Apply patch from RaspAP/raspap-insiders#209

includes/admin.php

@@ -2,9 +2,13 @@
 
 require_once 'includes/status_messages.php';
 
-function DisplayAuthConfig($username, $password)
+function DisplayAuthConfig($username)
 {
     $status = new StatusMessages();
+    $auth = new \RaspAP\Authenticate\HTTPAuth;
+    $config = $auth->getAuthConfig();
+    $password = $config['admin_pass'];
+
     if (isset($_POST['UpdateAdminPassword'])) {
         if (password_verify($_POST['oldpass'], $password)) {
             $new_username=trim($_POST['username']);
@@ -33,5 +37,10 @@ function DisplayAuthConfig($username, $password)
         }
     }
 
-    echo renderTemplate("admin", compact("status", "username"));
+    echo renderTemplate(
+        "admin", compact(
+            "status",
+            "username"
+        )
+    );
 }

includes/authenticate.php

@@ -1,22 +1,16 @@
 <?php
-$user = $_SERVER['PHP_AUTH_USER'] ?? "";
-$pass = $_SERVER['PHP_AUTH_PW'] ?? "";
-
-require_once RASPI_CONFIG.'/raspap.php';
-$config = getConfig();
 
 if (RASPI_AUTH_ENABLED) {
-    $validated = ($user == $config['admin_user']) && password_verify($pass, $config['admin_pass']);
-    if (!$validated) {
-        header('WWW-Authenticate: Basic realm="RaspAP"');
-        if (function_exists('http_response_code')) {
-            // http_response_code will respond with proper HTTP version back.
-            http_response_code(401);
+    $user = $_SERVER['PHP_AUTH_USER'] ?? '';
+    $pass = $_SERVER['PHP_AUTH_PW'] ?? '';
+
+    $auth = new \RaspAP\Authenticate\HTTPAuth;
+
+    if (!$auth->isLogged()) {
+        if ($auth->login($user, $pass)) {
+            $config = $auth->getAuthConfig();
         } else {
-            header('HTTP/1.0 401 Unauthorized');
+            $auth->authenticate();
         }
-        exit('Not authorized'.PHP_EOL);
     }
-} else {
-    $validated = true;
 }

includes/functions.php

@@ -668,6 +668,7 @@ function getThemeOpt()
 {
     if (!isset($_COOKIE['theme'])) {
         $theme = "custom.php";
+        setcookie('theme', $theme);
     } else {
         $theme = $_COOKIE['theme'];
     }
@@ -680,6 +681,7 @@ function getColorOpt()
         $color = "#2b8080";
     } else {
         $color = $_COOKIE['color'];
+        setcookie('color', $color);
     }
     return $color;
 }
@@ -737,7 +739,7 @@ function validate_host($host)
 // @return boolean
 function getNightmode()
 {
-    if ($_COOKIE['theme'] == 'lightsout.css') {
+    if (isset($_COOKIE['theme']) && $_COOKIE['theme'] == 'lightsout.css') {
         return true;
     } else {
         return false;