2013-10-09 20:47:43 +02:00
< ? php
/*
2017-07-19 19:12:56 +02:00
Copyright ( C ) 2013 - 2017 Grégory Soutadé
2020-02-26 16:00:24 +01:00
2013-10-09 20:47:43 +02:00
This file is part of gPass .
2020-02-26 16:00:24 +01:00
2013-10-09 20:47:43 +02:00
gPass is free software : you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation , either version 3 of the License , or
( at your option ) any later version .
2020-02-26 16:00:24 +01:00
2013-10-09 20:47:43 +02:00
gPass is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
2020-02-26 16:00:24 +01:00
2013-10-09 20:47:43 +02:00
You should have received a copy of the GNU General Public License
along with gPass . If not , see < http :// www . gnu . org / l icenses />.
*/
2014-01-21 19:00:26 +01:00
include ( 'conf.php' );
2017-04-17 20:37:26 +02:00
include ( 'functions.php' );
2014-01-21 19:00:26 +01:00
2013-10-09 20:47:43 +02:00
session_start ();
2015-02-09 18:57:49 +01:00
$user = '' ;
2013-10-09 20:47:43 +02:00
2013-10-23 19:39:47 +02:00
if ( $ADMIN_MODE && isset ( $_POST [ 'create_user' ]))
{
2015-02-09 18:57:49 +01:00
$user = addslashes ( $_POST [ 'user' ]);
if ( create_user ( $user ))
2013-10-23 19:39:47 +02:00
$user = $_POST [ 'user' ];
2015-02-09 18:57:49 +01:00
else
$user = '' ;
2013-10-23 19:39:47 +02:00
}
else
{
2015-02-09 18:57:49 +01:00
$user = sanitize ( 'user' );
$login = sanitize ( 'login' );
$shadow_login = sanitize ( 'shadow_login' );
$password = sanitize ( 'password' );
$access_token = sanitize ( 'access_token' );
$access_tokens = sanitize ( 'access_tokens' );
$salt = sanitize ( 'salt' );
if ( isset ( $_POST [ 'get_secure_passwords' ]) && isset ( $_POST [ 'user' ]) &&
isset ( $_POST [ 'access_tokens' ]))
return get_secure_entries ( $user , $access_tokens );
2013-10-23 19:39:47 +02:00
if ( isset ( $_POST [ 'get_passwords' ]) && isset ( $_POST [ 'user' ]))
2015-02-09 18:57:49 +01:00
return list_entries ( $user );
2013-10-22 18:33:44 +02:00
2020-02-26 16:00:24 +01:00
if ( isset ( $_POST [ 'add_entry' ]) && isset ( $_POST [ 'user' ]) &&
2015-02-09 18:57:49 +01:00
isset ( $_POST [ 'login' ]) && isset ( $_POST [ 'password' ]) &&
isset ( $_POST [ 'shadow_login' ]) && isset ( $_POST [ 'salt' ]) &&
isset ( $_POST [ 'access_token' ]) )
return add_entry ( $user ,
$login ,
$password ,
$shadow_login ,
$salt ,
$access_token );
2013-10-22 18:33:44 +02:00
2020-02-26 16:00:24 +01:00
if ( isset ( $_POST [ 'delete_entry' ]) && isset ( $_POST [ 'user' ]) &&
2015-02-09 18:57:49 +01:00
isset ( $_POST [ 'login' ]) && isset ( $_POST [ 'access_token' ]))
return delete_entry ( $user ,
$login ,
$access_token );
2013-10-23 19:39:47 +02:00
}
2013-10-19 16:34:12 +02:00
2013-10-09 20:47:43 +02:00
?>
2020-02-26 16:00:24 +01:00
<! DOCTYPE html >
2013-10-09 20:47:43 +02:00
< html >
2013-10-19 16:34:12 +02:00
< head >
< meta http - equiv = " Content-Type " content = " text/html;charset=utf-8 " >
2023-12-03 10:08:57 +01:00
< link rel = " icon " type = " image/png " href = " /resources/favicon.png " />
< link rel = " stylesheet " type = " text/css " href = " /resources/gpass.css " />
2014-01-21 19:00:26 +01:00
< script language = " javascript " >
< ? php
2017-04-17 20:37:26 +02:00
echo " pbkdf2_level= $PBKDF2_LEVEL ; use_shadow_logins= $USE_SHADOW_LOGINS ; \n " ;
2016-08-20 13:23:36 +02:00
echo " CLEAR_TIME= $CLEAR_TIME ; // Clear master key after 15 minutes \n " ;
2014-01-21 19:00:26 +01:00
?>
2017-04-17 20:37:26 +02:00
document . addEventListener ( 'DOMContentLoaded' , function () {
window . onscroll = function ( ev ) {
document . getElementById ( " buttonTop " ) . className = ( window . pageYOffset > 500 ) ? " cVisible " : " cInvisible " ;
};
});
function scrollToTop ()
{
if ( window . pageYOffset == 0 )
return ;
target = ( window . innerHeight ) ? window . innerHeight / 5 : 200 ;
toScroll = ( window . pageYOffset > target ) ? target : window . pageYOffset ;
window . scrollBy ( 0 , - toScroll );
setTimeout ( scrollToTop , 24 );
}
2021-12-23 21:22:57 +01:00
function enableMenu ( elem , divFrom )
{
elem . style . display = " block " ;
divFrom . style [ 'font-weight' ] = " bold " ;
2022-01-23 09:48:18 +01:00
divFrom . style [ 'text-decoration' ] = " underline " ;
2021-12-23 21:22:57 +01:00
}
function disableMenu ( elem , divFrom )
{
elem . style . display = " none " ;
divFrom . style [ 'font-weight' ] = " normal " ;
2022-01-23 09:48:18 +01:00
divFrom . style [ 'text-decoration' ] = " " ;
2021-12-23 21:22:57 +01:00
}
function switchMenuDisplay ( id )
{
const array1 = [ 'admin' , 'add_new_password' , 'update_masterkey' , 'export_database' ];
for ( const _id of array1 )
{
elem = document . getElementById ( _id );
divFrom = document . getElementById ( " menu_ " + _id );
if ( _id === id )
{
if ( elem . style . display == " block " )
disableMenu ( elem , divFrom );
else
enableMenu ( elem , divFrom );
}
else
disableMenu ( elem , divFrom );
}
}
</ script >
2017-04-17 20:37:26 +02:00
< script src = " resources/misc.js " ></ script >
2015-02-09 18:57:49 +01:00
< script src = " resources/gpass.js " ></ script >
< script src = " resources/pwdmeter.js " ></ script >
2013-10-19 16:34:12 +02:00
< title > gPass : global Password </ title >
</ head >
< body onload = " start(); " >
2017-04-17 20:37:26 +02:00
< div >< a id = " buttonTop " class = " cInvisible " onclick = " scrollToTop(); " ></ a ></ div >
2021-12-23 21:22:57 +01:00
< div id = " menu " >
2013-10-19 16:34:12 +02:00
< div id = " logo " >
2015-02-09 18:57:49 +01:00
< a href = " http://indefero.soutade.fr/p/gpass " >< img src = " resources/gpass.png " alt = " logo " /></ a >
2013-10-19 16:34:12 +02:00
</ div >
2021-12-23 21:22:57 +01:00
< ? php if ( $ADMIN_MODE ) echo " <div id= \" menu_admin \" onclick= \" switchMenuDisplay('admin'); \" >Create user</div> \n " ; ?>
< div id = " menu_add_new_password " onclick = " switchMenuDisplay('add_new_password'); " > Add a new password </ div >
< div id = " menu_update_masterkey " onclick = " switchMenuDisplay('update_masterkey'); " > Update master key </ div >
< div id = " menu_export_database " onclick = " switchMenuDisplay('export_database'); " > Export database </ div >
</ div >
2013-10-09 20:47:43 +02:00
2013-10-16 18:40:06 +02:00
< div id = " admin " < ? php if ( ! $ADMIN_MODE ) echo " style= \" display:none \" " ; ?> >
2013-10-19 16:34:12 +02:00
< form method = " post " >
< input type = " text " name = " user " /> < input type = " submit " name = " create_user " value = " Create user " onclick = " return confirm('Are you sure want to create this user ?'); " />
</ form >
</ div >
2013-10-09 20:47:43 +02:00
< div id = " user " >
< ? php
2013-10-23 19:39:47 +02:00
global $user ;
2013-10-09 20:47:43 +02:00
$users = scandir ( " ./users/ " );
$count = 0 ;
foreach ( $users as $u )
{
if ( is_dir ( " ./users/ " . $u ) && $u [ 0 ] != '_' && $u [ 0 ] != '.' )
$count ++ ;
}
if ( $count == 0 )
2013-10-12 11:20:54 +02:00
echo " <b>No user found</b><br/> \n " ;
2013-10-09 20:47:43 +02:00
else
{
2014-04-02 07:47:54 +02:00
echo " <b>User</b> <select id= \" selected_user \" name= \" user \" onchange= \" document.getElementById('master_key').value = '';update_master_key(false); \" > " . " \n " ;
2013-10-09 20:47:43 +02:00
foreach ( $users as $u )
{
if ( is_dir ( " ./users/ " . $u ) && $u [ 0 ] != '_' && $u [ 0 ] != '.' )
{
if ( $user == " " ) $user = $u ;
if ( $user == $u )
echo " <option value= \" $u\ " selected = \ " 1 \" /> $u </option> " ;
else
echo " <option value= \" $u\ " /> $u </ option > " ;
}
}
2013-10-12 11:20:54 +02:00
echo " </select> \n " ;
2022-02-09 21:10:13 +01:00
echo ' <b>Master key </b> <input id="master_key" type="password" onchange="update_master_key(true);"/>' ;
2014-02-19 17:34:51 +01:00
echo " <input type= \" button \" value= \" See \" onclick= \" update_master_key(true); \" /> " . " \n " ;
2013-10-09 20:47:43 +02:00
2013-10-23 19:39:47 +02:00
if ( ! isset ( $_SERVER [ 'HTTPS' ]))
2013-10-19 16:34:12 +02:00
echo " <div id= \" addon_address \" >Current addon address is : http:// " . $_SERVER [ 'SERVER_NAME' ] . " / " . $user . " </div> \n " ;
else
echo " <div id= \" addon_address \" >Current addon address is : https:// " . $_SERVER [ 'SERVER_NAME' ] . " / " . $user . " </div> \n " ;
2013-10-09 20:47:43 +02:00
}
?>
< div id = " add_new_password " >
< ? php
global $user ;
if ( $user != " " )
{
2021-12-23 21:22:57 +01:00
echo " <div class= \" title \" >Add a new password</div> \n " ;
2013-10-09 20:47:43 +02:00
2022-02-09 21:10:13 +01:00
echo 'URL <input type="text" id="new_url" name="url" value="' . ( parse_url ( filter_input ( INPUT_GET , " url " , FILTER_SANITIZE_SPECIAL_CHARS ))[ 'host' ] ? : " " ) . '"/>' ;
2020-08-16 16:24:38 +02:00
echo 'login <input type="text" id="new_login" name="login" value="' . ( filter_input ( INPUT_GET , " user " , FILTER_SANITIZE_SPECIAL_CHARS ) ? : " " ) . '"/>' ;
2013-10-22 18:33:44 +02:00
echo 'password <input id="new_password" type="text" name="password"/>' ;
2022-02-09 21:10:13 +01:00
echo 'master key <input type="text" name="mkey" id="new_mkey" onchange="add_password();" onkeyup="chkPass(this.value);"/>' ;
2013-10-09 20:47:43 +02:00
echo '<input type="button" value="Generate password" onClick="generate_password();"/>' ;
2017-07-19 19:17:29 +02:00
echo '<input type="button" value="Generate simple password" onClick="generate_simple_password();"/>' ;
2013-10-22 18:33:44 +02:00
echo " <input type= \" button \" name= \" add \" value= \" Add \" onclick= \" add_password(); \" /> " ;
2014-02-01 10:50:23 +01:00
echo " <br /> " ;
echo '<div><a href="http://en.wikipedia.org/wiki/Password_strength">Master key strength</a><div id="scorebarBorder"><div id="score">0%</div><div id="scorebar"> </div></div></div>' ;
2020-08-16 15:29:56 +02:00
echo " <input type= \" button \" name= \" clear \" value= \" Clear Form \" onclick= \" clear_form(); \" /> " ;
2013-10-09 20:47:43 +02:00
}
?>
</ div >
2015-04-23 21:36:50 +02:00
< div id = " update_masterkey " >
< ? php
global $user ;
if ( $user != " " )
{
2021-12-23 21:22:57 +01:00
echo " <div class= \" title \" >Update Masterkey</div> \n " ;
2015-04-23 21:36:50 +02:00
echo 'Old master key <input type="text" id="oldmkey"/>' ;
echo 'New master key <input type="text" id="newmkey" onkeyup="chkPass(this.value);"/>' ;
echo '<input type="button" value="Update masterkey" onClick="update_masterkey();"/>' ;
}
?>
</ div >
2015-09-17 20:32:29 +02:00
< div id = " export_database " >
< ? php
global $user ;
if ( $user != " " )
{
2021-12-23 21:22:57 +01:00
echo " <div class= \" title \" >Export</div> \n " ;
2015-09-17 20:32:29 +02:00
echo '<input type="button" value="Export" onclick="export_database();"/>' ;
echo '<a id="export_link">Download</a>' ;
}
?>
</ div >
2022-02-09 21:10:13 +01:00
< div id = " filter " >
Filter < input id = 'password_filter' value =< ? php echo " ' " . ( parse_url ( filter_input ( INPUT_GET , " url " , FILTER_SANITIZE_SPECIAL_CHARS ))[ 'host' ] ? : " " ) . " ' " ?> onchange='password_filter_changed();'/>
< input type = " button " onclick = " password_filter_changed(); " value = " Apply " />
< input type = " button " onclick = " document.getElementById('password_filter').value = '';password_filter_changed(); " value = " Clear " />
</ div >
< div id = " passwords " ></ div >
</ div >
2013-10-09 20:47:43 +02:00
</ body >
2013-10-19 16:34:12 +02:00
</ html >