gPass/server/index.php

<?php
/*
  Copyright (C) 2013 Grégory Soutadé
  
  This file is part of gPass.
  
  gPass is free software: you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
  the Free Software Foundation, either version 3 of the License, or
  (at your option) any later version.
  
  gPass is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.
  
  You should have received a copy of the GNU General Public License
  along with gPass.  If not, see <http://www.gnu.org/licenses/>.
*/

include('functions.php');

session_start();

$VIEW_CIPHERED_PASSWORDS=true;
$ADMIN_MODE=true;

$mkey = (isset($_POST['mkey'])) ? $_POST['mkey'] : "";
$user = (isset($_POST['user'])) ? $_POST['user'] : "";
?>
<!DOCTYPE html> 
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" >
<link rel="stylesheet" type="text/css" href="ressources/gpass.css" />
<script src="ressources/jssha256.js"></script>
<script src="ressources/hmac.js"></script>
<script src="ressources/pkdbf2.js"></script>
<script src="ressources/gpass.js"></script>
<?php
    global $user;
if ($user == "")
    echo "<title>gPass : global Password</title>\n";
else
    echo "<title>gPass : global Password - $user</title>\n";
?>
</head>
<body>

<?php
global $mkey;
if ($ADMIN_MODE && isset($_POST['create_user']))
{
    if (create_user($_POST['user']))
        $user = $_POST['user'];
}
else
{
    if (isset($_POST['add']))
        add_entry($user, $mkey, $_POST['url'], $_POST['login'], $_POST['pwd']);
    else if (isset($_POST['delete']))
        delete_entry($user, $_POST['login_ciph']);
    else if (isset($_POST['update']))
        update_entry($user, $mkey, $_POST['login_ciph'], $_POST['url'], $_POST['login'], $_POST['pwd']);
}
?>

<div id="logo">
<a href="http://indefero.soutade.fr/p/gpass"><img src="ressources/gpass.png" alt="logo"/></a>
</div>

    <div id="admin" <?php if (!$ADMIN_MODE) echo "style=\"display:none\"";?> >
<form method="post">
<input type="text" name="user"/> <input type="submit" name="create_user" value="Create user" onclick="return confirm('Are you sure want to create this user ?');"/>
</form>
</div>

<div id="user">
<form method="post" id="select_user">
<?php
    global $user;
global $mkey;

$users = scandir("./users/");
$count = 0;
    foreach($users as $u)
    {
        if (is_dir("./users/" . $u) && $u[0] != '_' && $u[0] != '.')
            $count++;
    }

if ($count == 0)
    echo "<b>No user found</b><br/>\n";
else
{
    echo '<b>User</b> <select id="selected_user" name="user">' . "\n";
    foreach($users as $u)
    {
        if (is_dir("./users/" . $u) && $u[0] != '_' && $u[0] != '.')
        {
            if ($user == "") $user = $u;
            if ($user == $u)
                echo "<option value=\"$u\" selected=\"1\"/>$u</option>";
            else
                echo "<option value=\"$u\"/>$u</option>";
        }
    }
        echo "</select>\n";
        echo '  <b>Master key </b> <input id="see_password" type="password" name="mkey"/>';
        echo "<input name=\"see\" type=\"submit\" value=\"See\" onclick=\"a=document.getElementById('selected_user') ; return derive_mkey(a.options[a.selectedIndex].value, 'see_password') ;\"/>" . "\n";
}
?>
</form>
<div id="passwords">
<?php
global $user;
global $mkey;
global $VIEW_UNCIPHERED_PASSWORDS;

if ($user != "")
{
    $nb_unciphered = 0;
    list($nb_ciphered, $entries) = list_entries($user, $mkey);

    echo "<b>" . (count($entries) - $nb_ciphered) . " unciphered password(s)</b><br/>\n";
    foreach($entries as $entry)
    {
        if ($entry['ciphered'] == 1) continue;
        echo '<form method="post">' . "\n";
        echo '<input type="hidden" name="user" value="' . $user . '"/>';
        echo '<input type="hidden" name="mkey" value="' . $mkey . '"/>';
        echo '<input type="hidden" name="login_ciph" value="' . $entry['login_ciph'] . '"/>';
        echo 'URL <input type="text" name="url" value="' . $entry['url'] . '"/>';
        echo 'login <input type="text" name="login" value="' . $entry['login'] . '"/>';
        echo 'password <input type="text" name="pwd" value="' . $entry['password'] . '"/>';
        echo '<input type="submit" name="delete" value="Delete" onclick="return confirm(\'Are you sure want to delete this password ?\');"/>';
        echo '<input type="submit" name="update" value="Update" onclick="return confirm(\'Are you sure want to update this password ?\');"/>';
        echo '</form>' . "\n";
    }

    echo "<br/><br/>\n";
    echo "<b>$nb_ciphered ciphered password(s)</b><br/>\n";
    if ($VIEW_CIPHERED_PASSWORDS)
    {
        foreach($entries as $entry)
        {
            if ($entry['ciphered'] == 0) continue;
            echo '<form method="post">' . "\n";
            echo '<input type="hidden" name="user" value="' . $user . '"/>';
            echo '<input type="hidden" name="mkey" value="' . $mkey . '"/>';
            echo '<input class="hash" type="text" name="login_ciph" value="' . $entry['login_ciph'] . '"/>';
            echo '<input class="hash" type="text" name="pwd" value="' . $entry['password'] . '"/>';
            echo '<input type="submit" name="delete" value="Delete" onclick="return confirm(\'Are you sure want to delete this password ?\');"/>';
            echo '</form>' . "\n";
        }
    }
}
?>
</div>
<div id="add_new_password">
<?php
    global $user;

if ($user != "")
{
    echo "<b>Add a new password</b><br/>\n";
    echo '<form method="post">' . "\n";
    echo '<input type="hidden" name="user" value="' . $user . '"/>';

    echo 'URL <input id="new_url" type="text" name="url"/>';
    echo 'login <input type="text" name="login" />';
    echo 'password <input id="new_password" type="text" name="pwd"/>';
    echo 'master key <input id="new_mkey" type="password" name="mkey"/>';
    echo '<input type="button" value="Generate password" onClick="generate_password();"/>';
    echo "<input type=\"submit\" name=\"add\" value=\"Add\" onclick=\"a = document.getElementById('new_url') ; a.value = url_domain(a.value); return derive_mkey('$user', 'new_mkey') ;\"/>";
    echo '</form>' . "\n";
}
?>
</div>
</div>
</body>
</html>
Initial commit 2013-10-09 20:47:43 +02:00			`<?php`
			`/*`
			`Copyright (C) 2013 Grégory Soutadé`

			`This file is part of gPass.`

			`gPass is free software: you can redistribute it and/or modify`
			`it under the terms of the GNU General Public License as published by`
			`the Free Software Foundation, either version 3 of the License, or`
			`(at your option) any later version.`

			`gPass is distributed in the hope that it will be useful,`
			`but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`GNU General Public License for more details.`

			`You should have received a copy of the GNU General Public License`
			`along with gPass. If not, see <http://www.gnu.org/licenses/>.`
			`*/`

			`include('functions.php');`

			`session_start();`

			`$VIEW_CIPHERED_PASSWORDS=true;`
Server side : * Add $ADMIN_MODE to enable create users * Add protocol version (1 for now) * Give priority to letters in password generator Client side : * Don't still use global variable to get document after loading * Add email type in possible values for username (used by gmail) 2013-10-16 18:40:06 +02:00			`$ADMIN_MODE=true;`
Initial commit 2013-10-09 20:47:43 +02:00
			`$mkey = (isset($_POST['mkey'])) ? $_POST['mkey'] : "";`
			`$user = (isset($_POST['user'])) ? $_POST['user'] : "";`
			`?>`
			`<!DOCTYPE html>`
			`<html>`
			`<head>`
			`<meta http-equiv="Content-Type" content="text/html;charset=utf-8" >`
Server doesn't known clear master key anymore 2013-10-12 12:00:12 +02:00			`<link rel="stylesheet" type="text/css" href="ressources/gpass.css" />`
			`<script src="ressources/jssha256.js"></script>`
Fix javascript require problem 2013-10-16 07:55:13 +02:00			`<script src="ressources/hmac.js"></script>`
			`<script src="ressources/pkdbf2.js"></script>`
			`<script src="ressources/gpass.js"></script>`
Initial commit 2013-10-09 20:47:43 +02:00			`<?php`
			`global $user;`
			`if ($user == "")`
Add line returns to generated HTML code 2013-10-12 11:20:54 +02:00			`echo "<title>gPass : global Password</title>\n";`
Initial commit 2013-10-09 20:47:43 +02:00			`else`
Add line returns to generated HTML code 2013-10-12 11:20:54 +02:00			`echo "<title>gPass : global Password - $user</title>\n";`
Initial commit 2013-10-09 20:47:43 +02:00			`?>`
			`</head>`
			`<body>`

			`<?php`
Server doesn't known clear master key anymore 2013-10-12 12:00:12 +02:00			`global $mkey;`
Server side : * Add $ADMIN_MODE to enable create users * Add protocol version (1 for now) * Give priority to letters in password generator Client side : * Don't still use global variable to get document after loading * Add email type in possible values for username (used by gmail) 2013-10-16 18:40:06 +02:00			`if ($ADMIN_MODE && isset($_POST['create_user']))`
Initial commit 2013-10-09 20:47:43 +02:00			`{`
			`if (create_user($_POST['user']))`
			`$user = $_POST['user'];`
			`}`
			`else`
			`{`
			`if (isset($_POST['add']))`
			`add_entry($user, $mkey, $_POST['url'], $_POST['login'], $_POST['pwd']);`
			`else if (isset($_POST['delete']))`
			`delete_entry($user, $_POST['login_ciph']);`
			`else if (isset($_POST['update']))`
			`update_entry($user, $mkey, $_POST['login_ciph'], $_POST['url'], $_POST['login'], $_POST['pwd']);`
			`}`
			`?>`

Add link to gPass sources in logo 2013-10-10 18:26:14 +02:00			`<div id="logo">`
			`<a href="http://indefero.soutade.fr/p/gpass"><img src="ressources/gpass.png" alt="logo"/></a>`
			`</div>`
Initial commit 2013-10-09 20:47:43 +02:00
Server side : * Add $ADMIN_MODE to enable create users * Add protocol version (1 for now) * Give priority to letters in password generator Client side : * Don't still use global variable to get document after loading * Add email type in possible values for username (used by gmail) 2013-10-16 18:40:06 +02:00			`<div id="admin" <?php if (!$ADMIN_MODE) echo "style=\"display:none\"";?> >`
Initial commit 2013-10-09 20:47:43 +02:00			`<form method="post">`
			`<input type="text" name="user"/> <input type="submit" name="create_user" value="Create user" onclick="return confirm('Are you sure want to create this user ?');"/>`
			`</form>`
			`</div>`

			`<div id="user">`
			`<form method="post" id="select_user">`
			`<?php`
			`global $user;`
			`global $mkey;`

			`$users = scandir("./users/");`
			`$count = 0;`
			`foreach($users as $u)`
			`{`
			`if (is_dir("./users/" . $u) && $u[0] != '_' && $u[0] != '.')`
			`$count++;`
			`}`

			`if ($count == 0)`
Add line returns to generated HTML code 2013-10-12 11:20:54 +02:00			`echo "<b>No user found</b><br/>\n";`
Initial commit 2013-10-09 20:47:43 +02:00			`else`
			`{`
Add PKDBF2 (server side). Not tested. BREAKS compatibility (but no one use previous version...) \! 2013-10-15 21:02:14 +02:00			`echo '<b>User</b> <select id="selected_user" name="user">' . "\n";`
Initial commit 2013-10-09 20:47:43 +02:00			`foreach($users as $u)`
			`{`
			`if (is_dir("./users/" . $u) && $u[0] != '_' && $u[0] != '.')`
			`{`
			`if ($user == "") $user = $u;`
			`if ($user == $u)`
			`echo "<option value=\"$u\" selected=\"1\"/>$u</option>";`
			`else`
			`echo "<option value=\"$u\"/>$u</option>";`
			`}`
			`}`
Add line returns to generated HTML code 2013-10-12 11:20:54 +02:00			`echo "</select>\n";`
Fix javascript require problem 2013-10-16 07:55:13 +02:00			`echo ' <b>Master key </b> <input id="see_password" type="password" name="mkey"/>';`
			`echo "<input name=\"see\" type=\"submit\" value=\"See\" onclick=\"a=document.getElementById('selected_user') ; return derive_mkey(a.options[a.selectedIndex].value, 'see_password') ;\"/>" . "\n";`
Initial commit 2013-10-09 20:47:43 +02:00			`}`
			`?>`
			`</form>`
			`<div id="passwords">`
			`<?php`
			`global $user;`
			`global $mkey;`
			`global $VIEW_UNCIPHERED_PASSWORDS;`

			`if ($user != "")`
			`{`
			`$nb_unciphered = 0;`
			`list($nb_ciphered, $entries) = list_entries($user, $mkey);`

Add line returns to generated HTML code 2013-10-12 11:20:54 +02:00			`echo "<b>" . (count($entries) - $nb_ciphered) . " unciphered password(s)</b><br/>\n";`
Initial commit 2013-10-09 20:47:43 +02:00			`foreach($entries as $entry)`
			`{`
			`if ($entry['ciphered'] == 1) continue;`
Add line returns to generated HTML code 2013-10-12 11:20:54 +02:00			`echo '<form method="post">' . "\n";`
Initial commit 2013-10-09 20:47:43 +02:00			`echo '<input type="hidden" name="user" value="' . $user . '"/>';`
			`echo '<input type="hidden" name="mkey" value="' . $mkey . '"/>';`
			`echo '<input type="hidden" name="login_ciph" value="' . $entry['login_ciph'] . '"/>';`
			`echo 'URL <input type="text" name="url" value="' . $entry['url'] . '"/>';`
			`echo 'login <input type="text" name="login" value="' . $entry['login'] . '"/>';`
			`echo 'password <input type="text" name="pwd" value="' . $entry['password'] . '"/>';`
			`echo '<input type="submit" name="delete" value="Delete" onclick="return confirm(\'Are you sure want to delete this password ?\');"/>';`
			`echo '<input type="submit" name="update" value="Update" onclick="return confirm(\'Are you sure want to update this password ?\');"/>';`
Add line returns to generated HTML code 2013-10-12 11:20:54 +02:00			`echo '</form>' . "\n";`
Initial commit 2013-10-09 20:47:43 +02:00			`}`

Add line returns to generated HTML code 2013-10-12 11:20:54 +02:00			`echo "<br/><br/>\n";`
			`echo "<b>$nb_ciphered ciphered password(s)</b><br/>\n";`
Initial commit 2013-10-09 20:47:43 +02:00			`if ($VIEW_CIPHERED_PASSWORDS)`
			`{`
			`foreach($entries as $entry)`
			`{`
			`if ($entry['ciphered'] == 0) continue;`
Add line returns to generated HTML code 2013-10-12 11:20:54 +02:00			`echo '<form method="post">' . "\n";`
Initial commit 2013-10-09 20:47:43 +02:00			`echo '<input type="hidden" name="user" value="' . $user . '"/>';`
			`echo '<input type="hidden" name="mkey" value="' . $mkey . '"/>';`
			`echo '<input class="hash" type="text" name="login_ciph" value="' . $entry['login_ciph'] . '"/>';`
			`echo '<input class="hash" type="text" name="pwd" value="' . $entry['password'] . '"/>';`
			`echo '<input type="submit" name="delete" value="Delete" onclick="return confirm(\'Are you sure want to delete this password ?\');"/>';`
Add line returns to generated HTML code 2013-10-12 11:20:54 +02:00			`echo '</form>' . "\n";`
Initial commit 2013-10-09 20:47:43 +02:00			`}`
			`}`
			`}`
			`?>`
			`</div>`
			`<div id="add_new_password">`
			`<?php`
			`global $user;`

			`if ($user != "")`
			`{`
Add line returns to generated HTML code 2013-10-12 11:20:54 +02:00			`echo "<b>Add a new password</b><br/>\n";`
			`echo '<form method="post">' . "\n";`
Initial commit 2013-10-09 20:47:43 +02:00			`echo '<input type="hidden" name="user" value="' . $user . '"/>';`

			`echo 'URL <input id="new_url" type="text" name="url"/>';`
			`echo 'login <input type="text" name="login" />';`
			`echo 'password <input id="new_password" type="text" name="pwd"/>';`
Add PKDBF2 (server side). Not tested. BREAKS compatibility (but no one use previous version...) \! 2013-10-15 21:02:14 +02:00			`echo 'master key <input id="new_mkey" type="password" name="mkey"/>';`
Initial commit 2013-10-09 20:47:43 +02:00			`echo '<input type="button" value="Generate password" onClick="generate_password();"/>';`
Fix javascript require problem 2013-10-16 07:55:13 +02:00			`echo "<input type=\"submit\" name=\"add\" value=\"Add\" onclick=\"a = document.getElementById('new_url') ; a.value = url_domain(a.value); return derive_mkey('$user', 'new_mkey') ;\"/>";`
Add line returns to generated HTML code 2013-10-12 11:20:54 +02:00			`echo '</form>' . "\n";`
Initial commit 2013-10-09 20:47:43 +02:00			`}`
			`?>`
			`</div>`
			`</div>`
			`</body>`
			`</html>`