' );
$replace = array('&', '"', ''', '<', '>' );
$str = str_replace($search, $replace, $str);
$strf = htmlspecialchars($str, ENT_QUOTES, 'UTF-8');
return $strf;
}
if(isset($_REQUEST['logout'])){
session_start();
session_unset();
session_destroy();
} else {
session_start();
}
$mode="";
function checkvm($vmname) {
$shellout = shell_exec("/usr/bin/nlvmi checkvm $vmname bla");//){
if (preg_match_all('/not running/', $shellout)){
return 1;
}
return 0;
}
function serverdepropdown($server, $val, $what){
if ($what == "cdrom"){
$dir = "isodirectory";
$enddiv = "";
} elseif (preg_match('/drive/', $what)) {
$dir = "vmdirectory";
$enddiv="";
}
echo "
$what
";
}
function formatbuttons($label, $val){
echo "
";
}
//read config file
$configfile = new SplFileObject("/etc/nlvmi/nlvmi.conf");
while (!$configfile->eof()) {
$line = $configfile->fgets();
if (!preg_match('/^#/', $line)){
if (!preg_match('/^$/', $line)){
if (preg_match('/=/', $line)){
$configparam = explode('=', $line);
$p = rtrim($configparam[1]);
//echo "B$p";
$config[$configparam[0]]=str_replace('"', '', $p);
}
}
}
}
$file = null;
//check db connection
if ($config['DATABASETYPE']=="sqlite"){
$db_handle = new SQLite3($config['SQLITEFILE']);
$query = "SELECT name FROM sqlite_master WHERE type='table' AND name='vms';";
$db_handle->exec($query);
$result = $db_handle->query($query);
$row = $result->fetchArray();
if (!$row['name']=="vms"){
echo "DB connection failed!";
exit;
}
}
//check login
$usersfound = "no";
$sql="SELECT * FROM users LIMIT 1";
$res = $db_handle->query($sql);
while ($row = $res->fetchArray(SQLITE3_ASSOC)){
$usersfound="yes";
if ($_SESSION['username']=="inituser"){
session_unset();
session_destroy();
session_start();
echo "killed inituser!";
}
}
if ($usersfound=="no"){
$_SESSION['username']="inituser";
$_SESSION['isadmin']="1";
if (!isset($_POST['newusername'])){
echo "You have no users in the datbase! ";
$mode="usermgmt";
}
} elseif ((isset($_POST['login']))&&(isset($_POST['username']))&&(isset($_POST['password']))){
$user = clean($_POST['username']);
$pass = clean($_POST['password']);
if ($pass == ""){
echo "$user is not allowed to login without a password.";
} else {
$sql="SELECT password,admin FROM users WHERE username='$user'";
$res = $db_handle->query($sql);
while ($row = $res->fetchArray(SQLITE3_ASSOC)){
if (password_verify($pass, $row['password'])){
$_SESSION['username']=$user;
$_SESSION['isadmin']=$row['admin'];
} else {
echo "Password not correct!";
}
}
}
}
function checkmacfree($vmname,$mac,$db_handle){
$sql="SELECT vmname FROM vms WHERE (macaddr1='$mac' OR macaddr2='$mac' OR macaddr3='$mac') AND NOT vmname='$vmname'";
//echo "na";
$res = $db_handle->query($sql);
while ($row = $res->fetchArray(SQLITE3_ASSOC)){
return "$row[vmname] uses the mac $mac already!";
}
return 0;
}
//delete vms
if (isset($_SESSION['username'])){
if ((isset($_POST['deleteid']))&&(isset($_POST['deletename']))&&($_POST['delwhat']=="vm")){
if($_SESSION['isadmin']!=1){
echo "you are not allowed to delete vms!";
} else {
$vmname = clean($_POST['deletename']);
$vmid = clean($_POST['deleteid']);
$sql="SELECT vms.id AS vid,prio,hostname,connectstring,autostart FROM vms LEFT JOIN servers ON vms.server = servers.hostname WHERE vmname='$vmname' AND vid='$vmid'";
$res = $db_handle->query($sql);
while ($row = $res->fetchArray(SQLITE3_ASSOC)){
$prio = $row['prio'];
$nextprio = $prio + 1;
$lastprio = "no";
while ($lastprio == "no"){
$sqln="SELECT id FROM vms WHERE prio='$nextprio'";
$nid = $db_handle->query($sqln)->fetchArray(SQLITE3_ASSOC)['id'];
if($nid == ""){
$lastprio = "yes";
} else {
$sqlu="UPDATE vms SET prio='$prio' WHERE id='$nid'";
if (!$db_handle->query($sqlu)){
echo "SQL $sqlu failed!";
exit;
} else {
$nextprio = $nextprio + 1;
$prio = $prio + 1;
}
}
}
if ($row['autostart'] == "1"){
if ($row['connectstring'] == ""){
$shellout = shell_exec("/usr/bin/nlvmi delautostart local $vmname");
} else {
$shellout = shell_exec("/usr/bin/nlvmi delautostart $row[connectstring] $vmname");
}
}
if (isset($config['NGINXCONFIGPATH'])){
$shellout = shell_exec("/usr/bin/nlvmi delnginx local $vmname");
}
$sqld="DELETE FROM vms WHERE id='$vmid'";
if ($db_handle->query($sqld)){
echo "VM $vmname deleted!";
}
}
}
} elseif
//delete user
((isset($_POST['deleteid']))&&(isset($_POST['deletename']))&&($_POST['delwhat']=="user")){
if($_SESSION['isadmin']!=1){
echo "you are not allowed to delete users!";
} else {
$uname = clean($_POST['deletename']);
$uid = clean($_POST['deleteid']);
$sql="SELECT id FROM users WHERE username='$uname' AND id='$uid'";
$res = $db_handle->query($sql);
while ($row = $res->fetchArray(SQLITE3_ASSOC)){
$sqld="DELETE FROM users WHERE id='$uid'";
if ($db_handle->query($sqld)){
echo "User $uname deleted!";
}
}
}
} elseif
//delete server
((isset($_POST['deleteid']))&&(isset($_POST['deletename']))&&($_POST['delwhat']=="server")){
if($_SESSION['isadmin']!=1){
echo "you are not allowed to delete vms!";
} else {
$sname = clean($_POST['deletename']);
$sid = clean($_POST['deleteid']);
$sql="SELECT id FROM servers WHERE hostname='$sname' AND id='$sid'";
$res = $db_handle->query($sql);
while ($row = $res->fetchArray(SQLITE3_ASSOC)){
$sqld="DELETE FROM servers WHERE id='$sid'";
if ($db_handle->query($sqld)){
echo "Server $sname deleted!";
}
}
}
}
//insert new user in db
if(isset($_POST['newusername'])){
if($_SESSION['isadmin']!=1){
echo "you are not allowed to add usernames!";
} else {
$newusername = clean($_POST['newusername']);
$newpassword = password_hash(clean($_POST['newpassword']), PASSWORD_DEFAULT);
if ($_POST['isadmin']=="on"){
$isadmin = "1";
} else {
$isadmin = "0";
}
$sqlu="SELECT id FROM users WHERE username='$newusername'";
$res = $db_handle->query($sqlu);
while ($row = $res->fetchArray(SQLITE3_ASSOC)){
echo "username already exist!";
exit;
}
$sql="INSERT INTO users (username,password,admin) VALUES('$newusername', '$newpassword', '$isadmin')";
$res=$db_handle->query($sql);
$res=$db_handle->query($sqlu);
while ($row = $res->fetchArray(SQLITE3_ASSOC)){
echo "success";
exit;
}
echo "Failed to insert into DB!";
exit;
}
}
//update user in db
if(isset($_POST['changeusername'])){
if($_SESSION['isadmin']!=1){
echo "you are not allowed to change usernames!";
} else {
$userchange=clean($_POST['userchange']);
$username=clean($_POST['changeusername']);
if($_POST['passwordchange']==""){
$passwd ="";
} else {
$pass=password_hash(clean($_POST['passwordchange']), PASSWORD_DEFAULT);
$passwd="password='$pass',";
}
if ($_POST['isadmin']=="on"){
$isadmin = "1";
} else {
$isadmin = "0";
}
$sql="UPDATE users SET username='$username', $passwd admin='$isadmin' where id='$userchange'";
if($db_handle->query($sql)){
echo "success";
exit;
}
}
}
//insert new server in db
if(isset($_POST['newhostname'])){
if($_SESSION['isadmin']!=1){
echo "you are not allowed to add servers!";
} else {
$newservername = clean($_POST['newhostname']);
$connectstring = clean($_POST['connectstring']);
$vmdirectory = clean($_POST['vmdirectory']);
$isodirectory = clean($_POST['isodirectory']);
$sqlu="INSERT INTO servers ('hostname','connectstring','vmdirectory','isodirectory') VALUES('$newservername','$connectstring','$vmdirectory','$isodirectory')";
//echo $sqlu;
$res = $db_handle->query($sqlu);
echo "success";
exit;
}
}
//update server in db
if(isset($_POST['changehostname'])){
if($_SESSION['isadmin']!=1){
echo "you are not allowed to change servers!";
} else {
$newservername = clean($_POST['changehostname']);
$connectstring = clean($_POST['connectstring']);
$vmdirectory = clean($_POST['vmdirectory']);
$isodirectory = clean($_POST['isodirectory']);
$changeid = clean($_POST['changeid']);
$sql="UPDATE servers SET hostname='$newservername', connectstring='$connectstring', vmdirectory='$vmdirectory', isodirectory='$isodirectory' where id='$changeid'";
if($db_handle->query($sql)){
echo "success";
exit;
} else {
echo "$sql";
exit;
}
}
}
//insert or update vm in db
if(isset($_REQUEST['mode'])){
if($_REQUEST['mode']=="newvm"){
$psql = "SELECT MAX(prio) AS prio FROM vms";
$pres = $db_handle->query($psql);
$prioa = $pres->fetchArray(SQLITE3_ASSOC);
$prio = $prioa['prio'] + 1;
$mode="newvm";
$sqls="INSERT INTO vms ";
$sqlc="(";
$sqlv=" VALUES (";
foreach(array_keys($_REQUEST) as $rkey){
if (($rkey!="mode")&&($rkey!="rand")){
$rvalue = clean($_REQUEST[$rkey]);
if ((preg_match('/macaddr/', $rkey))&&($rvalue!="")){
$cm = checkmacfree(clean($_REQUEST['vmname']), $rvalue, $db_handle);
if ($cm != "0") {
echo $cm;
exit;
}
}
if ($rkey == "autostart"){
if ($rvalue == "on"){
$rvalue = "1";
} else {
$rvalue = "0";
}
}
if ($rvalue == "x86_64"){
$rvalue = "qemu-system-x86_64";
} elseif ((preg_match('/no drive/', $rvalue))||($rvalue == "no cdrom")){
$rvalue = "";
}
$sqlc .= "$rkey,";
$sqlv .= "'$rvalue',";
}
}
$sqlc.=" 'prio')";
$sqlv.=" '$prio')";
$sql = "$sqls$sqlc$sqlv";
$res = $db_handle->exec($sql);
echo "success";
exit;
} elseif ($_REQUEST['mode']=="editvm"){
$sql="UPDATE vms SET ";
$autostartfound = "0";
foreach(array_keys($_REQUEST) as $rkey){
if (($rkey!="mode")&&($rkey!="editid")&&($rkey!="rand")){
$rvalue = clean($_REQUEST[$rkey]);
if ((preg_match('/macaddr/', $rkey))&&($rvalue!="")){
$cm = checkmacfree(clean($_REQUEST['vmname']), $rvalue, $db_handle);
if ($cm != "0") {
echo $cm;
exit;
}
}
if ($rkey == "autostart"){
$autostartfound = "1";
if ($rvalue == "on"){
$rvalue = "1";
} else {
$rvalue = "0";
}
}
if ($rvalue == "x86_64"){
$rvalue = "qemu-system-x86_64";
} elseif ((preg_match('/no drive/', $rvalue))||($rvalue == "no cdrom")){
$rvalue = "";
}
$sql .= " $rkey='$rvalue',";
}
}
if ($autostartfound == "0"){
$sql .= " autostart='0'";
} else {
$sql = rtrim($sql, ',');
}
$eid=clean($_REQUEST['editid']);
$sql .= " WHERE id='$eid'";
$res = $db_handle->exec($sql);
echo "success";
exit;
}
}
if (isset($_REQUEST['neworder'])){
if (isset($_REQUEST['vid'])){
$vid = clean($_REQUEST['vid']);
$sql="SELECT prio FROM vms WHERE id='$vid'";
$oldprio = $db_handle->query($sql)->fetchArray(SQLITE3_ASSOC)['prio'];
//print_r($res);
//echo "buu";
if ($_REQUEST['neworder']=="up"){
$newprio = $oldprio - 1;
$sqlu="SELECT id FROM vms WHERE prio='$newprio'";
$oldid = $db_handle->query($sqlu)->fetchArray(SQLITE3_ASSOC)['id'];
$sqlm="UPDATE vms SET prio='$newprio' WHERE id='$vid'";
$sqln="UPDATE vms SET prio='$oldprio' WHERE id='$oldid'";
if(($db_handle->exec($sqlm))&&($db_handle->exec($sqln))){
echo "success";
exit;
}
}elseif ($_REQUEST['neworder']=="down"){
$newprio = $oldprio + 1;
$sqlu="SELECT id FROM vms WHERE prio='$newprio'";
$oldid = $db_handle->query($sqlu)->fetchArray(SQLITE3_ASSOC)['id'];
$sqlm="UPDATE vms SET prio='$newprio' WHERE id='$vid'";
$sqln="UPDATE vms SET prio='$oldprio' WHERE id='$oldid'";
if(($db_handle->exec($sqlm))&&($db_handle->exec($sqln))){
echo "success";
exit;
}
}
}
}
if (isset($_POST['serverbuttoni'])){
serverdepropdown($_POST['serverbuttoni'], "no drive1", 'drive1');
formatbuttons('format1', '');
serverdepropdown($_POST['serverbuttoni'], "no drive2", 'drive2');
formatbuttons('format2', '');
serverdepropdown($_POST['serverbuttoni'], "no drive3", 'drive3');
formatbuttons('format3', '');
serverdepropdown($_POST['serverbuttoni'], "no cdrom", 'cdrom');
exit;
}
//ajax queries are all done, time for the header
include('header.php');
//usermanagement
if ((isset($_POST['usermgmt']))||($mode=="usermgmt")){
$mode="usermgmt";
if (($_SESSION['username']=="inituser")||($_SESSION['isadmin']=="1")){
$sql="SELECT * FROM users";
$res = $db_handle->query($sql);
echo "";
if ($_SESSION['username']!="inituser"){
echo "Existing users ";
}
while ($row = $res->fetchArray(SQLITE3_ASSOC)){
echo "
";
if ($row['admin']=="1"){
$checked="checked";
} else {
$checked="";
}
echo "
";
echo "
";
echo "
";
}
//newuserform
echo "Create a new user ";
}
}
//servermanagement
if (isset($_POST['servermgmt'])){
$mode="servermgmt";
if ($_SESSION['isadmin']=="1"){
$sql="SELECT * FROM servers";
$res = $db_handle->query($sql);
echo "";
echo "Existing servers ";
echo "hostname
connectstring
VM directory
ISO directory
";
while ($row = $res->fetchArray(SQLITE3_ASSOC)){
echo "";
}
//newserverform
echo "Create a new server ";
}
}
//start vm
if (isset($_REQUEST['start'])){
$vmname = clean($_REQUEST['start']);
$sqllimit="";
if($_SESSION['isadmin']!="1"){
$sqllimit="WHERE username='$_SESSION[username]'";
}
$sql="SELECT * FROM vms WHERE vmname='$vmname' $sqllimit";
$res = $db_handle->query($sql);
while ($row = $res->fetchArray(SQLITE3_ASSOC)){
$shellout = shell_exec("/usr/bin/nlvmi start $vmname bla");
echo $shellout;
}
}
//stop vm
if (isset($_REQUEST['stop'])){
$vmname = clean($_REQUEST['stop']);
if($_SESSION['isadmin']!="1"){
$sqllimit="WHERE username='$_SESSION[username]'";
}
$sql="SELECT * FROM vms WHERE vmname='$vmname' $sqllimit";
$res = $db_handle->query($sql);
while ($row = $res->fetchArray(SQLITE3_ASSOC)){
if(!checkvm($vmname)){
$shellout = shell_exec("/usr/bin/nlvmi stop $vmname bla");
echo $shellout;
}
}
}
//form for edit and new vms
if (isset($_REQUEST['edit'])){
$mode="editvm";
$formname="editvm";
$eid=clean($_REQUEST['edit']);
$sql="SELECT * FROM vms WHERE id='$eid'";
$res = $db_handle->query($sql);
$editid = " ";
while ($row = $res->fetchArray(SQLITE3_ASSOC)){
$e = $row;
}
} elseif(isset($_REQUEST['newvm'])) {
$formname="newvm";
$editid="";
$mode="newvm";
}
if (isset($formname)){
$placehold['vmname']="Name of the VM";
$placehold['server']="ip or name of host server";
$placehold['cputype']="normally just 'host'";
$placehold['cpus']="Number of core for the VM";
$placehold['memory']="Amount of RAM for the VM im Mb";
$placehold['usbdev']="Normally just 'tablet' to get a mouse";
$placehold['kblang']="Qemu keyboard layout. Like 'de-ch'";
$placehold['custom']="Customstring to add to the qemu command";
$placehold['tapdev1']="tapname of first netinterface";
$placehold['tapdev2']="tapname of second netinterface";
$placehold['tapdev3']="tapname of third netinterface";
$placehold['macaddr1']="macaddress of first netinterface";
$placehold['macaddr2']="macaddress of second netinterface";
$placehold['macaddr3']="macaddress of third netinterface";
$placehold['brdev1']="bridge on host to add first netinterface";
$placehold['brdev2']="bridge on host to add second netinterface";
$placehold['brdev3']="bridge on host to add third netinterface";
$placehold['vncport']="VNC displaynumber like '1'";
$placehold['websocket']="port to bind the VNC websocket";
$placehold['vncpasswort']="the password for VNC";
echo "$formname ";
echo "