From 66863f2e6ba3cfa5a04f9910c88104b232da6ee7 Mon Sep 17 00:00:00 2001 From: jaredb7 Date: Fri, 12 May 2023 23:09:15 +1000 Subject: [PATCH] Save password last to avoid auth check preventing saving other settings Because saveSetting() checks each time to see that the user has authenticated, if the password is changed first then very next setting will cause a auth prompt (as the password changed) and if cancelled then the other setting won't save. Putting it last will allow us to save all the other setting and then change the password, then the next attempt to execute a action or access a page that required auth will prompt the user the the password. --- scripts/advanced.php | 37 ++++++++++++++++++++++--------------- scripts/common.php | 30 +++++++----------------------- 2 files changed, 29 insertions(+), 38 deletions(-) diff --git a/scripts/advanced.php b/scripts/advanced.php index 751ccb8..9132cc6 100644 --- a/scripts/advanced.php +++ b/scripts/advanced.php @@ -23,26 +23,11 @@ if (!isset($_SERVER['PHP_AUTH_USER'])) { } if(isset($_GET['submit'])) { - if(isset($_GET["caddy_pwd"])) { - $caddy_pwd = $_GET["caddy_pwd"]; - saveSetting('CADDY_PWD', "\"$caddy_pwd\""); - //Make sure the caddy file is set directly - update_caddyfile(); - } - if(isset($_GET["ice_pwd"])) { $ice_pwd = $_GET["ice_pwd"]; saveSetting('ICE_PWD', $ice_pwd); } - if(isset($_GET["birdnetpi_url"])) { - $birdnetpi_url = $_GET["birdnetpi_url"]; - // remove trailing slash to prevent conf from becoming broken - $birdnetpi_url = rtrim($birdnetpi_url, '/'); - saveSetting('BIRDNETPI_URL', $birdnetpi_url); - update_caddyfile(); - } - if(isset($_GET["rtsp_stream"])) { $rtsp_stream = str_replace("\r\n", ",", $_GET["rtsp_stream"]); saveSetting('RTSP_STREAM', "\"$rtsp_stream\"", ['restart birdnet_recording', 'restart livestream']); @@ -165,6 +150,28 @@ if(isset($_GET['submit'])) { saveSetting('LogLevel_LiveAudioStreamService', "\"$livestream_audio_service_log_level\"",['restart livestream','restart icecast2']); } + + if(isset($_GET["birdnetpi_url"])) { + $birdnetpi_url = $_GET["birdnetpi_url"]; + // remove trailing slash to prevent conf from becoming broken + $birdnetpi_url = rtrim($birdnetpi_url, '/'); + saveSetting('BIRDNETPI_URL', $birdnetpi_url); + update_caddyfile(); + } + + if(isset($_GET["caddy_pwd"])) { + $caddy_pwd_value = ""; + $caddy_pwd = $_GET["caddy_pwd"]; + //If the BirdNET-Pi Password is empty, return a empty string instead of a string that was surrounded by double quotes + //else return the supplied password + //so in the ini file ['CADDY_PWD']= , instead of ['CADDY_PWD']="" (which still prompts for auth but password is required) + //this returns the password setting to it's default state when no password is set + $caddy_pwd_value = !empty($caddy_pwd) ? "\"$caddy_pwd\"" : ""; + + saveSetting('CADDY_PWD', "$caddy_pwd_value"); + //Make sure the caddy file is set directly + update_caddyfile(); + } } $count = getLabelsCount(); diff --git a/scripts/common.php b/scripts/common.php index 96c533d..805a2bb 100644 --- a/scripts/common.php +++ b/scripts/common.php @@ -614,9 +614,6 @@ function deleteDetection($filename) //Check authentication before going any further //the front end would have done this check already and such should pass authenticateUser(); - if (!userIsAuthenticated()) { - return []; - } $filename_exploded = explode("/", $filename); $actual_filename = $filename_exploded[2]; @@ -728,9 +725,6 @@ function frequencyShiftDetectionAudio($filename, $performShift = null) //Check authentication before going any further //the front end would have done this check already and such should pass authenticateUser(); - if (!userIsAuthenticated()) { - return []; - } $shifted_path = getDirectory('shifted_audio') . '/'; @@ -1176,9 +1170,6 @@ function saveSetting($setting_name, $setting_value, $post_save_command = null) //Check authentication before going any further //the front end would have done this check already and such should pass authenticateUser(); - if(!userIsAuthenticated()){ - return; - } //Setting exists already, see if the value changed if (array_key_exists($setting_name, $config)) { @@ -1285,9 +1276,6 @@ function executeSysCommand($command_type, $extra_data_to_pass = null) //Check authentication before going any further //the front end would have done this check already and such should pass authenticateUser(); - if(!userIsAuthenticated()){ - return ""; - } $command_type = strtolower($command_type); $result = null; @@ -1382,9 +1370,6 @@ function serviceMaintenance($command) //Check authentication before going any further //the front end would have done this check already and such should pass authenticateUser(); - if(!userIsAuthenticated()){ - return ""; - } ///e.g $command = 'service stop livestream.service', match the service name ////// BIRDNET LOG SERVICE ////// @@ -1575,15 +1560,14 @@ function syslog_shell_exec($cmd, $sudo_user = null) //Check authentication before going any further //the front end would have done this check already and such should pass authenticateUser(); - if(userIsAuthenticated()){ - if ($sudo_user) { - $cmd = "sudo -u $sudo_user $cmd"; - } - $output = shell_exec($cmd); - if (strlen($output) > 0) { - syslog(LOG_INFO, $output); - } + if ($sudo_user) { + $cmd = "sudo -u $sudo_user $cmd"; + } + $output = shell_exec($cmd); + + if (strlen($output) > 0) { + syslog(LOG_INFO, $output); } return $output;