X-Git-Url: http://git.hcoop.net/bpt/portal.git/blobdiff_plain/f432bce2e8a41a84b0cea40ac7b7ae27af2d5958..4763cfb8e0dc2f6b2d4fd798cc9e3124c3e86288:/sec.mlt

diff --git a/sec.mlt b/sec.mlt
index 9e5c0dd..ba58b95 100644
--- a/sec.mlt
+++ b/sec.mlt
@@ -1,14 +1,19 @@
 <% val you = Init.getUserId ();
 val yourname = Init.getUserName ();
 
+val nodeNum = case $"node" of
+		  "" => 2
+		| node => Web.stoi node;
+val nodeName = Init.nodeName nodeNum;
+
 val uname = case $"uname" of
 	  "" => yourname
 	| uname => uname;
 
-val socks = Sec.socketPerms uname;
-val tpe = Sec.isTpe uname;
-val cron = Sec.cronAllowed uname;
-val ftp = Sec.ftpAllowed uname;
+val socks = Sec.socketPerms {node = nodeNum, uname = uname};
+val tpe = Sec.isTpe {node = nodeNum, uname = uname};
+val cron = Sec.cronAllowed {node = nodeNum, uname = uname};
+val ftp = Sec.ftpAllowed {node = nodeNum, uname = uname};
 
 ref showNormal = true;
 
@@ -17,64 +22,76 @@ ref showNormal = true;
 if $"cmd" = "socks" then
 	showNormal := false;
 	val socks = $"socks";
-	%>Are you sure you want to request that socket permissions for <b><% Web.html uname %></b> be changed to <b><% Web.html socks %></b>?<br>
-	<a href="sec?cmd=socks2&uname=<% Web.urlEncode uname %>&socks=<% Web.urlEncode socks %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><%
+	%>Are you sure you want to request that socket permissions for <b><% Web.html uname %></b> on <b><% Web.html nodeName %></b> be changed to <b><% Web.html socks %></b>?<br>
+	<a href="sec?cmd=socks2&node=<% nodeNum %>&uname=<% Web.urlEncode uname %>&socks=<% Web.urlEncode socks %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><%
 elseif $"cmd" = "socks2" then
-	val id = Sec.Req.add (you, String.concat [uname, ": change socket permissions to ", $"socks"], $"msg");
+	val id = Sec.Req.add {usr = you, node = nodeNum, data = String.concat [uname, ": change socket permissions to ", $"socks"], msg = $"msg"};
 	if not (Sec.Req.notifyNew id) then
-		%><h3><b>Error sending e-mail notification</b></h3><%
+		%><h3>Error sending e-mail notification</h3><%
 	end
-	%><h3><b>Request added</b></h3><%
+	%><h3>Request added</h3><%
 
 elseif $"cmd" = "tpe" then
 	showNormal := false;
 	val tpe = iff $"tpe" = "yes" then "on" else "off";
-	%>Are you sure you want to request that trusted-path-executables-only for <b><% Web.html uname %></b> be turned <b><% tpe %></b>?<br>
-	<a href="sec?cmd=tpe2&uname=<% Web.urlEncode uname %>&tpe=<% tpe %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><%
+	%>Are you sure you want to request that trusted-path-executables-only for <b><% Web.html uname %></b> on <b><% Web.html nodeName %></b> be turned <b><% tpe %></b>?<br>
+	<a href="sec?cmd=tpe2&node=<% nodeNum %>&uname=<% Web.urlEncode uname %>&tpe=<% tpe %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><%
 elseif $"cmd" = "tpe2" then
-	val id = Sec.Req.add (you, String.concat [uname, ": turn tpe ", $"tpe"], $"msg");
+	val id = Sec.Req.add {usr = you, node = nodeNum, data = String.concat [uname, ": turn tpe ", $"tpe"], msg = $"msg"};
 	if not (Sec.Req.notifyNew id) then
-		%><h3><b>Error sending e-mail notification</b></h3><%
+		%><h3>Error sending e-mail notification</h3><%
 	end
-	%><h3><b>Request added</b></h3><%
+	%><h3>Request added</h3><%
 
 elseif $"cmd" = "cron" then
 	showNormal := false;
 	val cron = iff $"cron" = "yes" then "enabled" else "disabled";
-	%>Are you sure you want to request that <tt>cron</tt> permissions for <b><% Web.html uname %></b> be <b><% cron %></b>?<br>
-	<a href="sec?cmd=cron2&uname=<% Web.urlEncode uname %>&cron=<% cron %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><%
+	%>Are you sure you want to request that <tt>cron</tt> permissions for <b><% Web.html uname %></b> on <b><% Web.html nodeName %></b> be <b><% cron %></b>?<br>
+	<a href="sec?cmd=cron2&node=<% nodeNum %>&uname=<% Web.urlEncode uname %>&cron=<% cron %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><%
 elseif $"cmd" = "cron2" then
 	val cron = iff $"cron" = "enabled" then "enable" else "disable";
-	val id = Sec.Req.add (you, String.concat [uname, ": ", cron, " cron access"], $"msg");
+	val id = Sec.Req.add {usr = you, node = nodeNum, data = String.concat [uname, ": ", cron, " cron access"], msg = $"msg"};
 	if not (Sec.Req.notifyNew id) then
-		%><h3><b>Error sending e-mail notification</b></h3><%
+		%><h3>Error sending e-mail notification</h3><%
 	end
-	%><h3><b>Request added</b></h3><%
+	%><h3>Request added</h3><%
 
 elseif $"cmd" = "ftp" then
 	showNormal := false;
 	val ftp = iff $"ftp" = "yes" then "enabled" else "disabled";
-	%>Are you sure you want to request that FTP permissions for <b><% Web.html uname %></b> be <b><% ftp %></b>?<br>
-	<a href="sec?cmd=ftp2&uname=<% Web.urlEncode uname %>&ftp=<% ftp %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><%
+	%>Are you sure you want to request that FTP permissions for <b><% Web.html uname %></b> on <b><% Web.html nodeName %></b> be <b><% ftp %></b>?<br>
+	<a href="sec?cmd=ftp2&node=<% nodeNum %>&uname=<% Web.urlEncode uname %>&ftp=<% ftp %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><%
 elseif $"cmd" = "ftp2" then
 	val ftp = iff $"ftp" = "enabled" then "enable" else "disable";
-	val id = Sec.Req.add (you, String.concat [uname, ": ", ftp, " FTP access"], $"msg");
+	val id = Sec.Req.add {usr = you, node = nodeNum, data = String.concat [uname, ": ", ftp, " FTP access"], msg = $"msg"};
 	if not (Sec.Req.notifyNew id) then
-		%><h3><b>Error sending e-mail notification</b></h3><%
+		%><h3>Error sending e-mail notification</h3><%
 	end
-	%><h3><b>Request added</b></h3><%
+	%><h3>Request added</h3><%
 
 elseif $"cmd" = "rule" then
 	showNormal := false;
 	val rule = $"rule";
-	%>Are you sure you want to request the firewall rule <b><% Web.html uname %>&nbsp;<% Web.html rule %></b>?<br>
-	<a href="sec?cmd=rule2&uname=<% Web.urlEncode uname %>&rule=<% Web.urlEncode rule %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><%
+
+	if Sec.validRule rule then
+		%>Are you sure you want to request the firewall rule <b><% Web.html uname %>&nbsp;<% Web.html rule %></b> on <b><% Web.html nodeName %></b>?<br>
+	<a href="sec?cmd=rule2&node=<% nodeNum %>&uname=<% Web.urlEncode uname %>&rule=<% Web.urlEncode rule %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><%
+	else
+		%>"<% Web.html rule %>" is not a valid firewall rule! Please reread <a href="http://wiki.hcoop.net/wiki/FirewallRules">the instructions</a>, and remember to leave off the initial username portion.<%
+	end
+
 elseif $"cmd" = "rule2" then
-	val id = Sec.Req.add (you, String.concat ["Add firewall rule \"", uname, " ", $"rule", "\""], $"msg");
-	if not (Sec.Req.notifyNew id) then
-		%><h3><b>Error sending e-mail notification</b></h3><%
+	val rule = $"rule";
+
+	if Sec.validRule rule then
+		val id = Sec.Req.add {usr = you, node = nodeNum, data = String.concat ["Add firewall rule \"", uname, " ", rule, "\""], msg = $"msg"};
+		if not (Sec.Req.notifyNew id) then
+			%><h3>Error sending e-mail notification</h3><%
+		end
+		%><h3>Request added</h3><%
+	else
+		%>"<% Web.html rule %>" is not a valid firewall rule! Please reread <a href="http://wiki.hcoop.net/wiki/FirewallRules">the instructions</a>, and remember to leave off the initial username portion.<%
 	end
-	%><h3><b>Request added</b></h3><%
 
 elseif $"modRule" <> "" then
 	showNormal := false;
@@ -83,41 +100,42 @@ elseif $"modRule" <> "" then
 	if oldRule = rule then
 		%>You didn't modify the textbox for this rule before clicking the button, so there is no request to be made.<%
 	else
-		%>Are you sure you want to request that firewall rule <b><% Web.html uname %>&nbsp;<% Web.html oldRule %></b> be replaced by <b><% Web.html uname %>&nbsp;<% Web.html rule %></b>?<br>
-		<a href="sec?uname=<% Web.urlEncode uname %>&modRule2=<% Web.urlEncode oldRule %>&rule=<% Web.urlEncode rule %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><%
+		%>Are you sure you want to request that firewall rule <b><% Web.html uname %>&nbsp;<% Web.html oldRule %></b> be replaced by <b><% Web.html uname %>&nbsp;<% Web.html rule %></b> on <b><% Web.html nodeName %></b>?<br>
+		<a href="sec?node=<% nodeNum %>&uname=<% Web.urlEncode uname %>&modRule2=<% Web.urlEncode oldRule %>&rule=<% Web.urlEncode rule %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><%
 	end
 elseif $"modRule2" <> "" then
-	val id = Sec.Req.add (you, String.concat ["Change firewall rule \"", uname, " ", $"modRule2", "\" to \"", uname, " ", $"rule", "\""], $"msg");
+	val id = Sec.Req.add {usr = you, node = nodeNum, data = String.concat ["Change firewall rule \"", uname, " ", $"modRule2", "\" to \"", uname, " ", $"rule", "\""], msg = $"msg"};
 	if not (Sec.Req.notifyNew id) then
-		%><h3><b>Error sending e-mail notification</b></h3><%
+		%><h3>Error sending e-mail notification</h3><%
 	end
-	%><h3><b>Request added</b></h3><%
+	%><h3>Request added</h3><%
 
 elseif $"delRule" <> "" then
 	showNormal := false;
 	val oldRule = $"delRule";
-	%>Are you sure you want to request that firewall rule <b><% Web.html uname %>&nbsp;<% Web.html oldRule %></b> be <b>deleted</b>?<br>
-	<a href="sec?uname=<% Web.urlEncode uname %>&delRule2=<% Web.urlEncode oldRule %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><%
+	%>Are you sure you want to request that firewall rule <b><% Web.html uname %>&nbsp;<% Web.html oldRule %></b> on <b><% Web.html nodeName %></b> be <b>deleted</bD>?<br>
+	<a href="sec?node=<% nodeNum %>&uname=<% Web.urlEncode uname %>&delRule2=<% Web.urlEncode oldRule %>&msg=<% Web.urlEncode ($"msg") %>">Yes, place the request!</a><%
 elseif $"delRule2" <> "" then
-	val id = Sec.Req.add (you, String.concat ["Delete firewall rule \"", uname, " ", $"delRule2", "\""], $"msg");
+	val id = Sec.Req.add {usr = you, node = nodeNum, data = String.concat ["Delete firewall rule \"", uname, " ", $"delRule2", "\""], msg = $"msg"};
 	if not (Sec.Req.notifyNew id) then
-		%><h3><b>Error sending e-mail notification</b></h3><%
+		%><h3>Error sending e-mail notification</h3><%
 	end
-	%><h3><b>Request added</b></h3><%
+	%><h3>Request added</h3><%
 
 elseif $"cmd" = "open" then
 	showNormal := false;
 	Group.requireGroupName "server";
-	%><h3><b>Open requests</b></h3>
+	%><h3>Open requests</h3>
 	<a href="sec?cmd=list">List all requests</a><%
 
 	foreach (name, req) in Sec.Req.listOpen () do %>
 <br><hr><br>
-<table>
-<tr> <td align="right"><b>By</b>:</td> <td><a href="user?id=<% #usr req %>"><% name %></a></td> </tr>
-<tr> <td align="right"><b>Time</b>:</td> <td><% #stamp req %></td> </tr>
-<tr> <td align="right"><b>Request</b>:</td> <td><% #data req %></td> </tr>
-<tr> <td align="right" valign="top"><b>Msg</b>:</td> <td colspan="2"><% Web.html (#msg req) %></td> </tr>
+<table class="blanks">
+<tr> <td>By:</td> <td><a href="user?id=<% #usr req %>"><% name %></a></td> </tr>
+<tr> <td>Time:</td> <td><% #stamp req %></td> </tr>
+<tr> <td>Node:</td> <td><% Web.html (Init.nodeName (#node req)) %></td> </tr>
+<tr> <td>Request:</td> <td><% #data req %></td> </tr>
+<tr> <td>Msg:</td> <td colspan="2"><% Web.html (#msg req) %></td> </tr>
 </table>
 
 <br>
@@ -129,15 +147,16 @@ elseif $"cmd" = "open" then
 elseif $"cmd" = "list" then
 	showNormal := false;
 	Group.requireGroupName "server"
-	%><h3><b>All requests</b></h3><%
+	%><h3>All requests</h3><%
 
 	foreach (name, req) in Sec.Req.list () do %>
 <br><hr><br>
-<table>
-<tr> <td align="right"><b>By</b>:</td> <td colspan="2"><a href="user?id=<% #usr req %>"><% name %></a></td> </tr>
-<tr> <td align="right"><b>Time</b>:</td> <td colspan="2"><% #stamp req %></td> </tr>
-<tr> <td align="right"><b>Request</b>:</td> <td><% #data req %></td> </tr>
-<tr> <td align="right" valign="top"><b>Reason</b>:</td> <td colspan="2"><% Web.html (#msg req) %></td> </tr>
+<table class="blanks">
+<tr> <td>By:</td> <td colspan="2"><a href="user?id=<% #usr req %>"><% name %></a></td> </tr>
+<tr> <td>Time:</td> <td colspan="2"><% #stamp req %></td> </tr>
+<tr> <td>Node:</td> <td><% Web.html (Init.nodeName (#node req)) %></td> </tr>
+<tr> <td>Request:</td> <td><% #data req %></td> </tr>
+<tr> <td>Reason:</td> <td colspan="2"><% Web.html (#msg req) %></td> </tr>
 </table>
 
 <br>
@@ -152,20 +171,24 @@ elseif $"mod" <> "" then
 	val id = Web.stoi ($"mod");
 	val req = Sec.Req.lookup id;
 	val user = Init.lookupUser (#usr req) %>
-<h3><b>Handle request</b></h3>
+<h3>Handle request</h3>
 
 <form action="sec" method="post">
 <input type="hidden" name="save" value="<% id %>">
-<table>
-<tr> <td align="right"><b>Requestor</b>:</td> <td><a href="user?id=<% #usr req %>"><% #name user %></a></td> </tr>
-<tr> <td align="right"><b>Time</b>:</td> <td><% #stamp req %></td> </tr>
-<tr> <td align="right"><b>Status</b>:</td> <td><select name="status">
+<table class="blanks">
+<tr> <td>Requestor:</td> <td><a href="user?id=<% #usr req %>"><% #name user %></a></td> </tr>
+<tr> <td>Time:</td> <td><% #stamp req %></td> </tr>
+<tr> <td>Status:</td> <td><select name="status">
 	<option value="0"<% if #status req = Sec.Req.NEW then %> selected<% end %>>New</option>
 	<option value="1"<% if #status req = Sec.Req.INSTALLED then %> selected<% end %>>Installed</option>
 	<option value="2"<% if #status req = Sec.Req.REJECTED then %> selected<% end %>>Rejected</option>
 </select></td> </tr>
-<tr> <td align="right"><b>Request</b>:</td> <td><input name="req" value="<% #data req %>"></td> </tr>
-<tr> <td align="right" valign="top"><b>Message</b>:</td> <td><textarea name="msg" rows="10" cols="80" wrap="soft"><% Web.html (#msg req) %></textarea></td> </tr>
+<tr> <td>Node:</td> <td><select name="node">
+<% foreach node in Init.listNodes () do %>
+	<option value="<% #id node %>"<% if nodeNum = #node req then %> selected<% end %>><% Web.html (#name node) %> (<% Web.html (#descr node) %>)</option>
+<% end %></select></td> </tr>
+<tr> <td>Request:</td> <td><input name="req" value="<% #data req %>"></td> </tr>
+<tr> <td>Message:</td> <td><textarea name="msg" rows="10" cols="80" wrap="soft"><% Web.html (#msg req) %></textarea></td> </tr>
 <tr> <td><input type="submit" value="Save"></td> </tr>
 </table>
 </form>
@@ -177,13 +200,13 @@ elseif $"mod" <> "" then
 	val req = Sec.Req.lookup id;
 	val oldStatus = #status req;
 	val newStatus = Sec.Req.statusFromInt (Web.stoi ($"status"));
-	Sec.Req.modify {req with data = $"req", msg = $"msg", status = newStatus};
+	Sec.Req.modify {req with node = nodeNum, data = $"req", msg = $"msg", status = newStatus};
 	if oldStatus <> newStatus then
-		if not (Sec.Req.notifyMod (oldStatus, newStatus, Init.getUserName(), id)) then
-			%><h3><b>Error sending e-mail notification</b></h3><%
+		if not (Sec.Req.notifyMod {old = oldStatus, new = newStatus, changer = Init.getUserName(), req = id}) then
+			%><h3>Error sending e-mail notification</h3><%
 		end
 	end
-	%><h3><b>Request modified</b></h3>
+	%><h3>Request modified</h3>
 	Back to: <a href="sec?cmd=open">open requests</a>, <a href="sec?cmd=list">all requests</a>
 
 <% elseif $"del" <> "" then
@@ -192,7 +215,7 @@ elseif $"mod" <> "" then
 	val id = Web.stoi ($"del");
 	val req = Sec.Req.lookup id;
 	val user = Init.lookupUser (#usr req)
-	%><h3><b>Are you sure you want to delete request by <% #name user %> for "<% #data req %>"?</b></h3>
+	%><h3>Are you sure you want to delete request by <% #name user %> for "<% #data req %>" on <% Web.html (Init.nodeName (#node req)) %>?</h3>
 	<a href="sec?del2=<% id %>">Yes, I'm sure!</a>
 
 <% elseif $"del2" <> "" then
@@ -200,88 +223,112 @@ elseif $"mod" <> "" then
 	Group.requireGroupName "server";
 	val id = Web.stoi ($"del2");
 	Sec.Req.delete id
-	%><h3><b>Request deleted</b><h3>
+	%><h3>Request deleted</b><h3>
 	Back to: <a href="sec?cmd=open">open requests</a>, <a href="sec?cmd=list">all requests</a>
 
 <% end;
 
 if showNormal then %>
 
+<table class="blanks">
 <form action="sec" method="post">
-<b>Your users:</b> <select name="uname">
+<input type="hidden" name="uname" value="<% Web.html uname %>">
+<tr> <td>Machines:</td> <td><select name="node">
+<% foreach node in Init.listNodes () do %>
+	<option value="<% #id node %>"<% if nodeNum = #id node then %> selected<% end %>><% Web.html (#name node) %> (<% Web.html (#descr node) %>)</option>
+<% end %></select></td>
+<td><input type="submit" value="Switch"></td> </tr>
+</form>
+<form action="sec" method="post">
+<input type="hidden" name="node" value="<% nodeNum %>">
+<tr> <td>Your users:</td> <td><select name="uname">
 <% foreach name in (yourname :: Sec.findSubusers yourname) do %>
 	<option value="<% name %>"<% if uname = name then %> selected<% end %>><% name %></option>
-<% end %></select> <input type="submit" value="Switch"> </form>
+<% end %></select></td>
+<td><input type="submit" value="Switch"></td> </tr>
+</form>
+</table>
+
+<!--h3>Request socket permissions change</h3>
+
+<p>You need to request socket permissions before you are able to open any network connections. While you will be limited by firewall rules even then, any requests for firewall rules you enter in the "Reason" blank here <b>will be ignored</b>. Please use the separate form at the bottom of this page for that. There is no need to wait until a request for socket permissions has been granted before starting to request firewall rules.</p>
 
-<h3><b>Request socket permissions change</b></h3>
+<p>Keep in mind that, if your request is granted, it will never apply to existing log-in sessions. Close them and re-connect to take advantage of your new privileges.</p>
 
 <form action="sec" method="post">
+<input type="hidden" name="node" value="<% nodeNum %>">
 <input type="hidden" name="uname" value="<% uname %>">
 <input type="hidden" name="cmd" value="socks">
-<table>
-<tr> <td align="right"><b>New permissions:</b></td> <td><select name="socks">
+<table class="blanks">
+<tr> <td>New permissions:</td> <td><select name="socks">
 	<option value="none"<% if socks = Sec.NADA then %> selected<% end %>>None</option>
 	<option value="any"<% if socks = Sec.ANY then %> selected<% end %>>Any</option>
 	<option value="client"<% if socks = Sec.CLIENT_ONLY then %> selected<% end %>>Client only</option>
 	<option value="server"<% if socks = Sec.SERVER_ONLY then %> selected<% end %>>Server only</option>
 </select></td> </tr>
-<tr> <td align="right" valign="top"><b>Reason:</b></td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr>
+<tr> <td>Reason:</td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr>
 <tr> <td><input type="submit" value="Request"></td> </tr>
 </table>
 </form>
 
-<h3><b>Request change to your execute permissions</b></h3>
+<h3>Request change to your execute permissions</h3>
 
 <form action="sec" method="post">
+<input type="hidden" name="node" value="<% nodeNum %>">
 <input type="hidden" name="uname" value="<% uname %>">
 <input type="hidden" name="cmd" value="tpe">
-<table>
-<tr> <td align="right"><b>Trusted path executables only?</b></td> <td><select name="tpe">
+<table class="blanks">
+<tr> <td>Trusted path executables only?</td> <td><select name="tpe">
 	<option value="no"<% if not tpe then %> selected<% end %>>No</option>
 	<option value="yes"<% if tpe then %> selected<% end %>>Yes</option>
 </select></td> </tr>
-<tr> <td align="right" valign="top"><b>Reason:</b></td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr>
+<tr> <td>Reason:</td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr>
 <tr> <td><input type="submit" value="Request"></td> </tr>
 </table>
-</form>
+</form-->
 
-<h3><b>Request change to your <tt>cron</tt> permissions</b></h3>
+<h3>Request change to your <tt>cron</tt> permissions</h3>
 
 <form action="sec" method="post">
+<input type="hidden" name="node" value="<% nodeNum %>">
 <input type="hidden" name="uname" value="<% uname %>">
 <input type="hidden" name="cmd" value="cron">
-<table>
-<tr> <td align="right"><b>Allowed to use cron?</b></td> <td><select name="cron">
+<table class="blanks">
+<tr> <td>Allowed to use cron?</td> <td><select name="cron">
 	<option value="no"<% if not cron then %> selected<% end %>>No</option>
 	<option value="yes"<% if cron then %> selected<% end %>>Yes</option>
 </select></td> </tr>
-<tr> <td align="right" valign="top"><b>Reason:</b></td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr>
+<tr> <td>Reason:</td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr>
 <tr> <td><input type="submit" value="Request"></td> </tr>
 </table>
 </form>
 
-<h3><b>Request change to your FTP permissions</b></h3>
+<h3>Request change to your FTP permissions</h3>
+
+<p>Please read <a href="http://wiki.hcoop.net/wiki/FileTransfer">our wiki instructions on file transfer</a> before requesting FTP access. Almost everyone should use alternative protocols to FTP that provide superior security benefits.</p>
 
 <form action="sec" method="post">
+<input type="hidden" name="node" value="<% nodeNum %>">
 <input type="hidden" name="uname" value="<% uname %>">
 <input type="hidden" name="cmd" value="ftp">
-<table>
-<tr> <td align="right"><b>Allowed to use FTP?</b></td> <td><select name="ftp">
+<table class="blanks">
+<tr> <td>Allowed to use FTP?</td> <td><select name="ftp">
 	<option value="no"<% if not ftp then %> selected<% end %>>No</option>
 	<option value="yes"<% if ftp then %> selected<% end %>>Yes</option>
 </select></td> </tr>
-<tr> <td align="right" valign="top"><b>Reason:</b></td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr>
+<tr> <td>Reason:</td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr>
 <tr> <td><input type="submit" value="Request"></td> </tr>
 </table>
 </form>
 
-<% val rules = Sec.findFirewallRules uname;
+<% val rules = Sec.findFirewallRules {node = nodeNum, uname = uname};
 switch rules of
   _::_ => %>
-<h3><b>Your firewall rules</b></h3>
+<h3>Your firewall rules</h3>
 
 <% foreach rule in rules do %>
 <form action="sec" method="post">
+<input type="hidden" name="node" value="<% nodeNum %>">
 <input type="hidden" name="uname" value="<% uname %>">
 <input type="hidden" name="modRule" value="<% Web.html rule %>">
 <input name="rule" value="<% Web.html rule %>">
@@ -291,19 +338,24 @@ switch rules of
 <% end
 end%>
 
-<h3><b>Request a new firewall rule</b></h3>
+<!--h3>Request a new firewall rule</h3>
 
 <p>You can find a description of rule formats <a href="http://wiki.hcoop.net/wiki/FirewallRules">on our wiki</a>. Enter here the rule you want, without the initial <tt>user</tt> portion.</p>
 
+<p>Please note that <b>your firewall rule will be useless</b> if you don't first request the corresponding socket privileges at the top of this page. Also, common ports like 80 (HTTP) are open to everyone with socket permissions. Verify that you can't access a port after socket permissions have been granted before requesting a special rule here.</p>
+
+<p>We very rarely grant requests for Client rules that don't include remote host whitelists. For example, important security concerns make it a bad idea for us to give anybody blanket IRC permissions. Instead, request specific servers. We will refuse such requests that include networks that are popularly considered fronts for illegal activity.</p>
+
 <form action="sec" method="post">
+<input type="hidden" name="node" value="<% nodeNum %>">
 <input type="hidden" name="uname" value="<% uname %>">
 <input type="hidden" name="cmd" value="rule">
-<table>
-<tr> <td align="right"><b>Rule</b></td> <td><input name="rule" size="80"></td> </tr>
-<tr> <td align="right" valign="top"><b>Reason:</b></td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr>
+<table class="blanks">
+<tr> <td>Rule</td> <td><input name="rule" size="80"></td> </tr>
+<tr> <td>Reason:</td> <td><textarea name="msg" wrap="soft" rows="3" cols="80"></textarea></td> </tr>
 <tr> <td><input type="submit" value="Request"></td> </tr>
 </table>
-</form>
+</form-->
 
 <% end %>
 

By:	<% name %>
Time:	<% #stamp req %>
Request:	<% #data req %>
Msg:	<% Web.html (#msg req) %>
By:	<% name %>
Time:	<% #stamp req %>
Node:	<% Web.html (Init.nodeName (#node req)) %>
Request:	<% #data req %>
Msg:	<% Web.html (#msg req) %>