Save password last to avoid auth check preventing saving other settings

Because saveSetting() checks each time to see that the user has authenticated, if the password is changed first then very next setting will cause a auth prompt (as the password changed) and if cancelled then the other setting won't save.

Putting it last will allow us to save all the other setting and then change the password, then the next attempt to execute a action or access a page that required auth will prompt the user the the password.
This commit is contained in:
jaredb7
2023-05-12 23:09:15 +10:00
parent 6af59a2908
commit 66863f2e6b
2 changed files with 29 additions and 38 deletions
+22 -15
View File
@@ -23,26 +23,11 @@ if (!isset($_SERVER['PHP_AUTH_USER'])) {
}
if(isset($_GET['submit'])) {
if(isset($_GET["caddy_pwd"])) {
$caddy_pwd = $_GET["caddy_pwd"];
saveSetting('CADDY_PWD', "\"$caddy_pwd\"");
//Make sure the caddy file is set directly
update_caddyfile();
}
if(isset($_GET["ice_pwd"])) {
$ice_pwd = $_GET["ice_pwd"];
saveSetting('ICE_PWD', $ice_pwd);
}
if(isset($_GET["birdnetpi_url"])) {
$birdnetpi_url = $_GET["birdnetpi_url"];
// remove trailing slash to prevent conf from becoming broken
$birdnetpi_url = rtrim($birdnetpi_url, '/');
saveSetting('BIRDNETPI_URL', $birdnetpi_url);
update_caddyfile();
}
if(isset($_GET["rtsp_stream"])) {
$rtsp_stream = str_replace("\r\n", ",", $_GET["rtsp_stream"]);
saveSetting('RTSP_STREAM', "\"$rtsp_stream\"", ['restart birdnet_recording', 'restart livestream']);
@@ -165,6 +150,28 @@ if(isset($_GET['submit'])) {
saveSetting('LogLevel_LiveAudioStreamService', "\"$livestream_audio_service_log_level\"",['restart livestream','restart icecast2']);
}
if(isset($_GET["birdnetpi_url"])) {
$birdnetpi_url = $_GET["birdnetpi_url"];
// remove trailing slash to prevent conf from becoming broken
$birdnetpi_url = rtrim($birdnetpi_url, '/');
saveSetting('BIRDNETPI_URL', $birdnetpi_url);
update_caddyfile();
}
if(isset($_GET["caddy_pwd"])) {
$caddy_pwd_value = "";
$caddy_pwd = $_GET["caddy_pwd"];
//If the BirdNET-Pi Password is empty, return a empty string instead of a string that was surrounded by double quotes
//else return the supplied password
//so in the ini file ['CADDY_PWD']= , instead of ['CADDY_PWD']="" (which still prompts for auth but password is required)
//this returns the password setting to it's default state when no password is set
$caddy_pwd_value = !empty($caddy_pwd) ? "\"$caddy_pwd\"" : "";
saveSetting('CADDY_PWD', "$caddy_pwd_value");
//Make sure the caddy file is set directly
update_caddyfile();
}
}
$count = getLabelsCount();
+7 -23
View File
@@ -614,9 +614,6 @@ function deleteDetection($filename)
//Check authentication before going any further
//the front end would have done this check already and such should pass
authenticateUser();
if (!userIsAuthenticated()) {
return [];
}
$filename_exploded = explode("/", $filename);
$actual_filename = $filename_exploded[2];
@@ -728,9 +725,6 @@ function frequencyShiftDetectionAudio($filename, $performShift = null)
//Check authentication before going any further
//the front end would have done this check already and such should pass
authenticateUser();
if (!userIsAuthenticated()) {
return [];
}
$shifted_path = getDirectory('shifted_audio') . '/';
@@ -1176,9 +1170,6 @@ function saveSetting($setting_name, $setting_value, $post_save_command = null)
//Check authentication before going any further
//the front end would have done this check already and such should pass
authenticateUser();
if(!userIsAuthenticated()){
return;
}
//Setting exists already, see if the value changed
if (array_key_exists($setting_name, $config)) {
@@ -1285,9 +1276,6 @@ function executeSysCommand($command_type, $extra_data_to_pass = null)
//Check authentication before going any further
//the front end would have done this check already and such should pass
authenticateUser();
if(!userIsAuthenticated()){
return "";
}
$command_type = strtolower($command_type);
$result = null;
@@ -1382,9 +1370,6 @@ function serviceMaintenance($command)
//Check authentication before going any further
//the front end would have done this check already and such should pass
authenticateUser();
if(!userIsAuthenticated()){
return "";
}
///e.g $command = 'service stop livestream.service', match the service name
////// BIRDNET LOG SERVICE //////
@@ -1575,15 +1560,14 @@ function syslog_shell_exec($cmd, $sudo_user = null)
//Check authentication before going any further
//the front end would have done this check already and such should pass
authenticateUser();
if(userIsAuthenticated()){
if ($sudo_user) {
$cmd = "sudo -u $sudo_user $cmd";
}
$output = shell_exec($cmd);
if (strlen($output) > 0) {
syslog(LOG_INFO, $output);
}
if ($sudo_user) {
$cmd = "sudo -u $sudo_user $cmd";
}
$output = shell_exec($cmd);
if (strlen($output) > 0) {
syslog(LOG_INFO, $output);
}
return $output;