From a80d39d7b6f26001af9660e0524331ab1647ab60 Mon Sep 17 00:00:00 2001 From: jaredb7 Date: Sat, 13 May 2023 01:07:19 +1000 Subject: [PATCH] Replace all authentication code with a function that does the auth for us Makes things a little tidier and easier to change in the future, a custom message can be passed to authenticateUser() and this is output if the authentication fails. Added protection around Include and Exclude species pages as these still accessible & data can still be written to include and exclude species.txt even with a password. --- homepage/index.php | 22 ++--------- homepage/views.php | 77 +++++++++++--------------------------- scripts/advanced.php | 18 +-------- scripts/common.php | 19 ++++++---- scripts/config.php | 17 +-------- scripts/overview.php | 27 +++----------- scripts/play.php | 88 +++++++++++--------------------------------- 7 files changed, 66 insertions(+), 202 deletions(-) diff --git a/homepage/index.php b/homepage/index.php index bfbd6fa..e4e51b1 100644 --- a/homepage/index.php +++ b/homepage/index.php @@ -29,28 +29,14 @@ echo "

$site_name

"; - } else { - header('WWW-Authenticate: Basic realm="My Realm"'); - header('HTTP/1.0 401 Unauthorized'); - echo 'You cannot listen to the live audio stream'; - exit; - } - } + } } else { echo "
diff --git a/homepage/views.php b/homepage/views.php index 543f109..235676f 100644 --- a/homepage/views.php +++ b/homepage/views.php @@ -118,20 +118,11 @@ if(isset($_GET['view'])){ if($_GET['view'] == "Streamlit"){echo "";} if($_GET['view'] == "Daily Charts"){include('history.php');} if($_GET['view'] == "Tools"){ - parseConfig(); //Authenticate before proceeding - $caddypwd = $config['CADDY_PWD']; - if (!isset($_SERVER['PHP_AUTH_USER'])) { - header('WWW-Authenticate: Basic realm="My Realm"'); - header('HTTP/1.0 401 Unauthorized'); - echo '
You cannot edit the settings for this installation
'; - exit; - } else { - $submittedpwd = $_SERVER['PHP_AUTH_PW']; - $submitteduser = $_SERVER['PHP_AUTH_USER']; - if($submittedpwd == $caddypwd && $submitteduser == 'birdnet'){ - $url = $_SERVER['SERVER_NAME']."/scripts/adminer.php"; - echo "
+ $user_is_authenticated = authenticateUser(); + if ($user_is_authenticated) { + $url = $_SERVER['SERVER_NAME'] . "/scripts/adminer.php"; + echo "
@@ -144,19 +135,14 @@ if(isset($_GET['view'])){
"; - } else { - header('WWW-Authenticate: Basic realm="My Realm"'); - header('HTTP/1.0 401 Unauthorized'); - echo '
You cannot edit the settings for this installation
'; - exit; - } - } + } } if($_GET['view'] == "Recordings"){include('play.php');} if($_GET['view'] == "Settings"){include('scripts/config.php');} if($_GET['view'] == "Advanced"){include('scripts/advanced.php');} if($_GET['view'] == "Included"){ - if(isset($_GET['species']) && isset($_GET['add'])){ + $user_is_authenticated = authenticateUser('You cannot modify the system'); + if(isset($_GET['species']) && isset($_GET['add']) && $user_is_authenticated){ $file = getFilePath('include_species_list.txt'); $str = file_get_contents("$file"); $str = preg_replace("/(^[\r\n]*|[\r\n]+)[\s\t]*[\r\n]+/", "\n", $str); @@ -183,7 +169,8 @@ if(isset($_GET['view'])){ include('./scripts/include_list.php'); } if($_GET['view'] == "Excluded"){ - if(isset($_GET['species']) && isset($_GET['add'])){ + $user_is_authenticated = authenticateUser('You cannot modify the system'); + if(isset($_GET['species']) && isset($_GET['add']) && $user_is_authenticated){ $file = getFilePath('exclude_species_list.txt'); $str = file_get_contents("$file"); $str = preg_replace("/(^[\r\n]*|[\r\n]+)[\s\t]*[\r\n]+/", "\n", $str); @@ -211,40 +198,17 @@ if(isset($_GET['view'])){ echo ""; } if($_GET['view'] == "Webterm"){ - parseConfig(); - //Authenticate before proceeding - $caddypwd = $config['CADDY_PWD']; - if (!isset($_SERVER['PHP_AUTH_USER'])) { - header('WWW-Authenticate: Basic realm="My Realm"'); - header('HTTP/1.0 401 Unauthorized'); - echo '
You cannot access the web terminal
'; - exit; - } else { - $submittedpwd = $_SERVER['PHP_AUTH_PW']; - $submitteduser = $_SERVER['PHP_AUTH_USER']; - if($submittedpwd == $caddypwd && $submitteduser == 'birdnet'){ + //Authenticate before proceeding + $user_is_authenticated = authenticateUser("You cannot access the web terminal"); + if ($user_is_authenticated) { #ACCESS THE WEB TERMINAL echo ""; - } else { - header('WWW-Authenticate: Basic realm="My Realm"'); - header('HTTP/1.0 401 Unauthorized'); - echo '
You cannot access the web terminal
'; - exit; - } - } + } } } elseif(isset($_GET['submit'])) { - parseConfig(); //Authenticate before proceeding - $caddypwd = $config['CADDY_PWD']; - if (!isset($_SERVER['PHP_AUTH_USER'])) { - header('WWW-Authenticate: Basic realm="My Realm"'); - header('HTTP/1.0 401 Unauthorized'); - echo 'You cannot access the web terminal'; - exit; - } else { - $submittedpwd = $_SERVER['PHP_AUTH_PW']; - $submitteduser = $_SERVER['PHP_AUTH_USER']; + $user_is_authenticated = authenticateUser('You cannot modify the system'); + $allowedCommands = array('service stop livestream.service && service stop icecast2.service', 'service restart livestream.service && service restart icecast2.service', 'service disable livestream.service && service disable icecast2 && service stop icecast2.service', @@ -292,7 +256,7 @@ if(isset($_GET['view'])){ 'sudo shutdown now', 'sudo clear_all_data.sh'); $command = $_GET['submit']; - if($submittedpwd == $caddypwd && $submitteduser == 'birdnet' && in_array($command,$allowedCommands)){ + if($user_is_authenticated && in_array($command,$allowedCommands)){ if(isset($command)){ $initcommand = $command; $results = ""; @@ -383,15 +347,16 @@ if(isset($_GET['view'])){ } echo "
Output of command:`".$initcommand."`
$results
"; } else { - header('WWW-Authenticate: Basic realm="My Realm"'); + header('WWW-Authenticate: Basic realm="BirdNET-Pi"'); header('HTTP/1.0 401 Unauthorized'); - echo 'You cannot access the web terminal'; + echo 'You cannot modify the system'; exit; } } - } ob_end_flush(); -} else {include('overview.php');} +} else { + include('overview.php'); +} ?>