A set of minor changes to check URL validity.

www/addusr.php3

@@ -154,7 +154,8 @@ else {
     echo "<tr>
               <td>Home Page URL:</td>
               <td class=\"left\">
-                  <input type=\"text\" name=\"usr_url\" size=45></td>
+                  <input type=\"text\" name=\"usr_url\"
+                         value=\"http://\" size=45></td>
           </tr>\n";
 
     echo "<tr>

www/defs.php3.in

@@ -30,6 +30,8 @@ $TBAUTHCOOKIE   = "HashCookie";
 $TBNAMECOOKIE   = "MyUidCookie";
 $TBAUTHTIMEOUT  = 21600;
 
+$HTTPTAG        = "http://";
+
 #
 # Database constants and the like.
 #
@@ -186,6 +188,33 @@ function SUEXEC($uid, $gid, $cmdandargs, $die) {
     return $retval;
 }
 
+#
+# Verify a URL.
+#
+function VERIFYURL($url) {
+    global $HTTPTAG;
+
+    if (strlen($url)) {
+	if (strstr($url, " ")) {
+	    USERERROR("URL ($url) is malformed; spaces are not allowed. ".
+		      "Please go back and fix it up.", 1);
+	}
+	
+	if (strcmp($HTTPTAG, substr($url, 0, strlen($HTTPTAG)))) {
+	    USERERROR("URL ($url) must begin with $HTTPTAG. ".
+		      "Please go back and fix it up.", 1);
+	}
+	$fp = @fopen($url, "r");
+	if (! $fp) {
+	    USERERROR("URL ($url) is not valid (cannot be accessed). ".
+		      "Please go back and fix it up.", 1);
+	}
+	fclose($fp);
+    }
+    return 0;
+}
+
+
 #
 # Beware empty spaces (cookies)!
 # 

www/modusr_process.php3

@@ -62,6 +62,29 @@ if (!isset($usr_affil) ||
   FORMERROR("Institutional Affiliation");
 }
 
+#
+# Check that email address looks reasonable. We need the domain for
+# below anyway.
+#
+$email_domain = strstr($usr_email, "@");
+if (! $email_domain ||
+    strcmp($usr_email, $email_domain) == 0 ||
+    strlen($email_domain) <= 1 ||
+    ! strstr($email_domain, ".")) {
+    USERERROR("The email address `$usr_email' looks invalid!. Please ".
+	      "go back and fix it up", 1);
+}
+$email_domain = substr($email_domain, 1);
+$email_user   = substr($usr_email, 0, strpos($usr_email, "@", 0));
+
+#
+# Check URLs. 
+#
+if (strcmp($usr_url, $HTTPTAG) == 0) {
+    $usr_url = "";
+}
+VERIFYURL($usr_url);
+
 #
 # Now see if the user is requesting to change the password. We do the usual
 # checks to make sure the two fields agree and that it passes our tests for

www/newproject.php3

@@ -45,7 +45,8 @@ if (!isset($usr_name) ||
   FORMERROR("Full Name");
 }
 if (!isset($proj_URL) ||
-    strcmp($proj_URL, "") == 0) {
+    strcmp($proj_URL, "") == 0 ||
+    strcmp($proj_URL, $HTTPTAG) == 0) {
   FORMERROR("Project URL");
 }
 if (!isset($usr_email) ||
@@ -96,6 +97,15 @@ if (! $email_domain ||
 $email_domain = substr($email_domain, 1);
 $email_user   = substr($usr_email, 0, strpos($usr_email, "@", 0));
 
+#
+# Check URLs. 
+#
+if (strcmp($usr_url, $HTTPTAG) == 0) {
+    $usr_url = "";
+}
+VERIFYURL($usr_url);
+VERIFYURL($proj_URL);
+
 #
 # Certain of these values must be escaped or otherwise sanitized.
 # 

www/newproject_form.php3

@@ -136,7 +136,7 @@ echo "<tr>
 if ($row) {
     echo "          type=\"readonly\" value=\"$row[usr_URL]\">";
 } else {
-    echo "          type=\"text\" size=\"45\">";
+    echo "          value=\"http://\" type=\"text\" size=\"45\">";
 }
 
 echo "     </td>
@@ -238,7 +238,8 @@ echo "<tr>
 #
 echo "<tr>
          <td>*URL:</td>
-         <td><input type=\"text\" name=\"proj_URL\" size=\"45\"></td>
+         <td><input type=\"text\" name=\"proj_URL\"
+                    value=\"http://\" size=\"45\"></td>
       </tr>\n";
 
 #

www/usradded.php3

@@ -60,6 +60,14 @@ if (! $email_domain ||
 $email_domain = substr($email_domain, 1);
 $email_user   = substr($usr_email, 0, strpos($usr_email, "@", 0));
 
+#
+# Check URLs. 
+#
+if (strcmp($usr_url, $HTTPTAG) == 0) {
+    $usr_url = "";
+}
+VERIFYURL($usr_url);
+
 #
 # Certain of these values must be escaped or otherwise sanitized.
 #