nativenet.ch
/
nlvmi
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

logout, some isadmin checks and cleanup

This commit is contained in:
mad 2018-08-15 16:52:34 +02:00
parent 4e3bde8249
commit b458cc9f8b
2 changed files with 243 additions and 237 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
web/header.php
View File

@ -28,4 +28,5 @@
</div> </div>
</div> </div>
<script src="nlvmi.js?2"></script> <script src="nlvmi.js?2"></script>
<div class=container-fluid><div class="row" style="background-color:lightgreen;"><div class="col-sm"><h1><a href="?" style=color:white;>nlvmi</a><a href="?" style="color:black;font-size:10px;">@<?php echo gethostname();?></a></h1></div><div class=col-sm style=text-align:right><a style=color:black href=# onclick="javascript:post('?', {'usermgmt': 'show'});">usermanagement</a></div></div> <div class=container-fluid><div class="row" style="background-color:lightgreen;"><div class="col-sm"><h1><a href="?" style=color:white;>nlvmi</a><a href="?" style="color:black;font-size:10px;">@<?php echo gethostname();?></a></h1></div><div class=col-sm style=text-align:right>
<?php if($_SESSION['isadmin']==1){ echo "<a style=color:black href=# onclick=\"javascript:post('?', {'usermgmt': 'show'});\">usermanagement</a></br>"; } ?><a style=color:black href=# onclick="javascript:post('?', {'logout': 'logout'});">logout</a></div></div>

71
web/index.php
View File

@ -89,7 +89,10 @@ if ($usersfound=="no"){
} }
} }
if (isset($_SESSION['username'])){ if (isset($_SESSION['username'])){
if ((isset($_POST['deletevm']))&&(isset($_POST['deletename']))){ if ((isset($_POST['deletevm']))&&(isset($_POST['deletename']))){
if($_SESSION['isadmin']!=1){
echo "you are not allowed to change usernames!";
} else {
$vmname = clean($_POST['deletename']); $vmname = clean($_POST['deletename']);
$vmid = clean($_POST['deletevm']); $vmid = clean($_POST['deletevm']);
$sql="SELECT id FROM vms WHERE vmname='$vmname' AND id='$vmid'"; $sql="SELECT id FROM vms WHERE vmname='$vmname' AND id='$vmid'";
@ -100,10 +103,13 @@ if ((isset($_POST['deletevm']))&&(isset($_POST['deletename']))){
echo "VM $vmname deleted!"; echo "VM $vmname deleted!";
} }
} }
} }
}
//insert new user in db //insert new user in db
if(isset($_POST['newusername'])){ if(isset($_POST['newusername'])){
if($_SESSION['isadmin']!=1){
echo "you are not allowed to add usernames!";
} else {
$newusername = clean($_POST['newusername']); $newusername = clean($_POST['newusername']);
$newpassword = password_hash(clean($_POST['newpassword']), PASSWORD_DEFAULT); $newpassword = password_hash(clean($_POST['newpassword']), PASSWORD_DEFAULT);
if ($_POST['isadmin']=="on"){ if ($_POST['isadmin']=="on"){
@ -126,9 +132,10 @@ if(isset($_POST['newusername'])){
} }
echo "Failed to insert into DB!"; echo "Failed to insert into DB!";
exit; exit;
} }
}
//update user in db //update user in db
if(isset($_POST['changeusername'])){ if(isset($_POST['changeusername'])){
if($_SESSION['isadmin']!=1){ if($_SESSION['isadmin']!=1){
echo "you are not allowed to change usernames!"; echo "you are not allowed to change usernames!";
} else { } else {
@ -139,23 +146,21 @@ if(isset($_POST['changeusername'])){
} else { } else {
$isadmin = "0"; $isadmin = "0";
} }
$sql="UPDATE users SET username='$username', password='$pass', admin='$isadmin'"; $sql="UPDATE users SET username='$username', password='$pass', admin='$isadmin'";
if($db_handle->query($sql)){ if($db_handle->query($sql)){
echo "success"; echo "success";
exit; exit;
} }
} }
} }
//ajax queries are all don, time for the header
include('header.php');
include('header.php');
//usermanagement //usermanagement
if ((isset($_POST['usermgmt']))||($mode=="usermgmt")){ if ((isset($_POST['usermgmt']))||($mode=="usermgmt")){
$mode="usermgmt"; $mode="usermgmt";
if (($_SESSEION['username']=="inituser")||($_SESSION['isadmin']=="1")){ if (($_SESSEION['username']=="inituser")||($_SESSION['isadmin']=="1")){
$sql="SELECT * FROM users"; $sql="SELECT * FROM users";
@ -183,13 +188,13 @@ if ((isset($_POST['usermgmt']))||($mode=="usermgmt")){
} }
echo "<div class=col><input class=form-control type=password name=newpassword placeholder=newpassword></div><div class=col><a href=# class=\"btn btn-success\" onclick=\"javascript:submitbutton('newuserform');\">Create user</a></div></div></form>"; echo "<div class=col><input class=form-control type=password name=newpassword placeholder=newpassword></div><div class=col><a href=# class=\"btn btn-success\" onclick=\"javascript:submitbutton('newuserform');\">Create user</a></div></div></form>";
} }
} }
//start vm
if (isset($_REQUEST['start'])){ if (isset($_REQUEST['start'])){
$vmname = clean($_REQUEST['start']); $vmname = clean($_REQUEST['start']);
$sql="SELECT * FROM vms WHERE vmname='$vmname'"; $sql="SELECT * FROM vms WHERE vmname='$vmname'";
$res = $db_handle->query($sql); $res = $db_handle->query($sql);
@ -197,8 +202,8 @@ if (isset($_REQUEST['start'])){
$shellout = shell_exec("/usr/bin/wrap-nlvmi start $vmname bla"); $shellout = shell_exec("/usr/bin/wrap-nlvmi start $vmname bla");
echo $shellout; echo $shellout;
} }
} }
if (isset($_REQUEST['stop'])){ if (isset($_REQUEST['stop'])){
$vmname = clean($_REQUEST['stop']); $vmname = clean($_REQUEST['stop']);
$sql="SELECT * FROM vms WHERE vmname='$vmname'"; $sql="SELECT * FROM vms WHERE vmname='$vmname'";
$res = $db_handle->query($sql); $res = $db_handle->query($sql);
@ -208,10 +213,10 @@ if (isset($_REQUEST['stop'])){
echo $shellout; echo $shellout;
} }
} }
} }
//form for edit and new vms //form for edit and new vms
if (isset($_REQUEST['edit'])){ if (isset($_REQUEST['edit'])){
$mode="editvm"; $mode="editvm";
$formname="editvm"; $formname="editvm";
$eid=clean($_REQUEST['edit']); $eid=clean($_REQUEST['edit']);
@ -221,13 +226,13 @@ if (isset($_REQUEST['edit'])){
while ($row = $res->fetchArray(SQLITE3_ASSOC)){ while ($row = $res->fetchArray(SQLITE3_ASSOC)){
$e = $row; $e = $row;
} }
} elseif(isset($_REQUEST['newvm'])) { } elseif(isset($_REQUEST['newvm'])) {
$formname="newvm"; $formname="newvm";
$editid=""; $editid="";
$mode="newvm"; $mode="newvm";
} }
if (isset($formname)){ if (isset($formname)){
echo "<h2>$formname</h2></br>"; echo "<h2>$formname</h2></br>";
echo "<form name=$formname action=? method=post>"; echo "<form name=$formname action=? method=post>";
$res = $db_handle->query('PRAGMA table_info(vms)'); $res = $db_handle->query('PRAGMA table_info(vms)');
@ -297,7 +302,7 @@ if (isset($formname)){
} }
} }
echo "$editid<input type=hidden name=mode value=$formname><input class=\"btn btn-primary\" type=submit></form>"; echo "$editid<input type=hidden name=mode value=$formname><input class=\"btn btn-primary\" type=submit></form>";
} }
@ -305,7 +310,7 @@ if (isset($formname)){
//insert in db //insert in db
if(isset($_REQUEST['mode'])){ if(isset($_REQUEST['mode'])){
if($_REQUEST['mode']=="newvm"){ if($_REQUEST['mode']=="newvm"){
$mode="newvm"; $mode="newvm";
$sqls="INSERT INTO vms "; $sqls="INSERT INTO vms ";
@ -345,16 +350,16 @@ if(isset($_REQUEST['mode'])){
$sql .= " WHERE id='$eid'"; $sql .= " WHERE id='$eid'";
$result = $db_handle->exec($sql); $result = $db_handle->exec($sql);
} }
} }
if(($mode!="newvm")&&($mode!="editvm")&&($mode!='usermgmt')){ if(($mode!="newvm")&&($mode!="editvm")&&($mode!='usermgmt')){
echo "</br><a class=\"btn btn-primary\" href=# onclick=\"post('?', {newvm: 'newvm'});\">Create a new VM</a></br></br>"; echo "</br><a class=\"btn btn-primary\" href=# onclick=\"post('?', {newvm: 'newvm'});\">Create a new VM</a></br></br>";
//getting vms from DB //getting vms from DB
$sql="SELECT * FROM vms"; $sql="SELECT * FROM vms";
$res = $db_handle->query($sql); $res = $db_handle->query($sql);
echo "<div class=row>"; echo "<div class=row>";
while ($row = $res->fetchArray(SQLITE3_ASSOC)){ while ($row = $res->fetchArray(SQLITE3_ASSOC)){
if (checkvm($row['vmname'])){ if (checkvm($row['vmname'])){
$button = "start"; $button = "start";
$buttonc = "btn-success"; $buttonc = "btn-success";
@ -369,9 +374,9 @@ while ($row = $res->fetchArray(SQLITE3_ASSOC)){
if (preg_match('/stop/', $button)) { if (preg_match('/stop/', $button)) {
echo "<a target=_blank href=novnc/vnc.html?port=$row[websocket]&path=&host=$server class=\"btn btn-success\">VNC</a></div>"; echo "<a target=_blank href=novnc/vnc.html?port=$row[websocket]&path=&host=$server class=\"btn btn-success\">VNC</a></div>";
} }
} }
} }
echo "</div></div></body></html>"; echo "</div></div></body></html>";
} elseif (!isset($_SESSION['username'])){ } elseif (!isset($_SESSION['username'])){
echo "<h1>Welcome to nlvmi!</h1><h2>You need to log in</h2></br>"; echo "<h1>Welcome to nlvmi!</h1><h2>You need to log in</h2></br>";
echo "<form action=? method=post>Username: <input type=text name=username> Password: <input type=password name=password> <input name=login type=submit></form>"; echo "<form action=? method=post>Username: <input type=text name=username> Password: <input type=password name=password> <input name=login type=submit></form>";