<?php /* Copyright (C) 2013-2017 Grégory Soutadé This file is part of gPass. gPass is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. gPass is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with gPass. If not, see <http://www.gnu.org/licenses/>. */ include('conf.php'); include('functions.php'); session_start(); $user = ''; if ($ADMIN_MODE && isset($_POST['create_user'])) { $user = addslashes($_POST['user']); if (create_user($user)) $user = $_POST['user']; else $user = ''; } else { $user = sanitize('user'); $login = sanitize('login'); $shadow_login = sanitize('shadow_login'); $password = sanitize('password'); $access_token = sanitize('access_token'); $access_tokens = sanitize('access_tokens'); $salt = sanitize('salt'); if (isset($_POST['get_secure_passwords']) && isset($_POST['user']) && isset($_POST['access_tokens'])) return get_secure_entries($user, $access_tokens); if (isset($_POST['get_passwords']) && isset($_POST['user'])) return list_entries($user); if (isset($_POST['add_entry']) && isset($_POST['user']) && isset($_POST['login']) && isset($_POST['password']) && isset($_POST['shadow_login']) && isset($_POST['salt']) && isset($_POST['access_token']) ) return add_entry($user, $login, $password, $shadow_login, $salt, $access_token); if (isset($_POST['delete_entry']) && isset($_POST['user']) && isset($_POST['login']) && isset($_POST['access_token'])) return delete_entry($user, $login, $access_token); } ?> <!DOCTYPE html> <html> <head> <meta http-equiv="Content-Type" content="text/html;charset=utf-8" > <link rel="icon" type="image/png" href="resources/favicon.png" /> <link rel="stylesheet" type="text/css" href="resources/gpass.css" /> <script language="javascript"> <?php echo "pbkdf2_level=$PBKDF2_LEVEL; use_shadow_logins=$USE_SHADOW_LOGINS;\n"; echo "CLEAR_TIME=$CLEAR_TIME; // Clear master key after 15 minutes\n"; echo "CRYPTO_V1_COMPATIBLE=$CRYPTO_V1_COMPATIBLE;\n"; ?> document.addEventListener('DOMContentLoaded', function() { window.onscroll = function(ev) { document.getElementById("buttonTop").className = (window.pageYOffset > 500) ? "cVisible" : "cInvisible"; }; }); function scrollToTop() { if (window.pageYOffset == 0) return; target = (window.innerHeight) ? window.innerHeight/5 : 200; toScroll = (window.pageYOffset > target) ? target : window.pageYOffset; window.scrollBy(0, -toScroll); setTimeout(scrollToTop, 24); } </script> <script src="resources/misc.js"></script> <script src="resources/gpass.js"></script> <script src="resources/pwdmeter.js"></script> <title>gPass : global Password</title> </head> <body onload="start();"> <div><a id="buttonTop" class="cInvisible" onclick="scrollToTop();"></a></div> <div id="logo"> <a href="http://indefero.soutade.fr/p/gpass"><img src="resources/gpass.png" alt="logo"/></a> </div> <div id="admin" <?php if (!$ADMIN_MODE) echo "style=\"display:none\"";?> > <form method="post"> <input type="text" name="user"/> <input type="submit" name="create_user" value="Create user" onclick="return confirm('Are you sure want to create this user ?');"/> </form> </div> <div id="user"> <?php global $user; $users = scandir("./users/"); $count = 0; foreach($users as $u) { if (is_dir("./users/" . $u) && $u[0] != '_' && $u[0] != '.') $count++; } if ($count == 0) echo "<b>No user found</b><br/>\n"; else { echo "<b>User</b> <select id=\"selected_user\" name=\"user\" onchange=\"document.getElementById('master_key').value = '';update_master_key(false);\">" . "\n"; foreach($users as $u) { if (is_dir("./users/" . $u) && $u[0] != '_' && $u[0] != '.') { if ($user == "") $user = $u; if ($user == $u) echo "<option value=\"$u\" selected=\"1\"/>$u</option>"; else echo "<option value=\"$u\"/>$u</option>"; } } echo "</select>\n"; echo ' <b>Master key </b> <input id="master_key" type="password" onkeypress="if (event.keyCode == 13) update_master_key(true);"/>'; echo "<input type=\"button\" value=\"See\" onclick=\"update_master_key(true);\" />" . "\n"; if (!isset($_SERVER['HTTPS'])) echo "<div id=\"addon_address\">Current addon address is : http://" . $_SERVER['SERVER_NAME'] . "/" . $user . "</div>\n"; else echo "<div id=\"addon_address\">Current addon address is : https://" . $_SERVER['SERVER_NAME'] . "/" . $user . "</div>\n"; } ?> <div id="add_new_password"> <?php global $user; if ($user != "") { echo "<b>Add a new password</b><br/>\n"; echo 'URL <input type="text" id="new_url" name="url" value="' . (filter_input(INPUT_GET, "url", FILTER_SANITIZE_SPECIAL_CHARS) ?: "") . '"/>'; echo 'login <input type="text" id="new_login" name="login" value="' . (filter_input(INPUT_GET, "user", FILTER_SANITIZE_SPECIAL_CHARS) ?: "") . '"/>'; echo 'password <input id="new_password" type="text" name="password"/>'; echo 'master key <input type="text" name="mkey" id="new_mkey" onkeypress="if (event.keyCode == 13) add_password();" onkeyup="chkPass(this.value);"/>'; echo '<input type="button" value="Generate password" onClick="generate_password();"/>'; echo '<input type="button" value="Generate simple password" onClick="generate_simple_password();"/>'; echo "<input type=\"button\" name=\"add\" value=\"Add\" onclick=\"add_password();\"/>"; echo "<br />"; echo '<div><a href="http://en.wikipedia.org/wiki/Password_strength">Master key strength</a><div id="scorebarBorder"><div id="score">0%</div><div id="scorebar"> </div></div></div>'; echo "<input type=\"button\" name=\"clear\" value=\"Clear Form\" onclick=\"clear_form();\"/>"; } ?> </div> <div id="passwords"> </div> <div id="update_masterkey"> <?php global $user; if ($user != "") { echo "<b>Update Masterkey</b><br/>\n"; echo 'Old master key <input type="text" id="oldmkey"/>'; echo 'New master key <input type="text" id="newmkey" onkeyup="chkPass(this.value);"/>'; echo '<input type="button" value="Update masterkey" onClick="update_masterkey();"/>'; } ?> </div> <div id="export_database"> <?php global $user; if ($user != "") { echo "<b>Export</b><br/>\n"; echo '<input type="button" value="Export" onclick="export_database();"/>'; echo '<a id="export_link">Download</a>'; } ?> </div> </div> </body> </html>