2013-10-09 20:47:43 +02:00
< ? php
/*
Copyright ( C ) 2013 Grégory Soutadé
This file is part of gPass .
gPass is free software : you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation , either version 3 of the License , or
( at your option ) any later version .
gPass is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with gPass . If not , see < http :// www . gnu . org / licenses />.
*/
include ( 'functions.php' );
session_start ();
$VIEW_CIPHERED_PASSWORDS = true ;
2013-10-16 18:40:06 +02:00
$ADMIN_MODE = true ;
2013-10-09 20:47:43 +02:00
$mkey = ( isset ( $_POST [ 'mkey' ])) ? $_POST [ 'mkey' ] : " " ;
$user = ( isset ( $_POST [ 'user' ])) ? $_POST [ 'user' ] : " " ;
?>
<! DOCTYPE html >
< html >
< head >
< meta http - equiv = " Content-Type " content = " text/html;charset=utf-8 " >
2013-10-12 12:00:12 +02:00
< link rel = " stylesheet " type = " text/css " href = " ressources/gpass.css " />
< script src = " ressources/jssha256.js " ></ script >
2013-10-16 07:55:13 +02:00
< script src = " ressources/hmac.js " ></ script >
< script src = " ressources/pkdbf2.js " ></ script >
< script src = " ressources/gpass.js " ></ script >
2013-10-09 20:47:43 +02:00
< ? php
global $user ;
if ( $user == " " )
2013-10-12 11:20:54 +02:00
echo " <title>gPass : global Password</title> \n " ;
2013-10-09 20:47:43 +02:00
else
2013-10-12 11:20:54 +02:00
echo " <title>gPass : global Password - $user </title> \n " ;
2013-10-09 20:47:43 +02:00
?>
</ head >
< body >
< ? php
2013-10-12 12:00:12 +02:00
global $mkey ;
2013-10-16 18:40:06 +02:00
if ( $ADMIN_MODE && isset ( $_POST [ 'create_user' ]))
2013-10-09 20:47:43 +02:00
{
if ( create_user ( $_POST [ 'user' ]))
$user = $_POST [ 'user' ];
}
else
{
if ( isset ( $_POST [ 'add' ]))
add_entry ( $user , $mkey , $_POST [ 'url' ], $_POST [ 'login' ], $_POST [ 'pwd' ]);
else if ( isset ( $_POST [ 'delete' ]))
delete_entry ( $user , $_POST [ 'login_ciph' ]);
else if ( isset ( $_POST [ 'update' ]))
update_entry ( $user , $mkey , $_POST [ 'login_ciph' ], $_POST [ 'url' ], $_POST [ 'login' ], $_POST [ 'pwd' ]);
}
?>
2013-10-10 18:26:14 +02:00
< div id = " logo " >
< a href = " http://indefero.soutade.fr/p/gpass " >< img src = " ressources/gpass.png " alt = " logo " /></ a >
</ div >
2013-10-09 20:47:43 +02:00
2013-10-16 18:40:06 +02:00
< div id = " admin " < ? php if ( ! $ADMIN_MODE ) echo " style= \" display:none \" " ; ?> >
2013-10-09 20:47:43 +02:00
< form method = " post " >
< input type = " text " name = " user " /> < input type = " submit " name = " create_user " value = " Create user " onclick = " return confirm('Are you sure want to create this user ?'); " />
</ form >
</ div >
< div id = " user " >
< form method = " post " id = " select_user " >
< ? php
global $user ;
global $mkey ;
$users = scandir ( " ./users/ " );
$count = 0 ;
foreach ( $users as $u )
{
if ( is_dir ( " ./users/ " . $u ) && $u [ 0 ] != '_' && $u [ 0 ] != '.' )
$count ++ ;
}
if ( $count == 0 )
2013-10-12 11:20:54 +02:00
echo " <b>No user found</b><br/> \n " ;
2013-10-09 20:47:43 +02:00
else
{
2013-10-15 21:02:14 +02:00
echo '<b>User</b> <select id="selected_user" name="user">' . " \n " ;
2013-10-09 20:47:43 +02:00
foreach ( $users as $u )
{
if ( is_dir ( " ./users/ " . $u ) && $u [ 0 ] != '_' && $u [ 0 ] != '.' )
{
if ( $user == " " ) $user = $u ;
if ( $user == $u )
echo " <option value= \" $u\ " selected = \ " 1 \" /> $u </option> " ;
else
echo " <option value= \" $u\ " /> $u </ option > " ;
}
}
2013-10-12 11:20:54 +02:00
echo " </select> \n " ;
2013-10-16 07:55:13 +02:00
echo ' <b>Master key </b> <input id="see_password" type="password" name="mkey"/>' ;
echo " <input name= \" see \" type= \" submit \" value= \" See \" onclick= \" a=document.getElementById('selected_user') ; return derive_mkey(a.options[a.selectedIndex].value, 'see_password') ; \" /> " . " \n " ;
2013-10-09 20:47:43 +02:00
}
?>
</ form >
< div id = " passwords " >
< ? php
global $user ;
global $mkey ;
global $VIEW_UNCIPHERED_PASSWORDS ;
if ( $user != " " )
{
$nb_unciphered = 0 ;
list ( $nb_ciphered , $entries ) = list_entries ( $user , $mkey );
2013-10-12 11:20:54 +02:00
echo " <b> " . ( count ( $entries ) - $nb_ciphered ) . " unciphered password(s)</b><br/> \n " ;
2013-10-09 20:47:43 +02:00
foreach ( $entries as $entry )
{
if ( $entry [ 'ciphered' ] == 1 ) continue ;
2013-10-12 11:20:54 +02:00
echo '<form method="post">' . " \n " ;
2013-10-09 20:47:43 +02:00
echo '<input type="hidden" name="user" value="' . $user . '"/>' ;
echo '<input type="hidden" name="mkey" value="' . $mkey . '"/>' ;
echo '<input type="hidden" name="login_ciph" value="' . $entry [ 'login_ciph' ] . '"/>' ;
echo 'URL <input type="text" name="url" value="' . $entry [ 'url' ] . '"/>' ;
echo 'login <input type="text" name="login" value="' . $entry [ 'login' ] . '"/>' ;
echo 'password <input type="text" name="pwd" value="' . $entry [ 'password' ] . '"/>' ;
echo '<input type="submit" name="delete" value="Delete" onclick="return confirm(\'Are you sure want to delete this password ?\');"/>' ;
echo '<input type="submit" name="update" value="Update" onclick="return confirm(\'Are you sure want to update this password ?\');"/>' ;
2013-10-12 11:20:54 +02:00
echo '</form>' . " \n " ;
2013-10-09 20:47:43 +02:00
}
2013-10-12 11:20:54 +02:00
echo " <br/><br/> \n " ;
echo " <b> $nb_ciphered ciphered password(s)</b><br/> \n " ;
2013-10-09 20:47:43 +02:00
if ( $VIEW_CIPHERED_PASSWORDS )
{
foreach ( $entries as $entry )
{
if ( $entry [ 'ciphered' ] == 0 ) continue ;
2013-10-12 11:20:54 +02:00
echo '<form method="post">' . " \n " ;
2013-10-09 20:47:43 +02:00
echo '<input type="hidden" name="user" value="' . $user . '"/>' ;
echo '<input type="hidden" name="mkey" value="' . $mkey . '"/>' ;
echo '<input class="hash" type="text" name="login_ciph" value="' . $entry [ 'login_ciph' ] . '"/>' ;
echo '<input class="hash" type="text" name="pwd" value="' . $entry [ 'password' ] . '"/>' ;
echo '<input type="submit" name="delete" value="Delete" onclick="return confirm(\'Are you sure want to delete this password ?\');"/>' ;
2013-10-12 11:20:54 +02:00
echo '</form>' . " \n " ;
2013-10-09 20:47:43 +02:00
}
}
}
?>
</ div >
< div id = " add_new_password " >
< ? php
global $user ;
if ( $user != " " )
{
2013-10-12 11:20:54 +02:00
echo " <b>Add a new password</b><br/> \n " ;
echo '<form method="post">' . " \n " ;
2013-10-09 20:47:43 +02:00
echo '<input type="hidden" name="user" value="' . $user . '"/>' ;
echo 'URL <input id="new_url" type="text" name="url"/>' ;
echo 'login <input type="text" name="login" />' ;
echo 'password <input id="new_password" type="text" name="pwd"/>' ;
2013-10-15 21:02:14 +02:00
echo 'master key <input id="new_mkey" type="password" name="mkey"/>' ;
2013-10-09 20:47:43 +02:00
echo '<input type="button" value="Generate password" onClick="generate_password();"/>' ;
2013-10-16 07:55:13 +02:00
echo " <input type= \" submit \" name= \" add \" value= \" Add \" onclick= \" a = document.getElementById('new_url') ; a.value = url_domain(a.value); return derive_mkey(' $user ', 'new_mkey') ; \" /> " ;
2013-10-12 11:20:54 +02:00
echo '</form>' . " \n " ;
2013-10-09 20:47:43 +02:00
}
?>
</ div >
</ div >
</ body >
</ html >