<?php
/*!
 * Bootstrap v3.3.7 (http://getbootstrap.com)
 * Copyright 2019 Multi-Tech, Inc.
 * Licensed under MIT
 */
$cmd = "/usr/sbin/mts-io-sysfs show product-id";
$handle = popen($cmd, 'r');
$product = fread($handle,4192);
pclose($handle);
$cmd = "/usr/sbin/mts-io-sysfs show device-id";
$handle = popen($cmd, 'r');
$device = fread($handle,4192);
pclose($handle);
$conftxt = "Password";
$finished = "";
$pwdscore = "";
$status = 0;
$save_password = "";
$reset = "";
$userok = 0;
$formdisplay = true;
// Define variables and initialize with empty values
$username = $password = $save_password = "";
$username_err = $password_err = $confirm_password_err = "";

openlog("Commission:", LOG_PID | LOG_PERROR, LOG_LOCAL0);

// uid number must be 1000 or larger.
function chk_username($userid) {
    $cmd = "/usr/bin/id -u \"" . $userid . "\" 2>/dev/null";
    syslog(LOG_ALERT, "/usr/bin/id cmd: $cmd");
    $handle = popen($cmd, 'r');
    $result = trim(fread($handle, 4192));
    $status = pclose($handle);

    if ((strlen($result) > 0) && ($status == 0)) {
        $uid = intval($result,10);
        syslog(LOG_ALERT, "id uid: $uid");
    } else {
        syslog(LOG_ALERT, "id uid: failure");
        $uid = -1;
    }
    return $uid;
}


// Processing form data when form is submitted
if($_SERVER["REQUEST_METHOD"] == "POST"){
    $mismatch = 1; // We have two different passwords

    $reset = trim($_POST["reset"]);
    syslog(LOG_ALERT, "Reset: $reset");
    if ($reset === "Reset") {
        $save_password = "";
        $reset = "";
        $username = $password = $save_password = "";
        $username_err = $password_err = $confirm_password_err = "";
        goto err_exit;
    }

    $save_password = $_POST["save_password"];


    syslog(LOG_ALERT, "Enter post: save_password = $save_password");

    $username = trim($_POST["username"]);
    $userlen = strlen($username);
    // Validate username
    // Be generous on the character length of the username
    // in case it is some kind of character encoding scheme.
    // useradd should catch it if the length is a little off.
    if($userlen == 0) {
        $username_err = "Please enter a username.";
    } elseif ($userlen > 80) {
        $username_err = "mLinux username must not exceed 32 characters";
    } elseif (strstr($username,"\"")) {
        $username_err = "No &#34; allowed in username";
    } else {
        syslog(LOG_ALERT, "Enter username check: $username");
        $id = chk_username($username);
        syslog(LOG_ALERT, "after username check: chk_username $id");
        if ($id > -1 && $id < 1000) {
            $username_err = "User-id is in use by the system -- chose another";
        }
    }

    // Validate password.  Password length is not set in
    // Linux.  It depends on how much memory we have.
    // To avoid unknown issues, reject if > 4096
    $tmpfile = tempnam("/var/volatile/tmp","commission");
    $password = $_POST["password"];
    $passlen = strlen($password);
    $save_passwordlen = strlen($save_password);
    syslog(LOG_ALERT, "passlen: $passlen, save_password len: $save_passwordlen");
    syslog(LOG_ALERT, "password: $password, save_password: $save_password");
    if ($passlen == 0) {
        $password_err = "Please enter a password.";
        $mismatch = 0;
    } elseif ($passlen > 4096) {
        $password_err = "Too long. Limit password length to 4096 characters";
        $password = "";
    } elseif (strstr($password,"\"")) {
        $password_err = "No &#34; allowed in password";
        $mismatch = 0;
        $password = "";
    } else {
        if ($save_passwordlen === 0) {
            $mismatch = 0;
            $cmd = "/usr/bin/pwscore >$tmpfile 2>&1";
            $handle = popen($cmd, 'w');
            fwrite($handle,$password);
            $status = pclose($handle);
            
	    $result2 = file_get_contents($tmpfile);
            if (strlen($result2) > 0)
                syslog(LOG_ALERT, "read pwscore log: status: $status result: $result2");
            else
                syslog(LOG_ALERT, "pwscore has no results!");

            if ($status === 0) {
                $pwdscore = "Password score: " . $result2;
                $save_password = $password;
                $password = "";
                $conftxt = "Re-Enter";
            } else {
                $conftxt = "Re-Enter";
                $password_err = $result2 .
                    " Confirm password if you really want this." .
                    " Click reset to start again";
                $save_password = $password;
                $password = "";
                syslog(LOG_ALERT, "Need password confirmation");
            }
            syslog(LOG_ALERT, "pwscore: score: $pwdscore msg = $password_err");
        }
    }

    if (($passlen != 0) && ($password === $save_password))
        $mismatch = 0;
    
    if (($mismatch === 0) && ($passlen > 0) && ($save_passwordlen > 0)) {
        syslog(LOG_ALERT, "Have password: $password username: $username");
        if((strlen($username_err) == 0) && (strlen($password_err) == 0) && (strlen($confirm_password_err) == 0)){
            // Create user in sudo group
            $cmd = "/usr/sbin/useradd -U -m -G sudo,dialout,disk -s /bin/bash -- \"" . $username . "\" 2>&1";
            syslog(LOG_ALERT, "useradd cmd: $cmd");
            $handle = popen($cmd, 'r');
            $username_err = trim(fread($handle, 4192));
            $status = pclose($handle);
            syslog(LOG_ALERT, "useradd: status: $status result: $result");
            $uid = chk_username($username);
            if ($uid === -1) {
                syslog(LOG_ALERT, "useradd: $status");
                goto err_exit;
            } elseif (! ($uid > 999)) {
                syslog(LOG_ALERT, "useradd: system user-id cannot be chosen: $username uid: $uid");
                $username_err = "useradd: system user-id cannot be chosen: $username uid: $uid";
                $username = "";
                $save_password = "";
                $password = "";
                goto err_exit;
            } // Must have uid > 999

            $cmd = "/usr/bin/passwd \"" . $username . "\" 2>&1 >$tmpfile";
            $handle = popen($cmd, 'w');
            $pwdtxt = $password . "\n" . $password;
            fwrite($handle, $pwdtxt);
            $status = pclose($handle);
            syslog(LOG_ALERT, "set passwd: status: $status result: $result");

	    $result2 = file_get_contents($tmpfile);
            if (strlen($result2) > 0) {
                syslog(LOG_ALERT, "passwd log: status: $status2 result: $result2");
            }
                
            $cmd = "/sbin/mts-ubpasswd -up >$tmpfile 2>&1";
            $handle = popen($cmd, 'w');
            fwrite($handle,$password);
            $status = pclose($handle);
            
	    $result3 = file_get_contents($tmpfile);

            // Delete the password entry log
            $handle = fopen($tmpfile, 'w');
            ftruncate($handle,0);
            fclose($handle);

            if (strlen($result2) > 0)
                syslog(LOG_ALERT, "read mts-ubpasswd log: result: $result2");
            
            if ($status != 0) {
                syslog(LOG_ALERT, "mts-ubpasswd failed: status: $status");
                syslog(LOG_ALERT, "mts-ubpasswd failed: result: $result3");
            } else  // Dont print if successful or password is in the log.
                syslog(LOG_ALERT, "mts-ubpasswd: set u-boot password");

            if ($status == 0) {
                $finished = "Commissioning Complete";
                $formdisplay = false;
                $password_err = $result2;
                $username_err = $result;
                // Disable commissioning
                $data = 'ENABLED=\"no\"';
                file_put_contents("/run/mt-commission",$data);

                // shut off web server
                $cmd = "/usr/sbin/start-stop-daemon -S -p /var/run/commissionoff.pid -b -a /bin/bash -- -c " .
                    "/usr/libexec/commission/off.sh";
                syslog(LOG_ALERT, "turn off web server: command: $cmd");
                $handle = popen($cmd, 'r');
                $result = trim(fread($handle, 4192));
                $status = pclose($handle);
                if ($status > 0) {
                    syslog(LOG_ALERT, "turn off commissioning service: command: $cmd");
                    syslog(LOG_ALERT, "stopping service: status: $status result: $result");
                }
            } else {
                $finished = "Errors: " . $result;
                $save_password = "";
                $password = "";
                if (strlen($result2) === 0) {
                    $password_err = $result3;
                } else {
                    $password_err = $result2;
                }
                $username_err = $result;
            }
        } // Create user, set password
    } else if ($mismatch === 1) {
        $save_password = "";
        $password = "";
        $password_err = "Mismatch";
    }
    syslog(LOG_ALERT, "Leave post: save_password = $save_password");

    err_exit:
        // Is there another way to return and leave the web form in good shape?
}
?>
 
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Commission Multi-Tech mLinux</title>
    <link rel="stylesheet" href="http://127.0.0.1/css/bootstrap.css">
    <style type="text/css">
        body{ font: 14px sans-serif; }
        .wrapper{ width: 380px; padding: 20px; }
    </style>
</head>
<body>
    <div class="wrapper">
        <h2>Commission Multi-Tech mLinux</h2>
        
        <p><label><?php echo $finished; ?></label></p>
        <p>
	Product-ID:
	<?php
	echo $product;
	?>
	<br>
	Device-ID:
	<?php
	echo $device;
	?>
	</h3>
	</p>

        <div id="formwrapper" <?php if ($formdisplay===false){?>style="display:none"<?php } ?>>    
            <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
            <input type="hidden" name="save_password"  value="<?php echo $save_password; ?>">
                <div class="form-group <?php echo (strlen($username_err)) ? 'has-error' : ''; ?>">
                    <label>Username</label>
                    <input type="text" name="username" class="form-control" value="<?php echo $username; ?>">
                    <p>
                    <span class="help-block"><?php echo $username_err; ?></span>
                    </p>
                </div>
                <div class="form-group <?php echo (strlen($password_err)) ? 'has-error' : ''; ?>">
                    <label><?php echo $conftxt; ?></label>
                    <input type="password" name="password" class="form-control" value="<?php echo $password; ?>">
                    <p>
                    <span class="help-block"><?php echo $password_err; ?></span>
                    </p>
                </div>
                <p><label><?php echo $pwdscore; ?></label></p>
                <div class="form-group">
                    <input type="submit" class="btn btn-primary" value="Submit">
                    <input type="submit" name = "reset" class="btn btn-default" value="Reset">
                </div>
            </form>
        </div>
    </div>    
</body>
</html>