From dc478ec893c32ad501d678f9f82506de091e6b0b Mon Sep 17 00:00:00 2001
From: Joe Presbrey <presbrey@mit.edu>
Date: Sat, 16 Jul 2005 19:30:48 +0000
Subject: [PATCH] mitsql 0,21

git-svn-id: svn://presbrey.mit.edu/sql/mitsql@36 a142d4bd-2cfb-0310-9673-cb33a7e74f58
---
 .htaccess            |   2 +-
 global.act.php       |  27 ++++++++
 global.done.php      |   3 +
 index.php            |   1 +
 lib/joe.lib.php      |   6 +-
 lib/security.lib.php | 159 +++++++++++++++++++++++++++++++++++++------
 login.php            |  49 ++++++++-----
 logout.php           |   8 +++
 main.php             |  10 +++
 mitsql.cfg.php       |   4 +-
 mitsql.css           |  93 ++++++++++++++++++++-----
 signup.php           |  26 +++++++
 tpl/foot.inc         |   4 --
 tpl/foot.php         |   5 ++
 tpl/head.inc         |   7 --
 tpl/head.php         |  13 ++++
 tpl/index.php        |   4 +-
 tpl/login.php        |  41 +++++++++++
 tpl/login_ssl.php    |  13 ----
 tpl/main.php         |  11 +++
 tpl/menu.php         |  12 ++++
 tpl/signup.php       |  35 ++++++++++
 22 files changed, 449 insertions(+), 84 deletions(-)
 create mode 100644 logout.php
 create mode 100644 signup.php
 delete mode 100644 tpl/foot.inc
 create mode 100644 tpl/foot.php
 delete mode 100644 tpl/head.inc
 create mode 100644 tpl/head.php
 create mode 100644 tpl/login.php
 delete mode 100644 tpl/login_ssl.php
 create mode 100644 tpl/main.php
 create mode 100644 tpl/menu.php
 create mode 100644 tpl/signup.php

diff --git a/.htaccess b/.htaccess
index 98979d6..d611557 100644
--- a/.htaccess
+++ b/.htaccess
@@ -62,7 +62,7 @@ RewriteRule .* do/index [R,L,QSA]
 #RewriteCond %{THE_REQUEST} ^(GET|HEAD)\ /.+\.php\ HTTP
 #RewriteRule .* do/index [R,L,QSA]
 
-RewriteCond %{THE_REQUEST} !^(GET|HEAD)\ /.+mitsql/do/.+\ HTTP
+RewriteCond %{THE_REQUEST} !^(GET|POST)\ /.+mitsql/do/.+\ HTTP
 RewriteCond %{REQUEST_FILENAME} !\.html$
 RewriteCond %{REQUEST_FILENAME} !\.css$
 RewriteCond %{REQUEST_FILENAME} !\.jpg$
diff --git a/global.act.php b/global.act.php
index 6c4b540..21f9ad5 100644
--- a/global.act.php
+++ b/global.act.php
@@ -1,20 +1,47 @@
 <?php
 
+require_once('mitsql.cfg.php');
 require_once('mitsql.lib.php');
 
+if (isset($i_ssl)) {
+	if (isSSL() && $i_ssl==1) redirect(newQS('ssl'));
+	if (!isSSL() && $i_ssl==0) redirect(newQS('ssl'));
+	redirect2(flipSSL());
+}
 if (isset($i_reset)) { session_destroy(); session_start(); redirect(newQS('reset')); }
 
+$err = array();
+
 ## SESSION VARS
 
 $timings = array();
 $UserId = 0;
+$Username = '';
+$Name = '';
+$Email = '';
+$UL = 0;
 $Login = sess('Login');
 
 if (is_a($Login,'Login')) {
+//	$Login->refresh();
     $UserId = $Login->getUserId();
+	$Username = $Login->getUsername();
 	$Name = $Login->getName();
 	$Email = $Login->getEmail();
 	$UL = $Login->getUL();
+} else {
+	$Login = new Login('');
+}
+
+$SSLCred = getSSLCert();
+$SSLName = '';
+$SSLEmail = '';
+$SSLUsername = '';
+
+if (isSSL()) {
+	$SSLName = $SSLCred['Name'];
+	$SSLUsername = $SSLCred['Username'];
+	$SSLEmail = $SSLCred['Email'];
 }
 
 ?>
diff --git a/global.done.php b/global.done.php
index 65c8248..3e1c2c1 100644
--- a/global.done.php
+++ b/global.done.php
@@ -1,5 +1,8 @@
 <?php
 
+require_once('mitsql.cfg.php');
+require_once('mitsql.lib.php');
+
 sess('Login', $Login);
 
 echo '<pre>';
diff --git a/index.php b/index.php
index 6d810e0..9bdf89d 100755
--- a/index.php
+++ b/index.php
@@ -7,6 +7,7 @@
 	- to support group sql "lockers"
 */
 
+require_once('mitsql.cfg.php');
 require_once('mitsql.lib.php');
 
 isLoggedIn() || redirect('login');
diff --git a/lib/joe.lib.php b/lib/joe.lib.php
index 2484237..55afc81 100755
--- a/lib/joe.lib.php
+++ b/lib/joe.lib.php
@@ -107,11 +107,11 @@ function fetchRows($rs, $key = null) {
 
 function printErrors($errArray) {
     if (isset($errArray) && count($errArray)) {
-        echo '<ul style="color:red;">';
+        echo '<div class="err"><ul>';
         foreach($errArray as $err) {
-            echo '<li style="color:red;"><p>',$err,'</p></li>';
+            echo '<li><p>',$err,'</p></li>';
         }
-        echo '</ul>';
+        echo '</ul></div>';
     }
 }
 
diff --git a/lib/security.lib.php b/lib/security.lib.php
index ee7847e..8e7dcf3 100644
--- a/lib/security.lib.php
+++ b/lib/security.lib.php
@@ -3,8 +3,11 @@
 require_once('mitsql.lib.php');
 
 class Login {
+	var $u, $p;
     var $info;
     function Login($u, $p=null) {
+		$this->u = $u;
+		$this->p = $p;
         $opt = is_null($p)?'':sprintf(" AND Password='%s' ", mysql_escape_string(base64_encode($p)));
         $sql = sprintf("SELECT UserId, Username, Name, Email, UL, bEnabled
                         FROM User
@@ -12,47 +15,145 @@ class Login {
                         $opt",
                         mysql_escape_string($u));
         $r = fetchRows(DBSelect($sql),'UserId');
-        $this->info = count($r)?array_shift($r):null;
+        $this->info = count($r)?array_shift($r):$r;
     }
     function exists() {
-        return !is_null($this->info);
-    }
-    function isValid() {
-        return $this->isEnabled() && $this->getUL()>0;
+        return count($this->info);
     }
+	function isValid() {
+		return $this->getUL()>0;
+	}
     function isEnabled() {
         return $this->exists() && $this->info['bEnabled']==1;
     }
+    function canLogin() {
+        return $this->isEnabled() && $this->isValid();
+    }
+    function canSignup() {
+        return !$this->isEnabled() && $this->isValid();
+    }
     function getUserId() {
-        return $this->exists() && $this->info['UserId'];
+        return $this->exists()?$this->info['UserId']:'';
     }
     function getUsername() {
-        return $this->exists() && $this->info['Username'];
+        return $this->exists()?$this->info['Username']:'';
     }
     function getName() {
-        return $this->exists() && $this->info['Name'];
+        return $this->exists()?$this->info['Name']:'';
     }
     function getEmail() {
-        return $this->exists() && $this->info['Email'];
+        return $this->exists()?$this->info['Email']:'';
     }
     function getUL() {
-        return $this->exists() && $this->info['UL'];
+        return $this->exists()?$this->info['UL']:'';
     }
     function expire() {
         $this->info = null;
     }
     function refresh() {
-        $this->Login($this->getUsername());
+        $this->Login($this->u,$this->p);
     }
     function update($name=null,$email=null) {
         if (!$this->exists()) return;
         $arr = array();
+		if ($name == $this->getName()) $name = null;
+		if ($email == $this->getEmail()) $email = null;
         is_null($name) || $arr['Name'] = $name;
         is_null($email) || $arr['Email'] = $email;
         $sql = sprintf("UPDATE User %s WHERE UserId = '%s'",
                         buildSQLSet($arr), mysql_escape_string($this->getUserId()));
         DBUpdate($sql);
+		if (isset($arr['Name']))
+			$this->name = $arr['Name'];
+		if (isset($arr['Email']))
+			$this->email = $arr['Email'];
+	}
+}
+
+class User {
+	var $userId;
+	var $info;
+	var $pass;
+	var $dblist;
+    function User($userId) {
+		$this->userId = $userId;
+        $sql = sprintf("SELECT UserId, Username, Password, Name, Email, UL, bEnabled
+                        FROM User
+                        WHERE UserId = '%s'",
+                        mysql_escape_string($userId));
+        $r = fetchRows(DBSelect($sql),'UserId');
+        $this->info = count($r)?array_shift($r):$r;
+		$this->pass = base64_decode($this->info['Password']);
     }
+    function exists() {
+        return count($this->info);
+    }
+    function getUserId() {
+        return $this->exists()?$this->info['UserId']:'';
+    }
+    function getUsername() {
+        return $this->exists()?$this->info['Username']:'';
+    }
+	function setPassword($pwd) {
+		$arr['Password'] = base64_encode($pwd);
+        $sql = sprintf("UPDATE User %s WHERE UserId = '%s'",
+                        buildSQLSet($arr), mysql_escape_string($this->getUserId()));
+        DBUpdate($sql);
+	}
+	function signup($pwd) {
+		$this->pass = $pwd;
+		$arr['Password'] = base64_encode($pwd);
+		$arr['bEnabled'] = 1;
+		$arr['dSignup'] = 'NOW()';
+        $sql = sprintf("UPDATE User %s WHERE UserId = '%s'",
+                        buildSQLSet($arr), mysql_escape_string($this->getUserId()));
+        DBUpdate($sql);
+
+		$this->setUsage();
+		$this->setAccess();
+	}
+	function setUsage($yes=true) {
+		$verb = $yes?'GRANT':'REVOKE';
+		$prep = $yes?'TO':'FROM';
+		$suffix = $yes?sprintf("IDENTIFIED BY `%s`",mysql_escape_string($this->pass)):'';
+		$sql = sprintf("%s USAGE ON * . * %s '%s'@'%s' %s",
+						mysql_escape_string($verb),
+						mysql_escape_string($prep),
+						mysql_escape_string($this->getUsername()),
+						'%',
+						mysql_escape_string($suffix));
+		DBGrant($sql);
+	}
+	function setAccess($db=null,$yes=true) {
+		$verb = $yes?'GRANT':'REVOKE';
+		$prep = $yes?'TO':'FROM';
+		if (is_null($db)) {
+			$this->dblist = $this->getDBList();
+			$dbs = $this->dblist;
+		} else {
+			$dbs[] = array('Name'=>$db);
+		}
+		foreach($dbs as $db) {
+			$name = $db['Name'];
+			$sql = sprintf("%s ALL PRIVILEGES ON `%s` . * %s '%s'@'%s'",
+							mysql_escape_string($verb),
+							mysql_escape_string($name),
+							mysql_escape_string($prep),
+							$this->getUsername,
+							'%');
+			DBGrant($sql);
+		}
+	}
+	function getDBList() {
+		$sql = sprintf("SELECT *
+						FROM DBOwner
+						INNER JOIN DB ON DB.DatabaseId = DBOwner.DatabaseId
+						INNER JOIN DBQuota ON DBQuota.DatabaseId = DBOwner.DatabaseId
+						WHERE UserId = '%s'",
+						mysql_escape_string($this->getUserId()));
+		$r = fetchRows(DBSelect($sql),'DatabaseId');
+		return $r;
+	}
 }
 
 
@@ -61,7 +162,7 @@ function isLoggedIn($aLogin=null) {
         global $Login;
         $aLogin = $Login;
     }
-    return !empty($aLogin) && is_a($aLogin, 'Login') && $aLogin->isValid();
+    return !empty($aLogin) && is_a($aLogin, 'Login') && $aLogin->canLogin();
 }
 
 function isSSL() {
@@ -71,8 +172,8 @@ function isSSL() {
 function getSSLCert() {
     if (DEVEL && file_exists('.forceauth')) {
         $fu = explode('|',file_get_contents('.forceauth'));
-        $name = $fu[0];
-        $email = $fu[1];
+        $name = trim($fu[0]);
+        $email = trim($fu[1]);
     } else {
         $name = isset($_SERVER['SSL_CLIENT_S_DN_CN'])?$_SERVER['SSL_CLIENT_S_DN_CN']:null;
         $email = isset($_SERVER['SSL_CLIENT_S_DN_Email'])?$_SERVER['SSL_CLIENT_S_DN_Email']:null;
@@ -88,26 +189,44 @@ function getSSLCert() {
 
 ## 302 REDIRECTS
 
-function redirect($target=NULL) {
+function redirect($target=null,$secure=true) {
     $base = (is_null($target)||substr($target,0,1)=='?')?$_SERVER['REDIRECT_URL']:(dirname($_SERVER['REDIRECT_URL']).'/');
-    redirectFull(is_null($target)?$base:($base.$target));
+    redirectFull(is_null($target)?$base:($base.$target),$secure);
 }
-function redirectFull($target) {
-	redirect2((isSSL()?'https://':'http://').$_SERVER['SERVER_NAME'].$target);
+function redirectFull($target,$secure) {
+	redirect2((isSSL()&&$secure?'https://':'http://').$_SERVER['SERVER_NAME'].$target);
 }
 function redirect2($target) {
 	header('Location: '.$target);
 	exit;
 }
+function flipSSL() {
+	return (isSSL()?'http://':'https://').$_SERVER['SERVER_NAME'].$_SERVER['REDIRECT_URL'];
+}
 
 ## USER SCRIPTS
 
 function addUser($sslCredentials) {
-    global $_NEW_USER;
+    global $_NEW_USER, $_NEW_USERQUOTA, $_NEW_USERSTAT;
+
     $arr = array_merge($sslCredentials, $_NEW_USER);
     $sql = sprintf("INSERT INTO User %s",
                     buildSQLInsert($arr));
-    return DBInsert($sql);
+    $UserId = DBInsert($sql);
+
+	$arr = $_NEW_USERQUOTA;
+	$arr['UserId'] = $UserId;
+    $sql = sprintf("INSERT INTO UserQuota %s",
+                    buildSQLInsert($arr));
+	DBInsert($sql);
+
+	$arr = $_NEW_USERSTAT;
+	$arr['UserId'] = $UserId;
+    $sql = sprintf("INSERT INTO UserQuota %s",
+                    buildSQLInsert($arr));
+	DBInsert($sql);
+
+	return $UserId;
 }
 
 ?>
diff --git a/login.php b/login.php
index fa91e4e..441c778 100644
--- a/login.php
+++ b/login.php
@@ -3,24 +3,41 @@
 require_once('mitsql.cfg.php');
 require_once('mitsql.lib.php');
 
-if (isPost() && isSSL()) {
-    $cred = getSSLCert();
-    if (count($cred)) {
-        $Login = new Login($cred['Username']);
-        if (!$Login->exists()) {
-            addUser($cred);
-            $Login->refresh();
-        }
-    } else {
-		$err[] = 'Your SSL certificate failed to identify you.';
+if (isSSL()) {
+	if (is_null($SSLCred)) {
+		$err[] = 'Please install a valid certificate.';
+	} else {
+	    $Login2 = new Login($SSLUsername);
+	    if (!(empty($SSLUsername) || $Login2->exists())) {
+	        addUser($cred);
+	        $Login = new Login($SSLUsername);
+	    }
 	}
-} elseif (isPost()) {
-} elseif (isSSL()) {
-	require('tpl/login_ssl.php');
-} else {
 }
 
-if (isLoggedIn())
-    redirect('main');
+if (empty($err) && isPost()) {
+	
+	if (isSSL()) {
+	    $Login = new Login($SSLUsername);
+		$Login->update($cred['Name'],$cred['Email']);
+		sess('Login', $Login);
+	} else {
+		$Login = new Login($i_u, $i_p);
+		if ($Login->exists() && !$Login->isEnabled()) {
+			$err[] = 'Account not active. <a href="signup">Did you signup yet?</a>.';
+		} elseif (!$Login->exists()) {
+			$err[] = 'Nonexistant account or invalid password.';
+		} elseif (!$Login->canLogin()) {
+			$err[] = 'That account is no longer valid. Please contact the staff.';
+		} else {
+			sess('Login', $Login);
+		}
+	}
+
+}
+
+isLoggedIn() && redirect('main');
+
+include 'tpl/login.php';
 
 ?>
diff --git a/logout.php b/logout.php
new file mode 100644
index 0000000..9ad1d2a
--- /dev/null
+++ b/logout.php
@@ -0,0 +1,8 @@
+<?php
+
+require_once('mitsql.cfg.php');
+require_once('mitsql.lib.php');
+
+session_destroy();
+
+redirect('index');
diff --git a/main.php b/main.php
index e69de29..b0bd1da 100644
--- a/main.php
+++ b/main.php
@@ -0,0 +1,10 @@
+<?php
+
+require_once('mitsql.cfg.php');
+require_once('mitsql.lib.php');
+
+if (!isLoggedIn()) redirect('index');
+
+include 'tpl/main.php';
+
+?>
diff --git a/mitsql.cfg.php b/mitsql.cfg.php
index ad086c0..7b2c128 100755
--- a/mitsql.cfg.php
+++ b/mitsql.cfg.php
@@ -11,7 +11,7 @@ define('VERSION', '0.2-dev');
 
 define('DELIMETER', '+');
 
-define('HOST', 'localhost');
+define('DBHOST', 'localhost');
 define('ADMINUSER', 'root');
 //define('ADMINPASS', base64_decode('TXlCZWF0c1Bvc3RA'));
 define('ADMINPASS', '');
@@ -28,7 +28,7 @@ require_once('defaults.cfg.php');
 
 $BASE_URL = isset($_SERVER['SCRIPT_NAME'])?dirname($_SERVER['SCRIPT_NAME']).'/':'';
 
-$cxn = mysql_connect(HOST, ADMINUSER, ADMINPASS);
+$cxn = mysql_connect(DBHOST, ADMINUSER, ADMINPASS);
 mysql_select_db(ADMINDB,$cxn);
 
 ?>
diff --git a/mitsql.css b/mitsql.css
index 7b62704..37746d3 100644
--- a/mitsql.css
+++ b/mitsql.css
@@ -1,16 +1,81 @@
-<style>
+body {
+	margin: 1px;
+	font: 12pt verdana, arial, helvetica, sans-serif;
+	background-color: #bbb;
+}
+#body {
+	position: relative;
+	width: 640px;
+	margin-left: auto;
+	margin-right: auto;
+}
+#body {
+	padding: 5px 2px 2px 2px;
+}
+#content0 {
+	position: relative;
+	padding: 5px 0 5px 0;
+}
+#sitename {
+	font-size: 24pt;
+	font-weight: bold;
+}
+#contact {
+	position: absolute;
+	right: 0;
+	font-size: 10pt;
+	margin-top: 20px;
+}
+#content1 {
+	background-color: #aaa;
+	border: 1px outset #aaa;
+	padding: 3px;
+	font-size: 9pt;
+	text-align: right;
+}
+#content2 {
+	padding: 10px;
+	background-color: #aaa;
+	border: 1px inset #999;
+	font-size: 9pt;
+	text-align: left;
+	display: block;
+	padding-bottom: auto;
+}
+#content3 {
+	background-color: #aaa;
+	padding: 3px;
+	font-size: 7pt;
+	text-align: right;
+	border: 1px outset #999;
+	font-style: italic;
+}
+a, a:link, a:visited, a:active {
+	color: maroon;
+	text-decoration: none;
+}
+a:hover {
+	color: white;
+	text-decoration: none;
+	border-bottom: 1px dashed #aaa;
+}
+form {
+	margin: 0;
+	display: inline;
+}
 p {
 	font-family: Verdana;
 	font-size: 10pt;
+	text-indent: 25px;
+}
+h2 {
+	margin-top: 0;
 }
 input {
 	font-family: Verdana;
 	font-size: 9pt;
 	border: 1px solid black;
 }
-address {
-	font-size: 10pt;
-}
 table,tr,td {
 	padding: 0;
 }
@@ -19,18 +84,14 @@ td p {
 	padding-left: 10px;
 	border-left: 1px solid black;
 }
-.header1,.header2 {
-	font-style: italic;
-	font-size: 9pt;
-	border-bottom: 1px solid black;
+div.err {
+	margin: 0px 20px 20px 20px;
+	background-color: #ccc;
+	border: 1px dashed black;
 }
-p.err {
-	color: red;
-	font-style: italic;
+div.err li {
+	color: maroon;
+	font-variant: small-caps;
 	font-weight: bold;
+	list-style-type: square;
 }
-h2,h4 {
-	margin-top: 0;
-	display: inline;
-}
-</style>
\ No newline at end of file
diff --git a/signup.php b/signup.php
new file mode 100644
index 0000000..e958d29
--- /dev/null
+++ b/signup.php
@@ -0,0 +1,26 @@
+<?php
+
+require_once('mitsql.cfg.php');
+require_once('mitsql.lib.php');
+
+if (!isSSL())
+	redirect2(flipSSL());
+
+if (isLoggedIn()) {
+
+	redirect('index');
+
+} else {
+
+	$Login2 = new Login($SSLUsername);
+	if (isPost() && $Login2->canSignup()) {
+		$u = new User($Login2->getUserId());
+		$u->signup($i_p1);
+		$Login2->refresh();
+	}
+
+}
+
+include 'tpl/signup.php';
+
+?>
diff --git a/tpl/foot.inc b/tpl/foot.inc
deleted file mode 100644
index 4f8bfce..0000000
--- a/tpl/foot.inc
+++ /dev/null
@@ -1,4 +0,0 @@
-<div id="footer"><hr><address>MIT SQL Service Management v<?php echo VERSION; ?><br />
-Direct comments and bugs to: <a href="mailto:presbrey@mit.edu">presbrey@mit.edu</a></address></div>
-</body>
-</html>
diff --git a/tpl/foot.php b/tpl/foot.php
new file mode 100644
index 0000000..cb1a383
--- /dev/null
+++ b/tpl/foot.php
@@ -0,0 +1,5 @@
+</div>
+<div id="content3">MIT SQL v<?php echo VERSION; ?></div>
+</div>
+</body>
+</html>
diff --git a/tpl/head.inc b/tpl/head.inc
deleted file mode 100644
index 933a684..0000000
--- a/tpl/head.inc
+++ /dev/null
@@ -1,7 +0,0 @@
-<html>
-<head>
-    <title>MIT SQL Services for Athena</title>
-    <link rel=stylesheet href="<?=$BASE_URL?>mitsql.css" type="text/css">
-</head>
-
-<body>
diff --git a/tpl/head.php b/tpl/head.php
new file mode 100644
index 0000000..ee20655
--- /dev/null
+++ b/tpl/head.php
@@ -0,0 +1,13 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html>
+<head>
+    <title>MIT SQL Services for Athena</title>
+    <link rel=stylesheet href="<?=$BASE_URL?>mitsql.css" type="text/css">
+</head>
+
+<body>
+<div id="body">
+<div id="content0"><span id="sitename">MIT SQL Services</span><span id="contact"><a href="contact">Contact/Help</a></span></div>
+<?php include 'menu.php'; ?>
+<div id="content2">
diff --git a/tpl/index.php b/tpl/index.php
index c00f14f..6f454e6 100644
--- a/tpl/index.php
+++ b/tpl/index.php
@@ -1,7 +1,7 @@
 <?php
-include 'head.inc';
+include 'head.php';
 
 
 
-include 'foot.inc';
+include 'foot.php';
 ?>
diff --git a/tpl/login.php b/tpl/login.php
new file mode 100644
index 0000000..5151449
--- /dev/null
+++ b/tpl/login.php
@@ -0,0 +1,41 @@
+<?php
+include 'head.php';
+
+$thisTxt = isSSL()?' with this Certificate':' via SQL';
+$otherTxt = isSSL()?' without a Certificate':' with a Certificate';
+?>
+
+<h2>Login</h2>
+
+<?php printErrors($err); ?>
+
+<?php if (!isSSL()): ?>
+
+<form method=post>
+<h3>Enter your SQL login:</h3>
+<p>username: <input type="text" name="u"></p>
+<p>password: <input type="password" name="p"></p>
+
+<?php elseif (isSSL() && !empty($SSLCred)): ?>
+
+<form method=post>
+<h3>You are identifed as: <?=$SSLUsername?></h3>
+<p><?=$SSLName?></p>
+<p><?=$SSLEmail?></p>
+
+<?php endif; ?>
+
+<?php if (!isSSL() || $Login2->canLogin()): ?>
+
+<input type=submit value="Login<?=$thisTxt?>">
+</form>
+
+<?php elseif (isSSL()): ?>
+
+<h3><a href="signup">Signup</a> to use this service.</h3>
+
+<?php endif; ?>
+
+<?php
+include 'foot.php';
+?>
diff --git a/tpl/login_ssl.php b/tpl/login_ssl.php
deleted file mode 100644
index 4526cc0..0000000
--- a/tpl/login_ssl.php
+++ /dev/null
@@ -1,13 +0,0 @@
-<?php
-include 'head.inc';
-?>
-
-<?=$Name?><br />
-<?=$Username?><br />
-<form method=post>
-<input type=submit value="Login with Certificates">
-</form>
-
-<?php
-include 'foot.inc';
-?>
diff --git a/tpl/main.php b/tpl/main.php
new file mode 100644
index 0000000..717b51d
--- /dev/null
+++ b/tpl/main.php
@@ -0,0 +1,11 @@
+<?php
+
+include 'head.php';
+
+?>
+<h2>Databases</h2>
+<?php
+
+include 'foot.php';
+
+?>
diff --git a/tpl/menu.php b/tpl/menu.php
new file mode 100644
index 0000000..572e0d0
--- /dev/null
+++ b/tpl/menu.php
@@ -0,0 +1,12 @@
+<div id="content1">
+<?php if (isLoggedIn()): ?>
+<div style="float:left">
+<a href="logout">Logout</a>
+</div>&nbsp;
+Logged in as <em><?=$Username?></em> on <?=DBHOST?>
+<?php else: ?>
+<div style="float:left">
+<a href="signup">Signup</a> | Login via <a href="login?ssl=0">SQL</a> or <a href="login?ssl=1">SSL</a>
+</div>&nbsp;
+<?php endif; ?>
+</div>
diff --git a/tpl/signup.php b/tpl/signup.php
new file mode 100644
index 0000000..c2fed42
--- /dev/null
+++ b/tpl/signup.php
@@ -0,0 +1,35 @@
+<?php
+include 'head.php';
+
+$thisTxt = isSSL()?' with this Certificate':' via SQL';
+?>
+
+<h2>Signup</h2>
+
+<?php printErrors($err); ?>
+
+<h3>You are registering as: <?=$Username?></h3>
+<p><?=$SSLName?></p>
+<p><?=$SSLEmail?></p>
+
+<?php if ($Login2->canSignup()): ?>
+
+<form method=post>
+<p>password: <input type="password" name="p1"></p>
+<p>confirm: <input type="password" name="p2"></p>
+<input type=submit value="Confirm Registration">
+</form>
+
+<?php elseif ($Login2->canLogin()): ?>
+
+<h3><a href="login">Login</a>. This account is already signed up.</h3>
+
+<?php else: ?>
+
+Hi
+
+<?php endif; ?>
+
+<?php
+include 'foot.php';
+?>
-- 
2.45.1