some user fixes

This commit is contained in:
mad 2018-08-15 17:38:14 +02:00
parent 33fd6621a2
commit 29502222f6
1 changed files with 24 additions and 9 deletions

View File

@ -63,15 +63,18 @@ while ($row = $res->fetchArray(SQLITE3_ASSOC)){
session_unset(); session_unset();
session_destroy(); session_destroy();
session_start(); session_start();
echo "killed inituser!";
} }
} }
if ($usersfound=="no"){ if ($usersfound=="no"){
$_SESSION['username']="inituser";
$_SESSION['isadmin']="1";
if (!isset($_POST['newusername'])){ if (!isset($_POST['newusername'])){
echo "<h1>You have no users in the datbase!</h1></br>"; echo "<h1>You have no users in the datbase!</h1></br>";
// echo "Aborting...."; // echo "Aborting....";
// exit; // exit;
$_SESSION['username']="inituser";
$_SESSION['isadmin']="1";
$mode="usermgmt"; $mode="usermgmt";
} }
} elseif ((isset($_POST['login']))&&(isset($_POST['username']))&&(isset($_POST['password']))){ } elseif ((isset($_POST['login']))&&(isset($_POST['username']))&&(isset($_POST['password']))){
@ -84,10 +87,11 @@ if ($usersfound=="no"){
$_SESSION['username']=$user; $_SESSION['username']=$user;
$_SESSION['isadmin']=$row['admin']; $_SESSION['isadmin']=$row['admin'];
} else { } else {
echo "Password not correct! $pass"; echo "Password not correct!";
} }
} }
} }
if (isset($_SESSION['username'])){ if (isset($_SESSION['username'])){
if ((isset($_POST['deletevm']))&&(isset($_POST['deletename']))){ if ((isset($_POST['deletevm']))&&(isset($_POST['deletename']))){
if($_SESSION['isadmin']!=1){ if($_SESSION['isadmin']!=1){
@ -162,12 +166,14 @@ if (isset($_SESSION['username'])){
//usermanagement //usermanagement
if ((isset($_POST['usermgmt']))||($mode=="usermgmt")){ if ((isset($_POST['usermgmt']))||($mode=="usermgmt")){
$mode="usermgmt"; $mode="usermgmt";
if (($_SESSEION['username']=="inituser")||($_SESSION['isadmin']=="1")){ if (($_SESSION['username']=="inituser")||($_SESSION['isadmin']=="1")){
$sql="SELECT * FROM users"; $sql="SELECT * FROM users";
$res = $db_handle->query($sql); $res = $db_handle->query($sql);
echo "</br>"; echo "</br>";
//echo "<div class=row><div class=col>Username</div><div class=col>Is Admin</div><div class=col>New Password</div></div>"; //echo "<div class=row><div class=col>Username</div><div class=col>Is Admin</div><div class=col>New Password</div></div>";
if ($_SESSION['username']!="inituser"){
echo "<h2>Existing users</h2>"; echo "<h2>Existing users</h2>";
}
while ($row = $res->fetchArray(SQLITE3_ASSOC)){ while ($row = $res->fetchArray(SQLITE3_ASSOC)){
echo "<form id=uform$row[id] action=? method=post><div class=row><div class=col style=text-align:right><input class=form-control name=changeusername value=$row[username]></div>"; echo "<form id=uform$row[id] action=? method=post><div class=row><div class=col style=text-align:right><input class=form-control name=changeusername value=$row[username]></div>";
if ($row['admin']=="1"){ if ($row['admin']=="1"){
@ -196,7 +202,11 @@ if (isset($_SESSION['username'])){
//start vm //start vm
if (isset($_REQUEST['start'])){ if (isset($_REQUEST['start'])){
$vmname = clean($_REQUEST['start']); $vmname = clean($_REQUEST['start']);
$sql="SELECT * FROM vms WHERE vmname='$vmname'"; $sqllimit="";
if($_SESSION['isadmin']!="1"){
$sqllimit="WHERE username='$_SESSION[username]'";
}
$sql="SELECT * FROM vms WHERE vmname='$vmname' $sqllimit";
$res = $db_handle->query($sql); $res = $db_handle->query($sql);
while ($row = $res->fetchArray(SQLITE3_ASSOC)){ while ($row = $res->fetchArray(SQLITE3_ASSOC)){
$shellout = shell_exec("/usr/bin/wrap-nlvmi start $vmname bla"); $shellout = shell_exec("/usr/bin/wrap-nlvmi start $vmname bla");
@ -205,7 +215,10 @@ if (isset($_SESSION['username'])){
} }
if (isset($_REQUEST['stop'])){ if (isset($_REQUEST['stop'])){
$vmname = clean($_REQUEST['stop']); $vmname = clean($_REQUEST['stop']);
$sql="SELECT * FROM vms WHERE vmname='$vmname'"; if($_SESSION['isadmin']!="1"){
$sqllimit="WHERE username='$_SESSION[username]'";
}
$sql="SELECT * FROM vms WHERE vmname='$vmname' $sqllimit";
$res = $db_handle->query($sql); $res = $db_handle->query($sql);
while ($row = $res->fetchArray(SQLITE3_ASSOC)){ while ($row = $res->fetchArray(SQLITE3_ASSOC)){
if(checkvm($vmname)){ if(checkvm($vmname)){
@ -331,8 +344,9 @@ if (isset($_SESSION['username'])){
$sqlv = rtrim($sqlv, ','); $sqlv = rtrim($sqlv, ',');
$sqlv.=")"; $sqlv.=")";
$sql = "$sqls$sqlc$sqlv"; $sql = "$sqls$sqlc$sqlv";
echo $sql; //echo $sql;
$result = $db_handle->exec($sql); $result = $db_handle->exec($sql);
$mode="";
} elseif ($_REQUEST['mode']=="editvm"){ } elseif ($_REQUEST['mode']=="editvm"){
$mode="editvm"; $mode="editvm";
$sql="UPDATE vms SET "; $sql="UPDATE vms SET ";
@ -372,13 +386,14 @@ if (isset($_SESSION['username'])){
$button = "stop"; $button = "stop";
$buttonc = "btn-warning"; $buttonc = "btn-warning";
} }
echo "<div class=col style=\"border:solid 1px;max-width:320px;\">$row[vmname]</br><a class=\"btn btn-primary\" href=# onclick=\"post('?', {edit: '$row[id]'});\">edit</a> "; echo "<div class=col style=\"margin:10px;border:solid 1px;max-width:320px;\">$row[vmname]</br><a class=\"btn btn-primary\" href=# onclick=\"post('?', {edit: '$row[id]'});\">edit</a> ";
echo "<a href=# onclick=\"post('?', {'$button': '$row[vmname]'});\"class=\"btn $buttonc\">$button</a> "; echo "<a href=# onclick=\"post('?', {'$button': '$row[vmname]'});\"class=\"btn $buttonc\">$button</a> ";
echo "<button class=\"btn btn-danger\" data-delete-text=\"Delete VM $row[vmname]!\" data-delete-vm=\"$row[id]\" data-delete-name=\"$row[vmname]\" data-toggle=\"modal\" data-target=\"#confirm-delete\">Delete VM</button> "; echo "<button class=\"btn btn-danger\" data-delete-text=\"Delete VM $row[vmname]!\" data-delete-vm=\"$row[id]\" data-delete-name=\"$row[vmname]\" data-toggle=\"modal\" data-target=\"#confirm-delete\">Delete VM</button> ";
$server = gethostname(); $server = gethostname();
if (preg_match('/stop/', $button)) { if (preg_match('/stop/', $button)) {
echo "<a target=_blank href=novnc/vnc.html?port=$row[websocket]&path=&host=$server class=\"btn btn-success\">VNC</a></div>"; echo "<a target=_blank href=novnc/vnc.html?port=$row[websocket]&path=&host=$server class=\"btn btn-success\">VNC</a></div>";
} }
echo "</div>";
} }
} }
echo "</div></div></body></html>"; echo "</div></div></body></html>";