From da0d337f574b14bf8679701bc4d40fd20af312ee Mon Sep 17 00:00:00 2001
From: Joe Presbrey <presbrey@mit.edu>
Date: Wed, 15 Mar 2006 04:37:21 +0000
Subject: [PATCH] batch/signup: provide feedback for signup failures menu+main:
 targets an HTTPS phpMyAdmin instead security: account lookup bug fix proc:
 dot in username fix (course lockers)

git-svn-id: svn://presbrey.mit.edu/sql/mitsql@94 a142d4bd-2cfb-0310-9673-cb33a7e74f58
---
 batch/signup.php     |  2 +-
 lib/proc.lib.php     |  4 +++-
 lib/security.lib.php |  2 +-
 test.php             | 10 ++++++----
 tpl/main.php         |  2 +-
 tpl/menu.php         |  2 +-
 6 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/batch/signup.php b/batch/signup.php
index c06b5fc..ecb2ab9 100755
--- a/batch/signup.php
+++ b/batch/signup.php
@@ -20,7 +20,7 @@ $myUID = $callingUnix['uid'];
 $myEmail = $myUsername.'@mit.edu';
 $myPassword = substr(uniqid(),0,7);
 
-if ($myUID<1000) exit;
+if ($myUID<1000) exit('bad UID');
 
 $Login = new Login($myUsername);
 if (!$Login->exists() && !empty($myUsername)) {
diff --git a/lib/proc.lib.php b/lib/proc.lib.php
index 55a3d8f..27f9d87 100644
--- a/lib/proc.lib.php
+++ b/lib/proc.lib.php
@@ -7,7 +7,9 @@ define('MAXDBS', 20);
 class proc {
 	static function newdb(&$User, $i_newdb) {
 		$msg1 = $err1 = array();
-		$dbname = $User->getUsername().DELIMETER.$i_newdb;
+		$uname = $User->getUsername();
+		$uname = str_replace('.','',$uname);
+		$dbname = $uname.DELIMETER.$i_newdb;
 		if ($User->isOverQuota()) {
 			$err1[] = 'You are over your quota. You may not add more databases.';
 		} elseif (count($User->getDBList())>MAXDBS) {
diff --git a/lib/security.lib.php b/lib/security.lib.php
index 0fc8a91..32532bc 100644
--- a/lib/security.lib.php
+++ b/lib/security.lib.php
@@ -11,7 +11,7 @@ class Login {
 		$this->p = $p;
 		if (is_numeric($u)) {
 			$this->id = $u;
-			$opt = sprintf(" UserId = '%s'", mysql_escape_string($u));
+			$opt = sprintf(" Username = '%s' OR UserId = '%s'", mysql_escape_string($u), mysql_escape_string($u));
 		} else {
 			$opt = sprintf(" Username = '%s'", mysql_escape_string($u));
 			$opt .= (is_null($p)?'':sprintf(" AND Password='%s'", mysql_escape_string(base64_encode($p))));
diff --git a/test.php b/test.php
index 7b7ff64..9423e16 100755
--- a/test.php
+++ b/test.php
@@ -23,12 +23,14 @@ function getManagedDBs($owner=null) {
 /*
 $g = getManagedDBs();
 print_r($g);
-
-$User = new User($Login->getUserId());
-print_r($User->getDBList());
 */
 
-phpinfo();
+$l = new Login('6.001');
+echo !$l->isEnabled();
+echo $l->isValid();
+print_r($GLOBALS);
+
+//phpinfo();
 
 //checkQuotas();
 
diff --git a/tpl/main.php b/tpl/main.php
index f6f12b9..c52a23b 100644
--- a/tpl/main.php
+++ b/tpl/main.php
@@ -59,7 +59,7 @@ if (isset($i_dropask)) {
 </form>
 
 <h2>Manage Data</h2>
-<p>One interface we recommend for managing SQL data is <a href="/~tools/phpMyAdmin/" target="_blank">phpMyAdmin</a>. Feel free to use it after you've created your databases.</p>
+<p>One interface we recommend for managing SQL data is <a href="https://scripts.mit.edu/~sql/phpMyAdmin/" target="_blank">phpMyAdmin</a>. Feel free to use it after you've created your databases.</p>
 
 <?php
 
diff --git a/tpl/menu.php b/tpl/menu.php
index 4ecb629..e3aa9f0 100644
--- a/tpl/menu.php
+++ b/tpl/menu.php
@@ -17,7 +17,7 @@ Logged in: <em><?=$loggedInText?>@<?=DBHOST?></em>
 <?php else: ?>
 <div style="float:left; position: relative;">
 <a href="do/signup">Sign up</a> |
-<a href="/~sql/phpMyAdmin/" target="_blank">phpMyAdmin</a> |
+<a href="https://scripts.mit.edu/~sql/phpMyAdmin/" target="_blank">phpMyAdmin</a> |
 <a href="do/index">Home</a>
 </div>
 <div style="float: right;">
-- 
2.45.0