Add RASPI_AUTH_ENABLED flag to config #280

config/config.php

@@ -29,10 +29,13 @@ define('RASPI_LIGHTTPD_CONFIG', '/etc/lighttpd/lighttpd.conf');
 define('RASPI_ACCESS_CHECK_IP', '1.1.1.1');
 define('RASPI_ACCESS_CHECK_DNS', 'one.one.one.one');
 
-// Constant for the 5GHz wireless regulatory domain
+// Constants for the 5GHz wireless regulatory domain.
 define('RASPI_5GHZ_ISO_ALPHA2', array('NL','US'));
 define('RASPI_5GHZ_MAX_CHANNEL', 165);
 
+// Enable basic authentication for the web admin.
+define('RASPI_AUTH_ENABLED', true);
+
 // Optional services, set to true to enable.
 define('RASPI_WIFICLIENT_ENABLED', true);
 define('RASPI_HOTSPOT_ENABLED', true);

includes/authenticate.php

@@ -5,16 +5,18 @@ $pass = $_SERVER['PHP_AUTH_PW'] ?? "";
 require_once RASPI_CONFIG.'/raspap.php';
 $config = getConfig();
 
-$validated = ($user == $config['admin_user']) && password_verify($pass, $config['admin_pass']);
+if (RASPI_AUTH_ENABLED) {
-
+    $validated = ($user == $config['admin_user']) && password_verify($pass, $config['admin_pass']);
-if (!$validated) {
+    if (!$validated) {
-    header('WWW-Authenticate: Basic realm="RaspAP"');
+        header('WWW-Authenticate: Basic realm="RaspAP"');
-    if (function_exists('http_response_code')) {
+        if (function_exists('http_response_code')) {
-        // http_response_code will respond with proper HTTP version back.
+            // http_response_code will respond with proper HTTP version back.
-        http_response_code(401);
+            http_response_code(401);
-    } else {
+        } else {
-        header('HTTP/1.0 401 Unauthorized');
+            header('HTTP/1.0 401 Unauthorized');
+        }
+        exit('Not authorized'.PHP_EOL);
     }
-
+} else {
-    exit('Not authorized'.PHP_EOL);
+    $validated = true;
 }