gPass/server/index.php

<?php
/*
  Copyright (C) 2013 Grégory Soutadé
  
  This file is part of gPass.
  
  gPass is free software: you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
  the Free Software Foundation, either version 3 of the License, or
  (at your option) any later version.
  
  gPass is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.
  
  You should have received a copy of the GNU General Public License
  along with gPass.  If not, see <http://www.gnu.org/licenses/>.
*/

include('functions.php');

session_start();

$VIEW_CIPHERED_PASSWORDS=true;
$ADMIN_MODE=true;

if (isset($_GET['get_passwords']) && isset($_GET['user']))
    return list_entries($_GET['user']);

?>
<!DOCTYPE html> 
<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html;charset=utf-8" >
    <link rel="stylesheet" type="text/css" href="ressources/gpass.css" />
    <script src="ressources/jsaes.js"></script>
    <script src="ressources/jssha256.js"></script>
    <script src="ressources/hmac.js"></script>
    <script src="ressources/pkdbf2.js"></script>
    <script src="ressources/gpass.js"></script>
    <title>gPass : global Password</title>
  </head>
  <body onload="start();">
    <div id="logo">
      <a href="http://indefero.soutade.fr/p/gpass"><img src="ressources/gpass.png" alt="logo"/></a>
    </div>

    <div id="admin" <?php if (!$ADMIN_MODE) echo "style=\"display:none\"";?> >
      <form method="post">
	<input type="text" name="user"/> <input type="submit" name="create_user" value="Create user" onclick="return confirm('Are you sure want to create this user ?');"/>
      </form>
    </div>
<div id="user">
<?php
$users = scandir("./users/");
$count = 0;
    foreach($users as $u)
    {
        if (is_dir("./users/" . $u) && $u[0] != '_' && $u[0] != '.')
            $count++;
    }

if ($count == 0)
    echo "<b>No user found</b><br/>\n";
else
{
    echo "<b>User</b> <select id=\"selected_user\" name=\"user\" onchange=\"document.getElementById('master_key').value = ''\">" . "\n";
    foreach($users as $u)
    {
        if (is_dir("./users/" . $u) && $u[0] != '_' && $u[0] != '.')
        {
            if ($user == "") $user = $u;
            if ($user == $u)
                echo "<option value=\"$u\" selected=\"1\"/>$u</option>";
            else
                echo "<option value=\"$u\"/>$u</option>";
        }
    }
        echo "</select>\n";
        echo '  <b>Master key </b> <input id="master_key" type="password" onkeypress="if (event.keyCode == 13) update_master_key();"/>';
        echo "<input type=\"button\" value=\"See\" onclick=\"update_master_key();\" />" . "\n";

   if ($_SERVER['HTTPS'] == "")
   echo "<div id=\"addon_address\">Current addon address is : http://" . $_SERVER['SERVER_NAME'] . "/" . $user . "</div>\n";
   else
   echo "<div id=\"addon_address\">Current addon address is : https://" . $_SERVER['SERVER_NAME'] . "/" . $user . "</div>\n";
}
?>
<div id="passwords">
</div>
<div id="add_new_password">
<?php
    global $user;

if ($user != "")
{
    echo "<b>Add a new password</b><br/>\n";
    echo '<form method="post">' . "\n";
    echo '<input type="hidden" name="user" value="' . $user . '"/>';

    echo 'URL <input id="new_url" type="text" name="url"/>';
    echo 'login <input type="text" name="login" />';
    echo 'password <input id="new_password" type="text" name="pwd"/>';
    echo 'master key <input id="new_mkey" type="password" name="mkey"/>';
    echo '<input type="button" value="Generate password" onClick="generate_password();"/>';
    echo "<input type=\"submit\" name=\"add\" value=\"Add\" onclick=\"a = document.getElementById('new_url') ; a.value = url_domain(a.value); return derive_mkey('$user', 'new_mkey') ;\"/>";
    echo '</form>' . "\n";
}
?>
</div>
</div>
</body>
</html>