Finish root password configuration page and moved escaping to SetRootPassword function

13 years ago · 4e841d6ae7
parent 0766875cc6
commit 4e841d6ae7
5 changed files with 94 additions and 3 deletions
--- a/frontend/classes/class.container.php
+++ b/frontend/classes/class.container.php
@ -629,8 +629,10 @@ class Container extends CPHPDatabaseRecordClass
 	
 	public function SetRootPassword($password)
 	{
+		$sPassword = escapeshellarg($password);
+		
 		$this->SetOptions(array(
-			'userpasswd'	=> "root:{$password}"
+			'userpasswd'	=> "root:{$sPassword}"
 		));
 	}
 	
--- a/frontend/locales/english.lng
+++ b/frontend/locales/english.lng
@ -26,9 +26,11 @@ event-years-ago;							%1$d years ago
 title-overview;								Overview
 title-login;								Login to your VPS panel
 title-reinstall;							Reinstall your VPS
+title-password;								Set new root password

 button-login;								Login
 button-reinstall;							Reinstall
+button-password;							Set new root password

 notfound;								The specified VPS was not found.
 footer;									CPHP is a free and open source VPS control panel. <a href="http://cvm.cryto.net/trac/wiki/Contribute">Want to contribute?</a>
@ -46,7 +48,7 @@ menu-console;								Console
 menu-ip;								IP Allocation
 menu-alerts;								Alerts
 menu-api;								API
-menu-password;								Password
+menu-password;								Root Password

 login-username;								Username
 login-password;								Password
@ -86,3 +88,6 @@ list-status-suspended;							Suspended

 reinstall-warning;							I understand that by reinstalling my VPS, <strong>all data on the VPS is permanently lost</strong> and cannot be recovered. There will be no further confirmations, <strong>after clicking the Reinstall button the reinstallation process cannot be aborted.</strong>
 reinstall-patience;							(be patient; this may take a while)
+
+password-field-password;						New root password
+password-field-confirm;							Confirm password
--- a/frontend/module.vps.password.php
+++ b/frontend/module.vps.password.php
@ -0,0 +1,69 @@
+<?php
+/*
+ * CVM is more free software. It is licensed under the WTFPL, which
+ * allows you to do pretty much anything with it, without having to
+ * ask permission. Commercial use is allowed, and no attribution is
+ * required. We do politely request that you share your modifications
+ * to benefit other developers, but you are under no enforced
+ * obligation to do so :)
+ * 
+ * Please read the accompanying LICENSE document for the full WTFPL
+ * licensing text.
+ */
+ 
+if(!isset($_CVM)) { die("Unauthorized."); }
+
+$display_form = true;
+
+if(isset($_POST['submit']))
+{
+	try
+	{
+		if(!empty($_POST['password']) && !empty($_POST['confirm']))
+		{
+			if($_POST['password'] == $_POST['confirm'])
+			{
+				$sContainer->SetRootPassword($_POST['password']);
+				
+				$err = new CPHPErrorHandler(CPHP_ERRORHANDLER_TYPE_SUCCESS, "Password configuration succeeded!", "Your new root password was successfully configured. Please ensure to change your root password again from your container after logging in.");
+				$sPageContents .= $err->Render();
+			}
+			else
+			{
+				$err = new CPHPErrorHandler(CPHP_ERRORHANDLER_TYPE_ERROR, "Passwords do not match", "Both entries should be identical. Please try again.");
+				$sPageContents .= $err->Render();
+			}
+		}
+		else
+		{
+			$err = new CPHPErrorHandler(CPHP_ERRORHANDLER_TYPE_ERROR, "Fields missing", "Both fields are required. Please try again.");
+			$sPageContents .= $err->Render();
+		}
+	}
+	catch (ContainerSuspendedException $e)
+	{
+		$err = new CPHPErrorHandler(CPHP_ERRORHANDLER_TYPE_ERROR, "Failed to configure root password", "You can not configure the root password for this VPS, because it is suspended. If you believe this is in error, please contact support.");
+		$sPageContents .= $err->Render();
+	}
+	catch (ContainerTerminatedException $e)
+	{
+		$err = new CPHPErrorHandler(CPHP_ERRORHANDLER_TYPE_ERROR, "Failed to configure root password", "You can not configure the root password for this VPS, because it is suspended. If you believe this is in error, please contact support.");
+		$sPageContents .= $err->Render();
+	}
+	catch (SshExitException $e)
+	{
+		$err = new CPHPErrorHandler(CPHP_ERRORHANDLER_TYPE_ERROR, "Failed to configure root password", "Your password may be in an invalid format. Try again with a different password.");
+		$sPageContents .= $err->Render();
+	}
+}
+
+if($display_form === true)
+{
+	$err = new CPHPErrorHandler(CPHP_ERRORHANDLER_TYPE_WARNING, "Security warning", "Configuring your root password through this panel may expose it to the VPS provider. Only use this feature in an emergency situation, and always change your password again afterwards, from within your container.");
+	$sPageContents .= $err->Render();
+	
+	$sPageContents .= Templater::InlineRender("vps.password", $locale->strings, array(
+		'id'	=> $sContainer->sId
+	));
+}
+?>
--- a/frontend/module.vps.php
+++ b/frontend/module.vps.php
@ -37,7 +37,8 @@ try
 			'^/([0-9]+)/(start)/?$'		=> "module.vps.overview.php",
 			'^/([0-9]+)/(stop)/?$'		=> "module.vps.overview.php",
 			'^/([0-9]+)/(restart)/?$'	=> "module.vps.overview.php",
-			'^/([0-9]+)/reinstall/?$'	=> "module.vps.reinstall.php"
+			'^/([0-9]+)/reinstall/?$'	=> "module.vps.reinstall.php",
+			'^/([0-9]+)/password/?$'	=> "module.vps.password.php"
 		)
 	);

--- a/frontend/templates/vps.password.tpl
+++ b/frontend/templates/vps.password.tpl
@ -0,0 +1,14 @@
+<h1><%!title-password></h1>
+
+<form method="post" action="/<%?id>/password/">
+	<label class="col_4" for="field_password"><%!password-field-password></label>
+	<input class="col_4" type="password" id="field_password" name="password">
+	<div class="clear"></div>
+	
+	<label class="col_4" for="field_confirm"><%!password-field-confirm></label>
+	<input class="col_4" type="password" id="field_confirm" name="confirm">
+	<div class="clear"></div>
+	
+	<div class="col_4"></div>
+	<button class="col_4" type="submit" name="submit"><%!button-password></button>
+</form>