uberspace-webadmin/submit.php

92 lines
2.6 KiB
PHP
Raw Permalink Normal View History

2016-04-26 23:51:27 +02:00
<?php
/***********************************************************************
* Copyright (C) 2016 Max Mehl <mail [at] mehl [dot] mx>
************************************************************************
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public
* License along with this program. If not, see
* <http://www.gnu.org/licenses/>.
*
************************************************************************
*
* This file get the input from index.php, sanitises the data and
* forwards it to action.sh. The output of action.sh will be returned
* in the end.
*
***********************************************************************/
?>
<?php include_once 'lang.php'; ?>
2015-07-11 16:41:47 +02:00
<!DOCTYPE html>
<html lang="<?php echo $lang['LANG']; ?>">
2015-07-08 23:06:31 +02:00
<head>
<meta charset="utf-8">
<title>UAAP | <?php echo $lang['S_INTRO']; ?></title>
2015-07-09 12:40:57 +02:00
<link rel='stylesheet' href='/static/style.css' type='text/css' media='all' />
2015-07-08 23:06:31 +02:00
</head>
<body>
2015-07-09 13:49:54 +02:00
<div class="wrapper">
<h1><?php echo $lang['S_INTRO']; ?></h1>
2015-07-09 00:14:14 +02:00
<p><strong><a href="/"><?php echo $lang['S_BACK1']; ?></a></strong> <?php echo $lang['S_BACK2']; ?></p>
2015-07-11 16:32:33 +02:00
2015-07-08 23:06:31 +02:00
<table class="boxed"><tr><td>
<?php
// Reads variables of HTML form in index.php
$ACTION = $_POST['action'];
$USER = isset($_POST['user']) ? $_POST['user'] : ''; // surpress empty variable errors
$PASS = isset($_POST['pass']) ? $_POST['pass'] : '';
$SURE = isset($_POST['sure']) ? $_POST['sure'] : '';
2015-07-08 23:06:31 +02:00
2015-07-10 12:49:23 +02:00
// Sanitize variables
$ACTION = escapeshellarg($ACTION);
$USER = escapeshellarg($USER);
$RAND = mt_rand(100000, 999999);
$PASSFILE = '.' . $RAND . '.pass';
file_put_contents($PASSFILE, $PASS);
2015-07-10 12:49:23 +02:00
2015-07-08 23:06:31 +02:00
// Checks if checkbox is activated (default at most forms)
if($SURE == "yes")
{
2015-07-10 12:49:23 +02:00
// Creates full command
2015-07-10 13:07:17 +02:00
$command = '/bin/bash action.sh ' . $ACTION . ' ' . $USER . ' ' . $PASSFILE;
2015-07-08 23:06:31 +02:00
2015-07-10 12:49:23 +02:00
// Execute command and give output
2015-07-08 23:06:31 +02:00
$output = shell_exec($command);
echo "<pre>$output</pre>";
}
else
{
echo $lang['S_CHECKERR'];
2015-07-08 23:06:31 +02:00
}
2015-07-13 13:29:27 +02:00
// Delete passfile
unlink($PASSFILE);
2015-07-13 13:29:27 +02:00
2015-07-08 23:06:31 +02:00
?>
2015-07-11 16:41:47 +02:00
</td></tr></table>
2015-07-08 23:06:31 +02:00
<p><?php echo $lang['S_MESSAGE']; ?></p>
2015-07-08 23:06:31 +02:00
2015-07-09 13:49:54 +02:00
</div> <!-- /wrapper -->
<div class="footer">
<p><?php echo $lang['FOOTER']; ?></p>
2015-07-09 13:49:54 +02:00
</div>
2015-07-09 00:15:52 +02:00
2015-07-08 23:06:31 +02:00
</body>
</html>