Multiuser support improved, su command
This commit is contained in:
parent
51121bd09b
commit
948cac6b58
8 changed files with 246 additions and 6 deletions
40
blash.js
40
blash.js
|
@ -13,6 +13,9 @@ var shell = null;
|
|||
function blash ()
|
||||
{
|
||||
/************ ATTRIBUTES **************/
|
||||
/** Current user */
|
||||
this.user = '';
|
||||
|
||||
/** Object containing the parsed JSON configuration object */
|
||||
this.json = {};
|
||||
|
||||
|
@ -75,6 +78,38 @@ function blash ()
|
|||
http.send ( null );
|
||||
}
|
||||
|
||||
if ( document.cookie )
|
||||
{
|
||||
if ( document.cookie.match ( 'auth=' ) && document.cookie.match ( 'username=([^;]+);?' ))
|
||||
{
|
||||
this.user = RegExp.$1;
|
||||
var params = 'action=getuser';
|
||||
var users_php = window.location.href;
|
||||
users_php = users_php.replace ( /\/([a-zA-Z\.]+)$/, '/modules/users/users.php' );
|
||||
|
||||
var xml = new XMLHttpRequest();
|
||||
xml.open ( "POST", users_php, true );
|
||||
xml.setRequestHeader ( "Content-type", "application/x-www-form-urlencoded" );
|
||||
xml.setRequestHeader ( "Content-length", params.length );
|
||||
xml.setRequestHeader ( "Connection", "close" );
|
||||
|
||||
xml.onreadystatechange = function ()
|
||||
{
|
||||
if ( xml.readyState == 4 && xml.status == 200 )
|
||||
{
|
||||
if ( xml.responseText.length > 0 )
|
||||
{
|
||||
shell.user = xml.responseText;
|
||||
} else {
|
||||
shell.user = shell.json.user;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
xml.send ( params );
|
||||
}
|
||||
}
|
||||
|
||||
this.prompt.focus();
|
||||
|
||||
var json_config = window.location.href;
|
||||
|
@ -89,6 +124,11 @@ function blash ()
|
|||
{
|
||||
shell.json = eval ( '(' + http.responseText + ')' );
|
||||
|
||||
if ( shell.user == '' )
|
||||
{
|
||||
shell.user = shell.json.user;
|
||||
}
|
||||
|
||||
shell.promptText.innerHTML = ( shell.json.promptText ) ? shell.json.promptText : "[%n@%m %W] $ ";
|
||||
shell.promptText.innerHTML = shell.unescapePrompt ( promptText.innerHTML, shell.json.promptSequences );
|
||||
|
||||
|
|
|
@ -24,9 +24,9 @@
|
|||
"promptSequences" : [
|
||||
{
|
||||
"sequence" : "%n",
|
||||
"default_text" : "blacklight",
|
||||
"default_text" : "guest",
|
||||
"text" : function () {
|
||||
return shell.json.user;
|
||||
return shell.user;
|
||||
},
|
||||
},
|
||||
{
|
||||
|
@ -38,7 +38,7 @@
|
|||
},
|
||||
{
|
||||
"sequence" : "%W",
|
||||
"default_text" : "~",
|
||||
"default_text" : "/",
|
||||
"text" : function () {
|
||||
return shell.path;
|
||||
},
|
||||
|
@ -195,6 +195,7 @@
|
|||
"ls",
|
||||
"man",
|
||||
"pwd",
|
||||
"su",
|
||||
"useradd",
|
||||
"whoami",
|
||||
],
|
||||
|
|
87
commands/su.json
Normal file
87
commands/su.json
Normal file
|
@ -0,0 +1,87 @@
|
|||
{
|
||||
"name" : "su",
|
||||
|
||||
"info" : {
|
||||
"syntax" : "su [username]",
|
||||
"brief" : "Change user ID or become superuser",
|
||||
},
|
||||
|
||||
"action" : function ( arg )
|
||||
{
|
||||
var out = '';
|
||||
|
||||
if ( !arg || arg.length == 0 )
|
||||
{
|
||||
arg = 'root';
|
||||
}
|
||||
|
||||
if ( shell.__first_cmd )
|
||||
{
|
||||
shell.cmdOut.innerHTML = '<br/>';
|
||||
shell.__first_cmd = false;
|
||||
}
|
||||
|
||||
shell.getPassword = this.getPassword;
|
||||
shell.newuser = arg;
|
||||
|
||||
shell.cmdOut.innerHTML += 'Password: <input type="password" ' +
|
||||
'name="password" class="password" ' +
|
||||
'onkeyup="shell.getPassword ( event )">' +
|
||||
'<br/>';
|
||||
|
||||
shell.auto_prompt_focus = false;
|
||||
shell.auto_prompt_refresh = false;
|
||||
|
||||
this.password = document.getElementsByName ( "password" )[0];
|
||||
this.password.focus();
|
||||
|
||||
return out;
|
||||
},
|
||||
|
||||
"getPassword" : function ( e )
|
||||
{
|
||||
var evt = ( window.event ) ? window.event : e;
|
||||
var key = ( evt.charCode ) ? evt.charCode : evt.keyCode;
|
||||
var password = document.getElementsByName ( "password" )[0];
|
||||
|
||||
if ( key == 13 && password.value.length > 0 )
|
||||
{
|
||||
var users_php = window.location.href;
|
||||
users_php = users_php.replace ( /\/([a-zA-Z\.]+)$/, '/modules/users/users.php' );
|
||||
params = 'action=login&user=' + escape ( shell.newuser ) + '&pass=' + md5 ( password.value );
|
||||
|
||||
var http = new XMLHttpRequest();
|
||||
http.open ( "POST", users_php, true );
|
||||
http.setRequestHeader ( "Content-type", "application/x-www-form-urlencoded" );
|
||||
http.setRequestHeader ( "Content-length", params.length );
|
||||
http.setRequestHeader ( "Connection", "close" );
|
||||
|
||||
http.onreadystatechange = function ()
|
||||
{
|
||||
if ( http.readyState == 4 && http.status == 200 )
|
||||
{
|
||||
if ( http.responseText.match ( /^Successfully logged in as '(.+?)'\s+(.*)\s*$/i ))
|
||||
{
|
||||
var user = RegExp.$1;
|
||||
var auth = RegExp.$2;
|
||||
|
||||
shell.user = user;
|
||||
shell.cmdOut.innerHTML = "Successfully logged in as '" + user + "'";
|
||||
} else {
|
||||
shell.cmdOut.innerHTML = '';
|
||||
}
|
||||
|
||||
shell.refreshPrompt ( false, false );
|
||||
}
|
||||
}
|
||||
|
||||
http.send ( params );
|
||||
|
||||
shell.cmdOut.innerHTML = '';
|
||||
shell.auto_prompt_focus = true;
|
||||
shell.auto_prompt_refresh = true;
|
||||
shell.refreshPrompt ( false, false );
|
||||
}
|
||||
},
|
||||
}
|
||||
|
|
@ -15,7 +15,42 @@
|
|||
return "whoami: extra operand `" + arg + "'<br/>\n";
|
||||
}
|
||||
|
||||
return shell.json.user + "<br/>\n";
|
||||
if ( shell.user == shell.json.user )
|
||||
{
|
||||
return shell.json.user + "<br/>\n";
|
||||
} else {
|
||||
shell.auto_prompt_refresh = false;
|
||||
|
||||
var users_php = window.location.href;
|
||||
users_php = users_php.replace ( /\/([a-zA-Z\.]+)$/, '/modules/users/users.php' );
|
||||
params = 'action=getuser';
|
||||
|
||||
var http = new XMLHttpRequest();
|
||||
http.open ( "POST", users_php, true );
|
||||
http.setRequestHeader( "Content-type", "application/x-www-form-urlencoded" );
|
||||
http.setRequestHeader( "Content-length", params.length );
|
||||
http.setRequestHeader( "Connection", "close" );
|
||||
|
||||
http.onreadystatechange = function ()
|
||||
{
|
||||
if ( http.readyState == 4 && http.status == 200 )
|
||||
{
|
||||
if ( http.responseText.length > 0 )
|
||||
{
|
||||
shell.cmdOut.innerHTML = http.responseText + "\n";
|
||||
} else {
|
||||
shell.cmdOut.innerHTML = shell.json.user + "<br/>\n";
|
||||
}
|
||||
|
||||
shell.auto_prompt_refresh = true;
|
||||
shell.refreshPrompt ( false, false );
|
||||
}
|
||||
}
|
||||
|
||||
http.send ( params );
|
||||
shell.cmdOut.innerHTML = '';
|
||||
return out;
|
||||
}
|
||||
},
|
||||
}
|
||||
|
||||
|
|
Binary file not shown.
Binary file not shown.
|
@ -3,7 +3,7 @@
|
|||
$xmlcontent = <<<XML
|
||||
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
|
||||
<users>
|
||||
</users>
|
||||
<user name="blacklight" pass="26cc112004f6e530291f74d193a0c0b4" home="/home/blacklight"/></users>
|
||||
|
||||
XML;
|
||||
|
||||
|
|
|
@ -27,7 +27,7 @@ switch ( $action )
|
|||
|
||||
if ( preg_match ( '/[^a-zA-Z0-9]/', $password ) || strlen ( $password ) != 32 )
|
||||
{
|
||||
print "The provided password '$password' is not a valid hash\n";
|
||||
print "The provided password is not a valid hash\n";
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
@ -62,6 +62,83 @@ switch ( $action )
|
|||
|
||||
print 'User "'.$username.' successfully added, home directory set to "/home/'.$username."\"\n";
|
||||
break;
|
||||
|
||||
case 'login':
|
||||
$username = $_REQUEST['user'];
|
||||
$password = $_REQUEST['pass'];
|
||||
|
||||
if ( !( $username != null && $password != null ))
|
||||
{
|
||||
die ("");
|
||||
}
|
||||
|
||||
if ( preg_match ( '/[^a-zA-Z0-9_]/', $username ))
|
||||
{
|
||||
print "The username can only contain characters in the charset '[a-zA-Z0-9_]'\n";
|
||||
return 1;
|
||||
}
|
||||
|
||||
if ( !( $xml = new SimpleXMLElement ( $xmlcontent )))
|
||||
{
|
||||
print "Unable to open the users XML file\n";
|
||||
return 1;
|
||||
}
|
||||
|
||||
for ( $i = 0; $i < count ( $xml->user ) && !$found; $i++ )
|
||||
{
|
||||
if ( !strcasecmp ( $xml->user[$i]['name'], $username ))
|
||||
{
|
||||
if ( strcasecmp ( $xml->user[$i]['pass'], $password ))
|
||||
{
|
||||
print "Wrong password provided for user '$username'\n";
|
||||
return 1;
|
||||
} else {
|
||||
$auth = md5 ( $xml->user[$i]['name'] . $xml->user[$i]['pass'] );
|
||||
setcookie ( 'username', $xml->user[$i]['name'], 0, "/" );
|
||||
setcookie ( 'auth', $auth, 0, "/" );
|
||||
|
||||
print "Successfully logged in as '$username' $auth\n";
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
print "Username not found: '$username'\n";
|
||||
break;
|
||||
|
||||
case 'getuser':
|
||||
if ( isset ( $_COOKIE['username'] ) && isset ( $_COOKIE['auth'] ))
|
||||
{
|
||||
if ( !( $xml = new SimpleXMLElement ( $xmlcontent )))
|
||||
{
|
||||
print "Unable to open the users XML file\n";
|
||||
return 1;
|
||||
}
|
||||
|
||||
for ( $i = 0; $i < count ( $xml->user ) && !$found; $i++ )
|
||||
{
|
||||
if ( !strcasecmp ( $xml->user[$i]['name'], $_COOKIE['username'] ))
|
||||
{
|
||||
$auth = md5 ( $xml->user[$i]['name'] . $xml->user[$i]['pass'] );
|
||||
|
||||
if ( !strcasecmp ( $auth, $_COOKIE['auth'] ))
|
||||
{
|
||||
print $xml->user[$i]['name'];
|
||||
return 0;
|
||||
} else {
|
||||
print "guest";
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
print "guest";
|
||||
return 1;
|
||||
}
|
||||
|
||||
print "guest";
|
||||
return 1;
|
||||
break;
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
Loading…
Reference in a new issue