Commit f25e624f authored by Leigh Stoller's avatar Leigh Stoller

Rework the user approval stuff completely. Now works for users joing

multiple projects.
parent 109d85a2
<html>
<head>
<title>New User Approval</title>
<link rel='stylesheet' href='tbstyle.css' type='text/css'>
</head>
<body>
<?php
include("defs.php3");
#
# Only known and logged in users can be verified.
#
$auth_usr = "";
if (ereg("php3\?([[:alnum:]]+)", $REQUEST_URI, $Vals)) {
$auth_usr=$Vals[1];
addslashes($auth_usr);
}
else {
unset($auth_usr);
}
LOGGEDINORDIE($auth_usr);
echo "
<h1>Approve new users in your Project</h1>
Use this page to approve new members of your Project. Once approved,
they will be able to log into machines in your Project's experiments.</p>
<p> If you desire, you may set their trust/privilege levels to give them
more or less access to your nodes:
<ul>
<li>User - Can log into machines in your experiments.
<li>Root - Granted root access on your project's machines;
can create new experiments.
</ul></p></h3>\n";
$query="SELECT pid FROM proj_memb WHERE uid='$auth_usr' and trust='group_root'";
$result = mysql_db_query("tbdb", $query);
$select = "SELECT";
while ($row = mysql_fetch_row($result)) {
$pid = $row[0];
if ($select == "SELECT") {
$select .= " DISTINCT uid FROM proj_memb WHERE pid='$pid'";
} else {
$select .= " OR pid='$pid'";
}
}
if ($select=="SELECT") {
echo "<h3>You do not have Project Root permissions in any Project</h3>";
echo "</body></html>\n";
exit;
}
$selected = mysql_db_query("tbdb", $select);
$find = "SELECT";
while ($row = mysql_fetch_row($selected)) {
$uid = $row[0];
if ($find == "SELECT") {
$find .= " DISTINCT uid,usr_name,usr_email,usr_title,usr_affil,usr_addr,usr_addr2,usr_city,usr_state,usr_zip,usr_phone FROM users WHERE (status='newuser' OR status='unapproved') AND (uid='$uid'";
} else {
$find .= " OR uid='$uid'";
}
}
$find .= ")";
$found = mysql_db_query("tbdb", $find);
if ( mysql_num_rows($found) == 0 ) {
echo "<h3>You have no new project members who need approval</h3>\n";
} else {
echo "<table width=\"100%\" border=2 cellpadding=0 cellspacing=2 align='center'>
<tr>
<td rowspan=2>Action</td>
<td rowspan=2>Trust Level</td>
<td rowspan=2>User</td>
<td>Name</td>
<td>Title</td>
<td>Affil.</td>
<td>E-mail</td>
<td>Phone</td>
</tr><tr>
<td>Addr</td>
<td>Addr2</td>
<td>City</td>
<td>State</td>
<td>Zip</td>
</tr>
<form action='approved.php3?$auth_usr' method='post'>\n";
while ($row = mysql_fetch_row($found)) {
$uid = $row[0];
$name= $row[1];
$email=$row[2];
$title=$row[3];
$affil=$row[4];
$addr= $row[5];
$addr2=$row[6];
$city= $row[7];
$state=$row[8];
$zip= $row[9];
$phone=$row[10];
echo "
<tr><td colspan=8>&nbsp;</td></tr>
<tr><td rowspan=2><select name=\"$uid\">
<option value='approve'>Approve</option>
<option value='deny'>Deny</option>
<option value='later'>Postpone</option></select></td>
<td rowspan=2><select name=\"$uid-trust\">
<option value='user'>User</option>
<option value='local_root'>Root</option>";
echo "</select></td>
<td rowspan=2>&nbsp;$uid&nbsp;</td><td>&nbsp;$name&nbsp;</td><td>&nbsp;$title&nbsp;</td><td>&nbsp;$affil&nbsp;</td><td>&nbsp;$email&nbsp;</td><td>&nbsp;$phone&nbsp;</td></tr>
<tr><td>&nbsp;$addr&nbsp;</td><td>&nbsp;$addr2&nbsp;</td><td>&nbsp;city&nbsp;</td><td>&nbsp;$state&nbsp;</td><td>&nbsp;$zip&nbsp;</td>
</tr>\n";
}
echo "
<tr><td align=center colspan=8><b><input type='submit' value='Submit' name='OK'></td></tr>
</form>
</table>\n";
}
echo "
</body>
</html>";
?>
<html>
<head>
<title>New Users Approved</title>
<link rel='stylesheet' href='tbstyle.css' type='text/css'>
</head>
<body>
<?php
include("defs.php3");
#
# Only known and logged in users can be verified.
#
$auth_usr = "";
if (ereg("php3\?([[:alnum:]]+)", $REQUEST_URI, $Vals)) {
$auth_usr=$Vals[1];
addslashes($auth_usr);
}
else {
unset($auth_usr);
}
LOGGEDINORDIE($auth_usr);
echo "
<h1>Approving new users...</h1>
";
$query="SELECT pid FROM proj_memb WHERE uid='$auth_usr' and trust='group_root'";
$result = mysql_db_query("tbdb", $query);
$select = "SELECT";
$project[0]="";
$n=0;
while ($row = mysql_fetch_row($result)) {
$pid = $row[0];
$project[$n]=$pid;
$n = $n + 1;
if ($select == "SELECT") {
$select .= " DISTINCT uid FROM proj_memb WHERE pid='$pid'";
} else {
$select .= " OR pid='$pid'";
}
}
$selected = mysql_db_query("tbdb", $select);
$find = "SELECT";
while ($row = mysql_fetch_row($selected)) {
$uid = $row[0];
if ($find == "SELECT") {
$find .= " DISTINCT uid,status,usr_email FROM users WHERE (status='newuser' OR status='unapproved') AND (uid='$uid'";
} else {
$find .= " OR uid='$uid'";
}
}
$find .= ")";
$found = mysql_db_query("tbdb", $find);
while ($row = mysql_fetch_row($found)) {
$uid = $row[0];
$status=$row[1];
$email=$row[2];
$cmd = "select pid from proj_memb where uid='$uid' and trust='none' and (";
$cmd .= "pid='$project[0]'";
$n=1;
while ( isset($project[$n]) ) { $cmd .= " or pid='$project[$n]'"; $n++; }
$cmd .=")";
$result = mysql_db_query("tbdb",$cmd);
$row=mysql_fetch_row($result);
$pid=$row[0];
if (isset($$uid)) {
if ( $$uid == "approve") {
$trust=${"$uid-trust"};
if ($status=="newuser") {
$newstatus='unverified';
} else { #Status is 'unapproved'
$newstatus='active';
}
$cmd = "update users set status='$newstatus' where uid='$uid'";
$cmd .= "and status='$status'";
$result = mysql_db_query("tbdb",$cmd);
$cmd = "update proj_memb set trust='$trust' where uid='$uid'";
$cmd .= "and trust='none' and pid='$pid'";
$result = mysql_db_query("tbdb",$cmd);
mail("$email","TESTBED: Project Membership Approval",
"\nThis message is to notify you that you have been approved ".
"as a member of \nthe $pid project with $trust permissions.\n".
"\nYour status as a Testbed user is now $newstatus.".
"\n\nThanks,\nTestbed Ops\nUtah Network Testbed\n",
"From: Testbed Ops <testbed-ops@flux.cs.utah.edu>\n".
"Cc: Testbed WWW <testbed-www@flux.cs.utah.edu>\n".
"Errors-To: Testbed WWW <testbed-www@flux.cs.utah.edu>");
echo "<h3><p>User $uid was changed to status $newstatus and ";
echo "granted $trust permissions for project $pid.</p></h3>\n";
} elseif ( $$uid == "deny") {
# Delete all rows from proj_memb that are for that person, no privs
# and one of the projects that the user is a leader of
$cmd = "delete from proj_memb where uid='$uid' and trust='none' and (";
$cmd .= "pid='$project[0]'";
$n=1;
while ( isset($project[$n]) ) { $cmd .= " or pid='$project[$n]'"; $n++; }
$cmd .=")";
$result = mysql_db_query("tbdb",$cmd);
mail("$email","TESTBED: Project Membership Denied",
"\nThis message is to notify you that you have been denied ".
"as a member of \nthe $pid project\n".
"\nYour status as a Testbed user is still $status.".
"\n\nThanks,\nTestbed Ops\nUtah Network Testbed\n",
"From: Testbed Ops <testbed-ops@flux.cs.utah.edu>\n".
"Cc: Testbed WWW <testbed-www@flux.cs.utah.edu>\n".
"Errors-To: Testbed WWW <testbed-www@flux.cs.utah.edu>");
echo "<h3><p>User $uid was denied membership in your project.</p>
</h3>\n";
} else {
echo "<h3><p>User $uid was postponed for later decision.</p></h3>\n";
}
}
}
echo "
</body>
</html>";
?>
<html>
<head>
<title>New Users Approved</title>
<link rel='stylesheet' href='tbstyle.css' type='text/css'>
</head>
<body>
<?php
include("defs.php3");
#
# Only known and logged in users can be verified.
#
$uid = "";
if (ereg("php3\?([[:alnum:]]+)", $REQUEST_URI, $Vals)) {
$uid=$Vals[1];
addslashes($uid);
}
else {
unset($uid);
}
LOGGEDINORDIE($uid);
echo "<center><h1>
Project Membership Results
</h1></center>";
#
# Walk the list of post variables, looking for the special post format.
# See approveuser_form.php3:
#
# uid menu project
# name=stoller$$approval-testbed value=approved,denied,postpone
# name=stoller$$trust-testbed value=user,local_root
#
while (list ($header, $value) = each ($HTTP_POST_VARS)) {
#echo "$header: $value<br>\n";
$approval_string = strstr($header, "\$\$approval-");
if (! $approval_string) {
continue;
}
$user = substr($header, 0, strpos($header, "\$\$", 0));
$project = substr($approval_string, strlen("\$\$approval-"));
$approval = $value;
if (!$user || strcmp($user, "") == 0) {
TBERROR("Parse error finding user in approveuser.php3", 1);
}
if (!$project || strcmp($project, "") == 0) {
TBERROR("Parse error finding project in approveuser.php3", 1);
}
if (!$approval || strcmp($approval, "") == 0) {
TBERROR("Parse error finding approval in approveuser.php3", 1);
}
#
# There should be a corresponding trust variable in the POST vars.
# Note that we construct the variable name and indirect to it.
#
$foo = "$user\$\$trust-$project";
$newtrust = $$foo;
if (!$newtrust || strcmp($newtrust, "") == 0) {
TBERROR("Parse error finding trust in approveuser.php3", 1);
}
#echo "User $user,
# Project $project, Approval $approval, Trust $newtrust<br>\n";
if (strcmp($newtrust, "user") && strcmp($newtrust, "local_root")) {
TBERROR("Invalid trust $newtrust for user $user approveuser.php3.", 1);
}
#
# Get the current status for the user, which we might need to change
# anyway, and to verify that the user is a valid user. We also need
# the email address to let user know what happened.
#
# We change the status only if this person is joining his first project.
# In this case, the status will be either "newuser" or "unapproved",
# and we will change it to "unapproved" or "active", respectively.
# If the status is "active", we leave it alone.
#
$query_result = mysql_db_query($TBDBNAME,
"SELECT status,usr_email from users where uid='$user'");
if (! $query_result) {
TBERROR("Database Error restrieving user status for $user", 1);
}
if (mysql_num_rows($query_result) == 0) {
TBERROR("Unknown user $user", 1);
}
$row = mysql_fetch_row($query_result);
$curstatus = $row[0];
$user_email = $row[1];
#echo "Status = $curstatus, Email = $user_email<br>\n";
#
# We need to check that the current uid has the necessary trust level
# to add this user to the project.
#
$query_result = mysql_db_query($TBDBNAME,
"SELECT trust from proj_memb where uid='$uid' and pid='$project'");
if (! $query_result) {
TBERROR("Database Error retrieving trust for $uid in $project", 1);
}
if (mysql_num_rows($query_result) == 0) {
USERERROR("You are not allowed to add users to project $project.", 1);
}
$row = mysql_fetch_row($query_result);
$uidtrust = $row[0];
if (strcmp($uidtrust, "group_root")) {
USERERROR("You are not allowed to add users to project $project.", 1);
}
#
# Then we check that that user being added really wanted to be in that
# project, and is not already there with a valid trust value.
#
$query_result = mysql_db_query($TBDBNAME,
"SELECT trust from proj_memb where uid='$user' and pid='$project'");
if (! $query_result) {
TBERROR("Database Error retrieving trust for $user in $project", 1);
}
if (mysql_num_rows($query_result) == 0) {
USERERROR("User $user is not a member of project $project.", 1);
}
$row = mysql_fetch_row($query_result);
$usertrust = $row[0];
if (strcmp($usertrust, "none")) {
USERERROR("User $user is already a member of project $project.", 1);
}
#
# Well, looks like everything is okay. Change the project membership
# value appropriately.
#
if (strcmp($approval, "postpone") == 0) {
echo "<p><h3>
Membership status for user $user was postponed for
later decision.
</h3>\n";
continue;
}
if (strcmp($approval, "deny") == 0) {
#
# Must delete the proj_memb record since we require that the user
# reapply once denied. Send the luser email to let him know.
#
$query_result = mysql_db_query($TBDBNAME,
"delete from proj_memb where uid='$user' and pid='$project'");
if (! $query_result) {
TBERROR("Database Error removing $user from project membership ".
"after being denied.", 1);
}
mail("$user_email",
"TESTBED: Project Membership Denied",
"\n".
"This message is to notify you that you have been denied\n".
"membership in project $project\n".
"\n\n".
"Thanks,\n".
"Testbed Ops\n".
"Utah Network Testbed\n",
"From: $TBMAIL_CONTROL\n".
"Cc: $TBMAIL_CONTROL\n".
"Errors-To: $TBMAIL_WWW");
echo "<h3><p>
User $user was denied membership in project $project.
The user will need to reapply again if this was in error.
</h3>\n";
continue;
}
if (strcmp($approval, "approve") == 0) {
#
# Change the trust value in proj_memb accordingly.
#
$query_result = mysql_db_query($TBDBNAME,
"UPDATE proj_memb set trust='$newtrust' ".
"WHERE uid='$user' and pid='$project'");
if (! $query_result) {
TBERROR("Database Error adding $user to project $project.", 1);
}
#
# Change the status if necessary. This only happens for new
# users being added to their first project. After this, the status is
# going to be "active", and we just leave it that way.
#
if (strcmp($curstatus, "active")) {
if (strcmp($curstatus, "newuser") == 0) {
$newstatus = "unverified";
}
elseif (strcmp($curstatus, "unapproved") == 0) {
$newstatus = "active";
}
else {
TBERROR("Invalid $user status $curstatus in approveuser.php3",
1);
}
$query_result = mysql_db_query($TBDBNAME,
"UPDATE users set status='$newstatus' WHERE uid='$user'");
if (! $query_result) {
TBERROR("Database Error changing $user status to $newstatus.",
1);
}
}
mail("$user_email",
"TESTBED: Project Membership Approval",
"\n".
"This message is to notify you that you have been approved\n".
"as a member of project $project with $newtrust permissions.\n".
"\n\n".
"Thanks,\n".
"Testbed Ops\n".
"Utah Network Testbed\n",
"From: $TBMAIL_CONTROL\n".
"Cc: $TBMAIL_CONTROL\n".
"Errors-To: $TBMAIL_WWW");
echo "<h3><p>
User $user was granted membership in project $project
with $newtrust permissions.
</h3>\n";
continue;
}
TBERROR("Invalid approval value $approval in approveuser.php3.", 1);
}
?>
</body>
</html>
<html>
<head>
<title>New User Approval</title>
<link rel='stylesheet' href='tbstyle.css' type='text/css'>
</head>
<body>
<?php
include("defs.php3");
#
# Only known and logged in users can be verified.
#
$auth_usr = "";
if (ereg("php3\?([[:alnum:]]+)", $REQUEST_URI, $Vals)) {
$auth_usr=$Vals[1];
addslashes($auth_usr);
}
else {
unset($auth_usr);
}
LOGGEDINORDIE($auth_usr);
echo "
<h1>Approve new users in your Project</h1>
Use this page to approve new members of your Project. Once
approved, they will be able to log into machines in your Project's
experiments.
<p> If you desire, you may set their trust/privilege
levels to give them more or less access to your nodes:
<ul>
<li>Deny - Deny access to your project.
<li>User - Can log into machines in your experiments.
<li>Root - Granted root access on your project's machines;
can create new experiments.
</ul>\n";
#
# Find all of the groups that this person has group_root in, and then in
# all of those groups, all of the people who are awaiting to be approved
# (status = none).
#
# First off, just determine if this person has group_root anywhere.
#
$query_result = mysql_db_query($TBDBNAME,
"SELECT pid FROM proj_memb WHERE uid='$auth_usr' ".
"and trust='group_root'");
if (! $query_result) {
$err = mysql_error();
TBERROR("Database Error getting project info for $auth_usr: $err\n", 1);
}
if (mysql_num_rows($query_result) == 0) {
USERERROR("You do not have Project Root permissions in any Project.", 1);
}
#
# Okay, so this operation sucks out the right people by joining the
# proj_memb table with itself. Kinda obtuse if you are not a natural
# DB guy. Sorry. Well, obtuse to me.
#
$query_result = mysql_db_query($TBDBNAME,
"SELECT proj_memb.* ".
"FROM proj_memb LEFT JOIN proj_memb as authed ".
"ON proj_memb.pid=authed.pid and proj_memb.uid!='$auth_usr' ".
"and proj_memb.trust='none' ".
"WHERE authed.uid='$auth_usr' and authed.trust='group_root'");
if (! $query_result) {
$err = mysql_error();
TBERROR("Database Error getting approvable users for $auth_usr: $err\n",
1);
}
if (mysql_num_rows($query_result) == 0) {
USERERROR("You have no new project members who need approval.", 1);
}
#
# Now build a table with a bunch of selections. The thing to note about the
# form inside this table is that the selection fields are constructed with
# name= on the fly, from the uid of the user to be approved. In other words:
#
# uid menu project
# name=stoller$$approval-testbed value=approved,denied,postpone
# name=stoller$$trust-testbed value=user,local_root
#
# so that we can go through the entire list of post variables, looking
# for these. The alternative is to work backwards, and I don't like that.
#
echo "<table width=\"100%\" border=2 cellpadding=0 cellspacing=2
align='center'>\n";
echo "<tr>
<td rowspan=2>User</td>
<td rowspan=2>Project</td>
<td rowspan=2>Action</td>
<td rowspan=2>Trust</td>
<td>Name</td>
<td>Title</td>
<td>Affil</td>
<td>E-mail</td>
<td>Phone</td>
</tr>
<tr>
<td>Addr</td>
<td>Addr2</td>
<td>City</td>
<td>State</td>
<td>Zip</td>
</tr>\n";
echo "<form action='approveuser.php3?$auth_usr' method='post'>\n";
while ($usersrow = mysql_fetch_array($query_result)) {
$newuid = $usersrow[uid];
$pid = $usersrow[pid];
$userinfo_result = mysql_db_query($TBDBNAME,
"SELECT * from users where uid=\"$newuid\"");
$row = mysql_fetch_array($userinfo_result);
$name = $row[usr_name];
$email = $row[usr_email];
$title = $row[usr_title];
$affil = $row[usr_affil];
$addr = $row[usr_addr];
$addr2 = $row[usr_addr2];
$city = $row[usr_city];
$state = $row[usr_state];
$zip = $row[usr_zip];
$phone = $row[usr_phone];
echo "<tr>
<td colspan=9> </td>
</tr>
<tr>
<td rowspan=2>$newuid</td>
<td rowspan=2>$pid</td>
<td rowspan=2>
<select name=\"$newuid\$\$approval-$pid\">
<option value='approve'>Approve</option>
<option value='deny'>Deny</option>
<option value='postpone'>Postpone</option>
</select>
</td>
<td rowspan=2>
<select name=\"$newuid\$\$trust-$pid\">
<option value='user'>User</option>
<option value='local_root'>Root</option>
</select>
</td>\n";
echo " <td>&nbsp;$name&nbsp;</td>
<td>&nbsp;$title&nbsp;</td>
<td>&nbsp;$affil&nbsp;</td>
<td>&nbsp;$email&nbsp;</td>
<td>&nbsp;$phone&nbsp;</td>
</tr>\n";
echo "<tr>
<td>&nbsp;$addr&nbsp;</td>
<td>&nbsp;$addr2&nbsp;</td>
<td>&nbsp;$city&nbsp;</td>
<td>&nbsp;$state&nbsp;</td>
<td>&nbsp;$zip&nbsp;</td>
</tr>\n";
}
echo "<tr>
<td align=center colspan=9>
<b><input type='submit' value='Submit' name='OK'></td>
</tr>
</form>
</table>
</body>
</html>\n";
?>
......@@ -90,9 +90,10 @@ if (isset($uid)) {
if ($status == "active") {
if ($trust == "group_root") {
# Only group leaders can do these options
echo "<A href='approval.php3?$uid'>New User Approval</A>\n";
echo "<A href='approveuser_form.php3?$uid'>
New User Approval</A>\n";
}
# Since a user can be a member of more than one project (grp),
# Since a user can be a member of more than one project,
# display this option, and let the form decide if the user is
# allowed to do this.
echo "<p><A href='beginexp_form.php3?$uid'>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment