blob: 0a93b05a10da4f378ff0a5c6ac03749f5ef9d7ff (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
<?php
include "moc-commands.php";
$privKey = "f1869e6cb93500215f5e1ef1fe552dbc76d036088b56c45b1bc32c54211f1c88f4429e138684b0c1a270fd71d3808d77771e0dbb90a0318eaf27d3747cd57f04";
$pubKey = "f4429e138684b0c1a270fd71d3808d77771e0dbb90a0318eaf27d3747cd57f04";
function client_identifier() {
return $_SERVER['SERVER_ADDR'] . " " . $_SERVER['REMOTE_ADDR'] . " " . $_SERVER['REMOTE_PORT'];
}
function zugriff_erlaubt() {
global $pubKey;
if (!(preg_match("/^192\.168\.[01]\.3$/", $_SERVER["REMOTE_ADDR"]) == 1))
return true;
if (array_key_exists('key',$_GET)) {
$pubKey = hex2bin($pubKey);
return sodium_crypto_sign_open(hex2bin($_GET["key"]), $pubKey) == client_identifier();
}
return false;
}
function attach_key($delimiter = '&') {
if (!array_key_exists('key', $_GET))
return;
print $delimiter . 'key=' . $_GET['key'];
}
if (!zugriff_erlaubt()) {
?>
<html>
<head>
<script src="/encrypt_key.js"></script>
<script>
window.sodium = {
onload: function (sodium) {
var sodium = sodium;
}
};
function update_key(form) {
privateKey = "<?php echo $privKey; ?>";
privateKey = encrypt_private_key(form.password.value, privateKey);
privateKey = sodium.from_hex(privateKey);
let msg = sodium.crypto_sign("<?php print client_identifier(); ?>", privateKey);
form.key.value = sodium.to_hex(msg);
}
</script>
<script src="/sodium.js" async></script>
</head>
<body>
<form action="" id="form" method="get">
Passwort: <input type="password" id="password" onchange="update_key(this.form);">
<input type="hidden" name="key" id="key">
<input type="submit" value="weiter"">
</form>
</body>
</html>
<?php
die();
}
$max_line_len = 50;
function crypt_status() {
return trim(shell_exec("cryptstatus"));
}
function print_redirect() {
?>
<html><head><meta http-equiv="refresh" content="0; url=/<?php attach_key('?'); ?>" /></head></html>
<?php
}
if (!array_key_exists('what',$_GET)) {
?>
<html>
<body>
<?php
print list_info() . "<br>\n";
print details() . "<br>\n";
?>
<a href="?what=all<?php attach_key(); ?>">all info</a><br>
<?php
print_known_commands();
?>
<a href="?what=lists<?php attach_key(); ?>">lists</a><br>
</body>
</html>
<?php
die();
}
switch ($_GET["what"]) {
case "all":
print list_info() . "<br>\n";
print details() . "<br>\n";
print crypt_status();
break;
case "info":
print list_info($max_line_len);
break;
case "details":
print details($max_line_len);
break;
case "crypt":
print crypt_status();
break;
case "playlist":
if (array_key_exists("list",$_GET)) {
$i = $_GET["list"];
if (preg_match("/^\d+$/", $i) == 1) {
shell_exec("playlist " . $i);
}
}
print_redirect();
break;
case "lists":
print_neutral_back_link();
print_lists();
break;
default:
if (array_key_exists($_GET["what"], $commands)) {
shell_exec($commands[$_GET["what"]]);
print_redirect();
}
die();
}
|
