92 lines
2.6 KiB
PHP
92 lines
2.6 KiB
PHP
<?php
|
|
/***********************************************************************
|
|
* Copyright (C) 2016 Max Mehl <mail [at] mehl [dot] mx>
|
|
************************************************************************
|
|
*
|
|
* This program is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU Affero General Public License as
|
|
* published by the Free Software Foundation, either version 3 of the
|
|
* License, or (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU Affero General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Affero General Public
|
|
* License along with this program. If not, see
|
|
* <http://www.gnu.org/licenses/>.
|
|
*
|
|
************************************************************************
|
|
*
|
|
* This file get the input from index.php, sanitises the data and
|
|
* forwards it to action.sh. The output of action.sh will be returned
|
|
* in the end.
|
|
*
|
|
***********************************************************************/
|
|
?>
|
|
<?php include_once 'lang.php'; ?>
|
|
<!DOCTYPE html>
|
|
<html lang="<?php echo $lang['LANG']; ?>">
|
|
<head>
|
|
<meta charset="utf-8">
|
|
<title>UAAP | <?php echo $lang['S_INTRO']; ?></title>
|
|
<link rel='stylesheet' href='/static/style.css' type='text/css' media='all' />
|
|
</head>
|
|
<body>
|
|
<div class="wrapper">
|
|
|
|
<h1><?php echo $lang['S_INTRO']; ?></h1>
|
|
|
|
<p><strong><a href="/"><?php echo $lang['S_BACK1']; ?></a></strong> <?php echo $lang['S_BACK2']; ?></p>
|
|
|
|
<table class="boxed"><tr><td>
|
|
|
|
<?php
|
|
// Reads variables of HTML form in index.php
|
|
$ACTION = $_POST['action'];
|
|
$USER = isset($_POST['user']) ? $_POST['user'] : ''; // surpress empty variable errors
|
|
$PASS = isset($_POST['pass']) ? $_POST['pass'] : '';
|
|
$SURE = isset($_POST['sure']) ? $_POST['sure'] : '';
|
|
|
|
// Sanitize variables
|
|
$ACTION = escapeshellarg($ACTION);
|
|
$USER = escapeshellarg($USER);
|
|
|
|
$RAND = mt_rand(100000, 999999);
|
|
$PASSFILE = '.' . $RAND . '.pass';
|
|
file_put_contents($PASSFILE, $PASS);
|
|
|
|
|
|
// Checks if checkbox is activated (default at most forms)
|
|
if($SURE == "yes")
|
|
{
|
|
// Creates full command
|
|
$command = '/bin/bash action.sh ' . $ACTION . ' ' . $USER . ' ' . $PASSFILE;
|
|
|
|
// Execute command and give output
|
|
$output = shell_exec($command);
|
|
echo "<pre>$output</pre>";
|
|
}
|
|
else
|
|
{
|
|
echo $lang['S_CHECKERR'];
|
|
}
|
|
|
|
// Delete passfile
|
|
unlink($PASSFILE);
|
|
|
|
?>
|
|
|
|
</td></tr></table>
|
|
|
|
<p><?php echo $lang['S_MESSAGE']; ?></p>
|
|
|
|
</div> <!-- /wrapper -->
|
|
<div class="footer">
|
|
<p><?php echo $lang['FOOTER']; ?></p>
|
|
</div>
|
|
|
|
</body>
|
|
</html>
|