diff --git a/web/index.php b/web/index.php index 399b34a..3209322 100644 --- a/web/index.php +++ b/web/index.php @@ -123,12 +123,12 @@ function checkmacfree($vmname,$mac,$db_handle){ //delete vms if (isset($_SESSION['username'])){ - if ((isset($_POST['deletevm']))&&(isset($_POST['deletename']))){ + if ((isset($_POST['deleteid']))&&(isset($_POST['deletename']))&&($_POST['delwhat']=="vm")){ if($_SESSION['isadmin']!=1){ echo "you are not allowed to delete vms!"; } else { $vmname = clean($_POST['deletename']); - $vmid = clean($_POST['deletevm']); + $vmid = clean($_POST['deleteid']); $sql="SELECT id FROM vms WHERE vmname='$vmname' AND id='$vmid'"; $res = $db_handle->query($sql); while ($row = $res->fetchArray(SQLITE3_ASSOC)){ @@ -138,6 +138,36 @@ if (isset($_SESSION['username'])){ } } } + } elseif ((isset($_POST['deleteid']))&&(isset($_POST['deletename']))&&($_POST['delwhat']=="user")){ + if($_SESSION['isadmin']!=1){ + echo "you are not allowed to delete users!"; + } else { + $uname = clean($_POST['deletename']); + $uid = clean($_POST['deleteid']); + $sql="SELECT id FROM users WHERE username='$uname' AND id='$uid'"; + $res = $db_handle->query($sql); + while ($row = $res->fetchArray(SQLITE3_ASSOC)){ + $sqld="DELETE FROM users WHERE id='$uid'"; + if ($db_handle->query($sqld)){ + echo "User $uname deleted!"; + } + } + } + } elseif ((isset($_POST['deleteid']))&&(isset($_POST['deletename']))&&($_POST['delwhat']=="server")){ + if($_SESSION['isadmin']!=1){ + echo "you are not allowed to delete vms!"; + } else { + $sname = clean($_POST['deletename']); + $sid = clean($_POST['deleteid']); + $sql="SELECT id FROM servers WHERE hostname='$sname' AND id='$sid'"; + $res = $db_handle->query($sql); + while ($row = $res->fetchArray(SQLITE3_ASSOC)){ + $sqld="DELETE FROM servers WHERE id='$sid'"; + if ($db_handle->query($sqld)){ + echo "Server $sname deleted!"; + } + } + } } //insert new user in db if(isset($_POST['newusername'])){ @@ -194,7 +224,7 @@ if (isset($_SESSION['username'])){ } } //insert new server in db - if(isset($_POST['newservername'])){ + if(isset($_POST['newhostname'])){ if($_SESSION['isadmin']!=1){ echo "you are not allowed to add servers!"; } else { @@ -202,7 +232,8 @@ if (isset($_SESSION['username'])){ $connectstring = clean($_POST['connectstring']); $vmdirectory = clean($_POST['vmdirectory']); $isodirectory = clean($_POST['isodirectory']); - $sqlu="INSERT INTO servers ('hostname','connectstring','vmdirectory','isodirectory') VALUES('$newservername',$connectstring','$vmdirectory','$isodirectory')"; + $sqlu="INSERT INTO servers ('hostname','connectstring','vmdirectory','isodirectory') VALUES('$newservername','$connectstring','$vmdirectory','$isodirectory')"; + //echo $sqlu; $res = $db_handle->query($sqlu); echo "success"; exit; @@ -236,7 +267,7 @@ if (isset($_SESSION['username'])){ $sqlc="("; $sqlv=" VALUES ("; foreach(array_keys($_REQUEST) as $rkey){ - if (($rkey!="mode")||($rkey!="rand")){ + if (($rkey!="mode")&&($rkey!="rand")){ if ((preg_match('/macaddr/', $rkey))&&($rvalue!="")){ $cm = checkmacfree(clean($_REQUEST['vmname']), $rvalue, $db_handle); if ($cm != "0") { @@ -340,7 +371,7 @@ if (isset($_SESSION['username'])){ echo "

Existing users

"; } while ($row = $res->fetchArray(SQLITE3_ASSOC)){ - echo "
"; + echo "
"; if ($row['admin']=="1"){ $checked="checked"; } else { @@ -348,7 +379,8 @@ if (isset($_SESSION['username'])){ } echo "
"; echo ""; - echo "
save user
"; + echo "
save user
"; + echo "
"; } //newuserform echo "

Create a new user

"; @@ -373,11 +405,12 @@ if (isset($_SESSION['username'])){ echo "

Existing servers

"; echo "
hostname
connectstring
VM directory
ISO directory
"; while ($row = $res->fetchArray(SQLITE3_ASSOC)){ - echo "
"; + echo "
"; echo "
"; echo "
"; echo "
"; - echo "
save server
"; + echo "
save server
"; + echo "
"; } //newserverform echo "

Create a new server

"; @@ -575,7 +608,7 @@ if (isset($_SESSION['username'])){ } echo "
$row[vmname]
edit "; echo "$button "; - echo " "; + echo " "; $server = gethostname(); if (preg_match('/stop/', $button)) { echo "VNC"; diff --git a/web/nlvmi.js b/web/nlvmi.js index 6092a61..bbd2ce6 100644 --- a/web/nlvmi.js +++ b/web/nlvmi.js @@ -12,8 +12,6 @@ function dropdown(i,e) { document.getElementById(i).innerHTML = e; document.getElementById(i +'h').value = e; if (i == "serverbutton") { - console.log("here"); - $.ajax({ type: 'POST', url: "?rand="+ makeid(), @@ -22,7 +20,6 @@ function dropdown(i,e) { document.getElementById('cdromdiv').innerHTML = response; }, }); - console.log("a"); $.ajax({ type: 'POST', url: "?rand="+ makeid(), @@ -31,8 +28,6 @@ function dropdown(i,e) { document.getElementById('drive1div').innerHTML = response; }, }); - console.log("b"); - $.ajax({ type: 'POST', url: "?rand="+ makeid(), @@ -41,8 +36,6 @@ function dropdown(i,e) { document.getElementById('drive2div').innerHTML = response; }, }); - console.log("c"); - $.ajax({ type: 'POST', url: "?rand="+ makeid(), @@ -78,15 +71,16 @@ function post(path, params, method) { $('#confirm-delete').on('click', '.btn-ok', function(e) { var $modalDiv = $('#confirm-detele'.delegateTarget); - var vmname = $(this).data('deleteName'); - var vmid = $(this).data('deleteVm'); - post('?', {deletevm: vmid,deletename: vmname}); + var dname = $(this).data('deleteName'); + var did = $(this).data('deleteId'); + var delwhat = $(this).data('deleteWhat'); + post('?', {delwhat: delwhat,deleteid: did,deletename: dname}); }); $('#confirm-delete').on('show.bs.modal', function(e) { var data = $(e.relatedTarget).data(); $('.title', this).text(data.deleteVm); document.getElementById('modaltext2').innerHTML = data.deleteText; - $('.btn-ok', this).data({'deleteName': data.deleteName,'deleteVm': data.deleteVm}); + $('.btn-ok', this).data({'deleteWhat': data.deleteWhat,'deleteName': data.deleteName,'deleteId': data.deleteId}); }); function submitbutton(formid){