raspap-webgui/includes/admin.php

<?php

include_once( 'includes/status_messages.php' );

function DisplayAuthConfig($username, $password){
  $status = new StatusMessages();
  if (isset($_POST['UpdateAdminPassword'])) {
    if (CSRFValidate()) {
      if (password_verify($_POST['oldpass'], $password)) {
        $new_username=trim($_POST['username']);
        if ($_POST['newpass'] != $_POST['newpassagain']) {
          $status->addMessage('New passwords do not match', 'danger');
        } else if ($new_username == '') {
          $status->addMessage('Username must not be empty', 'danger');
        } else {
          if (!file_exists(RASPI_ADMIN_DETAILS)) {
              $tmpauth = fopen(RASPI_ADMIN_DETAILS, 'w');
              fclose($tmpauth);
	  }
          if ($auth_file = fopen(RASPI_ADMIN_DETAILS, 'w')) {
            fwrite($auth_file, $new_username.PHP_EOL);
            fwrite($auth_file, password_hash($_POST['newpass'], PASSWORD_BCRYPT).PHP_EOL);
            fclose($auth_file);
            $username = $new_username;
            $status->addMessage('Admin password updated');
          } else {
            $status->addMessage('Failed to update admin password', 'danger');
          }
        }
      } else {
        $status->addMessage('Old password does not match', 'danger');
      }
    } else {
      error_log('CSRF violation');
    }
  }
?>
  <div class="row">
    <div class="col-lg-12">
      <div class="panel panel-primary">
        <div class="panel-heading"><i class="fa fa-lock fa-fw"></i>Configure Auth</div>
        <div class="panel-body">
          <p><?php $status->showMessages(); ?></p>
          <form role="form" action="?page=auth_conf" method="POST">
            <?php CSRFToken() ?>
            <div class="row">
              <div class="form-group col-md-4">
                <label for="username">Username</label>
                <input type="text" class="form-control" name="username" value="<?php echo $username; ?>"/>
              </div>
            </div>
            <div class="row">
              <div class="form-group col-md-4">
                <label for="password">Old password</label>
                <input type="password" class="form-control" name="oldpass"/>
              </div>
            </div>
            <div class="row">
              <div class="form-group col-md-4">
                <label for="password">New password</label>
                <input type="password" class="form-control" name="newpass"/>
              </div>
            </div>
            <div class="row">
              <div class="form-group col-md-4">
                <label for="password">Repeat new password</label>
                <input type="password" class="form-control" name="newpassagain"/>
              </div>
            </div>
            <input type="submit" class="btn btn-outline btn-primary" name="UpdateAdminPassword" value="Save settings" />
          </form>
        </div><!-- /.panel-body -->
      </div><!-- /.panel-default -->
    </div><!-- /.col-lg-12 -->
  </div><!-- /.row -->
<?php 
}

?>
Add simple authentication 2016-05-29 17:38:43 +02:00			`<?php`

Move status messages into new class 2016-07-09 01:55:03 +02:00			`include_once( 'includes/status_messages.php' );`
Add simple authentication 2016-05-29 17:38:43 +02:00
Updated panel icon + standarized label 2016-06-14 13:05:39 +02:00			`function DisplayAuthConfig($username, $password){`
Tabs to spaces 2016-07-09 02:00:53 +02:00			`$status = new StatusMessages();`
			`if (isset($_POST['UpdateAdminPassword'])) {`
			`if (CSRFValidate()) {`
			`if (password_verify($_POST['oldpass'], $password)) {`
			`$new_username=trim($_POST['username']);`
			`if ($_POST['newpass'] != $_POST['newpassagain']) {`
			`$status->addMessage('New passwords do not match', 'danger');`
			`} else if ($new_username == '') {`
			`$status->addMessage('Username must not be empty', 'danger');`
			`} else {`
Moved RASPI_ADMIN_DETAILS file check to the admin.php page which will now create the file if it doesn't exist - to resolve #116. Commented out check on index.php 2017-10-14 05:36:42 +02:00			`if (!file_exists(RASPI_ADMIN_DETAILS)) {`
			`$tmpauth = fopen(RASPI_ADMIN_DETAILS, 'w');`
			`fclose($tmpauth);`
			`}`
Tabs to spaces 2016-07-09 02:00:53 +02:00			`if ($auth_file = fopen(RASPI_ADMIN_DETAILS, 'w')) {`
Some validation on POST data 2016-08-05 22:38:02 +02:00			`fwrite($auth_file, $new_username.PHP_EOL);`
Tabs to spaces 2016-07-09 02:00:53 +02:00			`fwrite($auth_file, password_hash($_POST['newpass'], PASSWORD_BCRYPT).PHP_EOL);`
			`fclose($auth_file);`
			`$username = $new_username;`
			`$status->addMessage('Admin password updated');`
			`} else {`
			`$status->addMessage('Failed to update admin password', 'danger');`
			`}`
			`}`
			`} else {`
			`$status->addMessage('Old password does not match', 'danger');`
			`}`
Add CSRF token to password change page 2016-06-24 23:39:39 +02:00			`} else {`
Tabs to spaces 2016-07-09 02:00:53 +02:00			`error_log('CSRF violation');`
Add CSRF token to password change page 2016-06-24 23:39:39 +02:00			`}`
Add simple authentication 2016-05-29 17:38:43 +02:00			`}`
			`?>`
Tabs to spaces 2016-07-09 02:00:53 +02:00			`<div class="row">`
			`<div class="col-lg-12">`
			`<div class="panel panel-primary">`
			`<div class="panel-heading"><i class="fa fa-lock fa-fw"></i>Configure Auth</div>`
			`<div class="panel-body">`
			`<p><?php $status->showMessages(); ?></p>`
Set form actions correctly 2016-09-11 21:48:12 +02:00			`<form role="form" action="?page=auth_conf" method="POST">`
Tabs to spaces 2016-07-09 02:00:53 +02:00			`<?php CSRFToken() ?>`
			`<div class="row">`
			`<div class="form-group col-md-4">`
			`<label for="username">Username</label>`
			`<input type="text" class="form-control" name="username" value="<?php echo $username; ?>"/>`
			`</div>`
			`</div>`
			`<div class="row">`
			`<div class="form-group col-md-4">`
			`<label for="password">Old password</label>`
			`<input type="password" class="form-control" name="oldpass"/>`
			`</div>`
			`</div>`
			`<div class="row">`
			`<div class="form-group col-md-4">`
			`<label for="password">New password</label>`
			`<input type="password" class="form-control" name="newpass"/>`
			`</div>`
			`</div>`
			`<div class="row">`
			`<div class="form-group col-md-4">`
			`<label for="password">Repeat new password</label>`
			`<input type="password" class="form-control" name="newpassagain"/>`
			`</div>`
			`</div>`
			`<input type="submit" class="btn btn-outline btn-primary" name="UpdateAdminPassword" value="Save settings" />`
			`</form>`
			`</div><!-- /.panel-body -->`
			`</div><!-- /.panel-default -->`
			`</div><!-- /.col-lg-12 -->`
			`</div><!-- /.row -->`
Add simple authentication 2016-05-29 17:38:43 +02:00			`<?php`
			`}`

			`?>`