#RewriteCond %{THE_REQUEST} ^(GET|HEAD)\ /.+\.php\ HTTP
#RewriteRule .* do/index [R,L,QSA]
-RewriteCond %{THE_REQUEST} !^(GET|HEAD)\ /.+mitsql/do/.+\ HTTP
+RewriteCond %{THE_REQUEST} !^(GET|POST)\ /.+mitsql/do/.+\ HTTP
RewriteCond %{REQUEST_FILENAME} !\.html$
RewriteCond %{REQUEST_FILENAME} !\.css$
RewriteCond %{REQUEST_FILENAME} !\.jpg$
<?php
+require_once('mitsql.cfg.php');
require_once('mitsql.lib.php');
+if (isset($i_ssl)) {
+ if (isSSL() && $i_ssl==1) redirect(newQS('ssl'));
+ if (!isSSL() && $i_ssl==0) redirect(newQS('ssl'));
+ redirect2(flipSSL());
+}
if (isset($i_reset)) { session_destroy(); session_start(); redirect(newQS('reset')); }
+$err = array();
+
## SESSION VARS
$timings = array();
$UserId = 0;
+$Username = '';
+$Name = '';
+$Email = '';
+$UL = 0;
$Login = sess('Login');
if (is_a($Login,'Login')) {
+// $Login->refresh();
$UserId = $Login->getUserId();
+ $Username = $Login->getUsername();
$Name = $Login->getName();
$Email = $Login->getEmail();
$UL = $Login->getUL();
+} else {
+ $Login = new Login('');
+}
+
+$SSLCred = getSSLCert();
+$SSLName = '';
+$SSLEmail = '';
+$SSLUsername = '';
+
+if (isSSL()) {
+ $SSLName = $SSLCred['Name'];
+ $SSLUsername = $SSLCred['Username'];
+ $SSLEmail = $SSLCred['Email'];
}
?>
<?php
+require_once('mitsql.cfg.php');
+require_once('mitsql.lib.php');
+
sess('Login', $Login);
echo '<pre>';
- to support group sql "lockers"
*/
+require_once('mitsql.cfg.php');
require_once('mitsql.lib.php');
isLoggedIn() || redirect('login');
function printErrors($errArray) {
if (isset($errArray) && count($errArray)) {
- echo '<ul style="color:red;">';
+ echo '<div class="err"><ul>';
foreach($errArray as $err) {
- echo '<li style="color:red;"><p>',$err,'</p></li>';
+ echo '<li><p>',$err,'</p></li>';
}
- echo '</ul>';
+ echo '</ul></div>';
}
}
require_once('mitsql.lib.php');
class Login {
+ var $u, $p;
var $info;
function Login($u, $p=null) {
+ $this->u = $u;
+ $this->p = $p;
$opt = is_null($p)?'':sprintf(" AND Password='%s' ", mysql_escape_string(base64_encode($p)));
$sql = sprintf("SELECT UserId, Username, Name, Email, UL, bEnabled
FROM User
$opt",
mysql_escape_string($u));
$r = fetchRows(DBSelect($sql),'UserId');
- $this->info = count($r)?array_shift($r):null;
+ $this->info = count($r)?array_shift($r):$r;
}
function exists() {
- return !is_null($this->info);
- }
- function isValid() {
- return $this->isEnabled() && $this->getUL()>0;
+ return count($this->info);
}
+ function isValid() {
+ return $this->getUL()>0;
+ }
function isEnabled() {
return $this->exists() && $this->info['bEnabled']==1;
}
+ function canLogin() {
+ return $this->isEnabled() && $this->isValid();
+ }
+ function canSignup() {
+ return !$this->isEnabled() && $this->isValid();
+ }
function getUserId() {
- return $this->exists() && $this->info['UserId'];
+ return $this->exists()?$this->info['UserId']:'';
}
function getUsername() {
- return $this->exists() && $this->info['Username'];
+ return $this->exists()?$this->info['Username']:'';
}
function getName() {
- return $this->exists() && $this->info['Name'];
+ return $this->exists()?$this->info['Name']:'';
}
function getEmail() {
- return $this->exists() && $this->info['Email'];
+ return $this->exists()?$this->info['Email']:'';
}
function getUL() {
- return $this->exists() && $this->info['UL'];
+ return $this->exists()?$this->info['UL']:'';
}
function expire() {
$this->info = null;
}
function refresh() {
- $this->Login($this->getUsername());
+ $this->Login($this->u,$this->p);
}
function update($name=null,$email=null) {
if (!$this->exists()) return;
$arr = array();
+ if ($name == $this->getName()) $name = null;
+ if ($email == $this->getEmail()) $email = null;
is_null($name) || $arr['Name'] = $name;
is_null($email) || $arr['Email'] = $email;
$sql = sprintf("UPDATE User %s WHERE UserId = '%s'",
buildSQLSet($arr), mysql_escape_string($this->getUserId()));
DBUpdate($sql);
+ if (isset($arr['Name']))
+ $this->name = $arr['Name'];
+ if (isset($arr['Email']))
+ $this->email = $arr['Email'];
+ }
+}
+
+class User {
+ var $userId;
+ var $info;
+ var $pass;
+ var $dblist;
+ function User($userId) {
+ $this->userId = $userId;
+ $sql = sprintf("SELECT UserId, Username, Password, Name, Email, UL, bEnabled
+ FROM User
+ WHERE UserId = '%s'",
+ mysql_escape_string($userId));
+ $r = fetchRows(DBSelect($sql),'UserId');
+ $this->info = count($r)?array_shift($r):$r;
+ $this->pass = base64_decode($this->info['Password']);
}
+ function exists() {
+ return count($this->info);
+ }
+ function getUserId() {
+ return $this->exists()?$this->info['UserId']:'';
+ }
+ function getUsername() {
+ return $this->exists()?$this->info['Username']:'';
+ }
+ function setPassword($pwd) {
+ $arr['Password'] = base64_encode($pwd);
+ $sql = sprintf("UPDATE User %s WHERE UserId = '%s'",
+ buildSQLSet($arr), mysql_escape_string($this->getUserId()));
+ DBUpdate($sql);
+ }
+ function signup($pwd) {
+ $this->pass = $pwd;
+ $arr['Password'] = base64_encode($pwd);
+ $arr['bEnabled'] = 1;
+ $arr['dSignup'] = 'NOW()';
+ $sql = sprintf("UPDATE User %s WHERE UserId = '%s'",
+ buildSQLSet($arr), mysql_escape_string($this->getUserId()));
+ DBUpdate($sql);
+
+ $this->setUsage();
+ $this->setAccess();
+ }
+ function setUsage($yes=true) {
+ $verb = $yes?'GRANT':'REVOKE';
+ $prep = $yes?'TO':'FROM';
+ $suffix = $yes?sprintf("IDENTIFIED BY `%s`",mysql_escape_string($this->pass)):'';
+ $sql = sprintf("%s USAGE ON * . * %s '%s'@'%s' %s",
+ mysql_escape_string($verb),
+ mysql_escape_string($prep),
+ mysql_escape_string($this->getUsername()),
+ '%',
+ mysql_escape_string($suffix));
+ DBGrant($sql);
+ }
+ function setAccess($db=null,$yes=true) {
+ $verb = $yes?'GRANT':'REVOKE';
+ $prep = $yes?'TO':'FROM';
+ if (is_null($db)) {
+ $this->dblist = $this->getDBList();
+ $dbs = $this->dblist;
+ } else {
+ $dbs[] = array('Name'=>$db);
+ }
+ foreach($dbs as $db) {
+ $name = $db['Name'];
+ $sql = sprintf("%s ALL PRIVILEGES ON `%s` . * %s '%s'@'%s'",
+ mysql_escape_string($verb),
+ mysql_escape_string($name),
+ mysql_escape_string($prep),
+ $this->getUsername,
+ '%');
+ DBGrant($sql);
+ }
+ }
+ function getDBList() {
+ $sql = sprintf("SELECT *
+ FROM DBOwner
+ INNER JOIN DB ON DB.DatabaseId = DBOwner.DatabaseId
+ INNER JOIN DBQuota ON DBQuota.DatabaseId = DBOwner.DatabaseId
+ WHERE UserId = '%s'",
+ mysql_escape_string($this->getUserId()));
+ $r = fetchRows(DBSelect($sql),'DatabaseId');
+ return $r;
+ }
}
global $Login;
$aLogin = $Login;
}
- return !empty($aLogin) && is_a($aLogin, 'Login') && $aLogin->isValid();
+ return !empty($aLogin) && is_a($aLogin, 'Login') && $aLogin->canLogin();
}
function isSSL() {
function getSSLCert() {
if (DEVEL && file_exists('.forceauth')) {
$fu = explode('|',file_get_contents('.forceauth'));
- $name = $fu[0];
- $email = $fu[1];
+ $name = trim($fu[0]);
+ $email = trim($fu[1]);
} else {
$name = isset($_SERVER['SSL_CLIENT_S_DN_CN'])?$_SERVER['SSL_CLIENT_S_DN_CN']:null;
$email = isset($_SERVER['SSL_CLIENT_S_DN_Email'])?$_SERVER['SSL_CLIENT_S_DN_Email']:null;
## 302 REDIRECTS
-function redirect($target=NULL) {
+function redirect($target=null,$secure=true) {
$base = (is_null($target)||substr($target,0,1)=='?')?$_SERVER['REDIRECT_URL']:(dirname($_SERVER['REDIRECT_URL']).'/');
- redirectFull(is_null($target)?$base:($base.$target));
+ redirectFull(is_null($target)?$base:($base.$target),$secure);
}
-function redirectFull($target) {
- redirect2((isSSL()?'https://':'http://').$_SERVER['SERVER_NAME'].$target);
+function redirectFull($target,$secure) {
+ redirect2((isSSL()&&$secure?'https://':'http://').$_SERVER['SERVER_NAME'].$target);
}
function redirect2($target) {
header('Location: '.$target);
exit;
}
+function flipSSL() {
+ return (isSSL()?'http://':'https://').$_SERVER['SERVER_NAME'].$_SERVER['REDIRECT_URL'];
+}
## USER SCRIPTS
function addUser($sslCredentials) {
- global $_NEW_USER;
+ global $_NEW_USER, $_NEW_USERQUOTA, $_NEW_USERSTAT;
+
$arr = array_merge($sslCredentials, $_NEW_USER);
$sql = sprintf("INSERT INTO User %s",
buildSQLInsert($arr));
- return DBInsert($sql);
+ $UserId = DBInsert($sql);
+
+ $arr = $_NEW_USERQUOTA;
+ $arr['UserId'] = $UserId;
+ $sql = sprintf("INSERT INTO UserQuota %s",
+ buildSQLInsert($arr));
+ DBInsert($sql);
+
+ $arr = $_NEW_USERSTAT;
+ $arr['UserId'] = $UserId;
+ $sql = sprintf("INSERT INTO UserQuota %s",
+ buildSQLInsert($arr));
+ DBInsert($sql);
+
+ return $UserId;
}
?>
require_once('mitsql.cfg.php');
require_once('mitsql.lib.php');
-if (isPost() && isSSL()) {
- $cred = getSSLCert();
- if (count($cred)) {
- $Login = new Login($cred['Username']);
- if (!$Login->exists()) {
- addUser($cred);
- $Login->refresh();
- }
- } else {
- $err[] = 'Your SSL certificate failed to identify you.';
+if (isSSL()) {
+ if (is_null($SSLCred)) {
+ $err[] = 'Please install a valid certificate.';
+ } else {
+ $Login2 = new Login($SSLUsername);
+ if (!(empty($SSLUsername) || $Login2->exists())) {
+ addUser($cred);
+ $Login = new Login($SSLUsername);
+ }
}
-} elseif (isPost()) {
-} elseif (isSSL()) {
- require('tpl/login_ssl.php');
-} else {
}
-if (isLoggedIn())
- redirect('main');
+if (empty($err) && isPost()) {
+
+ if (isSSL()) {
+ $Login = new Login($SSLUsername);
+ $Login->update($cred['Name'],$cred['Email']);
+ sess('Login', $Login);
+ } else {
+ $Login = new Login($i_u, $i_p);
+ if ($Login->exists() && !$Login->isEnabled()) {
+ $err[] = 'Account not active. <a href="signup">Did you signup yet?</a>.';
+ } elseif (!$Login->exists()) {
+ $err[] = 'Nonexistant account or invalid password.';
+ } elseif (!$Login->canLogin()) {
+ $err[] = 'That account is no longer valid. Please contact the staff.';
+ } else {
+ sess('Login', $Login);
+ }
+ }
+
+}
+
+isLoggedIn() && redirect('main');
+
+include 'tpl/login.php';
?>
--- /dev/null
+<?php
+
+require_once('mitsql.cfg.php');
+require_once('mitsql.lib.php');
+
+session_destroy();
+
+redirect('index');
+<?php
+
+require_once('mitsql.cfg.php');
+require_once('mitsql.lib.php');
+
+if (!isLoggedIn()) redirect('index');
+
+include 'tpl/main.php';
+
+?>
define('DELIMETER', '+');
-define('HOST', 'localhost');
+define('DBHOST', 'localhost');
define('ADMINUSER', 'root');
//define('ADMINPASS', base64_decode('TXlCZWF0c1Bvc3RA'));
define('ADMINPASS', '');
$BASE_URL = isset($_SERVER['SCRIPT_NAME'])?dirname($_SERVER['SCRIPT_NAME']).'/':'';
-$cxn = mysql_connect(HOST, ADMINUSER, ADMINPASS);
+$cxn = mysql_connect(DBHOST, ADMINUSER, ADMINPASS);
mysql_select_db(ADMINDB,$cxn);
?>
-<style>
+body {
+ margin: 1px;
+ font: 12pt verdana, arial, helvetica, sans-serif;
+ background-color: #bbb;
+}
+#body {
+ position: relative;
+ width: 640px;
+ margin-left: auto;
+ margin-right: auto;
+}
+#body {
+ padding: 5px 2px 2px 2px;
+}
+#content0 {
+ position: relative;
+ padding: 5px 0 5px 0;
+}
+#sitename {
+ font-size: 24pt;
+ font-weight: bold;
+}
+#contact {
+ position: absolute;
+ right: 0;
+ font-size: 10pt;
+ margin-top: 20px;
+}
+#content1 {
+ background-color: #aaa;
+ border: 1px outset #aaa;
+ padding: 3px;
+ font-size: 9pt;
+ text-align: right;
+}
+#content2 {
+ padding: 10px;
+ background-color: #aaa;
+ border: 1px inset #999;
+ font-size: 9pt;
+ text-align: left;
+ display: block;
+ padding-bottom: auto;
+}
+#content3 {
+ background-color: #aaa;
+ padding: 3px;
+ font-size: 7pt;
+ text-align: right;
+ border: 1px outset #999;
+ font-style: italic;
+}
+a, a:link, a:visited, a:active {
+ color: maroon;
+ text-decoration: none;
+}
+a:hover {
+ color: white;
+ text-decoration: none;
+ border-bottom: 1px dashed #aaa;
+}
+form {
+ margin: 0;
+ display: inline;
+}
p {
font-family: Verdana;
font-size: 10pt;
+ text-indent: 25px;
+}
+h2 {
+ margin-top: 0;
}
input {
font-family: Verdana;
font-size: 9pt;
border: 1px solid black;
}
-address {
- font-size: 10pt;
-}
table,tr,td {
padding: 0;
}
padding-left: 10px;
border-left: 1px solid black;
}
-.header1,.header2 {
- font-style: italic;
- font-size: 9pt;
- border-bottom: 1px solid black;
+div.err {
+ margin: 0px 20px 20px 20px;
+ background-color: #ccc;
+ border: 1px dashed black;
}
-p.err {
- color: red;
- font-style: italic;
+div.err li {
+ color: maroon;
+ font-variant: small-caps;
font-weight: bold;
+ list-style-type: square;
}
-h2,h4 {
- margin-top: 0;
- display: inline;
-}
-</style>
\ No newline at end of file
--- /dev/null
+<?php
+
+require_once('mitsql.cfg.php');
+require_once('mitsql.lib.php');
+
+if (!isSSL())
+ redirect2(flipSSL());
+
+if (isLoggedIn()) {
+
+ redirect('index');
+
+} else {
+
+ $Login2 = new Login($SSLUsername);
+ if (isPost() && $Login2->canSignup()) {
+ $u = new User($Login2->getUserId());
+ $u->signup($i_p1);
+ $Login2->refresh();
+ }
+
+}
+
+include 'tpl/signup.php';
+
+?>
+++ /dev/null
-<div id="footer"><hr><address>MIT SQL Service Management v<?php echo VERSION; ?><br />
-Direct comments and bugs to: <a href="mailto:presbrey@mit.edu">presbrey@mit.edu</a></address></div>
-</body>
-</html>
--- /dev/null
+</div>
+<div id="content3">MIT SQL v<?php echo VERSION; ?></div>
+</div>
+</body>
+</html>
+++ /dev/null
-<html>
-<head>
- <title>MIT SQL Services for Athena</title>
- <link rel=stylesheet href="<?=$BASE_URL?>mitsql.css" type="text/css">
-</head>
-
-<body>
--- /dev/null
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"\r
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">\r
+<html>\r
+<head>\r
+ <title>MIT SQL Services for Athena</title>\r
+ <link rel=stylesheet href="<?=$BASE_URL?>mitsql.css" type="text/css">\r
+</head>\r
+\r
+<body>\r
+<div id="body">\r
+<div id="content0"><span id="sitename">MIT SQL Services</span><span id="contact"><a href="contact">Contact/Help</a></span></div>\r
+<?php include 'menu.php'; ?>\r
+<div id="content2">\r
<?php
-include 'head.inc';
+include 'head.php';
-include 'foot.inc';
+include 'foot.php';
?>
--- /dev/null
+<?php
+include 'head.php';
+
+$thisTxt = isSSL()?' with this Certificate':' via SQL';
+$otherTxt = isSSL()?' without a Certificate':' with a Certificate';
+?>
+
+<h2>Login</h2>
+
+<?php printErrors($err); ?>
+
+<?php if (!isSSL()): ?>
+
+<form method=post>
+<h3>Enter your SQL login:</h3>
+<p>username: <input type="text" name="u"></p>
+<p>password: <input type="password" name="p"></p>
+
+<?php elseif (isSSL() && !empty($SSLCred)): ?>
+
+<form method=post>
+<h3>You are identifed as: <?=$SSLUsername?></h3>
+<p><?=$SSLName?></p>
+<p><?=$SSLEmail?></p>
+
+<?php endif; ?>
+
+<?php if (!isSSL() || $Login2->canLogin()): ?>
+
+<input type=submit value="Login<?=$thisTxt?>">
+</form>
+
+<?php elseif (isSSL()): ?>
+
+<h3><a href="signup">Signup</a> to use this service.</h3>
+
+<?php endif; ?>
+
+<?php
+include 'foot.php';
+?>
+++ /dev/null
-<?php
-include 'head.inc';
-?>
-
-<?=$Name?><br />
-<?=$Username?><br />
-<form method=post>
-<input type=submit value="Login with Certificates">
-</form>
-
-<?php
-include 'foot.inc';
-?>
--- /dev/null
+<?php
+
+include 'head.php';
+
+?>
+<h2>Databases</h2>
+<?php
+
+include 'foot.php';
+
+?>
--- /dev/null
+<div id="content1">
+<?php if (isLoggedIn()): ?>
+<div style="float:left">
+<a href="logout">Logout</a>
+</div>
+Logged in as <em><?=$Username?></em> on <?=DBHOST?>
+<?php else: ?>
+<div style="float:left">
+<a href="signup">Signup</a> | Login via <a href="login?ssl=0">SQL</a> or <a href="login?ssl=1">SSL</a>
+</div>
+<?php endif; ?>
+</div>
--- /dev/null
+<?php
+include 'head.php';
+
+$thisTxt = isSSL()?' with this Certificate':' via SQL';
+?>
+
+<h2>Signup</h2>
+
+<?php printErrors($err); ?>
+
+<h3>You are registering as: <?=$Username?></h3>
+<p><?=$SSLName?></p>
+<p><?=$SSLEmail?></p>
+
+<?php if ($Login2->canSignup()): ?>
+
+<form method=post>
+<p>password: <input type="password" name="p1"></p>
+<p>confirm: <input type="password" name="p2"></p>
+<input type=submit value="Confirm Registration">
+</form>
+
+<?php elseif ($Login2->canLogin()): ?>
+
+<h3><a href="login">Login</a>. This account is already signed up.</h3>
+
+<?php else: ?>
+
+Hi
+
+<?php endif; ?>
+
+<?php
+include 'foot.php';
+?>