diff --git a/blash.js b/blash.js
index bc46107..30f6a74 100644
--- a/blash.js
+++ b/blash.js
@@ -13,6 +13,9 @@ var shell = null;
function blash ()
{
/************ ATTRIBUTES **************/
+ /** Current user */
+ this.user = '';
+
/** Object containing the parsed JSON configuration object */
this.json = {};
@@ -75,6 +78,38 @@ function blash ()
http.send ( null );
}
+ if ( document.cookie )
+ {
+ if ( document.cookie.match ( 'auth=' ) && document.cookie.match ( 'username=([^;]+);?' ))
+ {
+ this.user = RegExp.$1;
+ var params = 'action=getuser';
+ var users_php = window.location.href;
+ users_php = users_php.replace ( /\/([a-zA-Z\.]+)$/, '/modules/users/users.php' );
+
+ var xml = new XMLHttpRequest();
+ xml.open ( "POST", users_php, true );
+ xml.setRequestHeader ( "Content-type", "application/x-www-form-urlencoded" );
+ xml.setRequestHeader ( "Content-length", params.length );
+ xml.setRequestHeader ( "Connection", "close" );
+
+ xml.onreadystatechange = function ()
+ {
+ if ( xml.readyState == 4 && xml.status == 200 )
+ {
+ if ( xml.responseText.length > 0 )
+ {
+ shell.user = xml.responseText;
+ } else {
+ shell.user = shell.json.user;
+ }
+ }
+ }
+
+ xml.send ( params );
+ }
+ }
+
this.prompt.focus();
var json_config = window.location.href;
@@ -89,6 +124,11 @@ function blash ()
{
shell.json = eval ( '(' + http.responseText + ')' );
+ if ( shell.user == '' )
+ {
+ shell.user = shell.json.user;
+ }
+
shell.promptText.innerHTML = ( shell.json.promptText ) ? shell.json.promptText : "[%n@%m %W] $ ";
shell.promptText.innerHTML = shell.unescapePrompt ( promptText.innerHTML, shell.json.promptSequences );
diff --git a/blash.json b/blash.json
index 974ff6c..d8fca3c 100644
--- a/blash.json
+++ b/blash.json
@@ -24,9 +24,9 @@
"promptSequences" : [
{
"sequence" : "%n",
- "default_text" : "blacklight",
+ "default_text" : "guest",
"text" : function () {
- return shell.json.user;
+ return shell.user;
},
},
{
@@ -38,7 +38,7 @@
},
{
"sequence" : "%W",
- "default_text" : "~",
+ "default_text" : "/",
"text" : function () {
return shell.path;
},
@@ -195,6 +195,7 @@
"ls",
"man",
"pwd",
+ "su",
"useradd",
"whoami",
],
diff --git a/commands/su.json b/commands/su.json
new file mode 100644
index 0000000..ea03868
--- /dev/null
+++ b/commands/su.json
@@ -0,0 +1,87 @@
+{
+ "name" : "su",
+
+ "info" : {
+ "syntax" : "su [username]",
+ "brief" : "Change user ID or become superuser",
+ },
+
+ "action" : function ( arg )
+ {
+ var out = '';
+
+ if ( !arg || arg.length == 0 )
+ {
+ arg = 'root';
+ }
+
+ if ( shell.__first_cmd )
+ {
+ shell.cmdOut.innerHTML = '
';
+ shell.__first_cmd = false;
+ }
+
+ shell.getPassword = this.getPassword;
+ shell.newuser = arg;
+
+ shell.cmdOut.innerHTML += 'Password: ' +
+ '
';
+
+ shell.auto_prompt_focus = false;
+ shell.auto_prompt_refresh = false;
+
+ this.password = document.getElementsByName ( "password" )[0];
+ this.password.focus();
+
+ return out;
+ },
+
+ "getPassword" : function ( e )
+ {
+ var evt = ( window.event ) ? window.event : e;
+ var key = ( evt.charCode ) ? evt.charCode : evt.keyCode;
+ var password = document.getElementsByName ( "password" )[0];
+
+ if ( key == 13 && password.value.length > 0 )
+ {
+ var users_php = window.location.href;
+ users_php = users_php.replace ( /\/([a-zA-Z\.]+)$/, '/modules/users/users.php' );
+ params = 'action=login&user=' + escape ( shell.newuser ) + '&pass=' + md5 ( password.value );
+
+ var http = new XMLHttpRequest();
+ http.open ( "POST", users_php, true );
+ http.setRequestHeader ( "Content-type", "application/x-www-form-urlencoded" );
+ http.setRequestHeader ( "Content-length", params.length );
+ http.setRequestHeader ( "Connection", "close" );
+
+ http.onreadystatechange = function ()
+ {
+ if ( http.readyState == 4 && http.status == 200 )
+ {
+ if ( http.responseText.match ( /^Successfully logged in as '(.+?)'\s+(.*)\s*$/i ))
+ {
+ var user = RegExp.$1;
+ var auth = RegExp.$2;
+
+ shell.user = user;
+ shell.cmdOut.innerHTML = "Successfully logged in as '" + user + "'";
+ } else {
+ shell.cmdOut.innerHTML = '';
+ }
+
+ shell.refreshPrompt ( false, false );
+ }
+ }
+
+ http.send ( params );
+
+ shell.cmdOut.innerHTML = '';
+ shell.auto_prompt_focus = true;
+ shell.auto_prompt_refresh = true;
+ shell.refreshPrompt ( false, false );
+ }
+ },
+}
+
diff --git a/commands/whoami.json b/commands/whoami.json
index 2e1dbf0..049a868 100644
--- a/commands/whoami.json
+++ b/commands/whoami.json
@@ -15,7 +15,42 @@
return "whoami: extra operand `" + arg + "'
\n";
}
- return shell.json.user + "
\n";
+ if ( shell.user == shell.json.user )
+ {
+ return shell.json.user + "
\n";
+ } else {
+ shell.auto_prompt_refresh = false;
+
+ var users_php = window.location.href;
+ users_php = users_php.replace ( /\/([a-zA-Z\.]+)$/, '/modules/users/users.php' );
+ params = 'action=getuser';
+
+ var http = new XMLHttpRequest();
+ http.open ( "POST", users_php, true );
+ http.setRequestHeader( "Content-type", "application/x-www-form-urlencoded" );
+ http.setRequestHeader( "Content-length", params.length );
+ http.setRequestHeader( "Connection", "close" );
+
+ http.onreadystatechange = function ()
+ {
+ if ( http.readyState == 4 && http.status == 200 )
+ {
+ if ( http.responseText.length > 0 )
+ {
+ shell.cmdOut.innerHTML = http.responseText + "\n";
+ } else {
+ shell.cmdOut.innerHTML = shell.json.user + "
\n";
+ }
+
+ shell.auto_prompt_refresh = true;
+ shell.refreshPrompt ( false, false );
+ }
+ }
+
+ http.send ( params );
+ shell.cmdOut.innerHTML = '';
+ return out;
+ }
},
}
diff --git a/modules/users/.userlist.php.swp b/modules/users/.userlist.php.swp
deleted file mode 100644
index 225fe82..0000000
Binary files a/modules/users/.userlist.php.swp and /dev/null differ
diff --git a/modules/users/.users.php.swp b/modules/users/.users.php.swp
index 21565a0..74c3fa5 100644
Binary files a/modules/users/.users.php.swp and b/modules/users/.users.php.swp differ
diff --git a/modules/users/userlist.php b/modules/users/userlist.php
index 29108df..5111870 100644
--- a/modules/users/userlist.php
+++ b/modules/users/userlist.php
@@ -3,7 +3,7 @@
$xmlcontent = <<
-
+
XML;
diff --git a/modules/users/users.php b/modules/users/users.php
index e381134..971346a 100644
--- a/modules/users/users.php
+++ b/modules/users/users.php
@@ -27,7 +27,7 @@ switch ( $action )
if ( preg_match ( '/[^a-zA-Z0-9]/', $password ) || strlen ( $password ) != 32 )
{
- print "The provided password '$password' is not a valid hash\n";
+ print "The provided password is not a valid hash\n";
return 1;
}
@@ -62,6 +62,83 @@ switch ( $action )
print 'User "'.$username.' successfully added, home directory set to "/home/'.$username."\"\n";
break;
+
+ case 'login':
+ $username = $_REQUEST['user'];
+ $password = $_REQUEST['pass'];
+
+ if ( !( $username != null && $password != null ))
+ {
+ die ("");
+ }
+
+ if ( preg_match ( '/[^a-zA-Z0-9_]/', $username ))
+ {
+ print "The username can only contain characters in the charset '[a-zA-Z0-9_]'\n";
+ return 1;
+ }
+
+ if ( !( $xml = new SimpleXMLElement ( $xmlcontent )))
+ {
+ print "Unable to open the users XML file\n";
+ return 1;
+ }
+
+ for ( $i = 0; $i < count ( $xml->user ) && !$found; $i++ )
+ {
+ if ( !strcasecmp ( $xml->user[$i]['name'], $username ))
+ {
+ if ( strcasecmp ( $xml->user[$i]['pass'], $password ))
+ {
+ print "Wrong password provided for user '$username'\n";
+ return 1;
+ } else {
+ $auth = md5 ( $xml->user[$i]['name'] . $xml->user[$i]['pass'] );
+ setcookie ( 'username', $xml->user[$i]['name'], 0, "/" );
+ setcookie ( 'auth', $auth, 0, "/" );
+
+ print "Successfully logged in as '$username' $auth\n";
+ return 0;
+ }
+ }
+ }
+
+ print "Username not found: '$username'\n";
+ break;
+
+ case 'getuser':
+ if ( isset ( $_COOKIE['username'] ) && isset ( $_COOKIE['auth'] ))
+ {
+ if ( !( $xml = new SimpleXMLElement ( $xmlcontent )))
+ {
+ print "Unable to open the users XML file\n";
+ return 1;
+ }
+
+ for ( $i = 0; $i < count ( $xml->user ) && !$found; $i++ )
+ {
+ if ( !strcasecmp ( $xml->user[$i]['name'], $_COOKIE['username'] ))
+ {
+ $auth = md5 ( $xml->user[$i]['name'] . $xml->user[$i]['pass'] );
+
+ if ( !strcasecmp ( $auth, $_COOKIE['auth'] ))
+ {
+ print $xml->user[$i]['name'];
+ return 0;
+ } else {
+ print "guest";
+ return 1;
+ }
+ }
+ }
+
+ print "guest";
+ return 1;
+ }
+
+ print "guest";
+ return 1;
+ break;
}
?>