diff options
author | nachoparker <nacho@ownyourbits.com> | 2017-07-14 00:43:13 +0300 |
---|---|---|
committer | nachoparker <nacho@ownyourbits.com> | 2017-08-11 00:17:51 +0300 |
commit | 41e71b4cbb02a9c3d0be01d25dd49aa39d06b8c8 (patch) | |
tree | b8a56b7d52bab9298a6b2d188c6c41b5b093d6ac /ncp-web/ncp-launcher.php | |
parent | c0a69703aeaf84f8bdad6e9d64d44d1719a77521 (diff) |
added ncp-webv0.17.0
Diffstat (limited to 'ncp-web/ncp-launcher.php')
-rw-r--r-- | ncp-web/ncp-launcher.php | 107 |
1 files changed, 107 insertions, 0 deletions
diff --git a/ncp-web/ncp-launcher.php b/ncp-web/ncp-launcher.php new file mode 100644 index 00000000..43df0c8e --- /dev/null +++ b/ncp-web/ncp-launcher.php @@ -0,0 +1,107 @@ +<?php +/// +// NextcloudPi Web Panel backend +// +// Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> +// GPL licensed (see end of file) * Use at your own risk! +// +// More at https://ownyourbits.com/2017/02/13/nextcloud-ready-raspberry-pi-image/ +/// + +include ('csrf.php'); + +session_start(); + +if ( !$_POST['ref'] ) exit( '{ "output": "Invalid request" }' ); + +if ( $_POST['action'] == "cfgreq" ) +{ + //CSFR check + $token = isset($_POST['csrf_token']) ? $_POST['csrf_token'] : ''; + if ( empty($token) || !validateCSRFToken($token) ) + exit( '{ "output": "Unauthorized request" }' ); + + $path = '/usr/local/etc/nextcloudpi-config.d/'; + $files = array_diff(scandir($path), array('.', '..')); + + $fh = fopen( $path . $_POST['ref'] . '.sh' ,'r') + or exit( '{ "output": "' . $file . ' read error" }' ); + + // Get new token + echo '{ "token": "' . getCSRFToken() . '",'; + echo ' "output": '; + + $output = "<table>"; + + while ( $line = fgets($fh) ) + { + if ( preg_match('/^(\w+)_=(.*)$/', $line, $matches) ) + { + $output = $output . "<tr>"; + $output = $output . "<td><label for=\"$matches[1]\">$matches[1]</label></td>"; + $output = $output . "<td><input type=\"text\" name=\"$matches[1]\" id=\"$matches[1]\" value=\"$matches[2]\" size=\"40\"></td>"; + $output = $output . "</tr>"; + } + } + + $output = $output . "</table>"; + fclose($fh); + + echo json_encode( $output ) . ' }'; // close JSON +} + +else if ( $_POST['action'] == "launch" && $_POST['config'] ) +{ + // CSRF check + $token = isset($_POST['csrf_token']) ? $_POST['csrf_token'] : ''; + if ( empty($token) || !validateCSRFToken($token) ) + exit( '{ "output": "Unauthorized request" }' ); + + chdir('/usr/local/etc/nextcloudpi-config.d/'); + + $file = $_POST['ref'] . '.sh'; + + if ( $_POST['config'] != "{}" ) + $params = json_decode( $_POST['config'], true ) + or exit( '{ "output": "Invalid request" }' ); + + $code = file_get_contents( $file ) + or exit( '{ "output": "' . $file . ' read error" }' ); + + foreach( $params as $name => $value) + { + preg_match( '/^[\w.@_\/-]+$/' , $value , $matches ) + or exit( '{ "output": "Invalid input" , "token": "' . getCSRFToken() . '" }' ); + $code = preg_replace( '/\n' . $name . '_=.*' . PHP_EOL . '/' , + PHP_EOL . $name . '_=' . $value . PHP_EOL , + $code ) + or exit(); + } + + file_put_contents($file, $code ) + or exit( '{ "output": "' . $file . ' write error" }' ); + + // Get new token + echo '{ "token": "' . getCSRFToken() . '",'; + echo ' "output": '; + + echo json_encode( shell_exec( 'bash -c "sudo /home/www/ncp-launcher.sh ' . $file . '"' ) ) . ' }'; +} + +// License +// +// This script is free software; you can redistribute it and/or modify it +// under the terms of the GNU General Public License as published by +// the Free Software Foundation; either version 2 of the License, or +// (at your option) any later version. +// +// This script is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this script; if not, write to the +// Free Software Foundation, Inc., 59 Temple Place, Suite 330, +// Boston, MA 02111-1307 USA +?> |