batch/signup: provide feedback for signup failures

menu+main: targets an HTTPS phpMyAdmin instead
security: account lookup bug fix
proc: dot in username fix (course lockers)

git-svn-id: svn://presbrey.mit.edu/sql/mitsql@94 a142d4bd-2cfb-0310-9673-cb33a7e74f58

diff --git a/batch/signup.php b/batch/signup.php
index c06b5fc781991b3ee31671eee9b533c1f6c735de..ecb2ab92f2d1d3feab410012190745c70039dd26 100755 (executable)
--- a/batch/signup.php
+++ b/batch/signup.php
@@ -20,7 +20,7 @@ $myUID = $callingUnix['uid'];
 $myEmail = $myUsername.'@mit.edu';
 $myPassword = substr(uniqid(),0,7);
 
-if ($myUID<1000) exit;
+if ($myUID<1000) exit('bad UID');
 
 $Login = new Login($myUsername);
 if (!$Login->exists() && !empty($myUsername)) {

diff --git a/lib/proc.lib.php b/lib/proc.lib.php
index 55a3d8f8daa2805af7bd5a06be5de20f176750e5..27f9d87b442e62ba39a144a4832b8fdf5e90b849 100644 (file)
--- a/lib/proc.lib.php
+++ b/lib/proc.lib.php
@@ -7,7 +7,9 @@ define('MAXDBS', 20);
 class proc {
        static function newdb(&$User, $i_newdb) {
                $msg1 = $err1 = array();
-               $dbname = $User->getUsername().DELIMETER.$i_newdb;
+               $uname = $User->getUsername();
+               $uname = str_replace('.','',$uname);
+               $dbname = $uname.DELIMETER.$i_newdb;
                if ($User->isOverQuota()) {
                        $err1[] = 'You are over your quota. You may not add more databases.';
                } elseif (count($User->getDBList())>MAXDBS) {

diff --git a/lib/security.lib.php b/lib/security.lib.php
index 0fc8a91365cbd4f7386fb3fa0516fba65a565922..32532bce10d97ea0d399daf4e75fbea3e554d030 100644 (file)
--- a/lib/security.lib.php
+++ b/lib/security.lib.php
@@ -11,7 +11,7 @@ class Login {
                $this->p = $p;
                if (is_numeric($u)) {
                        $this->id = $u;
-                       $opt = sprintf(" UserId = '%s'", mysql_escape_string($u));
+                       $opt = sprintf(" Username = '%s' OR UserId = '%s'", mysql_escape_string($u), mysql_escape_string($u));
                } else {
                        $opt = sprintf(" Username = '%s'", mysql_escape_string($u));
                        $opt .= (is_null($p)?'':sprintf(" AND Password='%s'", mysql_escape_string(base64_encode($p))));

diff --git a/test.php b/test.php
index 7b7ff64650c053100a5336bc2644462ed11c6eea..9423e166370c492455f11945392ac2eef6243c14 100755 (executable)
--- a/test.php
+++ b/test.php
@@ -23,12 +23,14 @@ function getManagedDBs($owner=null) {
 /*
 $g = getManagedDBs();
 print_r($g);
-
-$User = new User($Login->getUserId());
-print_r($User->getDBList());
 */
 
-phpinfo();
+$l = new Login('6.001');
+echo !$l->isEnabled();
+echo $l->isValid();
+print_r($GLOBALS);
+
+//phpinfo();
 
 //checkQuotas();
 

diff --git a/tpl/main.php b/tpl/main.php
index f6f12b9c3ff8102dcbfba2ca3db12be858cf757c..c52a23b6756d809582117a02a5419f270ed8bcf9 100644 (file)
--- a/tpl/main.php
+++ b/tpl/main.php
@@ -59,7 +59,7 @@ if (isset($i_dropask)) {
 </form>
 
 <h2>Manage Data</h2>
-<p>One interface we recommend for managing SQL data is <a href="/~tools/phpMyAdmin/" target="_blank">phpMyAdmin</a>. Feel free to use it after you've created your databases.</p>
+<p>One interface we recommend for managing SQL data is <a href="https://scripts.mit.edu/~sql/phpMyAdmin/" target="_blank">phpMyAdmin</a>. Feel free to use it after you've created your databases.</p>
 
 <?php
 

diff --git a/tpl/menu.php b/tpl/menu.php
index 4ecb629a3d37faca9780218117ed5360a6cc75eb..e3aa9f0704a93624fc2aa88436d0da480d80ba50 100644 (file)
--- a/tpl/menu.php
+++ b/tpl/menu.php
@@ -17,7 +17,7 @@ Logged in: <em><?=$loggedInText?>@<?=DBHOST?></em>
 <?php else: ?>
 <div style="float:left; position: relative;">
 <a href="do/signup">Sign up</a> |
-<a href="/~sql/phpMyAdmin/" target="_blank">phpMyAdmin</a> |
+<a href="https://scripts.mit.edu/~sql/phpMyAdmin/" target="_blank">phpMyAdmin</a> |
 <a href="do/index">Home</a>
 </div>
 <div style="float: right;">