2013-10-09 20:47:43 +02:00
< ? php
/*
2014-01-21 19:00:26 +01:00
Copyright ( C ) 2013 - 2014 Grégory Soutadé
2013-10-09 20:47:43 +02:00
This file is part of gPass .
gPass is free software : you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation , either version 3 of the License , or
( at your option ) any later version .
gPass is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with gPass . If not , see < http :// www . gnu . org / licenses />.
*/
include ( 'functions.php' );
2014-01-21 19:00:26 +01:00
include ( 'conf.php' );
2013-10-09 20:47:43 +02:00
session_start ();
2015-02-09 18:57:49 +01:00
$user = '' ;
2013-10-09 20:47:43 +02:00
2013-10-23 19:39:47 +02:00
if ( $ADMIN_MODE && isset ( $_POST [ 'create_user' ]))
{
2015-02-09 18:57:49 +01:00
$user = addslashes ( $_POST [ 'user' ]);
if ( create_user ( $user ))
2013-10-23 19:39:47 +02:00
$user = $_POST [ 'user' ];
2015-02-09 18:57:49 +01:00
else
$user = '' ;
2013-10-23 19:39:47 +02:00
}
else
{
2015-02-09 18:57:49 +01:00
$user = sanitize ( 'user' );
$login = sanitize ( 'login' );
$shadow_login = sanitize ( 'shadow_login' );
$password = sanitize ( 'password' );
$access_token = sanitize ( 'access_token' );
$access_tokens = sanitize ( 'access_tokens' );
$salt = sanitize ( 'salt' );
if ( isset ( $_POST [ 'get_secure_passwords' ]) && isset ( $_POST [ 'user' ]) &&
isset ( $_POST [ 'access_tokens' ]))
return get_secure_entries ( $user , $access_tokens );
2013-10-23 19:39:47 +02:00
if ( isset ( $_POST [ 'get_passwords' ]) && isset ( $_POST [ 'user' ]))
2015-02-09 18:57:49 +01:00
return list_entries ( $user );
2013-10-22 18:33:44 +02:00
2013-10-23 19:39:47 +02:00
if ( isset ( $_POST [ 'add_entry' ]) && isset ( $_POST [ 'user' ]) &&
2015-02-09 18:57:49 +01:00
isset ( $_POST [ 'login' ]) && isset ( $_POST [ 'password' ]) &&
isset ( $_POST [ 'shadow_login' ]) && isset ( $_POST [ 'salt' ]) &&
isset ( $_POST [ 'access_token' ]) )
return add_entry ( $user ,
$login ,
$password ,
$shadow_login ,
$salt ,
$access_token );
2013-10-22 18:33:44 +02:00
2013-10-23 19:39:47 +02:00
if ( isset ( $_POST [ 'delete_entry' ]) && isset ( $_POST [ 'user' ]) &&
2015-02-09 18:57:49 +01:00
isset ( $_POST [ 'login' ]) && isset ( $_POST [ 'access_token' ]))
return delete_entry ( $user ,
$login ,
$access_token );
2013-10-23 19:39:47 +02:00
}
2013-10-19 16:34:12 +02:00
2013-10-09 20:47:43 +02:00
?>
<! DOCTYPE html >
< html >
2013-10-19 16:34:12 +02:00
< head >
< meta http - equiv = " Content-Type " content = " text/html;charset=utf-8 " >
2015-02-09 18:57:49 +01:00
< link rel = " icon " type = " image/png " href = " resources/favicon.png " />
< link rel = " stylesheet " type = " text/css " href = " resources/gpass.css " />
2014-01-21 19:00:26 +01:00
< script language = " javascript " >
< ? php
2017-04-17 20:39:53 +02:00
echo " pbkdf2_level= $PBKDF2_LEVEL ; use_shadow_logins= $USE_SHADOW_LOGINS ; \n " ;
2016-08-20 13:23:36 +02:00
echo " CLEAR_TIME= $CLEAR_TIME ; // Clear master key after 15 minutes \n " ;
2014-01-21 19:00:26 +01:00
?>
</ script >
2015-02-09 18:57:49 +01:00
< script src = " resources/jsaes.js " ></ script >
< script src = " resources/jssha256.js " ></ script >
< script src = " resources/hmac.js " ></ script >
2017-04-17 20:39:53 +02:00
< script src = " resources/pbkdf2.js " ></ script >
2015-02-09 18:57:49 +01:00
< script src = " resources/gpass.js " ></ script >
< script src = " resources/pwdmeter.js " ></ script >
2013-10-19 16:34:12 +02:00
< title > gPass : global Password </ title >
</ head >
< body onload = " start(); " >
< div id = " logo " >
2015-02-09 18:57:49 +01:00
< a href = " http://indefero.soutade.fr/p/gpass " >< img src = " resources/gpass.png " alt = " logo " /></ a >
2013-10-19 16:34:12 +02:00
</ div >
2013-10-09 20:47:43 +02:00
2013-10-16 18:40:06 +02:00
< div id = " admin " < ? php if ( ! $ADMIN_MODE ) echo " style= \" display:none \" " ; ?> >
2013-10-19 16:34:12 +02:00
< form method = " post " >
< input type = " text " name = " user " /> < input type = " submit " name = " create_user " value = " Create user " onclick = " return confirm('Are you sure want to create this user ?'); " />
</ form >
</ div >
2013-10-09 20:47:43 +02:00
< div id = " user " >
< ? php
2013-10-23 19:39:47 +02:00
global $user ;
2013-10-09 20:47:43 +02:00
$users = scandir ( " ./users/ " );
$count = 0 ;
foreach ( $users as $u )
{
if ( is_dir ( " ./users/ " . $u ) && $u [ 0 ] != '_' && $u [ 0 ] != '.' )
$count ++ ;
}
if ( $count == 0 )
2013-10-12 11:20:54 +02:00
echo " <b>No user found</b><br/> \n " ;
2013-10-09 20:47:43 +02:00
else
{
2014-04-02 07:47:54 +02:00
echo " <b>User</b> <select id= \" selected_user \" name= \" user \" onchange= \" document.getElementById('master_key').value = '';update_master_key(false); \" > " . " \n " ;
2013-10-09 20:47:43 +02:00
foreach ( $users as $u )
{
if ( is_dir ( " ./users/ " . $u ) && $u [ 0 ] != '_' && $u [ 0 ] != '.' )
{
if ( $user == " " ) $user = $u ;
if ( $user == $u )
echo " <option value= \" $u\ " selected = \ " 1 \" /> $u </option> " ;
else
echo " <option value= \" $u\ " /> $u </ option > " ;
}
}
2013-10-12 11:20:54 +02:00
echo " </select> \n " ;
2014-02-19 17:34:51 +01:00
echo ' <b>Master key </b> <input id="master_key" type="password" onkeypress="if (event.keyCode == 13) update_master_key(true);"/>' ;
echo " <input type= \" button \" value= \" See \" onclick= \" update_master_key(true); \" /> " . " \n " ;
2013-10-09 20:47:43 +02:00
2013-10-23 19:39:47 +02:00
if ( ! isset ( $_SERVER [ 'HTTPS' ]))
2013-10-19 16:34:12 +02:00
echo " <div id= \" addon_address \" >Current addon address is : http:// " . $_SERVER [ 'SERVER_NAME' ] . " / " . $user . " </div> \n " ;
else
echo " <div id= \" addon_address \" >Current addon address is : https:// " . $_SERVER [ 'SERVER_NAME' ] . " / " . $user . " </div> \n " ;
2013-10-09 20:47:43 +02:00
}
?>
2013-10-19 16:34:12 +02:00
< div id = " passwords " >
2013-10-09 20:47:43 +02:00
</ div >
< div id = " add_new_password " >
< ? php
global $user ;
if ( $user != " " )
{
2013-10-12 11:20:54 +02:00
echo " <b>Add a new password</b><br/> \n " ;
2013-10-09 20:47:43 +02:00
2013-10-22 18:33:44 +02:00
echo 'URL <input type="text" name="url"/>' ;
2013-10-09 20:47:43 +02:00
echo 'login <input type="text" name="login" />' ;
2013-10-22 18:33:44 +02:00
echo 'password <input id="new_password" type="text" name="password"/>' ;
2014-02-17 08:00:28 +01:00
echo 'master key <input type="text" name="mkey" onkeypress="if (event.keyCode == 13) add_password();" onkeyup="chkPass(this.value);"/>' ;
2013-10-09 20:47:43 +02:00
echo '<input type="button" value="Generate password" onClick="generate_password();"/>' ;
2013-10-22 18:33:44 +02:00
echo " <input type= \" button \" name= \" add \" value= \" Add \" onclick= \" add_password(); \" /> " ;
2014-02-01 10:50:23 +01:00
echo " <br /> " ;
echo '<div><a href="http://en.wikipedia.org/wiki/Password_strength">Master key strength</a><div id="scorebarBorder"><div id="score">0%</div><div id="scorebar"> </div></div></div>' ;
2013-10-09 20:47:43 +02:00
}
?>
</ div >
2015-04-23 21:36:50 +02:00
< div id = " update_masterkey " >
< ? php
global $user ;
if ( $user != " " )
{
echo " <b>Update Masterkey</b><br/> \n " ;
echo 'Old master key <input type="text" id="oldmkey"/>' ;
echo 'New master key <input type="text" id="newmkey" onkeyup="chkPass(this.value);"/>' ;
echo '<input type="button" value="Update masterkey" onClick="update_masterkey();"/>' ;
}
?>
</ div >
2015-09-17 20:32:29 +02:00
< div id = " export_database " >
< ? php
global $user ;
if ( $user != " " )
{
echo " <b>Export</b><br/> \n " ;
echo '<input type="button" value="Export" onclick="export_database();"/>' ;
echo '<a id="export_link">Download</a>' ;
}
?>
</ div >
2013-10-09 20:47:43 +02:00
</ div >
</ body >
2013-10-19 16:34:12 +02:00
</ html >