frodovdr/raspap-webgui
1
0
Fork 0
mirror of https://github.com/billz/raspap-webgui.git synced 2023-10-10 13:37:24 +02:00
Code Issues Releases Wiki Activity

Merge pull request #19 from jrmhaig/master

Browse Source 
Validations on HostAPD fields
This commit is contained in:
Bill Zimmerman 2016-08-08 10:58:10 -07:00 committed by GitHub
commit 0b41c39a65
4 changed files with 387 additions and 348 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

251
includes/functions.php
View File

@ -20,6 +20,35 @@ function CSRFValidate() {
return hash_equals($_POST['csrf_token'], $_SESSION['csrf_token']); return hash_equals($_POST['csrf_token'], $_SESSION['csrf_token']);
} }
/**
* Test whether array is associative
*/
function isAssoc($arr) {
return array_keys($arr) !== range(0, count($arr) - 1);
}
/**
*
* Display a selector field for a form. Arguments are:
* $name: Field name
* $options: Array of options
* $selected: Selected option (optional)
* If $options is an associative array this should be the key
*
*/
function SelectorOptions($name, $options, $selected = null) {
echo "<select class=\"form-control\" name=\"$name\">";
foreach ( $options as $opt => $label) {
$select = '';
$key = isAssoc($options) ? $opt : $label;
if( $key == $selected ) {
$select = " selected";
}
echo "<option value=\"$key\"$select>$label</options>";
}
echo "</select>";
}
/** /**
* *
* @param string $input * @param string $input
@ -375,186 +404,6 @@ update_config=1
<?php <?php
} }
/**
*
*
*/
function DisplayHostAPDConfig(){
exec( 'cat '. RASPI_HOSTAPD_CONFIG, $return );
exec( 'pidof hostapd | wc -l', $hostapdstatus);
if( $hostapdstatus[0] == 0 ) {
$status = '<div class="alert alert-warning alert-dismissable">HostAPD is not running
<button type="button" class="close" data-dismiss="alert" aria-hidden="true">×</button></div>';
} else {
$status = '<div class="alert alert-success alert-dismissable">HostAPD is running
<button type="button" class="close" data-dismiss="alert" aria-hidden="true">×</button></div>';
}
$arrConfig = array();
$arrChannel = array('a','b','g');
$arrSecurity = array( 1 => 'WPA', 2 => 'WPA2',3=> 'WPA+WPA2');
$arrEncType = array('TKIP' => 'TKIP', 'CCMP' => 'CCMP', 'TKIP CCMP' => 'TKIP+CCMP');
foreach( $return as $a ) {
if( $a[0] != "#" ) {
$arrLine = explode( "=",$a) ;
$arrConfig[$arrLine[0]]=$arrLine[1];
}
};
?>
<div class="row">
<div class="col-lg-12">
<div class="panel panel-primary">
<div class="panel-heading"><i class="fa fa-dot-circle-o fa-fw"></i> Configure hotspot
</div>
<!-- /.panel-heading -->
<div class="panel-body">
<!-- Nav tabs -->
<ul class="nav nav-tabs">
<li class="active"><a href="#basic" data-toggle="tab">Basic</a>
</li>
<li><a href="#security" data-toggle="tab">Security</a>
</li>
<li><a href="#advanced" data-toggle="tab">Advanced</a>
</li>
</ul>
<!-- Tab panes -->
<div class="tab-content">
<p><?php echo $status; ?></p>
<div class="tab-pane fade in active" id="basic">
<h4>Basic settings</h4>
<form role="form" action="/?page=save_hostapd_conf" method="POST">
<div class="row">
<div class="form-group col-md-4">
<label for="code">Interface</label>
<select class="form-control" name="interface">
<?php
exec("ip -o link show | awk -F': ' '{print $2}'", $interfaces);
foreach( $interfaces as $int ) {
$select = '';
if( $int == $arrConfig['interface'] ) {
$select = " selected";
}
echo '<option value="'.$int.'"'.$select.'>'.$int.'</option>';
}
?>
</select>
</div>
</div>
<div class="row">
<div class="form-group col-md-4">
<label for="code">SSID</label>
<input type="text" class="form-control" name="ssid" value="<?php echo $arrConfig['ssid']; ?>" />
</div>
</div>
<div class="row">
<div class="form-group col-md-4">
<label for="code">Wireless Mode</label>
<select class="form-control" name="hw_mode">
<?php
foreach( $arrChannel as $Mode ) {
$select = '';
if( $arrConfig['hw_mode'] == $Mode ) {
$select = ' selected';
}
echo '<option value="'.$Mode.'"'.$select.'>'.$Mode.'</option>';
}
?>
</select>
</div>
</div>
<div class="row">
<div class="form-group col-md-4">
<label for="code">Channel</label>
<select class="form-control" name="channel">'
<?php
for( $channel = 1; $channel < 14; $channel++ ) {
$select = '';
if( $channel == $arrConfig['channel'] ) {
$select = " selected";
}
echo '<option value="'.$channel.'"'.$select.'>'.$channel.'</option>';
}
?>
</select>
</div>
</div>
</div>
<div class="tab-pane fade" id="security">
<h4>Security settings</h4>
<div class="row">
<div class="form-group col-md-4">
<label for="code">Security type</label>
<select class="form-control" name="wpa">
<?php
foreach( $arrSecurity as $SecVal => $SecMode ) {
$select = '';
if( $SecVal == $arrConfig['wpa'] ) {
$select = ' selected';
}
echo '<option value="'.$SecVal.'"'.$select.'>'.$SecMode.'</option>';
}
?>
</select>
</div>
</div>
<div class="row">
<div class="form-group col-md-4">
<label for="code">Encryption Type</label>
<select class="form-control" name="wpa_pairwise">
<?php
foreach( $arrEncType as $EncConf => $Enc ) {
$select = '';
if( $Enc == $arrConfig['wpa_pairwise'] ) {
$select = ' selected';
}
echo '<option value="'.$EncConf.'"'.$select.'>'.$Enc.'</option>';
} ?>
</select>
</div>
</div>
<div class="row">
<div class="form-group col-md-4">
<label for="code">PSK</label>
<input type="text" class="form-control" name="wpa_passphrase" value="<?php echo $arrConfig['wpa_passphrase'] ?>" />
</div>
</div>
</div>
<div class="tab-pane fade in" id="advanced">
<h4>Advanced settings</h4>
<div class="row">
<div class="form-group col-md-4">
<label for="code">Country Code</label>
<input type="text" class="form-control" name="country_code" value="<?php echo $arrConfig['country_code'] ?>" />
</div>
</div>
</div>
<input type="submit" class="btn btn-outline btn-primary" name="SaveHostAPDSettings" value="Save settings" />
<?php
if($hostapdstatus[0] == 0) {
echo '<input type="submit" class="btn btn-success" name="StartHotspot" value="Start hotspot" />';
} else {
echo '<input type="submit" class="btn btn-warning" name="StopHotspot" value="Stop hotspot" />';
};
?>
</form>
</div><!-- ./ Panel body -->
</div><!-- /.panel-primary -->
<div class="panel-footer"> Information provided by hostapd</div>
</div><!-- /.col-lg-12 -->
</div><!-- /.row -->
<?php
}
/**
*
*
*/
function DisplayOpenVPNConfig() { function DisplayOpenVPNConfig() {
exec( 'cat '. RASPI_OPENVPN_CLIENT_CONFIG, $returnClient ); exec( 'cat '. RASPI_OPENVPN_CLIENT_CONFIG, $returnClient );
@ -925,48 +774,11 @@ function DisplaySystem(){
* *
* *
*/ */
function SaveHostAPDConfig(){ function SaveTORAndVPNConfig(){
if( isset($_POST['SaveHostAPDSettings']) ) { if( isset($_POST['SaveOpenVPNSettings']) ) {
$config = 'driver=nl80211'.PHP_EOL
.'ctrl_interface='.RASPI_HOSTAPD_CTRL_INTERFACE.PHP_EOL
.'ctrl_interface_group=0'.PHP_EOL
.'beacon_int=100'.PHP_EOL
.'auth_algs=1'.PHP_EOL
.'wpa_key_mgmt=WPA-PSK'.PHP_EOL;
$config .= "interface=".$_POST['interface'].PHP_EOL;
$config .= "ssid=".$_POST['ssid'].PHP_EOL;
$config .= "hw_mode=".$_POST['hw_mode'].PHP_EOL;
$config .= "channel=".$_POST['channel'].PHP_EOL;
$config .= "wpa=".$_POST['wpa'].PHP_EOL;
$config .='wpa_passphrase='.$_POST['wpa_passphrase'].PHP_EOL;
$config .="wpa_pairwise=".$_POST['wpa_pairwise'].PHP_EOL;
$config .="country_code=".$_POST['country_code'];
exec( "echo '$config' > /tmp/hostapddata", $return );
system( "sudo cp /tmp/hostapddata " . RASPI_HOSTAPD_CONFIG, $return );
if( $return == 0 ) {
echo "Wifi Hotspot settings saved";
} else {
echo "Wifi Hotspot settings failed to be saved";
}
} elseif( isset($_POST['SaveOpenVPNSettings']) ) {
// TODO // TODO
} elseif( isset($_POST['SaveTORProxySettings']) ) { } elseif( isset($_POST['SaveTORProxySettings']) ) {
// TODO // TODO
} elseif( isset($_POST['StartHotspot']) ) {
echo "Attempting to start hotspot";
exec( 'sudo /etc/init.d/hostapd start', $return );
foreach( $return as $line ) {
echo $line."<br />";
}
} elseif( isset($_POST['StopHotspot']) ) {
echo "Attempting to stop hotspot";
exec( 'sudo /etc/init.d/hostapd stop', $return );
foreach( $return as $line ) {
echo $line."<br />";
}
} elseif( isset($_POST['StartOpenVPN']) ) { } elseif( isset($_POST['StartOpenVPN']) ) {
echo "Attempting to start openvpn"; echo "Attempting to start openvpn";
exec( 'sudo /etc/init.d/openvpn start', $return ); exec( 'sudo /etc/init.d/openvpn start', $return );
@ -994,4 +806,3 @@ function SaveHostAPDConfig(){
} }
} }
?> ?>

227
includes/hostapd.php Executable file
View File

@ -0,0 +1,227 @@
<?php
include_once( 'includes/status_messages.php' );
/**
*
*
*/
function DisplayHostAPDConfig(){
$status = new StatusMessages();
$arrConfig = array();
$arrChannel = array('a','b','g');
$arrSecurity = array( 1 => 'WPA', 2 => 'WPA2',3=> 'WPA+WPA2');
$arrEncType = array('TKIP' => 'TKIP', 'CCMP' => 'CCMP', 'TKIP CCMP' => 'TKIP+CCMP');
exec("ip -o link show | awk -F': ' '{print $2}'", $interfaces);
if( isset($_POST['SaveHostAPDSettings']) ) {
if (CSRFValidate()) {
SaveHostAPDConfig($arrSecurity, $arrEncType, $arrChannel, $interfaces, $status);
} else {
error_log('CSRF violation');
}
} elseif( isset($_POST['StartHotspot']) ) {
if (CSRFValidate()) {
$status->addMessage('Attempting to start hotspot', 'info');
exec( 'sudo /etc/init.d/hostapd start', $return );
foreach( $return as $line ) {
$status->addMessage($line, 'info');
}
} else {
error_log('CSRF violation');
}
} elseif( isset($_POST['StopHotspot']) ) {
if (CSRFValidate()) {
$status->addMessage('Attempting to stop hotspot', 'info');
exec( 'sudo /etc/init.d/hostapd stop', $return );
foreach( $return as $line ) {
$status->addMessage($line, 'info');
}
} else {
error_log('CSRF violation');
}
}
exec( 'cat '. RASPI_HOSTAPD_CONFIG, $return );
exec( 'pidof hostapd | wc -l', $hostapdstatus);
if( $hostapdstatus[0] == 0 ) {
$status->addMessage('HostAPD is not running', 'warning');
} else {
$status->addMessage('HostAPD is running', 'success');
}
foreach( $return as $a ) {
if( $a[0] != "#" ) {
$arrLine = explode( "=",$a) ;
$arrConfig[$arrLine[0]]=$arrLine[1];
}
};
?>
<div class="row">
<div class="col-lg-12">
<div class="panel panel-primary">
<div class="panel-heading"><i class="fa fa-dot-circle-o fa-fw"></i> Configure hotspot</div>
<!-- /.panel-heading -->
<div class="panel-body">
<form role="form" action="/?page=hostapd_conf" method="POST">
<!-- Nav tabs -->
<ul class="nav nav-tabs">
<li class="active"><a href="#basic" data-toggle="tab">Basic</a></li>
<li><a href="#security" data-toggle="tab">Security</a></li>
<li><a href="#advanced" data-toggle="tab">Advanced</a></li>
</ul>
<!-- Tab panes -->
<div class="tab-content">
<p><?php $status->showMessages(); ?></p>
<div class="tab-pane fade in active" id="basic">
<h4>Basic settings</h4>
<?php CSRFToken() ?>
<div class="row">
<div class="form-group col-md-4">
<label for="code">Interface</label>
<?php
SelectorOptions('interface', $interfaces, $arrConfig['interface']);
?>
</div>
</div>
<div class="row">
<div class="form-group col-md-4">
<label for="code">SSID</label>
<input type="text" class="form-control" name="ssid" value="<?php echo $arrConfig['ssid']; ?>" />
</div>
</div>
<div class="row">
<div class="form-group col-md-4">
<label for="code">Wireless Mode</label>
<?php SelectorOptions('hw_mode', $arrChannel, $arrConfig['hw_mode']); ?>
</div>
</div>
<div class="row">
<div class="form-group col-md-4">
<label for="code">Channel</label>
<?php SelectorOptions('channel', range(1, 14), intval($arrConfig['channel'])) ?>
</div>
</div>
</div>
<div class="tab-pane fade" id="security">
<h4>Security settings</h4>
<div class="row">
<div class="form-group col-md-4">
<label for="code">Security type</label>
<?php SelectorOptions('wpa', $arrSecurity, $arrConfig['wpa']); ?>
</div>
</div>
<div class="row">
<div class="form-group col-md-4">
<label for="code">Encryption Type</label>
<?php SelectorOptions('wpa_pairwise', $arrEncType, $arrConfig['wpa_pairwise']); ?>
</div>
</div>
<div class="row">
<div class="form-group col-md-4">
<label for="code">PSK</label>
<input type="text" class="form-control" name="wpa_passphrase" value="<?php echo $arrConfig['wpa_passphrase'] ?>" />
</div>
</div>
</div>
<div class="tab-pane fade" id="advanced">
<h4>Advanced settings</h4>
<div class="row">
<div class="form-group col-md-4">
<label for="code">Country Code</label>
<input type="text" class="form-control" name="country_code" value="<?php echo $arrConfig['country_code'] ?>" />
</div>
</div>
</div><!-- ./ Panel body -->
<input type="submit" class="btn btn-outline btn-primary" name="SaveHostAPDSettings" value="Save settings" />
<?php
if($hostapdstatus[0] == 0) {
echo '<input type="submit" class="btn btn-success" name="StartHotspot" value="Start hotspot" />';
} else {
echo '<input type="submit" class="btn btn-warning" name="StopHotspot" value="Stop hotspot" />';
};
?>
</form>
</div><!-- /.panel-primary -->
<div class="panel-footer"> Information provided by hostapd</div>
</div><!-- /.col-lg-12 -->
</div><!-- /.row -->
<?php
}
function SaveHostAPDConfig($wpa_array, $enc_types, $modes, $interfaces, $status) {
// It should not be possible to send bad data for these fields so clearly
// someone is up to something if they fail. Fail silently.
if (!(array_key_exists($_POST['wpa'], $wpa_array) && array_key_exists($_POST['wpa_pairwise'], $enc_types) && in_array($_POST['hw_mode'], $modes))) {
error_log("Attempting to set hostapd config with wpa='".$_POST['wpa']."', wpa_pairwise='".$_POST['wpa_pairwise']."' and hw_mode='".$_POST['hw_mode']."'");
return false;
}
if ((!filter_var($_POST['channel'], FILTER_VALIDATE_INT)) || intval($_POST['channel']) < 1 || intval($_POST['channel']) > 14) {
error_log("Attempting to set channel to '".$_POST['channel']."'");
return false;
}
$good_input = true;
// Verify input
if (strlen($_POST['ssid']) == 0 || strlen($_POST['ssid']) > 32) {
// Not sure of all the restrictions of SSID
$status->addMessage('SSID must be between 1 and 32 characters', 'danger');
$good_input = false;
}
if (strlen($_POST['wpa_passphrase']) < 8 || strlen($_POST['wpa_passphrase']) > 63) {
$status->addMessage('WPA passphrase must be between 8 and 63 characters', 'danger');
$good_input = false;
}
if (! in_array($_POST['interface'], $interfaces)) {
// The user is probably up to something here but it may also be a
// genuine error.
$status->addMessage('Unknown interface '.$_POST['interface'], 'danger');
$good_input = false;
}
if (strlen($_POST['country_code']) != 0 && strlen($_POST['country_code']) != 2) {
$status->addMessage('Country code must be blank or two characters', 'danger');
$good_input = false;
}
if ($good_input) {
if ($tmp_file = fopen('/tmp/hostapddata', 'w')) {
// Fixed values
fwrite($tmp_file, 'driver=nl80211'.PHP_EOL);
fwrite($tmp_file, 'ctrl_interface='.RASPI_HOSTAPD_CTRL_INTERFACE.PHP_EOL);
fwrite($tmp_file, 'ctrl_interface_group=0'.PHP_EOL);
fwrite($tmp_file, 'beacon_int=100'.PHP_EOL);
fwrite($tmp_file, 'auth_algs=1'.PHP_EOL);
fwrite($tmp_file, 'wpa_key_mgmt=WPA-PSK'.PHP_EOL);
fwrite($tmp_file, 'ssid='.$_POST['ssid'].PHP_EOL);
fwrite($tmp_file, 'channel='.$_POST['channel'].PHP_EOL);
fwrite($tmp_file, 'hw_mode='.$_POST['hw_mode'].PHP_EOL);
fwrite($tmp_file, 'wpa_passphrase='.$_POST['wpa_passphrase'].PHP_EOL);
fwrite($tmp_file, 'interface='.$_POST['interface'].PHP_EOL);
fwrite($tmp_file, 'wpa='.$_POST['wpa'].PHP_EOL);
fwrite($tmp_file, 'wpa_pairwise='.$_POST['wpa_pairwise'].PHP_EOL);
fwrite($tmp_file, 'country_code='.$_POST['country_code'].PHP_EOL);
fclose($tmp_file);
system( "sudo cp /tmp/hostapddata " . RASPI_HOSTAPD_CONFIG, $return );
if( $return == 0 ) {
$status->addMessage('Wifi Hotspot settings saved', 'success');
} else {
$status->addMessage('Unable to save wifi hotspot settings', 'danger');
}
} else {
$status->addMessage('Unable to save wifi hotspot settings', 'danger');
return false;
}
}
return true;
}
?>

11
index.php
View File

@ -42,6 +42,7 @@ include_once( 'includes/functions.php' );
include_once( 'includes/authenticate.php' ); include_once( 'includes/authenticate.php' );
include_once( 'includes/admin.php' ); include_once( 'includes/admin.php' );
include_once( 'includes/dhcp.php' ); include_once( 'includes/dhcp.php' );
include_once( 'includes/hostapd.php' );
$output = $return = 0; $output = $return = 0;
$page = $_GET['page']; $page = $_GET['page'];
@ -59,7 +60,7 @@ $csrf_token = $_SESSION['csrf_token'];
<!DOCTYPE html> <!DOCTYPE html>
<html lang="en"> <html lang="en">
<head> <head>
<meta charset="utf-8"> <meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="viewport" content="width=device-width, initial-scale=1">
@ -96,8 +97,8 @@ $csrf_token = $_SESSION['csrf_token'];
<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script> <script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
<script src="https://oss.maxcdn.com/libs/respond.js/1.4.2/respond.min.js"></script> <script src="https://oss.maxcdn.com/libs/respond.js/1.4.2/respond.min.js"></script>
<![endif]--> <![endif]-->
</head> </head>
<body> <body>
<div id="wrapper"> <div id="wrapper">
<!-- Navigation --> <!-- Navigation -->
@ -186,7 +187,7 @@ $csrf_token = $_SESSION['csrf_token'];
DisplayAuthConfig($config['admin_user'], $config['admin_pass']); DisplayAuthConfig($config['admin_user'], $config['admin_pass']);
break; break;
case "save_hostapd_conf": case "save_hostapd_conf":
SaveHostAPDConfig(); SaveTORAndVPNConfig();
break; break;
case "system_info": case "system_info":
DisplaySystem(); DisplaySystem();
@ -217,5 +218,5 @@ $csrf_token = $_SESSION['csrf_token'];
<!-- Custom Theme JavaScript --> <!-- Custom Theme JavaScript -->
<script src="dist/js/sb-admin-2.js"></script> <script src="dist/js/sb-admin-2.js"></script>
</body> </body>
</html> </html>