Commit 90a6b7fb authored by Leigh Stoller's avatar Leigh Stoller

Cleanups. Add "defs.php3" file to include. Redo all of grpadded.php3

and copy added.php3 to usradded.php3, and redo that entire file.
parent 578d92e6
<?php
echo "
<html>
<head>
<title>Adding to the database</title>
<link rel='stylesheet' href='tbstyle.css' type='text/css'>
</head>
<body>";
echo "<html>
<head>
<title>Joining a project</title>
<link rel='stylesheet' href='tbstyle.css' type='text/css'>
</head>
<body>";
#
# First off, sanity check the form to make sure all the required fields
# were provided. I do this on a per field basis so that we can be
......
......@@ -17,7 +17,7 @@ echo "<table align=\"center\" border=\"1\">\n";
echo "<tr><td align='center' colspan=\"4\">\n";
echo "Only fields marked with * are required</td></tr>\n";
if (isset($uid)) {
echo "<form action=\"added.php3?$uid\" method=\"post\">\n";
echo "<form action=\"usradded.php3?$uid\" method=\"post\">\n";
echo "<input type=\"hidden\" name=\"logged_in\" value=\"true\">";
echo "<tr><td>*Username:</td><td class=\"left\">";
echo "<input type=\"readonly\" name=\"uid\" value=\"$uid\"></td>";
......@@ -38,12 +38,12 @@ if (isset($uid)) {
echo "<input type=\"readonly\" name=\"usr_phone\" ";
echo "value=\"$row[4]\"></td></tr>";
echo "<tr><td>*Password:</td><td>";
echo "<input type=\"password\" name=\"pswd\"></td></tr>";
echo "<input type=\"password\" name=\"password1\"></td></tr>";
echo "<tr><td>*Retype<br>Password:</td><td>";
echo "<input type=\"hidden\" name=\"pswd2\" ";
echo "<input type=\"hidden\" name=\"password2\" ";
echo "value=\"$row[5]\">&nbsp;</td></tr>";
} else {
echo "<form action=\"added.php3\" method=\"post\">\n";
echo "<form action=\"usradded.php3\" method=\"post\">\n";
echo "<tr><td>*Username:</td><td><input type=\"text\" name=\"uid\"></td>";
echo "<td>Expiration date:</td>";
echo "<td><input type=\"text\" name=\"usr_expires\"";
......@@ -57,9 +57,9 @@ if (isset($uid)) {
echo "<td>Phone #:</td><td>";
echo "<input type=\"text\" name=\"usr_phone\"></td></tr>";
echo "<tr><td>*Password:</td><td>";
echo "<input type=\"password\" name=\"pswd\"></td></tr>";
echo "<input type=\"password\" name=\"password1\"></td></tr>";
echo "<tr><td>*Retype<br>Password:</td><td>";
echo "<input type=\"password\" name=\"pswd2\"></td></tr>";
echo "<input type=\"password\" name=\"password2\"></td></tr>";
}
echo "<tr><td>*Project:</td><td>";
echo "<input type=\"text\" name=\"grp\"></td>";
......
<?php
#
# Standard definitions!
#
$TBWWW = "<https://plastic.cs.utah.edu/tbdb.html>";
$TBMAIL_CONTROL = "Testbed Control <testbed-control@flux.cs.utah.edu>";
$TBMAIL_WWW = "Testbed WWW <testbed-www@flux.cs.utah.edu>";
$TBMAIL_APPROVE = "Testbed Approval <testbed-approval@flux.cs.utah.edu>";
$TBDBNAME = "tbdb";
$TBLIST_DIR = "/usr/testbed/www/maillist";
$TBLIST_LEADERS = "$TBLIST_DIR"."/leaders.txt";
$TBLIST_USERS = "$TBLIST_DIR"."/users.txt";
#
# Generate the KEY from a name
#
function GENKEY ($name) {
return crypt("TB_"."$name"."_USR", strlen($name) + 13);
}
#
# Internal errors should be reported back to the user simply. The actual
# error information should be emailed to the list for action. The script
# should then terminate if required to do so.
#
function TBERROR ($message, $death) {
mail($TBMAIL_WWW,
"TESTBED ERROR REPORT",
"\n".
"$message\n\n".
"Thanks,\n".
"Testbed WWW\n",
"From: $TBMAIL_WWW\n".
"Errors-To: $TBMAIL_WWW");
if ($death) {
die("<br><br><h3>".
"$message <p>".
"Could not continue. Please contact $TBMAIL_WWW".
"</h3><p>");
}
return 0;
}
?>
......@@ -5,6 +5,8 @@
</head>
<body>
<?php
include("defs.php3");
#
# First off, sanity check the form to make sure all the required fields
# were provided. I do this on a per field basis so that we can be
......@@ -68,142 +70,219 @@ if ($formerror != "No Error") {
die("");
}
$returning=0;
$my_passwd = $password1;
$mypipe = popen(escapeshellcmd(
"/usr/testbed/bin/checkpass $my_passwd $grp_head_uid '$usr_name:$email'"),
#
# This is a new project request. Make sure it does not already exist.
#
$project_query = "SELECT gid FROM groups WHERE gid=\"$gid\"";
$project_result = mysql_db_query($TBDBNAME, $project_query);
if ($row = mysql_fetch_row($project_result)) {
die("<h3><br><br>".
"The project name \"$gid\" you have chosen is already in use. ".
"Please select another.\n".
"</h3>");
}
#
# See if this is a new user or one returning. We have to query the database
# for the uid, and then do the password thing. For a user returning, the
# password must be valid. For a new user, the password must pass our tests.
#
$pswd_query = "SELECT usr_pswd FROM users WHERE uid=\"$grp_head_uid\"";
$pswd_result = mysql_db_query($TBDBNAME, $pswd_query);
if (!$pswd_result) {
TBERROR("Database Error retrieving password for $grp_head_uid: $err\n",
1);
}
if ($row = mysql_fetch_row($pswd_result)) {
$db_encoding = $row[0];
$salt = substr($db_encoding,0,2);
if ($salt[0] == $salt[1]) { $salt = $salt[0]; }
$encoding = crypt("$password1", $salt);
if (strcmp($encoding, $db_encoding)) {
die("<h3><br><br>".
"The password provided was incorrect. ".
"Please go back and retype the password.\n".
"</h3>");
}
$returning = 1;
}
else {
if (strcmp($password1, $password2)) {
die("<h3><br><br>".
"You typed different passwords in each of the two password ".
"entry fields. <br> Please go back and correct them.\n".
"</h3>");
}
$mypipe = popen(escapeshellcmd(
"/usr/testbed/bin/checkpass $password1 $grp_head_uid '$usr_name:$email'"),
"w+");
if ($mypipe) {
$retval=fgets($mypipe,1024);
if (strcmp($retval,"ok\n")!=0) {
die("<h3>The password you have chosen will not work:<p>$retval</h3>");
}
} else {
mail("testbed-www@flux.cs.utah.edu","TESTBED: checkpass failure",
"\n$usr_name ($grp_head_uid) just tried to set up a testbed account,\n".
"but checkpass pipe did not open (returned '$mypipe').\n".
"\nThanks\n");
}
$enc = crypt("$my_passwd");
array_walk($HTTP_POST_VARS, 'addslashes');
if (isset($gid) && isset($password1) && isset($email) &&
(($password1 == $password2) || ($enc == $password2))) {
# echo "GOT PWD crypt = $enc";
$query = "SELECT usr_pswd FROM users WHERE uid=\"$grp_head_uid\"";
$result = mysql_db_query("tbdb", $query);
$query2 = "SELECT gid FROM groups WHERE gid=\"$gid\"";
$result2 = mysql_db_query("tbdb", $query2);
if ($row = mysql_fetch_row($result2)) {
die("<h3>The project name you have chosen is already in use. ".
"Please select another. If you are a returning user, you must ".
"log in and use your current password.</h3>");
} elseif ($row = mysql_fetch_row($result)) {
#returning user, making new group
$usr_pswd = $row[0];
if ($usr_pswd != $enc) {
die("<H3>The username that you have chosen is already in use. ".
"Please select another. If you are a returning user, you must ".
"log in and use your current password.</h3>\n");
if ($mypipe) {
$retval=fgets($mypipe, 1024);
if (strcmp($retval,"ok\n") != 0) {
die("<h3><br><br>".
"The password you have chosen will not work: ".
"<br><br>$retval<br>".
"</h3>");
}
}
else {
mail($TBMAIL_WWW, "TESTBED: checkpass failure",
"\n$usr_name ($grp_head_uid) just tried to set up a testbed ".
"account,\n".
"but checkpass pipe did not open (returned '$mypipe').\n".
"\nThanks\n");
}
$returning=1;
} else { #The uid and gid are not already in use, and user is new
$query3 = "SELECT unix_uid FROM users ORDER BY unix_uid DESC";
$result3 = mysql_db_query("tbdb", $query2);
$row = mysql_fetch_row($result3);
$returning = 0;
}
array_walk($HTTP_POST_VARS, 'addslashes');
#
# For a new user:
# * Create a new account in the database.
# * Generate a mail message to the user with the verification key.
#
if (! $returning) {
$unixuid_query = "SELECT unix_uid FROM users ORDER BY unix_uid DESC";
$unixuid_result = mysql_db_query($TBDBNAME, $unixuid_query);
$row = mysql_fetch_row($unixuid_result);
$unix_uid = $row[0];
++$unix_uid;
$cmnd1 = "INSERT INTO users ".
"(uid,usr_created,usr_expires,usr_name,usr_email,usr_addr,".
"usr_phone,usr_pswd,unix_uid,status) ".
"VALUES ('$grp_head_uid',now(),'$grp_expires','$usr_name',".
"'$email','$usr_addr','$usr_phones','$enc','$unix_uid','newuser')";
$cmndres1 = mysql_db_query("tbdb", $cmnd1);
if (!$cmndres1) {
$err = mysql_error();
echo "<H3>Failed to add user $grp_head_uid to the database: $err</h3>\n";
exit;
$unix_uid++;
$encoding = crypt("$password1");
$newuser_command = "INSERT INTO users ".
"(uid,usr_created,usr_expires,usr_name,usr_email,usr_addr,".
"usr_phone,usr_pswd,unix_uid,status) ".
"VALUES ('$grp_head_uid', now(), '$grp_expires', '$usr_name', ".
"'$email', '$usr_addr', '$usr_phones', '$encoding', ".
"'$unix_uid', 'newuser')";
$newuser_result = mysql_db_query($TBDBNAME, $newuser_command);
if (! $newuser_result) {
$err = mysql_error();
TBERROR("Database Error adding adding new user $grp_head_uid: $err\n",
1);
}
}
$ques = "SELECT unix_gid FROM groups ORDER BY unix_gid DESC";
$resp = mysql_db_query("tbdb", $ques);
$row = mysql_fetch_row($resp);
$unix_gid = $row[0];
++$unix_gid;
$cmnd2 = "INSERT INTO groups (gid,grp_created,grp_expires,grp_name,".
$key = GENKEY($grp_head_uid);
mail("$email", "TESTBED: Your New User Key",
"\n".
"Dear $usr_name:\n\n".
"\tThank you for applying to use the Utah Network Testbed.\n".
"As promised, here is your key to verify your account:\n\n".
"\t\t$key\n\n".
"Please return to $TBWWW and log in using\n".
"the user name and password you gave us when you applied. You will\n".
"then find an option on the menu called 'New User Verification'.\n".
"Select it, and on that page enter your password and your key.\n".
"You will then be verified as a user. When you have been both\n".
"verified and approved by the Testbed Approval Committee, you will\n".
"be marked as an active user, and will be granted full access to\n".
"your user account.\n\n".
"Thanks,\n".
"Testbed Control\n".
"Utah Network Testbed\n",
"From: $TBMAIL_CONTROL\n".
"Cc: $TBMAIL_WWW\n".
"Errors-To: $TBMAIL_WWW");
}
#
# Now for the new Project
# * Bump the unix GID.
# * Create a new group in the database.
# * Create a new group_membership entry in the database, default trust=none.
# * Generate a mail message to testbed control
#
$unixgid_query = "SELECT unix_gid FROM groups ORDER BY unix_gid DESC";
$unixgid_result = mysql_db_query($TBDBNAME, $unixgid_query);
$row = mysql_fetch_row($unixgid_result);
$unix_gid = $row[0];
$unix_gid++;
$newgroup_command = "INSERT INTO groups ".
"(gid,grp_created,grp_expires,grp_name,".
"grp_URL,grp_affil,grp_addr,grp_head_uid,cntrl_node,unix_gid)".
"VALUES ('$gid',now(), '$grp_expires','$grp_name','$grp_URL',".
"'$grp_affil','$grp_addr','$grp_head_uid', '','$unix_gid')";
$cresult = mysql_db_query("tbdb", $cmnd2);
if (!cresult) {
$newgroup_result = mysql_db_query($TBDBNAME, $newgroup_command);
if (! $newgroup_result) {
$err = mysql_error();
echo "<H3>Failed to add project $gid to the database: $err</h3>\n";
exit;
}
mysql_db_query("tbdb","insert into grp_memb (uid,gid,trust)".
"values ('$grp_head_uid','$gid','none');");
$fp = fopen("/usr/testbed/www/maillist/leaders.txt", "a");
$fp2 = fopen("/usr/testbed/www/maillist/users.txt", "a");
fwrite($fp, "$email\n"); #Writes the email address to mailing lists
fwrite($fp2, "$email\n");
# mail("lepreau@cs.utah.edu,calfeld@cs.utah.edu",
mail("newbold@cs.utah.edu,stoller@cs.utah.edu,lepreau@cs.utah.edu",
"TESTBED: New Group", "'$usr_name' wants to start group ".
"'$gid'.\nContact Info:\nName:\t\t$usr_name ($grp_head_uid)\n".
"Email:\t\t$email\nGroup:\t\t$grp_name\nURL:\t\t$grp_URL\n".
"Affiliation:\t$grp_affil\nAddress:\t$grp_addr\n".
"Phone:\t\t$usr_phones\n\n".
"Reasons:\n$why\n\nPlease review the application and when you have\n".
"made a decision, go to <https://plastic.cs.utah.edu/tbdb.html> and\n".
"select the 'Group Approval' page.\n\nThey are expecting a result ".
"within 72 hours.\n",
"From: $usr_name <$email>\nCc: testbed-www@flux.cs.utah.edu\n".
"Errors-To: testbed-www@flux.cs.utah.edu");
if (! $returning) {
mail("$email","TESTBED: Your New User Key",
"\nDear $usr_name:\n\n\tThank you for applying to use the Utah ".
"Network Testbed. As promised,\nhere is your key to verify your ".
"account. Your key is:\n\n".
crypt("TB_".$grp_head_uid."_USR",strlen($grp_head_uid)+13)."\n\n\t Please ".
"return to <https://plastic.cs.utah.edu/tbdb.html> and log in,\nusing ".
"the user name and password you gave us when you applied. You will\n".
"then find an option on the menu called 'New User Verification'. ".
"Select it,\nand on that page enter in your user name, password, and ".
"your key,\nand you will be verified as a user. When you have been ".
"both verified and\napproved by the Approval Committee, you will be ".
"marked as an active user,\nand will be granted full access to your ".
"user account.\n\nThanks,\nTestbed Control\nUtah Network Testbed\n",
"From: Testbed Control <testbed-control@flux.cs.utah.edu>\n".
"Cc: Testbed WWW <testbed-www@flux.cs.utah.edu>\n".
"Errors-To: Testbed WWW <testbed-www@flux.cs.utah.edu>");
}
echo "
<H1>Project '$gid' successfully added.</h1>
<h2>The review committee has been notified of your application.
Most applications are reviewed within one week. We will notify
you by e-mail at '$usr_name&nbsp;&lt;$email>' of their decision
regarding your proposed project '$gid'.\n";
if (! $returning) {
echo "
<p>In the meantime, for
security purposes, you will receive by e-mail a key. When you
receive it, come back to the site, and log in. When you do, you
will see a new menu option called 'New User Verification'. On
that page, enter in your username, password, and the key,
exactly as you received it in your e-mail. You will then be
marked as a verified user.
<p>Once you have been both verified
and approved, you will be classified as an active user, and will
be granted full access to your user account.</h2>
";
}
} else { #if not enough information was given
echo "<H3>Please return to <A href=\"addgrp.php3\">the form</A>
and enter your user ID and/or email address and/or password.</h3>\n";
}
?>
</body>
</html>
TBERROR("Database Error adding adding new group $gid: $err\n", 1);
}
$newmemb_result = mysql_db_query($TBDBNAME,
"insert into grp_memb (uid,gid,trust)".
"values ('$grp_head_uid','$gid','none');");
if (! $newmemb_result) {
$err = mysql_error();
TBERROR("Database Error adding adding new group membership: $gid: $err\n",
1);
}
mail($TBMAIL_APPROVAL,
"TESTBED: New Group", "'$usr_name' wants to start group ".
"'$gid'.\nContact Info:\nName:\t\t$usr_name ($grp_head_uid)\n".
"Email:\t\t$email\nGroup:\t\t$grp_name\nURL:\t\t$grp_URL\n".
"Affiliation:\t$grp_affil\nAddress:\t$grp_addr\n".
"Phone:\t\t$usr_phones\n\n".
"Reasons:\n$why\n\nPlease review the application and when you have\n".
"made a decision, go to <https://plastic.cs.utah.edu/tbdb.html> and\n".
"select the 'Group Approval' page.\n\nThey are expecting a result ".
"within 72 hours.\n",
"From: $usr_name <$email>\n".
"Cc: $TBMAIL_WWW\n".
"Errors-To: $TBMAIL_WWW");
#
# For new leaders, write their email addresses to files to be used for
# generating messages.
#
# Note, we should do this after the user comes back and does the
# verification step! This ensures we have a valid email address
# and the user really wants to use the testbed.
#
if (! $returning) {
$fp = fopen($TBLIST_LEADERS, "a");
if (! $fp) {
TBERROR("Could not open $TBLIST_LEADERS to add new project leader", 0);
}
else {
fwrite($fp, "$email\n");
fclose($fp);
}
$fp = fopen($TBLIST_USERS, "a");
if (! $fp) {
TBERROR("Could not open $TBLIST_USERS to add new project leader", 0);
}
else {
fwrite($fp, "$email\n");
fclose($fp);
}
}
#
# Now give the user some warm fuzzies
#
echo "<h1>Project '$gid' successfully added.</h1>
<h2>The Testbed Approval Committee has been notified of your application.
Most applications are reviewed within one week. We will notify
you by e-mail at '$usr_name&nbsp;&lt;$email>' of their decision
regarding your proposed project '$gid'.\n";
if (! $returning) {
echo "<p>In the meantime, for
security purposes, you will receive by e-mail a key. When you
receive it, come back to the site, and log in. When you do, you
will see a new menu option called 'New User Verification'. On
that page, enter in your password and the key,
exactly as you received it in your e-mail. You will then be
marked as a verified user.
<p>Once you have been both verified
and approved, you will be classified as an active user, and will
be granted full access to your user account.
</h2>";
}
?>
</body>
</html>
<?php
include("defs.php3");
echo "<html>
<head>
<title>Joining a project</title>
<link rel='stylesheet' href='tbstyle.css' type='text/css'>
</head>
<body>";
#
# First off, sanity check the form to make sure all the required fields
# were provided. I do this on a per field basis so that we can be
# informative. Be sure to correlate these checks with any changes made to
# the project form. Note that this sequence of statements results in
# only the last bad field being displayed, but thats okay. The user will
# eventually figure out that fields marked with * mean something!
#
$formerror="No Error";
if (!isset($uid) ||
strcmp($uid, "") == 0) {
$formerror = "UserName";
}
if (!isset($usr_email) ||
strcmp($usr_email, "") == 0) {
$formerror = "Email Address";
}
if (!isset($usr_name) ||
strcmp($usr_name, "") == 0) {
$formerror = "Full Name";
}
if (!isset($grp) ||
strcmp($grp, "") == 0) {
$formerror = "Project";
}
#
# Not sure about the passwd. If the user is already known, then is he
# supposed to plug his passwd in?
#
if ((!isset($password1) || strcmp($password1, "") == 0) ||
(!isset($password2) || strcmp($password2, "") == 0)) {
$formerror = "Password";
}
if ($formerror != "No Error") {
echo "<h3><br><br>
Missing field; Please go back and fill out the \"$formerror\" field!\n
</h3>
</body>
</html>";
die("");
}
#
# See if this is a new user or one returning. We have to query the database
# for the uid, and then do the password thing. For a user returning, the
# password must be valid. For a new user, the password must pass our tests.
#
$pswd_query = "SELECT usr_pswd FROM users WHERE uid=\"$uid\"";
$pswd_result = mysql_db_query($TBDBNAME, $pswd_query);
if (!$pswd_result) {
TBERROR("Database Error retrieving password for $uid: $err\n", 1);
}
if ($row = mysql_fetch_row($pswd_result)) {
$db_encoding = $row[0];
$salt = substr($db_encoding,0,2);
if ($salt[0] == $salt[1]) { $salt = $salt[0]; }
$encoding = crypt("$password1", $salt);
if (strcmp($encoding, $db_encoding)) {
die("<h3><br><br>".
"The password provided was incorrect. ".
"Please go back and retype the password.\n".
"</h3>");
}
$returning = 1;
}
else {
if (strcmp($password1, $password2)) {
die("<h3><br><br>".
"You typed different passwords in each of the two password ".
"entry fields. <br> Please go back and correct them.\n".
"</h3>");
}
$mypipe = popen(escapeshellcmd(
"/usr/testbed/bin/checkpass $password1 $uid '$usr_name:$usr_email'"),
"w+");
if ($mypipe) {
$retval=fgets($mypipe, 1024);
if (strcmp($retval,"ok\n") != 0) {
die("<h3><br><br>".
"The password you have chosen will not work: ".
"<br><br>$retval<br>".
"</h3>");
}
}
else {
mail($TBMAIL_WWW, "TESTBED: checkpass failure",
"\n$usr_name ($uid) just tried to set up a testbed ".
"account,\n".
"but checkpass pipe did not open (returned '$mypipe').\n".
"\nThanks\n");
}
$returning = 0;
}
#
# For a new user:
# * Create a new account in the database.
# * Add user email to the list of email address.
# * Generate a mail message to the user with the verification key.
#
if (! $returning) {
$unixuid_query = "SELECT unix_uid FROM users ORDER BY unix_uid DESC";
$unixuid_result = mysql_db_query($TBDBNAME, $unixuid_query);
$row = mysql_fetch_row($unixuid_result);
$unix_uid = $row[0];
$unix_uid++;
$encoding = crypt("$password1");
$newuser_command = "INSERT INTO users ".
"(uid,usr_created,usr_expires,usr_name,usr_email,usr_addr,".
"usr_phone,usr_pswd,unix_uid,status) ".
"VALUES ('$uid',now(),'$usr_expires','$usr_name','$usr_email',".
"'$usr_addr','$usr_phone','$encoding','$unix_uid','newuser')";
$newuser_result = mysql_db_query($TBDBNAME, $newuser_command);
if (! $newuser_result) {
$err = mysql_error();
TBERROR("Database Error adding adding new user $uid: $err\n", 1);
}
#
# Note, we should do this after the user comes back and does the
# verification step! This ensures we have a valid email address
# and the user really wants to use the testbed.
#
$fp = fopen($TBLIST_USERS, "a");
if (! $fp) {
TBERROR("Could not open $TBLIST_USERS to add new project leader", 0);
}
else {
fwrite($fp, "$usr_email\n");
fclose($fp);
}
$key = GENKEY($uid);
mail("$usr_email", "TESTBED: Your New User Key",
"\n".
"Dear $usr_name:\n\n".
"\tThank you for applying to use the Utah Network Testbed.\n".
"As promised, here is your key to verify your account:\n\n".
"\t\t$key\n\n".
"Please return to $TBWWW and log in using\n".
"the user name and password you gave us when you applied. You will\n".
"then find an option on the menu called 'New User Verification'.\n".
"Select it, and on that page enter your password and your key.\n".
"You will then be verified as a user. When you have been both\n".
"verified and approved by the head of the project, you will\n".
"be marked as an active user, and will be granted full access to\n".
"your user account.\n\n".
"Thanks,\n".
"Testbed Control\n".
"Utah Network Testbed\n",
"From: $TBMAIL_CONTROL\n".
"Cc: $TBMAIL_WWW\n".
"Errors-To: $TBMAIL_WWW");
#
# Generate some warm fuzzies.
#
echo "<h3>As a new user of the Testbed, for
security purposes, you will receive by e-mail a key. When you
receive it, come back to the site, and log in. When you do, you
will see a new menu option called 'New User Verification'. On
that page, enter in your username, password, and the key,
exactly as you received it in your e-mail. You will then be
marked as a verified user.<br>
<h3>Once you have been both verified
and approved, you will be classified as an active user, and will
be granted full access to your user account.</h3>";
}
#
# Don't try to join twice!
#
$query_result = mysql_db_query($TBDBNAME,
"select * from grp_memb where uid='$uid' and gid='$grp'");
if (mysql_num_rows($query_result) > 0) {
die("<h3><br><br>".
"You have already applied for membership in project: $grp.".
"</h3>");
}
#
# Add to the project, but with trust=none. The project leader will have
# to upgrade the trust level, making the new user real.
#
$query_result = mysql_db_query($TBDBNAME,
"insert into grp_memb (uid,gid,trust) values ('$uid','$grp','none');");
if (! $query_result) {
$err = mysql_error();
TBERROR("Database Error adding adding user $uid to group $grp: $err\n", 1);
}
#
# Generate an email message to the project leader. We have to get the
# email message out of the database, of course.
#
$query_result = mysql_db_query($TBDBNAME,
"SELECT grp_head_uid FROM groups WHERE gid='$grp'");
if (($row = mysql_fetch_row($query_result)) == 0) {
$err = mysql_error();
TBERROR("Database Error getting project leader for group $grp: $err\n", 1);
}
$group_leader_uid = $row[0];
$query_result = mysql_db_query($TBDBNAME,
"SELECT usr_email FROM users WHERE uid='$group_leader_uid'");
if (($row = mysql_fetch_row($query_result)) == 0) {
$err = mysql_error();
TBERROR("Database Error getting email address for group leader ".
"$group_leader_uid: $err\n", 1);
}
$group_leader_email = $row[0];
mail("$group_leader_email",
"TESTBED: New Project Member",
"\n$usr_name ($uid) is trying to join your project ($grp).\n".
"$usr_name has the\n".
"Testbed username $uid and email address $usr_email.\n$usr_name's ".
"phone number is $usr_phone and address $usr_addr.\n\n".
"Please return to $TBWWW\n".
"log in, and select the 'New User Approval' page to enter your\n".
"decision regarding $usr_name's membership in your project\n\n".
"Thanks,\n".
"Testbed Control\n".
"Utah Network Testbed\n",
"From: $TBMAIL_CONTROL\n".
"Cc: $TBMAIL_WWW\n".
"Errors-To: $TBMAIL_WWW");
#
# Generate some warm fuzzies.
#
echo "<br><br><h3>
The leader of project '$grp' has been notified of your application.
He/She will make a decision and either approve or deny your application,
and you will be notified as soon as a decision has been made.<br><br>
Thanks for using the Testbed!
</h3>";
?>
</body>
</html>
......@@ -5,6 +5,8 @@
</head>
<body>
<?php
include("defs.php3");
$auth_usr = "";
if ( ereg("php3\?([[:alnum:]]+)",$REQUEST_URI,$Vals) ) {
$auth_usr=$Vals[1];
......@@ -37,7 +39,7 @@ Please log in again.</h3>\n</body></html>";
<h1>Confirming Verification...</h1>
<?php
if (isset($uid) && isset($pswd) && isset($key)) {
$match = crypt("TB_".$uid."_USR",strlen($uid)+13);
$match = GENKEY($uid);
if ($key==$match) {
$cmd = "select usr_pswd from users where uid='$uid'";
$result = mysql_db_query("tbdb", $cmd);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment