logout, some isadmin checks and cleanup

2018-08-15 16:52:34 +02:00 · 2018-08-15 16:52:34 +02:00 · b458cc9f8b
parent 4e3bde8249
commit b458cc9f8b
2 changed files with 243 additions and 237 deletions
--- a/web/header.php
+++ b/web/header.php
@ -28,4 +28,5 @@
    </div>
 </div>
        <script src="nlvmi.js?2"></script>
-        <div class=container-fluid><div class="row" style="background-color:lightgreen;"><div class="col-sm"><h1><a href="?" style=color:white;>nlvmi</a><a href="?" style="color:black;font-size:10px;">@<?php echo gethostname();?></a></h1></div><div class=col-sm style=text-align:right><a style=color:black href=# onclick="javascript:post('?', {'usermgmt': 'show'});">usermanagement</a></div></div>
+        <div class=container-fluid><div class="row" style="background-color:lightgreen;"><div class="col-sm"><h1><a href="?" style=color:white;>nlvmi</a><a href="?" style="color:black;font-size:10px;">@<?php echo gethostname();?></a></h1></div><div class=col-sm style=text-align:right>
        <?php if($_SESSION['isadmin']==1){ echo "<a style=color:black href=# onclick=\"javascript:post('?', {'usermgmt': 'show'});\">usermanagement</a></br>"; } ?><a style=color:black href=# onclick="javascript:post('?', {'logout': 'logout'});">logout</a></div></div>
--- a/web/index.php
+++ b/web/index.php
@ -90,6 +90,9 @@ if ($usersfound=="no"){
 }
 if (isset($_SESSION['username'])){
    if ((isset($_POST['deletevm']))&&(isset($_POST['deletename']))){
        if($_SESSION['isadmin']!=1){
            echo "you are not allowed to change usernames!";
        } else {
            $vmname = clean($_POST['deletename']);
            $vmid = clean($_POST['deletevm']);
            $sql="SELECT id FROM vms WHERE vmname='$vmname' AND id='$vmid'";
@ -101,9 +104,12 @@ if ((isset($_POST['deletevm']))&&(isset($_POST['deletename']))){
                }
            }
        }
-
+    }
 //insert new user in db
    if(isset($_POST['newusername'])){
        if($_SESSION['isadmin']!=1){
            echo "you are not allowed to add usernames!";
        } else {
            $newusername = clean($_POST['newusername']);
            $newpassword = password_hash(clean($_POST['newpassword']), PASSWORD_DEFAULT);
            if ($_POST['isadmin']=="on"){
@ -127,6 +133,7 @@ if(isset($_POST['newusername'])){
            echo "Failed to insert into DB!";
            exit;
        }
    }
 //update user in db
    if(isset($_POST['changeusername'])){
        if($_SESSION['isadmin']!=1){
@ -139,7 +146,6 @@ if(isset($_POST['changeusername'])){
            } else {
                $isadmin = "0";
            }
            $sql="UPDATE users SET username='$username', password='$pass', admin='$isadmin'";
            if($db_handle->query($sql)){
                echo "success";
@ -148,8 +154,7 @@ if(isset($_POST['changeusername'])){
        }
    }
-
+//ajax queries are all don, time for the header    
    include('header.php');
@ -188,7 +193,7 @@ if ((isset($_POST['usermgmt']))||($mode=="usermgmt")){
-
+//start vm
    if (isset($_REQUEST['start'])){
        $vmname = clean($_REQUEST['start']);
        $sql="SELECT * FROM vms WHERE vmname='$vmname'";