arguments).

of the CHECKEMAIL function as a result.

switching the menu when user switches between http and https (since
the secret cookie is not transferred in http, we have no way of
actually knowing the user is logged in from the browser). So, add
another cookie that is a crc32 hash of the real cookie, and trasnfer
that in http mode. A valid crc32 hash simply indicates that the user
is almost certainly logged in from the browser (but does not impart
any privs until we get the real cookie), while the absence of the
crc32 or a mismatch indicates that user is almost certainly *not*
logged in from the browser, and so we draw the usual "not logged in"
page.

* Use superglobals for page/form arguments.

* Add regex functions for email and phone number.

* Remove stripslashes calls; not needed and actually incorrect for
  data returned from the DB.

playing with coding practices for comment.

plus a lock field. The lock field was a simple "experiment locked, go away"
slot that is easy to use when you do not care about the actual state that
an experiment is in, just that it is in "transition" and should not be
messed with.

The other two state variables are "state" and "batchstate". The former
(state) is the original variable that Chris added, and was used by the tb*
scripts to make sure that the experiment was in the state each particular
script wanted them to be in. But over time (and with the addition of so
much wrapper goo around them), "state" has leaked out all over the place to
determine what operations on an experiment are allowed, and if/when it
should be displayed in various web pages. There are a set of transition
states in addition to the usual "active", "swapped", etc like "swapping"
that make testing state a pain in the butt.

I added the other state variable ("batchstate") when I did the batch
system, obviously! It was intended as a wrapper state to control access to
the batch queue, and to prevent batch experiments from being messed with
except when it was really okay (for example, its okay to terminate a
swapped out batch experiment, but not a swapped in batch experiment since
that would confuse the batch daemon). There are fewer of these states, plus
one additional state for "modifying" experiments.

So what I have done is change the system to use "batchstate" for all
experiments to control entry into the swap system, from the web interface,
from the command line, and from the batch daemon. The other state variable
still exists, and will be brutally pushed back under the surface until its
just a vague memory, used only by the original tb* scripts. This will
happen over time, and the "batchstate" variable will be renamed once I am
convinced that this was the right thing to do and that my changes actually
work as intended.

Only people who have bothered to read this far will know that I also added
the ability to cancel experiment swapin in progress. For that I am using
the "canceled" flag (ah, this one was named properly from the start!), and
I test that at various times in assign_wrapper and tbswap. A minor downside
right now is that a canceled swapin looks too much like a failed swapin,
and so tbops gets email about it. I'll fix that at some point (sometime
after the boss complains).

I also cleaned up various bits of code, replacing direct calls to exec
with calls to the recently improved SUEXEC interface. This removes
some cruft from each script that calls an external script.

Cleaned up modifyexp.ph3 quite a bit, reformatting and indenting.
Also fixed to not run the parser directly! This was very wrong; should
call nscheck instead. Changed to use "nobody" group instead of group
flux (made the same change in nscheck).

There is a script in the sql directory called newstates.pl. It needs
to be run to initialize the batchstate slot of the experiments table
for all existing experiments.

Chad's tiptunnel stuff. Requires ssh-mime.pl in the current directory,
to be installed as a browser helper application on the users machine.
Copied Chad's instructions for the tiptunnel from the FAQ, and stuck
it into ssh-mime.html as a help file (not really FAQ material). The
intent of this of course is to make ssh into jailed nodes easier, but
not having to know port numbers, or directly log into ops first, when
the jails are using control network IPs in our private IP space (not
routable from outside).

at some point, but default args are the finest!

Before:
The main defs file (ie for configure) had an entry for WWWDEFS that
pointed to a <@WWWDEFS@>-defs.php3 file in the www/ directory. The www
defs file loaded some values about web pages, URLs, and some web
configuration parameters.

Problem:
Anything that was only in the www defs file was not accessible in the rest
of the universe (ie perl, C, and any other non-web-page scripts). For
instance, you couldn't have a perl script send an email to a user with a
link to the web site.

Solution:
Nuke all the www-defs files, move any important values into the main
configure, and change the web defs infrastructure to respect that. This
also meant adding about 3 lines each to all of the configure defs files.
(There really are about 10 new values you can change in your defs file,
but in almost all cases, the default values are the right thing.)

Upgrading:
External sites will need to move a few variables from their www-defs file
into their configure defs file. The example file should make it pretty
obvious. They may also want to customize some of the other vars that are
mentioned in configure.in and www/defs.php3.in .

previously to perl generated email).

Remove sleep(1) after sendmail. Silly.
Move $TBAUTHTIMEOUT up above include line so I can redefine it locally
to be 10 years!

output from the script. Cleanup formatting when there is output.

picks it up from the main defs file via configure.

Fixed up everybody's defs and www defs files to match the new way of
doing things.

see if user actually has an account (by checking user status user
table). Avoids trying to run suexec as a user that does not actuall
exist on boss cause they do not have an account (since we allow users
to edit personal info before being approved and getting an account).
For addpubkey, we have to run the program as someone, so when the user
does not have an account, run it as nobody.

of a random number, as suggested in the php manual. This number
is stashed in the database, in the new verify_key column in the
users table.

Rename the functions that generate and get the keys, and move from
defs.php3 to dbdefs.php3, since they're now DB operations.

Also remove the old VERIFYURL function, which did the same thing and
wasn't being called anywhere, to prevent it from bitrotting.

to an external perl script, and use ssh-keygen to attempt conversion
off SSH2/SECSH key formats. This is actually a simplification of the
php code, which is not generally very good at this kind of thing (or
maybe I mean perl is just better at it). The parsing and error
handling it also much improved.

group from the defs file instead.

* Cleanup! A lot of the structure derived from the early frame days,
  which had a noticable (and bad) effect on how I wrote the stuff.  I
  cleaned up most of that yuckyness.

* In process, optimize a little bit on the queries. The old code did
  about 9 queries just to write out the menu options, and then
  repeated most of those queries again in the page guts. I've
  consolidated the queries as much as possible (to 3) and cache all
  the results.

* Fix up problem with users who forget their passwords before
  verification. Basically, I fixed the more general problem of not
  being able to update your user info before verification/approval;
  users now get that menu option no matter their status.

* Fix up problem of users being able to access pages before
  verification (but after approval) by going around the menu options.
  The page level check (after the menu is drawn) now checks all
  conditions (password expired, unverified, unapproved, timedout, and
  also nologins()).

* Minor change in approveuser; do not show the new account to the
  project leader until the new user has verified his account.

* Change verification method, as reqwuested by Dave.  In addition to
  providing the key, also provide a web link to take the user straight
  to verification. I actually take them direct to the login page, and
  pass the key in as an argument. If the user is already logged in,
  bypass and go directly to the verify page (not the form page of
  course).  If the user is not logged in, let him log in, and then
  forward the key onward to the verify page. Basically, bypass the
  form all the time, and just do the verification.

* Minor change in showuser; Do not show pid/groups not approved in,
  and if the count is zero, do not draw the table headings.

construct some of the stuff in the various www/defs files.

sorting options. I have not done anything with the experiment listing
though since I'm hoping to get better info out of the slothd stuff, so
might as well wait.

not being used on www.emulab.net

line in all email from the system. Remove all of the TESTBED: tags
and modify the email function in the web server and perl library to
prepend @DOMAIN@: to the message.

Fix up SUEXEC and TBERROR error handling so that <XMP> tags are not
included in the email message!
Add CHECKURL() function (which will eventually replace VERIFYURL())
which returns error strings instead of calling USERERROR. This is
in support of new forms code.
Add CHECKPASSWORD() function; same code was in three different places.
This version returns the error string from checkpass.

defs file. For mini, revert the domain back to .emulab.net and set the
suffix to "-mini". For the others, default it to "" to avoid
invalidating current users and logins. Tested with opera, and seems to
work okay now.

changes for the mini testbed. Needs to be done up one level in the
rest of configure, but thats too much work right now.

capability. New DB field in the users table (pswd_expires) which is a
date field that initially gets set to one year after the user account
is created. When the password is changed via the web form, it gets
bumped 1 more year into the future *unless* the current uid is
different from the target_uid (ie: you are changing a password for
someone else). In that case, the expiration is set to the current
date, which forces the target user to change his password next time he
logs in. I've changed the menu/auth code to look for password
expiration, and when expired the menu options contain just a single
option to change the password. All other https pages will fail with a
password expired message. Normal text pages will work of course.

pages now show the lastlogin info that is gathered from sshd syslog
reporting to users. That info is parsed by security/genlastlog.c, and
entered into the DB in the nodeuidlastlogin and uidnodelastlogin
tables. If not obvious from the names, for each user we want the last time
they logged in anyplace, and for each node we want the last time anyone
logged into it. The latter is obviously more useful for scheduling
purposes. All of the various images have new /etc/syslog.conf files,
and the 6.2 got new sshd_configs (all cvsup'ed with kill -HUP). There
is an entry in boss:/etc/crontab and users:/etc/syslog.conf. All of
this is decribed in greater detail in security/genlastlog.c.

Add the days idle (web and users) to the long listing of users.

I added a DB table to record last Web login, and I've added a backed
program (lastlogin.c) to get the lastlogin information from
users:/var/log/lastlog (mounted on boss:/usr/testbed/usersvar). These
two bits of info are now displayed in the user infomation page.

in error message cause of some missing global statements.

addresses from the pages. Just one less localization problem. Still
need to deal with all the flux hyperlinks though!

proper headers. Split out some of the mail into testbed-logs,
testbed-ops, and testbed-approval. Added a library for including from
our perl scripts. Contains a couple of mail helper functions, but will
hopefully contain more as time goes by.

Fixed a bug in the web interface that was causing breakage for people
with multiple accounts. Mac and Jay have noticed this, when logging
out and trying to join or create a project under a new or different
name.