2018-08-11 20:07:23 +02:00
< ? php
function clean ( $str ) {
$search = array ( '&' , '"' , " ' " , '<' , '>' );
$replace = array ( '&' , '"' , ''' , '<' , '>' );
$str = str_replace ( $search , $replace , $str );
return $str ;
}
2018-08-15 13:50:00 +02:00
if ( isset ( $_REQUEST [ 'logout' ])){
session_start ();
session_unset ();
session_destroy ();
} else {
session_start ();
}
$mode = " " ;
2018-08-12 20:21:33 +02:00
function checkvm ( $vmname ) {
$shellout = shell_exec ( " /usr/bin/wrap-nlvmi checkvm $vmname bla " ); //){
if ( preg_match_all ( '/running/' , $shellout )){
return 0 ;
}
return 1 ;
}
2018-08-11 20:07:23 +02:00
//read config file
$configfile = new SplFileObject ( " /etc/nlvmi/nlvmi.conf " );
while ( ! $configfile -> eof ()) {
$line = $configfile -> fgets ();
if ( ! preg_match ( '/^#/' , $line )){
if ( ! preg_match ( '/^$/' , $line )){
if ( preg_match ( '/=/' , $line )){
$configparam = explode ( '=' , $line );
$p = rtrim ( $configparam [ 1 ]);
//echo "B$p";
$config [ $configparam [ 0 ]] = str_replace ( '"' , '' , $p );
}
}
}
}
$file = null ;
//check db connection
if ( $config [ 'DATABASETYPE' ] == " sqlite " ){
$db_handle = new SQLite3 ( $config [ 'SQLITEFILE' ]);
$query = " SELECT name FROM sqlite_master WHERE type='table' AND name='vms'; " ;
$db_handle -> exec ( $query );
$result = $db_handle -> query ( $query );
$row = $result -> fetchArray ();
if ( ! $row [ 'name' ] == " vms " ){
echo " DB connection failed! " ;
exit ;
}
}
2018-08-13 20:11:24 +02:00
2018-08-15 13:50:00 +02:00
//check login
$usersfound = " no " ;
$sql = " SELECT * FROM users LIMIT 1 " ;
$res = $db_handle -> query ( $sql );
while ( $row = $res -> fetchArray ( SQLITE3_ASSOC )){
$usersfound = " yes " ;
if ( $_SESSION [ 'username' ] == " inituser " ){
session_unset ();
session_destroy ();
session_start ();
}
}
if ( $usersfound == " no " ){
if ( ! isset ( $_POST [ 'newusername' ])){
echo " <h1>You have no users in the datbase!</h1></br> " ;
// echo "Aborting....";
// exit;
$_SESSION [ 'username' ] = " inituser " ;
$_SESSION [ 'isadmin' ] = " 1 " ;
$mode = " usermgmt " ;
}
} elseif (( isset ( $_POST [ 'login' ])) && ( isset ( $_POST [ 'username' ])) && ( isset ( $_POST [ 'password' ]))){
$user = clean ( $_POST [ 'username' ]);
$pass = clean ( $_POST [ 'password' ]);
$sql = " SELECT password,admin FROM users WHERE username=' $user ' " ;
$res = $db_handle -> query ( $sql );
while ( $row = $res -> fetchArray ( SQLITE3_ASSOC )){
if ( password_verify ( $pass , $row [ 'password' ])){
$_SESSION [ 'username' ] = $user ;
$_SESSION [ 'isadmin' ] = $row [ 'admin' ];
} else {
echo " Password not correct! $pass " ;
}
}
}
if ( isset ( $_SESSION [ 'username' ])){
2018-08-13 16:49:49 +02:00
if (( isset ( $_POST [ 'deletevm' ])) && ( isset ( $_POST [ 'deletename' ]))){
$vmname = clean ( $_POST [ 'deletename' ]);
$vmid = clean ( $_POST [ 'deletevm' ]);
$sql = " SELECT id FROM vms WHERE vmname=' $vmname ' AND id=' $vmid ' " ;
$res = $db_handle -> query ( $sql );
while ( $row = $res -> fetchArray ( SQLITE3_ASSOC )){
$sqld = " DELETE FROM vms WHERE id=' $vmid ' " ;
if ( $db_handle -> query ( $sqld )){
echo " VM $vmname deleted! " ;
}
}
}
2018-08-15 13:50:00 +02:00
//insert new user in db
if ( isset ( $_POST [ 'newusername' ])){
$newusername = clean ( $_POST [ 'newusername' ]);
$newpassword = password_hash ( clean ( $_POST [ 'newpassword' ]), PASSWORD_DEFAULT );
if ( $_POST [ 'isadmin' ] == " on " ){
$isadmin = " 1 " ;
} else {
$isadmin = " 0 " ;
}
$sqlu = " SELECT id FROM users WHERE username=' $newusername ' " ;
$res = $db_handle -> query ( $sqlu );
while ( $row = $res -> fetchArray ( SQLITE3_ASSOC )){
echo " username already exist! " ;
exit ;
}
$sql = " INSERT INTO users (username,password,admin) VALUES(' $newusername ', ' $newpassword ', ' $isadmin ') " ;
$res = $db_handle -> query ( $sql );
$res = $db_handle -> query ( $sqlu );
while ( $row = $res -> fetchArray ( SQLITE3_ASSOC )){
echo " success " ;
exit ;
}
echo " Failed to insert into DB! " ;
exit ;
}
//update user in db
if ( isset ( $_POST [ 'changeusername' ])){
if ( $_SESSION [ 'isadmin' ] != 1 ){
echo " you are not allowed to change usernames! " ;
} else {
$username = clean ( $_POST [ 'changeusername' ]);
$pass = password_hash ( clean ( $_POST [ 'passwordchange' ]), PASSWORD_DEFAULT );
if ( $_POST [ 'isadmin' ] == " on " ){
$isadmin = " 1 " ;
} else {
$isadmin = " 0 " ;
}
$sql = " UPDATE users SET username=' $username ', password=' $pass ', admin=' $isadmin ' " ;
if ( $db_handle -> query ( $sql )){
echo " success " ;
exit ;
}
}
}
2018-08-13 16:49:49 +02:00
2018-08-12 15:09:47 +02:00
include ( 'header.php' );
2018-08-15 13:50:00 +02:00
//usermanagement
if (( isset ( $_POST [ 'usermgmt' ])) || ( $mode == " usermgmt " )){
$mode = " usermgmt " ;
if (( $_SESSEION [ 'username' ] == " inituser " ) || ( $_SESSION [ 'isadmin' ] == " 1 " )){
$sql = " SELECT * FROM users " ;
$res = $db_handle -> query ( $sql );
echo " </br> " ;
//echo "<div class=row><div class=col>Username</div><div class=col>Is Admin</div><div class=col>New Password</div></div>";
echo " <h2>Existing users</h2> " ;
while ( $row = $res -> fetchArray ( SQLITE3_ASSOC )){
echo " <form id=uform $row[id] action=? method=post><div class=row><div class=col style=text-align:right><input class=form-control name=changeusername value= $row[username] ></div> " ;
if ( $row [ 'admin' ] == " 1 " ){
$checked = " checked " ;
} else {
$checked = " " ;
}
echo " <div class=col-ms><input data-onstyle= \" danger \" data-offstyle=success name=isadmin id= \" isadmin \" type= \" checkbox \" data-toggle= \" toggle \" data-on= \" user is Admin \" data-off= \" user is no Admin \" $checked ></div> " ;
echo " <input type=hidden name=userchange value= $row[id] > " ;
echo " <div class=col><input class=form-control type=password name=passwordchange placeholder=newpassword></div><div class=col><a href=# class= \" btn btn-success \" onclick= \" javascript:submitbutton('uform $row[id] '); \" >save user</a></div></div></form> " ;
}
//newuserform
echo " <h2>Create a new user</h2><form id=newuserform action=? method=post><div class=row><div class=col><input type=text class=form-control name=newusername placeholder=Username></div> " ;
if ( $_SESSION [ 'username' ] != " inituser " ){
echo " <div class=col-ms><input data-onstyle= \" danger \" data-offstyle=success name=isadmin id= \" isadmin \" type= \" checkbox \" data-toggle= \" toggle \" data-on= \" user is Admin \" data-off= \" user is no Admin \" checked></div> " ;
} else {
echo " <input type=hidden name=isadmin value=on> " ;
}
echo " <div class=col><input class=form-control type=password name=newpassword placeholder=newpassword></div><div class=col><a href=# class= \" btn btn-success \" onclick= \" javascript:submitbutton('newuserform'); \" >Create user</a></div></div></form> " ;
}
}
2018-08-12 20:21:33 +02:00
if ( isset ( $_REQUEST [ 'start' ])){
$vmname = clean ( $_REQUEST [ 'start' ]);
$sql = " SELECT * FROM vms WHERE vmname=' $vmname ' " ;
$res = $db_handle -> query ( $sql );
while ( $row = $res -> fetchArray ( SQLITE3_ASSOC )){
$shellout = shell_exec ( " /usr/bin/wrap-nlvmi start $vmname bla " );
echo $shellout ;
}
}
if ( isset ( $_REQUEST [ 'stop' ])){
$vmname = clean ( $_REQUEST [ 'stop' ]);
$sql = " SELECT * FROM vms WHERE vmname=' $vmname ' " ;
$res = $db_handle -> query ( $sql );
while ( $row = $res -> fetchArray ( SQLITE3_ASSOC )){
if ( checkvm ( $vmname )){
$shellout = shell_exec ( " /usr/bin/wrap-nlvmi stop $vmname bla " );
echo $shellout ;
}
}
}
2018-08-11 20:07:23 +02:00
//form for edit and new vms
if ( isset ( $_REQUEST [ 'edit' ])){
2018-08-12 15:09:47 +02:00
$mode = " editvm " ;
2018-08-11 20:07:23 +02:00
$formname = " editvm " ;
$eid = clean ( $_REQUEST [ 'edit' ]);
$sql = " SELECT * FROM vms WHERE id=' $eid ' " ;
$res = $db_handle -> query ( $sql );
$editid = " <input type=hidden name=editid value= $eid > " ;
while ( $row = $res -> fetchArray ( SQLITE3_ASSOC )){
$e = $row ;
}
} elseif ( isset ( $_REQUEST [ 'newvm' ])) {
$formname = " newvm " ;
$editid = " " ;
2018-08-12 15:09:47 +02:00
$mode = " newvm " ;
2018-08-11 20:07:23 +02:00
}
2018-08-12 15:09:47 +02:00
2018-08-11 20:07:23 +02:00
if ( isset ( $formname )){
2018-08-13 20:11:24 +02:00
echo " <h2> $formname </h2></br> " ;
echo " <form name= $formname action=? method=post> " ;
$res = $db_handle -> query ( 'PRAGMA table_info(vms)' );
while ( $col = $res -> fetchArray ( SQLITE3_ASSOC )) {
$arrColnames [] = $col [ 'name' ];
}
for ( $col = 0 ; $col < count ( $arrColnames ); $col ++ ){
if ( $arrColnames [ $col ] != " id " ){
if ( isset ( $e [ $arrColnames [ $col ]])){
2018-08-12 16:32:25 +02:00
$val = $e [ $arrColnames [ $col ]];
} else {
$val = " " ;
}
2018-08-13 20:11:24 +02:00
if ( $arrColnames [ $col ] == " bootoption " ){
if ( $val == " " ) {
$val = " c " ;
}
echo " <div class=row><div class=col-md-1 style=text-align:right>bootoption</div><div class=col-md-2><div class=dropdown><button class= \" btn btn-secondary dropdown-toggle \" type=button id=bootoptionbutton data-toggle=dropdown aria-haspopup=true aria-expanded=false> $val </button> " ;
echo " <div class=dropdown-menu aria-labelledby=bootoptionbutton> " ;
echo " <a class=dropdown-item href= \" javascript:dropdown('bootoptionbutton','c') \" >c</a> " ;
echo " <a class=dropdown-item href= \" javascript:dropdown('bootoptionbutton','d') \" >d</a> " ;
echo " </div></div></div></div><input type=hidden id=bootoptionbuttonh name=bootoption value=c> " ;
2018-08-12 15:09:47 +02:00
// echo "$arrColnames[$col] <select name=bootoption><option value=c>C</option><option value=d>D</option></select></br>";
2018-08-13 20:11:24 +02:00
} elseif ( $arrColnames [ $col ] == " arch " ){
echo " <div class=row><div class=col-md-1 style=text-align:right>arch</div><div class=col-md-2><div class=dropdown><button class= \" btn btn-secondary dropdown-toggle \" type=button id=archbutton data-toggle=dropdown aria-haspopup=true aria-expanded=false>x86_64</button> " ;
echo " <div class=dropdown-menu aria-labelledby=archbutton> " ;
echo " <a class=dropdown-item href= \" javascript:dropdown('archbutton','x86_64') \" >x86_64</a> " ;
echo " </div></div></div></div><input type=hidden id=archbuttonh name=arch value=x86_64> " ;
2018-08-12 15:09:47 +02:00
// echo "$arrColnames[$col] <select name=arch><option value=qemu-system-x86_64>x86_64</option></select></br>";
2018-08-13 20:11:24 +02:00
} elseif ( $arrColnames [ $col ] == " cdrom " ){
echo " <div class=row><div class=col-md-1 style=text-align:right>cdrom</div><div class=col-md-2><div class=dropdown><button class= \" btn btn-secondary dropdown-toggle \" type=button id=cdrombutton data-toggle=dropdown aria-haspopup=true aria-expanded=false> $val </button> " ;
echo " <div class=dropdown-menu aria-labelledby=cdrombutton> " ;
$isodirs = explode ( '|' , $config [ 'ISODIRECTORY' ]);
foreach ( $isodirs as $isodir ){
$files = array_diff ( scandir ( $isodir ), array ( '.' , '..' ));
$files = array_values ( array_filter ( $files ));
for ( $f = 0 ; $f < count ( $files ); $f ++ ){
if (( preg_match ( '/iso/' , $files [ $f ])) || ( preg_match ( '/ISO/' , $files [ $f ]))){
echo " <a class=dropdown-item href= \" javascript:dropdown('cdrombutton',' $isodir / $files[$f] ') \" > $isodir / $files[$f] </a> " ;
}
2018-08-12 17:22:18 +02:00
}
2018-08-12 15:51:15 +02:00
}
2018-08-13 20:11:24 +02:00
echo " </div></div></div></div><input type=hidden id=cdrombuttonh name=cdrom value= $val > " ;
} elseif ( preg_match ( '/format/' , $arrColnames [ $col ])) {
echo " <div class=col-md-1 style=text-align:right> $arrColnames[$col] </div><div class=col-md-2><input class=form-control type=text name= $arrColnames[$col] value= $val ></div></div> " ;
} elseif ( preg_match ( '/tapdev/' , $arrColnames [ $col ])) {
echo " <div class=row><div class=col-md-1 style=text-align:right> $arrColnames[$col] </div><div class=col-md-2><input class=form-control type=text name= $arrColnames[$col] value= $val ></div> " ;
} elseif ( preg_match ( '/macaddr/' , $arrColnames [ $col ])) {
echo " <div class=col-md-1 style=text-align:right> $arrColnames[$col] </div><div class=col-md-2><input class=form-control type=text name= $arrColnames[$col] value= $val ></div> " ;
} elseif ( preg_match ( '/brdev/' , $arrColnames [ $col ])) {
echo " <div class=col-md-1 style=text-align:right> $arrColnames[$col] </div><div class=col-md-2><input class=form-control type=text name= $arrColnames[$col] value= $val ></div></div> " ;
} elseif ( preg_match ( '/drive/' , $arrColnames [ $col ])){
echo " <div class=row><div class=col-md-1 style=text-align:right> $arrColnames[$col] </div><div class=col-md-2><div class=dropdown><button class= \" btn btn-secondary dropdown-toggle \" type=button id= $arrColnames[$col] button data-toggle=dropdown aria-haspopup=true aria-expanded=false> $val </button> " ;
echo " <div class=dropdown-menu aria-labelledby= $arrColnames[$col] button> " ;
$vmdirs = explode ( '|' , $config [ 'VMDIRECTORY' ]);
foreach ( $vmdirs as $vmdir ){
$files = array_diff ( scandir ( $vmdir ), array ( '.' , '..' ));
$files = array_values ( array_filter ( $files ));
for ( $f = 0 ; $f < count ( $files ); $f ++ ){
echo " <a class=dropdown-item href= \" javascript:dropdown(' $arrColnames[$col] button',' $vmdir / $files[$f] ') \" > $vmdir / $files[$f] </a> " ;
}
2018-08-12 17:22:18 +02:00
}
2018-08-13 20:11:24 +02:00
echo " </div></div></div><input type=hidden id= $arrColnames[$col] buttonh name= $arrColnames[$col] value= $val > " ;
} else {
echo " <div class=row><div class=col-md-1 style=text-align:right> $arrColnames[$col] </div><div class=col-md-2><input class=form-control type=text name= $arrColnames[$col] value= $val ></div></div> " ;
2018-08-12 17:22:18 +02:00
}
2018-08-11 20:07:23 +02:00
}
}
2018-08-13 20:11:24 +02:00
echo " $editid <input type=hidden name=mode value= $formname ><input class= \" btn btn-primary \" type=submit></form> " ;
2018-08-11 20:07:23 +02:00
}
2018-08-12 15:09:47 +02:00
2018-08-11 20:07:23 +02:00
//insert in db
if ( isset ( $_REQUEST [ 'mode' ])){
2018-08-12 15:09:47 +02:00
if ( $_REQUEST [ 'mode' ] == " newvm " ){
$mode = " newvm " ;
$sqls = " INSERT INTO vms " ;
$sqlc = " ( " ;
$sqlv = " VALUES ( " ;
foreach ( array_keys ( $_REQUEST ) as $rkey ){
if ( $rkey != " mode " ){
$rvalue = clean ( $_REQUEST [ $rkey ]);
2018-08-12 16:05:37 +02:00
if ( $rvalue == " x86_64 " ){
$rvalue = " qemu-system-x86_64 " ;
}
2018-08-12 15:09:47 +02:00
$sqlc .= " $rkey , " ;
$sqlv .= " ' $rvalue ', " ;
}
}
$sqlc = rtrim ( $sqlc , ',' );
$sqlc .= " ) " ;
$sqlv = rtrim ( $sqlv , ',' );
$sqlv .= " ) " ;
$sql = " $sqls $sqlc $sqlv " ;
echo $sql ;
$result = $db_handle -> exec ( $sql );
} elseif ( $_REQUEST [ 'mode' ] == " editvm " ){
$mode = " editvm " ;
$sql = " UPDATE vms SET " ;
foreach ( array_keys ( $_REQUEST ) as $rkey ){
if (( $rkey != " mode " ) && ( $rkey != " editid " )){
$rvalue = clean ( $_REQUEST [ $rkey ]);
2018-08-12 16:05:37 +02:00
if ( $rvalue == " x86_64 " ){
$rvalue = " qemu-system-x86_64 " ;
}
2018-08-12 15:09:47 +02:00
$sql .= " $rkey =' $rvalue ', " ;
}
}
$sql = rtrim ( $sql , ',' );
$eid = clean ( $_REQUEST [ 'editid' ]);
$sql .= " WHERE id=' $eid ' " ;
$result = $db_handle -> exec ( $sql );
2018-08-11 20:07:23 +02:00
}
}
2018-08-12 15:09:47 +02:00
2018-08-15 13:50:00 +02:00
if (( $mode != " newvm " ) && ( $mode != " editvm " ) && ( $mode != 'usermgmt' )){
2018-08-13 19:21:12 +02:00
echo " </br><a class= \" btn btn-primary \" href=# onclick= \" post('?', { newvm: 'newvm'}); \" >Create a new VM</a></br></br> " ;
2018-08-12 15:09:47 +02:00
//getting vms from DB
$sql = " SELECT * FROM vms " ;
$res = $db_handle -> query ( $sql );
echo " <div class=row> " ;
while ( $row = $res -> fetchArray ( SQLITE3_ASSOC )){
2018-08-12 20:21:33 +02:00
if ( checkvm ( $row [ 'vmname' ])){
$button = " start " ;
2018-08-13 19:21:12 +02:00
$buttonc = " btn-success " ;
2018-08-12 20:21:33 +02:00
} else {
2018-08-13 19:21:12 +02:00
$button = " stop " ;
$buttonc = " btn-warning " ;
2018-08-12 20:21:33 +02:00
}
2018-08-13 20:11:24 +02:00
echo " <div class=col style= \" border:solid 1px;max-width:320px; \" > $row[vmname] </br><a class= \" btn btn-primary \" href=# onclick= \" post('?', { edit: ' $row[id] '}); \" >edit</a> " ;
2018-08-13 19:21:12 +02:00
echo " <a href=# onclick= \" post('?', { ' $button ': ' $row[vmname] '}); \" class= \" btn $buttonc\ " > $button </ a > " ;
echo " <button class= \" btn btn-danger \" data-delete-text= \" Delete VM $row[vmname] ! \" data-delete-vm= \" $row[id] \" data-delete-name= \" $row[vmname] \" data-toggle= \" modal \" data-target= \" #confirm-delete \" >Delete VM</button> " ;
2018-08-13 18:25:05 +02:00
$server = gethostname ();
2018-08-13 19:21:12 +02:00
if ( preg_match ( '/stop/' , $button )) {
2018-08-15 13:50:00 +02:00
echo " <a target=_blank href=novnc/vnc.html?port= $row[websocket] &path=&host= $server class= \" btn btn-success \" >VNC</a></div> " ;
2018-08-13 18:25:05 +02:00
}
2018-08-11 20:07:23 +02:00
}
2018-08-13 19:21:12 +02:00
}
2018-08-12 15:09:47 +02:00
echo " </div></div></body></html> " ;
2018-08-15 13:50:00 +02:00
} elseif ( ! isset ( $_SESSION [ 'username' ])){
echo " <h1>Welcome to nlvmi!</h1><h2>You need to log in</h2></br> " ;
echo " <form action=? method=post>Username: <input type=text name=username> Password: <input type=password name=password> <input name=login type=submit></form> " ;
exit ;
}
2018-08-11 20:07:23 +02:00
?>
