initial user managemet

This commit is contained in:
mad 2018-08-15 13:50:00 +02:00
parent 3048e4e9a2
commit 4e3bde8249
7 changed files with 210 additions and 8 deletions

2
nlvmi
View File

@ -76,7 +76,7 @@ function createdb {
sqlite3 $SQLITEFILE "CREATE TABLE users ( sqlite3 $SQLITEFILE "CREATE TABLE users (
id INTEGER PRIMARY KEY AUTOINCREMENT, id INTEGER PRIMARY KEY AUTOINCREMENT,
username VARCHAR(50) NOT NULL, username VARCHAR(50) NOT NULL,
password VARCHAR(50), password VARCHAR(255),
admin INTEGER admin INTEGER
);" );"
chown -R nobody $SQLITEFILE chown -R nobody $SQLITEFILE

28
web/bootstrap-toggle.min.css vendored Normal file
View File

@ -0,0 +1,28 @@
/*! ========================================================================
* Bootstrap Toggle: bootstrap-toggle.css v2.2.0
* http://www.bootstraptoggle.com
* ========================================================================
* Copyright 2014 Min Hur, The New York Times Company
* Licensed under MIT
* ======================================================================== */
.checkbox label .toggle,.checkbox-inline .toggle{margin-left:-20px;margin-right:5px}
.toggle{position:relative;overflow:hidden}
.toggle input[type=checkbox]{display:none}
.toggle-group{position:absolute;width:200%;top:0;bottom:0;left:0;transition:left .35s;-webkit-transition:left .35s;-moz-user-select:none;-webkit-user-select:none}
.toggle.off .toggle-group{left:-100%}
.toggle-on{position:absolute;top:0;bottom:0;left:0;right:50%;margin:0;border:0;border-radius:0}
.toggle-off{position:absolute;top:0;bottom:0;left:50%;right:0;margin:0;border:0;border-radius:0}
.toggle-handle{position:relative;margin:0 auto;padding-top:0;padding-bottom:0;height:100%;width:0;border-width:0 1px}
.toggle.btn{min-width:59px;min-height:34px}
.toggle-on.btn{padding-right:24px}
.toggle-off.btn{padding-left:24px}
.toggle.btn-lg{min-width:79px;min-height:45px}
.toggle-on.btn-lg{padding-right:31px}
.toggle-off.btn-lg{padding-left:31px}
.toggle-handle.btn-lg{width:40px}
.toggle.btn-sm{min-width:50px;min-height:30px}
.toggle-on.btn-sm{padding-right:20px}
.toggle-off.btn-sm{padding-left:20px}
.toggle.btn-xs{min-width:35px;min-height:22px}
.toggle-on.btn-xs{padding-right:12px}
.toggle-off.btn-xs{padding-left:12px}

9
web/bootstrap-toggle.min.js vendored Normal file
View File

@ -0,0 +1,9 @@
/*! ========================================================================
* Bootstrap Toggle: bootstrap-toggle.js v2.2.0
* http://www.bootstraptoggle.com
* ========================================================================
* Copyright 2014 Min Hur, The New York Times Company
* Licensed under MIT
* ======================================================================== */
+function(a){"use strict";function b(b){return this.each(function(){var d=a(this),e=d.data("bs.toggle"),f="object"==typeof b&&b;e||d.data("bs.toggle",e=new c(this,f)),"string"==typeof b&&e[b]&&e[b]()})}var c=function(b,c){this.$element=a(b),this.options=a.extend({},this.defaults(),c),this.render()};c.VERSION="2.2.0",c.DEFAULTS={on:"On",off:"Off",onstyle:"primary",offstyle:"default",size:"normal",style:"",width:null,height:null},c.prototype.defaults=function(){return{on:this.$element.attr("data-on")||c.DEFAULTS.on,off:this.$element.attr("data-off")||c.DEFAULTS.off,onstyle:this.$element.attr("data-onstyle")||c.DEFAULTS.onstyle,offstyle:this.$element.attr("data-offstyle")||c.DEFAULTS.offstyle,size:this.$element.attr("data-size")||c.DEFAULTS.size,style:this.$element.attr("data-style")||c.DEFAULTS.style,width:this.$element.attr("data-width")||c.DEFAULTS.width,height:this.$element.attr("data-height")||c.DEFAULTS.height}},c.prototype.render=function(){this._onstyle="btn-"+this.options.onstyle,this._offstyle="btn-"+this.options.offstyle;var b="large"===this.options.size?"btn-lg":"small"===this.options.size?"btn-sm":"mini"===this.options.size?"btn-xs":"",c=a('<label class="btn">').html(this.options.on).addClass(this._onstyle+" "+b),d=a('<label class="btn">').html(this.options.off).addClass(this._offstyle+" "+b+" active"),e=a('<span class="toggle-handle btn btn-default">').addClass(b),f=a('<div class="toggle-group">').append(c,d,e),g=a('<div class="toggle btn" data-toggle="toggle">').addClass(this.$element.prop("checked")?this._onstyle:this._offstyle+" off").addClass(b).addClass(this.options.style);this.$element.wrap(g),a.extend(this,{$toggle:this.$element.parent(),$toggleOn:c,$toggleOff:d,$toggleGroup:f}),this.$toggle.append(f);var h=this.options.width||Math.max(c.outerWidth(),d.outerWidth())+e.outerWidth()/2,i=this.options.height||Math.max(c.outerHeight(),d.outerHeight());c.addClass("toggle-on"),d.addClass("toggle-off"),this.$toggle.css({width:h,height:i}),this.options.height&&(c.css("line-height",c.height()+"px"),d.css("line-height",d.height()+"px")),this.update(!0),this.trigger(!0)},c.prototype.toggle=function(){this.$element.prop("checked")?this.off():this.on()},c.prototype.on=function(a){return this.$element.prop("disabled")?!1:(this.$toggle.removeClass(this._offstyle+" off").addClass(this._onstyle),this.$element.prop("checked",!0),void(a||this.trigger()))},c.prototype.off=function(a){return this.$element.prop("disabled")?!1:(this.$toggle.removeClass(this._onstyle).addClass(this._offstyle+" off"),this.$element.prop("checked",!1),void(a||this.trigger()))},c.prototype.enable=function(){this.$toggle.removeAttr("disabled"),this.$element.prop("disabled",!1)},c.prototype.disable=function(){this.$toggle.attr("disabled","disabled"),this.$element.prop("disabled",!0)},c.prototype.update=function(a){this.$element.prop("disabled")?this.disable():this.enable(),this.$element.prop("checked")?this.on(a):this.off(a)},c.prototype.trigger=function(b){this.$element.off("change.bs.toggle"),b||this.$element.change(),this.$element.on("change.bs.toggle",a.proxy(function(){this.update()},this))},c.prototype.destroy=function(){this.$element.off("change.bs.toggle"),this.$toggleGroup.remove(),this.$element.removeData("bs.toggle"),this.$element.unwrap()};var d=a.fn.bootstrapToggle;a.fn.bootstrapToggle=b,a.fn.bootstrapToggle.Constructor=c,a.fn.toggle.noConflict=function(){return a.fn.bootstrapToggle=d,this},a(function(){a("input[type=checkbox][data-toggle^=toggle]").bootstrapToggle()}),a(document).on("click.bs.toggle","div[data-toggle^=toggle]",function(b){var c=a(this).find("input[type=checkbox]");c.bootstrapToggle("toggle"),b.preventDefault()})}(jQuery);
//# sourceMappingURL=bootstrap-toggle.min.js.map

View File

@ -3,10 +3,11 @@
<meta charset="utf-8"> <meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1,shrink-to-fit=no"> <meta name="viewport" content="width=device-width,initial-scale=1,shrink-to-fit=no">
<link rel="stylesheet" href="bootstrap.min.css" integrity="sha384-9gVQ4dYFwwWSjIDZnLEWnxCjeSWFphJiwGPXr1jddIhOegiu1FwO5qRGvFXOdJZ4" crossorigin="anonymous"> <link rel="stylesheet" href="bootstrap.min.css" integrity="sha384-9gVQ4dYFwwWSjIDZnLEWnxCjeSWFphJiwGPXr1jddIhOegiu1FwO5qRGvFXOdJZ4" crossorigin="anonymous">
<script src="jquery-3.3.1.slim.min.js" integrity="sha384-q8i/X+965DzO0rT7abK41JStQIAqVgRVzpbzo5smXKp4YfRvH+8abtTE1Pi6jizo" crossorigin="anonymous"></script> <script src="jquery-3.3.1.min.js" integrity="sha256-FgpCb/KJQlLNfOu91ta32o/NMZxltwRo8QtmkMRdAu8=" crossorigin="anonymous"></script>
<script src="popper.min.js" integrity="sha384-cs/chFZiN24E4KMATLdqdvsezGxaGsi4hLGOzlXwp5UZB1LY//20VyM2taTB4QvJ" crossorigin="anonymous"></script> <script src="popper.min.js" integrity="sha384-cs/chFZiN24E4KMATLdqdvsezGxaGsi4hLGOzlXwp5UZB1LY//20VyM2taTB4QvJ" crossorigin="anonymous"></script>
<script src="bootstrap.min.js" integrity="sha384-uefMccjFJAIv6A+rW+L4AHf99KvxDjWSu1z9VI8SKNVmz4sk7buKt/6v9KI65qnm" crossorigin="anonymous"></script> <script src="bootstrap.min.js" integrity="sha384-uefMccjFJAIv6A+rW+L4AHf99KvxDjWSu1z9VI8SKNVmz4sk7buKt/6v9KI65qnm" crossorigin="anonymous"></script>
<link href="bootstrap-toggle.min.css" rel="stylesheet">
<script src="bootstrap-toggle.min.js"></script>
<title>nlvmi</title> <title>nlvmi</title>
</head> </head>
<body> <body>
@ -26,5 +27,5 @@
</div> </div>
</div> </div>
</div> </div>
<script src="nlvmi.js"></script> <script src="nlvmi.js?2"></script>
<div class=container-fluid><div class="row" style="background-color:lightgreen;"><div class="col"><h1><a href="?" style=color:white;>nlvmi</a><a href="?" style="color:black;font-size:10px;">@<?php echo gethostname();?></a></h1></div></div> <div class=container-fluid><div class="row" style="background-color:lightgreen;"><div class="col-sm"><h1><a href="?" style=color:white;>nlvmi</a><a href="?" style="color:black;font-size:10px;">@<?php echo gethostname();?></a></h1></div><div class=col-sm style=text-align:right><a style=color:black href=# onclick="javascript:post('?', {'usermgmt': 'show'});">usermanagement</a></div></div>

View File

@ -6,6 +6,14 @@ function clean($str) {
$str = str_replace($search, $replace, $str); $str = str_replace($search, $replace, $str);
return $str; return $str;
} }
if(isset($_REQUEST['logout'])){
session_start();
session_unset();
session_destroy();
} else {
session_start();
}
$mode="";
function checkvm($vmname) { function checkvm($vmname) {
$shellout = shell_exec("/usr/bin/wrap-nlvmi checkvm $vmname bla");//){ $shellout = shell_exec("/usr/bin/wrap-nlvmi checkvm $vmname bla");//){
@ -45,6 +53,42 @@ if ($config['DATABASETYPE']=="sqlite"){
} }
} }
//check login
$usersfound = "no";
$sql="SELECT * FROM users LIMIT 1";
$res = $db_handle->query($sql);
while ($row = $res->fetchArray(SQLITE3_ASSOC)){
$usersfound="yes";
if ($_SESSION['username']=="inituser"){
session_unset();
session_destroy();
session_start();
}
}
if ($usersfound=="no"){
if (!isset($_POST['newusername'])){
echo "<h1>You have no users in the datbase!</h1></br>";
// echo "Aborting....";
// exit;
$_SESSION['username']="inituser";
$_SESSION['isadmin']="1";
$mode="usermgmt";
}
} elseif ((isset($_POST['login']))&&(isset($_POST['username']))&&(isset($_POST['password']))){
$user = clean($_POST['username']);
$pass = clean($_POST['password']);
$sql="SELECT password,admin FROM users WHERE username='$user'";
$res = $db_handle->query($sql);
while ($row = $res->fetchArray(SQLITE3_ASSOC)){
if (password_verify($pass, $row['password'])){
$_SESSION['username']=$user;
$_SESSION['isadmin']=$row['admin'];
} else {
echo "Password not correct! $pass";
}
}
}
if (isset($_SESSION['username'])){
if ((isset($_POST['deletevm']))&&(isset($_POST['deletename']))){ if ((isset($_POST['deletevm']))&&(isset($_POST['deletename']))){
$vmname = clean($_POST['deletename']); $vmname = clean($_POST['deletename']);
$vmid = clean($_POST['deletevm']); $vmid = clean($_POST['deletevm']);
@ -58,9 +102,93 @@ if ((isset($_POST['deletevm']))&&(isset($_POST['deletename']))){
} }
} }
//insert new user in db
if(isset($_POST['newusername'])){
$newusername = clean($_POST['newusername']);
$newpassword = password_hash(clean($_POST['newpassword']), PASSWORD_DEFAULT);
if ($_POST['isadmin']=="on"){
$isadmin = "1";
} else {
$isadmin = "0";
}
$sqlu="SELECT id FROM users WHERE username='$newusername'";
$res = $db_handle->query($sqlu);
while ($row = $res->fetchArray(SQLITE3_ASSOC)){
echo "username already exist!";
exit;
}
$sql="INSERT INTO users (username,password,admin) VALUES('$newusername', '$newpassword', '$isadmin')";
$res=$db_handle->query($sql);
$res=$db_handle->query($sqlu);
while ($row = $res->fetchArray(SQLITE3_ASSOC)){
echo "success";
exit;
}
echo "Failed to insert into DB!";
exit;
}
//update user in db
if(isset($_POST['changeusername'])){
if($_SESSION['isadmin']!=1){
echo "you are not allowed to change usernames!";
} else {
$username=clean($_POST['changeusername']);
$pass=password_hash(clean($_POST['passwordchange']), PASSWORD_DEFAULT);
if ($_POST['isadmin']=="on"){
$isadmin = "1";
} else {
$isadmin = "0";
}
$sql="UPDATE users SET username='$username', password='$pass', admin='$isadmin'";
if($db_handle->query($sql)){
echo "success";
exit;
}
}
}
include('header.php'); include('header.php');
$mode="";
//usermanagement
if ((isset($_POST['usermgmt']))||($mode=="usermgmt")){
$mode="usermgmt";
if (($_SESSEION['username']=="inituser")||($_SESSION['isadmin']=="1")){
$sql="SELECT * FROM users";
$res = $db_handle->query($sql);
echo "</br>";
//echo "<div class=row><div class=col>Username</div><div class=col>Is Admin</div><div class=col>New Password</div></div>";
echo "<h2>Existing users</h2>";
while ($row = $res->fetchArray(SQLITE3_ASSOC)){
echo "<form id=uform$row[id] action=? method=post><div class=row><div class=col style=text-align:right><input class=form-control name=changeusername value=$row[username]></div>";
if ($row['admin']=="1"){
$checked="checked";
} else {
$checked="";
}
echo "<div class=col-ms><input data-onstyle=\"danger\" data-offstyle=success name=isadmin id=\"isadmin\" type=\"checkbox\" data-toggle=\"toggle\" data-on=\"user is Admin\" data-off=\"user is no Admin\" $checked></div>";
echo "<input type=hidden name=userchange value=$row[id]>";
echo "<div class=col><input class=form-control type=password name=passwordchange placeholder=newpassword></div><div class=col><a href=# class=\"btn btn-success\" onclick=\"javascript:submitbutton('uform$row[id]');\">save user</a></div></div></form>";
}
//newuserform
echo "<h2>Create a new user</h2><form id=newuserform action=? method=post><div class=row><div class=col><input type=text class=form-control name=newusername placeholder=Username></div>";
if ($_SESSION['username']!="inituser"){
echo "<div class=col-ms><input data-onstyle=\"danger\" data-offstyle=success name=isadmin id=\"isadmin\" type=\"checkbox\" data-toggle=\"toggle\" data-on=\"user is Admin\" data-off=\"user is no Admin\" checked></div>";
} else {
echo "<input type=hidden name=isadmin value=on>";
}
echo "<div class=col><input class=form-control type=password name=newpassword placeholder=newpassword></div><div class=col><a href=# class=\"btn btn-success\" onclick=\"javascript:submitbutton('newuserform');\">Create user</a></div></div></form>";
}
}
if (isset($_REQUEST['start'])){ if (isset($_REQUEST['start'])){
$vmname = clean($_REQUEST['start']); $vmname = clean($_REQUEST['start']);
$sql="SELECT * FROM vms WHERE vmname='$vmname'"; $sql="SELECT * FROM vms WHERE vmname='$vmname'";
@ -219,7 +347,7 @@ if(isset($_REQUEST['mode'])){
} }
} }
if(($mode!="newvm")&&($mode!="editvm")){ if(($mode!="newvm")&&($mode!="editvm")&&($mode!='usermgmt')){
echo "</br><a class=\"btn btn-primary\" href=# onclick=\"post('?', {newvm: 'newvm'});\">Create a new VM</a></br></br>"; echo "</br><a class=\"btn btn-primary\" href=# onclick=\"post('?', {newvm: 'newvm'});\">Create a new VM</a></br></br>";
//getting vms from DB //getting vms from DB
@ -239,9 +367,14 @@ while ($row = $res->fetchArray(SQLITE3_ASSOC)){
echo "<button class=\"btn btn-danger\" data-delete-text=\"Delete VM $row[vmname]!\" data-delete-vm=\"$row[id]\" data-delete-name=\"$row[vmname]\" data-toggle=\"modal\" data-target=\"#confirm-delete\">Delete VM</button> "; echo "<button class=\"btn btn-danger\" data-delete-text=\"Delete VM $row[vmname]!\" data-delete-vm=\"$row[id]\" data-delete-name=\"$row[vmname]\" data-toggle=\"modal\" data-target=\"#confirm-delete\">Delete VM</button> ";
$server = gethostname(); $server = gethostname();
if (preg_match('/stop/', $button)) { if (preg_match('/stop/', $button)) {
echo "<a target=_blank href=novnc/vnc.html?path&host=$server class=\"btn btn-success\">VNC</a></div>"; echo "<a target=_blank href=novnc/vnc.html?port=$row[websocket]&path=&host=$server class=\"btn btn-success\">VNC</a></div>";
} }
} }
} }
echo "</div></div></body></html>"; echo "</div></div></body></html>";
} elseif (!isset($_SESSION['username'])){
echo "<h1>Welcome to nlvmi!</h1><h2>You need to log in</h2></br>";
echo "<form action=? method=post>Username: <input type=text name=username> Password: <input type=password name=password> <input name=login type=submit></form>";
exit;
}
?> ?>

2
web/jquery-3.3.1.min.js vendored Normal file

File diff suppressed because one or more lines are too long

View File

@ -1,3 +1,13 @@
function makeid() {
var text = "";
var possible = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
for (var i = 0; i < 5; i++)
text += possible.charAt(Math.floor(Math.random() * possible.length));
return text;
}
function dropdown(i,e) { function dropdown(i,e) {
document.getElementById(i).innerHTML = e; document.getElementById(i).innerHTML = e;
document.getElementById(i +'h').value = e; document.getElementById(i +'h').value = e;
@ -36,3 +46,22 @@ $('#confirm-delete').on('show.bs.modal', function(e) {
document.getElementById('modaltext2').innerHTML = data.deleteText; document.getElementById('modaltext2').innerHTML = data.deleteText;
$('.btn-ok', this).data({'deleteName': data.deleteName,'deleteVm': data.deleteVm}); $('.btn-ok', this).data({'deleteName': data.deleteName,'deleteVm': data.deleteVm});
}); });
function submitbutton(formid){
console.log(formid);
data = $('#'+ formid).serialize();
console.log(data);
// data: 'who='+ who +'&what='+ what,
$.ajax({
type: 'POST',
url: "?rand="+ makeid(),
data: data,
success: function(response) {
if (response != "success"){
window.alert('Failure!\n'+ response);
} else {
window.location.href = "";
}
},
});
}