initial user managemet
This commit is contained in:
139
web/index.php
139
web/index.php
@@ -6,6 +6,14 @@ function clean($str) {
|
||||
$str = str_replace($search, $replace, $str);
|
||||
return $str;
|
||||
}
|
||||
if(isset($_REQUEST['logout'])){
|
||||
session_start();
|
||||
session_unset();
|
||||
session_destroy();
|
||||
} else {
|
||||
session_start();
|
||||
}
|
||||
$mode="";
|
||||
|
||||
function checkvm($vmname) {
|
||||
$shellout = shell_exec("/usr/bin/wrap-nlvmi checkvm $vmname bla");//){
|
||||
@@ -45,6 +53,42 @@ if ($config['DATABASETYPE']=="sqlite"){
|
||||
}
|
||||
}
|
||||
|
||||
//check login
|
||||
$usersfound = "no";
|
||||
$sql="SELECT * FROM users LIMIT 1";
|
||||
$res = $db_handle->query($sql);
|
||||
while ($row = $res->fetchArray(SQLITE3_ASSOC)){
|
||||
$usersfound="yes";
|
||||
if ($_SESSION['username']=="inituser"){
|
||||
session_unset();
|
||||
session_destroy();
|
||||
session_start();
|
||||
}
|
||||
}
|
||||
if ($usersfound=="no"){
|
||||
if (!isset($_POST['newusername'])){
|
||||
echo "<h1>You have no users in the datbase!</h1></br>";
|
||||
// echo "Aborting....";
|
||||
// exit;
|
||||
$_SESSION['username']="inituser";
|
||||
$_SESSION['isadmin']="1";
|
||||
$mode="usermgmt";
|
||||
}
|
||||
} elseif ((isset($_POST['login']))&&(isset($_POST['username']))&&(isset($_POST['password']))){
|
||||
$user = clean($_POST['username']);
|
||||
$pass = clean($_POST['password']);
|
||||
$sql="SELECT password,admin FROM users WHERE username='$user'";
|
||||
$res = $db_handle->query($sql);
|
||||
while ($row = $res->fetchArray(SQLITE3_ASSOC)){
|
||||
if (password_verify($pass, $row['password'])){
|
||||
$_SESSION['username']=$user;
|
||||
$_SESSION['isadmin']=$row['admin'];
|
||||
} else {
|
||||
echo "Password not correct! $pass";
|
||||
}
|
||||
}
|
||||
}
|
||||
if (isset($_SESSION['username'])){
|
||||
if ((isset($_POST['deletevm']))&&(isset($_POST['deletename']))){
|
||||
$vmname = clean($_POST['deletename']);
|
||||
$vmid = clean($_POST['deletevm']);
|
||||
@@ -58,9 +102,93 @@ if ((isset($_POST['deletevm']))&&(isset($_POST['deletename']))){
|
||||
}
|
||||
}
|
||||
|
||||
//insert new user in db
|
||||
if(isset($_POST['newusername'])){
|
||||
$newusername = clean($_POST['newusername']);
|
||||
$newpassword = password_hash(clean($_POST['newpassword']), PASSWORD_DEFAULT);
|
||||
if ($_POST['isadmin']=="on"){
|
||||
$isadmin = "1";
|
||||
} else {
|
||||
$isadmin = "0";
|
||||
}
|
||||
$sqlu="SELECT id FROM users WHERE username='$newusername'";
|
||||
$res = $db_handle->query($sqlu);
|
||||
while ($row = $res->fetchArray(SQLITE3_ASSOC)){
|
||||
echo "username already exist!";
|
||||
exit;
|
||||
}
|
||||
$sql="INSERT INTO users (username,password,admin) VALUES('$newusername', '$newpassword', '$isadmin')";
|
||||
$res=$db_handle->query($sql);
|
||||
$res=$db_handle->query($sqlu);
|
||||
while ($row = $res->fetchArray(SQLITE3_ASSOC)){
|
||||
echo "success";
|
||||
exit;
|
||||
}
|
||||
echo "Failed to insert into DB!";
|
||||
exit;
|
||||
}
|
||||
//update user in db
|
||||
if(isset($_POST['changeusername'])){
|
||||
if($_SESSION['isadmin']!=1){
|
||||
echo "you are not allowed to change usernames!";
|
||||
} else {
|
||||
$username=clean($_POST['changeusername']);
|
||||
$pass=password_hash(clean($_POST['passwordchange']), PASSWORD_DEFAULT);
|
||||
if ($_POST['isadmin']=="on"){
|
||||
$isadmin = "1";
|
||||
} else {
|
||||
$isadmin = "0";
|
||||
}
|
||||
|
||||
$sql="UPDATE users SET username='$username', password='$pass', admin='$isadmin'";
|
||||
if($db_handle->query($sql)){
|
||||
echo "success";
|
||||
exit;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
include('header.php');
|
||||
$mode="";
|
||||
|
||||
|
||||
|
||||
//usermanagement
|
||||
if ((isset($_POST['usermgmt']))||($mode=="usermgmt")){
|
||||
$mode="usermgmt";
|
||||
if (($_SESSEION['username']=="inituser")||($_SESSION['isadmin']=="1")){
|
||||
$sql="SELECT * FROM users";
|
||||
$res = $db_handle->query($sql);
|
||||
echo "</br>";
|
||||
//echo "<div class=row><div class=col>Username</div><div class=col>Is Admin</div><div class=col>New Password</div></div>";
|
||||
echo "<h2>Existing users</h2>";
|
||||
while ($row = $res->fetchArray(SQLITE3_ASSOC)){
|
||||
echo "<form id=uform$row[id] action=? method=post><div class=row><div class=col style=text-align:right><input class=form-control name=changeusername value=$row[username]></div>";
|
||||
if ($row['admin']=="1"){
|
||||
$checked="checked";
|
||||
} else {
|
||||
$checked="";
|
||||
}
|
||||
echo "<div class=col-ms><input data-onstyle=\"danger\" data-offstyle=success name=isadmin id=\"isadmin\" type=\"checkbox\" data-toggle=\"toggle\" data-on=\"user is Admin\" data-off=\"user is no Admin\" $checked></div>";
|
||||
echo "<input type=hidden name=userchange value=$row[id]>";
|
||||
echo "<div class=col><input class=form-control type=password name=passwordchange placeholder=newpassword></div><div class=col><a href=# class=\"btn btn-success\" onclick=\"javascript:submitbutton('uform$row[id]');\">save user</a></div></div></form>";
|
||||
}
|
||||
//newuserform
|
||||
echo "<h2>Create a new user</h2><form id=newuserform action=? method=post><div class=row><div class=col><input type=text class=form-control name=newusername placeholder=Username></div>";
|
||||
if ($_SESSION['username']!="inituser"){
|
||||
echo "<div class=col-ms><input data-onstyle=\"danger\" data-offstyle=success name=isadmin id=\"isadmin\" type=\"checkbox\" data-toggle=\"toggle\" data-on=\"user is Admin\" data-off=\"user is no Admin\" checked></div>";
|
||||
} else {
|
||||
echo "<input type=hidden name=isadmin value=on>";
|
||||
}
|
||||
echo "<div class=col><input class=form-control type=password name=newpassword placeholder=newpassword></div><div class=col><a href=# class=\"btn btn-success\" onclick=\"javascript:submitbutton('newuserform');\">Create user</a></div></div></form>";
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
if (isset($_REQUEST['start'])){
|
||||
$vmname = clean($_REQUEST['start']);
|
||||
$sql="SELECT * FROM vms WHERE vmname='$vmname'";
|
||||
@@ -219,7 +347,7 @@ if(isset($_REQUEST['mode'])){
|
||||
}
|
||||
}
|
||||
|
||||
if(($mode!="newvm")&&($mode!="editvm")){
|
||||
if(($mode!="newvm")&&($mode!="editvm")&&($mode!='usermgmt')){
|
||||
echo "</br><a class=\"btn btn-primary\" href=# onclick=\"post('?', {newvm: 'newvm'});\">Create a new VM</a></br></br>";
|
||||
|
||||
//getting vms from DB
|
||||
@@ -239,9 +367,14 @@ while ($row = $res->fetchArray(SQLITE3_ASSOC)){
|
||||
echo "<button class=\"btn btn-danger\" data-delete-text=\"Delete VM $row[vmname]!\" data-delete-vm=\"$row[id]\" data-delete-name=\"$row[vmname]\" data-toggle=\"modal\" data-target=\"#confirm-delete\">Delete VM</button> ";
|
||||
$server = gethostname();
|
||||
if (preg_match('/stop/', $button)) {
|
||||
echo "<a target=_blank href=novnc/vnc.html?path&host=$server class=\"btn btn-success\">VNC</a></div>";
|
||||
echo "<a target=_blank href=novnc/vnc.html?port=$row[websocket]&path=&host=$server class=\"btn btn-success\">VNC</a></div>";
|
||||
}
|
||||
}
|
||||
}
|
||||
echo "</div></div></body></html>";
|
||||
} elseif (!isset($_SESSION['username'])){
|
||||
echo "<h1>Welcome to nlvmi!</h1><h2>You need to log in</h2></br>";
|
||||
echo "<form action=? method=post>Username: <input type=text name=username> Password: <input type=password name=password> <input name=login type=submit></form>";
|
||||
exit;
|
||||
}
|
||||
?>
|
||||
|
||||
Reference in New Issue
Block a user