Commit af023c13 authored by Leigh B. Stoller's avatar Leigh B. Stoller

Add new authentication.

parent 8f47deed
......@@ -7,33 +7,17 @@
<?php
include("defs.php3");
#
# Only known and logged in users can begin experiments.
#
$uid = "";
if ( ereg("php3\?([[:alnum:]]+)",$REQUEST_URI,$Vals) ) {
$uid=$Vals[1];
addslashes($uid);
$uid=$Vals[1];
addslashes($uid);
} else {
unset($uid);
}
#
# Only known and logged in users can modify info.
#
if (!isset($uid)) {
USERERROR("You must be logged in begin an experiment!", 1);
}
#
# Verify that the uid is known in the database.
#
$query_result = mysql_db_query($TBDBNAME,
"SELECT usr_pswd FROM users WHERE uid='$uid'");
if (! $query_result) {
$err = mysql_error();
TBERROR("Database Error confirming user $uid: $err\n", 1);
}
if (($row = mysql_fetch_row($query_result)) == 0) {
USERERROR("You do not appear to have an account!", 1);
unset($uid);
}
LOGGEDINORDIE($uid);
#
# See what projects the uid is a member of. Must be at least one!
......@@ -77,14 +61,6 @@ echo "<tr>
<input type=\"readonly\" name=\"uid\" value=\"$uid\"></td>
</tr>\n";
#
# Password until we do authentication.
#
echo "<tr>
<td>*Password:</td>
<td><input type=\"password\" name=\"password\"></td>
</tr>\n";
#
# Select Project
#
......
......@@ -7,26 +7,6 @@
<?php
include("defs.php3");
#
# Only known and logged in users can begin experiments.
#
if (!isset($uid)) {
USERERROR("You must be logged in to change your user information!", 1);
}
#
# Verify that the uid is known in the database.
#
$query_result = mysql_db_query($TBDBNAME,
"SELECT usr_pswd FROM users WHERE uid='$uid'");
if (! $query_result) {
$err = mysql_error();
TBERROR("Database Error confirming user $uid: $err\n", 1);
}
if (($row = mysql_fetch_row($query_result)) == 0) {
USERERROR("You do not appear to have an account!", 1);
}
#
# First off, sanity check the form to make sure all the required fields
# were provided. I do this on a per field basis so that we can be
......@@ -40,10 +20,6 @@ if (!isset($uid) ||
strcmp($uid, "") == 0) {
$formerror = "Username";
}
if (!isset($password) ||
strcmp($password, "") == 0) {
$formerror = "Password";
}
if (!isset($exp_pid) ||
strcmp($exp_pid, "") == 0) {
$formerror = "Select Project";
......@@ -71,23 +47,9 @@ if ($formerror != "No Error") {
}
#
# Verify the password.
# Only known and logged in users can begin experiments.
#
$pswd_result = mysql_db_query($TBDBNAME,
"SELECT usr_pswd FROM users WHERE uid=\"$uid\"");
if (!$pswd_result) {
TBERROR("Database Error retrieving password for $uid: $err\n", 1);
}
if ($row = mysql_fetch_row($pswd_result)) {
$db_encoding = $row[0];
$salt = substr($db_encoding,0,2);
if ($salt[0] == $salt[1]) { $salt = $salt[0]; }
$encoding = crypt("$password", $salt);
if (strcmp($encoding, $db_encoding)) {
USERERROR("The password provided was incorrect. ".
"Please go back and retype the password.", 1);
}
}
LOGGEDINORDIE($uid);
#
# Current policy is to prefix the EID with the PID. Make sure it is not
......
......@@ -7,20 +7,17 @@
<?php
include("defs.php3");
#
# Only known and logged in users can end experiments.
#
$uid = "";
if ( ereg("php3\?([[:alnum:]]+)",$REQUEST_URI,$Vals) ) {
$uid=$Vals[1];
addslashes($uid);
$uid=$Vals[1];
addslashes($uid);
} else {
unset($uid);
}
#
# Only known and logged in users can do this.
#
if (!isset($uid)) {
USERERROR("You must be logged in to sho experiment information!", 1);
unset($uid);
}
LOGGEDINORDIE($uid);
#
# Must provide the EID!
......@@ -30,19 +27,6 @@ if (!isset($exp_eid) ||
USERERROR("The experiment ID was not provided!", 1);
}
#
# Verify that the uid is known in the database.
#
$query_result = mysql_db_query($TBDBNAME,
"SELECT usr_pswd FROM users WHERE uid='$uid'");
if (! $query_result) {
$err = mysql_error();
TBERROR("Database Error confirming user $uid: $err\n", 1);
}
if (($row = mysql_fetch_row($query_result)) == 0) {
USERERROR("You do not appear to have an account!", 1);
}
#
# Verify that this uid is a member of the project for the experiment.
#
......
......@@ -7,34 +7,17 @@
<?php
include("defs.php3");
#
# Only known and logged in users can end experiments.
#
$uid = "";
if ( ereg("php3\?([[:alnum:]]+)",$REQUEST_URI,$Vals) ) {
$uid=$Vals[1];
addslashes($uid);
$uid=$Vals[1];
addslashes($uid);
} else {
unset($uid);
}
#
# Only known and logged in users can do this.
#
if (!isset($uid)) {
USERERROR("You must be logged in end experiments!", 1);
unset($uid);
}
#
# Verify that the uid is known in the database.
#
$query_result = mysql_db_query($TBDBNAME,
"SELECT usr_pswd FROM users WHERE uid='$uid'");
if (! $query_result) {
$err = mysql_error();
TBERROR("Database Error confirming user $uid: $err\n", 1);
}
if (($row = mysql_fetch_row($query_result)) == 0) {
USERERROR("You do not appear to have an account!", 1);
}
LOGGEDINORDIE($uid);
#
# Show a menu of all experiments for all projects that this uid
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment