diff --git a/scripts/common.php b/scripts/common.php
index a7151a4..d239edb 100644
--- a/scripts/common.php
+++ b/scripts/common.php
@@ -94,6 +94,7 @@ $langs = array(
//Reference to database connection
$DB_CONN = null;
+$USER_AUTHENTICATED = false;
/**
* Connects to the bird.db SQLite3 database
@@ -610,6 +611,13 @@ function deleteDetection($filename)
$message = '';
$data_to_return = null;
+ //Check authentication before going any further
+ //the front end would have done this check already and such should pass
+ authenticateUser();
+ if (!userIsAuthenticated()) {
+ return [];
+ }
+
$filename_exploded = explode("/", $filename);
$actual_filename = $filename_exploded[2];
@@ -717,6 +725,13 @@ function frequencyShiftDetectionAudio($filename, $performShift = null)
$message = '';
$data_to_return = null;
+ //Check authentication before going any further
+ //the front end would have done this check already and such should pass
+ authenticateUser();
+ if (!userIsAuthenticated()) {
+ return [];
+ }
+
$shifted_path = getDirectory('shifted_audio') . '/';
$pp = pathinfo($filename);
@@ -729,18 +744,17 @@ function frequencyShiftDetectionAudio($filename, $performShift = null)
$freqshift_tool = $config['FREQSHIFT_TOOL'];
if ($freqshift_tool == "ffmpeg") {
- $cmd = "sudo /usr/bin/nohup /usr/bin/ffmpeg -y -i \"" . $pi . $filename . "\" -af \"rubberband=pitch=" . $config['FREQSHIFT_LO'] . "/" . $config['FREQSHIFT_HI'] . "\" \"" . $shifted_path . $filename . "\"";
+ $cmd = "sudo /usr/bin/nohup /usr/bin/ffmpeg -y -i " . escapeshellarg($pi . $filename) . " -af \"rubberband=pitch=" . $config['FREQSHIFT_LO'] . "/" . $config['FREQSHIFT_HI'] . "\" " . escapeshellarg($shifted_path . $filename) . "";
shell_exec("sudo mkdir -p " . $shifted_path . $dir . " && " . $cmd);
-
} else if ($freqshift_tool == "sox") {
//linux.die.net/man/1/sox
$soxopt = "-q";
$soxpitch = $config['FREQSHIFT_PITCH'];
- $cmd = "sudo /usr/bin/nohup /usr/bin/sox \"" . $pi . $filename . "\" \"" . $shifted_path . $filename . "\" pitch " . $soxopt . " " . $soxpitch;
+ $cmd = "sudo /usr/bin/nohup /usr/bin/sox " . escapeshellarg($pi . $filename) . " " . escapeshellarg($shifted_path . $filename) . " pitch " . $soxopt . " " . $soxpitch;
shell_exec("sudo mkdir -p " . $shifted_path . $dir . " && " . $cmd);
}
} else {
- $cmd = "sudo rm -f " . $shifted_path . $filename;
+ $cmd = "sudo rm -f " . escapeshellarg($shifted_path . $filename);
shell_exec($cmd);
}
@@ -1159,6 +1173,13 @@ function saveSetting($setting_name, $setting_value, $post_save_command = null)
{
global $config;
+ //Check authentication before going any further
+ //the front end would have done this check already and such should pass
+ authenticateUser();
+ if(!userIsAuthenticated()){
+ return;
+ }
+
//Setting exists already, see if the value changed
if (array_key_exists($setting_name, $config)) {
//Strip any outer quotes from the setting value (e.g "$rec_card") and then test if it change how it was originally tested
@@ -1261,6 +1282,13 @@ function executeSysCommand($command_type, $extra_data_to_pass = null)
{
global $user, $home;
+ //Check authentication before going any further
+ //the front end would have done this check already and such should pass
+ authenticateUser();
+ if(!userIsAuthenticated()){
+ return "";
+ }
+
$command_type = strtolower($command_type);
$result = null;
@@ -1299,11 +1327,11 @@ function executeSysCommand($command_type, $extra_data_to_pass = null)
$result = serviceMaintenance('restart spectrogram_viewer.service');
//
} else if ($command_type == "set_date") {
- $command = "sudo date -s '" . $extra_data_to_pass['date'] . " " . $extra_data_to_pass['time'] . "'";
+ $command = "sudo date -s '" . escapeshellcmd($extra_data_to_pass['date']) . " " . escapeshellcmd($extra_data_to_pass['time']) . "'";
$result = shell_exec($command);
//
} else if ($command_type == "set_timezone") {
- $command = "sudo timedatectl set-timezone $extra_data_to_pass";
+ $command = "sudo timedatectl set-timezone " . escapeshellcmd($extra_data_to_pass);
$result = shell_exec($command);
//
} else if ($command_type == "test_threshold") {
@@ -1344,6 +1372,13 @@ function serviceMaintenance($command)
$command = trim($command);
$result = "";
+ //Check authentication before going any further
+ //the front end would have done this check already and such should pass
+ authenticateUser();
+ if(!userIsAuthenticated()){
+ return "";
+ }
+
///e.g $command = 'service stop livestream.service', match the service name
////// BIRDNET LOG SERVICE //////
if (strpos($command, 'birdnet_log.service') !== false) {
@@ -1529,20 +1564,26 @@ function relativeTime($ts)
*/
function syslog_shell_exec($cmd, $sudo_user = null)
{
- if ($sudo_user) {
- $cmd = "sudo -u $sudo_user $cmd";
- }
- $output = shell_exec($cmd);
+ $output = "";
+ //Check authentication before going any further
+ //the front end would have done this check already and such should pass
+ authenticateUser();
+ if(userIsAuthenticated()){
+ if ($sudo_user) {
+ $cmd = "sudo -u $sudo_user $cmd";
+ }
+ $output = shell_exec($cmd);
- if (strlen($output) > 0) {
- syslog(LOG_INFO, $output);
+ if (strlen($output) > 0) {
+ syslog(LOG_INFO, $output);
+ }
}
return $output;
}
/**
- * Loads in configuration settings from either this or firstrun.txt
+ * Loads in configuration settings from either thisrun or firstrun.txt
*
* @return void
*/
@@ -1566,8 +1607,8 @@ function parseConfig()
function updateAppriseConfig($apprise_config)
{
if (isset($apprise_config)) {
- $appriseconfig = fopen(getFilePath("apprise.txt"), "w");
- fwrite($appriseconfig, $apprise_config);
+ $appriseconfig_config_file = fopen(getFilePath("apprise.txt"), "w");
+ fwrite($appriseconfig_config_file, $apprise_config);
}
}
@@ -1671,6 +1712,50 @@ function getServiceStatus($name)
return ["status" => $status, "message" => $message];
}
+/**
+ * Returns the boolean flag
+ * @return false
+ */
+function userIsAuthenticated()
+{
+ global $USER_AUTHENTICATED;
+ return $USER_AUTHENTICATED;
+}
+
+/**
+ * When called authenticates the user using the built in PHP_AUTH
+ * This will automatically
+ *
+ * @return void
+ */
+function authenticateUser()
+{
+ global $config, $USER_AUTHENTICATED;
+ parseConfig();
+ $USER_AUTHENTICATED = false;
+
+ $caddypwd = $config['CADDY_PWD'];
+ if (!isset($_SERVER['PHP_AUTH_USER'])) {
+ header('WWW-Authenticate: Basic realm="My Realm"');
+ header('HTTP/1.0 401 Unauthorized');
+ echo '
| You cannot edit the settings for this installation |
';
+ exit;
+ } else {
+ //Read the supplied details
+ $submittedpwd = $_SERVER['PHP_AUTH_PW'];
+ $submitteduser = $_SERVER['PHP_AUTH_USER'];
+ //
+ if ($submittedpwd !== $caddypwd || $submitteduser !== 'birdnet') {
+ header('WWW-Authenticate: Basic realm="My Realm"');
+ header('HTTP/1.0 401 Unauthorized');
+ echo '| You cannot edit the settings for this installation |
';
+ exit;
+ } else {
+ $USER_AUTHENTICATED = true;
+ }
+ }
+}
+
/**
* Logging helper to accept a message and process it accordingly
* @param $message
diff --git a/scripts/config.php b/scripts/config.php
index 6c8deac..fbc2d5f 100644
--- a/scripts/config.php
+++ b/scripts/config.php
@@ -1,8 +1,9 @@