logout, some isadmin checks and cleanup
This commit is contained in:
parent
4e3bde8249
commit
b458cc9f8b
|
|
@ -28,4 +28,5 @@
|
|||
</div>
|
||||
</div>
|
||||
<script src="nlvmi.js?2"></script>
|
||||
<div class=container-fluid><div class="row" style="background-color:lightgreen;"><div class="col-sm"><h1><a href="?" style=color:white;>nlvmi</a><a href="?" style="color:black;font-size:10px;">@<?php echo gethostname();?></a></h1></div><div class=col-sm style=text-align:right><a style=color:black href=# onclick="javascript:post('?', {'usermgmt': 'show'});">usermanagement</a></div></div>
|
||||
<div class=container-fluid><div class="row" style="background-color:lightgreen;"><div class="col-sm"><h1><a href="?" style=color:white;>nlvmi</a><a href="?" style="color:black;font-size:10px;">@<?php echo gethostname();?></a></h1></div><div class=col-sm style=text-align:right>
|
||||
<?php if($_SESSION['isadmin']==1){ echo "<a style=color:black href=# onclick=\"javascript:post('?', {'usermgmt': 'show'});\">usermanagement</a></br>"; } ?><a style=color:black href=# onclick="javascript:post('?', {'logout': 'logout'});">logout</a></div></div>
|
||||
|
|
|
|||
|
|
@ -89,7 +89,10 @@ if ($usersfound=="no"){
|
|||
}
|
||||
}
|
||||
if (isset($_SESSION['username'])){
|
||||
if ((isset($_POST['deletevm']))&&(isset($_POST['deletename']))){
|
||||
if ((isset($_POST['deletevm']))&&(isset($_POST['deletename']))){
|
||||
if($_SESSION['isadmin']!=1){
|
||||
echo "you are not allowed to change usernames!";
|
||||
} else {
|
||||
$vmname = clean($_POST['deletename']);
|
||||
$vmid = clean($_POST['deletevm']);
|
||||
$sql="SELECT id FROM vms WHERE vmname='$vmname' AND id='$vmid'";
|
||||
|
|
@ -100,10 +103,13 @@ if ((isset($_POST['deletevm']))&&(isset($_POST['deletename']))){
|
|||
echo "VM $vmname deleted!";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
//insert new user in db
|
||||
if(isset($_POST['newusername'])){
|
||||
if(isset($_POST['newusername'])){
|
||||
if($_SESSION['isadmin']!=1){
|
||||
echo "you are not allowed to add usernames!";
|
||||
} else {
|
||||
$newusername = clean($_POST['newusername']);
|
||||
$newpassword = password_hash(clean($_POST['newpassword']), PASSWORD_DEFAULT);
|
||||
if ($_POST['isadmin']=="on"){
|
||||
|
|
@ -126,9 +132,10 @@ if(isset($_POST['newusername'])){
|
|||
}
|
||||
echo "Failed to insert into DB!";
|
||||
exit;
|
||||
}
|
||||
}
|
||||
}
|
||||
//update user in db
|
||||
if(isset($_POST['changeusername'])){
|
||||
if(isset($_POST['changeusername'])){
|
||||
if($_SESSION['isadmin']!=1){
|
||||
echo "you are not allowed to change usernames!";
|
||||
} else {
|
||||
|
|
@ -139,23 +146,21 @@ if(isset($_POST['changeusername'])){
|
|||
} else {
|
||||
$isadmin = "0";
|
||||
}
|
||||
|
||||
$sql="UPDATE users SET username='$username', password='$pass', admin='$isadmin'";
|
||||
if($db_handle->query($sql)){
|
||||
echo "success";
|
||||
exit;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
include('header.php');
|
||||
//ajax queries are all don, time for the header
|
||||
include('header.php');
|
||||
|
||||
|
||||
|
||||
//usermanagement
|
||||
if ((isset($_POST['usermgmt']))||($mode=="usermgmt")){
|
||||
if ((isset($_POST['usermgmt']))||($mode=="usermgmt")){
|
||||
$mode="usermgmt";
|
||||
if (($_SESSEION['username']=="inituser")||($_SESSION['isadmin']=="1")){
|
||||
$sql="SELECT * FROM users";
|
||||
|
|
@ -183,13 +188,13 @@ if ((isset($_POST['usermgmt']))||($mode=="usermgmt")){
|
|||
}
|
||||
echo "<div class=col><input class=form-control type=password name=newpassword placeholder=newpassword></div><div class=col><a href=# class=\"btn btn-success\" onclick=\"javascript:submitbutton('newuserform');\">Create user</a></div></div></form>";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
if (isset($_REQUEST['start'])){
|
||||
//start vm
|
||||
if (isset($_REQUEST['start'])){
|
||||
$vmname = clean($_REQUEST['start']);
|
||||
$sql="SELECT * FROM vms WHERE vmname='$vmname'";
|
||||
$res = $db_handle->query($sql);
|
||||
|
|
@ -197,8 +202,8 @@ if (isset($_REQUEST['start'])){
|
|||
$shellout = shell_exec("/usr/bin/wrap-nlvmi start $vmname bla");
|
||||
echo $shellout;
|
||||
}
|
||||
}
|
||||
if (isset($_REQUEST['stop'])){
|
||||
}
|
||||
if (isset($_REQUEST['stop'])){
|
||||
$vmname = clean($_REQUEST['stop']);
|
||||
$sql="SELECT * FROM vms WHERE vmname='$vmname'";
|
||||
$res = $db_handle->query($sql);
|
||||
|
|
@ -208,10 +213,10 @@ if (isset($_REQUEST['stop'])){
|
|||
echo $shellout;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
//form for edit and new vms
|
||||
if (isset($_REQUEST['edit'])){
|
||||
if (isset($_REQUEST['edit'])){
|
||||
$mode="editvm";
|
||||
$formname="editvm";
|
||||
$eid=clean($_REQUEST['edit']);
|
||||
|
|
@ -221,13 +226,13 @@ if (isset($_REQUEST['edit'])){
|
|||
while ($row = $res->fetchArray(SQLITE3_ASSOC)){
|
||||
$e = $row;
|
||||
}
|
||||
} elseif(isset($_REQUEST['newvm'])) {
|
||||
} elseif(isset($_REQUEST['newvm'])) {
|
||||
$formname="newvm";
|
||||
$editid="";
|
||||
$mode="newvm";
|
||||
}
|
||||
}
|
||||
|
||||
if (isset($formname)){
|
||||
if (isset($formname)){
|
||||
echo "<h2>$formname</h2></br>";
|
||||
echo "<form name=$formname action=? method=post>";
|
||||
$res = $db_handle->query('PRAGMA table_info(vms)');
|
||||
|
|
@ -297,7 +302,7 @@ if (isset($formname)){
|
|||
}
|
||||
}
|
||||
echo "$editid<input type=hidden name=mode value=$formname><input class=\"btn btn-primary\" type=submit></form>";
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
|
@ -305,7 +310,7 @@ if (isset($formname)){
|
|||
|
||||
|
||||
//insert in db
|
||||
if(isset($_REQUEST['mode'])){
|
||||
if(isset($_REQUEST['mode'])){
|
||||
if($_REQUEST['mode']=="newvm"){
|
||||
$mode="newvm";
|
||||
$sqls="INSERT INTO vms ";
|
||||
|
|
@ -345,16 +350,16 @@ if(isset($_REQUEST['mode'])){
|
|||
$sql .= " WHERE id='$eid'";
|
||||
$result = $db_handle->exec($sql);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if(($mode!="newvm")&&($mode!="editvm")&&($mode!='usermgmt')){
|
||||
if(($mode!="newvm")&&($mode!="editvm")&&($mode!='usermgmt')){
|
||||
echo "</br><a class=\"btn btn-primary\" href=# onclick=\"post('?', {newvm: 'newvm'});\">Create a new VM</a></br></br>";
|
||||
|
||||
//getting vms from DB
|
||||
$sql="SELECT * FROM vms";
|
||||
$res = $db_handle->query($sql);
|
||||
echo "<div class=row>";
|
||||
while ($row = $res->fetchArray(SQLITE3_ASSOC)){
|
||||
$sql="SELECT * FROM vms";
|
||||
$res = $db_handle->query($sql);
|
||||
echo "<div class=row>";
|
||||
while ($row = $res->fetchArray(SQLITE3_ASSOC)){
|
||||
if (checkvm($row['vmname'])){
|
||||
$button = "start";
|
||||
$buttonc = "btn-success";
|
||||
|
|
@ -369,9 +374,9 @@ while ($row = $res->fetchArray(SQLITE3_ASSOC)){
|
|||
if (preg_match('/stop/', $button)) {
|
||||
echo "<a target=_blank href=novnc/vnc.html?port=$row[websocket]&path=&host=$server class=\"btn btn-success\">VNC</a></div>";
|
||||
}
|
||||
}
|
||||
}
|
||||
echo "</div></div></body></html>";
|
||||
}
|
||||
}
|
||||
echo "</div></div></body></html>";
|
||||
} elseif (!isset($_SESSION['username'])){
|
||||
echo "<h1>Welcome to nlvmi!</h1><h2>You need to log in</h2></br>";
|
||||
echo "<form action=? method=post>Username: <input type=text name=username> Password: <input type=password name=password> <input name=login type=submit></form>";
|
||||
|
|
|
|||
Loading…
Reference in New Issue