' ); $replace = array('&', '"', ''', '<', '>' ); $str = str_replace($search, $replace, $str); return $str; } if(isset($_REQUEST['logout'])){ session_start(); session_unset(); session_destroy(); } else { session_start(); } $mode=""; function checkvm($vmname) { $shellout = shell_exec("/usr/bin/wrap-nlvmi checkvm $vmname bla");//){ if (preg_match_all('/running/', $shellout)){ return 0; } return 1; } //read config file $configfile = new SplFileObject("/etc/nlvmi/nlvmi.conf"); while (!$configfile->eof()) { $line = $configfile->fgets(); if (!preg_match('/^#/', $line)){ if (!preg_match('/^$/', $line)){ if (preg_match('/=/', $line)){ $configparam = explode('=', $line); $p = rtrim($configparam[1]); //echo "B$p"; $config[$configparam[0]]=str_replace('"', '', $p); } } } } $file = null; //check db connection if ($config['DATABASETYPE']=="sqlite"){ $db_handle = new SQLite3($config['SQLITEFILE']); $query = "SELECT name FROM sqlite_master WHERE type='table' AND name='vms';"; $db_handle->exec($query); $result = $db_handle->query($query); $row = $result->fetchArray(); if (!$row['name']=="vms"){ echo "DB connection failed!"; exit; } } //check login $usersfound = "no"; $sql="SELECT * FROM users LIMIT 1"; $res = $db_handle->query($sql); while ($row = $res->fetchArray(SQLITE3_ASSOC)){ $usersfound="yes"; if ($_SESSION['username']=="inituser"){ session_unset(); session_destroy(); session_start(); } } if ($usersfound=="no"){ if (!isset($_POST['newusername'])){ echo "

You have no users in the datbase!

"; // echo "Aborting...."; // exit; $_SESSION['username']="inituser"; $_SESSION['isadmin']="1"; $mode="usermgmt"; } } elseif ((isset($_POST['login']))&&(isset($_POST['username']))&&(isset($_POST['password']))){ $user = clean($_POST['username']); $pass = clean($_POST['password']); $sql="SELECT password,admin FROM users WHERE username='$user'"; $res = $db_handle->query($sql); while ($row = $res->fetchArray(SQLITE3_ASSOC)){ if (password_verify($pass, $row['password'])){ $_SESSION['username']=$user; $_SESSION['isadmin']=$row['admin']; } else { echo "Password not correct! $pass"; } } } if (isset($_SESSION['username'])){ if ((isset($_POST['deletevm']))&&(isset($_POST['deletename']))){ if($_SESSION['isadmin']!=1){ echo "you are not allowed to change usernames!"; } else { $vmname = clean($_POST['deletename']); $vmid = clean($_POST['deletevm']); $sql="SELECT id FROM vms WHERE vmname='$vmname' AND id='$vmid'"; $res = $db_handle->query($sql); while ($row = $res->fetchArray(SQLITE3_ASSOC)){ $sqld="DELETE FROM vms WHERE id='$vmid'"; if ($db_handle->query($sqld)){ echo "VM $vmname deleted!"; } } } } //insert new user in db if(isset($_POST['newusername'])){ if($_SESSION['isadmin']!=1){ echo "you are not allowed to add usernames!"; } else { $newusername = clean($_POST['newusername']); $newpassword = password_hash(clean($_POST['newpassword']), PASSWORD_DEFAULT); if ($_POST['isadmin']=="on"){ $isadmin = "1"; } else { $isadmin = "0"; } $sqlu="SELECT id FROM users WHERE username='$newusername'"; $res = $db_handle->query($sqlu); while ($row = $res->fetchArray(SQLITE3_ASSOC)){ echo "username already exist!"; exit; } $sql="INSERT INTO users (username,password,admin) VALUES('$newusername', '$newpassword', '$isadmin')"; $res=$db_handle->query($sql); $res=$db_handle->query($sqlu); while ($row = $res->fetchArray(SQLITE3_ASSOC)){ echo "success"; exit; } echo "Failed to insert into DB!"; exit; } } //update user in db if(isset($_POST['changeusername'])){ if($_SESSION['isadmin']!=1){ echo "you are not allowed to change usernames!"; } else { $username=clean($_POST['changeusername']); $pass=password_hash(clean($_POST['passwordchange']), PASSWORD_DEFAULT); if ($_POST['isadmin']=="on"){ $isadmin = "1"; } else { $isadmin = "0"; } $sql="UPDATE users SET username='$username', password='$pass', admin='$isadmin'"; if($db_handle->query($sql)){ echo "success"; exit; } } } //ajax queries are all don, time for the header include('header.php'); //usermanagement if ((isset($_POST['usermgmt']))||($mode=="usermgmt")){ $mode="usermgmt"; if (($_SESSEION['username']=="inituser")||($_SESSION['isadmin']=="1")){ $sql="SELECT * FROM users"; $res = $db_handle->query($sql); echo "
"; //echo "

Username

Is Admin

New Password

"; echo "

Existing users

"; while ($row = $res->fetchArray(SQLITE3_ASSOC)){ echo ""; } //newuserform echo "

Create a new user

"; } } //start vm if (isset($_REQUEST['start'])){ $vmname = clean($_REQUEST['start']); $sql="SELECT * FROM vms WHERE vmname='$vmname'"; $res = $db_handle->query($sql); while ($row = $res->fetchArray(SQLITE3_ASSOC)){ $shellout = shell_exec("/usr/bin/wrap-nlvmi start $vmname bla"); echo $shellout; } } if (isset($_REQUEST['stop'])){ $vmname = clean($_REQUEST['stop']); $sql="SELECT * FROM vms WHERE vmname='$vmname'"; $res = $db_handle->query($sql); while ($row = $res->fetchArray(SQLITE3_ASSOC)){ if(checkvm($vmname)){ $shellout = shell_exec("/usr/bin/wrap-nlvmi stop $vmname bla"); echo $shellout; } } } //form for edit and new vms if (isset($_REQUEST['edit'])){ $mode="editvm"; $formname="editvm"; $eid=clean($_REQUEST['edit']); $sql="SELECT * FROM vms WHERE id='$eid'"; $res = $db_handle->query($sql); $editid = ""; while ($row = $res->fetchArray(SQLITE3_ASSOC)){ $e = $row; } } elseif(isset($_REQUEST['newvm'])) { $formname="newvm"; $editid=""; $mode="newvm"; } if (isset($formname)){ echo "

$formname

"; echo "

"; $res = $db_handle->query('PRAGMA table_info(vms)'); while ($col = $res->fetchArray(SQLITE3_ASSOC)) { $arrColnames[]=$col['name']; } for ($col=0; $col

bootoption

"; // echo "$arrColnames[$col]
"; } elseif ($arrColnames[$col] == "arch"){ echo "

arch

"; // echo "$arrColnames[$col]
"; } elseif ($arrColnames[$col] == "cdrom"){ echo "

cdrom

"; } elseif (preg_match('/format/', $arrColnames[$col])) { echo "

$arrColnames[$col]

"; } elseif (preg_match('/tapdev/', $arrColnames[$col])) { echo "

$arrColnames[$col]

"; } elseif (preg_match('/macaddr/', $arrColnames[$col])) { echo "

$arrColnames[$col]

"; } elseif (preg_match('/brdev/', $arrColnames[$col])) { echo "

$arrColnames[$col]

"; } elseif (preg_match('/drive/', $arrColnames[$col])){ echo "

$arrColnames[$col]

"; } else { echo "

$arrColnames[$col]

"; } } } echo "$editid"; } //insert in db if(isset($_REQUEST['mode'])){ if($_REQUEST['mode']=="newvm"){ $mode="newvm"; $sqls="INSERT INTO vms "; $sqlc="("; $sqlv=" VALUES ("; foreach(array_keys($_REQUEST) as $rkey){ if ($rkey!="mode"){ $rvalue = clean($_REQUEST[$rkey]); if ($rvalue == "x86_64"){ $rvalue = "qemu-system-x86_64"; } $sqlc .= "$rkey,"; $sqlv .= "'$rvalue',"; } } $sqlc = rtrim($sqlc, ','); $sqlc.=")"; $sqlv = rtrim($sqlv, ','); $sqlv.=")"; $sql = "$sqls$sqlc$sqlv"; echo $sql; $result = $db_handle->exec($sql); } elseif ($_REQUEST['mode']=="editvm"){ $mode="editvm"; $sql="UPDATE vms SET "; foreach(array_keys($_REQUEST) as $rkey){ if (($rkey!="mode")&&($rkey!="editid")){ $rvalue = clean($_REQUEST[$rkey]); if ($rvalue == "x86_64"){ $rvalue = "qemu-system-x86_64"; } $sql .= " $rkey='$rvalue',"; } } $sql = rtrim($sql, ','); $eid=clean($_REQUEST['editid']); $sql .= " WHERE id='$eid'"; $result = $db_handle->exec($sql); } } if(($mode!="newvm")&&($mode!="editvm")&&($mode!='usermgmt')){ if ($_SESSION['isadmin']=="1"){ $sqllimit=""; echo "
Create a new VM

"; } else { $sqllimit="WHERE user='$_SESSION[username]'"; } //getting vms from DB $sql="SELECT * FROM vms $sqllimit"; $res = $db_handle->query($sql); echo "

"; while ($row = $res->fetchArray(SQLITE3_ASSOC)){ if (checkvm($row['vmname'])){ $button = "start"; $buttonc = "btn-success"; } else { $button = "stop"; $buttonc = "btn-warning"; } echo "

$row[vmname]
edit "; echo "$button "; echo " "; $server = gethostname(); if (preg_match('/stop/', $button)) { echo "VNC

"; } } } echo "

"; } elseif (!isset($_SESSION['username'])){ echo "

Welcome to nlvmi!

You need to log in

"; echo ""; exit; } ?>