From a6d8f37f45edf75507c955eb33aacca7f01436b2 Mon Sep 17 00:00:00 2001 From: Patrick McGuire <60325264+mcguirepr89@users.noreply.github.com> Date: Fri, 29 Apr 2022 09:39:14 -0400 Subject: [PATCH] Update views.php --- homepage/views.php | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/homepage/views.php b/homepage/views.php index cd04e71..942f6bf 100644 --- a/homepage/views.php +++ b/homepage/views.php @@ -185,7 +185,33 @@ if(isset($_GET['view'])){ } } } elseif(isset($_GET['submit'])) { - $command = $_GET['submit']; + if (file_exists('./scripts/thisrun.txt')) { + $config = parse_ini_file('./scripts/thisrun.txt'); + } elseif (file_exists('./scripts/firstrun.ini')) { + $config = parse_ini_file('./scripts/firstrun.ini'); + } + $caddypwd = $config['CADDY_PWD']; + if (!isset($_SERVER['PHP_AUTH_USER'])) { + header('WWW-Authenticate: Basic realm="My Realm"'); + header('HTTP/1.0 401 Unauthorized'); + echo 'You cannot access the web terminal'; + exit; + } else { + $submittedpwd = $_SERVER['PHP_AUTH_PW']; + $submitteduser = $_SERVER['PHP_AUTH_USER']; + if($submittedpwd == $caddypwd && $submitteduser == 'birdnet'){ + $command = $_GET['submit']; + if(isset($command)){ + $results = shell_exec("$command 2>&1"); + echo "
$results"; + } else { + header('WWW-Authenticate: Basic realm="My Realm"'); + header('HTTP/1.0 401 Unauthorized'); + echo 'You cannot access the web terminal'; + exit; + } + } + } ob_end_flush(); } else {include('overview.php');} ?>