<?php session_start(); require(dirname(__FILE__) . '/include/functions.p

1. <?php
2. session_start();
3.  
4. require(dirname(__FILE__) . '/include/functions.php');
5. require(dirname(__FILE__) . '/include/connect.php');
6.  
7. // Disconnecting ?
8. if(isset($_GET['logout'])){
9. session_destroy();
10. header("Location: .");
11. exit(-1);
12. }
13.  
14. // Get the configuration files ?
15. if(isset($_POST['configuration_get'], $_POST['configuration_username'], $_POST['configuration_pass'], $_POST['configuration_os'])
16. && !empty($_POST['configuration_pass'])) {
17. $req = $bdd->prepare('SELECT * FROM user WHERE user_id = ?');
18. $req->execute(array($_POST['configuration_username']));
19. $data = $req->fetch();
20.  
21. // Error ?
22. if($data && passEqual($_POST['configuration_pass'], $data['user_pass'])) {
23. // Thanks http://stackoverflow.com/questions/4914750/how-to-zip-a-whole-folder-using-php
24. if($_POST['configuration_os'] == "gnu_linux") {
25. $conf_dir = 'gnu-linux';
26. } elseif($_POST['configuration_os'] == "android") { $conf_dir = 'android';
27. } elseif($_POST['configuration_os'] == "osx_viscosity") { $conf_dir = 'osx-viscosity';
28. } elseif($_POST['configuration_os'] == "windows") { $conf_dir = 'windows';
29. }
30. $rootPath = realpath("./client-conf/$conf_dir");
31.  
32. // Initialize archive object ;;;; why doing this every time the user logs in, when the cert is static?
33. $archive_base_name = "openvpn-$conf_dir";
34. $archive_name = "$archive_base_name.zip";
35. $archive_path = "./client-conf/$archive_name";
36. $zip = new ZipArchive();
37. $zip->open($archive_path, ZipArchive::CREATE | ZipArchive::OVERWRITE);
38.  
39. $files = new RecursiveIteratorIterator(
40. new RecursiveDirectoryIterator($rootPath),
41. RecursiveIteratorIterator::LEAVES_ONLY
42. );
43.  
44. foreach ($files as $name => $file) {
45. // Skip directories (they would be added automatically)
46. if (!$file->isDir()) {
47. // Get real and relative path for current file
48. $filePath = $file->getRealPath();
49. $relativePath = substr($filePath, strlen($rootPath) + 1);
50.  
51. // Add current file to archive
52. $zip->addFile($filePath, "$archive_base_name/$relativePath");
53. }
54. }
55.  
56. // Zip archive will be created only after closing object
57. $zip->close();
58.  
59. //then send the headers to foce download the zip file
60. header("Content-type: application/zip");
61. header("Content-Disposition: attachment; filename=$archive_name");
62. header("Pragma: no-cache");
63. header("Expires: 0");
64. readfile($archive_path);
65. }
66. else {
67. $error = true;
68. }
69. }
70.  
71. // Admin login attempt ?
72. else if(isset($_POST['admin_login'], $_POST['admin_username'], $_POST['admin_pass']) && !empty($_POST['admin_pass'])){
73.  
74. $req = $bdd->prepare('SELECT * FROM admin WHERE admin_id = ?');
75. $req->execute(array($_POST['admin_username']));
76. $data = $req->fetch();
77.  
78. // Error ?
79. if($data && passEqual($_POST['admin_pass'], $data['admin_pass'])) {
80. $_SESSION['admin_id'] = $data['admin_id'];
81. header("Location: index.php?admin");
82. exit(-1);
83. }
84. else {
85. $error = true;
86. }
87. }
88. ?>
89.  
90. <!DOCTYPE html>
91. <html>
92. <head>
93. <meta charset="utf-8" />
94.  
95. <title>OpenVPN-Admin</title>
96.  
97. <link rel="stylesheet" href="vendor/bootstrap/dist/css/bootstrap.min.css" type="text/css" />
98. <link rel="stylesheet" href="vendor/x-editable/dist/bootstrap3-editable/css/bootstrap-editable.css" type="text/css" />
99. <link rel="stylesheet" href="vendor/bootstrap-table/dist/bootstrap-table.min.css" type="text/css" />
100. <link rel="stylesheet" href="vendor/bootstrap-datepicker/dist/css/bootstrap-datepicker3.css" type="text/css" />
101. <link rel="stylesheet" href="vendor/bootstrap-table/dist/extensions/filter-control/bootstrap-table-filter-control.css" type="text/css" />
102. <link rel="stylesheet" href="css/index.css" type="text/css" />
103.  
104. <link rel="icon" type="image/png" href="css/icon.png">
105. </head>
106. <body class='container-fluid'>
107. <?php
108.  
109. // --------------- INSTALLATION ---------------
110. if(isset($_GET['installation'])) {
111. if(isInstalled($bdd) == true) {
112. printError('OpenVPN-admin is already installed. Redirection.');
113. header( "refresh:3;url=index.php?admin" );
114. exit(-1);
115. }
116.  
117. // If the user sent the installation form
118. if(isset($_POST['admin_username'])) {
119. $admin_username = $_POST['admin_username'];
120. $admin_pass = $_POST['admin_pass'];
121. $admin_repeat_pass = $_POST['repeat_admin_pass'];
122.  
123. if($admin_pass != $admin_repeat_pass) {
124. printError('The passwords do not correspond. Redirection.');
125. header( "refresh:3;url=index.php?installation" );
126. exit(-1);
127. }
128.  
129. // Create the initial tables
130. $migrations = getMigrationSchemas();
131. foreach ($migrations as $migration_value) {
132. $sql_file = dirname(__FILE__) . "/sql/schema-$migration_value.sql";
133. try {
134. $sql = file_get_contents($sql_file);
135. $bdd->exec($sql);
136. }
137. catch (PDOException $e) {
138. printError($e->getMessage());
139. exit(1);
140. }
141.  
142. unlink($sql_file);
143.  
144. // Update schema to the new value
145. updateSchema($bdd, $migration_value);
146. }
147.  
148. // Generate the hash
149. $hash_pass = hashPass($admin_pass);
150.  
151. // Insert the new admin
152. $req = $bdd->prepare('INSERT INTO admin (admin_id, admin_pass) VALUES (?, ?)');
153. $req->execute(array($admin_username, $hash_pass));
154.  
155. rmdir(dirname(__FILE__) . '/sql');
156. printSuccess('Well done, OpenVPN-Admin is installed. Redirection.');
157. header( "refresh:3;url=index.php?admin" );
158. }
159. // Print the installation form
160. else {
161. require(dirname(__FILE__) . '/include/html/menu.php');
162. require(dirname(__FILE__) . '/include/html/form/installation.php');
163. }
164.  
165. exit(-1);
166. }
167.  
168. // --------------- CONFIGURATION ---------------
169. if(!isset($_GET['admin'])) {
170. if(isset($error) && $error == true)
171. printError('Login error');
172.  
173. require(dirname(__FILE__) . '/include/html/menu.php');
174. require(dirname(__FILE__) . '/include/html/form/configuration.php');
175. }
176.  
177.  
178. // --------------- LOGIN ---------------
179. else if(!isset($_SESSION['admin_id'])){
180. if(isset($error) && $error == true)
181. printError('Login error');
182.  
183. require(dirname(__FILE__) . '/include/html/menu.php');
184. require(dirname(__FILE__) . '/include/html/form/login.php');
185. }
186.  
187. // --------------- GRIDS ---------------
188. else{
189. ?>
190. <nav class="navbar navbar-default">
191. <div class="row col-md-12">
192. <div class="col-md-6">
193. <p class="navbar-text signed">Signed in as <?php echo $_SESSION['admin_id']; ?>
194. </div>
195. <div class="col-md-6">
196. <a class="navbar-text navbar-right" href="index.php?logout" title="Logout"><button class="btn btn-danger">Logout <span class="glyphicon glyphicon-off" aria-hidden="true"></span></button></a>
197. <a class="navbar-text navbar-right" href="index.php" title="Configuration"><button class="btn btn-default">Configurations</button></a>
198. </p>
199. </div>
200. </div>
201. </nav>
202.  
203. <?php
204. require(dirname(__FILE__) . '/include/html/grids.php');
205. }
206. ?>
207. <div id="message-stage">
208. <!-- used to display application messages (failures / status-notes) to the user -->
209. </div>
210. </body>
211. </html>