diff --git a/web/header.php b/web/header.php index 9089291..65b1f19 100644 --- a/web/header.php +++ b/web/header.php @@ -28,4 +28,5 @@ -

nlvmi@

usermanagement
+

nlvmi@

+ usermanagement
"; } ?>logout
diff --git a/web/index.php b/web/index.php index 7052148..479ab17 100644 --- a/web/index.php +++ b/web/index.php @@ -89,215 +89,220 @@ if ($usersfound=="no"){ } } if (isset($_SESSION['username'])){ -if ((isset($_POST['deletevm']))&&(isset($_POST['deletename']))){ - $vmname = clean($_POST['deletename']); - $vmid = clean($_POST['deletevm']); - $sql="SELECT id FROM vms WHERE vmname='$vmname' AND id='$vmid'"; - $res = $db_handle->query($sql); - while ($row = $res->fetchArray(SQLITE3_ASSOC)){ - $sqld="DELETE FROM vms WHERE id='$vmid'"; - if ($db_handle->query($sqld)){ - echo "VM $vmname deleted!"; + if ((isset($_POST['deletevm']))&&(isset($_POST['deletename']))){ + if($_SESSION['isadmin']!=1){ + echo "you are not allowed to change usernames!"; + } else { + $vmname = clean($_POST['deletename']); + $vmid = clean($_POST['deletevm']); + $sql="SELECT id FROM vms WHERE vmname='$vmname' AND id='$vmid'"; + $res = $db_handle->query($sql); + while ($row = $res->fetchArray(SQLITE3_ASSOC)){ + $sqld="DELETE FROM vms WHERE id='$vmid'"; + if ($db_handle->query($sqld)){ + echo "VM $vmname deleted!"; + } + } } } -} - //insert new user in db -if(isset($_POST['newusername'])){ - $newusername = clean($_POST['newusername']); - $newpassword = password_hash(clean($_POST['newpassword']), PASSWORD_DEFAULT); - if ($_POST['isadmin']=="on"){ - $isadmin = "1"; - } else { - $isadmin = "0"; - } - $sqlu="SELECT id FROM users WHERE username='$newusername'"; - $res = $db_handle->query($sqlu); - while ($row = $res->fetchArray(SQLITE3_ASSOC)){ - echo "username already exist!"; - exit; - } - $sql="INSERT INTO users (username,password,admin) VALUES('$newusername', '$newpassword', '$isadmin')"; - $res=$db_handle->query($sql); - $res=$db_handle->query($sqlu); - while ($row = $res->fetchArray(SQLITE3_ASSOC)){ - echo "success"; - exit; - } - echo "Failed to insert into DB!"; - exit; -} -//update user in db -if(isset($_POST['changeusername'])){ - if($_SESSION['isadmin']!=1){ - echo "you are not allowed to change usernames!"; - } else { - $username=clean($_POST['changeusername']); - $pass=password_hash(clean($_POST['passwordchange']), PASSWORD_DEFAULT); + if(isset($_POST['newusername'])){ + if($_SESSION['isadmin']!=1){ + echo "you are not allowed to add usernames!"; + } else { + $newusername = clean($_POST['newusername']); + $newpassword = password_hash(clean($_POST['newpassword']), PASSWORD_DEFAULT); if ($_POST['isadmin']=="on"){ $isadmin = "1"; } else { $isadmin = "0"; } - - $sql="UPDATE users SET username='$username', password='$pass', admin='$isadmin'"; - if($db_handle->query($sql)){ - echo "success"; + $sqlu="SELECT id FROM users WHERE username='$newusername'"; + $res = $db_handle->query($sqlu); + while ($row = $res->fetchArray(SQLITE3_ASSOC)){ + echo "username already exist!"; + exit; + } + $sql="INSERT INTO users (username,password,admin) VALUES('$newusername', '$newpassword', '$isadmin')"; + $res=$db_handle->query($sql); + $res=$db_handle->query($sqlu); + while ($row = $res->fetchArray(SQLITE3_ASSOC)){ + echo "success"; + exit; + } + echo "Failed to insert into DB!"; exit; } } -} - - - -include('header.php'); +//update user in db + if(isset($_POST['changeusername'])){ + if($_SESSION['isadmin']!=1){ + echo "you are not allowed to change usernames!"; + } else { + $username=clean($_POST['changeusername']); + $pass=password_hash(clean($_POST['passwordchange']), PASSWORD_DEFAULT); + if ($_POST['isadmin']=="on"){ + $isadmin = "1"; + } else { + $isadmin = "0"; + } + $sql="UPDATE users SET username='$username', password='$pass', admin='$isadmin'"; + if($db_handle->query($sql)){ + echo "success"; + exit; + } + } + } + +//ajax queries are all don, time for the header + include('header.php'); //usermanagement -if ((isset($_POST['usermgmt']))||($mode=="usermgmt")){ - $mode="usermgmt"; - if (($_SESSEION['username']=="inituser")||($_SESSION['isadmin']=="1")){ - $sql="SELECT * FROM users"; - $res = $db_handle->query($sql); - echo "
"; + if ((isset($_POST['usermgmt']))||($mode=="usermgmt")){ + $mode="usermgmt"; + if (($_SESSEION['username']=="inituser")||($_SESSION['isadmin']=="1")){ + $sql="SELECT * FROM users"; + $res = $db_handle->query($sql); + echo "
"; //echo "
Username
Is Admin
New Password
"; - echo "

Existing users

"; - while ($row = $res->fetchArray(SQLITE3_ASSOC)){ - echo "
"; - if ($row['admin']=="1"){ - $checked="checked"; - } else { - $checked=""; + echo "

Existing users

"; + while ($row = $res->fetchArray(SQLITE3_ASSOC)){ + echo "
"; + if ($row['admin']=="1"){ + $checked="checked"; + } else { + $checked=""; + } + echo "
"; + echo ""; + echo "
save user
"; } - echo "
"; - echo ""; - echo "
save user
"; - } //newuserform - echo "

Create a new user

"; - if ($_SESSION['username']!="inituser"){ - echo "
"; - } else { - echo ""; + echo "

Create a new user

"; + if ($_SESSION['username']!="inituser"){ + echo "
"; + } else { + echo ""; + } + echo "
Create user
"; } - echo "
Create user
"; } -} - -if (isset($_REQUEST['start'])){ - $vmname = clean($_REQUEST['start']); - $sql="SELECT * FROM vms WHERE vmname='$vmname'"; - $res = $db_handle->query($sql); - while ($row = $res->fetchArray(SQLITE3_ASSOC)){ - $shellout = shell_exec("/usr/bin/wrap-nlvmi start $vmname bla"); - echo $shellout; - } -} -if (isset($_REQUEST['stop'])){ - $vmname = clean($_REQUEST['stop']); - $sql="SELECT * FROM vms WHERE vmname='$vmname'"; - $res = $db_handle->query($sql); - while ($row = $res->fetchArray(SQLITE3_ASSOC)){ - if(checkvm($vmname)){ - $shellout = shell_exec("/usr/bin/wrap-nlvmi stop $vmname bla"); +//start vm + if (isset($_REQUEST['start'])){ + $vmname = clean($_REQUEST['start']); + $sql="SELECT * FROM vms WHERE vmname='$vmname'"; + $res = $db_handle->query($sql); + while ($row = $res->fetchArray(SQLITE3_ASSOC)){ + $shellout = shell_exec("/usr/bin/wrap-nlvmi start $vmname bla"); echo $shellout; } } -} - -//form for edit and new vms -if (isset($_REQUEST['edit'])){ - $mode="editvm"; - $formname="editvm"; - $eid=clean($_REQUEST['edit']); - $sql="SELECT * FROM vms WHERE id='$eid'"; - $res = $db_handle->query($sql); - $editid = ""; - while ($row = $res->fetchArray(SQLITE3_ASSOC)){ - $e = $row; - } -} elseif(isset($_REQUEST['newvm'])) { - $formname="newvm"; - $editid=""; - $mode="newvm"; -} - -if (isset($formname)){ - echo "

$formname


"; - echo "
"; - $res = $db_handle->query('PRAGMA table_info(vms)'); - while ($col = $res->fetchArray(SQLITE3_ASSOC)) { - $arrColnames[]=$col['name']; - } - for ($col=0; $col
bootoption
"; - echo "
"; - echo "c"; - echo "d"; - echo "
"; -// echo "$arrColnames[$col]
"; - } elseif ($arrColnames[$col] == "arch"){ - echo "
arch
"; - echo "
"; - echo "x86_64"; - echo "
"; -// echo "$arrColnames[$col]
"; - } elseif ($arrColnames[$col] == "cdrom"){ - echo "
cdrom
"; - echo "
"; - $isodirs = explode('|', $config['ISODIRECTORY']); - foreach($isodirs as $isodir){ - $files = array_diff(scandir($isodir), array('.', '..')); - $files = array_values(array_filter($files)); - for ($f=0; $f$isodir/$files[$f]"; - } - } - } - echo "
"; - } elseif (preg_match('/format/', $arrColnames[$col])) { - echo "
$arrColnames[$col]
"; - } elseif (preg_match('/tapdev/', $arrColnames[$col])) { - echo "
$arrColnames[$col]
"; - } elseif (preg_match('/macaddr/', $arrColnames[$col])) { - echo "
$arrColnames[$col]
"; - } elseif (preg_match('/brdev/', $arrColnames[$col])) { - echo "
$arrColnames[$col]
"; - } elseif (preg_match('/drive/', $arrColnames[$col])){ - echo "
$arrColnames[$col]
"; - echo "
"; - $vmdirs = explode('|', $config['VMDIRECTORY']); - foreach($vmdirs as $vmdir){ - $files = array_diff(scandir($vmdir), array('.', '..')); - $files = array_values(array_filter($files)); - for ($f=0; $f$vmdir/$files[$f]"; - } - } - echo "
"; - } else { - echo "
$arrColnames[$col]
"; + if (isset($_REQUEST['stop'])){ + $vmname = clean($_REQUEST['stop']); + $sql="SELECT * FROM vms WHERE vmname='$vmname'"; + $res = $db_handle->query($sql); + while ($row = $res->fetchArray(SQLITE3_ASSOC)){ + if(checkvm($vmname)){ + $shellout = shell_exec("/usr/bin/wrap-nlvmi stop $vmname bla"); + echo $shellout; } } } - echo "$editid"; -} + +//form for edit and new vms + if (isset($_REQUEST['edit'])){ + $mode="editvm"; + $formname="editvm"; + $eid=clean($_REQUEST['edit']); + $sql="SELECT * FROM vms WHERE id='$eid'"; + $res = $db_handle->query($sql); + $editid = ""; + while ($row = $res->fetchArray(SQLITE3_ASSOC)){ + $e = $row; + } + } elseif(isset($_REQUEST['newvm'])) { + $formname="newvm"; + $editid=""; + $mode="newvm"; + } + + if (isset($formname)){ + echo "

$formname


"; + echo "
"; + $res = $db_handle->query('PRAGMA table_info(vms)'); + while ($col = $res->fetchArray(SQLITE3_ASSOC)) { + $arrColnames[]=$col['name']; + } + for ($col=0; $col
bootoption
"; + echo "
"; + echo "c"; + echo "d"; + echo "
"; +// echo "$arrColnames[$col]
"; + } elseif ($arrColnames[$col] == "arch"){ + echo "
arch
"; + echo "
"; + echo "x86_64"; + echo "
"; +// echo "$arrColnames[$col]
"; + } elseif ($arrColnames[$col] == "cdrom"){ + echo "
cdrom
"; + echo "
"; + $isodirs = explode('|', $config['ISODIRECTORY']); + foreach($isodirs as $isodir){ + $files = array_diff(scandir($isodir), array('.', '..')); + $files = array_values(array_filter($files)); + for ($f=0; $f$isodir/$files[$f]"; + } + } + } + echo "
"; + } elseif (preg_match('/format/', $arrColnames[$col])) { + echo "
$arrColnames[$col]
"; + } elseif (preg_match('/tapdev/', $arrColnames[$col])) { + echo "
$arrColnames[$col]
"; + } elseif (preg_match('/macaddr/', $arrColnames[$col])) { + echo "
$arrColnames[$col]
"; + } elseif (preg_match('/brdev/', $arrColnames[$col])) { + echo "
$arrColnames[$col]
"; + } elseif (preg_match('/drive/', $arrColnames[$col])){ + echo "
$arrColnames[$col]
"; + echo "
"; + $vmdirs = explode('|', $config['VMDIRECTORY']); + foreach($vmdirs as $vmdir){ + $files = array_diff(scandir($vmdir), array('.', '..')); + $files = array_values(array_filter($files)); + for ($f=0; $f$vmdir/$files[$f]"; + } + } + echo "
"; + } else { + echo "
$arrColnames[$col]
"; + } + } + } + echo "$editid"; + } @@ -305,73 +310,73 @@ if (isset($formname)){ //insert in db -if(isset($_REQUEST['mode'])){ - if($_REQUEST['mode']=="newvm"){ - $mode="newvm"; - $sqls="INSERT INTO vms "; - $sqlc="("; - $sqlv=" VALUES ("; - foreach(array_keys($_REQUEST) as $rkey){ - if ($rkey!="mode"){ - $rvalue = clean($_REQUEST[$rkey]); - if ($rvalue == "x86_64"){ - $rvalue = "qemu-system-x86_64"; + if(isset($_REQUEST['mode'])){ + if($_REQUEST['mode']=="newvm"){ + $mode="newvm"; + $sqls="INSERT INTO vms "; + $sqlc="("; + $sqlv=" VALUES ("; + foreach(array_keys($_REQUEST) as $rkey){ + if ($rkey!="mode"){ + $rvalue = clean($_REQUEST[$rkey]); + if ($rvalue == "x86_64"){ + $rvalue = "qemu-system-x86_64"; + } + $sqlc .= "$rkey,"; + $sqlv .= "'$rvalue',"; } - $sqlc .= "$rkey,"; - $sqlv .= "'$rvalue',"; } - } - $sqlc = rtrim($sqlc, ','); - $sqlc.=")"; - $sqlv = rtrim($sqlv, ','); - $sqlv.=")"; - $sql = "$sqls$sqlc$sqlv"; - echo $sql; - $result = $db_handle->exec($sql); - } elseif ($_REQUEST['mode']=="editvm"){ - $mode="editvm"; - $sql="UPDATE vms SET "; - foreach(array_keys($_REQUEST) as $rkey){ - if (($rkey!="mode")&&($rkey!="editid")){ - $rvalue = clean($_REQUEST[$rkey]); - if ($rvalue == "x86_64"){ - $rvalue = "qemu-system-x86_64"; + $sqlc = rtrim($sqlc, ','); + $sqlc.=")"; + $sqlv = rtrim($sqlv, ','); + $sqlv.=")"; + $sql = "$sqls$sqlc$sqlv"; + echo $sql; + $result = $db_handle->exec($sql); + } elseif ($_REQUEST['mode']=="editvm"){ + $mode="editvm"; + $sql="UPDATE vms SET "; + foreach(array_keys($_REQUEST) as $rkey){ + if (($rkey!="mode")&&($rkey!="editid")){ + $rvalue = clean($_REQUEST[$rkey]); + if ($rvalue == "x86_64"){ + $rvalue = "qemu-system-x86_64"; + } + $sql .= " $rkey='$rvalue',"; } - $sql .= " $rkey='$rvalue',"; } + $sql = rtrim($sql, ','); + $eid=clean($_REQUEST['editid']); + $sql .= " WHERE id='$eid'"; + $result = $db_handle->exec($sql); } - $sql = rtrim($sql, ','); - $eid=clean($_REQUEST['editid']); - $sql .= " WHERE id='$eid'"; - $result = $db_handle->exec($sql); } -} -if(($mode!="newvm")&&($mode!="editvm")&&($mode!='usermgmt')){ - echo "
Create a new VM

"; + if(($mode!="newvm")&&($mode!="editvm")&&($mode!='usermgmt')){ + echo "
Create a new VM

"; //getting vms from DB -$sql="SELECT * FROM vms"; -$res = $db_handle->query($sql); -echo "
"; -while ($row = $res->fetchArray(SQLITE3_ASSOC)){ - if (checkvm($row['vmname'])){ - $button = "start"; - $buttonc = "btn-success"; - } else { - $button = "stop"; - $buttonc = "btn-warning"; + $sql="SELECT * FROM vms"; + $res = $db_handle->query($sql); + echo "
"; + while ($row = $res->fetchArray(SQLITE3_ASSOC)){ + if (checkvm($row['vmname'])){ + $button = "start"; + $buttonc = "btn-success"; + } else { + $button = "stop"; + $buttonc = "btn-warning"; + } + echo "
$row[vmname]
edit "; + echo "$button "; + echo " "; + $server = gethostname(); + if (preg_match('/stop/', $button)) { + echo "VNC
"; + } + } } - echo "
$row[vmname]
edit "; - echo "$button "; - echo " "; - $server = gethostname(); - if (preg_match('/stop/', $button)) { - echo "VNC
"; - } -} -} -echo "
"; + echo "
"; } elseif (!isset($_SESSION['username'])){ echo "

Welcome to nlvmi!

You need to log in


"; echo "
Username: Password:
";