From d76984517c4e29e8af3751134d6cb361bdbb1c65 Mon Sep 17 00:00:00 2001 From: billz Date: Mon, 12 Dec 2022 12:44:20 +0100 Subject: [PATCH] Add RASPI_AUTH_ENABLED flag to config #280 --- config/config.php | 5 ++++- includes/authenticate.php | 24 +++++++++++++----------- 2 files changed, 17 insertions(+), 12 deletions(-) diff --git a/config/config.php b/config/config.php index d4f9266e..4589092d 100755 --- a/config/config.php +++ b/config/config.php @@ -29,10 +29,13 @@ define('RASPI_LIGHTTPD_CONFIG', '/etc/lighttpd/lighttpd.conf'); define('RASPI_ACCESS_CHECK_IP', '1.1.1.1'); define('RASPI_ACCESS_CHECK_DNS', 'one.one.one.one'); -// Constant for the 5GHz wireless regulatory domain +// Constants for the 5GHz wireless regulatory domain. define('RASPI_5GHZ_ISO_ALPHA2', array('NL','US')); define('RASPI_5GHZ_MAX_CHANNEL', 165); +// Enable basic authentication for the web admin. +define('RASPI_AUTH_ENABLED', true); + // Optional services, set to true to enable. define('RASPI_WIFICLIENT_ENABLED', true); define('RASPI_HOTSPOT_ENABLED', true); diff --git a/includes/authenticate.php b/includes/authenticate.php index af2eb307..3059ff42 100755 --- a/includes/authenticate.php +++ b/includes/authenticate.php @@ -5,16 +5,18 @@ $pass = $_SERVER['PHP_AUTH_PW'] ?? ""; require_once RASPI_CONFIG.'/raspap.php'; $config = getConfig(); -$validated = ($user == $config['admin_user']) && password_verify($pass, $config['admin_pass']); - -if (!$validated) { - header('WWW-Authenticate: Basic realm="RaspAP"'); - if (function_exists('http_response_code')) { - // http_response_code will respond with proper HTTP version back. - http_response_code(401); - } else { - header('HTTP/1.0 401 Unauthorized'); +if (RASPI_AUTH_ENABLED) { + $validated = ($user == $config['admin_user']) && password_verify($pass, $config['admin_pass']); + if (!$validated) { + header('WWW-Authenticate: Basic realm="RaspAP"'); + if (function_exists('http_response_code')) { + // http_response_code will respond with proper HTTP version back. + http_response_code(401); + } else { + header('HTTP/1.0 401 Unauthorized'); + } + exit('Not authorized'.PHP_EOL); } - - exit('Not authorized'.PHP_EOL); +} else { + $validated = true; }