From 98a982289729177662756e473ff9327df3d4e331 Mon Sep 17 00:00:00 2001 From: Joe Haig Date: Sat, 28 May 2016 20:19:19 +0100 Subject: [PATCH 1/4] Avoid breaking hostapd config file with tabs --- includes/functions.php | 21 +++++++-------------- 1 file changed, 7 insertions(+), 14 deletions(-) diff --git a/includes/functions.php b/includes/functions.php index a957c2c7..a2ee6b93 100755 --- a/includes/functions.php +++ b/includes/functions.php @@ -995,20 +995,13 @@ function SaveHostAPDConfig(){ auth_algs=1 wpa_key_mgmt=WPA-PSK'; - $config .= "interface=".$_POST['interface']." - "; - $config .= "ssid=".$_POST['ssid']." - "; - $config .= "hw_mode=".$_POST['hw_mode']." - "; - $config .= "channel=".$_POST['channel']." - "; - $config .= "wpa=".$_POST['wpa']." - "; - $config .='wpa_passphrase='.$_POST['wpa_passphrase'].' - '; - $config .="wpa_pairwise=".$_POST['wpa_pairwise']." - "; + $config .= "interface=".$_POST['interface'].PHP_EOL; + $config .= "ssid=".$_POST['ssid'].PHP_EOL; + $config .= "hw_mode=".$_POST['hw_mode'].PHP_EOL; + $config .= "channel=".$_POST['channel'].PHP_EOL; + $config .= "wpa=".$_POST['wpa'].PHP_EOL; + $config .='wpa_passphrase='.$_POST['wpa_passphrase'].PHP_EOL; + $config .="wpa_pairwise=".$_POST['wpa_pairwise'].PHP_EOL; $config .="country_code=".$_POST['country_code']; exec( "echo '$config' > /tmp/hostapddata", $return ); From 926d7ba13b304d2351925d21dbd1ad1cd0fb2429 Mon Sep 17 00:00:00 2001 From: Joe Haig Date: Sat, 28 May 2016 21:12:02 +0100 Subject: [PATCH 2/4] Add more PHP_EOLs --- includes/functions.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/includes/functions.php b/includes/functions.php index a2ee6b93..4f6020c6 100755 --- a/includes/functions.php +++ b/includes/functions.php @@ -988,12 +988,12 @@ function DisplayTorProxyConfig(){ */ function SaveHostAPDConfig(){ if( isset($_POST['SaveHostAPDSettings']) ) { - $config = 'driver=nl80211 - ctrl_interface='. RASPI_HOSTAPD_CTRL_INTERFACE .' - ctrl_interface_group=0 - beacon_int=100 - auth_algs=1 - wpa_key_mgmt=WPA-PSK'; + $config = 'driver=nl80211'.PHP_EOL + .'ctrl_interface='.RASPI_HOSTAPD_CTRL_INTERFACE.PHP_EOL + .'ctrl_interface_group=0'.PHP_EOL + .'beacon_int=100'.PHP_EOL + .'auth_algs=1'.PHP_EOL + .'wpa_key_mgmt=WPA-PSK'.PHP_EOL; $config .= "interface=".$_POST['interface'].PHP_EOL; $config .= "ssid=".$_POST['ssid'].PHP_EOL; From 4e77adce33f89f5cfd23218a1a293d16cdf5d673 Mon Sep 17 00:00:00 2001 From: Joseph Haig Date: Sun, 29 May 2016 16:38:43 +0100 Subject: [PATCH 3/4] Add simple authentication --- README.md | 8 ++++ includes/admin.php | 78 +++++++++++++++++++++++++++++++++++++++ includes/authenticate.php | 17 +++++++++ index.php | 14 ++++++- raspap.php | 14 +++++++ 5 files changed, 130 insertions(+), 1 deletion(-) create mode 100755 includes/admin.php create mode 100644 includes/authenticate.php create mode 100644 raspap.php diff --git a/README.md b/README.md index c098597d..8e53aca2 100644 --- a/README.md +++ b/README.md @@ -59,11 +59,19 @@ Set the files ownership to `www-data` user. ```sh sudo chown -R www-data:www-data /var/www ``` +Move the RaspAP configuration file to the correct location +```sh +sudo mkdir /etc/raspad +sudo mv /var/www/raspad.php /etc/raspad/ +sudo chown -R www-data:www-data /etc/raspad +``` Reboot and it should be up and running! ```sh sudo reboot ``` +The default username is 'admin' and the default password is 'secret'. + ## Optional services OpenVPN and TOR are two additional services that run perfectly well on the RPi, and are a nice way to extend the usefulness of your WiFi router. I've started on interfaces to administer these services. Not everyone will need them, so for the moment they are disabled by default. You can enable them by changing these options in `index.php`: diff --git a/includes/admin.php b/includes/admin.php new file mode 100755 index 00000000..12d12fee --- /dev/null +++ b/includes/admin.php @@ -0,0 +1,78 @@ +'.$message; + if ($dismissable) $status .= ''; + $status .= ''; + + return $status; +} + +function DisplayRaspAPConfig($username, $password){ + $status = ''; + if (isset($_POST['UpdateAdminPassword'])) { + if (password_verify($_POST['oldpass'], $password)) { + $new_username=trim($_POST['username']); + if ($_POST['newpass'] != $_POST['newpassagain']) { + $status = Status('New passwords do not match', 'danger'); + } else if ($new_username == '') { + $status = Status('Username must not be empty', 'danger'); + } else { + if ($auth_file = fopen(RASPI_ADMIN_DETAILS, 'w')) { + fwrite($auth_file, $new_username.PHP_EOL); + fwrite($auth_file, password_hash($_POST['newpass'], PASSWORD_BCRYPT).PHP_EOL); + fclose($auth_file); + $username = $new_username; + $status = Status('Admin password updated'); + } else { + $status = Status('Failed to update admin password', 'danger'); + } + } + } else { + $status = Status('Old password does not match', 'danger'); + } + } +?> +
+
+
+
RaspAP Configuration
+
+

+
+
+
+ + +
+
+
+
+ + +
+
+
+
+ + +
+
+
+
+ + +
+
+ +
+
+
+
+
+ diff --git a/includes/authenticate.php b/includes/authenticate.php new file mode 100644 index 00000000..a69a5ced --- /dev/null +++ b/includes/authenticate.php @@ -0,0 +1,17 @@ + "admin"); +$valid_users = array_keys($valid_passwords); + +$user = $_SERVER['PHP_AUTH_USER']; +$pass = $_SERVER['PHP_AUTH_PW']; + +//$validated = (in_array($user, $valid_users)) && ($pass == $valid_passwords[$user]); +$validated = ($user == $config['admin_user']) && password_verify($pass, $config['admin_pass']); + +if (!$validated) { + header('WWW-Authenticate: Basic realm="RaspAP"'); + header('HTTP/1.0 401 Unauthorized'); + die ("Not authorized"); +} + +?> diff --git a/index.php b/index.php index 7743ee06..ce05797a 100755 --- a/index.php +++ b/index.php @@ -20,6 +20,9 @@ * @see http://sirlagz.net/2013/02/08/raspap-webgui/ */ +define('RASPI_CONFIG', '/etc/raspap'); +define('RASPI_ADMIN_DETAILS', RASPI_CONFIG.'/raspap.auth'); + // Constants for configuration file paths. // These are typical for default RPi installs. Modify if needed. define('RASPI_DNSMASQ_CONFIG', '/etc/dnsmasq.conf'); @@ -36,6 +39,9 @@ define('RASPI_TORPROXY_CONFIG', '/etc/tor/torrc'); define('RASPI_OPENVPN_ENABLED', false ); define('RASPI_TORPROXY_ENABLED', false ); +include_once( RASPI_CONFIG.'/raspap.php' ); +include_once( 'includes/authenticate.php' ); +include_once( 'includes/admin.php' ); include_once( 'includes/functions.php' ); $output = $return = 0; @@ -94,7 +100,7 @@ $page = $_GET['page']; - RaspAP Wifi Portal v1.0 + RaspAP Wifi Portal v1.0 @@ -124,6 +130,9 @@ $page = $_GET['page']; Configure TOR proxy +
  • + Configure RaspAP +
    • @@ -161,6 +170,9 @@ $page = $_GET['page']; case "torproxy_conf": DisplayTorProxyConfig(); break; + case "admin_conf": + DisplayRaspAPConfig($config['admin_user'], $config['admin_pass']); + break; case "save_hostapd_conf": SaveHostAPDConfig(); break; diff --git a/raspap.php b/raspap.php new file mode 100644 index 00000000..9f5430b0 --- /dev/null +++ b/raspap.php @@ -0,0 +1,14 @@ + 'admin', + 'admin_pass' => '$2y$10$YKIyWAmnQLtiJAy6QgHQ.eCpY4m.HCEbiHaTgN6.acNC6bDElzt.i' +); + +if ( $auth_details = fopen(RASPI_CONFIG.'/raspap.auth', 'r') ) { + $config['admin_user'] = trim(fgets($auth_details)); + $config['admin_pass'] = trim(fgets($auth_details)); + fclose($auth_details); +} + +?> From a3e37866e6ee42012b4c4f0b3de36000be5d23bd Mon Sep 17 00:00:00 2001 From: Joe Haig Date: Sun, 29 May 2016 17:45:07 +0100 Subject: [PATCH 4/4] Clean up --- includes/authenticate.php | 4 ---- 1 file changed, 4 deletions(-) diff --git a/includes/authenticate.php b/includes/authenticate.php index a69a5ced..8a729679 100644 --- a/includes/authenticate.php +++ b/includes/authenticate.php @@ -1,11 +1,7 @@ "admin"); -$valid_users = array_keys($valid_passwords); - $user = $_SERVER['PHP_AUTH_USER']; $pass = $_SERVER['PHP_AUTH_PW']; -//$validated = (in_array($user, $valid_users)) && ($pass == $valid_passwords[$user]); $validated = ($user == $config['admin_user']) && password_verify($pass, $config['admin_pass']); if (!$validated) {