diff --git a/.gitignore b/.gitignore
index 1dd450a5..a2a77b49 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,4 @@ yarn-error.log
*.swp
includes/config.php
rootCA.pem
+vendor
diff --git a/ajax/bandwidth/get_bandwidth.php b/ajax/bandwidth/get_bandwidth.php
index 4fcf8057..70e9b882 100644
--- a/ajax/bandwidth/get_bandwidth.php
+++ b/ajax/bandwidth/get_bandwidth.php
@@ -3,12 +3,6 @@
require '../../includes/csrf.php';
require_once '../../includes/config.php';
-require_once RASPI_CONFIG.'/raspap.php';
-
-header('X-Frame-Options: DENY');
-header("Content-Security-Policy: default-src 'none'; connect-src 'self'");
-require_once '../../includes/authenticate.php';
-
$interface = filter_input(INPUT_GET, 'inet', FILTER_SANITIZE_SPECIAL_CHARS);
if (empty($interface)) {
diff --git a/app/css/all.css b/app/css/all.css
index 12a47159..d9de52e3 100644
--- a/app/css/all.css
+++ b/app/css/all.css
@@ -228,3 +228,8 @@ button > i.fas {
pointer-events: none;
}
+.close {
+ font-weight: 400;
+ font-size: 1.3rem;
+}
+
diff --git a/app/js/custom.js b/app/js/custom.js
index d3fb9b3b..c18ea8ce 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -18,7 +18,8 @@ function createNetmaskAddr(bitCount) {
}
function loadSummary(strInterface) {
- $.post('ajax/networking/get_ip_summary.php',{interface:strInterface},function(data){
+ var csrfToken = $('meta[name=csrf_token]').attr('content');
+ $.post('ajax/networking/get_ip_summary.php',{'interface': strInterface, 'csrf_token': csrfToken},function(data){
jsonData = JSON.parse(data);
if(jsonData['return'] == 0) {
$('#'+strInterface+'-summary').html(jsonData['output'].join('
'));
@@ -122,21 +123,24 @@ $(document).on("click", "#gen_wpa_passphrase", function(e) {
});
$(document).on("click", "#js-clearhostapd-log", function(e) {
- $.post('ajax/logging/clearlog.php?',{'logfile':'/tmp/hostapd.log'},function(data){
+ var csrfToken = $('meta[name=csrf_token]').attr('content');
+ $.post('ajax/logging/clearlog.php?',{'logfile':'/tmp/hostapd.log', 'csrf_token': csrfToken},function(data){
jsonData = JSON.parse(data);
$("#hostapd-log").val("");
});
});
$(document).on("click", "#js-cleardnsmasq-log", function(e) {
- $.post('ajax/logging/clearlog.php?',{'logfile':'/var/log/dnsmasq.log'},function(data){
+ var csrfToken = $('meta[name=csrf_token]').attr('content');
+ $.post('ajax/logging/clearlog.php?',{'logfile':'/var/log/dnsmasq.log', 'csrf_token': csrfToken},function(data){
jsonData = JSON.parse(data);
$("#dnsmasq-log").val("");
});
});
$(document).on("click", "#js-clearopenvpn-log", function(e) {
- $.post('ajax/logging/clearlog.php?',{'logfile':'/tmp/openvpn.log'},function(data){
+ var csrfToken = $('meta[name=csrf_token]').attr('content');
+ $.post('ajax/logging/clearlog.php?',{'logfile':'/tmp/openvpn.log', 'csrf_token': csrfToken},function(data){
jsonData = JSON.parse(data);
$("#openvpn-log").val("");
});
@@ -286,7 +290,8 @@ $('#configureClientModal').on('shown.bs.modal', function (e) {
$('#ovpn-confirm-delete').on('click', '.btn-delete', function (e) {
var cfg_id = $(this).data('recordId');
- $.post('ajax/openvpn/del_ovpncfg.php',{'cfg_id':cfg_id},function(data){
+ var csrfToken = $('meta[name=csrf_token]').attr('content');
+ $.post('ajax/openvpn/del_ovpncfg.php',{'cfg_id':cfg_id, 'csrf_token': csrfToken},function(data){
jsonData = JSON.parse(data);
$("#ovpn-confirm-delete").modal('hide');
var row = $(document.getElementById("openvpn-client-row-" + cfg_id));
@@ -303,7 +308,8 @@ $('#ovpn-confirm-delete').on('show.bs.modal', function (e) {
$('#ovpn-confirm-activate').on('click', '.btn-activate', function (e) {
var cfg_id = $(this).data('record-id');
- $.post('ajax/openvpn/activate_ovpncfg.php',{'cfg_id':cfg_id},function(data){
+ var csrfToken = $('meta[name=csrf_token]').attr('content');
+ $.post('ajax/openvpn/activate_ovpncfg.php',{'cfg_id':cfg_id, 'csrf_token': csrfToken},function(data){
jsonData = JSON.parse(data);
$("#ovpn-confirm-activate").modal('hide');
setTimeout(function(){
@@ -419,11 +425,12 @@ function loadChannelSelect(selected) {
function setHardwareModeTooltip() {
var iface = $('#cbxinterface').val();
var hwmodeText = '';
+ var csrfToken = $('meta[name=csrf_token]').attr('content');
// Explanatory text if 802.11ac is disabled
if ($('#cbxhwmode').find('option[value="ac"]').prop('disabled') == true ) {
var hwmodeText = $('#hwmode').attr('data-tooltip');
}
- $.post('ajax/networking/get_frequencies.php?',{'interface': iface},function(data){
+ $.post('ajax/networking/get_frequencies.php?',{'interface': iface, 'csrf_token': csrfToken},function(data){
var responseText = JSON.parse(data);
$('#tiphwmode').attr('data-original-title', responseText + '\n' + hwmodeText );
});
@@ -435,10 +442,11 @@ function setHardwareModeTooltip() {
*/
function updateBlocklist() {
var blocklist_id = $('#cbxblocklist').val();
+ var csrfToken = $('meta[name=csrf_token]').attr('content');
if (blocklist_id == '') { return; }
$('#cbxblocklist-status').find('i').removeClass('fas fa-check').addClass('fas fa-cog fa-spin');
$('#cbxblocklist-status').removeClass('check-hidden').addClass('check-progress');
- $.post('ajax/adblock/update_blocklist.php',{ 'blocklist_id':blocklist_id },function(data){
+ $.post('ajax/adblock/update_blocklist.php',{ 'blocklist_id':blocklist_id, 'csrf_token': csrfToken},function(data){
var jsonData = JSON.parse(data);
if (jsonData['return'] == '0') {
$('#cbxblocklist-status').find('i').removeClass('fas fa-cog fa-spin').addClass('fas fa-check');
@@ -457,7 +465,8 @@ $('.wg-keygen').click(function(){
var entity_pub = $(this).parent('div').prev('input[type="text"]');
var entity_priv = $(this).parent('div').next('input[type="hidden"]');
var updated = entity_pub.attr('name')+"-pubkey-status";
- $.post('ajax/networking/get_wgkey.php',{'entity':entity_pub.attr('name') },function(data){
+ var csrfToken = $('meta[name=csrf_token]').attr('content');
+ $.post('ajax/networking/get_wgkey.php',{'entity':entity_pub.attr('name'), 'csrf_token': csrfToken},function(data){
var jsonData = JSON.parse(data);
entity_pub.val(jsonData.pubkey);
$('#' + updated).removeClass('check-hidden').addClass('check-updated').delay(500).animate({ opacity: 1 }, 700);
diff --git a/includes/adblock.php b/includes/adblock.php
index bf16bcb7..021f4d2c 100755
--- a/includes/adblock.php
+++ b/includes/adblock.php
@@ -1,6 +1,5 @@
getAuthConfig();
+ $password = $config['admin_pass'];
+
if (isset($_POST['UpdateAdminPassword'])) {
if (password_verify($_POST['oldpass'], $password)) {
$new_username=trim($_POST['username']);
@@ -33,5 +35,10 @@ function DisplayAuthConfig($username, $password)
}
}
- echo renderTemplate("admin", compact("status", "username"));
+ echo renderTemplate(
+ "admin", compact(
+ "status",
+ "username"
+ )
+ );
}
diff --git a/includes/authenticate.php b/includes/authenticate.php
index 3059ff42..bceac97d 100755
--- a/includes/authenticate.php
+++ b/includes/authenticate.php
@@ -1,22 +1,16 @@
isLogged()) {
+ if ($auth->login($user, $pass)) {
+ $config = $auth->getAuthConfig();
} else {
- header('HTTP/1.0 401 Unauthorized');
+ $auth->authenticate();
}
- exit('Not authorized'.PHP_EOL);
}
-} else {
- $validated = true;
}
diff --git a/includes/autoload.php b/includes/autoload.php
new file mode 100755
index 00000000..d39bd0c9
--- /dev/null
+++ b/includes/autoload.php
@@ -0,0 +1,41 @@
+addMessage(_('Interface name invalid.'), 'danger');
diff --git a/includes/dhcp.php b/includes/dhcp.php
index 72601374..65c04ceb 100755
--- a/includes/dhcp.php
+++ b/includes/dhcp.php
@@ -1,6 +1,5 @@
$sect ) {
- if (isRuleEnabled($sect, $conf) ) {
- $str_rules= createRuleStr($sect, $conf);
- if (!empty($str_rules) ) {
- if (isIPv4($sect) ) { file_put_contents(RASPAP_IPTABLES_SCRIPT, $str_rules, FILE_APPEND);
- }
- if (isIPv6($sect) ) { file_put_contents(RASPAP_IP6TABLES_SCRIPT, $str_rules, FILE_APPEND);
- }
- ++$count;
- }
- }
- }
- }
- }
- if ($count > 0 ) {
- exec("chmod +x ".RASPAP_IPTABLES_SCRIPT);
- exec("sudo ".RASPAP_IPTABLES_SCRIPT);
- exec("sudo iptables-save | sudo tee /etc/iptables/rules.v4");
- unlink(RASPAP_IPTABLES_SCRIPT);
- exec("chmod +x ".RASPAP_IP6TABLES_SCRIPT);
- exec("sudo ".RASPAP_IP6TABLES_SCRIPT);
- exec("sudo ip6tables-save | sudo tee /etc/iptables/rules.v6");
- unlink(RASPAP_IP6TABLES_SCRIPT);
- }
- return ($count > 0);
-}
-
-/**
- *
- * @param array $conf
- * @return string $ret
- */
-function WriteFirewallConf($conf)
-{
- $ret = false;
- if (is_array($conf) ) { write_php_ini($conf, RASPI_FIREWALL_CONF);
- }
- return $ret;
-}
-
-/**
- *
- * @return array $conf
- */
-function ReadFirewallConf()
-{
- $conf = array();
- if (file_exists(RASPI_FIREWALL_CONF) ) {
- $conf = parse_ini_file(RASPI_FIREWALL_CONF);
- }
- if ( !isset($conf["firewall-enable"]) ) {
- $conf["firewall-enable"] = false;
- $conf["ssh-enable"] = false;
- $conf["http-enable"] = false;
- $conf["excl-devices"] = "";
- $conf["excluded-ips"] = "";
- $conf["ap-device"] = "";
- $conf["client-device"] = "";
- $conf["restricted-ips"] = "";
- }
- exec('ifconfig | grep -E -i "^tun[0-9]"', $ret);
- $conf["openvpn-enable"] = !empty($ret);
- unset($ret);
- exec('ifconfig | grep -E -i "^wg[0-9]"', $ret);
- $conf["wireguard-enable"] = !empty($ret);
- return $conf;
-}
-
-/**
- *
- * @return string $ips
- */
-function getVPN_IPs()
-{
- $ips = "";
- // get openvpn and wireguard server IPs
- if (RASPI_OPENVPN_ENABLED && ($fconf = glob(RASPI_OPENVPN_CLIENT_PATH ."/*.conf")) !== false && !empty($fconf) ) {
- foreach ( $fconf as $f ) {
- unset($result);
- exec('cat '.$f.' | sed -rn "s/^remote\s*([a-z0-9\.\-\_:]*)\s*([0-9]*)\s*$/\1 \2/ip" ', $result);
- if (!empty($result) ) {
- $result = explode(" ", $result[0]);
- $ip = (isset($result[0])) ? $result[0] : "";
- $port = (isset($result[1])) ? $result[1] : "";
- if (!empty($ip) ) {
- $ip = gethostbyname($ip);
- if (filter_var($ip, FILTER_VALIDATE_IP) && strpos($ips, $ip) === false ) { $ips .= " $ip";
- }
- }
- }
- }
- }
- // get wireguard server IPs
- if (RASPI_WIREGUARD_ENABLED && ($fconf = glob(RASPI_WIREGUARD_PATH ."/*.conf")) !== false && !empty($fconf) ) {
- foreach ( $fconf as $f ) {
- unset($result);
- exec('sudo /bin/cat '.$f.' | sed -rn "s/^endpoint\s*=\s*\[?([a-z0-9\.\-\_:]*)\]?:([0-9]*)\s*$/\1 \2/ip" ', $result);
- if (!empty($result) ) {
- $result = explode(" ", $result[0]);
- $ip = (isset($result[0])) ? $result[0] : "";
- $port = (isset($result[1])) ? $result[1] : "";
- if (!empty($ip) ) {
- $ip = gethostbyname($ip);
- if (filter_var($ip, FILTER_VALIDATE_IP) && strpos($ips, $ip) === false ) { $ips .= " $ip";
- }
- }
- }
- }
- }
- return trim($ips);
-}
-
-/**
- *
- * @return array $fw_conf
- */
-function getFirewallConfiguration()
-{
- $fw_conf = ReadFirewallConf();
-
- $json = file_get_contents(RASPI_IPTABLES_CONF);
- getWifiInterface();
- $ap_device = $_SESSION['ap_interface'];
- $clients = getClients();
- $str_clients = "";
- foreach( $clients["device"] as $dev ) {
- if (!$dev["isAP"] ) {
- if (!empty($str_clients) ) { $str_clients .= ", ";
- }
- $str_clients .= $dev["name"];
- }
- }
- $fw_conf["ap-device"] = $ap_device;
- $fw_conf["client-list"] = $str_clients;
- $id=findCurrentClientIndex($clients);
- if ($id >= 0 ) { $fw_conf["client-device"] = $clients["device"][$id]["name"];
- }
- return $fw_conf;
-}
-
-/**
- *
- */
-function updateFirewall()
-{
- $fw_conf = getFirewallConfiguration();
- if ( isset($fw_conf["firewall-enable"]) ) {
- WriteFirewallConf($fw_conf);
- configureFirewall();
- }
- return;
-}
-
-/**
- *
- */
-function DisplayFirewallConfig()
-{
- $status = new StatusMessages();
-
- $fw_conf = getFirewallConfiguration();
- $ap_device = $fw_conf["ap-device"];
- $str_clients = $fw_conf["client-list"];
-
- if (!empty($_POST)) {
- $fw_conf["ssh-enable"] = isset($_POST['ssh-enable']);
- $fw_conf["http-enable"] = isset($_POST['http-enable']);
- $fw_conf["firewall-enable"] = isset($_POST['firewall-enable']) || isset($_POST['apply-firewall']);
- if (isset($_POST['firewall-enable']) ) { $status->addMessage(_('Firewall is now enabled'), 'success');
- }
- if (isset($_POST['apply-firewall']) ) { $status->addMessage(_('Firewall settings changed'), 'success');
- }
- if (isset($_POST['firewall-disable']) ) { $status->addMessage(_('Firewall is now disabled'), 'warning');
- }
- if (isset($_POST['save-firewall']) ) { $status->addMessage(_('Firewall settings saved. Firewall is still disabled.'), 'success');
- }
- if (isset($_POST['excl-devices']) ) {
- $excl = filter_var($_POST['excl-devices'], FILTER_SANITIZE_STRING);
- $excl = str_replace(',', ' ', $excl);
- $excl = trim(preg_replace('/\s+/', ' ', $excl));
- if ($fw_conf["excl-devices"] != $excl ) {
- $status->addMessage(_('Exclude devices '. $excl), 'success');
- $fw_conf["excl-devices"] = $excl;
- }
- }
- if (isset($_POST['excluded-ips']) ) {
- $excl = filter_var($_POST['excluded-ips'], FILTER_SANITIZE_STRING);
- $excl = str_replace(',', ' ', $excl);
- $excl = trim(preg_replace('/\s+/', ' ', $excl));
- if (!empty($excl) ) {
- $excl = explode(' ', $excl);
- $str_excl = "";
- foreach ( $excl as $ip ) {
- if (filter_var($ip, FILTER_VALIDATE_IP) ) { $str_excl .= "$ip ";
- } else { $status->addMessage(_('Exclude IP address '. $ip . ' failed - not a valid IP address'), 'warning');
- }
- }
- }
- $str_excl = trim($str_excl);
- if ($fw_conf["excluded-ips"] != $str_excl ) {
- $status->addMessage(_('Exclude IP address(es) '. $str_excl), 'success');
- $fw_conf["excluded-ips"] = $str_excl;
- }
- }
- WriteFirewallConf($fw_conf);
- configureFirewall();
- }
- $vpn_ips = getVPN_IPs();
- echo renderTemplate(
- "firewall", compact(
- "status",
- "ap_device",
- "str_clients",
- "fw_conf",
- "vpn_ips"
- )
- );
-}
-
diff --git a/includes/functions.php b/includes/functions.php
index ca264ff7..24a42f15 100755
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -664,10 +664,18 @@ function formatDateAgo($datetime, $full = false)
return $string ? implode(', ', $string) . ' ago' : 'just now';
}
+function initializeApp()
+{
+ $_SESSION["theme_url"] = getThemeOpt();
+ $_SESSION["toggleState"] = getSidebarState();
+ $_SESSION["bridgedEnabled"] = getBridgedState();
+}
+
function getThemeOpt()
{
if (!isset($_COOKIE['theme'])) {
$theme = "custom.php";
+ setcookie('theme', $theme);
} else {
$theme = $_COOKIE['theme'];
}
@@ -680,6 +688,7 @@ function getColorOpt()
$color = "#2b8080";
} else {
$color = $_COOKIE['color'];
+ setcookie('color', $color);
}
return $color;
}
@@ -737,7 +746,7 @@ function validate_host($host)
// @return boolean
function getNightmode()
{
- if ($_COOKIE['theme'] == 'lightsout.css') {
+ if (isset($_COOKIE['theme']) && $_COOKIE['theme'] == 'lightsout.css') {
return true;
} else {
return false;
@@ -810,3 +819,15 @@ function getTooltip($msg, $id, $visible = true, $data_html = false)
echo '';
}
+// Load non default JS/ECMAScript in footer
+function loadFooterScripts($extraFooterScripts)
+{
+ foreach ($extraFooterScripts as $script) {
+ echo '' , PHP_EOL;
+ }
+}
+
diff --git a/includes/hostapd.php b/includes/hostapd.php
index 3dbbf6cf..af488278 100755
--- a/includes/hostapd.php
+++ b/includes/hostapd.php
@@ -1,22 +1,17 @@
operatingSystem();
-
/**
* Initialize hostapd values, display interface
*
*/
function DisplayHostAPDConfig()
{
- $status = new StatusMessages();
+ $status = new \RaspAP\Messages\StatusMessage;
$system = new \RaspAP\System\Sysinfo;
$operatingSystem = $system->operatingSystem();
$arrConfig = array();
diff --git a/includes/navbar.php b/includes/navbar.php
new file mode 100755
index 00000000..511bf515
--- /dev/null
+++ b/includes/navbar.php
@@ -0,0 +1,23 @@
+
diff --git a/includes/networking.php b/includes/networking.php
index 345ca14e..9669fca4 100755
--- a/includes/networking.php
+++ b/includes/networking.php
@@ -1,6 +1,5 @@
set_max_file_size(64*KB);
$upload->set_allowed_mime_types(array('ovpn' => 'text/plain'));
$upload->file($file);
diff --git a/includes/page_actions.php b/includes/page_actions.php
new file mode 100755
index 00000000..b460dd43
--- /dev/null
+++ b/includes/page_actions.php
@@ -0,0 +1,52 @@
+
+
diff --git a/includes/sidebar.php b/includes/sidebar.php
new file mode 100755
index 00000000..ada2a0b0
--- /dev/null
+++ b/includes/sidebar.php
@@ -0,0 +1,93 @@
+