Replace all authentication code with a function that does the auth for us
Makes things a little tidier and easier to change in the future, a custom message can be passed to authenticateUser() and this is output if the authentication fails. Added protection around Include and Exclude species pages as these still accessible & data can still be written to include and exclude species.txt even with a password.
This commit is contained in:
+4
-18
@@ -29,28 +29,14 @@ echo "<a href=\"https://github.com/mcguirepr89/BirdNET-Pi.git\" target=\"_blank\
|
|||||||
<div class="stream">
|
<div class="stream">
|
||||||
<?php
|
<?php
|
||||||
if(isset($_GET['stream'])){
|
if(isset($_GET['stream'])){
|
||||||
$caddypwd = $config['CADDY_PWD'];
|
$user_is_authenticated = authenticateUser('You cannot listen to the live audio stream');
|
||||||
if (!isset($_SERVER['PHP_AUTH_USER'])) {
|
if ($user_is_authenticated) {
|
||||||
header('WWW-Authenticate: Basic realm="My Realm"');
|
echo "
|
||||||
header('HTTP/1.0 401 Unauthorized');
|
|
||||||
echo 'You cannot listen to the live audio stream';
|
|
||||||
exit;
|
|
||||||
} else {
|
|
||||||
$submittedpwd = $_SERVER['PHP_AUTH_PW'];
|
|
||||||
$submitteduser = $_SERVER['PHP_AUTH_USER'];
|
|
||||||
if($submittedpwd == $caddypwd && $submitteduser == 'birdnet'){
|
|
||||||
echo "
|
|
||||||
<audio controls autoplay><source src=\"/stream\"></audio>
|
<audio controls autoplay><source src=\"/stream\"></audio>
|
||||||
</div>
|
</div>
|
||||||
<h1><a href=\"/\"><img class=\"topimage\" src=\"images/bnp.png\"></a></h1>
|
<h1><a href=\"/\"><img class=\"topimage\" src=\"images/bnp.png\"></a></h1>
|
||||||
</div><div class=\"centered\"><h3>$site_name</h3></div>";
|
</div><div class=\"centered\"><h3>$site_name</h3></div>";
|
||||||
} else {
|
}
|
||||||
header('WWW-Authenticate: Basic realm="My Realm"');
|
|
||||||
header('HTTP/1.0 401 Unauthorized');
|
|
||||||
echo 'You cannot listen to the live audio stream';
|
|
||||||
exit;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
} else {
|
} else {
|
||||||
echo "
|
echo "
|
||||||
<form action=\"\" method=\"GET\">
|
<form action=\"\" method=\"GET\">
|
||||||
|
|||||||
+21
-56
@@ -118,20 +118,11 @@ if(isset($_GET['view'])){
|
|||||||
if($_GET['view'] == "Streamlit"){echo "<iframe src=\"/stats\"></iframe>";}
|
if($_GET['view'] == "Streamlit"){echo "<iframe src=\"/stats\"></iframe>";}
|
||||||
if($_GET['view'] == "Daily Charts"){include('history.php');}
|
if($_GET['view'] == "Daily Charts"){include('history.php');}
|
||||||
if($_GET['view'] == "Tools"){
|
if($_GET['view'] == "Tools"){
|
||||||
parseConfig();
|
|
||||||
//Authenticate before proceeding
|
//Authenticate before proceeding
|
||||||
$caddypwd = $config['CADDY_PWD'];
|
$user_is_authenticated = authenticateUser();
|
||||||
if (!isset($_SERVER['PHP_AUTH_USER'])) {
|
if ($user_is_authenticated) {
|
||||||
header('WWW-Authenticate: Basic realm="My Realm"');
|
$url = $_SERVER['SERVER_NAME'] . "/scripts/adminer.php";
|
||||||
header('HTTP/1.0 401 Unauthorized');
|
echo "<div class=\"centered\">
|
||||||
echo '<table><tr><td>You cannot edit the settings for this installation</td></tr></table>';
|
|
||||||
exit;
|
|
||||||
} else {
|
|
||||||
$submittedpwd = $_SERVER['PHP_AUTH_PW'];
|
|
||||||
$submitteduser = $_SERVER['PHP_AUTH_USER'];
|
|
||||||
if($submittedpwd == $caddypwd && $submitteduser == 'birdnet'){
|
|
||||||
$url = $_SERVER['SERVER_NAME']."/scripts/adminer.php";
|
|
||||||
echo "<div class=\"centered\">
|
|
||||||
<form action=\"\" method=\"GET\" id=\"views\">
|
<form action=\"\" method=\"GET\" id=\"views\">
|
||||||
<button type=\"submit\" name=\"view\" value=\"Settings\" form=\"views\">Settings</button>
|
<button type=\"submit\" name=\"view\" value=\"Settings\" form=\"views\">Settings</button>
|
||||||
<button type=\"submit\" name=\"view\" value=\"System Info\" form=\"views\">System Info</button>
|
<button type=\"submit\" name=\"view\" value=\"System Info\" form=\"views\">System Info</button>
|
||||||
@@ -144,19 +135,14 @@ if(isset($_GET['view'])){
|
|||||||
<button type=\"submit\" name=\"view\" value=\"Excluded\" form=\"views\">Excluded Species List</button>
|
<button type=\"submit\" name=\"view\" value=\"Excluded\" form=\"views\">Excluded Species List</button>
|
||||||
</form>
|
</form>
|
||||||
</div>";
|
</div>";
|
||||||
} else {
|
}
|
||||||
header('WWW-Authenticate: Basic realm="My Realm"');
|
|
||||||
header('HTTP/1.0 401 Unauthorized');
|
|
||||||
echo '<table><tr><td>You cannot edit the settings for this installation</td></tr></table>';
|
|
||||||
exit;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
if($_GET['view'] == "Recordings"){include('play.php');}
|
if($_GET['view'] == "Recordings"){include('play.php');}
|
||||||
if($_GET['view'] == "Settings"){include('scripts/config.php');}
|
if($_GET['view'] == "Settings"){include('scripts/config.php');}
|
||||||
if($_GET['view'] == "Advanced"){include('scripts/advanced.php');}
|
if($_GET['view'] == "Advanced"){include('scripts/advanced.php');}
|
||||||
if($_GET['view'] == "Included"){
|
if($_GET['view'] == "Included"){
|
||||||
if(isset($_GET['species']) && isset($_GET['add'])){
|
$user_is_authenticated = authenticateUser('You cannot modify the system');
|
||||||
|
if(isset($_GET['species']) && isset($_GET['add']) && $user_is_authenticated){
|
||||||
$file = getFilePath('include_species_list.txt');
|
$file = getFilePath('include_species_list.txt');
|
||||||
$str = file_get_contents("$file");
|
$str = file_get_contents("$file");
|
||||||
$str = preg_replace("/(^[\r\n]*|[\r\n]+)[\s\t]*[\r\n]+/", "\n", $str);
|
$str = preg_replace("/(^[\r\n]*|[\r\n]+)[\s\t]*[\r\n]+/", "\n", $str);
|
||||||
@@ -183,7 +169,8 @@ if(isset($_GET['view'])){
|
|||||||
include('./scripts/include_list.php');
|
include('./scripts/include_list.php');
|
||||||
}
|
}
|
||||||
if($_GET['view'] == "Excluded"){
|
if($_GET['view'] == "Excluded"){
|
||||||
if(isset($_GET['species']) && isset($_GET['add'])){
|
$user_is_authenticated = authenticateUser('You cannot modify the system');
|
||||||
|
if(isset($_GET['species']) && isset($_GET['add']) && $user_is_authenticated){
|
||||||
$file = getFilePath('exclude_species_list.txt');
|
$file = getFilePath('exclude_species_list.txt');
|
||||||
$str = file_get_contents("$file");
|
$str = file_get_contents("$file");
|
||||||
$str = preg_replace("/(^[\r\n]*|[\r\n]+)[\s\t]*[\r\n]+/", "\n", $str);
|
$str = preg_replace("/(^[\r\n]*|[\r\n]+)[\s\t]*[\r\n]+/", "\n", $str);
|
||||||
@@ -211,40 +198,17 @@ if(isset($_GET['view'])){
|
|||||||
echo "<iframe src='scripts/filemanager/filemanager.php'></iframe>";
|
echo "<iframe src='scripts/filemanager/filemanager.php'></iframe>";
|
||||||
}
|
}
|
||||||
if($_GET['view'] == "Webterm"){
|
if($_GET['view'] == "Webterm"){
|
||||||
parseConfig();
|
//Authenticate before proceeding
|
||||||
//Authenticate before proceeding
|
$user_is_authenticated = authenticateUser("You cannot access the web terminal");
|
||||||
$caddypwd = $config['CADDY_PWD'];
|
if ($user_is_authenticated) {
|
||||||
if (!isset($_SERVER['PHP_AUTH_USER'])) {
|
|
||||||
header('WWW-Authenticate: Basic realm="My Realm"');
|
|
||||||
header('HTTP/1.0 401 Unauthorized');
|
|
||||||
echo '<table><tr><td>You cannot access the web terminal</td></tr></table>';
|
|
||||||
exit;
|
|
||||||
} else {
|
|
||||||
$submittedpwd = $_SERVER['PHP_AUTH_PW'];
|
|
||||||
$submitteduser = $_SERVER['PHP_AUTH_USER'];
|
|
||||||
if($submittedpwd == $caddypwd && $submitteduser == 'birdnet'){
|
|
||||||
#ACCESS THE WEB TERMINAL
|
#ACCESS THE WEB TERMINAL
|
||||||
echo "<iframe src='/terminal'></iframe>";
|
echo "<iframe src='/terminal'></iframe>";
|
||||||
} else {
|
}
|
||||||
header('WWW-Authenticate: Basic realm="My Realm"');
|
|
||||||
header('HTTP/1.0 401 Unauthorized');
|
|
||||||
echo '<table><tr><td>You cannot access the web terminal</td></tr></table>';
|
|
||||||
exit;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
} elseif(isset($_GET['submit'])) {
|
} elseif(isset($_GET['submit'])) {
|
||||||
parseConfig();
|
|
||||||
//Authenticate before proceeding
|
//Authenticate before proceeding
|
||||||
$caddypwd = $config['CADDY_PWD'];
|
$user_is_authenticated = authenticateUser('You cannot modify the system');
|
||||||
if (!isset($_SERVER['PHP_AUTH_USER'])) {
|
|
||||||
header('WWW-Authenticate: Basic realm="My Realm"');
|
|
||||||
header('HTTP/1.0 401 Unauthorized');
|
|
||||||
echo 'You cannot access the web terminal';
|
|
||||||
exit;
|
|
||||||
} else {
|
|
||||||
$submittedpwd = $_SERVER['PHP_AUTH_PW'];
|
|
||||||
$submitteduser = $_SERVER['PHP_AUTH_USER'];
|
|
||||||
$allowedCommands = array('service stop livestream.service && service stop icecast2.service',
|
$allowedCommands = array('service stop livestream.service && service stop icecast2.service',
|
||||||
'service restart livestream.service && service restart icecast2.service',
|
'service restart livestream.service && service restart icecast2.service',
|
||||||
'service disable livestream.service && service disable icecast2 && service stop icecast2.service',
|
'service disable livestream.service && service disable icecast2 && service stop icecast2.service',
|
||||||
@@ -292,7 +256,7 @@ if(isset($_GET['view'])){
|
|||||||
'sudo shutdown now',
|
'sudo shutdown now',
|
||||||
'sudo clear_all_data.sh');
|
'sudo clear_all_data.sh');
|
||||||
$command = $_GET['submit'];
|
$command = $_GET['submit'];
|
||||||
if($submittedpwd == $caddypwd && $submitteduser == 'birdnet' && in_array($command,$allowedCommands)){
|
if($user_is_authenticated && in_array($command,$allowedCommands)){
|
||||||
if(isset($command)){
|
if(isset($command)){
|
||||||
$initcommand = $command;
|
$initcommand = $command;
|
||||||
$results = "";
|
$results = "";
|
||||||
@@ -383,15 +347,16 @@ if(isset($_GET['view'])){
|
|||||||
}
|
}
|
||||||
echo "<table style='min-width:70%;'><tr class='relative'><th>Output of command:`".$initcommand."`<button class='copyimage' style='right:40px' onclick='copyOutput(this);'>Copy</button></th></tr><tr><td style='padding-left: 0px;padding-right: 0px;padding-bottom: 0px;padding-top: 0px;'><pre class='bash' style='text-align:left;margin:0px'>$results</pre></td></tr></table>";
|
echo "<table style='min-width:70%;'><tr class='relative'><th>Output of command:`".$initcommand."`<button class='copyimage' style='right:40px' onclick='copyOutput(this);'>Copy</button></th></tr><tr><td style='padding-left: 0px;padding-right: 0px;padding-bottom: 0px;padding-top: 0px;'><pre class='bash' style='text-align:left;margin:0px'>$results</pre></td></tr></table>";
|
||||||
} else {
|
} else {
|
||||||
header('WWW-Authenticate: Basic realm="My Realm"');
|
header('WWW-Authenticate: Basic realm="BirdNET-Pi"');
|
||||||
header('HTTP/1.0 401 Unauthorized');
|
header('HTTP/1.0 401 Unauthorized');
|
||||||
echo 'You cannot access the web terminal';
|
echo 'You cannot modify the system';
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
ob_end_flush();
|
ob_end_flush();
|
||||||
} else {include('overview.php');}
|
} else {
|
||||||
|
include('overview.php');
|
||||||
|
}
|
||||||
?>
|
?>
|
||||||
<script>
|
<script>
|
||||||
function myFunction() {
|
function myFunction() {
|
||||||
|
|||||||
+2
-16
@@ -5,22 +5,8 @@ if(file_exists('./scripts/common.php')){
|
|||||||
include_once "./common.php";
|
include_once "./common.php";
|
||||||
}
|
}
|
||||||
|
|
||||||
$caddypwd = $config['CADDY_PWD'];
|
//Authenticate before going any further
|
||||||
if (!isset($_SERVER['PHP_AUTH_USER'])) {
|
authenticateUser('You cannot edit the settings for this installation');
|
||||||
header('WWW-Authenticate: Basic realm="My Realm"');
|
|
||||||
header('HTTP/1.0 401 Unauthorized');
|
|
||||||
echo '<table><tr><td>You cannot edit the settings for this installation</td></tr></table>';
|
|
||||||
exit;
|
|
||||||
} else {
|
|
||||||
$submittedpwd = $_SERVER['PHP_AUTH_PW'];
|
|
||||||
$submitteduser = $_SERVER['PHP_AUTH_USER'];
|
|
||||||
if($submittedpwd !== $caddypwd || $submitteduser !== 'birdnet'){
|
|
||||||
header('WWW-Authenticate: Basic realm="My Realm"');
|
|
||||||
header('HTTP/1.0 401 Unauthorized');
|
|
||||||
echo '<table><tr><td>You cannot edit the settings for this installation</td></tr></table>';
|
|
||||||
exit;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if(isset($_GET['submit'])) {
|
if(isset($_GET['submit'])) {
|
||||||
if(isset($_GET["ice_pwd"])) {
|
if(isset($_GET["ice_pwd"])) {
|
||||||
|
|||||||
+11
-8
@@ -1714,12 +1714,13 @@ function userIsAuthenticated()
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* When called authenticates the user using the built in PHP_AUTH
|
* When called, authenticates the user using the built-in PHP_AUTH. This is the orignial authentication code just wrapped in a function
|
||||||
* This will automatically
|
* This will automatically terminate the script if authentication fails
|
||||||
*
|
*
|
||||||
* @return void
|
* @param $rejection_message string Message to return to the user if authentication fails
|
||||||
|
* @return bool
|
||||||
*/
|
*/
|
||||||
function authenticateUser()
|
function authenticateUser($rejection_message = "You cannot edit the settings for this installation")
|
||||||
{
|
{
|
||||||
global $config, $USER_AUTHENTICATED;
|
global $config, $USER_AUTHENTICATED;
|
||||||
parseConfig();
|
parseConfig();
|
||||||
@@ -1727,9 +1728,9 @@ function authenticateUser()
|
|||||||
|
|
||||||
$caddypwd = $config['CADDY_PWD'];
|
$caddypwd = $config['CADDY_PWD'];
|
||||||
if (!isset($_SERVER['PHP_AUTH_USER'])) {
|
if (!isset($_SERVER['PHP_AUTH_USER'])) {
|
||||||
header('WWW-Authenticate: Basic realm="My Realm"');
|
header('WWW-Authenticate: Basic realm="BirdNET-Pi"');
|
||||||
header('HTTP/1.0 401 Unauthorized');
|
header('HTTP/1.0 401 Unauthorized');
|
||||||
echo '<table><tr><td>You cannot edit the settings for this installation</td></tr></table>';
|
echo '<table><tr><td>' . $rejection_message . '</td></tr></table>';
|
||||||
exit;
|
exit;
|
||||||
} else {
|
} else {
|
||||||
//Read the supplied details
|
//Read the supplied details
|
||||||
@@ -1737,14 +1738,16 @@ function authenticateUser()
|
|||||||
$submitteduser = $_SERVER['PHP_AUTH_USER'];
|
$submitteduser = $_SERVER['PHP_AUTH_USER'];
|
||||||
//
|
//
|
||||||
if ($submittedpwd !== $caddypwd || $submitteduser !== 'birdnet') {
|
if ($submittedpwd !== $caddypwd || $submitteduser !== 'birdnet') {
|
||||||
header('WWW-Authenticate: Basic realm="My Realm"');
|
header('WWW-Authenticate: Basic realm="BirdNET-Pi"');
|
||||||
header('HTTP/1.0 401 Unauthorized');
|
header('HTTP/1.0 401 Unauthorized');
|
||||||
echo '<table><tr><td>You cannot edit the settings for this installation</td></tr></table>';
|
echo '<table><tr><td>' . $rejection_message . '</td></tr></table>';
|
||||||
exit;
|
exit;
|
||||||
} else {
|
} else {
|
||||||
$USER_AUTHENTICATED = true;
|
$USER_AUTHENTICATED = true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return $USER_AUTHENTICATED;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
+1
-16
@@ -9,22 +9,7 @@ if (file_exists('./scripts/common.php')) {
|
|||||||
parseConfig();
|
parseConfig();
|
||||||
|
|
||||||
//Authenticate first before allowing further execution
|
//Authenticate first before allowing further execution
|
||||||
$caddypwd = $config['CADDY_PWD'];
|
authenticateUser();
|
||||||
if (!isset($_SERVER['PHP_AUTH_USER'])) {
|
|
||||||
header('WWW-Authenticate: Basic realm="My Realm"');
|
|
||||||
header('HTTP/1.0 401 Unauthorized');
|
|
||||||
echo '<table><tr><td>You cannot edit the settings for this installation</td></tr></table>';
|
|
||||||
exit;
|
|
||||||
} else {
|
|
||||||
$submittedpwd = $_SERVER['PHP_AUTH_PW'];
|
|
||||||
$submitteduser = $_SERVER['PHP_AUTH_USER'];
|
|
||||||
if($submittedpwd !== $caddypwd || $submitteduser !== 'birdnet'){
|
|
||||||
header('WWW-Authenticate: Basic realm="My Realm"');
|
|
||||||
header('HTTP/1.0 401 Unauthorized');
|
|
||||||
echo '<table><tr><td>You cannot edit the settings for this installation</td></tr></table>';
|
|
||||||
exit;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
//Authenticated
|
//Authenticated
|
||||||
//Read in the apprise config
|
//Read in the apprise config
|
||||||
|
|||||||
+6
-21
@@ -31,28 +31,13 @@ if(isset($_GET['custom_image'])){
|
|||||||
}
|
}
|
||||||
|
|
||||||
if(isset($_GET['blacklistimage'])) {
|
if(isset($_GET['blacklistimage'])) {
|
||||||
if(isset($_SERVER['PHP_AUTH_USER'])) {
|
$user_is_authenticated = authenticateUser('You cannot modify the system');
|
||||||
$submittedpwd = $_SERVER['PHP_AUTH_PW'];
|
if($user_is_authenticated){
|
||||||
$submitteduser = $_SERVER['PHP_AUTH_USER'];
|
$imageid = $_GET['blacklistimage'];
|
||||||
if($submittedpwd == $config['CADDY_PWD'] && $submitteduser == 'birdnet'){
|
$result = blacklistFlickrImage($imageid);
|
||||||
|
unset($_SESSION['images']);
|
||||||
$imageid = $_GET['blacklistimage'];
|
die($result['message']);
|
||||||
$result = blacklistFlickrImage($imageid);
|
|
||||||
unset($_SESSION['images']);
|
|
||||||
die($result['message']);
|
|
||||||
} else {
|
|
||||||
header('WWW-Authenticate: Basic realm="My Realm"');
|
|
||||||
header('HTTP/1.0 401 Unauthorized');
|
|
||||||
echo 'You must be authenticated.';
|
|
||||||
exit;
|
|
||||||
}
|
}
|
||||||
} else {
|
|
||||||
header('WWW-Authenticate: Basic realm="My Realm"');
|
|
||||||
header('HTTP/1.0 401 Unauthorized');
|
|
||||||
echo 'You must be authenticated.';
|
|
||||||
exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if(isset($_GET['fetch_chart_string']) && $_GET['fetch_chart_string'] == "true") {
|
if(isset($_GET['fetch_chart_string']) && $_GET['fetch_chart_string'] == "true") {
|
||||||
|
|||||||
+21
-67
@@ -6,86 +6,40 @@ if(file_exists('./scripts/common.php')){
|
|||||||
}
|
}
|
||||||
|
|
||||||
if(isset($_GET['deletefile'])) {
|
if(isset($_GET['deletefile'])) {
|
||||||
if(isset($_SERVER['PHP_AUTH_USER'])) {
|
$user_is_authenticated = authenticateUser('You must be authenticated to change the protection of files.');
|
||||||
$submittedpwd = $_SERVER['PHP_AUTH_PW'];
|
if ($user_is_authenticated) {
|
||||||
$submitteduser = $_SERVER['PHP_AUTH_USER'];
|
$filename_to_delete = $_GET['deletefile'];
|
||||||
if($submittedpwd == $config['CADDY_PWD'] && $submitteduser == 'birdnet'){
|
$message = deleteDetection($filename_to_delete)['message'];
|
||||||
|
echo $message;
|
||||||
$filename_to_delete = $_GET['deletefile'];
|
die();
|
||||||
$message = deleteDetection($filename_to_delete)['message'];
|
}
|
||||||
echo $message;
|
|
||||||
die();
|
|
||||||
|
|
||||||
} else {
|
|
||||||
header('WWW-Authenticate: Basic realm="My Realm"');
|
|
||||||
header('HTTP/1.0 401 Unauthorized');
|
|
||||||
echo 'You must be authenticated to change the protection of files.';
|
|
||||||
exit;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
header('WWW-Authenticate: Basic realm="My Realm"');
|
|
||||||
header('HTTP/1.0 401 Unauthorized');
|
|
||||||
echo 'You must be authenticated to change the protection of files.';
|
|
||||||
exit;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if(isset($_GET['excludefile'])) {
|
if(isset($_GET['excludefile'])) {
|
||||||
if(isset($_SERVER['PHP_AUTH_USER'])) {
|
$user_is_authenticated = authenticateUser('You must be authenticated to change the protection of files.');
|
||||||
$submittedpwd = $_SERVER['PHP_AUTH_PW'];
|
if ($user_is_authenticated) {
|
||||||
$submitteduser = $_SERVER['PHP_AUTH_USER'];
|
|
||||||
if($submittedpwd == $config['CADDY_PWD'] && $submitteduser == 'birdnet'){
|
|
||||||
|
|
||||||
if(isset($_GET['exclude_add'])) {
|
if (isset($_GET['exclude_add'])) {
|
||||||
$response_data = protectDetectionFromDeletion('protect', $_GET['excludefile']);
|
$response_data = protectDetectionFromDeletion('protect', $_GET['excludefile']);
|
||||||
echo $response_data['message'];
|
echo $response_data['message'];
|
||||||
die();
|
die();
|
||||||
} else {
|
} else {
|
||||||
$response_data = protectDetectionFromDeletion('unprotect', $_GET['excludefile']);
|
$response_data = protectDetectionFromDeletion('unprotect', $_GET['excludefile']);
|
||||||
echo $response_data['message'];
|
echo $response_data['message'];
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
|
|
||||||
} else {
|
}
|
||||||
header('WWW-Authenticate: Basic realm="My Realm"');
|
|
||||||
header('HTTP/1.0 401 Unauthorized');
|
|
||||||
echo 'You must be authenticated to change the protection of files.';
|
|
||||||
exit;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
header('WWW-Authenticate: Basic realm="My Realm"');
|
|
||||||
header('HTTP/1.0 401 Unauthorized');
|
|
||||||
echo 'You must be authenticated to change the protection of files.';
|
|
||||||
exit;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$shifted_path = getDirectory('shifted_dir');
|
$shifted_path = getDirectory('shifted_dir');
|
||||||
|
|
||||||
if(isset($_GET['shiftfile'])) {
|
if(isset($_GET['shiftfile'])) {
|
||||||
|
|
||||||
//Parse the ini files
|
|
||||||
parseConfig();
|
|
||||||
|
|
||||||
//Authenticate before going any further
|
//Authenticate before going any further
|
||||||
$caddypwd = $config['CADDY_PWD'];
|
authenticateUser('You cannot shift files for this installation');
|
||||||
if (!isset($_SERVER['PHP_AUTH_USER'])) {
|
|
||||||
header('WWW-Authenticate: Basic realm="My Realm"');
|
|
||||||
header('HTTP/1.0 401 Unauthorized');
|
|
||||||
echo '<table><tr><td>You cannot shift files for this installation</td></tr></table>';
|
|
||||||
exit;
|
|
||||||
} else {
|
|
||||||
$submittedpwd = $_SERVER['PHP_AUTH_PW'];
|
|
||||||
$submitteduser = $_SERVER['PHP_AUTH_USER'];
|
|
||||||
if($submittedpwd !== $caddypwd || $submitteduser !== 'birdnet'){
|
|
||||||
header('WWW-Authenticate: Basic realm="My Realm"');
|
|
||||||
header('HTTP/1.0 401 Unauthorized');
|
|
||||||
echo '<table><tr><td>You cannot shift files for this installation<</td></tr></table>';
|
|
||||||
exit;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
//Authenticated
|
//Authenticated if we get this far
|
||||||
$filename = $_GET['shiftfile'];
|
$filename = $_GET['shiftfile'];
|
||||||
$doShift = null;
|
$doShift = null;
|
||||||
if (isset($_GET['doshift'])) {
|
if (isset($_GET['doshift'])) {
|
||||||
|
|||||||
Reference in New Issue
Block a user