if (!isset($exp_created) ||
 }
 
 #
-# Only known and logged in users can begin experiments.
+# Only known and logged in users can begin experiments. Name came in as
+# a POST var.
 #
 LOGGEDINORDIE($uid);
 
diff --git a/www/defs.php3 b/www/defs.php3
index 576acf478042008f74471c759026f9c8588759b4..b1e7ecd8bb969e8f1e60f5e5bb99f8545d6db84f 100644
--- a/www/defs.php3
+++ b/www/defs.php3
@@ -27,6 +27,7 @@ $TBUSER_DIR	= "/users/";
 $TBNSSUBDIR     = "nsdir";
 
 $TBAUTHCOOKIE   = "HashCookie";
+$TBNAMECOOKIE   = "MyUidCookie";
 $TBAUTHTIMEOUT  = 10800;
 $TBAUTHDOMAIN   = ".emulab.net";
 #$TBAUTHDOMAIN   = "golden-gw.ballmoss.com";
diff --git a/www/endexp.php3 b/www/endexp.php3
index 62246e16454df8c1a6c252d56b82bb82238d00c1..e73ec5c62cfe75e7ef99e56b0bdd29ed12d32883 100644
--- a/www/endexp.php3
+++ b/www/endexp.php3
@@ -9,13 +9,7 @@ PAGEHEADER("Terminate Experiment");
 #
 # Only known and logged in users can end experiments.
 #
-$uid = "";
-if ( ereg("php3\?([[:alnum:]]+)",$REQUEST_URI,$Vals) ) {
-    $uid=$Vals[1];
-    addslashes($uid);
-} else {
-    unset($uid);
-}
+$uid = GETLOGIN();
 LOGGEDINORDIE($uid);
 
 #
diff --git a/www/endexp_form.php3 b/www/endexp_form.php3
index 191b661278fd884ec9928ae267330166c3b45a8e..b9d5a775a2c75c792f5d646b6662027add4ac5ca 100644
--- a/www/endexp_form.php3
+++ b/www/endexp_form.php3
@@ -9,13 +9,7 @@ PAGEHEADER("Terminate Experiment Form");
 #
 # Only known and logged in users can end experiments.
 #
-$uid = "";
-if ( ereg("php3\?([[:alnum:]]+)",$REQUEST_URI,$Vals) ) {
-    $uid=$Vals[1];
-    addslashes($uid);
-} else {
-    unset($uid);
-}
+$uid = GETLOGIN();
 LOGGEDINORDIE($uid);
 
 #
@@ -59,7 +53,7 @@ you are a member of.</h2>
 <table align="center" border="1">
 
 <?php
-echo "<form action=\"endexp.php3?$uid\" method=\"post\">";
+echo "<form action=\"endexp.php3\" method=\"post\">";
 echo "<tr>
           <td align='center'>Project/Experiment</td>
       </tr>\n";
diff --git a/www/index.php3 b/www/index.php3
index ba254b8c6afa2425d19531207d8e9f6f73fb7781..c333bb556c471d95b4f42f6d274543a584d215d5 100755
--- a/www/index.php3
+++ b/www/index.php3
@@ -10,8 +10,6 @@ if (isset($login)) {
     #
     # Login button pressed. 
     #
-    unset($login);
-
     if (!isset($uid) ||
         strcmp($uid, "") == 0) {
             $login_status = "Login Failed";
@@ -31,20 +29,17 @@ elseif (isset($logout)) {
     #
     # Logout button pressed.
     #
-    unset($logout);
-
     DOLOGOUT($uid);
     $login_status = "$uid Logged Out";
     unset($uid);
 }
-elseif (isset($uid)) {
+elseif ($uid = GETUID()) {
     #
     # Check to make sure the UID is logged in (not timed out).
     #
     $status = CHECKLOGIN($uid);
     switch ($status) {
     case 0:
-        $login_status = "$uid Not Logged In";
         unset($uid);
         break;
     case 1:
@@ -97,28 +92,28 @@ if (isset($uid)) {
 
     if ($status == "active") {
         if ($admin) {
-            echo "<A href='approveproject_list.php3?uid=$uid'>
+            echo "<A href='approveproject_list.php3'>
                      New Project Approval</A><p>\n";
-            echo "<A href='showproject_list.php3?uid=$uid'>
+            echo "<A href='showproject_list.php3'>
                      Project Information</A><p>\n";
-            echo "<A href='nodecontrol_list.php3?uid=$uid'>
+            echo "<A href='nodecontrol_list.php3'>
                      Node Control</A><p>\n";
         }
         if ($trusted) {
             # Only group leaders can do these options
-            echo "<A href='approveuser_form.php3?$uid'>
+            echo "<A href='approveuser_form.php3'>
                      New User Approval</A>\n";
         }
         # Since a user can be a member of more than one project,
         # display this option, and let the form decide if the user is
         # allowed to do this.
-        echo "<p><A href='beginexp_form.php3?$uid'>
+        echo "<p><A href='beginexp_form.php3'>
                     Begin an Experiment</A>\n";
-        echo "<p><A href='endexp_form.php3?$uid'>
+        echo "<p><A href='endexp_form.php3'>
                     End an Experiment</A>\n";
-        echo "<p><A href='showexp_form.php3?$uid'>
+        echo "<p><A href='showexp_form.php3'>
                     Experiment Information</A>\n";
-        echo "<p><A href='modusr_form.php3?$uid'>
+        echo "<p><A href='modusr_form.php3'>
                     Update user information</A>\n";
         echo "<p><A href='reserved.php3'>
                     Node Reservation Status</A>\n";
@@ -131,7 +126,7 @@ if (isset($uid)) {
                   "Please try back later", 1);
     }
     elseif (($status == "newuser") || ($status == "unverified")) {
-        echo "<A href='verifyusr_form.php3?$uid'>New User Verification</A>\n";
+        echo "<A href='verifyusr_form.php3'>New User Verification</A>\n";
     }
     elseif (($status == "frozen") || ($status == "other")) {
         USERERROR("Your account has been changed to status $status, and is ".
@@ -143,14 +138,9 @@ if (isset($uid)) {
 #
 # Standard options for anyone.
 # 
-if (isset($uid)) {
-    echo "<p><A href=\"newproject_form.php3?$uid\">Start a Project</A>\n";
-    echo "<p><A href=\"addusr.php3?$uid\">Join a Project</A>\n";
-}
-else {
-    echo "<p><A href=\"newproject_form.php3\">Start a Project</A>\n";
-    echo "<p><A href=\"addusr.php3\">Join a Project</A>\n";
-}
+echo "<p><A href=\"newproject_form.php3\">Start Project</A>\n";
+echo "<p><A href=\"addusr.php3\">Join Project</A>\n";
+
 echo "<hr>";
 echo "<table cellpadding=\"0\" cellspacing=\"0\" width=\"100%\">";
 echo "<form action=\"index.php3\" method=\"post\" target=\"fixed\">";
@@ -168,8 +158,16 @@ if (isset($uid)) {
           </tr>\n";
 }
 else {
+    #
+    # Get the UID that came back in the cookie so that we can present a
+    # default login name to the user.
+    #
+    if (($uid = GETUID()) == FALSE)
+	$uid = "";
+
     echo "<tr>
-              <td>Username:<input type='text' name='uid' size=8></td>
+              <td>Username:<input type='text' value='$uid'
+                                  name='uid' size=8></td>
           </tr>
           <tr>
               <td>Password:<input type='password' name='password' size=12></td>
diff --git a/www/modusr_form.php3 b/www/modusr_form.php3
index 0cafa6e2cbf9f3002199ea0eaadc1361a87b298b..ca16af94a81a3c9d40c011521c719cffe6deaaef 100644
--- a/www/modusr_form.php3
+++ b/www/modusr_form.php3
@@ -9,14 +9,7 @@ PAGEHEADER("Modify User Information Form");
 #
 # Only known and logged in users can modify info.
 #
-$uid = "";
-if (ereg("php3\?([[:alnum:]]+)", $REQUEST_URI, $Vals)) {
-    $uid=$Vals[1];
-    addslashes($uid);
-}
-else {
-    unset($uid);
-}
+$uid = GETLOGIN();
 LOGGEDINORDIE($uid);
 
 ?>
@@ -55,7 +48,7 @@ $usr_affil   = $row[usr_affil];
 #
 # Generate the form.
 # 
-echo "<form action=\"modusr_process.php3?$uid\" method=\"post\">\n";
+echo "<form action=\"modusr_process.php3\" method=\"post\">\n";
 echo "<tr>
           <td>Username:</td>
           <td class=\"left\"> 
diff --git a/www/modusr_process.php3 b/www/modusr_process.php3
index bfb372af70c0e1d1149f0be8855f9a2a852bc285..f5e6a6e2748c1a2ccbcb5305df0f341e84d6edfc 100644
--- a/www/modusr_process.php3
+++ b/www/modusr_process.php3
@@ -44,7 +44,7 @@ if (!isset($usr_affil) ||
 }
 
 #
-# Only known and logged in users can modify info.
+# Only known and logged in users can modify info. uid came in as a POST var.
 #
 LOGGEDINORDIE($uid);
 
diff --git a/www/newproject_form.php3 b/www/newproject_form.php3
index 22200612dce5efbc6f9117ee4114c1879acccb95..14f56840e22921464324a138dd8159d1b6041c4f 100644
--- a/www/newproject_form.php3
+++ b/www/newproject_form.php3
@@ -3,20 +3,17 @@ include("defs.php3");
 
 PAGEHEADER("Start a New Project");
 
-$uid = "";
-if ( ereg("php3\?([[:alnum:]]+)",$REQUEST_URI,$Vals) ) {
-  $uid=$Vals[1];
-  addslashes($uid);
-} else {
-  unset($uid);
-}
+#
+# Get current user.
+# 
+$uid = GETLOGIN();
 
 #
 # If a uid came in, then we check to see if the login is valid.
 # If the login is not valid, then quit cause we don't want to display the
 # personal information for some random ?uid argument.
 #
-if (isset($uid)) {
+if ($uid) {
     if (CHECKLOGIN($uid) != 1) {
         USERERROR("You are not logged in. Please log in and try again.", 1);
     }
diff --git a/www/nodecontrol.php3 b/www/nodecontrol.php3
index a5d2e4fb3380388e8a9ea4896fac8eb29a911460..4f634693e28ea5bc13bef9e94ba871058dda86e7 100644
--- a/www/nodecontrol.php3
+++ b/www/nodecontrol.php3
@@ -7,6 +7,7 @@ include("defs.php3");
 #
 # Only known and logged in users can do this.
 #
+$uid = GETLOGIN();
 LOGGEDINORDIE($uid);
 
 #
@@ -63,10 +64,10 @@ if (! $insert_result) {
 # Zap back to the referrer. Seems better than a silly "we did it" message.
 #
 if ($refer == "list") {
-    header("Location: nodecontrol_list.php3?uid=$uid");
+    header("Location: nodecontrol_list.php3");
 }
 else {
-    header("Location: showexp.php3?uid=$uid&exp_pideid=$refer");
+    header("Location: showexp.php3?exp_pideid=$refer");
 }
 
 #
diff --git a/www/nodecontrol_form.php3 b/www/nodecontrol_form.php3
index b7f97cd9055203d2867d324c0ad2b941ac24af18..e873d57dad87d3e443303b029d3d4f7d1c0156fa 100644
--- a/www/nodecontrol_form.php3
+++ b/www/nodecontrol_form.php3
@@ -9,8 +9,17 @@ PAGEHEADER("Node Control Form");
 #
 # Only known and logged in users can do this.
 #
+$uid = GETLOGIN();
 LOGGEDINORDIE($uid);
 
+#
+# Verify form arguments.
+# 
+if (!isset($node_id) ||
+    strcmp($node_id, "") == 0) {
+    USERERROR("You must provide a node ID.", 1);
+}
+
 #
 # Check to make sure that this is a valid nodeid
 #
@@ -60,7 +69,7 @@ echo "<table border=2 cellpadding=0 cellspacing=2
 # Generate the form. Note that $refer is set by the caller so we know
 # how we got to the nodecontrol page. 
 # 
-echo "<form action=\"nodecontrol.php3?uid=$uid&refer=$refer\"
+echo "<form action=\"nodecontrol.php3?refer=$refer\"
             method=\"post\">\n";
 
 echo "<tr>
diff --git a/www/nodecontrol_list.php3 b/www/nodecontrol_list.php3
index 4761aa484286750def68e440a9141d8e70b22c44..06eb381764f66d8b22d2693405b72ec5f6eb202b 100644
--- a/www/nodecontrol_list.php3
+++ b/www/nodecontrol_list.php3
@@ -9,6 +9,7 @@ PAGEHEADER("Node Control List");
 #
 # Only known and logged in users can do this.
 #
+$uid = GETLOGIN();
 LOGGEDINORDIE($uid);
 
 #
@@ -83,7 +84,7 @@ while ($row = mysql_fetch_array($query_result)) {
 
     echo "<tr>
               <td align=center>
-                  <A href='nodecontrol_form.php3?uid=$uid&node_id=$node_id&refer=list'>
+                  <A href='nodecontrol_form.php3?node_id=$node_id&refer=list'>
                      <img alt=\"o\" src=\"redball.gif\"></A></td>
               <td>$node_id</td>
               <td>$type</td>
diff --git a/www/reserved.php3 b/www/reserved.php3
index 838771c6bccd58f4ec50696a13b8a4c318839144..c44fd54b9d643671a02aae6132aa28d1db713b02 100644
--- a/www/reserved.php3
+++ b/www/reserved.php3
@@ -1,30 +1,42 @@
-<html>
-<head>
-<title>Foo</title>
-</head>
-<body bgcolor="#ffffff">
-<H1>Utah Testbed Machine Status</h1>
-<P>
-<? 
-  mysql_connect("localhost", "webuser", ""); 
-  $query = "SELECT n.node_id, n.type, j.eid from nodes as n left join reserved AS j ON n.node_id = j.node_id";
-  $result = mysql_db_query("tbdb", $query);
-  if (!$result) {
-	$err = mysql_error();
-	echo "<H1>Could not query the database: $err</h1>\n";
-        exit;
-  }
-  echo "<table border=1 padding=1>\n";
-  echo "<tr><td><b>ID</b></td> <td><b>Type</b></td> <td><b>Reservation Status</b></td></tr>\n";
-  while ($r = mysql_fetch_array($result)) {
-	$id = $r["node_id"];  $type = $r["type"]; 
-	$res = $r["eid"];
-	if (!$res || $res == "NULL") {
-		$res = " ";
-	}
-	echo "<tr><td>$id</td> <td>$type</td> <td>$res</td></tr>\n";
-  }
-  echo "</table>\n";
+<?php
+include("defs.php3");
+
+#
+# Standard Testbed Header
+#
+PAGEHEADER("Utah Testbed Machine Statu");
+
+echo "<center>
+     <h1>Utah Testbed Machine Status</h1>
+     </center>\n";
+
+$query_result = mysql_db_query($TBDBNAME,
+	"SELECT n.node_id, n.type, j.eid from nodes ".
+	"as n left join reserved AS j ON n.node_id = j.node_id");
+if (! $query_result) {
+    $err = mysql_error();
+    TBERROR("Database Error getting node reservation status: $err\n", 1);
+}
+
+echo "<table border=1 padding=1>\n";
+echo "<tr>
+          <td><b>ID</b></td>
+          <td><b>Type</b></td>
+          <td><b>Reservation Status</b></td>
+      </tr>\n";
+
+while ($r = mysql_fetch_array($query_result)) {
+    $id = $r["node_id"];  $type = $r["type"]; 
+    $res = $r["eid"];
+    if (!$res || $res == "NULL") {
+	$res = "--";
+    }
+    echo "<tr><td>$id</td> <td>$type</td> <td>$res</td></tr>\n";
+}
+echo "</table>\n";
+
+#
+# Standard Testbed Footer
+# 
+PAGEFOOTER();
 ?>
-</body>
-</html>
diff --git a/www/showexp.php3 b/www/showexp.php3
index 84cb9afe69c9ab568926e45bf24f3eb413b3c2fc..01e7cbbe95431a93e7a479e09ef887dd2ae90545 100644
--- a/www/showexp.php3
+++ b/www/showexp.php3
@@ -10,6 +10,7 @@ PAGEHEADER("Show Experiment Information");
 #
 # Only known and logged in users can end experiments.
 #
+$uid = GETLOGIN();
 LOGGEDINORDIE($uid);
 
 $isadmin = ISADMIN($uid);
@@ -91,7 +92,7 @@ echo "<tr>
 echo "<tr>
           <td>Experiment Head: </td>
           <td class=\"left\">
-              <A href='showuser.php3?uid=$uid&target_uid=$exp_head'>
+              <A href='showuser.php3?target_uid=$exp_head'>
                  $exp_head</td>
       </tr>\n";
 
@@ -165,7 +166,7 @@ if (mysql_num_rows($reserved_result)) {
 
         echo "<tr>
                   <td align=center>
-                     <A href='nodecontrol_form.php3?uid=$uid&node_id=$node_id&refer=$exp_pideid'>
+                     <A href='nodecontrol_form.php3?node_id=$node_id&refer=$exp_pideid'>
                      <img alt=\"o\" src=\"redball.gif\"></A></td>
                   <td>$node_id</td>
                   <td>$type</td>
diff --git a/www/showexp_form.php3 b/www/showexp_form.php3
index b8d0aefd9d4ce1c4c6c32b9bbb69a8f2a80d953f..8b69f30749d9adcddb6a34f17e003a186f152ab2 100644
--- a/www/showexp_form.php3
+++ b/www/showexp_form.php3
@@ -9,13 +9,7 @@ PAGEHEADER("Show Experiment Information Form");
 #
 # Only known and logged in users can end experiments.
 #
-$uid = "";
-if ( ereg("php3\?([[:alnum:]]+)",$REQUEST_URI,$Vals) ) {
-    $uid=$Vals[1];
-    addslashes($uid);
-} else {
-    unset($uid);
-}
+$uid = GETLOGIN();
 LOGGEDINORDIE($uid);
 
 $isadmin = ISADMIN($uid);
@@ -71,7 +65,7 @@ you are a member of.</h2>
 <table align="center" border="1">
 
 <?php
-echo "<form action=\"showexp.php3?uid=$uid\" method=\"post\">";
+echo "<form action=\"showexp.php3\" method=\"post\">";
 echo "<tr>
           <td align='center'>Project/Experiment</td>
       </tr>\n";
diff --git a/www/showproject.php3 b/www/showproject.php3
index 85816e4e4bea1e316af1aa91fba638ebdb37edc5..8539232e1e7bab71ab0e188ed9a2d09ad45bf382 100644
--- a/www/showproject.php3
+++ b/www/showproject.php3
@@ -18,6 +18,7 @@ PAGEHEADER("Show Project Information");
 #
 # Only known and logged in users can end experiments.
 #
+$uid = GETLOGIN();
 LOGGEDINORDIE($uid);
 
 $isadmin = ISADMIN($uid);
@@ -70,7 +71,7 @@ if (mysql_num_rows($query_result)) {
     while ($row = mysql_fetch_row($query_result)) {
         $target_uid = $row[0];
         echo "<tr><td>
-                  <A href='showuser.php3?uid=$uid&target_uid=$target_uid'>
+                  <A href='showuser.php3?target_uid=$target_uid'>
                      $target_uid</A>
                   </td>
               </tr>\n";
diff --git a/www/showproject_form.php3 b/www/showproject_form.php3
index 1d2360b93f783c707be03bc128e2dcebe7b8b5d1..7482c82dbd4b130e0cddbc0185cc9bb9e42e7786 100644
--- a/www/showproject_form.php3
+++ b/www/showproject_form.php3
@@ -12,6 +12,7 @@ PAGEHEADER("Show Experiment Information Form");
 #
 # Only known and logged in users can end experiments.
 #
+$uid = GETLOGIN();
 LOGGEDINORDIE($uid);
 
 #
@@ -74,7 +75,7 @@ you are a member of.</h2>
 <table align="center" border="1">
 
 <?php
-echo "<form action=\"showexp.php3?$uid\" method=\"post\">";
+echo "<form action=\"showexp.php3\" method=\"post\">";
 echo "<tr>
           <td align='center'>Project/Experiment</td>
       </tr>\n";
diff --git a/www/showproject_list.php3 b/www/showproject_list.php3
index 1303f01399413fe3df1635d36260b4f290e50149..e17ba23ed17b60b20976621a1fd5b3c8f1c79555 100644
--- a/www/showproject_list.php3
+++ b/www/showproject_list.php3
@@ -12,6 +12,7 @@ PAGEHEADER("Show Experiment Information List");
 #
 # Only known and logged in users can end experiments.
 #
+$uid = GETLOGIN();
 LOGGEDINORDIE($uid);
 
 #
@@ -56,9 +57,9 @@ while ($projectrow = mysql_fetch_array($query_result)) {
     $Paffil   = $projectrow[affil];
 
     echo "<tr>
-              <td><A href='showproject.php3?uid=$uid&pid=$pid'>$pid</A></td>
+              <td><A href='showproject.php3?pid=$pid'>$pid</A></td>
               <td>$Pname</td>
-              <td><A href='showuser.php3?uid=$uid&target_uid=$headuid'>
+              <td><A href='showuser.php3?target_uid=$headuid'>
                      $headuid</A></td>
 	      <td>$Paffil</td>
           </tr>\n";
diff --git a/www/showstuff.php3 b/www/showstuff.php3
index e71eaa5111830f2e14169b6d743b2cb7794d25e0..d67ec35bfa8f56e0755b55ce96476efc2444a13d 100644
--- a/www/showstuff.php3
+++ b/www/showstuff.php3
@@ -47,7 +47,7 @@ function SHOWPROJECT($pid, $thisuid) {
     echo "<tr>
               <td>Project Head: </td>
               <td class=\"left\">
-                <A href='showuser.php3?uid=$thisuid&target_uid=$proj_head_uid'>
+                <A href='showuser.php3?target_uid=$proj_head_uid'>
                      $proj_head_uid</A></td>
           </tr>\n";
     
diff --git a/www/showuser.php3 b/www/showuser.php3
index 02427aee2f17c1674e0d37a51eebc034278a855f..7445c440cb068649f775412a0d2e3a0fcc7fd091 100644
--- a/www/showuser.php3
+++ b/www/showuser.php3
@@ -17,6 +17,7 @@ PAGEHEADER("Show User Information");
 #
 # Only known and logged in users can do this.
 #
+$uid = GETLOGIN();
 LOGGEDINORDIE($uid);
 
 $isadmin = ISADMIN($uid);
diff --git a/www/tbauth.php3 b/www/tbauth.php3
index 0b36e96c37768b81a2ca6379c94b31e94be29240..1c391709cd57a3a74d23118b95ed653e00ce03e9 100644
--- a/www/tbauth.php3
+++ b/www/tbauth.php3
@@ -19,6 +19,37 @@ function GENHASH() {
     return bin2hex($hash);
 }
 
+#
+# Return the value of the currently logged in uid, or null if not
+# logged in. Basically, check the browser to see if its sending a UID
+# and HASH back, and then check the DB to see if the useris really
+# logged in.
+# 
+function GETLOGIN() {
+    if (($uid = GETUID()) == FALSE)
+	    return FALSE;
+
+    if (CHECKLOGIN($uid) == 1)
+	    return $uid;
+
+    return FALSE;
+}
+
+#
+# Return the value of the UID cookie. This does not check to see if
+# this person is currently logged in. We just want to know what the
+# browser thinks, if anything.
+# 
+function GETUID() {
+    global $TBNAMECOOKIE, $HTTP_COOKIE_VARS;
+
+    $curname = $HTTP_COOKIE_VARS[$TBNAMECOOKIE];
+    if ($curname == NULL)
+	    return FALSE;
+
+    return $curname;
+}
+
 #
 # Verify a login by sucking a UID's current hash value out of the database.
 # If the login has expired, or of the hashkey in the database does not
@@ -31,7 +62,7 @@ function GENHASH() {
 #         -1 if login timed out
 #
 function CHECKLOGIN($uid) {
-    global $TBDBNAME, $TBAUTHCOOKIE, $HTTP_COOKIE_VARS;
+    global $TBDBNAME, $TBAUTHCOOKIE, $HTTP_COOKIE_VARS, $TBAUTHTIMEOUT;
 
     $curhash = $HTTP_COOKIE_VARS[$TBAUTHCOOKIE];
 
@@ -53,6 +84,20 @@ function CHECKLOGIN($uid) {
     # A match?
     if ($timeout > time() &&
         strcmp($curhash, $hashkey) == 0) {
+	#
+	# We update the time in the database. Basically, each time the
+	# user does something, we bump the logout further into the future.
+	# This avoids timing them out just when they are doing useful work.
+	#
+	$timeout = time() + $TBAUTHTIMEOUT;
+
+	$query_result = mysql_db_query($TBDBNAME,
+		"UPDATE login set timeout='$timeout' ".
+		"WHERE uid=\"$uid\"");
+	if (! $query_result) {
+            $err = mysql_error();
+            TBERROR("Database Error updating login timeout for $uid: $err", 1);
+        }
 	return 1;
     }
 
@@ -95,6 +140,7 @@ function LOGGEDINORDIE($uid) {
 # 
 function DOLOGIN($uid, $password) {
     global $TBDBNAME, $TBAUTHCOOKIE, $TBAUTHDOMAIN, $TBAUTHTIMEOUT;
+    global $TBNAMECOOKIE;
 
     $query_result = mysql_db_query($TBDBNAME,
 	"SELECT usr_pswd FROM users WHERE uid=\"$uid\"");
@@ -119,7 +165,7 @@ function DOLOGIN($uid, $password) {
         # the new hash value. If the user is already logged in, thats
         # okay; just update it in place with a new hash and timeout. 
         #
-	$timeout = time() + 10800;
+	$timeout = time() + $TBAUTHTIMEOUT;
 	$hashkey = GENHASH();
         $query_result = mysql_db_query($TBDBNAME,
 		"SELECT timeout FROM login WHERE uid=\"$uid\"");
@@ -140,11 +186,30 @@ function DOLOGIN($uid, $password) {
         }
 
 	#
-	# Issue the cookie request so that subsequent pages come back
-	# with the hash value embedded.
+	# Issue the cookie requests so that subsequent pages come back
+	# with the hash value and auth usr embedded.
+
+	#
+	# For the hashkey, we give it a longish timeout since we are going
+	# to control the actual timeout via the database. This just avoids
+	# having to update the hash as we update the timeout in the database
+	# each time the user does something. Eventually the cookie will
+	# expire and the user will be forced to log in again anyway. 
 	#
+	$timeout = time() + (60 * 60 * 24);
 	setcookie($TBAUTHCOOKIE, $hashkey, $timeout, "/", $TBAUTHDOMAIN, 0);
 
+	#
+	# We give this a really long timeout. We want to remember who the
+	# the user was each time they load a page, and more importantly,
+	# each time they come back to the main page so we can fill in their
+	# user name. NOTE: This cookie is integral to authorization, since
+	# we do not pass around the UID anymore, but look for it in the
+	# cookie.
+	# 
+	$timeout = time() + (60 * 60 * 24 * 32);
+	setcookie($TBNAMECOOKIE, $uid, $timeout, "/", $TBAUTHDOMAIN, 0);
+
 	return 0;
     }
     #
diff --git a/www/verifyusr_form.php3 b/www/verifyusr_form.php3
index 763f5ac8ce16a2e3c88bc037715dd896e212700c..cfd8f96e97c859d6251de712d0c3536d844c17d5 100644
--- a/www/verifyusr_form.php3
+++ b/www/verifyusr_form.php3
@@ -9,14 +9,7 @@ PAGEHEADER("New User Verification");
 #
 # Only known and logged in users can be verified.
 #
-$uid = "";
-if (ereg("php3\?([[:alnum:]]+)", $REQUEST_URI, $Vals)) {
-    $uid=$Vals[1];
-    addslashes($uid);
-}
-else {
-    unset($uid);
-}
+$uid = GETLOGIN();
 LOGGEDINORDIE($uid);
 
 ?>
diff --git a/www/welcome.html b/www/welcome.html
index b50e7972467903027b67f19fd13877e42aea3c97..2ac028175f8a069fd333306577a9bcd661a9bdc2 100644
--- a/www/welcome.html
+++ b/www/welcome.html
@@ -19,6 +19,10 @@ is transferred accross the Internet. Therefore, you will need to
 access these pages with a browser that supports SSL.  We recommend
 Netscape 4.0 or later, or presumably a recent IE, and also recommend a
 screen resolution of at least 800x600 to avoid excessive scrolling.
+<p>
+
+To enhance operation, we make use of a "Cookie" that holds your login
+name. Therefor, you will need to enable cookies on your browser. 
 
 <h3>What is it?</h3>