From 4e77adce33f89f5cfd23218a1a293d16cdf5d673 Mon Sep 17 00:00:00 2001 From: Joseph Haig Date: Sun, 29 May 2016 16:38:43 +0100 Subject: [PATCH] Add simple authentication --- README.md | 8 ++++ includes/admin.php | 78 +++++++++++++++++++++++++++++++++++++++ includes/authenticate.php | 17 +++++++++ index.php | 14 ++++++- raspap.php | 14 +++++++ 5 files changed, 130 insertions(+), 1 deletion(-) create mode 100755 includes/admin.php create mode 100644 includes/authenticate.php create mode 100644 raspap.php diff --git a/README.md b/README.md index c098597d..8e53aca2 100644 --- a/README.md +++ b/README.md @@ -59,11 +59,19 @@ Set the files ownership to `www-data` user. ```sh sudo chown -R www-data:www-data /var/www ``` +Move the RaspAP configuration file to the correct location +```sh +sudo mkdir /etc/raspad +sudo mv /var/www/raspad.php /etc/raspad/ +sudo chown -R www-data:www-data /etc/raspad +``` Reboot and it should be up and running! ```sh sudo reboot ``` +The default username is 'admin' and the default password is 'secret'. + ## Optional services OpenVPN and TOR are two additional services that run perfectly well on the RPi, and are a nice way to extend the usefulness of your WiFi router. I've started on interfaces to administer these services. Not everyone will need them, so for the moment they are disabled by default. You can enable them by changing these options in `index.php`: diff --git a/includes/admin.php b/includes/admin.php new file mode 100755 index 00000000..12d12fee --- /dev/null +++ b/includes/admin.php @@ -0,0 +1,78 @@ +'.$message; + if ($dismissable) $status .= ''; + $status .= ''; + + return $status; +} + +function DisplayRaspAPConfig($username, $password){ + $status = ''; + if (isset($_POST['UpdateAdminPassword'])) { + if (password_verify($_POST['oldpass'], $password)) { + $new_username=trim($_POST['username']); + if ($_POST['newpass'] != $_POST['newpassagain']) { + $status = Status('New passwords do not match', 'danger'); + } else if ($new_username == '') { + $status = Status('Username must not be empty', 'danger'); + } else { + if ($auth_file = fopen(RASPI_ADMIN_DETAILS, 'w')) { + fwrite($auth_file, $new_username.PHP_EOL); + fwrite($auth_file, password_hash($_POST['newpass'], PASSWORD_BCRYPT).PHP_EOL); + fclose($auth_file); + $username = $new_username; + $status = Status('Admin password updated'); + } else { + $status = Status('Failed to update admin password', 'danger'); + } + } + } else { + $status = Status('Old password does not match', 'danger'); + } + } +?> +
+
+
+
RaspAP Configuration
+
+

+
+
+
+ + +
+
+
+
+ + +
+
+
+
+ + +
+
+
+
+ + +
+
+ +
+
+
+
+
+ diff --git a/includes/authenticate.php b/includes/authenticate.php new file mode 100644 index 00000000..a69a5ced --- /dev/null +++ b/includes/authenticate.php @@ -0,0 +1,17 @@ + "admin"); +$valid_users = array_keys($valid_passwords); + +$user = $_SERVER['PHP_AUTH_USER']; +$pass = $_SERVER['PHP_AUTH_PW']; + +//$validated = (in_array($user, $valid_users)) && ($pass == $valid_passwords[$user]); +$validated = ($user == $config['admin_user']) && password_verify($pass, $config['admin_pass']); + +if (!$validated) { + header('WWW-Authenticate: Basic realm="RaspAP"'); + header('HTTP/1.0 401 Unauthorized'); + die ("Not authorized"); +} + +?> diff --git a/index.php b/index.php index 7743ee06..ce05797a 100755 --- a/index.php +++ b/index.php @@ -20,6 +20,9 @@ * @see http://sirlagz.net/2013/02/08/raspap-webgui/ */ +define('RASPI_CONFIG', '/etc/raspap'); +define('RASPI_ADMIN_DETAILS', RASPI_CONFIG.'/raspap.auth'); + // Constants for configuration file paths. // These are typical for default RPi installs. Modify if needed. define('RASPI_DNSMASQ_CONFIG', '/etc/dnsmasq.conf'); @@ -36,6 +39,9 @@ define('RASPI_TORPROXY_CONFIG', '/etc/tor/torrc'); define('RASPI_OPENVPN_ENABLED', false ); define('RASPI_TORPROXY_ENABLED', false ); +include_once( RASPI_CONFIG.'/raspap.php' ); +include_once( 'includes/authenticate.php' ); +include_once( 'includes/admin.php' ); include_once( 'includes/functions.php' ); $output = $return = 0; @@ -94,7 +100,7 @@ $page = $_GET['page']; - RaspAP Wifi Portal v1.0 + RaspAP Wifi Portal v1.0 @@ -124,6 +130,9 @@ $page = $_GET['page']; Configure TOR proxy +
  • + Configure RaspAP +
  • @@ -161,6 +170,9 @@ $page = $_GET['page']; case "torproxy_conf": DisplayTorProxyConfig(); break; + case "admin_conf": + DisplayRaspAPConfig($config['admin_user'], $config['admin_pass']); + break; case "save_hostapd_conf": SaveHostAPDConfig(); break; diff --git a/raspap.php b/raspap.php new file mode 100644 index 00000000..9f5430b0 --- /dev/null +++ b/raspap.php @@ -0,0 +1,14 @@ + 'admin', + 'admin_pass' => '$2y$10$YKIyWAmnQLtiJAy6QgHQ.eCpY4m.HCEbiHaTgN6.acNC6bDElzt.i' +); + +if ( $auth_details = fopen(RASPI_CONFIG.'/raspap.auth', 'r') ) { + $config['admin_user'] = trim(fgets($auth_details)); + $config['admin_pass'] = trim(fgets($auth_details)); + fclose($auth_details); +} + +?>