diff --git a/homepage/views.php b/homepage/views.php
index fed2bcf..543f109 100644
--- a/homepage/views.php
+++ b/homepage/views.php
@@ -118,6 +118,8 @@ if(isset($_GET['view'])){
if($_GET['view'] == "Streamlit"){echo "";}
if($_GET['view'] == "Daily Charts"){include('history.php');}
if($_GET['view'] == "Tools"){
+ parseConfig();
+ //Authenticate before proceeding
$caddypwd = $config['CADDY_PWD'];
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="My Realm"');
@@ -210,6 +212,7 @@ if(isset($_GET['view'])){
}
if($_GET['view'] == "Webterm"){
parseConfig();
+ //Authenticate before proceeding
$caddypwd = $config['CADDY_PWD'];
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="My Realm"');
@@ -232,6 +235,7 @@ if(isset($_GET['view'])){
}
} elseif(isset($_GET['submit'])) {
parseConfig();
+ //Authenticate before proceeding
$caddypwd = $config['CADDY_PWD'];
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="My Realm"');
@@ -310,7 +314,7 @@ if(isset($_GET['view'])){
//explode the string by " " space so we can get each individual component of the command
//and eventually the service name at the end
$separate_command_tmp = explode(" ", trim($indiv_service_command));
- //get the service names so we can poll th status
+ //get the service names so we can poll the status
$new_multiservice_status_command .= " " . trim(end($separate_command_tmp));
}
diff --git a/scripts/config.php b/scripts/config.php
index 9bb8858..6c8deac 100644
--- a/scripts/config.php
+++ b/scripts/config.php
@@ -3,8 +3,32 @@ if(file_exists('./scripts/common.php')){
include_once "./scripts/common.php";
}else{
include_once "./common.php";
+
+//Parse the ini files to get the current config
+parseConfig();
+
+//Authenticate first before allowing further execution
+$caddypwd = $config['CADDY_PWD'];
+if (!isset($_SERVER['PHP_AUTH_USER'])) {
+ header('WWW-Authenticate: Basic realm="My Realm"');
+ header('HTTP/1.0 401 Unauthorized');
+ echo '
| You cannot edit the settings for this installation |
';
+ exit;
+} else {
+ $submittedpwd = $_SERVER['PHP_AUTH_PW'];
+ $submitteduser = $_SERVER['PHP_AUTH_USER'];
+ if($submittedpwd !== $caddypwd || $submitteduser !== 'birdnet'){
+ header('WWW-Authenticate: Basic realm="My Realm"');
+ header('HTTP/1.0 401 Unauthorized');
+ echo '| You cannot edit the settings for this installation |
';
+ exit;
+ }
}
+//Authenticated
+//Read in the apprise config
+$apprise_config = getAppriseConfig();
+
if(isset($_GET['threshold'])) {
$threshold = $_GET['threshold'];
if (!is_numeric($threshold) || $threshold < 0 || $threshold > 1) {
@@ -207,25 +231,6 @@ if(isset($_GET['sendtest']) && $_GET['sendtest'] == "true") {