raspap-webgui-mirror/includes/admin.php

80 lines
3.1 KiB
PHP
Raw Normal View History

2016-05-29 15:38:43 +00:00
<?php
2016-07-08 23:55:03 +00:00
include_once( 'includes/status_messages.php' );
2016-05-29 15:38:43 +00:00
2016-06-14 11:05:39 +00:00
function DisplayAuthConfig($username, $password){
2016-07-09 00:00:53 +00:00
$status = new StatusMessages();
if (isset($_POST['UpdateAdminPassword'])) {
if (CSRFValidate()) {
if (password_verify($_POST['oldpass'], $password)) {
$new_username=trim($_POST['username']);
if ($_POST['newpass'] != $_POST['newpassagain']) {
$status->addMessage('New passwords do not match', 'danger');
} else if ($new_username == '') {
$status->addMessage('Username must not be empty', 'danger');
} else {
if (!file_exists(RASPI_ADMIN_DETAILS)) {
$tmpauth = fopen(RASPI_ADMIN_DETAILS, 'w');
fclose($tmpauth);
}
2016-07-09 00:00:53 +00:00
if ($auth_file = fopen(RASPI_ADMIN_DETAILS, 'w')) {
2016-08-05 20:38:02 +00:00
fwrite($auth_file, $new_username.PHP_EOL);
2016-07-09 00:00:53 +00:00
fwrite($auth_file, password_hash($_POST['newpass'], PASSWORD_BCRYPT).PHP_EOL);
fclose($auth_file);
$username = $new_username;
$status->addMessage('Admin password updated');
} else {
$status->addMessage('Failed to update admin password', 'danger');
}
}
} else {
$status->addMessage('Old password does not match', 'danger');
}
2016-06-24 21:39:39 +00:00
} else {
2016-07-09 00:00:53 +00:00
error_log('CSRF violation');
2016-06-24 21:39:39 +00:00
}
2016-05-29 15:38:43 +00:00
}
?>
2016-07-09 00:00:53 +00:00
<div class="row">
<div class="col-lg-12">
<div class="panel panel-primary">
<div class="panel-heading"><i class="fa fa-lock fa-fw"></i><?php echo _("Configure Auth"); ?></div>
2016-07-09 00:00:53 +00:00
<div class="panel-body">
<p><?php $status->showMessages(); ?></p>
2016-09-11 19:48:12 +00:00
<form role="form" action="?page=auth_conf" method="POST">
2016-07-09 00:00:53 +00:00
<?php CSRFToken() ?>
<div class="row">
<div class="form-group col-md-4">
<label for="username"><?php echo _("Username"); ?></label>
2016-07-09 00:00:53 +00:00
<input type="text" class="form-control" name="username" value="<?php echo $username; ?>"/>
</div>
</div>
<div class="row">
<div class="form-group col-md-4">
<label for="password"><?php echo _("Old password"); ?></label>
2016-07-09 00:00:53 +00:00
<input type="password" class="form-control" name="oldpass"/>
</div>
</div>
<div class="row">
<div class="form-group col-md-4">
<label for="password"><?php echo _("New password"); ?></label>
2016-07-09 00:00:53 +00:00
<input type="password" class="form-control" name="newpass"/>
</div>
</div>
<div class="row">
<div class="form-group col-md-4">
<label for="password"><?php echo _("Repeat new password"); ?></label>
2016-07-09 00:00:53 +00:00
<input type="password" class="form-control" name="newpassagain"/>
</div>
</div>
2017-10-24 21:07:03 +00:00
<input type="submit" class="btn btn-outline btn-primary" name="UpdateAdminPassword" value="<?php echo _("Save settings"); ?>" />
2016-07-09 00:00:53 +00:00
</form>
</div><!-- /.panel-body -->
</div><!-- /.panel-default -->
</div><!-- /.col-lg-12 -->
</div><!-- /.row -->
2016-05-29 15:38:43 +00:00
<?php
}
?>