Replace all authentication code with a function that does the auth for us
Makes things a little tidier and easier to change in the future, a custom message can be passed to authenticateUser() and this is output if the authentication fails. Added protection around Include and Exclude species pages as these still accessible & data can still be written to include and exclude species.txt even with a password.
This commit is contained in:
+2
-16
@@ -5,22 +5,8 @@ if(file_exists('./scripts/common.php')){
|
||||
include_once "./common.php";
|
||||
}
|
||||
|
||||
$caddypwd = $config['CADDY_PWD'];
|
||||
if (!isset($_SERVER['PHP_AUTH_USER'])) {
|
||||
header('WWW-Authenticate: Basic realm="My Realm"');
|
||||
header('HTTP/1.0 401 Unauthorized');
|
||||
echo '<table><tr><td>You cannot edit the settings for this installation</td></tr></table>';
|
||||
exit;
|
||||
} else {
|
||||
$submittedpwd = $_SERVER['PHP_AUTH_PW'];
|
||||
$submitteduser = $_SERVER['PHP_AUTH_USER'];
|
||||
if($submittedpwd !== $caddypwd || $submitteduser !== 'birdnet'){
|
||||
header('WWW-Authenticate: Basic realm="My Realm"');
|
||||
header('HTTP/1.0 401 Unauthorized');
|
||||
echo '<table><tr><td>You cannot edit the settings for this installation</td></tr></table>';
|
||||
exit;
|
||||
}
|
||||
}
|
||||
//Authenticate before going any further
|
||||
authenticateUser('You cannot edit the settings for this installation');
|
||||
|
||||
if(isset($_GET['submit'])) {
|
||||
if(isset($_GET["ice_pwd"])) {
|
||||
|
||||
+11
-8
@@ -1714,12 +1714,13 @@ function userIsAuthenticated()
|
||||
}
|
||||
|
||||
/**
|
||||
* When called authenticates the user using the built in PHP_AUTH
|
||||
* This will automatically
|
||||
* When called, authenticates the user using the built-in PHP_AUTH. This is the orignial authentication code just wrapped in a function
|
||||
* This will automatically terminate the script if authentication fails
|
||||
*
|
||||
* @return void
|
||||
* @param $rejection_message string Message to return to the user if authentication fails
|
||||
* @return bool
|
||||
*/
|
||||
function authenticateUser()
|
||||
function authenticateUser($rejection_message = "You cannot edit the settings for this installation")
|
||||
{
|
||||
global $config, $USER_AUTHENTICATED;
|
||||
parseConfig();
|
||||
@@ -1727,9 +1728,9 @@ function authenticateUser()
|
||||
|
||||
$caddypwd = $config['CADDY_PWD'];
|
||||
if (!isset($_SERVER['PHP_AUTH_USER'])) {
|
||||
header('WWW-Authenticate: Basic realm="My Realm"');
|
||||
header('WWW-Authenticate: Basic realm="BirdNET-Pi"');
|
||||
header('HTTP/1.0 401 Unauthorized');
|
||||
echo '<table><tr><td>You cannot edit the settings for this installation</td></tr></table>';
|
||||
echo '<table><tr><td>' . $rejection_message . '</td></tr></table>';
|
||||
exit;
|
||||
} else {
|
||||
//Read the supplied details
|
||||
@@ -1737,14 +1738,16 @@ function authenticateUser()
|
||||
$submitteduser = $_SERVER['PHP_AUTH_USER'];
|
||||
//
|
||||
if ($submittedpwd !== $caddypwd || $submitteduser !== 'birdnet') {
|
||||
header('WWW-Authenticate: Basic realm="My Realm"');
|
||||
header('WWW-Authenticate: Basic realm="BirdNET-Pi"');
|
||||
header('HTTP/1.0 401 Unauthorized');
|
||||
echo '<table><tr><td>You cannot edit the settings for this installation</td></tr></table>';
|
||||
echo '<table><tr><td>' . $rejection_message . '</td></tr></table>';
|
||||
exit;
|
||||
} else {
|
||||
$USER_AUTHENTICATED = true;
|
||||
}
|
||||
}
|
||||
|
||||
return $USER_AUTHENTICATED;
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
+1
-16
@@ -9,22 +9,7 @@ if (file_exists('./scripts/common.php')) {
|
||||
parseConfig();
|
||||
|
||||
//Authenticate first before allowing further execution
|
||||
$caddypwd = $config['CADDY_PWD'];
|
||||
if (!isset($_SERVER['PHP_AUTH_USER'])) {
|
||||
header('WWW-Authenticate: Basic realm="My Realm"');
|
||||
header('HTTP/1.0 401 Unauthorized');
|
||||
echo '<table><tr><td>You cannot edit the settings for this installation</td></tr></table>';
|
||||
exit;
|
||||
} else {
|
||||
$submittedpwd = $_SERVER['PHP_AUTH_PW'];
|
||||
$submitteduser = $_SERVER['PHP_AUTH_USER'];
|
||||
if($submittedpwd !== $caddypwd || $submitteduser !== 'birdnet'){
|
||||
header('WWW-Authenticate: Basic realm="My Realm"');
|
||||
header('HTTP/1.0 401 Unauthorized');
|
||||
echo '<table><tr><td>You cannot edit the settings for this installation</td></tr></table>';
|
||||
exit;
|
||||
}
|
||||
}
|
||||
authenticateUser();
|
||||
|
||||
//Authenticated
|
||||
//Read in the apprise config
|
||||
|
||||
+6
-21
@@ -31,28 +31,13 @@ if(isset($_GET['custom_image'])){
|
||||
}
|
||||
|
||||
if(isset($_GET['blacklistimage'])) {
|
||||
if(isset($_SERVER['PHP_AUTH_USER'])) {
|
||||
$submittedpwd = $_SERVER['PHP_AUTH_PW'];
|
||||
$submitteduser = $_SERVER['PHP_AUTH_USER'];
|
||||
if($submittedpwd == $config['CADDY_PWD'] && $submitteduser == 'birdnet'){
|
||||
|
||||
$imageid = $_GET['blacklistimage'];
|
||||
$result = blacklistFlickrImage($imageid);
|
||||
unset($_SESSION['images']);
|
||||
die($result['message']);
|
||||
} else {
|
||||
header('WWW-Authenticate: Basic realm="My Realm"');
|
||||
header('HTTP/1.0 401 Unauthorized');
|
||||
echo 'You must be authenticated.';
|
||||
exit;
|
||||
$user_is_authenticated = authenticateUser('You cannot modify the system');
|
||||
if($user_is_authenticated){
|
||||
$imageid = $_GET['blacklistimage'];
|
||||
$result = blacklistFlickrImage($imageid);
|
||||
unset($_SESSION['images']);
|
||||
die($result['message']);
|
||||
}
|
||||
} else {
|
||||
header('WWW-Authenticate: Basic realm="My Realm"');
|
||||
header('HTTP/1.0 401 Unauthorized');
|
||||
echo 'You must be authenticated.';
|
||||
exit;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
if(isset($_GET['fetch_chart_string']) && $_GET['fetch_chart_string'] == "true") {
|
||||
|
||||
+21
-67
@@ -6,86 +6,40 @@ if(file_exists('./scripts/common.php')){
|
||||
}
|
||||
|
||||
if(isset($_GET['deletefile'])) {
|
||||
if(isset($_SERVER['PHP_AUTH_USER'])) {
|
||||
$submittedpwd = $_SERVER['PHP_AUTH_PW'];
|
||||
$submitteduser = $_SERVER['PHP_AUTH_USER'];
|
||||
if($submittedpwd == $config['CADDY_PWD'] && $submitteduser == 'birdnet'){
|
||||
|
||||
$filename_to_delete = $_GET['deletefile'];
|
||||
$message = deleteDetection($filename_to_delete)['message'];
|
||||
echo $message;
|
||||
die();
|
||||
|
||||
} else {
|
||||
header('WWW-Authenticate: Basic realm="My Realm"');
|
||||
header('HTTP/1.0 401 Unauthorized');
|
||||
echo 'You must be authenticated to change the protection of files.';
|
||||
exit;
|
||||
}
|
||||
} else {
|
||||
header('WWW-Authenticate: Basic realm="My Realm"');
|
||||
header('HTTP/1.0 401 Unauthorized');
|
||||
echo 'You must be authenticated to change the protection of files.';
|
||||
exit;
|
||||
}
|
||||
$user_is_authenticated = authenticateUser('You must be authenticated to change the protection of files.');
|
||||
if ($user_is_authenticated) {
|
||||
$filename_to_delete = $_GET['deletefile'];
|
||||
$message = deleteDetection($filename_to_delete)['message'];
|
||||
echo $message;
|
||||
die();
|
||||
}
|
||||
}
|
||||
|
||||
if(isset($_GET['excludefile'])) {
|
||||
if(isset($_SERVER['PHP_AUTH_USER'])) {
|
||||
$submittedpwd = $_SERVER['PHP_AUTH_PW'];
|
||||
$submitteduser = $_SERVER['PHP_AUTH_USER'];
|
||||
if($submittedpwd == $config['CADDY_PWD'] && $submitteduser == 'birdnet'){
|
||||
$user_is_authenticated = authenticateUser('You must be authenticated to change the protection of files.');
|
||||
if ($user_is_authenticated) {
|
||||
|
||||
if(isset($_GET['exclude_add'])) {
|
||||
$response_data = protectDetectionFromDeletion('protect', $_GET['excludefile']);
|
||||
echo $response_data['message'];
|
||||
die();
|
||||
} else {
|
||||
$response_data = protectDetectionFromDeletion('unprotect', $_GET['excludefile']);
|
||||
echo $response_data['message'];
|
||||
die();
|
||||
}
|
||||
if (isset($_GET['exclude_add'])) {
|
||||
$response_data = protectDetectionFromDeletion('protect', $_GET['excludefile']);
|
||||
echo $response_data['message'];
|
||||
die();
|
||||
} else {
|
||||
$response_data = protectDetectionFromDeletion('unprotect', $_GET['excludefile']);
|
||||
echo $response_data['message'];
|
||||
die();
|
||||
}
|
||||
|
||||
} else {
|
||||
header('WWW-Authenticate: Basic realm="My Realm"');
|
||||
header('HTTP/1.0 401 Unauthorized');
|
||||
echo 'You must be authenticated to change the protection of files.';
|
||||
exit;
|
||||
}
|
||||
} else {
|
||||
header('WWW-Authenticate: Basic realm="My Realm"');
|
||||
header('HTTP/1.0 401 Unauthorized');
|
||||
echo 'You must be authenticated to change the protection of files.';
|
||||
exit;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$shifted_path = getDirectory('shifted_dir');
|
||||
|
||||
if(isset($_GET['shiftfile'])) {
|
||||
|
||||
//Parse the ini files
|
||||
parseConfig();
|
||||
|
||||
//Authenticate before going any further
|
||||
$caddypwd = $config['CADDY_PWD'];
|
||||
if (!isset($_SERVER['PHP_AUTH_USER'])) {
|
||||
header('WWW-Authenticate: Basic realm="My Realm"');
|
||||
header('HTTP/1.0 401 Unauthorized');
|
||||
echo '<table><tr><td>You cannot shift files for this installation</td></tr></table>';
|
||||
exit;
|
||||
} else {
|
||||
$submittedpwd = $_SERVER['PHP_AUTH_PW'];
|
||||
$submitteduser = $_SERVER['PHP_AUTH_USER'];
|
||||
if($submittedpwd !== $caddypwd || $submitteduser !== 'birdnet'){
|
||||
header('WWW-Authenticate: Basic realm="My Realm"');
|
||||
header('HTTP/1.0 401 Unauthorized');
|
||||
echo '<table><tr><td>You cannot shift files for this installation<</td></tr></table>';
|
||||
exit;
|
||||
}
|
||||
}
|
||||
authenticateUser('You cannot shift files for this installation');
|
||||
|
||||
//Authenticated
|
||||
//Authenticated if we get this far
|
||||
$filename = $_GET['shiftfile'];
|
||||
$doShift = null;
|
||||
if (isset($_GET['doshift'])) {
|
||||
|
||||
Reference in New Issue
Block a user