function processBlockRequestInput($checks = 1)
{
global $submitErr, $submitErrMsg, $mode, $user, $days;
$return = array();
$return['blockname'] = getContinuationVar("blockname", processInputVar("blockname", ARG_STRING));
$return['imageid'] = getContinuationVar("imageid", processInputVar("imageid", ARG_NUMERIC));
$return['machinecnt'] = getContinuationVar("machinecnt", processInputVar("machinecnt", ARG_NUMERIC, 0));
$return['swhour'] = getContinuationVar("swhour", processInputVar("swhour", ARG_MULTINUMERIC));
$return['swminute'] = getContinuationVar("swminute", processInputVar("swminute", ARG_MULTINUMERIC));
$return['swmeridian'] = getContinuationVar("swmeridian", processInputVar("swmeridian", ARG_MULTISTRING));
$return['ewhour'] = getContinuationVar("ewhour", processInputVar("ewhour", ARG_MULTINUMERIC));
$return['ewminute'] = getContinuationVar("ewminute", processInputVar("ewminute", ARG_MULTINUMERIC));
$return['ewmeridian'] = getContinuationVar("ewmeridian", processInputVar("ewmeridian", ARG_MULTISTRING));
$return['smhour'] = getContinuationVar("smhour", processInputVar("smhour", ARG_MULTINUMERIC));
$return['smminute'] = getContinuationVar("smminute", processInputVar("smminute", ARG_MULTINUMERIC));
$return['smmeridian'] = getContinuationVar("smmeridian", processInputVar("smmeridian", ARG_MULTISTRING));
$return['emhour'] = getContinuationVar("emhour", processInputVar("emhour", ARG_MULTINUMERIC));
$return['emminute'] = getContinuationVar("emminute", processInputVar("emminute", ARG_MULTINUMERIC));
$return['emmeridian'] = getContinuationVar("emmeridian", processInputVar("emmeridian", ARG_MULTISTRING));
$return['slhour'] = getContinuationVar("slhour", processInputVar("slhour", ARG_MULTINUMERIC));
$return['slminute'] = getContinuationVar("slminute", processInputVar("slminute", ARG_MULTINUMERIC));
$return['slmeridian'] = getContinuationVar("slmeridian", processInputVar("slmeridian", ARG_MULTISTRING));
$return['elhour'] = getContinuationVar("elhour", processInputVar("elhour", ARG_MULTINUMERIC));
$return['elminute'] = getContinuationVar("elminute", processInputVar("elminute", ARG_MULTINUMERIC));
$return['elmeridian'] = getContinuationVar("elmeridian", processInputVar("elmeridian", ARG_MULTISTRING));
$return['weeknum'] = getContinuationVar("weeknum", processInputVar("weeknum", ARG_NUMERIC));
$return['day'] = getContinuationVar("day", processInputVar("day", ARG_NUMERIC));
$return['date'] = getContinuationVar("date", processInputVar("date", ARG_MULTISTRING));
$return['available'] = getContinuationVar("available", processInputVar("available", ARG_STRING, 'weekly'));
$return['usergroupid'] = getContinuationVar("usergroupid", processInputVar("usergroupid", ARG_NUMERIC));
$return['admingroupid'] = getContinuationVar("admingroupid", processInputVar("admingroupid", ARG_NUMERIC));
$return['swdate'] = getContinuationVar("swdate", processInputVar("swdate", ARG_STRING));
$return['ewdate'] = getContinuationVar("ewdate", processInputVar("ewdate", ARG_STRING));
$return['smdate'] = getContinuationVar("smdate", processInputVar("smdate", ARG_STRING));
$return['emdate'] = getContinuationVar("emdate", processInputVar("emdate", ARG_STRING));
$return['wdays'] = getContinuationVar("wdays", processInputVar("wdays", ARG_MULTISTRING));
$return['state'] = getContinuationVar("state", 0);
$return['blockRequestid'] = getContinuationVar("blockRequestid", processInputVar("blockRequestid", ARG_NUMERIC));
$return['wdayschecked'] = array();
foreach ($days as $day) {
if (in_array($day, $return['wdays'])) {
$return['wdayschecked'][$day] = 'checked';
} else {
$return['wdayschecked'][$day] = '';
}
}
if (!$checks) {
return $return;
}
if (!preg_match('/^([-a-zA-Z0-9\\. ]){3,80}$/', $return["blockname"])) {
$submitErr |= BLOCKNAMEERR;
$submitErrMsg[BLOCKNAMEERR] = "Name can only contain letters, numbers, spaces, dashes(-),<br>and periods(.) and can be from 3 to 80 characters long";
}
$resources = getUserResources(array("imageAdmin", "imageCheckOut"));
$resources["image"] = removeNoCheckout($resources["image"]);
if (!in_array($return['imageid'], array_keys($resources['image']))) {
$submitErr |= IMAGEIDERR;
$submitErrMsg[IMAGEIDERR] = "The submitted image is invalid.";
}
if ($return['machinecnt'] < MIN_BLOCK_MACHINES) {
$submitErr |= BLOCKCNTERR;
$submitErrMsg[BLOCKCNTERR] = "You must request at least " . MIN_BLOCK_MACHINES . " machines";
} elseif ($return['machinecnt'] > MAX_BLOCK_MACHINES) {
$submitErr |= BLOCKCNTERR;
$submitErrMsg[BLOCKCNTERR] = "You cannot request more than " . MAX_BLOCK_MACHINES . " machines";
}
// FIXME should we limit the course groups that show up?
$groups = getUserGroups();
if (!array_key_exists($return['usergroupid'], $groups)) {
$submitErr |= USERGROUPIDERR;
$submitErrMsg[USERGROUPIDERR] = "The submitted user group is invalid.";
}
if (!array_key_exists($return['admingroupid'], $groups) && $return['admingroupid'] != 0) {
$submitErr |= ADMINGROUPIDERR;
$submitErrMsg[ADMINGROUPIDERR] = "The submitted user group is invalid.";
}
if ($return['available'] == 'weekly') {
$keys = array('1' => 'swhour', '2' => 'ewhour', '3' => 'swminute', '4' => 'ewminute', '5' => 'swmeridian', '6' => 'ewmeridian', '7' => 'swdate', '8' => 'ewdate');
// check days of week
foreach ($return['wdays'] as $index => $day) {
if (!in_array($day, $days)) {
unset($return['wdays'][$index]);
}
}
/*foreach($days as $day) {
if(in_array($day, $return['wdays']))
$return['wdayschecked'][$day] = 'checked';
}*/
if (!count($return['wdays'])) {
$submitErr |= STARTDAYERR;
$submitErrMsg[STARTDAYERR] = "You must select at least one day of the week";
}
} elseif ($return['available'] == 'monthly') {
$keys = array('1' => 'smhour', '2' => 'emhour', '3' => 'smminute', '4' => 'emminute', '5' => 'smmeridian', '6' => 'emmeridian', '7' => 'smdate', '8' => 'emdate');
// check weeknum
if ($return['weeknum'] < 1 || $return['weeknum'] > 5) {
$submitErr |= WEEKNUMERR;
$submitErrMsg[WEEKNUMERR] = "Invalid week of the month submitted";
}
// check day
if ($return['day'] < 1 || $return['day'] > 7) {
$submitErr |= DAYERR;
$submitErrMsg[DAYERR] = "Invalid day of the week submitted";
}
} elseif ($return['available'] == 'list') {
$keys = array('1' => 'slhour', '2' => 'elhour', '3' => 'slminute', '4' => 'elminute', '5' => 'slmeridian', '6' => 'elmeridian');
}
// check each timeslot
for ($i = 0; $i < 4; $i++) {
$submitErrMsg[STARTHOURERR][$i] = "";
$submitErrMsg[ENDHOURERR][$i] = "";
// start hour
if ($return[$keys[1]][$i] < 1 || $return[$keys[1]][$i] > 12) {
$submitErr |= STARTHOURERR;
$submitErrMsg[STARTHOURERR][$i] = "The start hour must be between 1 and 12.";
}
// end hour
if ($return[$keys[2]][$i] < 1 || $return[$keys[2]][$i] > 12) {
$submitErr |= ENDHOURERR;
$submitErrMsg[ENDHOURERR][$i] = " The end hour must be between 1 and 12.";
}
// start minute
if ($return[$keys[3]][$i] < 0 || $return[$keys[3]][$i] > 59) {
$submitErr |= STARTHOURERR;
// we reuse STARTHOURERR here, it overwrites the last one, but oh well
$submitErrMsg[STARTHOURERR][$i] = "The start minute must be between 0 and 59.";
}
// end minute
if ($return[$keys[4]][$i] < 0 || $return[$keys[4]][$i] > 59) {
$submitErr |= ENDHOURERR;
$submitErrMsg[ENDHOURERR][$i] = " The end minute must be between 0 and 59.";
}
// start meridian
if ($return[$keys[5]][$i] != 'am' && $return[$keys[5]][$i] != 'pm') {
$return[$keys[5]][$i] = 'pm';
// just set it to one of them
}
// end meridian
if ($return[$keys[6]][$i] != 'am' && $return[$keys[6]][$i] != 'pm') {
$return[$keys[6]][$i] = 'am';
// just set it to one of them
}
// check that start is before end
$return['stime'][$i] = minuteOfDay2("{$return[$keys[1]][$i]}:{$return[$keys[3]][$i]} {$return[$keys[5]][$i]}");
$return['etime'][$i] = minuteOfDay2("{$return[$keys[2]][$i]}:{$return[$keys[4]][$i]} {$return[$keys[6]][$i]}");
if ($return['stime'][$i] > $return['etime'][$i]) {
$submitErr |= STARTHOURERR;
// we reuse STARTHOURERR here, it overwrites the last one, but oh well
$submitErrMsg[STARTHOURERR][$i] = "The start time must be before the end time (or be equal to ignore this slot)";
}
}
if ($return['available'] == 'weekly' || $return['available'] == 'monthly') {
// check that timeslots do not overlap
if (!($submitErr & STARTHOURERR) && !($submitErr & ENDHOURERR)) {
for ($i = 0; $i < 4; $i++) {
for ($j = $i + 1; $j < 4; $j++) {
if ($return['etime'][$i] > $return['stime'][$j] && $return['stime'][$i] < $return['etime'][$j]) {
$submitErr |= STARTHOURERR;
$submitErrMsg[STARTHOURERR][$i] = "This timeslot overlaps with Slot" . ($j + 1);
}
}
}
}
// check that start date is valid
$startarr = split('/', $return[$keys[7]]);
if (!preg_match('/^((\\d){1,2})\\/((\\d){1,2})\\/(\\d){2}$/', $return[$keys[7]])) {
$submitErr |= STARTDATEERR;
$submitErrMsg[STARTDATEERR] = "The start date must be in the form mm/dd/yy.";
} elseif (!checkdate($startarr[0], $startarr[1], $startarr[2])) {
$submitErr |= STARTDATEERR;
$submitErrMsg[STARTDATEERR] = "This is an invalid date.";
} elseif (datetimeToUnix("{$startarr[2]}-{$startarr[0]}-{$startarr[1]} 23:59:59") < time()) {
$submitErr |= STARTDATEERR;
$submitErrMsg[STARTDATEERR] = "The start date must be today or later.";
}
// check that end date is valid
$endarr = split('/', $return[$keys[8]]);
if (!preg_match('/^((\\d){1,2})\\/((\\d){1,2})\\/(\\d){2}$/', $return[$keys[8]])) {
$submitErr |= ENDDATEERR;
$submitErrMsg[ENDDATEERR] = "The end date must be in the form mm/dd/yy.";
} elseif (!checkdate($endarr[0], $endarr[1], $endarr[2])) {
$submitErr |= ENDDATEERR;
$submitErrMsg[ENDDATEERR] = "This is an invalid date.";
} elseif (datetimeToUnix("{$startarr[2]}-{$startarr[0]}-{$startarr[1]} 00:00:00") > datetimeToUnix("{$endarr[2]}-{$endarr[0]}-{$endarr[1]} 00:00:00")) {
$submitErr |= ENDDATEERR;
$submitErrMsg[ENDDATEERR] = "The end date must be later than the start date.";
}
} elseif ($return['available'] == 'list') {
if (!($submitErr & STARTHOURERR) && !($submitErr & ENDHOURERR)) {
// check date[1-n]
for ($i = 0; $i < 4; $i++) {
$submitErrMsg[STARTDATEERR][$i] = "";
if ($return['stime'][$i] == $return['etime'][$i]) {
continue;
}
$submitErrMsg[STARTDATEERR][$i] = "";
$datearr = split('/', $return['date'][$i]);
if (!preg_match('/^((\\d){1,2})\\/((\\d){1,2})\\/(\\d){2}$/', $return['date'][$i])) {
$submitErr |= STARTDATEERR;
$submitErrMsg[STARTDATEERR][$i] = "The date must be in the form mm/dd/yy.";
} elseif (!checkdate($datearr[0], $datearr[1], $datearr[2])) {
$submitErr |= STARTDATEERR;
$submitErrMsg[STARTDATEERR][$i] = "Invalid date submitted.";
} elseif (datetimeToUnix("{$datearr[2]}-{$datearr[0]}-{$datearr[1]} 23:59:59") < time()) {
$submitErr |= STARTDATEERR;
$submitErrMsg[STARTDATEERR][$i] = "The date must be today or later.";
}
}
}
}
if (0) {
# FIXME
$submitErr |= AVAILABLEERR;
$submitErrMsg[AVAILABLEERR] = "The submitted availability selection is invalid.";
}
return $return;
}
function confirmEditOrAddImage($state)
{
global $submitErr, $user;
$data = processImageInput(1);
if ($submitErr) {
editOrAddImage($state);
return;
}
if (get_magic_quotes_gpc()) {
$data['description'] = stripslashes($data['description']);
$data['usage'] = stripslashes($data['usage']);
$data['comments'] = stripslashes($data['comments']);
}
$groups = getUserGroups();
$groups[0] = array("name" => "Any");
if (!$state) {
$images = getImages();
}
if ($state) {
$nextmode = "imageClickThroughAgreement";
$title = "Add Image";
$question = "Add the following image?";
} else {
$nextmode = "submitEditImage";
$title = "Edit Image";
$question = "Submit changes to the image?";
}
$platforms = getPlatforms();
$oslist = getOSList();
print "<FORM action=\"" . BASEURL . SCRIPT . "\" method=post>\n";
print "<DIV align=center>\n";
print "<H2>{$title}</H2>\n";
print "{$question}<br><br>\n";
print "<TABLE>\n";
if (!$state) {
/*print " <TR>\n";
print " <TH align=right>Short Name:</TH>\n";
print " <TD>" . $data["name"] . "</TD>\n";
print " </TR>\n";*/
}
print " <TR>\n";
print " <TH align=right>Name:</TH>\n";
print " <TD>" . $data["prettyname"] . "</TD>\n";
print " </TR>\n";
print " <TR>\n";
print " <TH align=right>Owner:</TH>\n";
print " <TD>" . $data["owner"] . "</TD>\n";
print " </TR>\n";
/*print " <TR>\n";
print " <TH align=right>Platform:</TH>\n";
print " <TD>" . $platforms[$data["platformid"]] . "</TD>\n";
print " </TR>\n";
print " <TR>\n";
print " <TH align=right>OS:</TH>\n";
print " <TD>" . $oslist[$data["osid"]]["prettyname"] . "</TD>\n";
print " </TR>\n";*/
print " <TR>\n";
print " <TD colspan=2>\n";
print "<br><strong>Image Description</strong>:<br>\n";
print "{$data['description']}<br><br>\n";
print "<strong>Usage Notes</strong>:<br>\n";
print "{$data['usage']}<br><br>\n";
if ($state) {
print "<strong>Revision Comments</strong>:<br>\n";
print "{$data['comments']}<br><br>\n";
}
print " </TD>\n";
print " </TR>\n";
print "</TABLE>\n";
print "<TABLE>\n";
print " <TR>\n";
print " <TD colspan=2><strong>Advanced Options</strong>:</TD>\n";
print " </TR>\n";
print " <TR>\n";
print " <TD colspan=2><hr></TD>\n";
print " </TR>\n";
print " <TR>\n";
print " <TH align=right>Minimum RAM (MB):</TH>\n";
print " <TD>" . $data["minram"] . "</TD>\n";
print " </TR>\n";
print " <TR>\n";
print " <TH align=right>Minimum Num of Processors:</TH>\n";
print " <TD>" . $data["minprocnumber"] . "</TD>\n";
print " </TR>\n";
print " <TR>\n";
print " <TH align=right>Minimum Processor Speed (MHz):</TH>\n";
print " <TD>" . $data["minprocspeed"] . "</TD>\n";
print " </TR>\n";
print " <TR>\n";
print " <TH align=right>Minimum Network Speed (Mbps):</TH>\n";
print " <TD>" . $data["minnetwork"] . "</TD>\n";
print " </TR>\n";
print " <TR>\n";
print " <TH align=right>Maximum Concurrent Usage:</TH>\n";
if ($data['maxconcurrent'] == '') {
print " <TD>N/A</TD>\n";
} else {
print " <TD>" . $data["maxconcurrent"] . "</TD>\n";
}
print " </TR>\n";
if (!$state) {
print " <TR>\n";
print " <TH align=right>Estimated Reload Time (min):</TH>\n";
print " <TD>" . $data["reloadtime"] . "</TD>\n";
print " </TR>\n";
}
print " <TR>\n";
print " <TH align=right>Available for checkout:</TH>\n";
if ($data["forcheckout"]) {
print " <TD>Yes</TD>\n";
} else {
print " <TD>No</TD>\n";
}
print " </TR>\n";
print " <TR>\n";
print " <TH align=right>Check for logged in user:</TH>\n";
if ($data["checkuser"]) {
print " <TD>Yes</TD>\n";
} else {
print " <TD>No</TD>\n";
}
print " </TR>\n";
if ($user["adminlevel"] == "developer" || $user['adminlevel'] == 'full') {
print " <TR>\n";
print " <TH align=right>User group allowed to log in:</TH>\n";
$tmp = explode('@', $groups[$data["usergroupid"]]["name"]);
if (array_key_exists(1, $tmp) && $tmp[1] != $user['affiliation']) {
print " <TD>" . $groups[$data["usergroupid"]]["name"] . "</TD>\n";
} else {
print " <TD>{$tmp[0]}</TD>\n";
}
print " </TR>\n";
}
if (!$state) {
print " <TR>\n";
print " <TH style=\"vertical-align:top; text-align:right;\">Subimages:</TH>\n";
print " <TD>\n";
if (array_key_exists("subimages", $images[$data["imageid"]]) && count($images[$data["imageid"]]["subimages"])) {
foreach ($images[$data["imageid"]]["subimages"] as $imgid) {
print "{$images[$imgid]["prettyname"]}<br>\n";
}
} else {
print "None";
}
print " </TD>\n";
print " </TR>\n";
} else {
print " <TR>\n";
print " <TH align=right>Use sysprep:</TH>\n";
if ($data["sysprep"]) {
print " <TD>Yes</TD>\n";
} else {
print " <TD>No</TD>\n";
}
print " </TR>\n";
}
print " <TR>\n";
print " <TD colspan=2><hr></TD>\n";
print " </TR>\n";
print "</TABLE>\n";
print "<TABLE>\n";
print " <TR valign=top>\n";
print " <TD>\n";
$data['description'] = mysql_escape_string($data['description']);
$data['usage'] = mysql_escape_string($data['usage']);
$data['comments'] = mysql_escape_string($data['comments']);
if ($state) {
$data['nextmode'] = 'submitAddImage';
$cont = addContinuationsEntry($nextmode, $data, SECINDAY, 0);
} else {
$cont = addContinuationsEntry($nextmode, $data, SECINDAY, 0, 0);
}
print " <INPUT type=hidden name=continuation value=\"{$cont}\">\n";
if ($state) {
print " <INPUT type=submit value=\"Add Image\">\n";
} else {
print " <INPUT type=submit value=\"Submit Changes\">\n";
}
print " </FORM>\n";
print " </TD>\n";
print " <TD>\n";
print " <FORM action=\"" . BASEURL . SCRIPT . "\" method=post>\n";
if ($state) {
$cont = addContinuationsEntry('viewRequests');
} else {
$cont = addContinuationsEntry('viewImages');
}
print " <INPUT type=hidden name=continuation value=\"{$cont}\">\n";
print " <INPUT type=submit value=Cancel>\n";
print " </FORM>\n";
print " </TD>\n";
print " </TR>\n";
print "</TABLE>\n";
}
function getUserMaxTimes($uid = 0)
{
global $user;
$return = array("initial" => 0, "total" => 0, "extend" => 0);
if ($uid == 0) {
$groupids = array_keys($user["groups"]);
} else {
$groupids = array_keys(getUsersGroups($uid, 1));
}
if (!count($groupids)) {
array_push($groupids, getUserGroupID(DEFAULTGROUP));
}
$allgroups = getUserGroups();
foreach ($groupids as $id) {
if ($return["initial"] < $allgroups[$id]["initialmaxtime"]) {
$return["initial"] = $allgroups[$id]["initialmaxtime"];
}
if ($return["total"] < $allgroups[$id]["totalmaxtime"]) {
$return["total"] = $allgroups[$id]["totalmaxtime"];
}
if ($return["extend"] < $allgroups[$id]["maxextendtime"]) {
$return["extend"] = $allgroups[$id]["maxextendtime"];
}
}
return $return;
}
function XMLRPCblockAllocation($imageid, $start, $end, $numMachines, $usergroupid, $ignoreprivileges = 0)
{
global $user, $xmlrpcBlockAPIUsers;
if (!in_array($user['id'], $xmlrpcBlockAPIUsers)) {
return array('status' => 'error', 'errorcode' => 34, 'errormsg' => 'access denied for managing block allocations');
}
# valid $imageid
$resources = getUserResources(array("imageAdmin", "imageCheckOut"));
$resources["image"] = removeNoCheckout($resources["image"]);
if (!array_key_exists($imageid, $resources['image'])) {
return array('status' => 'error', 'errorcode' => 3, 'errormsg' => "access denied to {$imageid}");
}
# validate $start and $end
$dtreg = '([0-9]{4})-([0-9]{2})-([0-9]{2}) ([0-9]{2}):([0-9]{2}):([0-9]{2})';
$startts = datetimeToUnix($start);
$endts = datetimeToUnix($end);
$maxend = datetimeToUnix("2038-01-01 00:00:00");
if (!preg_match("/^{$dtreg}\$/", $start) || $startts < 0 || $startts > $maxend) {
return array('status' => 'error', 'errorcode' => 4, 'errormsg' => "received invalid input for start");
}
if (!preg_match("/^{$dtreg}\$/", $end) || $endts < 0 || $endts > $maxend) {
return array('status' => 'error', 'errorcode' => 36, 'errormsg' => "received invalid input for end");
}
# validate $numMachines
if (!is_numeric($numMachines) || $numMachines < MIN_BLOCK_MACHINES || $numMachines > MAX_BLOCK_MACHINES) {
return array('status' => 'error', 'errorcode' => 64, 'errormsg' => 'The submitted number of seats must be between ' . MIN_BLOCK_MACHINES . ' and ' . MAX_BLOCK_MACHINES . '.');
}
# validate $usergroupid
$groups = getUserGroups();
if (!array_key_exists($usergroupid, $groups)) {
return array('status' => 'error', 'errorcode' => 67, 'errormsg' => 'Submitted user group does not exist');
}
# validate ignoreprivileges
if (!is_numeric($ignoreprivileges) || $ignoreprivileges < 0 || $ignoreprivileges > 1) {
return array('status' => 'error', 'errorcode' => 86, 'errormsg' => 'ignoreprivileges must be 0 or 1');
}
$ownerid = getUserlistID('vclreload@Local');
$name = "API:{$start}";
$managementnodes = getManagementNodes('future');
if (empty($managementnodes)) {
return array('status' => 'error', 'errorcode' => 12, 'errormsg' => 'could not allocate a management node to handle block allocation');
}
$mnid = array_rand($managementnodes);
$query = "INSERT INTO blockRequest " . "(name, " . "imageid, " . "numMachines, " . "groupid, " . "repeating, " . "ownerid, " . "managementnodeid, " . "expireTime, " . "status) " . "VALUES " . "('{$name}', " . "{$imageid}, " . "{$numMachines}, " . "{$usergroupid}, " . "'list', " . "{$ownerid}, " . "{$mnid}, " . "'{$end}', " . "'accepted')";
doQuery($query, 101);
$brid = dbLastInsertID();
$query = "INSERT INTO blockTimes " . "(blockRequestid, " . "start, " . "end) " . "VALUES " . "({$brid}, " . "'{$start}', " . "'{$end}')";
doQuery($query, 101);
$btid = dbLastInsertID();
$query = "INSERT INTO blockWebDate " . "(blockRequestid, " . "start, " . "end, " . "days) " . "VALUES " . "({$brid}, " . "'{$start}', " . "'{$end}', " . "0)";
doQuery($query);
$sh = date('g', $startts);
$smi = date('i', $startts);
$sme = date('a', $startts);
$eh = date('g', $startts);
$emi = date('i', $startts);
$eme = date('a', $startts);
$query = "INSERT INTO blockWebTime " . "(blockRequestid, " . "starthour, " . "startminute, " . "startmeridian, " . "endhour, " . "endminute, " . "endmeridian, " . "`order`) " . "VALUES " . "({$brid}, " . "{$sh}," . "{$smi}," . "'{$sme}'," . "{$eh}," . "{$emi}," . "'{$eme}'," . "0)";
doQuery($query);
$return = XMLRPCprocessBlockTime($btid, $ignoreprivileges);
$return['blockTimesid'] = $btid;
return $return;
}
$formVars['serialNo'] = $serialNo;
// for '$recordAction = "add"' we update the original '$formVars' array element to ensure a correct serial number when generating the file name via the 'parsePlaceholderString()' function
// handle file uploads:
// for '$recordAction = "add"' file name generation needs to be done *after* the record has been created and a serial number is available
if (!empty($uploadFile) && !empty($uploadFile["tmp_name"])) {
// process information of any file that was uploaded, auto-generate a file name if required and move the file to the appropriate directory:
$fileName = handleFileUploads($uploadFile, $formVars);
$queryRefsUpdateFileName = "UPDATE {$tableRefs} SET file = " . quote_smart($fileName) . " WHERE serial = " . quote_smart($serialNo);
$result = queryMySQLDatabase($queryRefsUpdateFileName);
// function 'queryMySQLDatabase()' is defined in 'include.inc.php'
}
$queryUserData = "INSERT INTO {$tableUserData} SET " . "marked = " . quote_smart($markedRadio) . ", " . "copy = " . quote_smart($copyName) . ", " . "selected = " . quote_smart($selectedRadio) . ", " . "user_keys = " . quote_smart($userKeysName) . ", " . "user_notes = " . quote_smart($userNotesName) . ", " . "user_file = " . quote_smart($userFileName) . ", " . "user_groups = " . quote_smart($userGroupsName) . ", " . "cite_key = " . quote_smart($citeKeyName) . ", " . "related = " . quote_smart($relatedName) . ", " . "record_id = " . quote_smart($serialNo) . ", " . "user_id = " . quote_smart($loginUserID) . ", " . "data_id = NULL";
// inserting 'NULL' into an auto_increment PRIMARY KEY attribute allocates the next available key value
$result = queryMySQLDatabase($queryUserData);
// function 'queryMySQLDatabase()' is defined in 'include.inc.php'
getUserGroups($tableUserData, $loginUserID);
// update the 'userGroups' session variable (function 'getUserGroups()' is defined in 'include.inc.php')
// Send EMAIL announcement:
if ($sendEmailAnnouncements == "yes") {
// first, build an appropriate author string:
// Call the 'extractAuthorsLastName()' function (defined in 'include.inc.php') to extract the last name of a particular author (specified by position). Required Parameters:
// 1. pattern describing delimiter that separates different authors
// 2. pattern describing delimiter that separates author name & initials (within one author)
// 3. position of the author whose last name shall be extracted (e.g., "1" will return the 1st author's last name)
// 4. contents of the author field
$authorString = extractAuthorsLastName("/ *; */", "/ *, */", 1, $authorName);
if ($authorCount == "2") {
$authorString .= " & ";
$authorString .= extractAuthorsLastName("/ *; */", "/ *, */", 2, $authorName);
}
if ($authorCount == "3") {
}
if (SQUID_LDAP_PASSWORD_REGEX && !preg_match(SQUID_LDAP_PASSWORD_REGEX, _post("password"))) {
$errors[] = "Invalid password.";
}
if (!$errors) {
$un = _post("username");
$pw = _post("password");
$register = _post("register_device") == 1;
$ad = ldap_connect(SQUID_LDAP_SERVER);
if ($ad !== false && @ldap_bind($ad, $un . SQUID_LDAP_USERNAME_APPEND, $pw)) {
$allowed = true;
$proxyEnforced = true;
$sessionTime = SQUID_DEFAULT_SESSION_DURATION;
if (!empty($SQUID_LDAP_GROUP_PERMISSIONS)) {
$allowed = false;
$groups = getUserGroups($un, true, false);
if (is_array($groups)) {
foreach ($SQUID_LDAP_GROUP_PERMISSIONS as $groupDN => $groupPermissions) {
if (in_array($groupDN, $groups) && (!$register && $groupPermissions["ALLOW_SESSION"] || $register && $groupPermissions["ALLOW_DEVICE_REGISTRATION"])) {
$allowed = true;
if (!$register && isset($groupPermissions["SESSION_DURATION"])) {
$sessionTime = $groupPermissions["SESSION_DURATION"];
}
if (isset($groupPermissions["ALLOW_NO_PROXY"]) && $groupPermissions["ALLOW_NO_PROXY"]) {
$proxyEnforced = false;
}
break;
}
}
}
}
function processBlockAllocationInput()
{
global $user;
$return = array();
$method = getContinuationVar('method');
$return['name'] = processInputVar('name', ARG_STRING);
$return['owner'] = processInputVar('owner', ARG_STRING);
$return['imageid'] = processInputVar('imageid', ARG_NUMERIC);
$return['seats'] = processInputVar('seats', ARG_NUMERIC);
$return['groupid'] = processInputVar('groupid', ARG_NUMERIC);
$override = getContinuationVar('override', 0);
$type = processInputVar('type', ARG_STRING);
$err = 0;
if ($method != 'request' && !preg_match('/^([-a-zA-Z0-9\\. \\(\\)]){3,80}$/', $return['name'])) {
$errmsg = i("The name can only contain letters, numbers, spaces, dashes(-), and periods(.) and can be from 3 to 80 characters long");
$err = 1;
}
$resources = getUserResources(array("imageAdmin", "imageCheckOut"));
$resources["image"] = removeNoCheckout($resources["image"]);
if (!array_key_exists($return['imageid'], $resources['image'])) {
$errmsg = i("The submitted image is invalid.");
$err = 1;
}
if (!$err && $method != 'request' && !validateUserid($return['owner'])) {
$errmsg = i("The submitted owner is invalid.");
$err = 1;
} else {
$return['ownerid'] = getUserlistID($return['owner']);
}
$groups = getUserGroups(0, $user['affiliationid']);
$extragroups = getContinuationVar('extragroups');
if (!$err && !array_key_exists($return['groupid'], $groups) && !array_key_exists($return['groupid'], $extragroups) && $return['groupid'] != 0) {
$errmsg = i("The submitted user group is invalid.");
$err = 1;
}
if (!$err && $return['groupid'] == 0) {
$return['groupid'] = 'NULL';
}
if (!$err && ($return['seats'] < MIN_BLOCK_MACHINES || $return['seats'] > MAX_BLOCK_MACHINES)) {
$errmsg = sprintf(i("The submitted number of seats must be between %d and %d."), MIN_BLOCK_MACHINES, MAX_BLOCK_MACHINES);
$err = 1;
}
if (!$err) {
$imgdata = getImages(0, $return['imageid']);
$concur = $imgdata[$return['imageid']]['maxconcurrent'];
if (!is_null($concur) && $concur != 0 && $return['seats'] > $concur) {
$errmsg = sprintf(i("The selected image can only have %d concurrent reservations. Please reduce the number of requested seats to %d or less."), $concur, $concur);
$err = 1;
}
}
$dooverride = 0;
# check user group access to image
if (($method == 'new' || $method == 'edit') && !$err && !$override) {
$groupresources = getUserResources(array("imageAdmin", "imageCheckOut"), array("available"), 0, 0, 0, $return['groupid']);
if (!array_key_exists($return['imageid'], $groupresources['image'])) {
$dooverride = 1;
$errmsg = i("WARNING - The selected user group does not currently have access to the selected environment. You can submit the Block Allocation again to ignore this warning.");
$err = 1;
}
}
if (!$err && $type != 'weekly' && $type != 'monthly' && $type != 'list') {
$errmsg = i("You must select one of \"Repeating Weekly\", \"Repeating Monthly\", or \"List of Dates/Times\".");
$err = 1;
}
if (!$err) {
if ($type == 'list') {
$slots = processInputVar('slots', ARG_STRING);
$return['slots'] = explode(',', $slots);
$return['times'] = array();
$lastdate = array('day' => '', 'ts' => 0);
foreach ($return['slots'] as $slot) {
$tmp = explode('|', $slot);
if (count($tmp) != 3) {
$errmsg = i("Invalid date/time submitted.");
$err = 1;
break;
}
$date = $tmp[0];
if (!$err) {
$datets = strtotime($date);
if ($method != 'edit' && $datets < time() - SECINDAY) {
$errmsg = i("The date must be today or later.");
$err = 1;
break;
}
}
$return['times'][] = "{$tmp[1]}|{$tmp[2]}";
if ($datets > $lastdate['ts']) {
$lastdate['ts'] = $datets;
$lastdate['day'] = $date;
}
}
if (!$err) {
$expirets = strtotime("{$lastdate['day']} 23:59:59");
$return['expiretime'] = unixToDatetime($expirets);
}
}
if ($type == 'weekly' || $type == 'monthly') {
$return['startdate'] = processInputVar('startdate', ARG_NUMERIC);
$return['enddate'] = processInputVar('enddate', ARG_NUMERIC);
$times = processInputVar('times', ARG_STRING);
$return['startts'] = strtotime($return['startdate']);
$return['endts'] = strtotime($return['enddate']);
if ($return['startts'] > $return['endts']) {
$errmsg = i("The Last Date of Usage must be the same or later than the First Date of Usage.");
$err = 1;
} elseif ($method != 'edit' && $return['startts'] < time() - SECINDAY) {
$errmsg = i("The start date must be today or later.");
$err = 1;
}
$expirets = strtotime("{$return['enddate']} 23:59:59");
$return['expiretime'] = unixToDatetime($expirets);
$return['times'] = explode(',', $times);
}
foreach ($return['times'] as $time) {
$tmp = explode('|', $time);
if (count($tmp) != 2) {
$errmsg = i("Invalid start/end time submitted");
$err = 1;
break;
}
$start = explode(':', $tmp[0]);
if (count($start) != 2 || !is_numeric($start[0]) || !is_numeric($start[1]) || $start[0] < 0 || $start[0] > 23 || $start[1] < 0 || $start[1] > 59) {
$errmsg = i("Invalid start time submitted");
$err = 1;
break;
}
$end = explode(':', $tmp[1]);
if (count($end) != 2 || !is_numeric($end[0]) || !is_numeric($end[1]) || $end[0] < 0 || $end[0] > 23 || $end[1] < 0 || $end[1] > 59) {
$errmsg = i("Invalid end time submitted");
$err = 1;
break;
}
$start = minuteOfDay($start[0], $start[1]);
$end = minuteOfDay($end[0], $end[1]);
if ($start >= $end) {
$errmsg = i("Each start time must be less than the corresponding end time.");
$err = 1;
break;
}
}
if ($type == 'weekly') {
$validdays = 0;
$errmsg = '';
for ($day = $return['startts'], $i = 0; $i < 7, $day < $return['endts'] + SECINDAY; $i++, $day += SECINDAY) {
$daynum = date('w', $day);
$validdays |= 1 << $daynum;
}
$days = processInputVar('days', ARG_STRING);
$dayscheck = processInputVar('days', ARG_NUMERIC);
if ($days == '' && $dayscheck == '0') {
$days = 0;
}
$return['daymask'] = 0;
if (!$err) {
foreach (explode(',', $days) as $day) {
if ($day == '' || $day < 0 || $day > 6) {
$errmsg = i("Invalid day submitted.");
$err = 1;
break;
}
$return['daymask'] |= 1 << $day;
}
}
if (!$err && ($return['daymask'] & $validdays) == 0) {
$errmsg = i("No valid days submitted for the specified date range.");
$err = 1;
}
}
if ($type == 'monthly') {
$return['weeknum'] = processInputVar('weeknum', ARG_NUMERIC);
$return['day'] = processInputVar('day', ARG_NUMERIC);
if (!$err && ($return['weeknum'] < 1 || $return['weeknum'] > 5)) {
$errmsg = i("Invalid week number submitted.");
$err = 1;
}
if (!$err && ($return['day'] < 1 || $return['day'] > 7)) {
$errmsg = i("Invalid day of week submitted.");
$err = 1;
}
$times = getMonthlyBlockTimes('', $return['startts'], $return['endts'], $return['day'], $return['weeknum'], $return['times']);
if (!$err && empty($times)) {
$errmsg = i("Specified day of month not found in date range.");
$err = 1;
}
}
}
if ($method == 'request') {
$return['comments'] = processInputVar('comments', ARG_STRING);
if (get_magic_quotes_gpc()) {
$return['comments'] = stripslashes($return['comments']);
}
if (!$err && preg_match('/[<>]/', $return['comments'])) {
$errmsg = i("<>\\'s are not allowed in the comments.");
$err = 1;
}
}
if ($err) {
print "clearHideConfirmForm();";
print "alert('{$errmsg}');";
$data = array('extragroups' => $extragroups, 'method' => $method);
if ($method == 'edit') {
$data['blockid'] = getContinuationVar('blockid');
}
$cont = addContinuationsEntry('AJblockAllocationSubmit', $data, SECINWEEK, 1, 0);
print "dojo.byId('submitcont').value = '{$cont}';";
if ($dooverride) {
$data['override'] = 1;
$cont = addContinuationsEntry('AJblockAllocationSubmit', $data, SECINWEEK, 1, 0);
print "dojo.byId('submitcont2').value = '{$cont}';";
} else {
print "dojo.byId('submitcont2').value = '';";
}
}
$return['type'] = $type;
$return['err'] = $err;
return $return;
}
if (is_null($proxyPort)) {
releaseLock();
exit("No spare WAN ports for this IP address.");
}
if ($conn->query("insert into wan_sessions (username, serial_number, ip_address, proxy_port, auth_time_utc, expiry_time_utc)\nvalues ('" . $conn->escape_string($username) . "', '" . $conn->escape_string($serialNumber) . "', '{$srcIP}', {$proxyPort}, UTC_TIMESTAMP(), ADDTIME(UTC_TIMESTAMP(), '" . SQUID_WAN_SESSION_DURATION . "'))")) {
iptablesAddWanUser($srcIP, $proxyPort);
} else {
releaseLock();
exit("Error creating session.");
}
} else {
renewWanSession($sessionId, $conn);
}
releaseLock();
// check that our user is active, and hand out a custom PAC if required
$userGroups = getUserGroups($username, true, false);
// if $userGroups === FALSE, the user is inactive (or we encountered an LDAP error)
if (is_array($userGroups)) {
$pacFile = SQUID_ROOT . "/pac.wan.js";
$subs["{PORT}"] = $proxyPort;
foreach ($userGroups as $userGroup) {
if (isset($SQUID_CUSTOM_PAC) && is_array($SQUID_CUSTOM_PAC) && array_key_exists($userGroup, $SQUID_CUSTOM_PAC)) {
$pacFile = SQUID_ROOT . "/" . $SQUID_CUSTOM_PAC[$userGroup];
break;
}
}
}
} else {
$q->close();
releaseLock();
}
$ttl = $row[1] + 0;
// keep the session alive
renewWanSession($row[2], $mconn);
}
releaseLock();
}
if (!$un) {
writeReply("ERR");
// negative cache TTL is 5 seconds
cacheResult($srcIP, $mac, isset($input[1]) ? $input[1] : "", null, 5);
continue;
}
if ($ttl > SQUID_MAX_TTL) {
$ttl = SQUID_MAX_TTL;
}
$userGroups = getUserGroups($un, true, true, $ldapServer, $ldapUser, $ldapPassword, $ldapBase);
if ($userGroups === false) {
// this could indicate a disabled account or an LDAP error
writeReply(SQUID_FAILURE_CODE . " message=\"Unable to retrieve groups for '{$un}'.\"");
cacheResult($srcIP, $mac, isset($input[1]) ? $input[1] : "", null, 10);
continue;
}
if (!isset($input[1])) {
writeReply("OK user={$un}");
cacheResult($srcIP, $mac, "", $un, $ttl);
continue;
} else {
if (!isset($ldapGroups[$input[1]])) {
writeReply(SQUID_FAILURE_CODE . " message=\"No matching group DN found for '{$input['1']}'.\"");
cacheResult($srcIP, $mac, $input[1], null, SQUID_MAX_TTL);
continue;
function AJsaveUserGroupPrivs()
{
global $user;
$groups = getUserGroups(0, $user['affiliationid']);
$groupid = processInputVar('groupid', ARG_NUMERIC);
if (!array_key_exists($groupid, $groups)) {
sendJSON(array('failed' => 'noaccess'));
return;
}
$permids = processInputVar('permids', ARG_STRING);
if (!preg_match('/^[0-9,]*$/', $permids)) {
sendJSON(array('failed' => 'invalid input'));
return;
}
$perms = explode(',', $permids);
$query = "DELETE FROM usergrouppriv WHERE usergroupid = {$groupid}";
doQuery($query, 101);
if (empty($perms[0])) {
sendJSON(array('success' => 1));
return;
}
$values = array();
foreach ($perms as $permid) {
$values[] = "({$groupid}, {$permid})";
}
$allvals = implode(',', $values);
$query = "INSERT INTO usergrouppriv " . "(usergroupid, " . "userprivtypeid) " . "VALUES {$allvals}";
doQuery($query, 101);
sendJSON(array('success' => 1));
$_SESSION['user']["groupperms"] = getUsersGroupPerms(array_keys($user['groups']));
}
function confirmDeleteGroup()
{
$groupid = getContinuationVar("groupid");
$type = getContinuationVar("type");
$usergroups = getUserGroups(1);
$resourcegroups = getResourceGroups();
if ($type == "user") {
$title = "Delete User Group";
$question = "Delete the following user group?";
$name = $usergroups[$groupid]["name"];
$target = "";
} else {
$title = "Delete Resource Group";
$question = "Delete the following resource group?";
list($resourcetype, $name) = split('/', $resourcegroups[$groupid]["name"]);
$target = "#resources";
}
if (checkForGroupUsage($groupid, $type)) {
print "<H2 align=center>{$title}</H2>\n";
print "This group is currently assigned to at least one node in the ";
print "privilege tree. You cannot delete it until it is no longer ";
print "in use.";
return;
}
print "<DIV align=center>\n";
print "<H2>{$title}</H2>\n";
print "{$question}<br><br>\n";
print "<TABLE>\n";
if ($type == "resource") {
print " <TR>\n";
print " <TH align=right>Type:</TH>\n";
print " <TD>{$resourcetype}</TD>\n";
print " </TR>\n";
}
print " <TR>\n";
print " <TH align=right>Name:</TH>\n";
print " <TD>{$name}</TD>\n";
print " </TR>\n";
if ($type == "resource") {
print " <TR>\n";
print " <TH align=right>Owning User Group:</TH>\n";
print " <TD>" . $resourcegroups[$groupid]["owner"] . "</TD>\n";
print " </TR>\n";
}
print "</TABLE>\n";
print "<TABLE>\n";
print " <TR valign=top>\n";
print " <TD>\n";
print " <FORM action=\"" . BASEURL . SCRIPT . "{$target}\" method=post>\n";
$cdata = array('groupid' => $groupid, 'type' => $type);
$cont = addContinuationsEntry('submitDeleteGroup', $cdata);
print " <INPUT type=hidden name=continuation value=\"{$cont}\">\n";
print " <INPUT type=submit value=Submit>\n";
print " </FORM>\n";
print " </TD>\n";
print " <TD>\n";
print " <FORM action=\"" . BASEURL . SCRIPT . "\" method=post>\n";
print " <INPUT type=hidden name=mode value=viewGroups>\n";
print " <INPUT type=submit value=Cancel>\n";
print " </FORM>\n";
print " </TD>\n";
print " </TR>\n";
print "</TABLE>\n";
}
function check_login($referer, $loginEmail, $loginPassword)
{
global $username;
global $password;
global $hostName;
global $databaseName;
global $connection;
global $HeaderString;
global $loginUserID;
global $loginFirstName;
global $loginLastName;
global $adminLoginEmail;
global $abbrevInstitution;
global $tableAuth, $tableUserData, $tableUsers;
// defined in 'db.inc.php'
global $loc;
// Get the two character salt from the email address collected from the challenge
$salt = substr($loginEmail, 0, 2);
// Encrypt the loginPassword collected from the challenge (so that we can compare it to the encrypted passwords that are stored in the 'auth' table)
$crypted_password = crypt($loginPassword, $salt);
// CONSTRUCT SQL QUERY:
$query = "SELECT user_id FROM {$tableAuth} WHERE email = " . quote_smart($loginEmail) . " AND password = "******"errors");
}
// function 'deleteSessionVariable()' is defined in 'include.inc.php'
if (isset($_SESSION['formVars'])) {
// delete the 'formVars' session variable:
deleteSessionVariable("formVars");
}
// function 'deleteSessionVariable()' is defined in 'include.inc.php'
$userID = $row["user_id"];
// extract the user's userID from the last query
// Now we need to get the user's first name and last name (e.g., in order to display them within the login welcome message)
$query = "SELECT user_id, first_name, last_name, abbrev_institution, language, last_login FROM {$tableUsers} WHERE user_id = " . quote_smart($userID);
// CONSTRUCT SQL QUERY
$result = queryMySQLDatabase($query);
// RUN the query on the database through the connection (function 'queryMySQLDatabase()' is defined in 'include.inc.php')
$row2 = mysql_fetch_array($result);
// EXTRACT results: fetch the one row into the array '$row2'
// Save the fetched user details to the session file:
// Write back session variables:
saveSessionVariable("loginEmail", $loginEmail);
// function 'saveSessionVariable()' is defined in 'include.inc.php'
saveSessionVariable("loginUserID", $row2["user_id"]);
saveSessionVariable("loginFirstName", $row2["first_name"]);
saveSessionVariable("loginLastName", $row2["last_name"]);
saveSessionVariable("abbrevInstitution", $row2["abbrev_institution"]);
saveSessionVariable("userLanguage", $row2["language"]);
saveSessionVariable("lastLogin", $row2["last_login"]);
// Get all user groups specified by the current user
// and (if some groups were found) save them as semicolon-delimited string to the session variable 'userGroups':
getUserGroups($tableUserData, $row2["user_id"]);
// function 'getUserGroups()' is defined in 'include.inc.php'
if ($loginEmail == $adminLoginEmail) {
// ('$adminLoginEmail' is specified in 'ini.inc.php')
// Get all user groups specified by the admin
// and (if some groups were found) save them as semicolon-delimited string to the session variable 'adminUserGroups':
getUserGroups($tableUsers, $row2["user_id"]);
}
// function 'getUserGroups()' is defined in 'include.inc.php'
// Get all user queries that were saved previously by the current user
// and (if some queries were found) save them as semicolon-delimited string to the session variable 'userQueries':
getUserQueries($row2["user_id"]);
// function 'getUserQueries()' is defined in 'include.inc.php'
// Get all export formats that were selected previously by the current user
// and (if some formats were found) save them as semicolon-delimited string to the session variable 'user_export_formats':
getVisibleUserFormatsStylesTypes($row2["user_id"], "format", "export");
// function 'getVisibleUserFormatsStylesTypes()' is defined in 'include.inc.php'
// Get all citation formats that were selected previously by the current user
// and (if some formats were found) save them as semicolon-delimited string to the session variable 'user_cite_formats':
getVisibleUserFormatsStylesTypes($row2["user_id"], "format", "cite");
// function 'getVisibleUserFormatsStylesTypes()' is defined in 'include.inc.php'
// Get all citation styles that were selected previously by the current user
// and (if some styles were found) save them as semicolon-delimited string to the session variable 'user_styles':
getVisibleUserFormatsStylesTypes($row2["user_id"], "style", "");
// function 'getVisibleUserFormatsStylesTypes()' is defined in 'include.inc.php'
// Get all document types that were selected previously by the current user
// and (if some types were found) save them as semicolon-delimited string to the session variable 'user_types':
getVisibleUserFormatsStylesTypes($row2["user_id"], "type", "");
// function 'getVisibleUserFormatsStylesTypes()' is defined in 'include.inc.php'
// Get the user permissions for the current user
// and save all allowed user actions as semicolon-delimited string to the session variable 'user_permissions':
getPermissions($row2["user_id"], "user", true);
// function 'getPermissions()' is defined in 'include.inc.php'
// Get the default view for the current user
// and save it to the session variable 'userDefaultView':
getDefaultView($row2["user_id"]);
// function 'getDefaultView()' is defined in 'include.inc.php'
// Get the default number of records per page preferred by the current user
// and save it to the session variable 'userRecordsPerPage':
getDefaultNumberOfRecords($row2["user_id"]);
// function 'getDefaultNumberOfRecords()' is defined in 'include.inc.php'
// Get the user's preference for displaying auto-completions
// and save it to the session variable 'userAutoCompletions':
getPrefAutoCompletions($row2["user_id"]);
// function 'getPrefAutoCompletions()' is defined in 'include.inc.php'
// Get the list of "main fields" for the current user
// and save the list of fields as comma-delimited string to the session variable 'userMainFields':
getMainFields($row2["user_id"]);
// function 'getMainFields()' is defined in 'include.inc.php'
// We also update the user's entry within the 'users' table:
$query = "UPDATE {$tableUsers} SET " . "last_login = NOW(), " . "logins = logins+1 " . "WHERE user_id = {$userID}";
// RUN the query on the database through the connection:
$result = queryMySQLDatabase($query);
// function 'queryMySQLDatabase()' is defined in 'include.inc.php'
if (!preg_match("#/(error|user_login|install)\\.php#i", $referer)) {
header("Location: " . $referer);
} else {
header("Location: index.php");
}
// back to main page
} else {
// Ensure 'loginEmail' is not registered, so the user is not logged in
if (isset($_SESSION['loginEmail'])) {
// delete the 'loginEmail' session variable:
deleteSessionVariable("loginEmail");
}
// function 'deleteSessionVariable()' is defined in 'include.inc.php'
// Save an error message:
$HeaderString = "<b><span class=\"warning\">" . $loc["LoginFailedYouProvidedAnIncorrectEmailAddressOrPassword"] . "</span></b>";
// Write back session variables:
saveSessionVariable("HeaderString", $HeaderString);
// function 'saveSessionVariable()' is defined in 'include.inc.php'
login_page($referer);
}
// -------------------
// (5) CLOSE the database connection:
disconnectFromMySQLDatabase();
// function 'disconnectFromMySQLDatabase()' is defined in 'include.inc.php'
}
<?php
/*
Script para manejar cualquier request para obtener datos de la base de datos
*/
require_once 'functions.php';
if (isset($_POST['id']) and isset($_POST['getData'])) {
switch ($_POST['getData']) {
case 0:
echo json_encode(getUserGroups($_POST['id']));
break;
case 1:
echo json_encode(getTeacherUserGroups($_POST['id']));
break;
case 2:
echo json_encode(getTeachers());
break;
case 3:
echo json_encode(getAllGroups());
break;
case 4:
echo json_encode(getTasksFromClass($_POST['group']));
break;
case 5:
echo json_encode(getStudentsFromClass($_POST['group']));
break;
case 6:
echo json_encode(getAllGroupsReport());
break;
case 7:
echo json_encode(getTeacherUserGroupsReport($_POST['id']));
function processProfileInput()
{
global $user;
$ret = array();
$ret['profileid'] = processInputVar('id', ARG_NUMERIC);
$ret['name'] = processInputVar('name', ARG_STRING);
$ret['desc'] = processInputVar('desc', ARG_STRING);
$ret['imageid'] = processInputVar('imageid', ARG_NUMERIC);
$ret['fixedMAC'] = processInputVar('fixedMAC', ARG_STRING);
$ret['admingroupid'] = processInputVar('admingroupid', ARG_NUMERIC);
$ret['logingroupid'] = processInputVar('logingroupid', ARG_NUMERIC);
$monitored = processInputVar('monitored', ARG_STRING);
$ret['fixedIP'] = processInputVar('fixedIP', ARG_STRING);
$ret['netmask'] = processInputVar('netmask', ARG_STRING);
$ret['router'] = processInputVar('router', ARG_STRING);
$ret['dns'] = processInputVar('dns', ARG_STRING);
$ret['dnsArr'] = array();
$err = array();
# validate access to this profile
$resources = getUserResources(array("serverProfileAdmin"), array("administer"));
if ($ret['profileid'] != 70000 && !array_key_exists($ret['profileid'], $resources['serverprofile'])) {
$err['msg'] = "You do not have access to administer this server profile.";
$err['field'] = 'profileid';
$err['error'] = 1;
return $err;
}
if (!preg_match('/^([-a-zA-Z0-9_\\. ]){3,255}$/', $ret['name'])) {
$err['msg'] = "The name can only contain letters, numbers, spaces, dashes(-), " . "underscores(_), and periods(.) and can be from 3 to 255 characters long";
$err['field'] = 'name';
$err['error'] = 1;
return $err;
}
if (!preg_match("/^([-a-zA-Z0-9\\. ,;:@#&\\(\\)_+\\/?\n]){0,1000}\$/", $ret['desc'])) {
$err['msg'] = "The description can only contain letters, numbers, spaces, and " . "these characters: - , ; . : @ # & ( ) _ + / ? and can be from " . "3 to 1000 characters long";
$err['field'] = 'desc';
$err['error'] = 1;
return $err;
}
$resources = getUserResources(array("imageAdmin", "imageCheckOut"));
$images = removeNoCheckout($resources['image']);
if (!array_key_exists($ret['imageid'], $images)) {
$err['msg'] = "Invalid image selected";
$err['field'] = 'imageid';
$err['error'] = 1;
return $err;
}
$addrArr = explode('.', $ret['fixedIP']);
if ($ret['fixedIP'] == '') {
$ret['fixedIP'] = 'NULL';
} elseif (!validateIPv4addr($ret['fixedIP'])) {
$err['msg'] = "Invalid value for Fixed IP Address. Must be w.x.y.z with each of " . "w, x, y, and z being between 1 and 255 (inclusive)";
$err['field'] = 'fixedIP';
$err['error'] = 1;
return $err;
} elseif (!preg_match('/^[1]+0[^1]+$/', sprintf('%032b', ip2long($ret['netmask'])))) {
$err['msg'] = "Invalid netmask specified";
$err['field'] = 'netmask';
$err['error'] = 1;
return $err;
} elseif (!validateIPv4addr($ret['router'])) {
$err['msg'] = "Invalid value for Router. Must be w.x.y.z with each of " . "w, x, y, and z being between 1 and 255 (inclusive)";
$err['field'] = 'router';
$err['error'] = 1;
return $err;
} elseif ((ip2long($ret['fixedIP']) & ip2long($ret['netmask'])) != (ip2long($ret['router']) & ip2long($ret['netmask']))) {
$err['msg'] = "IP address and router are not on the same subnet " . "based on the specified netmask.";
$err['field'] = 'router';
$err['error'] = 1;
return $err;
}
if ($ret['fixedIP'] != 'NULL') {
$tmp = explode(',', $ret['dns']);
$cnt = 0;
foreach ($tmp as $dnsaddr) {
if ($cnt && $dnsaddr == '') {
continue;
}
if ($cnt == 3) {
$err['msg'] = "Too many DNS servers specified - up to 3 are allowed.";
$err['field'] = 'dns';
$err['error'] = 1;
return $err;
}
if (!validateIPv4addr($dnsaddr)) {
$err['msg'] = "Invalid DNS server specified";
$err['field'] = 'dns';
$err['error'] = 1;
return $err;
}
$ret['dnsArr'][] = $dnsaddr;
$cnt++;
}
}
if ($ret['fixedMAC'] == '') {
$ret['fixedMAC'] = 'NULL';
} elseif (!preg_match('/^(([A-Fa-f0-9]){2}:){5}([A-Fa-f0-9]){2}$/', $ret['fixedMAC'])) {
$err['msg'] = "Invalid MAC address. Must be XX:XX:XX:XX:XX:XX with each pair of " . "XX being from 00 to FF (inclusive)";
$err['field'] = 'fixedMAC';
$err['error'] = 1;
return $err;
}
$usergroups = getUserGroups();
/*$usergroups = getUserEditGroups($user['id']);
$extraadmingroups = getServerProfileGroups($user['id'], 'admin');*/
if ($ret['admingroupid'] == 0) {
$ret['admingroupid'] = 'NULL';
} elseif (!array_key_exists($ret['admingroupid'], $usergroups)) {
$err['msg'] = "Invalid Admin User Group selected";
$err['field'] = 'admingroupid';
$err['error'] = 1;
return $err;
}
#$extralogingroups = getServerProfileGroups($user['id'], 'login');
if ($ret['logingroupid'] == 0) {
$ret['logingroupid'] = 'NULL';
} elseif (!array_key_exists($ret['logingroupid'], $usergroups)) {
$err['msg'] = "Invalid Access User Group selected";
$err['field'] = 'logingroupid';
$err['error'] = 1;
return $err;
}
if (!preg_match('/^(false|on)$/', $monitored)) {
$err['msg'] = "Invalid value submitted for Monitored";
$err['field'] = 'monitored';
$err['error'] = 1;
return $err;
}
if ($monitored == 'on') {
$ret['monitored'] = 1;
} else {
$ret['monitored'] = 0;
}
return $ret;
}
function confirmDeleteGroup()
{
global $user;
$groupid = getContinuationVar("groupid");
$type = getContinuationVar("type");
$usergroups = getUserGroups();
$groupid = processInputVar('groupid', ARG_NUMERIC);
if ($type == 'user') {
if (!array_key_exists($groupid, $usergroups)) {
print "<h2>Delete User Group</h2>\n";
print "The selected user group does not exist.\n";
return;
}
if ($usergroups[$groupid]['ownerid'] != $user['id']) {
if ($usergroups[$groupid]['custom'] == 0 || $usergroups[$groupid]['courseroll'] == 1) {
if (!checkUserHasPerm('Manage Federated User Groups (global)') && (!checkUserHasPerm('Manage Federated User Groups (affiliation only)') || $usergroups[$groupid]['groupaffiliationid'] != $user['affiliationid'])) {
print "<h2>Delete User Group</h2>\n";
print "You do not have access to delete the selected user group.\n";
return;
}
} else {
print "<h2>Delete User Group</h2>\n";
print "You do not have access to delete the selected user group.\n";
return;
}
}
$tmp = explode('@', $usergroups[$groupid]['name']);
$checkname = $tmp[0];
if ($usergroups[$groupid]['groupaffiliationid'] == 1 && ($checkname == 'Specify End Time' || $checkname == 'Allow No User Check' || $checkname == 'Default for Editable by')) {
print "<h2>Delete User Group</h2>\n";
print "{$usergroups[$groupid]['name']} is a system group that cannot be deleted";
return;
}
} else {
$userresources = getUserResources(array("groupAdmin"), array("manageGroup"), 1);
$noaccess = 1;
foreach (array_keys($userresources) as $rtype) {
if (array_key_exists($groupid, $userresources[$rtype])) {
$noaccess = 0;
break;
}
}
if ($noaccess) {
print "<h2>Delete Resource Group</h2>\n";
print "You do not have access to delete the selected resource group.\n";
return;
}
}
$resourcegroups = getResourceGroups();
if ($type == "user") {
$title = "Delete User Group";
$usemsg = "This group is currently in use. You cannot delete it until " . "it is no longer being used.";
$question = "Delete the following user group?";
$name = $usergroups[$groupid]["name"];
$target = "";
} else {
$title = "Delete Resource Group";
$usemsg = "This group is currently assigned to at least one node in the " . "privilege tree. You cannot delete it until it is no longer " . "in use.";
$question = "Delete the following resource group?";
list($resourcetype, $name) = explode('/', $resourcegroups[$groupid]["name"]);
$target = "#resources";
}
if (checkForGroupUsage($groupid, $type, $usemsg)) {
print "<H2 align=center>{$title}</H2>\n";
print $usemsg;
return;
}
print "<DIV align=center>\n";
print "<H2>{$title}</H2>\n";
print "{$question}<br><br>\n";
print "<TABLE>\n";
if ($type == "resource") {
print " <TR>\n";
print " <TH align=right>Type:</TH>\n";
print " <TD>{$resourcetype}</TD>\n";
print " </TR>\n";
}
print " <TR>\n";
print " <TH align=right>Name:</TH>\n";
print " <TD>{$name}</TD>\n";
print " </TR>\n";
if ($type == "resource") {
print " <TR>\n";
print " <TH align=right>Owning User Group:</TH>\n";
print " <TD>" . $resourcegroups[$groupid]["owner"] . "</TD>\n";
print " </TR>\n";
} elseif ($usergroups[$groupid]['courseroll'] == 1 || $usergroups[$groupid]['custom'] == 0) {
print "<TR>\n";
print " <TH align=right>Type:</TH>\n";
if ($usergroups[$groupid]['courseroll'] == 1) {
print " <TD>Course Roll</TD>\n";
} elseif ($usergroups[$groupid]['custom'] == 0) {
print " <TD>Federated</TD>\n";
}
print "</TR>\n";
print "<TR>\n";
print " <TD colspan=2><br><strong>Note</strong>: This type of group is ";
print "created from external sources<br>and could be recreated from ";
print "those sources at any time.<br><br></TD>\n";
print "</TR>\n";
}
print "</TABLE>\n";
print "<TABLE>\n";
print " <TR valign=top>\n";
print " <TD>\n";
print " <FORM action=\"" . BASEURL . SCRIPT . "{$target}\" method=post>\n";
$cdata = array('groupid' => $groupid, 'type' => $type);
$cont = addContinuationsEntry('submitDeleteGroup', $cdata);
print " <INPUT type=hidden name=continuation value=\"{$cont}\">\n";
print " <INPUT type=submit value=Submit>\n";
print " </FORM>\n";
print " </TD>\n";
print " <TD>\n";
print " <FORM action=\"" . BASEURL . SCRIPT . "\" method=post>\n";
print " <INPUT type=hidden name=mode value=viewGroups>\n";
print " <INPUT type=submit value=Cancel>\n";
print " </FORM>\n";
print " </TD>\n";
print " </TR>\n";
print "</TABLE>\n";
print "</DIV>\n";
}
function modifyUserGroups($queryTable, $displayType, $recordSerialsArray, $userID, $userGroup)
{
global $tableUserData, $tableUsers;
// defined in 'db.inc.php'
connectToMySQLDatabase();
$userGroupQuoted = preg_quote($userGroup, "/");
// escape meta characters (including '/' that is used as delimiter for the PCRE match & replace functions below and which gets passed as second argument)
if ($queryTable == $tableUserData) {
// for the current user, get all entries within the 'user_data' table that refer to the selected records (listed in '$recordSerialsArray'):
$query = "SELECT record_id, user_groups FROM {$tableUserData} WHERE record_id RLIKE " . quote_smart("^(" . implode("|", $recordSerialsArray) . ")\$") . " AND user_id = " . quote_smart($userID);
} elseif ($queryTable == $tableUsers) {
// for the admin, get all entries within the 'users' table that refer to the selected records (listed in '$recordSerialsArray'):
$query = "SELECT user_id as record_id, user_groups FROM {$tableUsers} WHERE user_id RLIKE " . quote_smart("^(" . implode("|", $recordSerialsArray) . ")\$");
}
// (note that by using 'user_id as record_id' we can use the term 'record_id' as identifier of the primary key for both tables)
$result = queryMySQLDatabase($query);
// RUN the query on the database through the connection
$foundSerialsArray = array();
// initialize array variable (which will hold the serial numbers of all found records)
$rowsFound = @mysql_num_rows($result);
if ($rowsFound > 0) {
while ($row = @mysql_fetch_array($result)) {
$recordID = $row["record_id"];
// get the serial number of the current record
$foundSerialsArray[] = $recordID;
// add this record's serial to the array of found serial numbers
$recordUserGroups = $row["user_groups"];
// extract the user groups that the current record belongs to
// ADD the specified user group to the 'user_groups' field:
if ($displayType == "Add" and !preg_match("/(^|.*;) *{$userGroupQuoted} *(;.*|\$)/", $recordUserGroups)) {
if (empty($recordUserGroups)) {
// and if the 'user_groups' field is completely empty
$recordUserGroups = $userGroup;
} else {
// if the 'user_groups' field does already contain some user content:
$recordUserGroups .= "; " . $userGroup;
}
// append the specified user group to the 'user_groups' field
} elseif ($displayType == "Remove") {
$recordUserGroups = preg_replace("/^ *{$userGroupQuoted} *(?=;|\$)/", "", $recordUserGroups);
// the specified group is listed at the very beginning of the 'user_groups' field
$recordUserGroups = preg_replace("/ *; *{$userGroupQuoted} *(?=;|\$)/", "", $recordUserGroups);
// the specified group occurs after some other group name within the 'user_groups' field
$recordUserGroups = preg_replace("/^ *; */i", "", $recordUserGroups);
// remove any remaining group delimiters at the beginning of the 'user_groups' field
}
if ($queryTable == $tableUserData) {
// for the current record & user ID, update the matching entry within the 'user_data' table:
$queryUserData = "UPDATE {$tableUserData} SET user_groups = " . quote_smart($recordUserGroups) . " WHERE record_id = " . quote_smart($recordID) . " AND user_id = " . quote_smart($userID);
} elseif ($queryTable == $tableUsers) {
// for the current user ID, update the matching entry within the 'users' table:
$queryUserData = "UPDATE {$tableUsers} SET user_groups = " . quote_smart($recordUserGroups) . " WHERE user_id = " . quote_smart($recordID);
}
$resultUserData = queryMySQLDatabase($queryUserData);
// RUN the query on the database through the connection
}
}
if ($queryTable == $tableUserData and $displayType == "Add") {
// for all selected records that have no entries in the 'user_data' table (for this user), we'll need to add a new entry containing the specified group:
$leftoverSerialsArray = array_diff($recordSerialsArray, $foundSerialsArray);
// get all unique array elements of '$recordSerialsArray' which are not in '$foundSerialsArray'
foreach ($leftoverSerialsArray as $leftoverRecordID) {
if ($leftoverRecordID > 0) {
$foundSerialsArray[] = $leftoverRecordID;
// add this record's serial to the array of found serial numbers
// for the current record & user ID, add a new entry (containing the specified group) to the 'user_data' table:
$queryUserData = "INSERT INTO {$tableUserData} SET " . "user_groups = " . quote_smart($userGroup) . ", " . "record_id = " . quote_smart($leftoverRecordID) . ", " . "user_id = " . quote_smart($userID) . ", " . "data_id = NULL";
// inserting 'NULL' into an auto_increment PRIMARY KEY attribute allocates the next available key value
$resultUserData = queryMySQLDatabase($queryUserData);
// RUN the query on the database through the connection
}
}
}
// TODO!
// save an informative message:
// if (count($foundSerialsArray) == "1")
// $recordHeader = $loc["record"]; // use singular form if only one record was updated
// else
// $recordHeader = $loc["records"]; // use plural form if multiple records were updated
// $HeaderString = returnMsg("The groups of " . . " records were updated successfully!", "", "", "HeaderString");
getUserGroups($queryTable, $userID);
// update the appropriate session variable
}
require_once "PEAR.inc";
require_once "radius.inc";
if ($_POST) {
$pconfig = $_POST;
unset($input_errors);
$authcfg = auth_get_authserver($_POST['authmode']);
if (!$authcfg) {
$input_errors[] = $_POST['authmode'] . " " . gettext("is not a valid authentication server");
}
if (empty($_POST['username']) || empty($_POST['password'])) {
$input_errors[] = gettext("A username and password must be specified.");
}
if (!$input_errors) {
if (authenticate_user($_POST['username'], $_POST['password'], $authcfg)) {
$savemsg = gettext("User") . ": " . $_POST['username'] . " " . gettext("authenticated successfully.");
$groups = getUserGroups($_POST['username'], $authcfg);
$savemsg .= "<br />" . gettext("This user is a member of these groups") . ": <br />";
foreach ($groups as $group) {
$savemsg .= "{$group} ";
}
} else {
$input_errors[] = gettext("Authentication failed.");
}
}
}
$pgtitle = array(gettext("Diagnostics"), gettext("Authentication"));
$shortcut_section = "authentication";
include "head.inc";
?>
<body link="#000000" vlink="#000000" alink="#000000">
saveSessionVariable("userLanguage", $defaultLanguage);
// '$defaultLanguage' is defined in 'ini.inc.php'
saveSessionVariable("userRecordsPerPage", $defaultUserOptions['records_per_page']);
// '$defaultUserOptions' is defined in 'ini.inc.php'
saveSessionVariable("userAutoCompletions", $defaultUserOptions['show_auto_completions']);
saveSessionVariable("userMainFields", $defaultUserOptions['main_fields']);
}
// Get all user groups specified by the current user
// and (if some groups were found) save them as semicolon-delimited string to the session variable 'userGroups':
getUserGroups($tableUserData, $loginUserID);
// function 'getUserGroups()' is defined in 'include.inc.php'
if ($loginEmail == $adminLoginEmail) {
// ('$adminLoginEmail' is specified in 'ini.inc.php')
// Get all user groups specified by the admin
// and (if some groups were found) save them as semicolon-delimited string to the session variable 'adminUserGroups':
getUserGroups($tableUsers, $loginUserID);
}
// function 'getUserGroups()' is defined in 'include.inc.php'
// Similarly, get all queries that were saved previously by the current user
// and (if some queries were found) save them as semicolon-delimited string to the session variable 'userQueries':
getUserQueries($loginUserID);
// function 'getUserQueries()' is defined in 'include.inc.php'
// Clear the 'errors' and 'formVars' session variables so a future <form> is blank:
deleteSessionVariable("errors");
// function 'deleteSessionVariable()' is defined in 'include.inc.php'
deleteSessionVariable("formVars");
// ----------------------------------------------
// (4) Now show the user RECEIPT:
header("Location: user_receipt.php?userID={$userID}");
// (5) CLOSE the database connection:
disconnectFromMySQLDatabase();
function processRequestInput()
{
global $user;
$baseaccess = getContinuationVar('baseaccess', 0);
$imagingaccess = getContinuationVar('imagingaccess', 0);
$serveraccess = getContinuationVar('serveraccess', 0);
$openend = getContinuationVar('openend', 0);
$nousercheck = getContinuationVar('nousercheck', 0);
$return['imaging'] = getContinuationVar('imaging', 0);
$maxinitial = getContinuationVar('maxinitial', 0);
$noimaging = getContinuationVar('noimaging', array());
$return = array('err' => 0);
# type
$return['type'] = processInputVar('type', ARG_STRING);
if (!preg_match('/^basic|imaging|server$/', $return['type'])) {
$return['err'] = 1;
$return['errmsg'] = i('Invalid data submitted');
return $return;
}
if ($return['type'] == 'basic' && !$baseaccess || $return['type'] == 'imaging' && !$imagingaccess || $return['type'] == 'server' && !$serveraccess) {
$return['err'] = 1;
$return['errmsg'] = i('No access to submitted reservation type');
return $return;
}
# ending
$return['ending'] = processInputVar('ending', ARG_STRING);
if (!preg_match('/^indefinite|endat|duration$/', $return['ending'])) {
$return['err'] = 1;
$return['errmsg'] = i('Invalid data submitted');
return $return;
}
if ($return['ending'] == 'duration' && !$baseaccess || $return['ending'] == 'indefinite' && !$serveraccess || $return['ending'] == 'endat' && !$openend && !$serveraccess) {
$return['err'] = 1;
$return['errmsg'] = i('No access to submitted end type');
return $return;
}
# imageid
$return['imageid'] = processInputVar('imageid', ARG_NUMERIC);
$resources = getUserResources(array("imageAdmin", "imageCheckOut"));
$withnocheckout = $resources['image'];
$images = removeNoCheckout($resources["image"]);
$extraimages = getServerProfileImages($user['id']);
if (!array_key_exists($return['imageid'], $images) && ($return['type'] != 'server' || !array_key_exists($return['imageid'], $extraimages)) && ($return['type'] != 'imaging' || !array_key_exists($return['imageid'], $withnocheckout)) || $return['type'] == 'imaging' && array_key_exists($return['imageid'], $noimaging)) {
$return['err'] = 1;
$return['errmsg'] = i('No access to submitted environment');
return $return;
}
# nousercheck
$return['nousercheck'] = processInputVar('nousercheck', ARG_NUMERIC);
if (!$nousercheck || $return['nousercheck'] != 1) {
$return['nousercheck'] = 0;
}
# revisionid
$revids = processInputVar("revisionid", ARG_STRING);
$revids = explode(':', $revids);
$images = getImages(0, $return['imageid']);
$return['revisionids'] = array();
if (array_key_exists('subimages', $images[$return['imageid']])) {
$subimages = $images[$return['imageid']]['subimages'];
array_unshift($subimages, $return['imageid']);
foreach ($subimages as $key => $imgid) {
$revisions = getImageRevisions($imgid);
if (!array_key_exists($key, $revids) || !is_numeric($revids[$key]) || !array_key_exists($revids[$key], $revisions)) {
$revid = getProductionRevisionid($imgid);
} else {
$revid = $revids[$key];
}
if (!array_key_exists($imgid, $return['revisionids'])) {
$return['revisionids'][$imgid] = array();
}
$return['revisionids'][$imgid][] = $revid;
}
} elseif ($revids[0] != '' && is_numeric($revids[0])) {
$return['revisionids'][$return['imageid']][] = $revids[0];
} else {
$return['revisionids'][$return['imageid']][] = getProductionRevisionid($return['imageid']);
}
# duration
if ($return['ending'] == 'duration') {
$return['duration'] = processInputVar('duration', ARG_NUMERIC, 0);
if ($return['duration'] > $maxinitial) {
$return['duration'] = $maxinitial;
}
}
# start/end
$return['start'] = processInputVar('start', ARG_NUMERIC);
$return['end'] = processInputVar('end', ARG_NUMERIC, 0);
$now = time();
if ($return['start'] == 0) {
$start = $now;
} else {
$start = $return['start'];
}
if ($return['ending'] == 'endat') {
$end = $return['end'];
}
if ($return['ending'] == 'indefinite') {
$end = datetimeToUnix('2038-01-01 00:00:00');
} elseif ($return['ending'] == 'duration') {
$end = $start + $return['duration'] * 60;
}
if ($start < $now) {
$return['err'] = 1;
$return['errmsg'] = i('The submitted start time is in the past.');
return $return;
}
if ($start + 900 > $end) {
$return['err'] = 1;
$return['errmsg'] = i('The end time must be at least 15 minutes later than the start time.');
return $return;
}
$return['ipaddr'] = '';
$return['macaddr'] = '';
# server specific input
if ($return['type'] == 'server') {
# name
$return['name'] = processInputVar('name', ARG_STRING);
if (!preg_match('/^([-a-zA-Z0-9_\\. ]){0,255}$/', $return['name'])) {
$return['err'] = 1;
$return['errmsg'] = i('The reservation name can only contain letters, numbers, spaces, dashes(-), underscores(_), and periods(.) and can be up to 255 characters long');
return $return;
}
# ipaddr
$return['ipaddr'] = processInputVar('ipaddr', ARG_STRING);
if ($return['ipaddr'] != '') {
# validate fixed IP address
if (!validateIPv4addr($return['ipaddr'])) {
$return['err'] = 1;
$return['errmsg'] = i('Invalid IP address. Must be w.x.y.z with each of w, x, y, and z being between 1 and 255 (inclusive)');
return $return;
}
# validate netmask
$return['netmask'] = processInputVar('netmask', ARG_STRING);
$bnetmask = ip2long($return['netmask']);
if (!preg_match('/^[1]+0[^1]+$/', sprintf('%032b', $bnetmask))) {
$return['err'] = 1;
$return['errmsg'] = i('Invalid netmask specified');
return $return;
}
# validate router
$return['router'] = processInputVar('router', ARG_STRING);
if (!validateIPv4addr($return['router'])) {
$return['err'] = 1;
$return['errmsg'] = i('Invalid router address. Must be w.x.y.z with each of w, x, y, and z being between 1 and 255 (inclusive)');
return $return;
}
$return['network'] = ip2long($return['ipaddr']) & $bnetmask;
if ($return['network'] != (ip2long($return['router']) & $bnetmask)) {
$return['err'] = 1;
$return['errmsg'] = i('IP address and router are not on the same subnet based on the specified netmask.');
return $return;
}
# validate dns server(s)
$dns = processInputVar('dns', ARG_STRING);
$tmp = explode(',', $dns);
$cnt = 0;
$return['dnsArr'] = array();
foreach ($tmp as $dnsaddr) {
if ($cnt && $dnsaddr == '') {
continue;
}
if ($cnt == 3) {
$return['err'] = 1;
$return['errmsg'] = i('Too many DNS servers specified - up to 3 are allowed.');
return $return;
}
if (!validateIPv4addr($dnsaddr)) {
$return['err'] = 1;
$return['errmsg'] = i('Invalid DNS server specified.');
return $return;
}
$return['dnsArr'][] = $dnsaddr;
$cnt++;
}
# check that a management node can handle the network
$mappedmns = getMnsFromImage($return['imageid']);
$mnnets = checkAvailableNetworks($return['ipaddr']);
$intersect = array_intersect($mappedmns, $mnnets);
if (empty($intersect)) {
$return['err'] = 1;
$return['errmsg'] = i('There are no management nodes that can deploy the selected image with the specified IP address.');
return $return;
}
}
# macaddr
$return['macaddr'] = processInputVar('macaddr', ARG_STRING);
if ($return['macaddr'] != '' && !preg_match('/^(([A-Fa-f0-9]){2}:){5}([A-Fa-f0-9]){2}$/', $return['macaddr'])) {
$return['err'] = 1;
$return['errmsg'] = i('Invalid MAC address. Must be XX:XX:XX:XX:XX:XX with each pair of XX being from 00 to FF (inclusive)');
return $return;
}
# profileid
$return['profileid'] = processInputVar('profileid', ARG_NUMERIC, 0);
$resources = getUserResources(array("serverCheckOut", "serverProfileAdmin"), array("available", "administer"));
if (!array_key_exists($return['profileid'], $resources['serverprofile'])) {
$return['profileid'] = 0;
} elseif ($return['profileid'] != 0) {
$tmp = getServerProfiles($return['profileid']);
$tmp = $tmp[$return['profileid']];
if ($tmp['imageid'] != $return['imageid'] && ($tmp['fixedIP'] != $return['ipaddr'] && $tmp['fixedMAC'] != $return['macaddr'] || $tmp['fixedIP'] == $return['ipaddr'] && $return['ipaddr'] == '' && $tmp['fixedMAC'] == $return['macaddr'] && $return['macaddr'] == '')) {
$return['profileid'] = 0;
}
}
# admingroupid
$usergroups = getUserGroups();
$return['admingroupid'] = processInputVar('admingroupid', ARG_NUMERIC);
if ($return['admingroupid'] != 0 && !array_key_exists($return['admingroupid'], $usergroups)) {
$return['err'] = 1;
$return['errmsg'] = i('You do not have access to use the specified admin user group.');
return $return;
}
# logingroupid
$return['logingroupid'] = processInputVar('logingroupid', ARG_NUMERIC);
if ($return['logingroupid'] != 0 && !array_key_exists($return['logingroupid'], $usergroups)) {
$return['err'] = 1;
$return['errmsg'] = i('You do not have access to use the specified access user group.');
return $return;
}
# monitored
$return['monitored'] = processInputVar('monitored', ARG_NUMERIC, 0);
if ($return['monitored'] != 0 && $return['monitored'] != 1) {
$return['monitored'] = 0;
}
# configs
# TODO configs
/*$tmp = getUserResources(array("configAdmin"));
$userconfigs = $tmp['config'];
$initconfigs = getMappedConfigs($return['imageid']);
if(array_key_exists('configdata', $_POST)) {
if(get_magic_quotes_gpc())
$_POST['configdata'] = stripslashes($_POST['configdata']);
$configdata = json_decode($_POST['configdata']);
}
if(array_key_exists('configdata', $_POST) &&
isset($configdata->configs))
$configs = $configdata->configs;
else
$configs = (object)array();
$return['configs'] = array();
foreach($initconfigs as $id => $config) {
if(isset($configs->{$id}) &&
isset($configs->{$id}->applied) &&
$configs->{$config['id']}->applied != 'true' &&
$configs->{$config['id']}->applied != 'false')
unset($configs->{$config['id']});
if($config['optional'] &&
(! isset($configs->{$id}) ||
! $configs->{$id}->applied))
continue;
$return['configs'][$id] = array('configid' => $config['configid'],
'configmapid' => $config['configmapid'],
'imageid' => $config['subimageid']);
if(isset($configs->{$id}))
unset($configs->{$id});
}
$rescfgmapids = array();
foreach($configs as $id => $config) {
if(! array_key_exists($config->configid, $userconfigs))
continue;
$return['configs'][$id] = array('configid' => $config->configid,
'configstageid' => $config->configstageid,
'imageid' => $config->imageid);
$tmp = explode('/', $id);
$rescfgmapids[$tmp[1]] = 1;
}
# configvars
$tmp = array_splice($initconfigs, 0);
$initconfigvars = getImageConfigVariables($tmp);
if(array_key_exists('configdata', $_POST) &&
isset($configdata->configvars))
$configvars = $configdata->configvars;
else
$configvars = (object)array();
#print "/*";
#printArray($initconfigvars);
#printArray($configvars);
#print "*" . "/";
$return['configvars'] = array();
foreach($initconfigvars as $id => $configvar) {
$tmp = explode('/', $id);
$cfgid = "{$tmp[0]}/{$tmp[1]}";
$varid = $tmp[2];
if($configvar['ask'] == 0 ||
! isset($configvars->{$id}) ||
! isset($configvars->{$id}->value)) {
$return['configvars'][$cfgid][$varid] =
array('value' => $configvar['defaultvalue']);
}
else {
switch($configvar['datatype']) {
case 'bool':
case 'int':
case 'float':
$value = processInputData($configvars->{$id}->value, ARG_NUMERIC);
break;
default:
$value = processInputData($configvars->{$id}->value, ARG_STRING);
break;
}
$return['configvars'][$cfgid][$varid] = array('value' => $value);
}
if(isset($configvars->{$id}))
unset($configvars->{$id});
}*/
/*print "/*";
printArray($rescfgmapids);
foreach($configvars as $id => $var) {
$cfgid = explode('/', $id);
print "cfgid: {$cfgid[1]}\n";
if(! array_key_exists($cfgid[1], $rescfgmapids))
continue;
// TODO validate based on var type
$value = processInputData($configvars->{$id}->value, ARG_STRING);
$return['configvars']["{$cfgid[0]}/{$cfgid[1]}"][$cfgid[2]] = array('value' => $value);
}
printArray($configvars);*/
#print "*/";
}
return $return;
}
function viewNodes()
{
global $user;
# FIXME change activeNode if current one has been deleted
$mode = processInputVar("mode", ARG_STRING);
$tmp = processInputVar("openNodes", ARG_STRING);
if ($tmp != "") {
$openNodes = explode(":", $tmp);
} else {
if (!empty($_COOKIE["VCLNODES"])) {
$openNodes = explode(":", $_COOKIE["VCLNODES"]);
} else {
$openNodes = array(DEFAULT_PRIVNODE);
}
}
$topNodes = getChildNodes();
if (count($topNodes)) {
$keys = array_keys($topNodes);
$defaultActive = array_shift($keys);
}
$activeNode = processInputVar("activeNode", ARG_NUMERIC);
if (empty($activeNode)) {
if (!empty($_COOKIE["VCLACTIVENODE"]) && nodeExists($_COOKIE['VCLACTIVENODE'])) {
$activeNode = $_COOKIE["VCLACTIVENODE"];
} else {
$activeNode = $defaultActive;
}
}
$hasNodeAdmin = checkUserHasPriv("nodeAdmin", $user["id"], $activeNode);
# tree
print "<H2>Privilege Tree</H2>\n";
/*if($mode == "submitAddChildNode") {
print "<font color=\"#008000\">Node successfully added to tree";
print "</font><br><br>\n";
}
if($mode == "submitDeleteNode") {
print "<font color=\"#008000\">Nodes successfully deleted from tree";
print "</font><br><br>\n";
}*/
print "<dojo:TreeSelector widgetId=treeSelector eventNames=select:nodeSelected></dojo:TreeSelector>\n";
#print "<dojo:TreeRPCController RPCUrl=local widgetId=treeController></dojo:TreeRPCController>\n";
print "<div dojoType=Tree widgetId=privTree selector=treeSelector>\n";
recursivePrintNodes2($topNodes, $openNodes, $activeNode);
print "</div>\n";
print "<div id=treebuttons>\n";
if ($hasNodeAdmin) {
$openNodes = implode(":", $openNodes);
print "<TABLE>\n";
print " <TR valign=top>\n";
print " <TD><FORM action=\"" . BASEURL . SCRIPT . "\" method=post>\n";
print " <button id=addNodeBtn dojoType=Button ";
print "onClick=\"showAddNodePane(); return false;\">";
print "Add Child</button>\n";
print " </FORM></TD>\n";
print " <TD><FORM action=\"" . BASEURL . SCRIPT . "\" method=post>\n";
print " <button id=deleteNodeBtn dojoType=Button onClick=\"dojo.widget.byId('deleteDialog').show();\">";
print "Delete Node and Children</button>\n";
print " </FORM></TD>\n";
print " </TR>\n";
print "</TABLE>\n";
}
print "</div>\n";
$cont = addContinuationsEntry('selectNode');
print "<INPUT type=hidden id=nodecont value=\"{$cont}\">\n";
# privileges
print "<H2>Privileges at Selected Node</H2>\n";
$node = $activeNode;
if ($openNodes == "") {
$openNodes = DEFAULT_PRIVNODE;
}
$nodeInfo = getNodeInfo($node);
$privs = getNodePrivileges($node);
$cascadePrivs = getNodeCascadePrivileges($node);
$usertypes = getTypes("users");
$i = 0;
$hasUserGrant = checkUserHasPriv("userGrant", $user["id"], $node, $privs, $cascadePrivs);
$hasResourceGrant = checkUserHasPriv("resourceGrant", $user["id"], $node, $privs, $cascadePrivs);
print "<div id=nodePerms>\n";
# users
print "<A name=\"users\"></a>\n";
print "<div id=usersDiv>\n";
print "<H3>Users</H3>\n";
print "<FORM id=usersform action=\"" . BASEURL . SCRIPT . "#users\" method=post>\n";
$users = array();
if (count($privs["users"]) || count($cascadePrivs["users"])) {
print "<TABLE border=1 summary=\"\">\n";
print " <TR>\n";
print " <TD></TD>\n";
print " <TH bgcolor=gray style=\"color: black;\">Block<br>Cascaded<br>Rights</TH>\n";
print " <TH bgcolor=\"#008000\" style=\"color: black;\">Cascade<br>to Child<br>Nodes</TH>\n";
foreach ($usertypes["users"] as $type) {
$img = getImageText($type);
print " <TD>{$img}</TD>\n";
}
print " </TR>\n";
$users = array_unique(array_merge(array_keys($privs["users"]), array_keys($cascadePrivs["users"])));
sort($users);
foreach ($users as $_user) {
printUserPrivRow($_user, $i, $privs["users"], $usertypes["users"], $cascadePrivs["users"], 'user', !$hasUserGrant);
$i++;
}
print "</TABLE>\n";
print "<div id=lastUserNum class=hidden>" . ($i - 1) . "</div>\n";
if ($hasUserGrant) {
$cont = addContinuationsEntry('AJchangeUserPrivs');
print "<INPUT type=hidden id=changeuserprivcont value=\"{$cont}\">\n";
}
} else {
print "There are no user privileges at the selected node.<br>\n";
}
if ($hasUserGrant) {
print "<BUTTON id=addUserBtn dojoType=Button onclick=\"showAddUserPane(); return false;\">";
print "Add User</button>\n";
}
print "</FORM>\n";
print "</div>\n";
# groups
print "<A name=\"groups\"></a>\n";
print "<div id=usergroupsDiv>\n";
print "<H3>User Groups</H3>\n";
if (count($privs["usergroups"]) || count($cascadePrivs["usergroups"])) {
print "<FORM action=\"" . BASEURL . SCRIPT . "#groups\" method=post>\n";
print "<div id=firstUserGroupNum class=hidden>{$i}</div>";
print "<TABLE border=1 summary=\"\">\n";
print " <TR>\n";
print " <TD></TD>\n";
print " <TH bgcolor=gray style=\"color: black;\">Block<br>Cascaded<br>Rights</TH>\n";
#$img = getImageText("Block Cascaded Rights");
#print " <TD>$img</TD>\n";
print " <TH bgcolor=\"#008000\" style=\"color: black;\">Cascade<br>to Child<br>Nodes</TH>\n";
#$img = getImageText("Cascade to Child Nodes");
#print " <TD>$img</TD>\n";
foreach ($usertypes["users"] as $type) {
$img = getImageText($type);
print " <TH>{$img}</TH>\n";
}
print " </TR>\n";
$groups = array_unique(array_merge(array_keys($privs["usergroups"]), array_keys($cascadePrivs["usergroups"])));
sort($groups);
foreach ($groups as $group) {
printUserPrivRow($group, $i, $privs["usergroups"], $usertypes["users"], $cascadePrivs["usergroups"], 'group', !$hasUserGrant);
$i++;
}
print "</TABLE>\n";
print "<div id=lastUserGroupNum class=hidden>" . ($i - 1) . "</div>";
if ($hasUserGrant) {
$cont = addContinuationsEntry('AJchangeUserGroupPrivs');
print "<INPUT type=hidden id=changeusergroupprivcont value=\"{$cont}\">\n";
}
} else {
print "There are no user group privileges at the selected node.<br>\n";
$groups = array();
}
if ($hasUserGrant) {
print "<BUTTON id=addGroupBtn dojoType=Button onclick=\"showAddUserGroupPane(); return false;\">";
print "Add Group</button>\n";
}
print "</FORM>\n";
print "</div>\n";
# resources
$resourcetypes = array("available", "administer", "manageGroup");
print "<A name=\"resources\"></a>\n";
print "<div id=resourcesDiv>\n";
print "<H3>Resources</H3>\n";
print "<FORM id=resourceForm action=\"" . BASEURL . SCRIPT . "#resources\" method=post>\n";
if (count($privs["resources"]) || count($cascadePrivs["resources"])) {
print "<TABLE border=1 summary=\"\">\n";
print " <TR>\n";
print " <TH>Group<br>Name</TH>\n";
print " <TH>Group<br>Type</TH>\n";
print " <TH bgcolor=gray style=\"color: black;\">Block<br>Cascaded<br>Rights</TH>\n";
print " <TH bgcolor=\"#008000\" style=\"color: black;\">Cascade<br>to Child<br>Nodes</TH>\n";
foreach ($resourcetypes as $type) {
$img = getImageText("{$type}");
print " <TH>{$img}</TH>\n";
}
print " </TR>\n";
$resources = array_unique(array_merge(array_keys($privs["resources"]), array_keys($cascadePrivs["resources"])));
sort($resources);
$resourcegroups = getResourceGroups();
$resgroupmembers = getResourceGroupMembers();
foreach ($resources as $resource) {
printResourcePrivRow($resource, $i, $privs["resources"], $resourcetypes, $resourcegroups, $resgroupmembers, $cascadePrivs["resources"], !$hasResourceGrant);
$i++;
}
print "</TABLE>\n";
if ($hasResourceGrant) {
$cont = addContinuationsEntry('AJchangeResourcePrivs');
print "<INPUT type=hidden id=changeresourceprivcont value=\"{$cont}\">\n";
}
} else {
print "There are no resource group privileges at the selected node.<br>\n";
$resources = array();
}
if ($hasResourceGrant) {
print "<BUTTON id=addResourceBtn dojoType=Button onclick=\"showAddResourceGroupPane(); return false;\">";
print "Add Resource Group</button>\n";
}
print "</FORM>\n";
print "</div>\n";
print "</div>\n";
print "<div dojoType=FloatingPane\n";
print " id=addUserPane\n";
print " title=\"Add User Permission\"\n";
print " constrainToContainer=false\n";
print " hasShadow=true\n";
print " resizable=true\n";
print " style=\"width: 520px; height: 410px; position: absolute; left: 15; top: 250px; display: none\"\n";
print ">\n";
print "<H2>Add User</H2>\n";
print "<div id=addPaneNodeName></div>\n";
print "<TABLE border=1 summary=\"\">\n";
print " <TR>\n";
print " <TD></TD>\n";
print " <TH bgcolor=gray style=\"color: black;\">Block<br>Cascaded<br>Rights</TH>\n";
print " <TH bgcolor=\"#008000\" style=\"color: black;\">Cascade<br>to Child<br>Nodes</TH>\n";
foreach ($usertypes["users"] as $type) {
$img = getImageText($type);
print " <TD>{$img}</TD>\n";
}
print " </TR>\n";
print " <TR>\n";
print " <TD><INPUT type=text id=newuser name=newuser size=15";
print "></TD>\n";
# block rights
$count = count($usertypes) + 1;
print " <TD align=center bgcolor=gray><INPUT type=checkbox ";
print "dojoType=Checkbox id=blockchk name=block></TD>\n";
#cascade rights
print " <TD align=center bgcolor=\"#008000\" id=usercell0:0>";
print "<INPUT type=checkbox dojoType=Checkbox id=userck0:0 name=cascade ";
print "></TD>\n";
# normal rights
$j = 1;
foreach ($usertypes["users"] as $type) {
print " <TD align=center id=usercell0:{$j}><INPUT type=checkbox ";
print "dojoType=Checkbox name=\"{$type}\" id=userck0:{$j}></TD>\n";
$j++;
}
print " </TR>\n";
print "</TABLE>\n";
print "<div id=addUserPrivStatus></div>\n";
print "<TABLE summary=\"\"><TR>\n";
print "<TD><button id=submitAddUserBtn dojoType=Button onclick=\"submitAddUser();\">";
print "Submit New User</button></TD>\n";
print "<TD><button id=cancelAddUserBtn dojoType=Button onclick=\"addUserPaneHide();\">";
print "Cancel</button></TD>\n";
print "</TR></TABLE>\n";
$cont = addContinuationsEntry('AJsubmitAddUserPriv');
print "<INPUT type=hidden id=addusercont value=\"{$cont}\">\n";
print "</div>\n";
print "<div dojoType=FloatingPane\n";
print " id=addUserGroupPane\n";
print " title=\"Add User Group Permission\"\n";
print " constrainToContainer=false\n";
print " hasShadow=true\n";
print " resizable=true\n";
print " style=\"width: 520px; height: 410px; position: absolute; left: 15; top: 450px; display: none\"\n";
print ">\n";
print "<H2>Add User Group</H2>\n";
print "<div id=addGroupPaneNodeName></div>\n";
print "<TABLE border=1 summary=\"\">\n";
print " <TR>\n";
print " <TD></TD>\n";
print " <TH bgcolor=gray style=\"color: black;\">Block<br>Cascaded<br>Rights</TH>\n";
print " <TH bgcolor=\"#008000\" style=\"color: black;\">Cascade<br>to Child<br>Nodes</TH>\n";
foreach ($usertypes["users"] as $type) {
$img = getImageText($type);
print " <TD>{$img}</TD>\n";
}
print " </TR>\n";
print " <TR>\n";
print " <TD>\n";
# FIXME should $groups be only the user's groups?
$groups = getUserGroups(0, $user['affiliationid']);
if (array_key_exists(82, $groups)) {
unset($groups[82]);
}
# remove None group
printSelectInput("newgroupid", $groups, -1, 0, 0, 'newgroupid');
print " </TD>\n";
# block rights
print " <TD align=center bgcolor=gray><INPUT type=checkbox ";
print "dojoType=Checkbox id=blockgrpchk name=blockgrp></TD>\n";
#cascade rights
print " <TD align=center bgcolor=\"#008000\" id=grpcell0:0>";
print "<INPUT type=checkbox dojoType=Checkbox id=usergrpck0:0 ";
print "name=cascadegrp></TD>\n";
# normal rights
$j = 1;
foreach ($usertypes["users"] as $type) {
print " <TD align=center id=usergrpcell0:{$j}><INPUT type=checkbox ";
print "dojoType=Checkbox name=\"{$type}\" id=usergrpck0:{$j}></TD>\n";
$j++;
}
print " </TR>\n";
print "</TABLE>\n";
print "<div id=addUserGroupPrivStatus></div>\n";
print "<TABLE summary=\"\"><TR>\n";
print "<TD><button id=submitAddGroupBtn dojoType=Button onclick=\"submitAddUserGroup();\">";
print "Submit New User Group</button></TD>\n";
print "<TD><button id=cancelAddGroupBtn dojoType=Button onclick=\"addUserGroupPaneHide();\">";
print "Cancel</button></TD>\n";
print "</TR></TABLE>\n";
$cont = addContinuationsEntry('AJsubmitAddUserGroupPriv');
print "<INPUT type=hidden id=addusergroupcont value=\"{$cont}\">\n";
print "</div>\n";
print "<div dojoType=FloatingPane\n";
print " id=addResourceGroupPane\n";
print " title=\"Add Resource Group Permission\"\n";
print " constrainToContainer=false\n";
print " hasShadow=true\n";
print " resizable=true\n";
print " style=\"width: 520px; height: 410px; position: absolute; left: 15; top: 450px; display: none\"\n";
print ">\n";
print "<H2>Add Resource Group</H2>\n";
print "<div id=addResourceGroupPaneNodeName></div>\n";
print "<TABLE border=1 summary=\"\">\n";
print " <TR>\n";
print " <TD></TD>\n";
print " <TH bgcolor=gray style=\"color: black;\">Block<br>Cascaded<br>Rights</TH>\n";
print " <TH bgcolor=\"#008000\" style=\"color: black;\">Cascade<br>to Child<br>Nodes</TH>\n";
$resourcetypes = array("available", "administer", "manageGroup");
foreach ($resourcetypes as $type) {
$img = getImageText("{$type}");
print " <TH>{$img}</TH>\n";
}
print " </TR>\n";
print " <TR>\n";
print " <TD>\n";
$resources = array();
$privs = array("computerAdmin", "mgmtNodeAdmin", "imageAdmin", "scheduleAdmin");
$resourcesgroups = getUserResources($privs, array("manageGroup"), 1);
foreach (array_keys($resourcesgroups) as $type) {
foreach ($resourcesgroups[$type] as $id => $group) {
$resources[$id] = $type . "/" . $group;
}
}
printSelectInput("newresourcegroupid", $resources, -1, 0, 0, 'newresourcegroupid');
print " </TD>\n";
# block rights
print " <TD align=center bgcolor=gray><INPUT type=checkbox ";
print "dojoType=Checkbox id=blockresgrpck name=blockresgrp></TD>\n";
#cascade rights
print " <TD align=center bgcolor=\"#008000\" id=resgrpcell0:0>";
print "<INPUT type=checkbox dojoType=Checkbox id=resgrpck0:0 ";
print "name=cascaderesgrp></TD>\n";
# normal rights
print " <TD align=center id=resgrpcell0:1><INPUT type=checkbox ";
print "dojoType=Checkbox name=available id=resgrpck0:1></TD>\n";
print " <TD align=center id=resgrpcell0:2><INPUT type=checkbox ";
print "dojoType=Checkbox name=administer id=resgrpck0:2></TD>\n";
print " <TD align=center id=resgrpcell0:3><INPUT type=checkbox ";
print "dojoType=Checkbox name=manageGroup id=resgrpck0:3></TD>\n";
print " </TR>\n";
print "</TABLE>\n";
print "<div id=addResourceGroupPrivStatus></div>\n";
print "<TABLE summary=\"\"><TR>\n";
print "<TD><button dojoType=Button onclick=\"submitAddResourceGroup();\">";
print "Submit New Resource Group</button></TD>\n";
print "<TD><button dojoType=Button onclick=\"addResourceGroupPaneHide();\">";
print "Cancel</button></TD>\n";
print "</TR></TABLE>\n";
$cont = addContinuationsEntry('AJsubmitAddResourcePriv');
print "<INPUT type=hidden id=addresourcegroupcont value=\"{$cont}\">\n";
print "</div>\n";
print "<div dojoType=FloatingPane\n";
print " id=addNodePane\n";
print " title=\"Add Child Node\"\n";
print " constrainToContainer=false\n";
print " hasShadow=true\n";
print " resizable=true\n";
print " style=\"width: 280px; height: 200px; position: absolute; left: 15; top: 150px; display: none\"\n";
print ">\n";
print "<H2>Add Child Node</H2>\n";
print "<div id=addChildNodeName></div>\n";
print "<strong>New Node:</strong> <INPUT type=text id=childNodeName>\n";
print "<div id=addChildNodeStatus></div>\n";
print "<TABLE summary=\"\"><TR>\n";
print "<TD><button id=submitAddNodeBtn dojoType=Button onclick=\"submitAddChildNode();\">";
print "Create Child</button></TD>\n";
print "<TD><button id=cancelAddNodeBtn dojoType=Button onclick=\"addNodePaneHide();\">";
print "Cancel</button></TD>\n";
print "</TR></TABLE>\n";
$cont = addContinuationsEntry('AJsubmitAddChildNode');
print "<INPUT type=hidden id=addchildcont value=\"{$cont}\"\n>";
print "</div>\n";
print "<div dojoType=dialog id=deleteDialog bgColor=white bgOpacity=0.5 toggle=fade toggleDuration=250>\n";
print "Delete the following node and all of its children?<br><br>\n";
print "<div id=deleteNodeName></div><br>\n";
print "<div align=center>\n";
print "<TABLE summary=\"\"><TR>\n";
print "<TD><button id=submitDeleteNodeBtn dojoType=Button onClick=\"deleteNode();\">";
print "Delete Nodes</button></TD>\n";
print "<TD><button id=cancelDeleteNodeBtn dojoType=Button ";
print "onClick=\"dojo.widget.byId('deleteDialog').hide();\">Cancel</button>";
print "</TD>\n";
print "</TR></TABLE>\n";
$cont = addContinuationsEntry('AJsubmitDeleteNode');
print "<INPUT type=hidden id=delchildcont value=\"{$cont}\"\n>";
print "</div>\n";
print "</div>\n";
print "<div dojoType=dialog id=workingDialog bgColor=white bgOpacity=0.5 toggle=fade toggleDuration=250>\n";
print "Loading...\n";
print "</div>\n";
}
require_once "radius.inc";
if ($_POST) {
$pconfig = $_POST;
unset($input_errors);
$authcfg = auth_get_authserver($_POST['authmode']);
if (!$authcfg) {
$input_errors[] = $_POST['authmode'] . " " . gettext("is not a valid authentication server");
}
if (empty($_POST['username']) || empty($_POST['password'])) {
$input_errors[] = gettext("A username and password must be specified.");
}
if (!$input_errors) {
$attributes = array();
if (authenticate_user($_POST['username'], $_POST['password'], $authcfg, $attributes)) {
$savemsg = gettext("User") . ": " . $_POST['username'] . " " . gettext("authenticated successfully.");
$groups = getUserGroups($_POST['username'], $authcfg, $attributes);
$savemsg .= " " . gettext("This user is a member of groups") . ": <br />";
$savemsg .= "<ul>";
foreach ($groups as $group) {
$savemsg .= "<li>" . "{$group} " . "</li>";
}
$savemsg .= "</ul>";
} else {
$input_errors[] = gettext("Authentication failed.");
}
}
} else {
if (isset($config['system']['webgui']['authmode'])) {
$pconfig['authmode'] = $config['system']['webgui']['authmode'];
} else {
$pconfig['authmode'] = "Local Database";
echo '<tr class=""><td>No hay actividades recientes</td></tr>';
}
?>
</tbody>
</table>
<legend>Mis Grupos</legend>
<table class="table striped bordered hovered">
<tbody>
<?php
if ($_SESSION['type'] == 0) {
$results = getAllGroups();
} else {
if ($_SESSION['type'] == 1) {
$results = getTeacherUserGroups($_SESSION['id']);
} else {
$results = getUserGroups($_SESSION['id']);
}
}
if (count($results) > 0) {
foreach ($results as $result) {
echo '<tr class=""><td><a href="groupSelection.php?id=' . $result['id'] . '">' . $result['name'] . '</a></td></tr>';
}
} else {
echo '<tr class=""><td>El usuario no está involucrado en ningún grupo</td></tr>';
}
?>
</tbody>
</table>
</div>
</div>
</body>
