logout, some isadmin checks and cleanup

This commit is contained in:
mad 2018-08-15 16:52:34 +02:00
parent 4e3bde8249
commit b458cc9f8b
2 changed files with 243 additions and 237 deletions

View File

@ -28,4 +28,5 @@
</div> </div>
</div> </div>
<script src="nlvmi.js?2"></script> <script src="nlvmi.js?2"></script>
<div class=container-fluid><div class="row" style="background-color:lightgreen;"><div class="col-sm"><h1><a href="?" style=color:white;>nlvmi</a><a href="?" style="color:black;font-size:10px;">@<?php echo gethostname();?></a></h1></div><div class=col-sm style=text-align:right><a style=color:black href=# onclick="javascript:post('?', {'usermgmt': 'show'});">usermanagement</a></div></div> <div class=container-fluid><div class="row" style="background-color:lightgreen;"><div class="col-sm"><h1><a href="?" style=color:white;>nlvmi</a><a href="?" style="color:black;font-size:10px;">@<?php echo gethostname();?></a></h1></div><div class=col-sm style=text-align:right>
<?php if($_SESSION['isadmin']==1){ echo "<a style=color:black href=# onclick=\"javascript:post('?', {'usermgmt': 'show'});\">usermanagement</a></br>"; } ?><a style=color:black href=# onclick="javascript:post('?', {'logout': 'logout'});">logout</a></div></div>

View File

@ -89,215 +89,220 @@ if ($usersfound=="no"){
} }
} }
if (isset($_SESSION['username'])){ if (isset($_SESSION['username'])){
if ((isset($_POST['deletevm']))&&(isset($_POST['deletename']))){ if ((isset($_POST['deletevm']))&&(isset($_POST['deletename']))){
$vmname = clean($_POST['deletename']); if($_SESSION['isadmin']!=1){
$vmid = clean($_POST['deletevm']); echo "you are not allowed to change usernames!";
$sql="SELECT id FROM vms WHERE vmname='$vmname' AND id='$vmid'"; } else {
$res = $db_handle->query($sql); $vmname = clean($_POST['deletename']);
while ($row = $res->fetchArray(SQLITE3_ASSOC)){ $vmid = clean($_POST['deletevm']);
$sqld="DELETE FROM vms WHERE id='$vmid'"; $sql="SELECT id FROM vms WHERE vmname='$vmname' AND id='$vmid'";
if ($db_handle->query($sqld)){ $res = $db_handle->query($sql);
echo "VM $vmname deleted!"; while ($row = $res->fetchArray(SQLITE3_ASSOC)){
$sqld="DELETE FROM vms WHERE id='$vmid'";
if ($db_handle->query($sqld)){
echo "VM $vmname deleted!";
}
}
} }
} }
}
//insert new user in db //insert new user in db
if(isset($_POST['newusername'])){ if(isset($_POST['newusername'])){
$newusername = clean($_POST['newusername']); if($_SESSION['isadmin']!=1){
$newpassword = password_hash(clean($_POST['newpassword']), PASSWORD_DEFAULT); echo "you are not allowed to add usernames!";
if ($_POST['isadmin']=="on"){ } else {
$isadmin = "1"; $newusername = clean($_POST['newusername']);
} else { $newpassword = password_hash(clean($_POST['newpassword']), PASSWORD_DEFAULT);
$isadmin = "0";
}
$sqlu="SELECT id FROM users WHERE username='$newusername'";
$res = $db_handle->query($sqlu);
while ($row = $res->fetchArray(SQLITE3_ASSOC)){
echo "username already exist!";
exit;
}
$sql="INSERT INTO users (username,password,admin) VALUES('$newusername', '$newpassword', '$isadmin')";
$res=$db_handle->query($sql);
$res=$db_handle->query($sqlu);
while ($row = $res->fetchArray(SQLITE3_ASSOC)){
echo "success";
exit;
}
echo "Failed to insert into DB!";
exit;
}
//update user in db
if(isset($_POST['changeusername'])){
if($_SESSION['isadmin']!=1){
echo "you are not allowed to change usernames!";
} else {
$username=clean($_POST['changeusername']);
$pass=password_hash(clean($_POST['passwordchange']), PASSWORD_DEFAULT);
if ($_POST['isadmin']=="on"){ if ($_POST['isadmin']=="on"){
$isadmin = "1"; $isadmin = "1";
} else { } else {
$isadmin = "0"; $isadmin = "0";
} }
$sqlu="SELECT id FROM users WHERE username='$newusername'";
$sql="UPDATE users SET username='$username', password='$pass', admin='$isadmin'"; $res = $db_handle->query($sqlu);
if($db_handle->query($sql)){ while ($row = $res->fetchArray(SQLITE3_ASSOC)){
echo "success"; echo "username already exist!";
exit;
}
$sql="INSERT INTO users (username,password,admin) VALUES('$newusername', '$newpassword', '$isadmin')";
$res=$db_handle->query($sql);
$res=$db_handle->query($sqlu);
while ($row = $res->fetchArray(SQLITE3_ASSOC)){
echo "success";
exit;
}
echo "Failed to insert into DB!";
exit; exit;
} }
} }
} //update user in db
if(isset($_POST['changeusername'])){
if($_SESSION['isadmin']!=1){
echo "you are not allowed to change usernames!";
} else {
$username=clean($_POST['changeusername']);
$pass=password_hash(clean($_POST['passwordchange']), PASSWORD_DEFAULT);
if ($_POST['isadmin']=="on"){
$isadmin = "1";
} else {
$isadmin = "0";
}
$sql="UPDATE users SET username='$username', password='$pass', admin='$isadmin'";
if($db_handle->query($sql)){
echo "success";
exit;
}
}
}
//ajax queries are all don, time for the header
include('header.php');
include('header.php');
//usermanagement //usermanagement
if ((isset($_POST['usermgmt']))||($mode=="usermgmt")){ if ((isset($_POST['usermgmt']))||($mode=="usermgmt")){
$mode="usermgmt"; $mode="usermgmt";
if (($_SESSEION['username']=="inituser")||($_SESSION['isadmin']=="1")){ if (($_SESSEION['username']=="inituser")||($_SESSION['isadmin']=="1")){
$sql="SELECT * FROM users"; $sql="SELECT * FROM users";
$res = $db_handle->query($sql); $res = $db_handle->query($sql);
echo "</br>"; echo "</br>";
//echo "<div class=row><div class=col>Username</div><div class=col>Is Admin</div><div class=col>New Password</div></div>"; //echo "<div class=row><div class=col>Username</div><div class=col>Is Admin</div><div class=col>New Password</div></div>";
echo "<h2>Existing users</h2>"; echo "<h2>Existing users</h2>";
while ($row = $res->fetchArray(SQLITE3_ASSOC)){ while ($row = $res->fetchArray(SQLITE3_ASSOC)){
echo "<form id=uform$row[id] action=? method=post><div class=row><div class=col style=text-align:right><input class=form-control name=changeusername value=$row[username]></div>"; echo "<form id=uform$row[id] action=? method=post><div class=row><div class=col style=text-align:right><input class=form-control name=changeusername value=$row[username]></div>";
if ($row['admin']=="1"){ if ($row['admin']=="1"){
$checked="checked"; $checked="checked";
} else { } else {
$checked=""; $checked="";
}
echo "<div class=col-ms><input data-onstyle=\"danger\" data-offstyle=success name=isadmin id=\"isadmin\" type=\"checkbox\" data-toggle=\"toggle\" data-on=\"user is Admin\" data-off=\"user is no Admin\" $checked></div>";
echo "<input type=hidden name=userchange value=$row[id]>";
echo "<div class=col><input class=form-control type=password name=passwordchange placeholder=newpassword></div><div class=col><a href=# class=\"btn btn-success\" onclick=\"javascript:submitbutton('uform$row[id]');\">save user</a></div></div></form>";
} }
echo "<div class=col-ms><input data-onstyle=\"danger\" data-offstyle=success name=isadmin id=\"isadmin\" type=\"checkbox\" data-toggle=\"toggle\" data-on=\"user is Admin\" data-off=\"user is no Admin\" $checked></div>";
echo "<input type=hidden name=userchange value=$row[id]>";
echo "<div class=col><input class=form-control type=password name=passwordchange placeholder=newpassword></div><div class=col><a href=# class=\"btn btn-success\" onclick=\"javascript:submitbutton('uform$row[id]');\">save user</a></div></div></form>";
}
//newuserform //newuserform
echo "<h2>Create a new user</h2><form id=newuserform action=? method=post><div class=row><div class=col><input type=text class=form-control name=newusername placeholder=Username></div>"; echo "<h2>Create a new user</h2><form id=newuserform action=? method=post><div class=row><div class=col><input type=text class=form-control name=newusername placeholder=Username></div>";
if ($_SESSION['username']!="inituser"){ if ($_SESSION['username']!="inituser"){
echo "<div class=col-ms><input data-onstyle=\"danger\" data-offstyle=success name=isadmin id=\"isadmin\" type=\"checkbox\" data-toggle=\"toggle\" data-on=\"user is Admin\" data-off=\"user is no Admin\" checked></div>"; echo "<div class=col-ms><input data-onstyle=\"danger\" data-offstyle=success name=isadmin id=\"isadmin\" type=\"checkbox\" data-toggle=\"toggle\" data-on=\"user is Admin\" data-off=\"user is no Admin\" checked></div>";
} else { } else {
echo "<input type=hidden name=isadmin value=on>"; echo "<input type=hidden name=isadmin value=on>";
}
echo "<div class=col><input class=form-control type=password name=newpassword placeholder=newpassword></div><div class=col><a href=# class=\"btn btn-success\" onclick=\"javascript:submitbutton('newuserform');\">Create user</a></div></div></form>";
} }
echo "<div class=col><input class=form-control type=password name=newpassword placeholder=newpassword></div><div class=col><a href=# class=\"btn btn-success\" onclick=\"javascript:submitbutton('newuserform');\">Create user</a></div></div></form>";
} }
}
//start vm
if (isset($_REQUEST['start'])){ if (isset($_REQUEST['start'])){
$vmname = clean($_REQUEST['start']); $vmname = clean($_REQUEST['start']);
$sql="SELECT * FROM vms WHERE vmname='$vmname'"; $sql="SELECT * FROM vms WHERE vmname='$vmname'";
$res = $db_handle->query($sql); $res = $db_handle->query($sql);
while ($row = $res->fetchArray(SQLITE3_ASSOC)){ while ($row = $res->fetchArray(SQLITE3_ASSOC)){
$shellout = shell_exec("/usr/bin/wrap-nlvmi start $vmname bla"); $shellout = shell_exec("/usr/bin/wrap-nlvmi start $vmname bla");
echo $shellout;
}
}
if (isset($_REQUEST['stop'])){
$vmname = clean($_REQUEST['stop']);
$sql="SELECT * FROM vms WHERE vmname='$vmname'";
$res = $db_handle->query($sql);
while ($row = $res->fetchArray(SQLITE3_ASSOC)){
if(checkvm($vmname)){
$shellout = shell_exec("/usr/bin/wrap-nlvmi stop $vmname bla");
echo $shellout; echo $shellout;
} }
} }
} if (isset($_REQUEST['stop'])){
$vmname = clean($_REQUEST['stop']);
//form for edit and new vms $sql="SELECT * FROM vms WHERE vmname='$vmname'";
if (isset($_REQUEST['edit'])){ $res = $db_handle->query($sql);
$mode="editvm"; while ($row = $res->fetchArray(SQLITE3_ASSOC)){
$formname="editvm"; if(checkvm($vmname)){
$eid=clean($_REQUEST['edit']); $shellout = shell_exec("/usr/bin/wrap-nlvmi stop $vmname bla");
$sql="SELECT * FROM vms WHERE id='$eid'"; echo $shellout;
$res = $db_handle->query($sql);
$editid = "<input type=hidden name=editid value=$eid>";
while ($row = $res->fetchArray(SQLITE3_ASSOC)){
$e = $row;
}
} elseif(isset($_REQUEST['newvm'])) {
$formname="newvm";
$editid="";
$mode="newvm";
}
if (isset($formname)){
echo "<h2>$formname</h2></br>";
echo "<form name=$formname action=? method=post>";
$res = $db_handle->query('PRAGMA table_info(vms)');
while ($col = $res->fetchArray(SQLITE3_ASSOC)) {
$arrColnames[]=$col['name'];
}
for ($col=0; $col <count($arrColnames); $col++){
if ($arrColnames[$col]!="id"){
if (isset($e[$arrColnames[$col]])){
$val = $e[$arrColnames[$col]];
} else {
$val = "";
}
if ($arrColnames[$col] == "bootoption"){
if($val=="") {
$val="c";
}
echo "<div class=row><div class=col-md-1 style=text-align:right>bootoption</div><div class=col-md-2><div class=dropdown><button class=\"btn btn-secondary dropdown-toggle\" type=button id=bootoptionbutton data-toggle=dropdown aria-haspopup=true aria-expanded=false>$val</button>";
echo "<div class=dropdown-menu aria-labelledby=bootoptionbutton>";
echo "<a class=dropdown-item href=\"javascript:dropdown('bootoptionbutton','c')\">c</a>";
echo "<a class=dropdown-item href=\"javascript:dropdown('bootoptionbutton','d')\">d</a>";
echo "</div></div></div></div><input type=hidden id=bootoptionbuttonh name=bootoption value=c>";
// echo "$arrColnames[$col] <select name=bootoption><option value=c>C</option><option value=d>D</option></select></br>";
} elseif ($arrColnames[$col] == "arch"){
echo "<div class=row><div class=col-md-1 style=text-align:right>arch</div><div class=col-md-2><div class=dropdown><button class=\"btn btn-secondary dropdown-toggle\" type=button id=archbutton data-toggle=dropdown aria-haspopup=true aria-expanded=false>x86_64</button>";
echo "<div class=dropdown-menu aria-labelledby=archbutton>";
echo "<a class=dropdown-item href=\"javascript:dropdown('archbutton','x86_64')\">x86_64</a>";
echo "</div></div></div></div><input type=hidden id=archbuttonh name=arch value=x86_64>";
// echo "$arrColnames[$col] <select name=arch><option value=qemu-system-x86_64>x86_64</option></select></br>";
} elseif ($arrColnames[$col] == "cdrom"){
echo "<div class=row><div class=col-md-1 style=text-align:right>cdrom</div><div class=col-md-2><div class=dropdown><button class=\"btn btn-secondary dropdown-toggle\" type=button id=cdrombutton data-toggle=dropdown aria-haspopup=true aria-expanded=false>$val</button>";
echo "<div class=dropdown-menu aria-labelledby=cdrombutton>";
$isodirs = explode('|', $config['ISODIRECTORY']);
foreach($isodirs as $isodir){
$files = array_diff(scandir($isodir), array('.', '..'));
$files = array_values(array_filter($files));
for ($f=0; $f<count($files); $f++){
if ((preg_match('/iso/', $files[$f]))||(preg_match('/ISO/', $files[$f]))){
echo "<a class=dropdown-item href=\"javascript:dropdown('cdrombutton','$isodir/$files[$f]')\">$isodir/$files[$f]</a>";
}
}
}
echo "</div></div></div></div><input type=hidden id=cdrombuttonh name=cdrom value=$val>";
} elseif (preg_match('/format/', $arrColnames[$col])) {
echo "<div class=col-md-1 style=text-align:right>$arrColnames[$col]</div><div class=col-md-2><input class=form-control type=text name=$arrColnames[$col] value=$val></div></div>";
} elseif (preg_match('/tapdev/', $arrColnames[$col])) {
echo "<div class=row><div class=col-md-1 style=text-align:right>$arrColnames[$col]</div><div class=col-md-2><input class=form-control type=text name=$arrColnames[$col] value=$val></div>";
} elseif (preg_match('/macaddr/', $arrColnames[$col])) {
echo "<div class=col-md-1 style=text-align:right>$arrColnames[$col]</div><div class=col-md-2><input class=form-control type=text name=$arrColnames[$col] value=$val></div>";
} elseif (preg_match('/brdev/', $arrColnames[$col])) {
echo "<div class=col-md-1 style=text-align:right>$arrColnames[$col]</div><div class=col-md-2><input class=form-control type=text name=$arrColnames[$col] value=$val></div></div>";
} elseif (preg_match('/drive/', $arrColnames[$col])){
echo "<div class=row><div class=col-md-1 style=text-align:right>$arrColnames[$col]</div><div class=col-md-2><div class=dropdown><button class=\"btn btn-secondary dropdown-toggle\" type=button id=$arrColnames[$col]button data-toggle=dropdown aria-haspopup=true aria-expanded=false>$val</button>";
echo "<div class=dropdown-menu aria-labelledby=$arrColnames[$col]button>";
$vmdirs = explode('|', $config['VMDIRECTORY']);
foreach($vmdirs as $vmdir){
$files = array_diff(scandir($vmdir), array('.', '..'));
$files = array_values(array_filter($files));
for ($f=0; $f<count($files); $f++){
echo "<a class=dropdown-item href=\"javascript:dropdown('$arrColnames[$col]button','$vmdir/$files[$f]')\">$vmdir/$files[$f]</a>";
}
}
echo "</div></div></div><input type=hidden id=$arrColnames[$col]buttonh name=$arrColnames[$col] value=$val>";
} else {
echo "<div class=row><div class=col-md-1 style=text-align:right>$arrColnames[$col]</div><div class=col-md-2><input class=form-control type=text name=$arrColnames[$col] value=$val></div></div>";
} }
} }
} }
echo "$editid<input type=hidden name=mode value=$formname><input class=\"btn btn-primary\" type=submit></form>";
} //form for edit and new vms
if (isset($_REQUEST['edit'])){
$mode="editvm";
$formname="editvm";
$eid=clean($_REQUEST['edit']);
$sql="SELECT * FROM vms WHERE id='$eid'";
$res = $db_handle->query($sql);
$editid = "<input type=hidden name=editid value=$eid>";
while ($row = $res->fetchArray(SQLITE3_ASSOC)){
$e = $row;
}
} elseif(isset($_REQUEST['newvm'])) {
$formname="newvm";
$editid="";
$mode="newvm";
}
if (isset($formname)){
echo "<h2>$formname</h2></br>";
echo "<form name=$formname action=? method=post>";
$res = $db_handle->query('PRAGMA table_info(vms)');
while ($col = $res->fetchArray(SQLITE3_ASSOC)) {
$arrColnames[]=$col['name'];
}
for ($col=0; $col <count($arrColnames); $col++){
if ($arrColnames[$col]!="id"){
if (isset($e[$arrColnames[$col]])){
$val = $e[$arrColnames[$col]];
} else {
$val = "";
}
if ($arrColnames[$col] == "bootoption"){
if($val=="") {
$val="c";
}
echo "<div class=row><div class=col-md-1 style=text-align:right>bootoption</div><div class=col-md-2><div class=dropdown><button class=\"btn btn-secondary dropdown-toggle\" type=button id=bootoptionbutton data-toggle=dropdown aria-haspopup=true aria-expanded=false>$val</button>";
echo "<div class=dropdown-menu aria-labelledby=bootoptionbutton>";
echo "<a class=dropdown-item href=\"javascript:dropdown('bootoptionbutton','c')\">c</a>";
echo "<a class=dropdown-item href=\"javascript:dropdown('bootoptionbutton','d')\">d</a>";
echo "</div></div></div></div><input type=hidden id=bootoptionbuttonh name=bootoption value=c>";
// echo "$arrColnames[$col] <select name=bootoption><option value=c>C</option><option value=d>D</option></select></br>";
} elseif ($arrColnames[$col] == "arch"){
echo "<div class=row><div class=col-md-1 style=text-align:right>arch</div><div class=col-md-2><div class=dropdown><button class=\"btn btn-secondary dropdown-toggle\" type=button id=archbutton data-toggle=dropdown aria-haspopup=true aria-expanded=false>x86_64</button>";
echo "<div class=dropdown-menu aria-labelledby=archbutton>";
echo "<a class=dropdown-item href=\"javascript:dropdown('archbutton','x86_64')\">x86_64</a>";
echo "</div></div></div></div><input type=hidden id=archbuttonh name=arch value=x86_64>";
// echo "$arrColnames[$col] <select name=arch><option value=qemu-system-x86_64>x86_64</option></select></br>";
} elseif ($arrColnames[$col] == "cdrom"){
echo "<div class=row><div class=col-md-1 style=text-align:right>cdrom</div><div class=col-md-2><div class=dropdown><button class=\"btn btn-secondary dropdown-toggle\" type=button id=cdrombutton data-toggle=dropdown aria-haspopup=true aria-expanded=false>$val</button>";
echo "<div class=dropdown-menu aria-labelledby=cdrombutton>";
$isodirs = explode('|', $config['ISODIRECTORY']);
foreach($isodirs as $isodir){
$files = array_diff(scandir($isodir), array('.', '..'));
$files = array_values(array_filter($files));
for ($f=0; $f<count($files); $f++){
if ((preg_match('/iso/', $files[$f]))||(preg_match('/ISO/', $files[$f]))){
echo "<a class=dropdown-item href=\"javascript:dropdown('cdrombutton','$isodir/$files[$f]')\">$isodir/$files[$f]</a>";
}
}
}
echo "</div></div></div></div><input type=hidden id=cdrombuttonh name=cdrom value=$val>";
} elseif (preg_match('/format/', $arrColnames[$col])) {
echo "<div class=col-md-1 style=text-align:right>$arrColnames[$col]</div><div class=col-md-2><input class=form-control type=text name=$arrColnames[$col] value=$val></div></div>";
} elseif (preg_match('/tapdev/', $arrColnames[$col])) {
echo "<div class=row><div class=col-md-1 style=text-align:right>$arrColnames[$col]</div><div class=col-md-2><input class=form-control type=text name=$arrColnames[$col] value=$val></div>";
} elseif (preg_match('/macaddr/', $arrColnames[$col])) {
echo "<div class=col-md-1 style=text-align:right>$arrColnames[$col]</div><div class=col-md-2><input class=form-control type=text name=$arrColnames[$col] value=$val></div>";
} elseif (preg_match('/brdev/', $arrColnames[$col])) {
echo "<div class=col-md-1 style=text-align:right>$arrColnames[$col]</div><div class=col-md-2><input class=form-control type=text name=$arrColnames[$col] value=$val></div></div>";
} elseif (preg_match('/drive/', $arrColnames[$col])){
echo "<div class=row><div class=col-md-1 style=text-align:right>$arrColnames[$col]</div><div class=col-md-2><div class=dropdown><button class=\"btn btn-secondary dropdown-toggle\" type=button id=$arrColnames[$col]button data-toggle=dropdown aria-haspopup=true aria-expanded=false>$val</button>";
echo "<div class=dropdown-menu aria-labelledby=$arrColnames[$col]button>";
$vmdirs = explode('|', $config['VMDIRECTORY']);
foreach($vmdirs as $vmdir){
$files = array_diff(scandir($vmdir), array('.', '..'));
$files = array_values(array_filter($files));
for ($f=0; $f<count($files); $f++){
echo "<a class=dropdown-item href=\"javascript:dropdown('$arrColnames[$col]button','$vmdir/$files[$f]')\">$vmdir/$files[$f]</a>";
}
}
echo "</div></div></div><input type=hidden id=$arrColnames[$col]buttonh name=$arrColnames[$col] value=$val>";
} else {
echo "<div class=row><div class=col-md-1 style=text-align:right>$arrColnames[$col]</div><div class=col-md-2><input class=form-control type=text name=$arrColnames[$col] value=$val></div></div>";
}
}
}
echo "$editid<input type=hidden name=mode value=$formname><input class=\"btn btn-primary\" type=submit></form>";
}
@ -305,73 +310,73 @@ if (isset($formname)){
//insert in db //insert in db
if(isset($_REQUEST['mode'])){ if(isset($_REQUEST['mode'])){
if($_REQUEST['mode']=="newvm"){ if($_REQUEST['mode']=="newvm"){
$mode="newvm"; $mode="newvm";
$sqls="INSERT INTO vms "; $sqls="INSERT INTO vms ";
$sqlc="("; $sqlc="(";
$sqlv=" VALUES ("; $sqlv=" VALUES (";
foreach(array_keys($_REQUEST) as $rkey){ foreach(array_keys($_REQUEST) as $rkey){
if ($rkey!="mode"){ if ($rkey!="mode"){
$rvalue = clean($_REQUEST[$rkey]); $rvalue = clean($_REQUEST[$rkey]);
if ($rvalue == "x86_64"){ if ($rvalue == "x86_64"){
$rvalue = "qemu-system-x86_64"; $rvalue = "qemu-system-x86_64";
}
$sqlc .= "$rkey,";
$sqlv .= "'$rvalue',";
} }
$sqlc .= "$rkey,";
$sqlv .= "'$rvalue',";
} }
} $sqlc = rtrim($sqlc, ',');
$sqlc = rtrim($sqlc, ','); $sqlc.=")";
$sqlc.=")"; $sqlv = rtrim($sqlv, ',');
$sqlv = rtrim($sqlv, ','); $sqlv.=")";
$sqlv.=")"; $sql = "$sqls$sqlc$sqlv";
$sql = "$sqls$sqlc$sqlv"; echo $sql;
echo $sql; $result = $db_handle->exec($sql);
$result = $db_handle->exec($sql); } elseif ($_REQUEST['mode']=="editvm"){
} elseif ($_REQUEST['mode']=="editvm"){ $mode="editvm";
$mode="editvm"; $sql="UPDATE vms SET ";
$sql="UPDATE vms SET "; foreach(array_keys($_REQUEST) as $rkey){
foreach(array_keys($_REQUEST) as $rkey){ if (($rkey!="mode")&&($rkey!="editid")){
if (($rkey!="mode")&&($rkey!="editid")){ $rvalue = clean($_REQUEST[$rkey]);
$rvalue = clean($_REQUEST[$rkey]); if ($rvalue == "x86_64"){
if ($rvalue == "x86_64"){ $rvalue = "qemu-system-x86_64";
$rvalue = "qemu-system-x86_64"; }
$sql .= " $rkey='$rvalue',";
} }
$sql .= " $rkey='$rvalue',";
} }
$sql = rtrim($sql, ',');
$eid=clean($_REQUEST['editid']);
$sql .= " WHERE id='$eid'";
$result = $db_handle->exec($sql);
} }
$sql = rtrim($sql, ',');
$eid=clean($_REQUEST['editid']);
$sql .= " WHERE id='$eid'";
$result = $db_handle->exec($sql);
} }
}
if(($mode!="newvm")&&($mode!="editvm")&&($mode!='usermgmt')){ if(($mode!="newvm")&&($mode!="editvm")&&($mode!='usermgmt')){
echo "</br><a class=\"btn btn-primary\" href=# onclick=\"post('?', {newvm: 'newvm'});\">Create a new VM</a></br></br>"; echo "</br><a class=\"btn btn-primary\" href=# onclick=\"post('?', {newvm: 'newvm'});\">Create a new VM</a></br></br>";
//getting vms from DB //getting vms from DB
$sql="SELECT * FROM vms"; $sql="SELECT * FROM vms";
$res = $db_handle->query($sql); $res = $db_handle->query($sql);
echo "<div class=row>"; echo "<div class=row>";
while ($row = $res->fetchArray(SQLITE3_ASSOC)){ while ($row = $res->fetchArray(SQLITE3_ASSOC)){
if (checkvm($row['vmname'])){ if (checkvm($row['vmname'])){
$button = "start"; $button = "start";
$buttonc = "btn-success"; $buttonc = "btn-success";
} else { } else {
$button = "stop"; $button = "stop";
$buttonc = "btn-warning"; $buttonc = "btn-warning";
}
echo "<div class=col style=\"border:solid 1px;max-width:320px;\">$row[vmname]</br><a class=\"btn btn-primary\" href=# onclick=\"post('?', {edit: '$row[id]'});\">edit</a> ";
echo "<a href=# onclick=\"post('?', {'$button': '$row[vmname]'});\"class=\"btn $buttonc\">$button</a> ";
echo "<button class=\"btn btn-danger\" data-delete-text=\"Delete VM $row[vmname]!\" data-delete-vm=\"$row[id]\" data-delete-name=\"$row[vmname]\" data-toggle=\"modal\" data-target=\"#confirm-delete\">Delete VM</button> ";
$server = gethostname();
if (preg_match('/stop/', $button)) {
echo "<a target=_blank href=novnc/vnc.html?port=$row[websocket]&path=&host=$server class=\"btn btn-success\">VNC</a></div>";
}
}
} }
echo "<div class=col style=\"border:solid 1px;max-width:320px;\">$row[vmname]</br><a class=\"btn btn-primary\" href=# onclick=\"post('?', {edit: '$row[id]'});\">edit</a> "; echo "</div></div></body></html>";
echo "<a href=# onclick=\"post('?', {'$button': '$row[vmname]'});\"class=\"btn $buttonc\">$button</a> ";
echo "<button class=\"btn btn-danger\" data-delete-text=\"Delete VM $row[vmname]!\" data-delete-vm=\"$row[id]\" data-delete-name=\"$row[vmname]\" data-toggle=\"modal\" data-target=\"#confirm-delete\">Delete VM</button> ";
$server = gethostname();
if (preg_match('/stop/', $button)) {
echo "<a target=_blank href=novnc/vnc.html?port=$row[websocket]&path=&host=$server class=\"btn btn-success\">VNC</a></div>";
}
}
}
echo "</div></div></body></html>";
} elseif (!isset($_SESSION['username'])){ } elseif (!isset($_SESSION['username'])){
echo "<h1>Welcome to nlvmi!</h1><h2>You need to log in</h2></br>"; echo "<h1>Welcome to nlvmi!</h1><h2>You need to log in</h2></br>";
echo "<form action=? method=post>Username: <input type=text name=username> Password: <input type=password name=password> <input name=login type=submit></form>"; echo "<form action=? method=post>Username: <input type=text name=username> Password: <input type=password name=password> <input name=login type=submit></form>";