gPass/server/index.php

250 lines
9.0 KiB
PHP
Raw Permalink Normal View History

2013-10-09 20:47:43 +02:00
<?php
/*
2017-07-19 19:12:56 +02:00
Copyright (C) 2013-2017 Grégory Soutadé
2013-10-09 20:47:43 +02:00
This file is part of gPass.
2013-10-09 20:47:43 +02:00
gPass is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
2013-10-09 20:47:43 +02:00
gPass is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
2013-10-09 20:47:43 +02:00
You should have received a copy of the GNU General Public License
along with gPass. If not, see <http://www.gnu.org/licenses/>.
*/
include('conf.php');
include('functions.php');
2013-10-09 20:47:43 +02:00
session_start();
2015-02-09 18:57:49 +01:00
$user = '';
2013-10-09 20:47:43 +02:00
2013-10-23 19:39:47 +02:00
if ($ADMIN_MODE && isset($_POST['create_user']))
{
2015-02-09 18:57:49 +01:00
$user = addslashes($_POST['user']);
if (create_user($user))
2013-10-23 19:39:47 +02:00
$user = $_POST['user'];
2015-02-09 18:57:49 +01:00
else
$user = '';
2013-10-23 19:39:47 +02:00
}
else
{
2015-02-09 18:57:49 +01:00
$user = sanitize('user');
$login = sanitize('login');
$shadow_login = sanitize('shadow_login');
$password = sanitize('password');
$access_token = sanitize('access_token');
$access_tokens = sanitize('access_tokens');
$salt = sanitize('salt');
if (isset($_POST['get_secure_passwords']) && isset($_POST['user']) &&
isset($_POST['access_tokens']))
return get_secure_entries($user, $access_tokens);
2013-10-23 19:39:47 +02:00
if (isset($_POST['get_passwords']) && isset($_POST['user']))
2015-02-09 18:57:49 +01:00
return list_entries($user);
2013-10-22 18:33:44 +02:00
if (isset($_POST['add_entry']) && isset($_POST['user']) &&
2015-02-09 18:57:49 +01:00
isset($_POST['login']) && isset($_POST['password']) &&
isset($_POST['shadow_login']) && isset($_POST['salt']) &&
isset($_POST['access_token']) )
return add_entry($user,
$login,
$password,
$shadow_login,
$salt,
$access_token);
2013-10-22 18:33:44 +02:00
if (isset($_POST['delete_entry']) && isset($_POST['user']) &&
2015-02-09 18:57:49 +01:00
isset($_POST['login']) && isset($_POST['access_token']))
return delete_entry($user,
$login,
$access_token);
2013-10-23 19:39:47 +02:00
}
2013-10-09 20:47:43 +02:00
?>
<!DOCTYPE html>
2013-10-09 20:47:43 +02:00
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" >
2023-12-03 10:08:57 +01:00
<link rel="icon" type="image/png" href="/resources/favicon.png" />
<link rel="stylesheet" type="text/css" href="/resources/gpass.css" />
<script language="javascript">
<?php
echo "pbkdf2_level=$PBKDF2_LEVEL; use_shadow_logins=$USE_SHADOW_LOGINS;\n";
echo "CLEAR_TIME=$CLEAR_TIME; // Clear master key after 15 minutes\n";
?>
2017-04-17 20:37:26 +02:00
document.addEventListener('DOMContentLoaded', function() {
window.onscroll = function(ev) {
document.getElementById("buttonTop").className = (window.pageYOffset > 500) ? "cVisible" : "cInvisible";
};
});
function scrollToTop()
{
if (window.pageYOffset == 0)
return;
target = (window.innerHeight) ? window.innerHeight/5 : 200;
toScroll = (window.pageYOffset > target) ? target : window.pageYOffset;
window.scrollBy(0, -toScroll);
setTimeout(scrollToTop, 24);
}
2021-12-23 21:22:57 +01:00
function enableMenu(elem, divFrom)
{
elem.style.display = "block";
divFrom.style['font-weight'] = "bold";
2022-01-23 09:48:18 +01:00
divFrom.style['text-decoration'] = "underline";
2021-12-23 21:22:57 +01:00
}
function disableMenu(elem, divFrom)
{
elem.style.display = "none";
divFrom.style['font-weight'] = "normal";
2022-01-23 09:48:18 +01:00
divFrom.style['text-decoration'] = "";
2021-12-23 21:22:57 +01:00
}
function switchMenuDisplay(id)
{
const array1 = ['admin', 'add_new_password', 'update_masterkey', 'export_database'];
for (const _id of array1)
{
elem = document.getElementById(_id);
divFrom = document.getElementById("menu_" + _id);
if (_id === id)
{
if (elem.style.display == "block")
disableMenu(elem, divFrom);
else
enableMenu(elem, divFrom);
}
else
disableMenu(elem, divFrom);
}
}
</script>
<script src="resources/misc.js"></script>
2015-02-09 18:57:49 +01:00
<script src="resources/gpass.js"></script>
<script src="resources/pwdmeter.js"></script>
<title>gPass : global Password</title>
</head>
<body onload="start();">
2017-04-17 20:37:26 +02:00
<div><a id="buttonTop" class="cInvisible" onclick="scrollToTop();"></a></div>
2021-12-23 21:22:57 +01:00
<div id="menu">
<div id="logo">
2015-02-09 18:57:49 +01:00
<a href="http://indefero.soutade.fr/p/gpass"><img src="resources/gpass.png" alt="logo"/></a>
</div>
2021-12-23 21:22:57 +01:00
<?php if ($ADMIN_MODE) echo "<div id=\"menu_admin\" onclick=\"switchMenuDisplay('admin');\">Create user</div>\n";?>
<div id="menu_add_new_password" onclick="switchMenuDisplay('add_new_password');">Add a new password</div>
<div id="menu_update_masterkey" onclick="switchMenuDisplay('update_masterkey');">Update master key</div>
<div id="menu_export_database" onclick="switchMenuDisplay('export_database');">Export database</div>
</div>
2013-10-09 20:47:43 +02:00
<div id="admin" <?php if (!$ADMIN_MODE) echo "style=\"display:none\"";?> >
<form method="post">
<input type="text" name="user"/> <input type="submit" name="create_user" value="Create user" onclick="return confirm('Are you sure want to create this user ?');"/>
</form>
</div>
2013-10-09 20:47:43 +02:00
<div id="user">
<?php
2013-10-23 19:39:47 +02:00
global $user;
2013-10-09 20:47:43 +02:00
$users = scandir("./users/");
$count = 0;
foreach($users as $u)
{
if (is_dir("./users/" . $u) && $u[0] != '_' && $u[0] != '.')
$count++;
}
if ($count == 0)
echo "<b>No user found</b><br/>\n";
2013-10-09 20:47:43 +02:00
else
{
echo "<b>User</b> <select id=\"selected_user\" name=\"user\" onchange=\"document.getElementById('master_key').value = '';update_master_key(false);\">" . "\n";
2013-10-09 20:47:43 +02:00
foreach($users as $u)
{
if (is_dir("./users/" . $u) && $u[0] != '_' && $u[0] != '.')
{
if ($user == "") $user = $u;
if ($user == $u)
echo "<option value=\"$u\" selected=\"1\"/>$u</option>";
else
echo "<option value=\"$u\"/>$u</option>";
}
}
echo "</select>\n";
echo ' <b>Master key </b> <input id="master_key" type="password" onchange="update_master_key(true);"/>';
echo "<input type=\"button\" value=\"See\" onclick=\"update_master_key(true);\" />" . "\n";
2013-10-09 20:47:43 +02:00
2013-10-23 19:39:47 +02:00
if (!isset($_SERVER['HTTPS']))
echo "<div id=\"addon_address\">Current addon address is : http://" . $_SERVER['SERVER_NAME'] . "/" . $user . "</div>\n";
else
echo "<div id=\"addon_address\">Current addon address is : https://" . $_SERVER['SERVER_NAME'] . "/" . $user . "</div>\n";
2013-10-09 20:47:43 +02:00
}
?>
<div id="add_new_password">
<?php
global $user;
if ($user != "")
{
2021-12-23 21:22:57 +01:00
echo "<div class=\"title\">Add a new password</div>\n";
2013-10-09 20:47:43 +02:00
echo 'URL <input type="text" id="new_url" name="url" value="' . (parse_url(filter_input(INPUT_GET, "url", FILTER_SANITIZE_SPECIAL_CHARS))['host'] ?: "") . '"/>';
echo 'login <input type="text" id="new_login" name="login" value="' . (filter_input(INPUT_GET, "user", FILTER_SANITIZE_SPECIAL_CHARS) ?: "") . '"/>';
2013-10-22 18:33:44 +02:00
echo 'password <input id="new_password" type="text" name="password"/>';
echo 'master key <input type="text" name="mkey" id="new_mkey" onchange="add_password();" onkeyup="chkPass(this.value);"/>';
2013-10-09 20:47:43 +02:00
echo '<input type="button" value="Generate password" onClick="generate_password();"/>';
echo '<input type="button" value="Generate simple password" onClick="generate_simple_password();"/>';
2013-10-22 18:33:44 +02:00
echo "<input type=\"button\" name=\"add\" value=\"Add\" onclick=\"add_password();\"/>";
echo "<br />";
echo '<div><a href="http://en.wikipedia.org/wiki/Password_strength">Master key strength</a><div id="scorebarBorder"><div id="score">0%</div><div id="scorebar">&nbsp;</div></div></div>';
echo "<input type=\"button\" name=\"clear\" value=\"Clear Form\" onclick=\"clear_form();\"/>";
2013-10-09 20:47:43 +02:00
}
?>
</div>
<div id="update_masterkey">
<?php
global $user;
if ($user != "")
{
2021-12-23 21:22:57 +01:00
echo "<div class=\"title\">Update Masterkey</div>\n";
echo 'Old master key <input type="text" id="oldmkey"/>';
echo 'New master key <input type="text" id="newmkey" onkeyup="chkPass(this.value);"/>';
echo '<input type="button" value="Update masterkey" onClick="update_masterkey();"/>';
}
?>
</div>
2015-09-17 20:32:29 +02:00
<div id="export_database">
<?php
global $user;
if ($user != "")
{
2021-12-23 21:22:57 +01:00
echo "<div class=\"title\">Export</div>\n";
2015-09-17 20:32:29 +02:00
echo '<input type="button" value="Export" onclick="export_database();"/>';
echo '<a id="export_link">Download</a>';
}
?>
</div>
<div id="filter">
Filter <input id='password_filter' value=<?php echo "'" . (parse_url(filter_input(INPUT_GET, "url", FILTER_SANITIZE_SPECIAL_CHARS))['host'] ?: "") . "'" ?> onchange='password_filter_changed();'/>
<input type="button" onclick="password_filter_changed();" value="Apply"/>
<input type="button" onclick="document.getElementById('password_filter').value = '';password_filter_changed();" value="Clear"/>
</div>
<div id="passwords"></div>
</div>
2013-10-09 20:47:43 +02:00
</body>
</html>