From 3ab4fa63fc2e47b45f769577da02235562b4f310 Mon Sep 17 00:00:00 2001
From: mad <mad@nativenet.ch>
Date: Sat, 18 Aug 2018 13:53:25 +0200
Subject: [PATCH] move new/editvm to ajax, check macaddress not in use already
 and a few fixes

---
 web/header.php |   2 +-
 web/index.php  | 125 +++++++++++++++++++++++++++++++------------------
 web/nlvmi.js   |   4 +-
 3 files changed, 82 insertions(+), 49 deletions(-)

diff --git a/web/header.php b/web/header.php
index 60b66ab..247753d 100644
--- a/web/header.php
+++ b/web/header.php
@@ -27,7 +27,7 @@
         </div>
     </div>
 </div>
-        <script src="nlvmi.js?2"></script>
+        <script src="nlvmi.js?3"></script>
         <div class=container-fluid><div class="row" style="background-color:lightgreen;"><div class="col-sm"><h1><a href="?" style=color:white;>nlvmi</a><a href="?" style="color:black;font-size:10px;">@<?php echo gethostname();?></a></h1></div><div class=col-sm style=text-align:right>
         <?php if($_SESSION['isadmin']==1){ echo "<a style=color:black href=# onclick=\"javascript:post('?', {'usermgmt': 'show'});\">usermanagement</a></br>"; } ?><a style=color:black href=# onclick="javascript:post('?', {'logout': 'logout'});">logout</a></div></div>
         
diff --git a/web/index.php b/web/index.php
index 240cd07..d45ca54 100644
--- a/web/index.php
+++ b/web/index.php
@@ -93,6 +93,16 @@ if ($usersfound=="no"){
     }
 }
 
+function checkmacfree($vmname,$mac,$db_handle){
+    $sql="SELECT vmname FROM vms WHERE (macaddr1='$mac' OR macaddr2='$mac' OR macaddr3='$mac') AND NOT vmname='$vmname'";
+    //echo "na";
+    $res = $db_handle->query($sql);
+    while ($row = $res->fetchArray(SQLITE3_ASSOC)){
+        return "$row[vmname] uses the mac $mac already!";
+    }
+    return 0;
+}
+
 //delete vms
 if (isset($_SESSION['username'])){
     if ((isset($_POST['deletevm']))&&(isset($_POST['deletename']))){
@@ -166,6 +176,72 @@ if (isset($_SESSION['username'])){
         }
     }
     
+//insert or update vm in db
+    if(isset($_REQUEST['mode'])){
+        if($_REQUEST['mode']=="newvm"){
+            $mode="newvm";
+            $sqls="INSERT INTO vms ";
+            $sqlc="(";
+            $sqlv=" VALUES (";
+            foreach(array_keys($_REQUEST) as $rkey){
+                if (($rkey!="mode")||($rkey!="rand")){
+                    if ((preg_match('/macaddr/', $rkey))&&($rvalue!="")){
+                        $cm = checkmacfree(clean($_REQUEST['vmname']), $rvalue, $db_handle);
+                        if ($cm != "0") {
+                            echo $cm;
+                            exit;
+                        }
+                    }
+                    $rvalue = clean($_REQUEST[$rkey]);
+                    if ($rvalue == "x86_64"){
+                        $rvalue = "qemu-system-x86_64";
+                    }
+                    $sqlc .= "$rkey,";
+                    $sqlv .= "'$rvalue',";    
+                }
+            }
+            $sqlc = rtrim($sqlc, ',');
+            $sqlc.=")";
+            $sqlv = rtrim($sqlv, ',');
+            $sqlv.=")";
+            $sql = "$sqls$sqlc$sqlv";
+            //echo $sql;
+            $res = $db_handle->exec($sql);
+                echo "success";
+                exit;
+            
+//            $mode="";
+        } elseif ($_REQUEST['mode']=="editvm"){
+//            $mode="";
+            $sql="UPDATE vms SET ";
+            foreach(array_keys($_REQUEST) as $rkey){
+                if (($rkey!="mode")&&($rkey!="editid")&&($rkey!="rand")){
+                    $rvalue = clean($_REQUEST[$rkey]);
+                    if ((preg_match('/macaddr/', $rkey))&&($rvalue!="")){
+                        $cm = checkmacfree(clean($_REQUEST['vmname']), $rvalue, $db_handle);
+                        if ($cm != "0") {
+                            echo $cm;
+                            exit;
+                        }
+                    }
+                    if ($rvalue == "x86_64"){
+                        $rvalue = "qemu-system-x86_64";
+                    }
+                    $sql .= " $rkey='$rvalue',";
+                }
+            }
+            $sql = rtrim($sql, ',');
+            $eid=clean($_REQUEST['editid']);
+            $sql .= " WHERE id='$eid'";
+//            if($db_handle->exec($sql)){
+            $res = $db_handle->exec($sql);
+            echo "success";
+            //echo $res;
+            exit;
+            //}
+        }
+    }
+    
 //ajax queries are all done, time for the header    
     include('header.php');
 
@@ -277,7 +353,7 @@ if (isset($_SESSION['username'])){
         $placehold['vncpasswort']="the password for VNC";
 
         echo "<h2>$formname</h2></br>";
-        echo "<form name=$formname action=? method=post>";
+        echo "<form id=$formname name=$formname action=? method=post>";
         $res = $db_handle->query('PRAGMA table_info(vms)');
         while ($col = $res->fetchArray(SQLITE3_ASSOC)) {
             $arrColnames[]=$col['name'];
@@ -375,7 +451,7 @@ if (isset($_SESSION['username'])){
                 }
             }
         }
-        echo "$editid<input type=hidden name=mode value=$formname><input class=\"btn btn-primary\" type=submit></form>";
+        echo "$editid<input type=hidden name=mode value=$formname><a href=# onclick=\"submitbutton('$formname')\" class=\"btn btn-primary\">save vm</a></form>";
     }
 
 
@@ -383,49 +459,6 @@ if (isset($_SESSION['username'])){
 
 
 
-//insert in db
-    if(isset($_REQUEST['mode'])){
-        if($_REQUEST['mode']=="newvm"){
-            $mode="newvm";
-            $sqls="INSERT INTO vms ";
-            $sqlc="(";
-            $sqlv=" VALUES (";
-            foreach(array_keys($_REQUEST) as $rkey){
-                if ($rkey!="mode"){
-                    $rvalue = clean($_REQUEST[$rkey]);
-                    if ($rvalue == "x86_64"){
-                        $rvalue = "qemu-system-x86_64";
-                    }
-                    $sqlc .= "$rkey,";
-                    $sqlv .= "'$rvalue',";    
-                }
-            }
-            $sqlc = rtrim($sqlc, ',');
-            $sqlc.=")";
-            $sqlv = rtrim($sqlv, ',');
-            $sqlv.=")";
-            $sql = "$sqls$sqlc$sqlv";
-            //echo $sql;
-            $result = $db_handle->exec($sql);
-            $mode="";
-        } elseif ($_REQUEST['mode']=="editvm"){
-            $mode="editvm";
-            $sql="UPDATE vms SET ";
-            foreach(array_keys($_REQUEST) as $rkey){
-                if (($rkey!="mode")&&($rkey!="editid")){
-                    $rvalue = clean($_REQUEST[$rkey]);
-                    if ($rvalue == "x86_64"){
-                        $rvalue = "qemu-system-x86_64";
-                    }
-                    $sql .= " $rkey='$rvalue',";
-                }
-            }
-            $sql = rtrim($sql, ',');
-            $eid=clean($_REQUEST['editid']);
-            $sql .= " WHERE id='$eid'";
-            $result = $db_handle->exec($sql);
-        }
-    }
 
     if(($mode!="newvm")&&($mode!="editvm")&&($mode!='usermgmt')){
     if ($_SESSION['isadmin']=="1"){
@@ -452,7 +485,7 @@ if (isset($_SESSION['username'])){
             echo "<button class=\"btn btn-danger\" data-delete-text=\"Delete VM $row[vmname]!\" data-delete-vm=\"$row[id]\" data-delete-name=\"$row[vmname]\" data-toggle=\"modal\" data-target=\"#confirm-delete\">Delete VM</button> ";
             $server = gethostname();
             if (preg_match('/stop/', $button)) {
-                echo "<a target=_blank href=novnc/vnc.html?port=$row[websocket]&path=&host=$server class=\"btn btn-success\">VNC</a>";
+                echo "<a target=_blank href=novnc/vnc.html?path=pussyvm&host=$server class=\"btn btn-success\">VNC</a>";
             }
             echo "</div>";
         }
diff --git a/web/nlvmi.js b/web/nlvmi.js
index 6b699a8..31474b4 100644
--- a/web/nlvmi.js
+++ b/web/nlvmi.js
@@ -48,9 +48,9 @@ $('#confirm-delete').on('show.bs.modal', function(e) {
 });
 
 function submitbutton(formid){
-    //console.log(formid);
+    console.log(formid);
     data = $('#'+ formid).serialize();
-    //console.log(data); 
+    console.log(data); 
     $.ajax({
         type: 'POST',
         url: "?rand="+ makeid(),