From f03a3fc7e50741db0373d605c65f0a709de1c7cc Mon Sep 17 00:00:00 2001 From: mcguirepr89 Date: Sat, 21 May 2022 14:39:01 -0400 Subject: [PATCH] CSFR protection --- homepage/views.php | 170 +++++++++++++++++++++++++++++---------------- 1 file changed, 110 insertions(+), 60 deletions(-) diff --git a/homepage/views.php b/homepage/views.php index e190569..0ebd926 100644 --- a/homepage/views.php +++ b/homepage/views.php @@ -37,27 +37,27 @@ body::-webkit-scrollbar {
@@ -91,18 +91,18 @@ if(isset($_GET['view'])){ if($submittedpwd == $caddypwd && $submitteduser == 'birdnet'){ $url = $_SERVER['SERVER_NAME']."/scripts/adminer.php"; echo "
-
- - - - - - - - - -
-
"; +
+ + + + + + + + + +
+
"; } else { header('WWW-Authenticate: Basic realm="My Realm"'); header('HTTP/1.0 401 Unauthorized'); @@ -196,36 +196,86 @@ if(isset($_GET['view'])){ } } } elseif(isset($_GET['submit'])) { - if (file_exists('./scripts/thisrun.txt')) { - $config = parse_ini_file('./scripts/thisrun.txt'); - } elseif (file_exists('./scripts/firstrun.ini')) { - $config = parse_ini_file('./scripts/firstrun.ini'); - } - $caddypwd = $config['CADDY_PWD']; - if (!isset($_SERVER['PHP_AUTH_USER'])) { - header('WWW-Authenticate: Basic realm="My Realm"'); - header('HTTP/1.0 401 Unauthorized'); - echo 'You cannot access the web terminal'; - exit; - } else { - $submittedpwd = $_SERVER['PHP_AUTH_PW']; - $submitteduser = $_SERVER['PHP_AUTH_USER']; - if($submittedpwd == $caddypwd && $submitteduser == 'birdnet'){ - $command = $_GET['submit']; - if(isset($command)){ + if (file_exists('./scripts/thisrun.txt')) { + $config = parse_ini_file('./scripts/thisrun.txt'); + } elseif (file_exists('./scripts/firstrun.ini')) { + $config = parse_ini_file('./scripts/firstrun.ini'); + } + $caddypwd = $config['CADDY_PWD']; + if (!isset($_SERVER['PHP_AUTH_USER'])) { + header('WWW-Authenticate: Basic realm="My Realm"'); + header('HTTP/1.0 401 Unauthorized'); + echo 'You cannot access the web terminal'; + exit; + } else { + $submittedpwd = $_SERVER['PHP_AUTH_PW']; + $submitteduser = $_SERVER['PHP_AUTH_USER']; + $allowedCommands = array('sudo systemctl stop livestream.service && sudo /etc/init.d/icecast2 stop', + 'sudo systemctl restart livestream.service && sudo /etc/init.d/icecast2 restart', + 'sudo systemctl disable --now livestream.service && sudo systemctl disable icecast2 && sudo /etc/init.d/icecast2 stop', + 'sudo systemctl enable icecast2 && sudo /etc/init.d/icecast2 start && sudo systemctl enable --now livestream.service', + 'sudo systemctl stop web_terminal.service', + 'sudo systemctl restart web_terminal.service', + 'sudo systemctl disable --now web_terminal.service', + 'sudo systemctl enable --now web_terminal.service', + 'sudo systemctl stop birdnet_log.service', + 'sudo systemctl restart birdnet_log.service', + 'sudo systemctl disable --now birdnet_log.service', + 'sudo systemctl enable --now birdnet_log.service', + 'sudo systemctl stop extraction.service', + 'sudo systemctl restart extraction.service', + 'sudo systemctl disable --now extraction.service', + 'sudo systemctl enable --now extraction.service', + 'sudo systemctl stop birdnet_server.service', + 'sudo systemctl restart birdnet_server.service', + 'sudo systemctl disable --now birdnet_server.service', + 'sudo systemctl enable --now birdnet_server.service', + 'sudo systemctl stop birdnet_analysis.service', + 'sudo systemctl restart birdnet_analysis.service', + 'sudo systemctl disable --now birdnet_analysis.service', + 'sudo systemctl enable --now birdnet_analysis.service', + 'sudo systemctl stop birdnet_stats.service', + 'sudo systemctl restart birdnet_stats.service', + 'sudo systemctl disable --now birdnet_stats.service', + 'sudo systemctl enable --now birdnet_stats.service', + 'sudo systemctl stop birdnet_recording.service', + 'sudo systemctl restart birdnet_recording.service', + 'sudo systemctl disable --now birdnet_recording.service', + 'sudo systemctl enable --now birdnet_recording.service', + 'sudo systemctl stop chart_viewer.service', + 'sudo systemctl restart chart_viewer.service', + 'sudo systemctl disable --now chart_viewer.service', + 'sudo systemctl enable --now chart_viewer.service', + 'sudo systemctl stop spectrogram_viewer.service', + 'sudo systemctl restart spectrogram_viewer.service', + 'sudo systemctl disable --now spectrogram_viewer.service', + 'sudo systemctl enable --now spectrogram_viewer.service', + 'sudo systemctl stop pushed_notifications.service', + 'sudo systemctl restart pushed_notifications.service', + 'sudo systemctl disable --now pushed_notifications.service', + 'sudo systemctl enable --now pushed_notifications.service', + 'stop_core_services.sh', + 'restart_services.sh', + 'sudo reboot', + 'update_birdnet.sh', + 'sudo shutdown now', + 'sudo clear_all_data.sh'); + $command = $_GET['submit']; + if($submittedpwd == $caddypwd && $submitteduser == 'birdnet' && in_array($command,$allowedCommands)){ + if(isset($command)){ $initcommand = $command; - if (strpos($command, "systemctl") !== false) { - $tmp = explode(" ",trim($command)); - $command .= "& sleep 3;sudo systemctl status ".end($tmp); - } - $results = shell_exec("$command 2>&1"); - $results = str_replace("FAILURE", "FAILURE", $results); - $results = str_replace("failed", "failed",$results); - $results = str_replace("active (running)", "active (running)",$results); - if(strlen($results) == 0) { + if (strpos($command, "systemctl") !== false) { + $tmp = explode(" ",trim($command)); + $command .= "& sleep 3;sudo systemctl status ".end($tmp); + } + $results = shell_exec("$command 2>&1"); + $results = str_replace("FAILURE", "FAILURE", $results); + $results = str_replace("failed", "failed",$results); + $results = str_replace("active (running)", "active (running)",$results); + if(strlen($results) == 0) { $results = "This command has no output."; - } - echo "
Output of command:`".$initcommand."`
$results
"; + } + echo "
Output of command:`".$initcommand."`
$results
"; } else { header('WWW-Authenticate: Basic realm="My Realm"'); header('HTTP/1.0 401 Unauthorized');