mirror of
https://github.com/RaspAP/raspap-webgui.git
synced 2024-11-21 15:10:22 +00:00
Add authentication to ajax pages, thx @lts-rad
This commit is contained in:
billz
parent
e92835f89d
commit
c98d2b0c15
22 changed files with 77 additions and 32 deletions
|
|
@ -2,6 +2,8 @@
|
||||||
|
|
||||||
require '../../includes/csrf.php';
|
require '../../includes/csrf.php';
|
||||||
require_once '../../includes/config.php';
|
require_once '../../includes/config.php';
|
||||||
|
require_once '../../src/RaspAP/Auth/HTTPAuth.php';
|
||||||
|
require_once '../../includes/authenticate.php';
|
||||||
|
|
||||||
if (isset($_POST['blocklist_id'])) {
|
if (isset($_POST['blocklist_id'])) {
|
||||||
$blocklist_id = escapeshellcmd($_POST['blocklist_id']);
|
$blocklist_id = escapeshellcmd($_POST['blocklist_id']);
|
||||||
|
|
@ -50,4 +52,3 @@ if (isset($_POST['blocklist_id'])) {
|
||||||
$jsonData = ['return'=>2,'output'=>['Error getting data']];
|
$jsonData = ['return'=>2,'output'=>['Error getting data']];
|
||||||
echo json_encode($jsonData);
|
echo json_encode($jsonData);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,8 +1,9 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
require '../../includes/csrf.php';
|
require '../../includes/csrf.php';
|
||||||
|
|
||||||
require_once '../../includes/config.php';
|
require_once '../../includes/config.php';
|
||||||
|
require_once '../../src/RaspAP/Auth/HTTPAuth.php';
|
||||||
|
require_once '../../includes/authenticate.php';
|
||||||
|
|
||||||
$interface = filter_input(INPUT_GET, 'inet', FILTER_SANITIZE_SPECIAL_CHARS);
|
$interface = filter_input(INPUT_GET, 'inet', FILTER_SANITIZE_SPECIAL_CHARS);
|
||||||
if (empty($interface)) {
|
if (empty($interface)) {
|
||||||
|
|
@ -14,7 +15,6 @@ if (empty($interface)) {
|
||||||
exit('No network interfaces found.');
|
exit('No network interfaces found.');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
define('IFNAMSIZ', 16);
|
define('IFNAMSIZ', 16);
|
||||||
if (strlen($interface) > IFNAMSIZ) {
|
if (strlen($interface) > IFNAMSIZ) {
|
||||||
exit('Interface name too long.');
|
exit('Interface name too long.');
|
||||||
|
|
@ -81,5 +81,3 @@ for ($i = count($jsonData) - 1; $i >= 0; --$i) {
|
||||||
}
|
}
|
||||||
|
|
||||||
echo ' ]';
|
echo ' ]';
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,9 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
require '../../includes/csrf.php';
|
require '../../includes/csrf.php';
|
||||||
|
require_once '../../includes/config.php';
|
||||||
|
require_once '../../src/RaspAP/Auth/HTTPAuth.php';
|
||||||
|
require_once '../../includes/authenticate.php';
|
||||||
|
|
||||||
if (filter_input(INPUT_GET, 'tu') == 'h') {
|
if (filter_input(INPUT_GET, 'tu') == 'h') {
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -2,12 +2,19 @@
|
||||||
|
|
||||||
require '../../includes/csrf.php';
|
require '../../includes/csrf.php';
|
||||||
require_once '../../includes/config.php';
|
require_once '../../includes/config.php';
|
||||||
|
require_once '../../src/RaspAP/Auth/HTTPAuth.php';
|
||||||
|
require_once '../../includes/authenticate.php';
|
||||||
require_once '../../includes/functions.php';
|
require_once '../../includes/functions.php';
|
||||||
|
|
||||||
if (isset($_POST['logfile'])) {
|
if (isset($_POST['logfile'])) {
|
||||||
$logfile = escapeshellcmd($_POST['logfile']);
|
$logfile = escapeshellarg($_POST['logfile']);
|
||||||
|
$valid = '/(\/var\/log|\/tmp)/';
|
||||||
|
|
||||||
|
if (preg_match($valid, $logfile)) {
|
||||||
// truncate requested log file
|
// truncate requested log file
|
||||||
exec("sudo truncate -s 0 $logfile", $return);
|
exec("sudo truncate -s 0 $logfile", $return);
|
||||||
|
} else {
|
||||||
|
$return = 1;
|
||||||
|
}
|
||||||
echo json_encode($return);
|
echo json_encode($return);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,8 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
require_once '../../includes/config.php';
|
require_once '../../includes/config.php';
|
||||||
|
require_once '../../src/RaspAP/Auth/HTTPAuth.php';
|
||||||
|
require_once '../../includes/authenticate.php';
|
||||||
require_once '../../includes/session.php';
|
require_once '../../includes/session.php';
|
||||||
require_once '../../includes/functions.php';
|
require_once '../../includes/functions.php';
|
||||||
|
|
||||||
|
|
@ -32,4 +34,3 @@ if (isset($_POST['csrf_token'])) {
|
||||||
} else {
|
} else {
|
||||||
handleInvalidCSRFToken();
|
handleInvalidCSRFToken();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,9 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
require '../../includes/csrf.php';
|
require '../../includes/csrf.php';
|
||||||
|
require_once '../../includes/config.php';
|
||||||
|
require_once '../../src/RaspAP/Auth/HTTPAuth.php';
|
||||||
|
require_once '../../includes/authenticate.php';
|
||||||
|
|
||||||
exec("ls /sys/class/net | grep -v lo", $interfaces);
|
exec("ls /sys/class/net | grep -v lo", $interfaces);
|
||||||
echo json_encode($interfaces);
|
echo json_encode($interfaces);
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,8 @@
|
||||||
|
|
||||||
require '../../includes/csrf.php';
|
require '../../includes/csrf.php';
|
||||||
require_once '../../includes/config.php';
|
require_once '../../includes/config.php';
|
||||||
|
require_once '../../src/RaspAP/Auth/HTTPAuth.php';
|
||||||
|
require_once '../../includes/authenticate.php';
|
||||||
|
|
||||||
exec('cat '. RASPI_HOSTAPD_CONFIG, $hostapdconfig);
|
exec('cat '. RASPI_HOSTAPD_CONFIG, $hostapdconfig);
|
||||||
$arrConfig = array();
|
$arrConfig = array();
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,10 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
require '../../includes/csrf.php';
|
require '../../includes/csrf.php';
|
||||||
require '../../src/RaspAP/Parsers/IwParser.php';
|
require_once '../../includes/config.php';
|
||||||
|
require_once '../../src/RaspAP/Auth/HTTPAuth.php';
|
||||||
|
require_once '../../src/RaspAP/Parsers/IwParser.php';
|
||||||
|
require_once '../../includes/authenticate.php';
|
||||||
|
|
||||||
if (isset($_POST['interface'])) {
|
if (isset($_POST['interface'])) {
|
||||||
|
|
||||||
|
|
@ -11,4 +14,3 @@ if (isset($_POST['interface'])) {
|
||||||
|
|
||||||
echo json_encode($supportedFrequencies);
|
echo json_encode($supportedFrequencies);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -3,6 +3,9 @@
|
||||||
require '../../includes/csrf.php';
|
require '../../includes/csrf.php';
|
||||||
|
|
||||||
require_once '../../includes/functions.php';
|
require_once '../../includes/functions.php';
|
||||||
|
require_once '../../includes/config.php';
|
||||||
|
require_once '../../src/RaspAP/Auth/HTTPAuth.php';
|
||||||
|
require_once '../../includes/authenticate.php';
|
||||||
|
|
||||||
if (isset($_POST['interface'])) {
|
if (isset($_POST['interface'])) {
|
||||||
$int = preg_replace('/[^a-z0-9]/', '', $_POST['interface']);
|
$int = preg_replace('/[^a-z0-9]/', '', $_POST['interface']);
|
||||||
|
|
|
||||||
|
|
@ -2,8 +2,10 @@
|
||||||
|
|
||||||
require '../../includes/csrf.php';
|
require '../../includes/csrf.php';
|
||||||
require_once '../../includes/config.php';
|
require_once '../../includes/config.php';
|
||||||
|
require_once '../../src/RaspAP/Auth/HTTPAuth.php';
|
||||||
|
require_once '../../includes/authenticate.php';
|
||||||
|
|
||||||
$interface = $_GET['iface'];
|
$interface = $_POST['iface'];
|
||||||
|
|
||||||
if (isset($interface)) {
|
if (isset($interface)) {
|
||||||
// fetch dnsmasq.conf settings for interface
|
// fetch dnsmasq.conf settings for interface
|
||||||
|
|
|
||||||
|
|
@ -2,12 +2,19 @@
|
||||||
|
|
||||||
require '../../includes/csrf.php';
|
require '../../includes/csrf.php';
|
||||||
require_once '../../includes/config.php';
|
require_once '../../includes/config.php';
|
||||||
|
require_once '../../src/RaspAP/Auth/HTTPAuth.php';
|
||||||
|
require_once '../../includes/authenticate.php';
|
||||||
require_once '../../includes/locale.php';
|
require_once '../../includes/locale.php';
|
||||||
|
|
||||||
if (isset($_POST['interface'])) {
|
if (isset($_POST['interface'])) {
|
||||||
|
|
||||||
define( 'NL80211_BAND_24GHZ', 0x1 );
|
define( 'NL80211_BAND_24GHZ', 0x1 );
|
||||||
define( 'NL80211_BAND_5GHZ', 0x2 );
|
define( 'NL80211_BAND_5GHZ', 0x2 );
|
||||||
|
|
||||||
|
if(!preg_match('/^[a-zA-Z0-9]+$/', $_POST['interface'])) {
|
||||||
|
exit('Invalid interface name.');
|
||||||
|
}
|
||||||
|
|
||||||
$iface = escapeshellcmd($_POST['interface']);
|
$iface = escapeshellcmd($_POST['interface']);
|
||||||
$flags = 0;
|
$flags = 0;
|
||||||
|
|
||||||
|
|
@ -40,4 +47,3 @@ if (isset($_POST['interface'])) {
|
||||||
}
|
}
|
||||||
echo json_encode($msg);
|
echo json_encode($msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -2,8 +2,9 @@
|
||||||
|
|
||||||
require '../../includes/csrf.php';
|
require '../../includes/csrf.php';
|
||||||
require_once '../../includes/config.php';
|
require_once '../../includes/config.php';
|
||||||
|
require_once '../../src/RaspAP/Auth/HTTPAuth.php';
|
||||||
|
require_once '../../includes/authenticate.php';
|
||||||
|
|
||||||
// fetch wg client.conf
|
// fetch wg client.conf
|
||||||
exec('sudo cat '. RASPI_WIREGUARD_PATH.'client.conf', $return);
|
exec('sudo cat '. RASPI_WIREGUARD_PATH.'client.conf', $return);
|
||||||
echo implode(PHP_EOL,$return);
|
echo implode(PHP_EOL,$return);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,8 @@
|
||||||
|
|
||||||
require '../../includes/csrf.php';
|
require '../../includes/csrf.php';
|
||||||
require_once '../../includes/config.php';
|
require_once '../../includes/config.php';
|
||||||
|
require_once '../../src/RaspAP/Auth/HTTPAuth.php';
|
||||||
|
require_once '../../includes/authenticate.php';
|
||||||
|
|
||||||
$entity = escapeshellcmd($_POST['entity']);
|
$entity = escapeshellcmd($_POST['entity']);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,8 @@
|
||||||
|
|
||||||
require '../../includes/csrf.php';
|
require '../../includes/csrf.php';
|
||||||
require_once '../../includes/config.php';
|
require_once '../../includes/config.php';
|
||||||
|
require_once '../../src/RaspAP/Auth/HTTPAuth.php';
|
||||||
|
require_once '../../includes/authenticate.php';
|
||||||
require_once '../../includes/defaults.php';
|
require_once '../../includes/defaults.php';
|
||||||
require_once '../../includes/functions.php';
|
require_once '../../includes/functions.php';
|
||||||
require_once '../../includes/wifi_functions.php';
|
require_once '../../includes/wifi_functions.php';
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,8 @@
|
||||||
|
|
||||||
require '../../includes/csrf.php';
|
require '../../includes/csrf.php';
|
||||||
require_once '../../includes/config.php';
|
require_once '../../includes/config.php';
|
||||||
|
require_once '../../src/RaspAP/Auth/HTTPAuth.php';
|
||||||
|
require_once '../../includes/authenticate.php';
|
||||||
require_once '../../includes/functions.php';
|
require_once '../../includes/functions.php';
|
||||||
|
|
||||||
if (isset($_POST['cfg_id'])) {
|
if (isset($_POST['cfg_id'])) {
|
||||||
|
|
@ -24,4 +26,3 @@ if (isset($_POST['cfg_id'])) {
|
||||||
|
|
||||||
echo json_encode($return);
|
echo json_encode($return);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,8 @@
|
||||||
|
|
||||||
require '../../includes/csrf.php';
|
require '../../includes/csrf.php';
|
||||||
require_once '../../includes/config.php';
|
require_once '../../includes/config.php';
|
||||||
|
require_once '../../src/RaspAP/Auth/HTTPAuth.php';
|
||||||
|
require_once '../../includes/authenticate.php';
|
||||||
require_once '../../includes/functions.php';
|
require_once '../../includes/functions.php';
|
||||||
|
|
||||||
if (isset($_POST['cfg_id'])) {
|
if (isset($_POST['cfg_id'])) {
|
||||||
|
|
@ -11,4 +13,3 @@ if (isset($_POST['cfg_id'])) {
|
||||||
$jsonData = ['return'=>$return];
|
$jsonData = ['return'=>$return];
|
||||||
echo json_encode($jsonData);
|
echo json_encode($jsonData);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,9 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
require '../../includes/csrf.php';
|
require '../../includes/csrf.php';
|
||||||
|
require_once '../../includes/config.php';
|
||||||
|
require_once '../../src/RaspAP/Auth/HTTPAuth.php';
|
||||||
|
require_once '../../includes/authenticate.php';
|
||||||
|
|
||||||
$action = escapeshellcmd($_POST['a']);
|
$action = escapeshellcmd($_POST['a']);
|
||||||
|
|
||||||
|
|
@ -18,4 +21,3 @@ if (isset($action)) {
|
||||||
}
|
}
|
||||||
echo json_encode($response);
|
echo json_encode($response);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,8 @@
|
||||||
|
|
||||||
require '../../includes/csrf.php';
|
require '../../includes/csrf.php';
|
||||||
require_once '../../includes/config.php';
|
require_once '../../includes/config.php';
|
||||||
|
require_once '../../src/RaspAP/Auth/HTTPAuth.php';
|
||||||
|
require_once '../../includes/authenticate.php';
|
||||||
|
|
||||||
if (isset($_POST['csrf_token'])) {
|
if (isset($_POST['csrf_token'])) {
|
||||||
if (csrfValidateRequest() && !CSRFValidate()) {
|
if (csrfValidateRequest() && !CSRFValidate()) {
|
||||||
|
|
@ -20,4 +22,3 @@ if (isset($_POST['csrf_token'])) {
|
||||||
} else {
|
} else {
|
||||||
handleInvalidCSRFToken();
|
handleInvalidCSRFToken();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,8 @@
|
||||||
|
|
||||||
require '../../includes/csrf.php';
|
require '../../includes/csrf.php';
|
||||||
require_once '../../includes/config.php';
|
require_once '../../includes/config.php';
|
||||||
|
require_once '../../src/RaspAP/Auth/HTTPAuth.php';
|
||||||
|
require_once '../../includes/authenticate.php';
|
||||||
|
|
||||||
$tempDir = sys_get_temp_dir();
|
$tempDir = sys_get_temp_dir();
|
||||||
$filePath = $tempDir . DIRECTORY_SEPARATOR . RASPI_DEBUG_LOG;
|
$filePath = $tempDir . DIRECTORY_SEPARATOR . RASPI_DEBUG_LOG;
|
||||||
|
|
@ -19,4 +21,3 @@ if (isset($filePath)) {
|
||||||
header('Location: '.'/system_info');
|
header('Location: '.'/system_info');
|
||||||
exit();
|
exit();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,9 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
require '../../includes/csrf.php';
|
require '../../includes/csrf.php';
|
||||||
|
require_once '../../includes/config.php';
|
||||||
|
require_once '../../src/RaspAP/Auth/HTTPAuth.php';
|
||||||
|
require_once '../../includes/authenticate.php';
|
||||||
|
|
||||||
if (isset($_POST['csrf_token'])) {
|
if (isset($_POST['csrf_token'])) {
|
||||||
if (csrfValidateRequest() && !CSRFValidate()) {
|
if (csrfValidateRequest() && !CSRFValidate()) {
|
||||||
|
|
@ -18,4 +21,3 @@ if (isset($_POST['csrf_token'])) {
|
||||||
} else {
|
} else {
|
||||||
handleInvalidCSRFToken();
|
handleInvalidCSRFToken();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,9 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
|
require_once '../../includes/config.php';
|
||||||
|
require_once '../../src/RaspAP/Auth/HTTPAuth.php';
|
||||||
|
require_once '../../includes/authenticate.php';
|
||||||
|
|
||||||
$logFile = '/tmp/raspap_install.log';
|
$logFile = '/tmp/raspap_install.log';
|
||||||
$searchStrings = [
|
$searchStrings = [
|
||||||
'Configure update' => 1,
|
'Configure update' => 1,
|
||||||
|
|
@ -40,4 +44,3 @@ if (file_exists($logFile)) {
|
||||||
} else {
|
} else {
|
||||||
echo json_encode("File does not exist: $logFile");
|
echo json_encode("File does not exist: $logFile");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -216,7 +216,8 @@ Option toggles are set dynamically depending on the loaded configuration
|
||||||
*/
|
*/
|
||||||
function loadInterfaceDHCPSelect() {
|
function loadInterfaceDHCPSelect() {
|
||||||
var strInterface = $('#cbxdhcpiface').val();
|
var strInterface = $('#cbxdhcpiface').val();
|
||||||
$.get('ajax/networking/get_netcfg.php?iface='+strInterface,function(data){
|
var csrfToken = $('meta[name=csrf_token]').attr('content');
|
||||||
|
$.post('ajax/networking/get_netcfg.php', {'iface' : strInterface, 'csrf_token': csrfToken}, function(data){
|
||||||
jsonData = JSON.parse(data);
|
jsonData = JSON.parse(data);
|
||||||
$('#dhcp-iface')[0].checked = jsonData.DHCPEnabled;
|
$('#dhcp-iface')[0].checked = jsonData.DHCPEnabled;
|
||||||
$('#txtipaddress').val(jsonData.StaticIP);
|
$('#txtipaddress').val(jsonData.StaticIP);
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue