some user fixes

This commit is contained in:
mad 2018-08-15 17:38:14 +02:00
parent 33fd6621a2
commit 29502222f6
1 changed files with 24 additions and 9 deletions

View File

@ -63,15 +63,18 @@ while ($row = $res->fetchArray(SQLITE3_ASSOC)){
session_unset();
session_destroy();
session_start();
echo "killed inituser!";
}
}
if ($usersfound=="no"){
$_SESSION['username']="inituser";
$_SESSION['isadmin']="1";
if (!isset($_POST['newusername'])){
echo "<h1>You have no users in the datbase!</h1></br>";
// echo "Aborting....";
// exit;
$_SESSION['username']="inituser";
$_SESSION['isadmin']="1";
$mode="usermgmt";
}
} elseif ((isset($_POST['login']))&&(isset($_POST['username']))&&(isset($_POST['password']))){
@ -84,10 +87,11 @@ if ($usersfound=="no"){
$_SESSION['username']=$user;
$_SESSION['isadmin']=$row['admin'];
} else {
echo "Password not correct! $pass";
echo "Password not correct!";
}
}
}
if (isset($_SESSION['username'])){
if ((isset($_POST['deletevm']))&&(isset($_POST['deletename']))){
if($_SESSION['isadmin']!=1){
@ -162,12 +166,14 @@ if (isset($_SESSION['username'])){
//usermanagement
if ((isset($_POST['usermgmt']))||($mode=="usermgmt")){
$mode="usermgmt";
if (($_SESSEION['username']=="inituser")||($_SESSION['isadmin']=="1")){
if (($_SESSION['username']=="inituser")||($_SESSION['isadmin']=="1")){
$sql="SELECT * FROM users";
$res = $db_handle->query($sql);
echo "</br>";
//echo "<div class=row><div class=col>Username</div><div class=col>Is Admin</div><div class=col>New Password</div></div>";
if ($_SESSION['username']!="inituser"){
echo "<h2>Existing users</h2>";
}
while ($row = $res->fetchArray(SQLITE3_ASSOC)){
echo "<form id=uform$row[id] action=? method=post><div class=row><div class=col style=text-align:right><input class=form-control name=changeusername value=$row[username]></div>";
if ($row['admin']=="1"){
@ -196,7 +202,11 @@ if (isset($_SESSION['username'])){
//start vm
if (isset($_REQUEST['start'])){
$vmname = clean($_REQUEST['start']);
$sql="SELECT * FROM vms WHERE vmname='$vmname'";
$sqllimit="";
if($_SESSION['isadmin']!="1"){
$sqllimit="WHERE username='$_SESSION[username]'";
}
$sql="SELECT * FROM vms WHERE vmname='$vmname' $sqllimit";
$res = $db_handle->query($sql);
while ($row = $res->fetchArray(SQLITE3_ASSOC)){
$shellout = shell_exec("/usr/bin/wrap-nlvmi start $vmname bla");
@ -205,7 +215,10 @@ if (isset($_SESSION['username'])){
}
if (isset($_REQUEST['stop'])){
$vmname = clean($_REQUEST['stop']);
$sql="SELECT * FROM vms WHERE vmname='$vmname'";
if($_SESSION['isadmin']!="1"){
$sqllimit="WHERE username='$_SESSION[username]'";
}
$sql="SELECT * FROM vms WHERE vmname='$vmname' $sqllimit";
$res = $db_handle->query($sql);
while ($row = $res->fetchArray(SQLITE3_ASSOC)){
if(checkvm($vmname)){
@ -331,8 +344,9 @@ if (isset($_SESSION['username'])){
$sqlv = rtrim($sqlv, ',');
$sqlv.=")";
$sql = "$sqls$sqlc$sqlv";
echo $sql;
//echo $sql;
$result = $db_handle->exec($sql);
$mode="";
} elseif ($_REQUEST['mode']=="editvm"){
$mode="editvm";
$sql="UPDATE vms SET ";
@ -372,13 +386,14 @@ if (isset($_SESSION['username'])){
$button = "stop";
$buttonc = "btn-warning";
}
echo "<div class=col style=\"border:solid 1px;max-width:320px;\">$row[vmname]</br><a class=\"btn btn-primary\" href=# onclick=\"post('?', {edit: '$row[id]'});\">edit</a> ";
echo "<div class=col style=\"margin:10px;border:solid 1px;max-width:320px;\">$row[vmname]</br><a class=\"btn btn-primary\" href=# onclick=\"post('?', {edit: '$row[id]'});\">edit</a> ";
echo "<a href=# onclick=\"post('?', {'$button': '$row[vmname]'});\"class=\"btn $buttonc\">$button</a> ";
echo "<button class=\"btn btn-danger\" data-delete-text=\"Delete VM $row[vmname]!\" data-delete-vm=\"$row[id]\" data-delete-name=\"$row[vmname]\" data-toggle=\"modal\" data-target=\"#confirm-delete\">Delete VM</button> ";
$server = gethostname();
if (preg_match('/stop/', $button)) {
echo "<a target=_blank href=novnc/vnc.html?port=$row[websocket]&path=&host=$server class=\"btn btn-success\">VNC</a></div>";
}
echo "</div>";
}
}
echo "</div></div></body></html>";