Commit 498be2c7 authored by Leigh Stoller's avatar Leigh Stoller

Rework project approval to be easier to deal with, and to allow

a text message to go in the email message.
parent 45dcc291
......@@ -8,147 +8,154 @@
include("defs.php3");
#
# Only known and logged in users can be verified.
# Only known and logged in users can do this.
#
$uid = "";
if (ereg("php3\?([[:alnum:]]+)", $REQUEST_URI, $Vals)) {
$uid=$Vals[1];
addslashes($uid);
}
else {
unset($uid);
}
LOGGEDINORDIE($uid);
#
# Of course verify that this uid has admin privs!
#
$query_result = mysql_db_query($TBDBNAME,
"SELECT admin from users where uid='$uid' and admin='1'" );
if (! $query_result) {
$err = mysql_error();
TBERROR("Database Error getting admin status for $uid: $err\n", 1);
}
if (mysql_num_rows($query_result) == 0) {
$isadmin = ISADMIN($uid);
if (! $isadmin) {
USERERROR("You do not have admin privledges to approve projects!", 1);
}
echo "<center><h1>
Project Approval Results
Approving Project '$pid' ...
</h1></center>";
#
# Walk the list of post variables, looking for the special post format.
# See approveproject_form.php3:
# Grab the head_uid for this project. This verifies it is a valid project.
#
# project option
# name=testbed$$approval value=approve,deny,postpone
#
while (list ($header, $value) = each ($HTTP_POST_VARS)) {
#echo "$header: $value<br>\n";
$approval_string = strstr($header, "\$\$approval");
if (! $approval_string) {
continue;
}
$query_result = mysql_db_query($TBDBNAME,
"SELECT head_uid from projects where pid='$pid'");
if (! $query_result) {
TBERROR("Database Error restrieving project leader for $pid", 1);
}
if (($row = mysql_fetch_row($query_result)) == 0) {
TBERROR("Unknown project $pid", 1);
}
$headuid = $row[0];
$project = substr($header, 0, strpos($header, "\$\$", 0));
$approval = $value;
#
# Get the current status for the headuid, which we might need to change
# anyway, and to verify that the user is a valid user. We also need
# the email address to let the user know what happened.
#
# We change the status only if this person is starting his first project.
# In this case, the status will be either "newuser" or "unapproved",
# and we will change it to "unapproved" or "active", respectively.
# If the status is "active", we leave it alone.
#
$query_result = mysql_db_query($TBDBNAME,
"SELECT status,usr_email from users where uid='$headuid'");
if (! $query_result) {
TBERROR("Database Error restrieving user status for $headuid", 1);
}
if (mysql_num_rows($query_result) == 0) {
TBERROR("Unknown user $headuid", 1);
}
$row = mysql_fetch_row($query_result);
$curstatus = $row[0];
$headuid_email = $row[1];
#echo "Status = $curstatus, Email = $headuid_email<br>\n";
if (!$project || strcmp($project, "") == 0) {
TBERROR("Parse error finding project in approveproject.php3", 1);
}
if (!$approval || strcmp($approval, "") == 0) {
TBERROR("Parse error finding approval in approveproject.php3", 1);
}
#echo "Project $project, Approval $approval<br>\n";
#
# Then we check that the headuid is really listed in the proj_memb
# table, just to be sure.
#
$query_result = mysql_db_query($TBDBNAME,
"SELECT trust from proj_memb where uid='$headuid' and pid='$pid'");
if (! $query_result) {
TBERROR("Database Error retrieving trust for $headuid in $pid", 1);
}
if (mysql_num_rows($query_result) == 0) {
USERERROR("User $headuid is not the leader of project $pid.", 1);
}
#
# Well, looks like everything is okay. Change the project approval
# value appropriately.
#
if (strcmp($approval, "postpone") == 0) {
echo "<p><h3>
Project approval for project $pid (User: $headuid) was
postponed for later decision.
</h3>\n";
}
elseif (strcmp($approval, "moreinfo") == 0) {
mail("$headuid_email",
"TESTBED: Project Approval Postponed",
"\n".
"This message is to notify you that your project application\n".
"for $pid has been postponed until we have more information\n".
"\n$message".
"\n\n".
"Thanks,\n".
"Testbed Ops\n".
"Utah Network Testbed\n",
"From: $TBMAIL_CONTROL\n".
"Cc: $TBMAIL_CONTROL\n".
"Errors-To: $TBMAIL_WWW");
echo "<p><h3>
Project approval for project $pid (User: $headuid) was
postponed pending the reception of more information.
</h3>\n";
}
elseif ((strcmp($approval, "deny") == 0) ||
(strcmp($approval, "destroy") == 0)) {
#
# Grab the head_uid for this project. This verifies it is a valid project.
# Must delete the proj_memb and project records since we require a
# new application once denied. Send the luser email to let him know.
#
$query_result = mysql_db_query($TBDBNAME,
"SELECT head_uid from projects where pid='$project'");
"delete from proj_memb where uid='$headuid' and pid='$pid'");
if (! $query_result) {
TBERROR("Database Error restrieving project leader for $projecr", 1);
}
if (($row = mysql_fetch_row($query_result)) == 0) {
TBERROR("Unknown project $project", 1);
TBERROR("Database Error removing project membership record for ".
"project $pid (user: $headuid) after being denied.",
1);
}
$headuid = $row[0];
#
# Get the current status for the headuid, which we might need to change
# anyway, and to verify that the user is a valid user. We also need
# the email address to let the user know what happened.
#
# We change the status only if this person is starting his first project.
# In this case, the status will be either "newuser" or "unapproved",
# and we will change it to "unapproved" or "active", respectively.
# If the status is "active", we leave it alone.
#
$query_result = mysql_db_query($TBDBNAME,
"SELECT status,usr_email from users where uid='$headuid'");
"delete from projects where pid='$pid'");
if (! $query_result) {
TBERROR("Database Error restrieving user status for $headuid", 1);
}
if (mysql_num_rows($query_result) == 0) {
TBERROR("Unknown user $headuid", 1);
TBERROR("Database Error removing project record for project ".
"project $pid (user: $headuid) after being denied.",
1);
}
$row = mysql_fetch_row($query_result);
$curstatus = $row[0];
$headuid_email = $row[1];
#echo "Status = $curstatus, Email = $headuid_email<br>\n";
#
# Then we check that the headuid is really listed in the proj_memb
# table, just to be sure.
#
$query_result = mysql_db_query($TBDBNAME,
"SELECT trust from proj_memb where uid='$headuid' and pid='$project'");
if (! $query_result) {
TBERROR("Database Error retrieving trust for $headuid in $project", 1);
}
if (mysql_num_rows($query_result) == 0) {
USERERROR("User $headuid is not the leader of project $project.", 1);
}
mail("$headuid_email",
"TESTBED: Project Denied",
"\n".
"This message is to notify you that your project application\n".
"for $pid has been denied\n".
"\n$message".
"\n\n".
"Thanks,\n".
"Testbed Ops\n".
"Utah Network Testbed\n",
"From: $TBMAIL_CONTROL\n".
"Cc: $TBMAIL_CONTROL\n".
"Errors-To: $TBMAIL_WWW");
#
# Well, looks like everything is okay. Change the project approval
# value appropriately.
# Well, if the "destroy" option was given, kill the users account
# from the database.
#
if (strcmp($approval, "postpone") == 0) {
echo "<p><h3>
Project approval for project $project (User: $headuid) was
postponed for later decision.
</h3>\n";
continue;
}
if ((strcmp($approval, "deny") == 0) ||
(strcmp($approval, "destroy") == 0)) {
#
# Must delete the proj_memb and project records since we require a
# new application once denied. Send the luser email to let him know.
#
$query_result = mysql_db_query($TBDBNAME,
"delete from proj_memb where uid='$headuid' and pid='$project'");
if (! $query_result) {
TBERROR("Database Error removing project membership record for ".
"project $project (user: $headuid) after being denied.",
1);
}
if (strcmp($approval, "destroy") == 0) {
$query_result = mysql_db_query($TBDBNAME,
"delete from projects where pid='$project'");
"delete from users where uid='$headuid'");
if (! $query_result) {
TBERROR("Database Error removing project record for project ".
"project $project (user: $headuid) after being denied.",
TBERROR("Database Error removing user record for $headuid ".
"after project $pid was denied(destroyed).",
1);
}
mail("$headuid_email",
"TESTBED: Project Denied",
"\n".
"This message is to notify you that your project application\n".
"for $project has been denied\n".
"TESTBED: Account Terminated",
"\n".
"This message is to notify you that your account has been \n".
"terminated because your project $pid was denied\n".
"\n\n".
"Thanks,\n".
"Testbed Ops\n".
......@@ -156,103 +163,75 @@ while (list ($header, $value) = each ($HTTP_POST_VARS)) {
"From: $TBMAIL_CONTROL\n".
"Cc: $TBMAIL_CONTROL\n".
"Errors-To: $TBMAIL_WWW");
}
#
# Well, if the "destroy" option was given, kill the users account
# from the database.
#
if (strcmp($approval, "destroy") == 0) {
$query_result = mysql_db_query($TBDBNAME,
"delete from users where uid='$headuid'");
if (! $query_result) {
TBERROR("Database Error removing user record for $headuid ".
"after project $project was denied(destroyed).",
1);
}
mail("$headuid_email",
"TESTBED: Account Terminated",
"\n".
"This message is to notify you that your account has been \n".
"terminated because your project $project was denied\n".
"\n\n".
"Thanks,\n".
"Testbed Ops\n".
"Utah Network Testbed\n",
"From: $TBMAIL_CONTROL\n".
"Cc: $TBMAIL_CONTROL\n".
"Errors-To: $TBMAIL_WWW");
}
echo "<h3><p>
Project $project (User: $headuid) has been denied.
</h3>\n";
echo "<h3><p>
Project $pid (User: $headuid) has been denied.
</h3>\n";
}
elseif (strcmp($approval, "approve") == 0) {
#
# Change the trust value in proj_memb to group_root, and set the
# project "approved" field to true.
#
$query_result = mysql_db_query($TBDBNAME,
"UPDATE proj_memb set trust='group_root' ".
"WHERE uid='$headuid' and pid='$pid'");
if (! $query_result) {
TBERROR("Database Error adding $headuid to project $pid.", 1);
}
continue;
$query_result = mysql_db_query($TBDBNAME,
"UPDATE projects set approved='1' WHERE pid='$pid'");
if (! $query_result) {
TBERROR("Database Error setting approved field for ".
"project $pid.", 1);
}
if (strcmp($approval, "approve") == 0) {
#
# Change the trust value in proj_memb to group_root, and set the
# project "approved" field to true.
#
$query_result = mysql_db_query($TBDBNAME,
"UPDATE proj_memb set trust='group_root' ".
"WHERE uid='$headuid' and pid='$project'");
if (! $query_result) {
TBERROR("Database Error adding $headuid to project $project.", 1);
}
#
# Change the status if necessary. This only happens for new users
# being approved in their first project. After this, the status is
# going to be "active", and we just leave it that way.
#
if (strcmp($curstatus, "active")) {
if (strcmp($curstatus, "newuser") == 0) {
$newstatus = "unverified";
}
elseif (strcmp($curstatus, "unapproved") == 0) {
$newstatus = "active";
}
else {
TBERROR("Invalid $headuid status $curstatus in ".
"approveproject.php3", 1);
}
$query_result = mysql_db_query($TBDBNAME,
"UPDATE projects set approved='1' WHERE pid='$project'");
"UPDATE users set status='$newstatus' WHERE uid='$headuid'");
if (! $query_result) {
TBERROR("Database Error setting approved field for ".
"project $project.", 1);
TBERROR("Database Error changing $headuid status to ".
"$newstatus.",
1);
}
}
#
# Change the status if necessary. This only happens for new users
# being approved in their first project. After this, the status is
# going to be "active", and we just leave it that way.
#
if (strcmp($curstatus, "active")) {
if (strcmp($curstatus, "newuser") == 0) {
$newstatus = "unverified";
}
elseif (strcmp($curstatus, "unapproved") == 0) {
$newstatus = "active";
}
else {
TBERROR("Invalid $headuid status $curstatus in ".
"approveproject.php3", 1);
}
$query_result = mysql_db_query($TBDBNAME,
"UPDATE users set status='$newstatus' WHERE uid='$headuid'");
if (! $query_result) {
TBERROR("Database Error changing $headuid status to ".
"$newstatus.",
1);
}
}
mail("$headuid_email",
"TESTBED: Project Approval",
"\n".
"This message is to notify you that your project $project\n".
"has been approved.\n".
"\n\n".
"Thanks,\n".
"Testbed Ops\n".
"Utah Network Testbed\n",
"From: $TBMAIL_CONTROL\n".
"Cc: $TBMAIL_CONTROL\n".
"Errors-To: $TBMAIL_WWW");
mail("$headuid_email",
"TESTBED: Project Approval",
"\n".
"This message is to notify you that your project $pid\n".
"has been approved.\n".
"\n$message".
"\n\n".
"Thanks,\n".
"Testbed Ops\n".
"Utah Network Testbed\n",
"From: $TBMAIL_CONTROL\n".
"Cc: $TBMAIL_CONTROL\n".
"Errors-To: $TBMAIL_WWW");
echo "<h3><p>
Project $project (User: $headuid) has been approved.
</h3>\n";
continue;
}
echo "<h3><p>
Project $pid (User: $headuid) has been approved.
</h3>\n";
}
else {
TBERROR("Invalid approval value $approval in approveproject.php3.", 1);
}
......
......@@ -10,50 +10,30 @@ include("defs.php3");
#
# Only known and logged in users can do this.
#
$uid = "";
if (ereg("php3\?([[:alnum:]]+)", $REQUEST_URI, $Vals)) {
$uid=$Vals[1];
addslashes($uid);
}
else {
unset($uid);
}
LOGGEDINORDIE($uid);
echo "<center><h1>Approve New Projects</h1></center>\n";
#
# Of course verify that this uid has admin privs!
#
$query_result = mysql_db_query($TBDBNAME,
"SELECT admin from users where uid='$uid' and admin='1'" );
if (! $query_result) {
$err = mysql_error();
TBERROR("Database Error getting admin status for $uid: $err\n", 1);
}
if (mysql_num_rows($query_result) == 0) {
$isadmin = ISADMIN($uid);
if (! $isadmin) {
USERERROR("You do not have admin privledges to approve projects!", 1);
}
echo "<center><h1>Approve a Project</h1></center>\n";
#
# Look in the projects table to see which projects have not been approved.
# Present a menu of options to either approve or deny the projects.
# Approving a project implies approving the project leader. Denying a project
# implies denying the project leader account, when there is just a single
# project pending for that project leader.
# Check to make sure thats this is a valid PID.
#
$query_result = mysql_db_query($TBDBNAME,
"SELECT * from projects where approved='0'");
if (! $query_result) {
$err = mysql_error();
TBERROR("Database Error getting unapproved project list: $err\n", 1);
}
"SELECT * FROM projects WHERE pid=\"$pid\"");
if (mysql_num_rows($query_result) == 0) {
USERERROR("There are no projects to approve!", 1);
USERERROR("The project $pid is not a valid project.", 1);
}
$row = mysql_fetch_array($query_result);
echo "For each project waiting to be approved, you may select on of the
following choices:
echo "<center><h3>You have the following choices:</h3></center>
<table align=center border=0>
<tr>
<td>Deny</td>
......@@ -73,6 +53,12 @@ echo "For each project waiting to be approved, you may select on of the
<td>Approve the project</td>
</tr>
<tr>
<td>More Info</td>
<td>-</td>
<td>Ask for more info</td>
</tr>
<tr>
<td>Postpone</td>
<td>-</td>
......@@ -80,90 +66,165 @@ echo "For each project waiting to be approved, you may select on of the
</tr>
</table>\n";
echo "<center>
<h3>Project Information</h3>
</center>
<table align=center border=1>\n";
$proj_created = $row[created];
$proj_expires = $row[expires];
$proj_name = $row[name];
$proj_URL = $row[URL];
$proj_head_uid = $row[head_uid];
$proj_pcs = $row[num_pcs];
$proj_sharks = $row[num_sharks];
$proj_why = $row[why];
$control_node = $row[control_node];
#
# Now build a table with a bunch of selections. The thing to note about the
# form inside this table is that the selection fields are constructed with
# name= on the fly, from the uid of the user to be approved. In other words:
# Generate the table.
#
echo "<tr>
<td>Name: </td>
<td class=\"left\">$pid</td>
</tr>\n";
echo "<tr>
<td>Long Name: </td>
<td class=\"left\">$proj_name</td>
</tr>\n";
echo "<tr>
<td>Project Head: </td>
<td class=\"left\">$proj_head_uid</td>
</tr>\n";
echo "<tr>
<td>URL: </td>
<td class=\"left\">
<A href='$proj_URL'>$proj_URL</A></td>
</tr>\n";
echo "<tr>
<td>#PCs: </td>
<td class=\"left\">$proj_pcs</td>
</tr>\n";
echo "<tr>
<td>#Sharks: </td>
<td class=\"left\">$proj_sharks</td>
</tr>\n";
echo "<tr>
<td>Created: </td>
<td class=\"left\">$proj_created</td>
</tr>\n";
echo "<tr>
<td colspan='2'>Why?</td>
</tr>\n";
echo "<tr>
<td colspan='2' width=600>$proj_why</td>
</tr>\n";
echo "</table>\n";
$userinfo_result = mysql_db_query($TBDBNAME,
"SELECT * from users where uid=\"$proj_head_uid\"");
$row = mysql_fetch_array($userinfo_result);
$usr_expires = $row[usr_expires];
$usr_email = $row[usr_email];
$usr_addr = $row[usr_addr];
$usr_name = $row[usr_name];
$usr_phone = $row[usr_phone];
$usr_passwd = $row[usr_pswd];
$usr_title = $row[usr_title];
$usr_affil = $row[usr_affil];
echo "<center>
<h3>Project Leader Information</h3>
</center>
<table align=center border=1>\n";
echo "<tr>
<td>Username:</td>
<td>$proj_head_uid</td>
</tr>\n";
echo "<tr>
<td>Full Name:</td>
<td>$usr_name</td>
</tr>\n";
echo "<tr>
<td>Email Address:</td>
<td>$usr_email</td>
</tr>\n";
echo "<tr>
<td>Expiration date:</td>
<td>$usr_expires</td>
</tr>\n";
echo "<tr>
<td>Mailing Address:</td>
<td>$usr_addr</td>
</tr>\n";
echo "<tr>
<td>Phone #:</td>
<td>$usr_phone</td>
</tr>\n";
echo "<tr>
<td>Title/Position:</td>
<td>$usr_title</td>
</tr>\n";
echo "<tr>
<td>Institutional Affiliation:</td>
<td>$usr_affil</td>
</tr>\n";
echo "</table>\n";
#
# project menu
# name=testbed$$approval value=approve,deny,murder,postpone
# Now put up the menu choice along with a text box for an email message.
#
# so that we can go through the entire list of post variables, looking
# for these. The alternative is to work backwards, and I don't like that.
#
echo "<table width=\"100%\" border=2 cellpadding=0 cellspacing=2
align='center'>\n";
echo "<center>
<h3>What would you like to do?</h3>
</center>
<table align=center border=1>
<form action='approveproject.php3?uid=$uid&pid=$pid' method='post'>\n";
echo "<tr>
<td rowspan=2>Project</td>
<td rowspan=2>User</td>
<td rowspan=2>Action</td>
<td>User Name</td>
<td>Title</td>
<td>User Affil</td>
<td>E-mail</td>
</tr>
<tr>
<td>Proj Name</td>
<td>URL</td>
<td>Proj Affil</td>
<td>Phone</td>
</tr>\n";
echo "<form action='approveproject.php3?$uid' method='post'>\n";
while ($projectrow = mysql_fetch_array($query_result)) {
$pid = $projectrow[pid];
$headuid = $projectrow[head_uid];
$Purl = $projectrow[URL];
$Pname = $projectrow[name];
$Paffil = $projectrow[affil];
$userinfo_result = mysql_db_query($TBDBNAME,
"SELECT * from users where uid=\"$headuid\"");
$row = mysql_fetch_array($userinfo_result);
$name = $row[usr_name];
$email = $row[usr_email];
$title = $row[usr_title];
$affil = $row[usr_affil];
$addr = $row[usr_addr];
$addr2 = $row[usr_addr2];
$city = $row[usr_city];
$state = $row[usr_state];
$zip = $row[usr_zip];
$phone = $row[usr_phone];
echo "<tr>
<td colspan=7> </td>
</tr>
<tr>
<td rowspan=2>
<A href='showproject.php3?uid=$uid&pid=$pid'>$pid</A></td>
<td rowspan=2>$headuid</td>
<td rowspan=2>
<select name=\"$pid\$\$approval\">
<option value='postpone'>Postpone</option>
<option value='approve'>Approve</option>
<option value='deny'>Deny</option>
<option value='destroy'>Destroy</option>
</select>
</td>\n";
echo " <td>$name</td>
<td>$title</td>
<td>$affil</td>
<td>$email</td>
</tr>\n";
echo "<tr>
<td>$Pname</td>
<td>$Purl</td>
<td>$Paffil</td>
<td>$phone</td>
</tr>\n";
}
<td align=center>
<select name=approval>
<option value='postpone'>Postpone</option>
<option value='approve'>Approve</option>
<option value='moreinfo'>More Info</option>
<option value='deny'>Deny</option>
<option value='destroy'>Destroy</option>
</select>
</td>
</tr>\n";
echo "<tr>
<td>Use the text box to add a message to the email notification.</td>
</tr>\n";
echo "<tr>
<td align=center colspan=7>
<td align=center class=left>
<textarea name=message rows=5 cols=60></textarea>
</td>
</tr>\n";
echo "<tr>
<td align=center colspan=2>
<b><input type='submit' value='Submit' name='OK'></td>
</tr>
</form>
......@@ -171,4 +232,3 @@ echo "<tr>
?>