new admin.php and better random.php

git-svn-id: https://silmor.de/svn/softmagic/smoke/trunk@317 6e3c4bff-ac9f-4ac1-96c5-d2ea494d3e33

diff --git a/www/admin.php b/www/admin.php
index ae90962..5f53c01 100644 (file)
--- a/www/admin.php
+++ b/www/admin.php
@@ -18,6 +18,8 @@ function form($m="GET")
        }else
                print("<form action=\"".$_SERVER["SCRIPT_NAME"]."\" method=\"".$m."\">\n");
 }
+
+include_once('./inc/classes/random.php');
 ?>
 <h1>Magic Smoke Admin Utility</h1>
 
@@ -104,21 +106,25 @@ if(isset($_POST["adminuser"])&&isset($_POST["adminpwd1"])&&isset($_POST["adminpw
        }
        //does user exist?
        $un=$_POST["adminuser"];
-       $usr=$db->select("users","uname","uname=".$db->escapeString($un));
+       $usr=$db->select("user","uname","uname=".$db->escapeString($un));
        if(count($usr)>0){
                print("Error: User already exists.<p>");
                break;
        }
        //create user
-       $db->insert("users",array("uname"=>$un,"passwd"=>$_POST["adminpwd1"]));
+       $salt=getSalt();
+       $pwd=$salt." ".sha1($salt.$_POST["adminpwd1"]);
+       $db->insert("user",array("uname"=>$un,"passwd"=>$pwd,"flags"=>"admin"));
        //make it admin
        $db->insert("userrole",array("uname"=>$un,"role"=>"_admin"));
        //allow it on all hosts
-       $db->insert("userhosts",array("uname"=>$un,"host"=>"_anon"));
-       $db->insert("userhosts",array("uname"=>$un,"host"=>"_any"));
-       $db->insert("userhosts",array("uname"=>$un,"host"=>"_online"));
+       $db->insert("userhost",array("uname"=>$un,"host"=>"_any"));
 }
 }while(0);
+
+if(isset($_GET["addanyhost"])){
+       $db->insert("userhost",array("uname"=>$_GET["addanyhost"], "host"=>"_any"));
+}
 ?>
 
 List of Admins:
@@ -126,7 +132,11 @@ List of Admins:
 <?
 $admlst=$db->select("userrole","uname","role='_admin'");
 for($i=0;$i<count($admlst);$i++){
-       print("<li>".$admlst[$i][0]."</li>");
+       print("<li>".$admlst[$i][0]);
+       $hst=$db->select("userhost","uname","host='_any' AND uname=".$db->escapeString($admlst[$i][0]));
+       if(count($hst)<1)
+               print(" <a href=\"admin.php?addanyhost=".urlencode($admlst[$i][0])."\">Add _any host.</a>");
+       print("</li>\n");
 }
 ?>
 </ul><p>
@@ -139,6 +149,49 @@ for($i=0;$i<count($admlst);$i++){
 <tr><td>Repeat Password:</td><td><input type="password" name="adminpwd2"></td></tr>
 </table>
 <input type="submit" value="Create">
+</form><p/>
+
+<h2>Checking for Hosts</h2>
+
+<?
+if(isset($_POST["updatehost"])){
+       if(!is_uploaded_file($_FILES["host"]["tmp_name"]))
+               die("Trying to work on non-uploaded file. Abort.");
+       $host=file($_FILES["host"]["tmp_name"]);
+//     print_r($host);
+       if(count($host)<3)
+               die("Trying to work on non-host file (<3 lines). Abort.");
+       if(trim($host[0])!="MagicSmokeHostKey")
+               die("Trying to work on non-host file (header mismatch). Abort.");
+       $salt=getSalt();
+       $key=$salt." ".sha1($salt.trim($host[2]));
+       $hname=$db->escapeString(trim($host[1]));
+//     print_r($key);
+       $data=array("hostname" => trim($host[1]), "hostkey" => $key);
+       $res=$db->select("host","hostname","hostname=".$hname);
+       if(count($res)>0)
+               $db->update("host",$data,"hostname=".$hname);
+       else
+               $db->insert("host",$data);
+       unlink($_FILES["host"]["tmp_name"]);
+       print("<font color=\"green\">Successfully updated ".$host[1].".</font><p>\n");
+}
+?>
+
+List of Hosts:
+<ul>
+<?
+$hlst=$db->select("host","hostname","");
+for($i=0;$i<count($hlst);$i++){
+       print("<li>".$hlst[$i][0]."</li>\n");
+}
+?>
+</ul><p>
+
+<b>Import Host File:</b><br>
+<? form("FILE"); ?>
+<input type="file" name="host"><br>
+<input type="submit" name="updatehost" value="Upload">
 </form>
 
 </html>
\ No newline at end of file

diff --git a/www/inc/classes/random.php b/www/inc/classes/random.php
index 34eadab..b65a7d3 100644 (file)
--- a/www/inc/classes/random.php
+++ b/www/inc/classes/random.php
@@ -12,10 +12,23 @@
 //
 //
 
-//TODO: try to use /dev/random
+//try to use /dev/*random
+function randseedfile($fn,$sz)
+{
+       $fd=fopen($fn,"r");
+       stream_set_blocking($fd,0);
+       global $RANDSEED;
+       $RANDSEED.=sha1(fread($fd,$sz));
+       fclose($fd);
+}
 
 //get current random seed
-$RANDSEED=$db->getConfig("randseed");
+$RANDSEED="".microtime();
+$RANDCTR=0;
+if($db->canUseDb())$RANDSEED.=$db->getConfig("randseed");
+if(file_exists("/dev/urandom"))randseedfile("/dev/urandom",64);
+if(file_exists("/dev/random"))randseedfile("/dev/random",16);
+if(isset($_SERVER["UNIQUE_ID"]))$RANDSEED.=$_SERVER["UNIQUE_ID"];
 
 /**add some seed into the random function*/
 function randseed($rand)
@@ -30,15 +43,15 @@ function getRandom($bits)
        //number of digits...
        $bits/=4;
        //init
-       global $RANDSEED,$db;
+       global $RANDSEED,$db,$RANDCTR;
        $ret="";$ctr=0;
        //get string
        while(strlen($ret)<$bits){
-               $ctr++;
-               $ret.=sha1($RANDSEED.microtime().$ctr);
+               $ret.=sha1($RANDSEED.microtime().$RANDCTR);
+               $RANDCTR++;
        }
        //rewrite seed to DB
-       $RANDSEED=sha1($RANDSEED.microtime().$ret);
+       $RANDSEED=sha1($RANDSEED.microtime().$ret.$RANDCTR);$RANDCTR=0;
        $db->setConfig("randseed",$RANDSEED);
        //return
        return substr($ret,0,$bits);