From 8e66017d924792c6a0c3489b63d6c0b57c8544cb Mon Sep 17 00:00:00 2001
From: David Anderson <davea@ssl.berkeley.edu>
Date: Wed, 21 Apr 2004 23:25:05 +0000
Subject: [PATCH] *** empty log message ***

svn path=/trunk/boinc/; revision=3282
---
 checkin_notes                  | 20 +++++++++++++++++
 html/forum/edit.php            |  2 +-
 html/inc/countries.inc         | 40 +++++++++++++++++++---------------
 html/inc/util.inc              |  6 +----
 html/user/result.php           |  5 -----
 html/user/results.php          |  3 +--
 html/user/show_host_detail.php |  2 +-
 7 files changed, 47 insertions(+), 31 deletions(-)

diff --git a/checkin_notes b/checkin_notes
index 66bb5877f4..6d709981db 100755
--- a/checkin_notes
+++ b/checkin_notes
@@ -11718,3 +11718,23 @@ David  April 20 2004
 		file_names.C
 	lib/
 		filesys.C
+
+David  April 21 2004
+    - Web: page_head() no longer checks for logged-in user.
+        Pages that care about that must do it separately,
+        and can pass the user into page_head() if they want.
+    - added is_valid_country() function
+    - don't get logged-in user for pages that don't show sensitive info
+        (results, workunit, host).
+        This also makes these pages cacheable.
+
+    html/
+        forum/
+            edit.php
+        inc/
+            countries.php
+            util.inc
+        user/
+            result.php
+            results.php
+            show_host_detail.php
diff --git a/html/forum/edit.php b/html/forum/edit.php
index 923f354ace..652928ce73 100644
--- a/html/forum/edit.php
+++ b/html/forum/edit.php
@@ -30,7 +30,7 @@ if ($_POST['submit']) {
 }
 
 
-page_head('Forum', $logged_in_user, NULL, 'forum.css');
+page_head('Forum', $logged_in_user);
 
 if (!empty($_GET['id'])) {
     $post = getPost($_GET['id']);
diff --git a/html/inc/countries.inc b/html/inc/countries.inc
index 4816699ef3..f3f48e8fab 100644
--- a/html/inc/countries.inc
+++ b/html/inc/countries.inc
@@ -233,27 +233,33 @@ $countries = array(
     "Yemen",
     "Zambia",
     "Zimbabwe"
-    );
+);
 
 function print_country_select($selected_country="None") {
-   global $countries;
+    global $countries;
 
-   //See if we can find the user's country and select it as default:
-   $gi = geoip_open("../inc/GeoIP.dat",GEOIP_STANDARD);
-   $geoip_country = geoip_country_name_by_addr($gi,$_SERVER["REMOTE_ADDR"]);
-   geoip_close($gi);
+    //See if we can find the user's country and select it as default:
+    $gi = geoip_open("../inc/GeoIP.dat",GEOIP_STANDARD);
+    $geoip_country = geoip_country_name_by_addr($gi,$_SERVER["REMOTE_ADDR"]);
+    geoip_close($gi);
 
-   if ($selected_country=="") $selected_country="None";
-   if ($selected_country=="None" and $geoip_country!=""){
-       $selected_country=$geoip_country;
-   }
-   echo "selected: $selected_country\n";
+    if ($selected_country=="") $selected_country="None";
+    if ($selected_country=="None" and $geoip_country!=""){
+        $selected_country=$geoip_country;
+    }
+    echo "selected: $selected_country\n";
 
-   $numCountries = count($countries);
-   for ($i=0; $i<$numCountries; $i++) {
-       $country = $countries[$i];
-       $selected = ($selected_country == $country ? "selected":"");
-       echo "<option value=\"$country\" $selected>$country</option>\n";
-   }
+    $numCountries = count($countries);
+    for ($i=0; $i<$numCountries; $i++) {
+        $country = $countries[$i];
+        $selected = ($selected_country == $country ? "selected":"");
+        echo "<option value=\"$country\" $selected>$country</option>\n";
+    }
 } 
+
+function is_valid_country($country) {
+    global $countries;
+    return in_array($country, $countries);
+}
+
 ?>
diff --git a/html/inc/util.inc b/html/inc/util.inc
index 1486d82e31..b503bab19c 100644
--- a/html/inc/util.inc
+++ b/html/inc/util.inc
@@ -122,11 +122,7 @@ function write_fd($fd, $str) {
     }
 }
 
-function page_head($title, $user=null, $fd=null, $get_user=true) {
-    if ($user == NULL && $get_user) {
-        $user = get_logged_in_user(false);
-    }
-
+function page_head($title, $user=null, $fd=null) {
     $styleSheet = URL_BASE . STYLESHEET;
 
     write_fd($fd, "<html><head><title>$title</title>\n");
diff --git a/html/user/result.php b/html/user/result.php
index 535960e151..01f9b27925 100644
--- a/html/user/result.php
+++ b/html/user/result.php
@@ -8,7 +8,6 @@
     db_init();
     $resultid = $_GET["resultid"];
     page_head("Result");
-    $user = get_logged_in_user();
     $r = mysql_query("select * from result where id=$resultid");
     $result = mysql_fetch_object($r);
     mysql_free_result($r);
@@ -16,10 +15,6 @@
         echo "No such result";
         exit();
     }
-    //if ($result->userid != $user->id) {
-    //    echo "No access";
-    //    exit();
-    //}
     show_result($result);
     page_tail();
 ?>
diff --git a/html/user/results.php b/html/user/results.php
index d5ff3c5b80..0b8e7b3362 100644
--- a/html/user/results.php
+++ b/html/user/results.php
@@ -13,14 +13,13 @@
     $offset = $_GET["offset"];
     if (!$offset) $offset=0;
 
-    $user = get_logged_in_user();
-
     if ($hostid) {
         $host = lookup_host($hostid);
         $type = "host";
         $link = "<a href=show_host_detail.php?hostid=$hostid>host $hostid</a>";
         $clause = "hostid=$hostid";
     } else {
+        $user = get_logged_in_user();
         if ($userid != $user->id) {
             echo "No access";
             exit();
diff --git a/html/user/show_host_detail.php b/html/user/show_host_detail.php
index 9bb7cda542..edc7eb6b6a 100644
--- a/html/user/show_host_detail.php
+++ b/html/user/show_host_detail.php
@@ -13,7 +13,7 @@
         exit();
     }
     $private = false;
-    $user = get_logged_in_user();
+    $user = get_logged_in_user(false);
     if ($user && $user->id == $host->userid) {
         $private = true;
     }