<?php
/*
  Copyright (C) 2013-2017 Grégory Soutadé

  This file is part of gPass.

  gPass is free software: you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
  the Free Software Foundation, either version 3 of the License, or
  (at your option) any later version.

  gPass is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.

  You should have received a copy of the GNU General Public License
  along with gPass.  If not, see <http://www.gnu.org/licenses/>.
*/

include('conf.php');
include('functions.php');

session_start();

$user = '';

if ($ADMIN_MODE && isset($_POST['create_user']))
{
    $user = addslashes($_POST['user']);
    if (create_user($user))
        $user = $_POST['user'];
    else
        $user = '';
}
else
{
    $user          = sanitize('user');
    $login         = sanitize('login');
    $shadow_login  = sanitize('shadow_login');
    $password      = sanitize('password');
    $access_token  = sanitize('access_token');
    $access_tokens = sanitize('access_tokens');
    $salt          = sanitize('salt');

    if (isset($_POST['get_secure_passwords']) && isset($_POST['user']) &&
        isset($_POST['access_tokens']))
        return get_secure_entries($user, $access_tokens);

    if (isset($_POST['get_passwords']) && isset($_POST['user']))
        return list_entries($user);

    if (isset($_POST['add_entry']) && isset($_POST['user']) &&
        isset($_POST['login']) && isset($_POST['password']) &&
        isset($_POST['shadow_login']) && isset($_POST['salt']) &&
        isset($_POST['access_token']) )
        return add_entry($user,
                         $login,
                         $password,
                         $shadow_login,
                         $salt,
                         $access_token);

    if (isset($_POST['delete_entry']) && isset($_POST['user']) &&
        isset($_POST['login']) && isset($_POST['access_token']))
        return delete_entry($user,
                            $login,
                            $access_token);
}

?>
<!DOCTYPE html>
<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html;charset=utf-8" >
    <link rel="icon"       type="image/png" href="resources/favicon.png" />
    <link rel="stylesheet" type="text/css"  href="resources/gpass.css" />
    <script language="javascript">
    <?php
    echo "pbkdf2_level=$PBKDF2_LEVEL; use_shadow_logins=$USE_SHADOW_LOGINS;\n";
    echo "CLEAR_TIME=$CLEAR_TIME; // Clear master key after 15 minutes\n";
    echo "CRYPTO_V1_COMPATIBLE=$CRYPTO_V1_COMPATIBLE;\n";
    ?>
    document.addEventListener('DOMContentLoaded', function() {
    window.onscroll = function(ev) {
        document.getElementById("buttonTop").className = (window.pageYOffset > 500) ? "cVisible" : "cInvisible";
    };
});
    function scrollToTop()
    {
        if (window.pageYOffset == 0)
            return;
        target = (window.innerHeight) ? window.innerHeight/5 : 200;
        toScroll = (window.pageYOffset > target) ? target : window.pageYOffset;
        window.scrollBy(0, -toScroll);

        setTimeout(scrollToTop, 24);
    }
    </script>
    <script src="resources/misc.js"></script>
    <script src="resources/gpass.js"></script>
    <script src="resources/pwdmeter.js"></script>
    <title>gPass : global Password</title>
  </head>
  <body onload="start();">
    <div><a id="buttonTop" class="cInvisible" onclick="scrollToTop();"></a></div>
    <div id="logo">
      <a href="http://indefero.soutade.fr/p/gpass"><img src="resources/gpass.png" alt="logo"/></a>
    </div>

    <div id="admin" <?php if (!$ADMIN_MODE) echo "style=\"display:none\"";?> >
      <form method="post">
	<input type="text" name="user"/> <input type="submit" name="create_user" value="Create user" onclick="return confirm('Are you sure want to create this user ?');"/>
      </form>
    </div>
<div id="user">
<?php
    global $user;
$users = scandir("./users/");
$count = 0;
    foreach($users as $u)
    {
        if (is_dir("./users/" . $u) && $u[0] != '_' && $u[0] != '.')
            $count++;
    }

if ($count == 0)
    echo "<b>No user found</b><br/>\n";
else
{
    echo "<b>User</b> <select id=\"selected_user\" name=\"user\" onchange=\"document.getElementById('master_key').value = '';update_master_key(false);\">" . "\n";
    foreach($users as $u)
    {
        if (is_dir("./users/" . $u) && $u[0] != '_' && $u[0] != '.')
        {
            if ($user == "") $user = $u;
            if ($user == $u)
                echo "<option value=\"$u\" selected=\"1\"/>$u</option>";
            else
                echo "<option value=\"$u\"/>$u</option>";
        }
    }
        echo "</select>\n";
        echo '  <b>Master key </b> <input id="master_key" type="password" onkeypress="if (event.keyCode == 13) update_master_key(true);"/>';
        echo "<input type=\"button\" value=\"See\" onclick=\"update_master_key(true);\" />" . "\n";

        if (!isset($_SERVER['HTTPS']))
   echo "<div id=\"addon_address\">Current addon address is : http://" . $_SERVER['SERVER_NAME'] . "/" . $user . "</div>\n";
   else
   echo "<div id=\"addon_address\">Current addon address is : https://" . $_SERVER['SERVER_NAME'] . "/" . $user . "</div>\n";
}
?>
<div id="add_new_password">
<?php
    global $user;

if ($user != "")
{
    echo "<b>Add a new password</b><br/>\n";

    echo 'URL <input type="text" id="new_url" name="url" value="' . (filter_input(INPUT_GET, "url", FILTER_SANITIZE_SPECIAL_CHARS) ?: "") . '"/>';
    echo 'login <input type="text" id="new_login" name="login" value="' . (filter_input(INPUT_GET, "user", FILTER_SANITIZE_SPECIAL_CHARS) ?: "") . '"/>';
    echo 'password <input id="new_password" type="text" name="password"/>';
    echo 'master key <input type="text" name="mkey" id="new_mkey" onkeypress="if (event.keyCode == 13) add_password();" onkeyup="chkPass(this.value);"/>';
    echo '<input type="button" value="Generate password" onClick="generate_password();"/>';
    echo '<input type="button" value="Generate simple password" onClick="generate_simple_password();"/>';
    echo "<input type=\"button\" name=\"add\" value=\"Add\" onclick=\"add_password();\"/>";
    echo "<br />";
    echo '<div><a href="http://en.wikipedia.org/wiki/Password_strength">Master key strength</a><div id="scorebarBorder"><div id="score">0%</div><div id="scorebar">&nbsp;</div></div></div>';
    echo "<input type=\"button\" name=\"clear\" value=\"Clear Form\" onclick=\"clear_form();\"/>";
}
?>
</div>
<div id="passwords">
</div>
<div id="update_masterkey">
<?php
    global $user;

if ($user != "")
{
    echo "<b>Update Masterkey</b><br/>\n";

    echo 'Old master key <input type="text" id="oldmkey"/>';
    echo 'New master key <input type="text" id="newmkey" onkeyup="chkPass(this.value);"/>';
    echo '<input type="button" value="Update masterkey" onClick="update_masterkey();"/>';
}
?>
</div>
<div id="export_database">
<?php
    global $user;

if ($user != "")
{
    echo "<b>Export</b><br/>\n";

    echo '<input type="button" value="Export" onclick="export_database();"/>';
    echo '<a id="export_link">Download</a>';
}
?>
</div>
</div>
</body>
</html>