summaryrefslogtreecommitdiff
path: root/index.php
blob: 389701f9a2cab18edd7652035e916bafe6bb2955 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
<?php

include "moc-commands.php";

$privKey = "f1869e6cb93500215f5e1ef1fe552dbc76d036088b56c45b1bc32c54211f1c88f4429e138684b0c1a270fd71d3808d77771e0dbb90a0318eaf27d3747cd57f04";
$pubKey = "f4429e138684b0c1a270fd71d3808d77771e0dbb90a0318eaf27d3747cd57f04";

function client_identifier() {
  return $_SERVER['SERVER_ADDR'] . " " . $_SERVER['REMOTE_ADDR'];
}

function zugriff_erlaubt() {
  global $pubKey;
  if ((preg_match("/^192\.168\.[01]\.3$/", $_SERVER["REMOTE_ADDR"]) == 1))
    return true;
  if (array_key_exists('key',$_GET)) {
    $pubKey = hex2bin($pubKey);
    return sodium_crypto_sign_open(hex2bin($_GET["key"]), $pubKey) == client_identifier();
  }
  return false;
}

function attach_key($delimiter = '&') {
  if (!array_key_exists('key', $_GET))
    return;
  print $delimiter . 'key=' . $_GET['key'];
}

if (!zugriff_erlaubt()) {
?>
<html>
<head>
  <script src="/encrypt_key.js"></script>
  <script>
    window.sodium = {
      onload: function (sodium) {
        var sodium = sodium;
      }
    };
    function update_key(form) {
      privateKey = "<?php echo $privKey; ?>";
      privateKey = encrypt_private_key(form.password.value, privateKey);
      privateKey = sodium.from_hex(privateKey);
      let msg = sodium.crypto_sign("<?php print client_identifier(); ?>", privateKey);
      form.key.value = sodium.to_hex(msg);
    }
  </script>
  <script src="/sodium.js" async></script>
</head>
<body>
<form action="" id="form" method="get">
Passwort: <input type="password" id="password" onchange="update_key(this.form);">
<input type="hidden" name="key" id="key">
<input type="submit" value="weiter"">
</form>
</body>
</html>
<?php
  die();
}

$max_line_len = 50;

function crypt_status() {
  return trim(shell_exec("cryptstatus"));
}

function print_redirect() {
?>
<html><head><meta http-equiv="refresh" content="0; url=/<?php attach_key('?'); ?>" /></head></html>
<?php
}

if (!array_key_exists('what',$_GET)) {
?>
<html>
<body>
<?php
    print list_info() . "<br>\n";
    print details() . "<br>\n";
?>
  <a href="?what=all<?php attach_key(); ?>">all info</a><br>
<?php
  print_known_commands();
?>
  <a href="?what=lists<?php attach_key(); ?>">lists</a><br>
</body>
</html>
<?php
  die();
}

switch ($_GET["what"]) {
  case "all":
    print list_info() . "<br>\n";
    print details() . "<br>\n";
    print crypt_status();
    break;
  case "info":
    print list_info($max_line_len);
    break;
  case "details":
    print details($max_line_len);
    break;
  case "crypt":
    print crypt_status();
    break;
  case "playlist":
    if (array_key_exists("list",$_GET)) {
      $i = $_GET["list"];
      if (preg_match("/^\d+$/", $i) == 1) {
        shell_exec("playlist " . $i);
      }
    }
    print_redirect();
    break;
  case "lists":
    print_neutral_back_link();
    print_lists();
    break;
  default:
    if (array_key_exists($_GET["what"], $commands)) {
      shell_exec($commands[$_GET["what"]]);
      print_redirect();
    }
    die();
}