Browse code

implement multi-user

required additions to handle multiple users authenticated with basic authentication

R.W authored on 21.10.2017 21:41:54
Showing 2 changed files

... ...
@@ -3,9 +3,9 @@
3 3
 ################################################################
4 4
 #
5 5
 # index.php    
6
-# Simple Vault: online password manager
6
+# Simple Vault: multi-user online password manager
7 7
 #
8
-#   Author:  Rolf Brugger
8
+#   Author:  Rolf Brugger / René Wagner
9 9
 #    Email:  mail at rolfb dot ch
10 10
 #
11 11
 # Versions - History:
... ...
@@ -78,6 +78,10 @@ $forcesamepf = '0';
78 78
 $wrongpfdelay = '2';
79 79
 $wrongpfalertthreshold = '10';
80 80
 $vaultfname  = "/var/lib/simplevault/simplevault.txt";
81
+$create_missing_vaultfiles = 0;
82
+$multiuser = 0;
83
+$multiuser_vaultfname = "/var/lib/simplevault/simplevault-[#Username].txt";
84
+
81 85
 date_default_timezone_set('Europe/Zurich');
82 86
 
83 87
 // get settings form configuration file 
... ...
@@ -89,30 +93,36 @@ error_reporting(E_ERROR | E_WARNING | E_PARSE);
89 93
 ini_set('display_errors', '1');
90 94
 
91 95
 // ----------------------------------------------------------------------------------------
92
-// *** Look and Feel / Templates
96
+// *** handle multi-user setting and 
93 97
 // ----------------------------------------------------------------------------------------
98
+if ( $multiuser == 1 ) {
99
+	if ( isset($_SERVER['PHP_AUTH_USER']) ) {
100
+		$vaultfname = str_replace("[#Username]", $_SERVER['PHP_AUTH_USER'], $multiuser_vaultfname);
101
+	} else {
102
+		die ("<p>user is not authenticated.</p><p>Be sure to set up basic authentication with your webserver or disable multiuser-setting in config.</p>");
103
+	}
104
+}
94 105
 
106
+// ----------------------------------------------------------------------------------------
107
+// *** Look and Feel / Templates
108
+// ----------------------------------------------------------------------------------------
95 109
 if (preg_match("/android|iphone/i", $_SERVER["HTTP_USER_AGENT"])) {
96
-  // 
97
-  $defaulttemplate = 'tpl-mobile';
98
-}
99
-else{
100
-  $defaulttemplate = 'tpl-std';
110
+	// 
111
+	$defaulttemplate = 'tpl-mobile';
112
+} else {
113
+	$defaulttemplate = 'tpl-std';
101 114
 }
102 115
 
103 116
 // Override template using HTTP GET variable. Mostly for debugging purposes
104 117
 if( array_key_exists("tpl",$_GET) ) {
105
-  $defaulttemplate = $_GET["tpl"];
118
+	$defaulttemplate = $_GET["tpl"];
106 119
 }
107 120
 
108
-
109 121
 // ----------------------------------------------------------------------------------------
110 122
 // *** Constants
111 123
 // ----------------------------------------------------------------------------------------
112
-
113 124
 $cipher     = 'rijndael-256';
114 125
 
115
-
116 126
 // ----------------------------------------------------------------------------------------
117 127
 // *** Constants - Do not change!
118 128
 // ----------------------------------------------------------------------------------------
... ...
@@ -120,28 +130,33 @@ $preamble    = "svpwdmanag";
120 130
 $nbfields    = 10;
121 131
 $nbencfields = 10;
122 132
 
123
-
124
-// ----------------------------------------------------------------------------------------
125 133
 // ----------------------------------------------------------------------------------------
126
-
127 134
 // *** Initializations
128
-
135
+// ----------------------------------------------------------------------------------------
129 136
 $template = $defaulttemplate;
130 137
 
131 138
 // Load the vault file. Ensure it is writable and readable.
132
-if( file_exists($vaultfname) && is_readable($vaultfname) && is_writable($vaultfname) ) {
133
-  $vltcontents = file_get_contents("$vaultfname");
134
-  if( $vltcontents !== FALSE ) {
135
-    $vlt = explode("\n", $vltcontents);
136
-    unset($vltcontents);
137
-  } else {
138
-    die( "Error reading vault file $vaultfname." );
139
-  }
140
-} else {
141
-  echo "<p>Unable to load vault file $vaultfname. Ensure that:</p><ul><li>The folder <b>" . dirname($vaultfname) . "</b> exists and that the webserver has permission to read/write to it</li><li>The file <b>$vaultfname</b> exists and the webserver has permission to write to it.</li><li>If you want to start with an empty vault, simply create a zero-length file called <b>$vaultfname</b></li></ul>";
142
-  die();
139
+if( !file_exists($vaultfname) ) {
140
+	if ( $create_missing_vaultfiles == 1 ) {
141
+		$newfile = fopen($vaultfname, "w");
142
+		fclose($newfile);
143
+	} else {
144
+		die ("<p>Unable to load vault file $vaultfname. Ensure that:</p><ul><li>The folder <b>" . dirname($vaultfname) . "</b> exists and that the webserver has permission to read/write to it</li><li>The file <b>$vaultfname</b> exists and the webserver has permission to write to it.</li><li>If you want to start with an empty vault, simply create a zero-length file called <b>$vaultfname</b></li></ul>");
145
+	}
146
+}
147
+
148
+if ( !is_readable($vaultfname) || !is_writable($vaultfname) ) {
149
+	die ("<p>Unable to load vault file $vaultfname. Ensure that:</p><ul><li>The folder <b>" . dirname($vaultfname) . "</b> exists and that the webserver has permission to read/write to it</li><li>The file <b>$vaultfname</b> exists and the webserver has permission to write to it.</li><li>If you want to start with an empty vault, simply create a zero-length file called <b>$vaultfname</b></li></ul>");
143 150
 }
144 151
 
152
+$vltcontents = file_get_contents("$vaultfname");
153
+if( $vltcontents !== FALSE ) {
154
+	$vlt = explode("\n", $vltcontents);
155
+	unset($vltcontents);
156
+} else {
157
+	die( "Error reading vault file $vaultfname." );
158
+}
159
+	
145 160
 if(count($vlt)==1 and strlen($vlt[0])==0){$vlt=array();} // fix php-explode bug of an empty file
146 161
 $cats = categories($vlt);
147 162
 
... ...
@@ -773,4 +788,4 @@ function selfURL(){
773 788
 
774 789
 /* -------------------------------------------------------------------------- */
775 790
 /* -------------------------------------------------------------------------- */
776
-?>
791
+?>
777 792
\ No newline at end of file
... ...
@@ -44,6 +44,21 @@ $forcesamepf = 'c';
44 44
 $vaultfname  = "/var/lib/simplevault/simplevault.txt";  // good location for a not web readable vault file 
45 45
 //$vaultfname  = "vault/simplevault.txt";  // possible location for a web readable vault file (this is less secure)
46 46
 
47
+// enable this setting (set to 1), when vault-files should automatically be created if not existent
48
+// if set to 0 (zero), simplevault will stop with an error when the vaultfile is missing
49
+$create_missing_vaultfiles = 0;
50
+
51
+// enable multi-user environment
52
+// you need to set up "basic authentication" with you webserver (see link below) and modify the setting $multiuser_vaultfname to your needs
53
+// https://wiki.selfhtml.org/wiki/Webserver/htaccess/Passwortschutz
54
+$multiuser = 1;
55
+
56
+// path to user specific vault-files
57
+// use the placeholder [#Username] to distinguish vaultfiles between users, [#Username] will be replaced with the name the user authenticates
58
+// e.g.
59
+// "/var/lib/simplevault/[#Username]/simplevault.txt"
60
+// "/var/lib/simplevault/simplevault-[#Username].txt"
61
+$multiuser_vaultfname = "/var/lib/simplevault/simplevault-[#Username].txt";
47 62
 
48 63
 // Suppress warnings about unsecure non-SSL HTTP connections. Normally SimpleVault will
49 64
 // put a warning up if the connection is not encrypted. You can silence this warning by