1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
|
<?php
/**
* Main API interface between JavaScript ajax calls and PHP functions.
* Accepts JSON, POST data or simple GET requests, and returns JSON data.
*
* @author Ian Moore (imoore76 at yahoo dot com)
* @copyright Copyright (C) 2010-2015 Ian Moore (imoore76 at yahoo dot com)
* @version $Id: api.php 596 2015-04-19 11:50:53Z imoore76 $
* @package phpVirtualBox
* @see vboxconnector
* @see vboxAjaxRequest
*
* @global array $GLOBALS['response'] resopnse data sent back via json
* @name $response
*/
# Turn off PHP errors
error_reporting(E_ALL & ~E_NOTICE & ~E_STRICT & ~E_WARNING);
//Set no caching
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0");
header("Pragma: no-cache");
require_once(dirname(__FILE__).'/lib/config.php');
require_once(dirname(__FILE__).'/lib/utils.php');
require_once(dirname(__FILE__).'/lib/vboxconnector.php');
// Init session
global $_SESSION;
/*
* Clean request
*/
$request = clean_request();
global $response;
$response = array('data'=>array('responseData'=>array()),'errors'=>array(),'persist'=>array(),'messages'=>array());
/*
* Built-in requests
*/
$vbox = null; // May be set during request handling
/**
* Main try / catch. Logic dictated by incoming 'fn' request
* parameter.
*/
try {
/* Check for password recovery file */
if(file_exists(dirname(dirname(__FILE__)).'/recovery.php')) {
throw new Exception('recovery.php exists in phpVirtualBox\'s folder. This is a security hazard. phpVirtualBox will not run until recovery.php has been renamed to a file name that does not end in .php such as <b>recovery.php-disabled</b>.',vboxconnector::PHPVB_ERRNO_FATAL);
}
/* Check for PHP version */
if (!version_compare(PHP_VERSION, '5.2.0', '>=')) {
throw new Exception('phpVirtualBox requires PHP >= 5.2.0, but this server is running version '. PHP_VERSION .'. Please upgrade PHP.');
}
# Only valid function chars
$request['fn'] = preg_replace('[^a-zA-Z0-9_-]', '', $request['fn']);
/* Check for function called */
switch($request['fn']) {
/*
* No method called
*/
case '':
throw new Exception('No method called.');
break;
/*
* Return phpVirtualBox's configuration data
*/
case 'getConfig':
$settings = new phpVBoxConfigClass();
$response['data']['responseData'] = get_object_vars($settings);
$response['data']['responseData']['host'] = parse_url($response['data']['responseData']['location']);
$response['data']['responseData']['host'] = $response['data']['responseData']['host']['host'];
$response['data']['responseData']['phpvboxver'] = @constant('PHPVBOX_VER');
// Session
session_init();
// Hide credentials
unset($response['data']['responseData']['username']);
unset($response['data']['responseData']['password']);
foreach($response['data']['responseData']['servers'] as $k => $v)
$response['data']['responseData']['servers'][$k] = array('name'=>$v['name']);
// Vbox version
$vbox = new vboxconnector();
$response['data']['responseData']['version'] = $vbox->getVersion();
$response['data']['responseData']['hostOS'] = $vbox->vbox->host->operatingSystem;
$response['data']['responseData']['DSEP'] = $vbox->getDsep();
$response['data']['responseData']['groupDefinitionKey'] = ($settings->phpVboxGroups ? vboxconnector::phpVboxGroupKey : 'GUI/GroupDefinitions');
$response['data']['success'] = true;
break;
/*
*
* USER FUNCTIONS FOLLOW
*
*/
/*
* Pass login to authentication module.
*/
case 'login':
// NOTE: Do not break. Fall through to 'getSession
if(!$request['params']['u'] || !$request['params']['p']) {
break;
}
// Session
session_init(true);
$settings = new phpVBoxConfigClass();
// Try / catch here to hide login credentials
try {
$settings->auth->login($request['params']['u'], $request['params']['p']);
} catch(Exception $e) {
throw new Exception($e->getMessage(), $e->getCode());
}
// We're done writing to session
if(function_exists('session_write_close'))
@session_write_close();
/*
* Return $_SESSION data
*/
case 'getSession':
$settings = new phpVBoxConfigClass();
if(method_exists($settings->auth,'autoLoginHook'))
{
// Session
session_init(true);
$settings->auth->autoLoginHook();
// We're done writing to session
if(function_exists('session_write_close'))
@session_write_close();
} else {
session_init();
}
$response['data']['responseData'] = $_SESSION;
$response['data']['success'] = true;
break;
/*
* Change phpVirtualBox password. Passed to auth module's
* changePassword method.
*/
case 'changePassword':
// Session
session_init(true);
$settings = new phpVBoxConfigClass();
$response['data']['success'] = $settings->auth->changePassword($request['params']['old'],
$request['params']['new']);
// We're done writing to session
if(function_exists('session_write_close'))
@session_write_close();
break;
/*
* Get a list of phpVirtualBox users. Passed to auth module's
* getUsers method.
*/
case 'getUsers':
// Session
session_init();
// Must be an admin
if(!$_SESSION['admin']) break;
$settings = new phpVBoxConfigClass();
$response['data']['responseData'] = $settings->auth->listUsers();
$response['date']['success'] = true;
break;
/*
* Remove a phpVirtualBox user. Passed to auth module's
* deleteUser method.
*/
case 'delUser':
// Session
session_init();
// Must be an admin
if(!$_SESSION['admin']) break;
$settings = new phpVBoxConfigClass();
$settings->auth->deleteUser($request['params']['u']);
$response['data']['success'] = true;
break;
/*
* Edit a phpVirtualBox user. Passed to auth module's
* updateUser method.
*/
case 'editUser':
$skipExistCheck = true;
// Fall to addUser
/*
* Add a user to phpVirtualBox. Passed to auth module's
* updateUser method.
*/
case 'addUser':
// Session
session_init();
// Must be an admin
if(!$_SESSION['admin']) break;
$settings = new phpVBoxConfigClass();
$settings->auth->updateUser($request['params'], @$skipExistCheck);
$response['data']['success'] = true;
break;
/*
* Log out of phpVirtualBox. Passed to auth module's
* logout method.
*/
case 'logout':
// Session
session_init(true);
$vbox = new vboxconnector();
$vbox->skipSessionCheck = true;
$settings = new phpVBoxConfigClass();
$settings->auth->logout($response);
session_destroy();
$response['data']['success'] = true;
break;
/*
* If the above cases did not match, assume it is a request
* that should be passed to vboxconnector.
*/
default:
$vbox = new vboxconnector();
/*
* Every 1 minute we'll check that the account has not
* been deleted since login, and update admin credentials.
*/
if($_SESSION['user'] && ((intval($_SESSION['authCheckHeartbeat'])+60) < time())) {
// init session and keep it open
session_init(true);
$vbox->settings->auth->heartbeat($vbox);
// We're done writing to session
if(function_exists('session_write_close'))
@session_write_close();
} else {
// init session but close it
session_init();
}
/*
* Persistent request data
*/
if(is_array($request['persist'])) {
$vbox->persistentRequest = $request['persist'];
}
/*
* Call to vboxconnector
*/
$vbox->$request['fn']($request['params'],array(&$response));
/*
* Send back persistent request in response
*/
if(is_array($vbox->persistentRequest) && count($vbox->persistentRequest)) {
$response['data']['persist'] = $vbox->persistentRequest;
}
break;
} // </switch()>
/*
* Catch all exceptions and populate errors in the
* JSON response data.
*/
} catch (Exception $e) {
// Just append to $vbox->errors and let it get
// taken care of below
if(!$vbox || !$vbox->errors) {
$vbox->errors = array();
}
$vbox->errors[] = $e;
}
// Add any messages
if($vbox && count($vbox->messages)) {
foreach($vbox->messages as $m)
$response['messages'][] = 'vboxconnector('.$request['fn'] .'): ' . $m;
}
// Add other error info
if($vbox && $vbox->errors) {
foreach($vbox->errors as $e) { /* @var $e Exception */
ob_start();
print_r($e);
$d = ob_get_contents();
ob_end_clean();
# Add connection details to connection errors
if($e->getCode() == vboxconnector::PHPVB_ERRNO_CONNECT && isset($vbox->settings))
$d .= "\n\nLocation:" . $vbox->settings->location;
$response['messages'][] = htmlentities($e->getMessage()).' ' . htmlentities($details);
$response['errors'][] = array(
'error'=> ($e->getCode() & vboxconnector::PHPVB_ERRNO_HTML ? $e->getMessage() : htmlentities($e->getMessage())),
'details'=>htmlentities($d),
'errno'=>$e->getCode(),
// Fatal errors halt all processing
'fatal'=>($e->getCode() & vboxconnector::PHPVB_ERRNO_FATAL),
// Connection errors display alternate servers options
'connection'=>($e->getCode() & vboxconnector::PHPVB_ERRNO_CONNECT)
);
}
}
/*
* Return response as JSON encoded data or use PHP's
* print_r to dump data to browser.
*/
if(isset($request['printr'])) {
print_r($response);
} else {
header('Content-type: application/json');
echo(json_encode($response));
}
|
