logout, some isadmin checks and cleanup
This commit is contained in:
parent
4e3bde8249
commit
b458cc9f8b
|
|
@ -28,4 +28,5 @@
|
|||
</div>
|
||||
</div>
|
||||
<script src="nlvmi.js?2"></script>
|
||||
<div class=container-fluid><div class="row" style="background-color:lightgreen;"><div class="col-sm"><h1><a href="?" style=color:white;>nlvmi</a><a href="?" style="color:black;font-size:10px;">@<?php echo gethostname();?></a></h1></div><div class=col-sm style=text-align:right><a style=color:black href=# onclick="javascript:post('?', {'usermgmt': 'show'});">usermanagement</a></div></div>
|
||||
<div class=container-fluid><div class="row" style="background-color:lightgreen;"><div class="col-sm"><h1><a href="?" style=color:white;>nlvmi</a><a href="?" style="color:black;font-size:10px;">@<?php echo gethostname();?></a></h1></div><div class=col-sm style=text-align:right>
|
||||
<?php if($_SESSION['isadmin']==1){ echo "<a style=color:black href=# onclick=\"javascript:post('?', {'usermgmt': 'show'});\">usermanagement</a></br>"; } ?><a style=color:black href=# onclick="javascript:post('?', {'logout': 'logout'});">logout</a></div></div>
|
||||
|
|
|
|||
|
|
@ -90,6 +90,9 @@ if ($usersfound=="no"){
|
|||
}
|
||||
if (isset($_SESSION['username'])){
|
||||
if ((isset($_POST['deletevm']))&&(isset($_POST['deletename']))){
|
||||
if($_SESSION['isadmin']!=1){
|
||||
echo "you are not allowed to change usernames!";
|
||||
} else {
|
||||
$vmname = clean($_POST['deletename']);
|
||||
$vmid = clean($_POST['deletevm']);
|
||||
$sql="SELECT id FROM vms WHERE vmname='$vmname' AND id='$vmid'";
|
||||
|
|
@ -101,9 +104,12 @@ if ((isset($_POST['deletevm']))&&(isset($_POST['deletename']))){
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
//insert new user in db
|
||||
if(isset($_POST['newusername'])){
|
||||
if($_SESSION['isadmin']!=1){
|
||||
echo "you are not allowed to add usernames!";
|
||||
} else {
|
||||
$newusername = clean($_POST['newusername']);
|
||||
$newpassword = password_hash(clean($_POST['newpassword']), PASSWORD_DEFAULT);
|
||||
if ($_POST['isadmin']=="on"){
|
||||
|
|
@ -127,6 +133,7 @@ if(isset($_POST['newusername'])){
|
|||
echo "Failed to insert into DB!";
|
||||
exit;
|
||||
}
|
||||
}
|
||||
//update user in db
|
||||
if(isset($_POST['changeusername'])){
|
||||
if($_SESSION['isadmin']!=1){
|
||||
|
|
@ -139,7 +146,6 @@ if(isset($_POST['changeusername'])){
|
|||
} else {
|
||||
$isadmin = "0";
|
||||
}
|
||||
|
||||
$sql="UPDATE users SET username='$username', password='$pass', admin='$isadmin'";
|
||||
if($db_handle->query($sql)){
|
||||
echo "success";
|
||||
|
|
@ -148,8 +154,7 @@ if(isset($_POST['changeusername'])){
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
//ajax queries are all don, time for the header
|
||||
include('header.php');
|
||||
|
||||
|
||||
|
|
@ -188,7 +193,7 @@ if ((isset($_POST['usermgmt']))||($mode=="usermgmt")){
|
|||
|
||||
|
||||
|
||||
|
||||
//start vm
|
||||
if (isset($_REQUEST['start'])){
|
||||
$vmname = clean($_REQUEST['start']);
|
||||
$sql="SELECT * FROM vms WHERE vmname='$vmname'";
|
||||
|
|
|
|||
Loading…
Reference in New Issue