diff options
Diffstat (limited to 'www/commission/index.php')
| -rw-r--r-- | www/commission/index.php | 218 |
1 files changed, 218 insertions, 0 deletions
diff --git a/www/commission/index.php b/www/commission/index.php new file mode 100644 index 0000000..5721968 --- /dev/null +++ b/www/commission/index.php @@ -0,0 +1,218 @@ +<?php +/*! + * Bootstrap v3.3.7 (http://getbootstrap.com) + * Copyright 2019 Multi-Tech, Inc. + * Licensed under MIT + */ +$cmd = "/usr/sbin/mts-io-sysfs show product-id"; +$handle = popen($cmd, 'r'); +$product = fread($handle,4192); +pclose($handle); +$cmd = "/usr/sbin/mts-io-sysfs show device-id"; +$handle = popen($cmd, 'r'); +$device = fread($handle,4192); +pclose($handle); +$conftxt = "Password"; +$finished = ""; +$pwdscore = ""; +$status = 0; +$save_password = ""; +$reset = ""; +$userok = 0; +// Define variables and initialize with empty values +$username = $password = $save_password = ""; +$username_err = $password_err = $confirm_password_err = ""; + +openlog("Commission:", LOG_PID | LOG_PERROR, LOG_LOCAL0); + +// uid number must be 1000 or larger. +function chk_username($userid) { + $cmd = "/usr/bin/id -u " . $userid . " 2>/dev/null"; + syslog(LOG_ALERT, "/usr/bin/id cmd: $cmd"); + $handle = popen($cmd, 'r'); + $result = trim(fread($handle, 4192)); + $status = pclose($handle); + + if ((strlen($result) > 0) && ($status == 0)) { + $uid = intval($result,10); + syslog(LOG_ALERT, "id uid: $uid"); + } else { + syslog(LOG_ALERT, "id uid: failure"); + $uid = -1; + } + return $uid; +} + + + +// Processing form data when form is submitted +if($_SERVER["REQUEST_METHOD"] == "POST"){ + $mismatch = 1; // We have two different passwords + + $reset = trim($_POST["reset"]); + syslog(LOG_ALERT, "Reset: $reset"); + if ($reset === "Reset") { + $save_password = ""; + $reset = ""; + $username = $password = $save_password = ""; + $username_err = $password_err = $confirm_password_err = ""; + goto err_exit; + } + + $save_password = trim($_POST["save_password"]); + + + syslog(LOG_ALERT, "Enter post: save_password = $save_password"); + + // Validate username + if(strlen(trim($_POST["username"])) == 0){ + $username_err = "Please enter a username."; + } else { + $username = trim($_POST["username"]); + syslog(LOG_ALERT, "Enter username check: $username"); + $id = chk_username($username); + syslog(LOG_ALERT, "after username check: chk_username $id"); + if ($id > -1 && $id < 1000) { + $username_err = "User-id is in use by the system -- chose another"; + } + } + + // Validate password + if(strlen(trim($_POST["password"])) == 0){ + $password_err = "Please enter a password."; + $mismatch = 0; + } else { + $password = trim($_POST["password"]); + if (strlen($save_password) == 0) { + $mismatch = 0; + $cmd = "echo '" . $password . "' | /usr/bin/pwscore 2>&1"; + $handle = popen($cmd, 'r'); + $result = trim(fread($handle,4192)); + if (pclose($handle) === 0) { + $pwdscore = "Password score: " . $result; + $save_password = $password; + $password = ""; + $conftxt = "Re-Enter"; + } else { + $conftxt = "Re-Enter"; + $password_err = $result . + ". Confirm password if you really want this." . + " Click reset to start again"; + $save_password = $password; + $password = ""; + syslog(LOG_ALERT, "Need password confirmation"); + } + syslog(LOG_ALERT, "pwscore: score: $pwdscore msg = $password_err"); + } + } + + if ((strlen($password) != 0) && ($password === $save_password) && (strlen($username) != 0)) { + syslog(LOG_ALERT, "Have password: $password username: $password"); + if((strlen($username_err) == 0) && (strlen($password_err) == 0) && (strlen($confirm_password_err) == 0)){ + // Create user in sudo group + $cmd = "/usr/sbin/useradd -U -m -G sudo,dialout,disk -s /bin/bash " . $username . " 2>&1"; + syslog(LOG_ALERT, "useradd cmd: $cmd"); + $handle = popen($cmd, 'r'); + $username_err = trim(fread($handle, 4192)); + $status = pclose($handle); + syslog(LOG_ALERT, "useradd: status: $status result: $result"); + $uid = chk_username($username); + $cmd = "/usr/bin/id " . $username . " 2>/dev/null"; + if (! ($uid > 999)) { + syslog(LOG_ALERT, "useradd: system user-id cannot be chosen: $username uid: $uid"); + $username_err = "useradd: system user-id cannot be chosen: $username uid: $uid"; + $username = ""; + $save_password = ""; + $password = ""; + goto err_exit; + } // Must have uid > 999 + $tmpfile = tempnam("/var/volatile/tmp","commission"); + $cmd = "/usr/bin/passwd " . $username . " 2>&1 >$tmpfile"; + $handle = popen($cmd, 'w'); + $pwdtxt = $password . "\n" . $password; + fwrite($handle, $pwdtxt); + $status = pclose($handle); + $cmd = "/bin/cat $tmpfile"; + $handle = popen($cmd, 'r'); + $result2 = trim(fread($handle, 4192)); + $status2 = pclose($handle); + syslog(LOG_ALERT, "passwd: status: $status result: $result"); + if ($status === 0) { + $finished = "Commissioning Complete"; + $password_err = $result2; + $username_err = $result; + } else { + $finished = "Errors: " . $result; + $save_password = ""; + $password = ""; + $password_err = $result2; + $username_err = $result; + } + } // Create user, set password + } else if ($mismatch === 1) { + $save_password = ""; + $password = ""; + $password_err = "Mismatch"; + } + syslog(LOG_ALERT, "Leave post: save_password = $save_password"); + + err_exit: + // Is there another way to return and leave the web form in good shape? +} +?> + +<!DOCTYPE html> +<html lang="en"> +<head> + <meta charset="UTF-8"> + <title>Commission Multi-Tech mLinux</title> + <link rel="stylesheet" href="http://127.0.0.1/css/bootstrap.css"> + <style type="text/css"> + body{ font: 14px sans-serif; } + .wrapper{ width: 380px; padding: 20px; } + </style> +</head> +<body> + <div class="wrapper"> + <h2>Commission Multi-Tech mLinux</h2> + + <p><label><?php echo $finished; ?></label></p> + <p> + Product-ID: + <?php + echo $product; + ?> + <br> + Device-ID: + <?php + echo $device; + ?> + </h3> + </p> + + + <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post"> + <input type="hidden" name="save_password" value="<?php echo $save_password; ?>"> + <div class="form-group <?php echo (strlen($username_err)) ? 'has-error' : ''; ?>"> + <label>Username</label> + <input type="text" name="username" class="form-control" value="<?php echo $username; ?>"> + <p> + <span class="help-block"><?php echo $username_err; ?></span> + </p> + </div> + <div class="form-group <?php echo (strlen($password_err)) ? 'has-error' : ''; ?>"> + <label><?php echo $conftxt; ?></label> + <input type="password" name="password" class="form-control" value="<?php echo $password; ?>"> + <p> + <span class="help-block"><?php echo $password_err; ?></span> + </p> + </div> + <p><label><?php echo $pwdscore; ?></label></p> + <div class="form-group"> + <input type="submit" class="btn btn-primary" value="Submit"> + <input type="submit" name = "reset" class="btn btn-default" value="Reset"> + </div> + </form> + </div> +</body> +</html> |