index.php 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378
  1. <?php
  2. // SVMM - Simple VM Manager - For Qemu KVM
  3. // (C) Chris Dorman, 2020
  4. // License: CC-BY-NC-SA version 3.0
  5. // http://github.com/Pentium44/SVMM
  6. session_start();
  7. include "config.php";
  8. include "functions.php";
  9. // check if flatfile database location is populated
  10. if(!file_exists("svmm_db"))
  11. {
  12. mkdir("svmm_db", 0777);
  13. }
  14. if(!file_exists("svmm_db/events"))
  15. {
  16. mkdir("svmm_db/events", 0777);
  17. }
  18. if(!file_exists("svmm_db/disks"))
  19. {
  20. mkdir("svmm_db/disks", 0777);
  21. }
  22. if(!file_exists("svmm_db/pids"))
  23. {
  24. mkdir("svmm_db/pids", 0777);
  25. }
  26. if(!file_exists("svmm_db/users"))
  27. {
  28. mkdir("svmm_db/users", 0777);
  29. }
  30. if(!file_exists("svmm_db/users/usercount"))
  31. {
  32. file_put_contents("svmm_db/users/usercount", "9");
  33. }
  34. $username = $_SESSION['svmm-user'];
  35. ?>
  36. <!DOCTYPE html>
  37. <html lang="en-us">
  38. <head>
  39. <title><?php echo $svmmtitle; ?></title>
  40. <meta http-equiv="content-type" content="text/html; charset=utf-8">
  41. <meta name="viewport" content="width=device-width, initial-scale=.55, shrink-to-fit=yes"><meta name="description" content="<?php echo htmlentities($svmmtitle) . " - " . $desc; ?>">
  42. <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
  43. <link rel="stylesheet" type="text/css" href="style.css">
  44. </head>
  45. <body>
  46. <div class="maincontain">
  47. <div id="navcontainer">
  48. <div id="navbar"><!--
  49. <?php if(isset($_SESSION['svmm-user']) && isset($_SESSION['svmm-pass'])) { ?>
  50. --><a href="index.php">Create</a><!--
  51. --><a href="?do=manage">Manage</a><!--
  52. --><a href="?do=about">About</a><!--
  53. --><a href="?do=logout">Logout</a><!--
  54. <?php } else {?>
  55. --><a href="?forms=login">Login</a><!--
  56. --><a href="?do=about">About</a><!--
  57. <?php } ?>
  58. --></div>
  59. </div>
  60. <div class='title'><img src='freebox-logo.png' /></div>
  61. <div class='contain'>
  62. <?php
  63. if(isset($_GET['forms']))
  64. {
  65. $forms = $_GET['forms'];
  66. $id = $_GET['pid'];
  67. if($forms=="register") {
  68. registerForm();
  69. }
  70. else if($forms=="login") {
  71. loginForm();
  72. }
  73. else if($forms=="friendreq") {
  74. friendReqForm();
  75. }
  76. else if($forms=="changepass") {
  77. changePassForm();
  78. }
  79. else { echo "ERROR: Unknown form-name<br>"; }
  80. }
  81. else if(isset($_GET['notify']))
  82. {
  83. $notify = $_GET['notify'];
  84. if($notify=="1") { echo "Error: User not found"; }
  85. else if($notify=="2") { echo "Error: Incorrect password provided"; }
  86. else if($notify=="3") { echo "Error: Please fill out all the text boxes"; }
  87. else if($notify=="4") { echo "Error: The provided passwords did not match"; }
  88. else if($notify=="5") { echo "Error: Special characters cannot be used in your username"; }
  89. else if($notify=="6") { echo "Error: This username is already in use"; }
  90. else { echo "Error: unknown error... this is quite unusual..."; }
  91. }
  92. else if(isset($_GET['do']))
  93. {
  94. $do = $_GET['do'];
  95. // Server admin can just delete ssb_db
  96. /*if($do=="clean")
  97. {
  98. if($_POST['password']!="" && $_POST['password']==$pw)
  99. {
  100. $db_content = glob("ssb_db/" . '*', GLOB_MARK);
  101. foreach($db_content as $file)
  102. {
  103. unlink($file);
  104. }
  105. rmdir("ssb_db");
  106. echo "Database Cleaned<br>";
  107. }
  108. else
  109. {
  110. echo "ERROR: Wrong Password<br>";
  111. }
  112. }*/
  113. // grab session values and send friend request functions.
  114. if($do=="create-micro") {
  115. if (!isset($_SESSION['svmm-user']) || !isset($_SESSION['svmm-pass'])) { loginForm(); } else {
  116. include("svmm_db/users/$username.php");
  117. if(!file_exists("svmm_db/disks/$userid.img")) {
  118. if(!copy("svmm_db/disks/alpine.img", "svmm_db/disks/$userid.img"))
  119. {
  120. echo "Error copying new disk image to user location... Please contact the system administrator!";
  121. }
  122. else
  123. {
  124. // Trigger event to start VM!
  125. file_put_contents("svmm_db/events/$userid", "./machine start-micro $userid");
  126. file_put_contents("ssvm_db/users/$userid.type", "micro");
  127. echo "VM created! Refer to the user management panel for start / up info.";
  128. }
  129. } else {
  130. echo "Error: VM exists, please click &quot;Manage&quot; to start / stop your VM or to download a disk backup.";
  131. }
  132. }
  133. }
  134. // For real VMs
  135. if($do=="create-mini") {
  136. if (!isset($_SESSION['svmm-user']) || !isset($_SESSION['svmm-pass'])) { loginForm(); } else {
  137. include("svmm_db/users/$username.php");
  138. if(!file_exists("svmm_db/disks/$userid.img")) {
  139. if(!copy("svmm_db/disks/debian.img", "svmm_db/disks/$userid.img"))
  140. {
  141. echo "Error copying new disk image to user location... Please contact the system administrator!";
  142. }
  143. else
  144. {
  145. // Trigger event to start VM!
  146. file_put_contents("svmm_db/events/$userid", "./machine start-mini $userid");
  147. file_put_contents("svmm_db/users/$userid.type", "mini");
  148. echo "VM created! Refer to the user management panel for start / up info.";
  149. }
  150. } else {
  151. echo "Error: VM exists, please click &quot;Manage&quot; to start / stop your VM or to download a disk backup.";
  152. }
  153. }
  154. }
  155. if($do=="start") {
  156. if (!isset($_SESSION['svmm-user']) || !isset($_SESSION['svmm-pass'])) { loginForm(); } else {
  157. include("svmm_db/users/$username.php");
  158. if(file_exists("svmm_db/disks/$userid.img")) {
  159. if(!file_exists("svmm_db/users/$userid.pid.statuscode")) {
  160. echo "Pending: VM is pending creation, this process shouldn't take longer than 30 seconds...";
  161. } else {
  162. $vmstatus = file_get_contents("svmm_db/users/$userid.pid.statuscode");
  163. if($vmstatus == "false") {
  164. $vmtype = file_get_contents("svmm_db/users/$userid.type");
  165. if(!file_exists("svmm_db/users/$userid.type") || $vmtype == "micro") {
  166. file_put_contents("svmm_db/events/$userid", "./machine start-micro $userid");
  167. } else if($vmtype == "mini") {
  168. file_put_contents("svmm_db/events/$userid", "./machine start-mini $userid");
  169. }
  170. header("Location: index.php?do=manage");
  171. } else {
  172. echo "VM already running...";
  173. }
  174. }
  175. } else {
  176. echo "ERROR: VM not found!";
  177. }
  178. }
  179. }
  180. if($do=="stop") {
  181. if (!isset($_SESSION['svmm-user']) || !isset($_SESSION['svmm-pass'])) { loginForm(); } else {
  182. include("svmm_db/users/$username.php");
  183. if(file_exists("svmm_db/disks/$userid.img")) {
  184. if(!file_exists("svmm_db/users/$userid.pid.statuscode")) {
  185. echo "Pending: VM is pending creation, this process shouldn't take longer than 30 seconds...";
  186. } else {
  187. $vmstatus = file_get_contents("svmm_db/users/$userid.pid.statuscode");
  188. if($vmstatus == "true") {
  189. file_put_contents("svmm_db/events/$userid", "./machine stop $userid");
  190. header("Location: index.php?do=manage");
  191. } else {
  192. echo "VM already stopped...";
  193. }
  194. }
  195. } else {
  196. echo "ERROR: VM not found!";
  197. }
  198. }
  199. }
  200. if($do=="delete") {
  201. if (!isset($_SESSION['svmm-user']) || !isset($_SESSION['svmm-pass'])) { loginForm(); } else {
  202. include("svmm_db/users/$username.php");
  203. if(file_exists("svmm_db/disks/$userid.img")) {
  204. $vmstatus = file_get_contents("svmm_db/users/$userid.pid.statuscode");
  205. if($vmstatus == "true") {
  206. file_put_contents("svmm_db/events/$userid", "./machine stop $userid");
  207. unlink("svmm_db/users/$userid.pid.status");
  208. unlink("svmm_db/users/$userid.pid.statuscode");
  209. unlink("svmm_db/pids/$userid.pid");
  210. unlink("svmm_db/disks/$userid.img");
  211. header("Location: index.php");
  212. } else {
  213. unlink("svmm_db/users/$userid.pid.status");
  214. unlink("svmm_db/users/$userid.pid.statuscode");
  215. unlink("svmm_db/pids/$userid.pid");
  216. unlink("svmm_db/disks/$userid.img");
  217. header("Location: index.php");
  218. }
  219. } else {
  220. echo "ERROR: VM not found!";
  221. }
  222. }
  223. }
  224. if($do=="manage") {
  225. if (!isset($_SESSION['svmm-user']) || !isset($_SESSION['svmm-pass'])) { loginForm(); } else {
  226. include("svmm_db/users/$username.php");
  227. if(file_exists("svmm_db/disks/$userid.img")) {
  228. if(!file_exists("svmm_db/users/$userid.pid.status")) {
  229. echo "Pending: VM is pending creation, this process shouldn't take longer than 30 seconds...";
  230. } else {
  231. echo $username . "'s VM<br /> VM status: ";
  232. $vmstatus = file_get_contents("svmm_db/users/$userid.pid.status");
  233. echo $vmstatus;
  234. echo "<br /><a href='index.php?do=start' class='button'>Start</a>&nbsp;<a href='index.php?do=stop' class='button'>Stop</a>&nbsp;<a href='index.php?do=delete' class='button'>Delete</a>";
  235. echo "<br /><br />";
  236. echo "<b>Connection information (Via SSH):</b><br />";
  237. echo "<table><tr><td>IP/Port:</td><td> cddo.cf/" . $userid . "22</td></tr>";
  238. echo "<tr><td style='padding-right: 30px;'>Default root password: </td><td>root</td></tr></table><br />";
  239. echo "<b>Available ports for use:</b>";
  240. echo "<table><tr><td style='padding-right:30px;'>Server side port</td><td>External port (viewable)</td></tr>";
  241. echo "<tr><td>21</td><td>" . $userid . "21</td></tr>";
  242. echo "<tr><td>22</td><td>" . $userid . "22</td></tr>";
  243. echo "<tr><td>25565</td><td>" . $userid . "65</td></tr>";
  244. echo "<tr><td>6666</td><td>" . $userid . "66</td></tr>";
  245. echo "<tr><td>6667</td><td>" . $userid . "67</td></tr>";
  246. echo "<tr><td>80</td><td>" . $userid . "80</td></tr>";
  247. echo "</table>";
  248. }
  249. } else {
  250. echo "ERROR: VM not found!";
  251. }
  252. }
  253. }
  254. if($do=="about")
  255. {
  256. echo "<h2>About</h2>";
  257. echo $desc;
  258. }
  259. if($do=="login")
  260. {
  261. $username = $_POST['username'];
  262. if(file_exists("svmm_db/users/$username.php")) {
  263. include_once("svmm_db/users/$username.php");
  264. if($user_password==sha1(md5($_POST['password']))) {
  265. $pass = $user_password;
  266. $user = $username;
  267. $color = $user_color;
  268. $_SESSION['svmm-user'] = $user;
  269. $_SESSION['svmm-pass'] = $pass;
  270. header("Location: index.php");
  271. } else {
  272. echo "Wrong password!";
  273. }
  274. } else {
  275. echo "User $username not found!";
  276. }
  277. }
  278. if($do=="logout")
  279. {
  280. $_SESSION['svmm-user'] = null;
  281. $_SESSION['svmm-pass'] = null;
  282. header("Location: index.php?forms=login");
  283. }
  284. if($do=="register")
  285. {
  286. if($_POST['username']!="" && $_POST['password']!="" && $_POST['password-again']!="" && $_POST['fullname']!="" && isset($_POST['email']) && $_POST['email']!="") {
  287. if($_POST['password']==$_POST['password-again']) {
  288. if(!preg_match('/[^a-z0-9]/i', $_POST['username'])) {
  289. if(!file_exists("svmm_db/users/" . $_POST['username'] . ".php")) {
  290. $vpscount = file_get_contents("svmm_db/users/usercount");
  291. if($vpscount < $maxvm)
  292. {
  293. if(filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
  294. $vpscount = $vpscount + 1;
  295. file_put_contents("svmm_db/users/usercount", $vpscount);
  296. file_put_contents("svmm_db/users/" . stripslashes(htmlentities($_POST['username'])) . ".php", "<?php\n\$user_handle = \"" . stripslashes(htmlentities($_POST['username'])) . "\";\n\$user_password = \"" . sha1(md5($_POST['password'])) . "\";\n \$user_email = \"" . stripslashes(htmlentities($_POST['email'])) . "\"; \$user_fullname = \"" . stripslashes(htmlentities($_POST['fullname'])) . "\"; \$userid = \"" . $vpscount . "\";\n?>");
  297. header("Location: index.php");
  298. }
  299. else
  300. {
  301. echo "ERROR: Email is invalid!";
  302. }
  303. }
  304. else
  305. {
  306. echo "ERROR: VPS cap reached!";
  307. }
  308. } else {
  309. header("Location: index.php?notify=6");
  310. }
  311. } else {
  312. header("Location: index.php?notify=5");
  313. }
  314. } else {
  315. header("Location: index.php?notify=4");
  316. }
  317. } else {
  318. header("Location: index.php?notify=3");
  319. }
  320. }
  321. }
  322. else if (!isset($_SESSION['svmm-user']) || !isset($_SESSION['svmm-pass']))
  323. {
  324. header("Location: index.php?do=about");
  325. }
  326. else
  327. {
  328. include("svmm_db/users/$username.php");
  329. if(!file_exists("svmm_db/disks/$userid.img"))
  330. {
  331. echo "<h3>Free VPS creation</h3>";
  332. echo "<p>Each user will have the ability to create a VM, and will have a consistent uptime unless FreeBox ends up being disabled due to malicious users improperly using the virtual machines. The choice is yours, but remember theres a limited amount of mini boxes in comparison to the micro boxes.</p>";
  333. echo "<table><tr><td style='vertical-align: top;'>";
  334. echo "<ul><li>CPU: 25% of 1x Xeon E5649 core</li><li>RAM: 128MB dedicated</li><li>Disk: 10GB dedicated space</li><li>OS: Alpine GNU/Linux</li><li>Network: 50mbps down + 2mbps upload</li><li>Select available ports for server operation</li></ul>";
  335. echo "<div style='display:block;width:100%;text-align:center;'><a href='index.php?do=create-micro' class='button'>Create a MicroVM</a></div>";
  336. echo "</td><td style='vertical-align: top;'>";
  337. echo "<ul><li>CPU: 50% of 2x Xeon E5649 cores</li><li>RAM: 512MB dedicated</li><li>Disk: 25GB dedicated space</li><li>OS: Debian GNU/Linux</li><li>Network: 50mbps down + 2mbps upload</li><li>Select available ports for server operation</li></ul>";
  338. echo "<div style='display:block;width:100%;text-align:center;'><a href='index.php?do=create-mini' class='button'>Create a MiniVM</a></div>";
  339. echo "</td></tr></table>";
  340. }
  341. else
  342. {
  343. echo "You've been assigned a VPS, click &quot;Manage&quot; for more information on your server.";
  344. }
  345. }
  346. ?>
  347. <br /><br />
  348. <center style="background-color: #555555; padding 3px;">Powered By SVMM <?php echo $version; ?></center>
  349. </div>
  350. </div> <!-- main contain -->
  351. </body>
  352. </html>