Replace all authentication code with a function that does the auth for us
Makes things a little tidier and easier to change in the future, a custom message can be passed to authenticateUser() and this is output if the authentication fails. Added protection around Include and Exclude species pages as these still accessible & data can still be written to include and exclude species.txt even with a password.
This commit is contained in:
+4
-18
@@ -29,28 +29,14 @@ echo "<a href=\"https://github.com/mcguirepr89/BirdNET-Pi.git\" target=\"_blank\
|
||||
<div class="stream">
|
||||
<?php
|
||||
if(isset($_GET['stream'])){
|
||||
$caddypwd = $config['CADDY_PWD'];
|
||||
if (!isset($_SERVER['PHP_AUTH_USER'])) {
|
||||
header('WWW-Authenticate: Basic realm="My Realm"');
|
||||
header('HTTP/1.0 401 Unauthorized');
|
||||
echo 'You cannot listen to the live audio stream';
|
||||
exit;
|
||||
} else {
|
||||
$submittedpwd = $_SERVER['PHP_AUTH_PW'];
|
||||
$submitteduser = $_SERVER['PHP_AUTH_USER'];
|
||||
if($submittedpwd == $caddypwd && $submitteduser == 'birdnet'){
|
||||
echo "
|
||||
$user_is_authenticated = authenticateUser('You cannot listen to the live audio stream');
|
||||
if ($user_is_authenticated) {
|
||||
echo "
|
||||
<audio controls autoplay><source src=\"/stream\"></audio>
|
||||
</div>
|
||||
<h1><a href=\"/\"><img class=\"topimage\" src=\"images/bnp.png\"></a></h1>
|
||||
</div><div class=\"centered\"><h3>$site_name</h3></div>";
|
||||
} else {
|
||||
header('WWW-Authenticate: Basic realm="My Realm"');
|
||||
header('HTTP/1.0 401 Unauthorized');
|
||||
echo 'You cannot listen to the live audio stream';
|
||||
exit;
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
echo "
|
||||
<form action=\"\" method=\"GET\">
|
||||
|
||||
Reference in New Issue
Block a user