' ); $replace = array('&', '"', ''', '<', '>' ); $str = str_replace($search, $replace, $str); return $str; } if(isset($_REQUEST['logout'])){ session_start(); session_unset(); session_destroy(); } else { session_start(); } $mode=""; function checkvm($vmname) { $shellout = shell_exec("/usr/bin/nlvmi checkvm $vmname bla");//){ if (preg_match_all('/not running/', $shellout)){ return 1; } return 0; } function serverdepropdown($server, $val, $what){ if ($what == "cdrom"){ $dir = "isodirectory"; $enddiv = ""; } elseif (preg_match('/drive/', $what)) { $dir = "vmdirectory"; $enddiv=""; } echo "
$what
"; } function formatbuttons($label, $val){ echo "
$label
"; } //read config file $configfile = new SplFileObject("/etc/nlvmi/nlvmi.conf"); while (!$configfile->eof()) { $line = $configfile->fgets(); if (!preg_match('/^#/', $line)){ if (!preg_match('/^$/', $line)){ if (preg_match('/=/', $line)){ $configparam = explode('=', $line); $p = rtrim($configparam[1]); //echo "B$p"; $config[$configparam[0]]=str_replace('"', '', $p); } } } } $file = null; //check db connection if ($config['DATABASETYPE']=="sqlite"){ $db_handle = new SQLite3($config['SQLITEFILE']); $query = "SELECT name FROM sqlite_master WHERE type='table' AND name='vms';"; $db_handle->exec($query); $result = $db_handle->query($query); $row = $result->fetchArray(); if (!$row['name']=="vms"){ echo "DB connection failed!"; exit; } } //check login $usersfound = "no"; $sql="SELECT * FROM users LIMIT 1"; $res = $db_handle->query($sql); while ($row = $res->fetchArray(SQLITE3_ASSOC)){ $usersfound="yes"; if ($_SESSION['username']=="inituser"){ session_unset(); session_destroy(); session_start(); echo "killed inituser!"; } } if ($usersfound=="no"){ $_SESSION['username']="inituser"; $_SESSION['isadmin']="1"; if (!isset($_POST['newusername'])){ echo "

You have no users in the datbase!


"; $mode="usermgmt"; } } elseif ((isset($_POST['login']))&&(isset($_POST['username']))&&(isset($_POST['password']))){ $user = clean($_POST['username']); $pass = clean($_POST['password']); if ($pass == ""){ echo "$user is not allowed to login withou password."; } else { $sql="SELECT password,admin FROM users WHERE username='$user'"; $res = $db_handle->query($sql); while ($row = $res->fetchArray(SQLITE3_ASSOC)){ if (password_verify($pass, $row['password'])){ $_SESSION['username']=$user; $_SESSION['isadmin']=$row['admin']; } else { echo "Password not correct!"; } } } } function checkmacfree($vmname,$mac,$db_handle){ $sql="SELECT vmname FROM vms WHERE (macaddr1='$mac' OR macaddr2='$mac' OR macaddr3='$mac') AND NOT vmname='$vmname'"; //echo "na"; $res = $db_handle->query($sql); while ($row = $res->fetchArray(SQLITE3_ASSOC)){ return "$row[vmname] uses the mac $mac already!"; } return 0; } //delete vms if (isset($_SESSION['username'])){ if ((isset($_POST['deleteid']))&&(isset($_POST['deletename']))&&($_POST['delwhat']=="vm")){ if($_SESSION['isadmin']!=1){ echo "you are not allowed to delete vms!"; } else { $vmname = clean($_POST['deletename']); $vmid = clean($_POST['deleteid']); $sql="SELECT id FROM vms WHERE vmname='$vmname' AND id='$vmid'"; $res = $db_handle->query($sql); while ($row = $res->fetchArray(SQLITE3_ASSOC)){ $sqld="DELETE FROM vms WHERE id='$vmid'"; if ($db_handle->query($sqld)){ echo "VM $vmname deleted!"; } } } } elseif ((isset($_POST['deleteid']))&&(isset($_POST['deletename']))&&($_POST['delwhat']=="user")){ if($_SESSION['isadmin']!=1){ echo "you are not allowed to delete users!"; } else { $uname = clean($_POST['deletename']); $uid = clean($_POST['deleteid']); $sql="SELECT id FROM users WHERE username='$uname' AND id='$uid'"; $res = $db_handle->query($sql); while ($row = $res->fetchArray(SQLITE3_ASSOC)){ $sqld="DELETE FROM users WHERE id='$uid'"; if ($db_handle->query($sqld)){ echo "User $uname deleted!"; } } } } elseif ((isset($_POST['deleteid']))&&(isset($_POST['deletename']))&&($_POST['delwhat']=="server")){ if($_SESSION['isadmin']!=1){ echo "you are not allowed to delete vms!"; } else { $sname = clean($_POST['deletename']); $sid = clean($_POST['deleteid']); $sql="SELECT id FROM servers WHERE hostname='$sname' AND id='$sid'"; $res = $db_handle->query($sql); while ($row = $res->fetchArray(SQLITE3_ASSOC)){ $sqld="DELETE FROM servers WHERE id='$sid'"; if ($db_handle->query($sqld)){ echo "Server $sname deleted!"; } } } } //insert new user in db if(isset($_POST['newusername'])){ if($_SESSION['isadmin']!=1){ echo "you are not allowed to add usernames!"; } else { $newusername = clean($_POST['newusername']); $newpassword = password_hash(clean($_POST['newpassword']), PASSWORD_DEFAULT); if ($_POST['isadmin']=="on"){ $isadmin = "1"; } else { $isadmin = "0"; } $sqlu="SELECT id FROM users WHERE username='$newusername'"; $res = $db_handle->query($sqlu); while ($row = $res->fetchArray(SQLITE3_ASSOC)){ echo "username already exist!"; exit; } $sql="INSERT INTO users (username,password,admin) VALUES('$newusername', '$newpassword', '$isadmin')"; $res=$db_handle->query($sql); $res=$db_handle->query($sqlu); while ($row = $res->fetchArray(SQLITE3_ASSOC)){ echo "success"; exit; } echo "Failed to insert into DB!"; exit; } } //update user in db if(isset($_POST['changeusername'])){ if($_SESSION['isadmin']!=1){ echo "you are not allowed to change usernames!"; } else { $userchange=clean($_POST['userchange']); $username=clean($_POST['changeusername']); if($_POST['passwordchange']==""){ $passwd =""; } else { $pass=password_hash(clean($_POST['passwordchange']), PASSWORD_DEFAULT); $passwd="password='$pass',"; } if ($_POST['isadmin']=="on"){ $isadmin = "1"; } else { $isadmin = "0"; } $sql="UPDATE users SET username='$username', $passwd admin='$isadmin' where id='$userchange'"; if($db_handle->query($sql)){ echo "success"; exit; } } } //insert new server in db if(isset($_POST['newhostname'])){ if($_SESSION['isadmin']!=1){ echo "you are not allowed to add servers!"; } else { $newservername = clean($_POST['newhostname']); $connectstring = clean($_POST['connectstring']); $vmdirectory = clean($_POST['vmdirectory']); $isodirectory = clean($_POST['isodirectory']); $sqlu="INSERT INTO servers ('hostname','connectstring','vmdirectory','isodirectory') VALUES('$newservername','$connectstring','$vmdirectory','$isodirectory')"; //echo $sqlu; $res = $db_handle->query($sqlu); echo "success"; exit; } } //update server in db if(isset($_POST['changehostname'])){ if($_SESSION['isadmin']!=1){ echo "you are not allowed to change servers!"; } else { $newservername = clean($_POST['changehostname']); $connectstring = clean($_POST['connectstring']); $vmdirectory = clean($_POST['vmdirectory']); $isodirectory = clean($_POST['isodirectory']); $changeid = clean($_POST['changeid']); $sql="UPDATE servers SET hostname='$newservername', connectstring='$connectstring', vmdirectory='$vmdirectory', isodirectory='$isodirectory' where id='$changeid'"; if($db_handle->query($sql)){ echo "success"; exit; } else { echo "$sql"; exit; } } } //insert or update vm in db if(isset($_REQUEST['mode'])){ if($_REQUEST['mode']=="newvm"){ $mode="newvm"; $sqls="INSERT INTO vms "; $sqlc="("; $sqlv=" VALUES ("; foreach(array_keys($_REQUEST) as $rkey){ if (($rkey!="mode")&&($rkey!="rand")){ if ((preg_match('/macaddr/', $rkey))&&($rvalue!="")){ $cm = checkmacfree(clean($_REQUEST['vmname']), $rvalue, $db_handle); if ($cm != "0") { echo $cm; exit; } } $rvalue = clean($_REQUEST[$rkey]); if ($rvalue == "x86_64"){ $rvalue = "qemu-system-x86_64"; } elseif ((preg_match('/no drive/', $rvalue))||($rvalue == "no cdrom")){ $rvalue = ""; } $sqlc .= "$rkey,"; $sqlv .= "'$rvalue',"; } } $sqlc = rtrim($sqlc, ','); $sqlc.=")"; $sqlv = rtrim($sqlv, ','); $sqlv.=")"; $sql = "$sqls$sqlc$sqlv"; //echo $sql; $res = $db_handle->exec($sql); echo "success"; exit; } elseif ($_REQUEST['mode']=="editvm"){ $sql="UPDATE vms SET "; foreach(array_keys($_REQUEST) as $rkey){ if (($rkey!="mode")&&($rkey!="editid")&&($rkey!="rand")){ $rvalue = clean($_REQUEST[$rkey]); if ((preg_match('/macaddr/', $rkey))&&($rvalue!="")){ $cm = checkmacfree(clean($_REQUEST['vmname']), $rvalue, $db_handle); if ($cm != "0") { echo $cm; exit; } } if ($rvalue == "x86_64"){ $rvalue = "qemu-system-x86_64"; } elseif ((preg_match('/no drive/', $rvalue))||($rvalue == "no cdrom")){ $rvalue = ""; } $sql .= " $rkey='$rvalue',"; } } $sql = rtrim($sql, ','); $eid=clean($_REQUEST['editid']); $sql .= " WHERE id='$eid'"; $res = $db_handle->exec($sql); echo "success"; exit; } } if (isset($_POST['serverbuttoni'])){ serverdepropdown($_POST['serverbuttoni'], "no drive1", 'drive1'); formatbuttons('format1', ''); serverdepropdown($_POST['serverbuttoni'], "no drive2", 'drive2'); formatbuttons('format2', ''); serverdepropdown($_POST['serverbuttoni'], "no drive3", 'drive3'); formatbuttons('format3', ''); serverdepropdown($_POST['serverbuttoni'], "no cdrom", 'cdrom'); exit; } //ajax queries are all done, time for the header include('header.php'); //usermanagement if ((isset($_POST['usermgmt']))||($mode=="usermgmt")){ $mode="usermgmt"; if (($_SESSION['username']=="inituser")||($_SESSION['isadmin']=="1")){ $sql="SELECT * FROM users"; $res = $db_handle->query($sql); echo "
"; //echo "
Username
Is Admin
New Password
"; if ($_SESSION['username']!="inituser"){ echo "

Existing users

"; } while ($row = $res->fetchArray(SQLITE3_ASSOC)){ echo "
"; if ($row['admin']=="1"){ $checked="checked"; } else { $checked=""; } echo "
"; echo ""; echo "
save user "; echo "
"; } //newuserform echo "

Create a new user

"; if ($_SESSION['username']!="inituser"){ echo "
"; } else { echo ""; } echo "
"; } } //servermanagement if (isset($_POST['servermgmt'])){ $mode="servermgmt"; if ($_SESSION['isadmin']=="1"){ $sql="SELECT * FROM servers"; $res = $db_handle->query($sql); echo "
"; //echo "
Username
Is Admin
New Password
"; echo "

Existing servers

"; echo "
hostname
connectstring
VM directory
ISO directory
"; while ($row = $res->fetchArray(SQLITE3_ASSOC)){ echo "
"; echo "
"; echo "
"; echo "
"; echo "
save server "; echo "
"; } //newserverform echo "

Create a new server

"; echo "
"; echo "
"; echo "
"; echo "
"; } } //start vm if (isset($_REQUEST['start'])){ $vmname = clean($_REQUEST['start']); $sqllimit=""; if($_SESSION['isadmin']!="1"){ $sqllimit="WHERE username='$_SESSION[username]'"; } $sql="SELECT * FROM vms WHERE vmname='$vmname' $sqllimit"; $res = $db_handle->query($sql); while ($row = $res->fetchArray(SQLITE3_ASSOC)){ $shellout = shell_exec("/usr/bin/nlvmi start $vmname bla"); echo $shellout; } } //stop vm if (isset($_REQUEST['stop'])){ $vmname = clean($_REQUEST['stop']); if($_SESSION['isadmin']!="1"){ $sqllimit="WHERE username='$_SESSION[username]'"; } $sql="SELECT * FROM vms WHERE vmname='$vmname' $sqllimit"; $res = $db_handle->query($sql); while ($row = $res->fetchArray(SQLITE3_ASSOC)){ if(!checkvm($vmname)){ $shellout = shell_exec("/usr/bin/nlvmi stop $vmname bla"); echo $shellout; } } } //form for edit and new vms if (isset($_REQUEST['edit'])){ $mode="editvm"; $formname="editvm"; $eid=clean($_REQUEST['edit']); $sql="SELECT * FROM vms WHERE id='$eid'"; $res = $db_handle->query($sql); $editid = ""; while ($row = $res->fetchArray(SQLITE3_ASSOC)){ $e = $row; } } elseif(isset($_REQUEST['newvm'])) { $formname="newvm"; $editid=""; $mode="newvm"; } if (isset($formname)){ $placehold['vmname']="Name of the VM"; $placehold['server']="ip or name of host server"; $placehold['cputype']="normally just 'host'"; $placehold['cpus']="Number of core for the VM"; $placehold['memory']="Amount of RAM for the VM im Mb"; $placehold['usbdev']="Normally just 'tablet' to get a mouse"; $placehold['kblang']="Qemu keyboard layout. Like 'de-ch'"; $placehold['custom']="Customstring to add to the qemu command"; $placehold['tapdev1']="tapname of first netinterface"; $placehold['tapdev2']="tapname of second netinterface"; $placehold['tapdev3']="tapname of third netinterface"; $placehold['macaddr1']="macaddress of first netinterface"; $placehold['macaddr2']="macaddress of second netinterface"; $placehold['macaddr3']="macaddress of third netinterface"; $placehold['brdev1']="bridge on host to add first netinterface"; $placehold['brdev2']="bridge on host to add second netinterface"; $placehold['brdev3']="bridge on host to add third netinterface"; $placehold['vncport']="VNC displaynumber like '1'"; $placehold['websocket']="port to bind the VNC websocket"; $placehold['vncpasswort']="the password for VNC"; echo "

$formname


"; echo "
"; $res = $db_handle->query('PRAGMA table_info(vms)'); while ($col = $res->fetchArray(SQLITE3_ASSOC)) { $arrColnames[]=$col['name']; } $server = $e['server']; for ($col=0; $col
bootoption
"; } elseif ($arrColnames[$col] == "user"){ if ($val=="") { $val=$_SESSION['username']; } echo "
user
"; } elseif ($arrColnames[$col] == "arch"){ echo "
arch
"; // echo "$arrColnames[$col]
"; } elseif (preg_match('/format/', $arrColnames[$col])){ formatbuttons($arrColnames[$col], $val); } elseif ($arrColnames[$col] == "autostart"){ $checked=""; if ($val=="1"){ $checked="checked"; } echo "
autostart
"; } elseif ($arrColnames[$col] == "cdrom"){ //echo "
"; serverdepropdown($server, $val, "cdrom"); echo "
"; } elseif (preg_match('/tapdev/', $arrColnames[$col])) { echo "
$arrColnames[$col]
"; } elseif (preg_match('/macaddr/', $arrColnames[$col])) { echo "
$arrColnames[$col]
"; } elseif (preg_match('/brdev/', $arrColnames[$col])) { echo "
$arrColnames[$col]
"; } elseif (preg_match('/drive/', $arrColnames[$col])){ if ($arrColnames[$col]=="drive1"){ echo "
"; } serverdepropdown($server, $val, $arrColnames[$col]); } elseif ($arrColnames[$col] == "server"){ echo "
$arrColnames[$col]
"; } else { echo "
$arrColnames[$col]
"; } } } echo "$editidsave vm"; } if(($mode!="newvm")&&($mode!="editvm")&&($mode!='usermgmt')){ if ($_SESSION['isadmin']=="1"){ $sqllimit=""; echo "
Create a new VM

"; } else { $sqllimit="WHERE user='$_SESSION[username]'"; } //getting vms from DB $sql="SELECT * FROM vms $sqllimit"; $res = $db_handle->query($sql); echo "
"; while ($row = $res->fetchArray(SQLITE3_ASSOC)){ if (checkvm($row['vmname'])){ $button = "start"; $buttonc = "btn-success"; } else { $button = "stop"; $buttonc = "btn-warning"; } $vncport = sprintf("%02d", $row[vncport]); echo "

$row[vmname]

$row[server]
$row[cpus] CPUs, $row[memory] MB RAM
$row[drive1]
"; echo "VNC port: 59$vncport
edit "; echo "$button "; echo " "; if ($row['websocket']!=""){ $server = gethostname(); if (preg_match('/stop/', $button)) { echo "VNC"; } } echo "
"; } } echo "
"; } elseif (!isset($_SESSION['username'])){ echo "

Welcome to nlvmi!

You need to log in


"; echo "
Username: Password:
"; exit; } ?>