diff --git a/www/approval.php3 b/www/approval.php3 deleted file mode 100755 index a4cd046e86aac6c93d3b712a9017ae0be851b704..0000000000000000000000000000000000000000 --- a/www/approval.php3 +++ /dev/null @@ -1,118 +0,0 @@ - - -New User Approval - - - -Approve new users in your Project -Use this page to approve new members of your Project. Once approved, -they will be able to log into machines in your Project's experiments.

-

If you desire, you may set their trust/privilege levels to give them -more or less access to your nodes: -

\n"; - -$query="SELECT pid FROM proj_memb WHERE uid='$auth_usr' and trust='group_root'"; -$result = mysql_db_query("tbdb", $query); -$select = "SELECT"; -while ($row = mysql_fetch_row($result)) { - $pid = $row[0]; - if ($select == "SELECT") { - $select .= " DISTINCT uid FROM proj_memb WHERE pid='$pid'"; - } else { - $select .= " OR pid='$pid'"; - } -} -if ($select=="SELECT") { - echo "

You do not have Project Root permissions in any Project

"; - echo "\n"; - exit; -} -$selected = mysql_db_query("tbdb", $select); -$find = "SELECT"; -while ($row = mysql_fetch_row($selected)) { - $uid = $row[0]; - if ($find == "SELECT") { - $find .= " DISTINCT uid,usr_name,usr_email,usr_title,usr_affil,usr_addr,usr_addr2,usr_city,usr_state,usr_zip,usr_phone FROM users WHERE (status='newuser' OR status='unapproved') AND (uid='$uid'"; - } else { - $find .= " OR uid='$uid'"; - } -} -$find .= ")"; -$found = mysql_db_query("tbdb", $find); -if ( mysql_num_rows($found) == 0 ) { - echo "

You have no new project members who need approval

\n"; -} else { - echo " - - - - - - - - - - - - - - - - -\n"; - while ($row = mysql_fetch_row($found)) { - $uid = $row[0]; - $name= $row[1]; - $email=$row[2]; - $title=$row[3]; - $affil=$row[4]; - $addr= $row[5]; - $addr2=$row[6]; - $city= $row[7]; - $state=$row[8]; - $zip= $row[9]; - $phone=$row[10]; - echo " - - - - - -\n"; - } - echo " - - -
ActionTrust LevelUserNameTitleAffil.E-mailPhone
AddrAddr2CityStateZip
 
 $uid  $name  $title  $affil  $email  $phone 
 $addr  $addr2  city  $state  $zip 
\n"; -} -echo " - -"; -?> diff --git a/www/approved.php3 b/www/approved.php3 deleted file mode 100755 index a537e9fd589a579c305e0eea3f19f93b8607b8ad..0000000000000000000000000000000000000000 --- a/www/approved.php3 +++ /dev/null @@ -1,117 +0,0 @@ - - -New Users Approved - - - -Approving new users... -"; -$query="SELECT pid FROM proj_memb WHERE uid='$auth_usr' and trust='group_root'"; -$result = mysql_db_query("tbdb", $query); -$select = "SELECT"; -$project[0]=""; -$n=0; -while ($row = mysql_fetch_row($result)) { - $pid = $row[0]; - $project[$n]=$pid; - $n = $n + 1; - if ($select == "SELECT") { - $select .= " DISTINCT uid FROM proj_memb WHERE pid='$pid'"; - } else { - $select .= " OR pid='$pid'"; - } -} -$selected = mysql_db_query("tbdb", $select); -$find = "SELECT"; -while ($row = mysql_fetch_row($selected)) { - $uid = $row[0]; - if ($find == "SELECT") { - $find .= " DISTINCT uid,status,usr_email FROM users WHERE (status='newuser' OR status='unapproved') AND (uid='$uid'"; - } else { - $find .= " OR uid='$uid'"; - } -} -$find .= ")"; -$found = mysql_db_query("tbdb", $find); -while ($row = mysql_fetch_row($found)) { - $uid = $row[0]; - $status=$row[1]; - $email=$row[2]; - $cmd = "select pid from proj_memb where uid='$uid' and trust='none' and ("; - $cmd .= "pid='$project[0]'"; - $n=1; - while ( isset($project[$n]) ) { $cmd .= " or pid='$project[$n]'"; $n++; } - $cmd .=")"; - $result = mysql_db_query("tbdb",$cmd); - $row=mysql_fetch_row($result); - $pid=$row[0]; - if (isset($$uid)) { - if ( $$uid == "approve") { - $trust=${"$uid-trust"}; - if ($status=="newuser") { - $newstatus='unverified'; - } else { #Status is 'unapproved' - $newstatus='active'; - } - $cmd = "update users set status='$newstatus' where uid='$uid'"; - $cmd .= "and status='$status'"; - $result = mysql_db_query("tbdb",$cmd); - $cmd = "update proj_memb set trust='$trust' where uid='$uid'"; - $cmd .= "and trust='none' and pid='$pid'"; - $result = mysql_db_query("tbdb",$cmd); - - mail("$email","TESTBED: Project Membership Approval", - "\nThis message is to notify you that you have been approved ". - "as a member of \nthe $pid project with $trust permissions.\n". - "\nYour status as a Testbed user is now $newstatus.". - "\n\nThanks,\nTestbed Ops\nUtah Network Testbed\n", - "From: Testbed Ops \n". - "Cc: Testbed WWW \n". - "Errors-To: Testbed WWW "); - echo "

User $uid was changed to status $newstatus and "; - echo "granted $trust permissions for project $pid.

\n"; - } elseif ( $$uid == "deny") { - # Delete all rows from proj_memb that are for that person, no privs - # and one of the projects that the user is a leader of - $cmd = "delete from proj_memb where uid='$uid' and trust='none' and ("; - $cmd .= "pid='$project[0]'"; - $n=1; - while ( isset($project[$n]) ) { $cmd .= " or pid='$project[$n]'"; $n++; } - $cmd .=")"; - $result = mysql_db_query("tbdb",$cmd); - mail("$email","TESTBED: Project Membership Denied", - "\nThis message is to notify you that you have been denied ". - "as a member of \nthe $pid project\n". - "\nYour status as a Testbed user is still $status.". - "\n\nThanks,\nTestbed Ops\nUtah Network Testbed\n", - "From: Testbed Ops \n". - "Cc: Testbed WWW \n". - "Errors-To: Testbed WWW "); - echo "

User $uid was denied membership in your project.

-

\n"; - } else { - echo "

User $uid was postponed for later decision.

\n"; - } - } -} -echo " - -"; -?> diff --git a/www/approveuser.php3 b/www/approveuser.php3 new file mode 100644 index 0000000000000000000000000000000000000000..61458d5c5ac7dc7b931eadf95298244187ab0420 --- /dev/null +++ b/www/approveuser.php3 @@ -0,0 +1,234 @@ + + +New Users Approved + + + +

+ Project Membership Results +

"; + +# +# Walk the list of post variables, looking for the special post format. +# See approveuser_form.php3: +# +# uid menu project +# name=stoller$$approval-testbed value=approved,denied,postpone +# name=stoller$$trust-testbed value=user,local_root +# +while (list ($header, $value) = each ($HTTP_POST_VARS)) { + #echo "$header: $value
\n"; + + $approval_string = strstr($header, "\$\$approval-"); + if (! $approval_string) { + continue; + } + + $user = substr($header, 0, strpos($header, "\$\$", 0)); + $project = substr($approval_string, strlen("\$\$approval-")); + $approval = $value; + + if (!$user || strcmp($user, "") == 0) { + TBERROR("Parse error finding user in approveuser.php3", 1); + } + if (!$project || strcmp($project, "") == 0) { + TBERROR("Parse error finding project in approveuser.php3", 1); + } + if (!$approval || strcmp($approval, "") == 0) { + TBERROR("Parse error finding approval in approveuser.php3", 1); + } + + # + # There should be a corresponding trust variable in the POST vars. + # Note that we construct the variable name and indirect to it. + # + $foo = "$user\$\$trust-$project"; + $newtrust = $$foo; + if (!$newtrust || strcmp($newtrust, "") == 0) { + TBERROR("Parse error finding trust in approveuser.php3", 1); + } + #echo "User $user, + # Project $project, Approval $approval, Trust $newtrust
\n"; + if (strcmp($newtrust, "user") && strcmp($newtrust, "local_root")) { + TBERROR("Invalid trust $newtrust for user $user approveuser.php3.", 1); + } + + # + # Get the current status for the user, which we might need to change + # anyway, and to verify that the user is a valid user. We also need + # the email address to let user know what happened. + # + # We change the status only if this person is joining his first project. + # In this case, the status will be either "newuser" or "unapproved", + # and we will change it to "unapproved" or "active", respectively. + # If the status is "active", we leave it alone. + # + $query_result = mysql_db_query($TBDBNAME, + "SELECT status,usr_email from users where uid='$user'"); + if (! $query_result) { + TBERROR("Database Error restrieving user status for $user", 1); + } + if (mysql_num_rows($query_result) == 0) { + TBERROR("Unknown user $user", 1); + } + $row = mysql_fetch_row($query_result); + $curstatus = $row[0]; + $user_email = $row[1]; + #echo "Status = $curstatus, Email = $user_email
\n"; + + # + # We need to check that the current uid has the necessary trust level + # to add this user to the project. + # + $query_result = mysql_db_query($TBDBNAME, + "SELECT trust from proj_memb where uid='$uid' and pid='$project'"); + if (! $query_result) { + TBERROR("Database Error retrieving trust for $uid in $project", 1); + } + if (mysql_num_rows($query_result) == 0) { + USERERROR("You are not allowed to add users to project $project.", 1); + } + $row = mysql_fetch_row($query_result); + $uidtrust = $row[0]; + if (strcmp($uidtrust, "group_root")) { + USERERROR("You are not allowed to add users to project $project.", 1); + } + + # + # Then we check that that user being added really wanted to be in that + # project, and is not already there with a valid trust value. + # + $query_result = mysql_db_query($TBDBNAME, + "SELECT trust from proj_memb where uid='$user' and pid='$project'"); + if (! $query_result) { + TBERROR("Database Error retrieving trust for $user in $project", 1); + } + if (mysql_num_rows($query_result) == 0) { + USERERROR("User $user is not a member of project $project.", 1); + } + $row = mysql_fetch_row($query_result); + $usertrust = $row[0]; + if (strcmp($usertrust, "none")) { + USERERROR("User $user is already a member of project $project.", 1); + } + + # + # Well, looks like everything is okay. Change the project membership + # value appropriately. + # + if (strcmp($approval, "postpone") == 0) { + echo "

+ Membership status for user $user was postponed for + later decision. +

\n"; + continue; + } + if (strcmp($approval, "deny") == 0) { + # + # Must delete the proj_memb record since we require that the user + # reapply once denied. Send the luser email to let him know. + # + $query_result = mysql_db_query($TBDBNAME, + "delete from proj_memb where uid='$user' and pid='$project'"); + if (! $query_result) { + TBERROR("Database Error removing $user from project membership ". + "after being denied.", 1); + } + mail("$user_email", + "TESTBED: Project Membership Denied", + "\n". + "This message is to notify you that you have been denied\n". + "membership in project $project\n". + "\n\n". + "Thanks,\n". + "Testbed Ops\n". + "Utah Network Testbed\n", + "From: $TBMAIL_CONTROL\n". + "Cc: $TBMAIL_CONTROL\n". + "Errors-To: $TBMAIL_WWW"); + + echo "

+ User $user was denied membership in project $project. + The user will need to reapply again if this was in error. +

\n"; + + continue; + } + if (strcmp($approval, "approve") == 0) { + # + # Change the trust value in proj_memb accordingly. + # + $query_result = mysql_db_query($TBDBNAME, + "UPDATE proj_memb set trust='$newtrust' ". + "WHERE uid='$user' and pid='$project'"); + if (! $query_result) { + TBERROR("Database Error adding $user to project $project.", 1); + } + + # + # Change the status if necessary. This only happens for new + # users being added to their first project. After this, the status is + # going to be "active", and we just leave it that way. + # + if (strcmp($curstatus, "active")) { + if (strcmp($curstatus, "newuser") == 0) { + $newstatus = "unverified"; + } + elseif (strcmp($curstatus, "unapproved") == 0) { + $newstatus = "active"; + } + else { + TBERROR("Invalid $user status $curstatus in approveuser.php3", + 1); + } + $query_result = mysql_db_query($TBDBNAME, + "UPDATE users set status='$newstatus' WHERE uid='$user'"); + if (! $query_result) { + TBERROR("Database Error changing $user status to $newstatus.", + 1); + } + } + + mail("$user_email", + "TESTBED: Project Membership Approval", + "\n". + "This message is to notify you that you have been approved\n". + "as a member of project $project with $newtrust permissions.\n". + "\n\n". + "Thanks,\n". + "Testbed Ops\n". + "Utah Network Testbed\n", + "From: $TBMAIL_CONTROL\n". + "Cc: $TBMAIL_CONTROL\n". + "Errors-To: $TBMAIL_WWW"); + + echo "

+ User $user was granted membership in project $project + with $newtrust permissions. +

\n"; + + continue; + } + TBERROR("Invalid approval value $approval in approveuser.php3.", 1); +} + +?> + + + diff --git a/www/approveuser_form.php3 b/www/approveuser_form.php3 new file mode 100755 index 0000000000000000000000000000000000000000..c0fe3b913f7f0af46c2b2af24626893eaacbc21b --- /dev/null +++ b/www/approveuser_form.php3 @@ -0,0 +1,172 @@ + + +New User Approval + + + +Approve new users in your Project + Use this page to approve new members of your Project. Once + approved, they will be able to log into machines in your Project's + experiments. +

If you desire, you may set their trust/privilege + levels to give them more or less access to your nodes: +

    +
  • Deny - Deny access to your project. +
  • User - Can log into machines in your experiments. +
  • Root - Granted root access on your project's machines; + can create new experiments. +
\n"; + +# +# Find all of the groups that this person has group_root in, and then in +# all of those groups, all of the people who are awaiting to be approved +# (status = none). +# +# First off, just determine if this person has group_root anywhere. +# +$query_result = mysql_db_query($TBDBNAME, + "SELECT pid FROM proj_memb WHERE uid='$auth_usr' ". + "and trust='group_root'"); +if (! $query_result) { + $err = mysql_error(); + TBERROR("Database Error getting project info for $auth_usr: $err\n", 1); +} +if (mysql_num_rows($query_result) == 0) { + USERERROR("You do not have Project Root permissions in any Project.", 1); +} + +# +# Okay, so this operation sucks out the right people by joining the +# proj_memb table with itself. Kinda obtuse if you are not a natural +# DB guy. Sorry. Well, obtuse to me. +# +$query_result = mysql_db_query($TBDBNAME, + "SELECT proj_memb.* ". + "FROM proj_memb LEFT JOIN proj_memb as authed ". + "ON proj_memb.pid=authed.pid and proj_memb.uid!='$auth_usr' ". + "and proj_memb.trust='none' ". + "WHERE authed.uid='$auth_usr' and authed.trust='group_root'"); +if (! $query_result) { + $err = mysql_error(); + TBERROR("Database Error getting approvable users for $auth_usr: $err\n", + 1); +} +if (mysql_num_rows($query_result) == 0) { + USERERROR("You have no new project members who need approval.", 1); +} + +# +# Now build a table with a bunch of selections. The thing to note about the +# form inside this table is that the selection fields are constructed with +# name= on the fly, from the uid of the user to be approved. In other words: +# +# uid menu project +# name=stoller$$approval-testbed value=approved,denied,postpone +# name=stoller$$trust-testbed value=user,local_root +# +# so that we can go through the entire list of post variables, looking +# for these. The alternative is to work backwards, and I don't like that. +# +echo "\n"; + +echo " + + + + + + + + + + + + + + + + + \n"; + +echo "\n"; + +while ($usersrow = mysql_fetch_array($query_result)) { + $newuid = $usersrow[uid]; + $pid = $usersrow[pid]; + + $userinfo_result = mysql_db_query($TBDBNAME, + "SELECT * from users where uid=\"$newuid\""); + + $row = mysql_fetch_array($userinfo_result); + $name = $row[usr_name]; + $email = $row[usr_email]; + $title = $row[usr_title]; + $affil = $row[usr_affil]; + $addr = $row[usr_addr]; + $addr2 = $row[usr_addr2]; + $city = $row[usr_city]; + $state = $row[usr_state]; + $zip = $row[usr_zip]; + $phone = $row[usr_phone]; + + echo " + + + + + + + \n"; + + echo " + + + + + \n"; + echo " + + + + + + \n"; +} +echo " + + + +
UserProjectActionTrustNameTitleAffilE-mailPhone
AddrAddr2CityStateZip
$newuid$pid + + + +  $name  $title  $affil  $email  $phone 
 $addr  $addr2  $city  $state  $zip 
+
+ + \n"; +?> diff --git a/www/index.php3 b/www/index.php3 index 7789bd52239c1e016ee7a64294a95ce9d1590c2d..fcb88f142dcd1d4d1806cacedd6c6fd4a6ff5844 100755 --- a/www/index.php3 +++ b/www/index.php3 @@ -90,9 +90,10 @@ if (isset($uid)) { if ($status == "active") { if ($trust == "group_root") { # Only group leaders can do these options - echo "New User Approval\n"; + echo " + New User Approval\n"; } - # Since a user can be a member of more than one project (grp), + # Since a user can be a member of more than one project, # display this option, and let the form decide if the user is # allowed to do this. echo "