frodovdr/raspap-webgui
1
0
Fork 0
mirror of https://github.com/billz/raspap-webgui.git synced 2023-10-10 13:37:24 +02:00
Code Issues Releases Wiki Activity

Add CSRF to hostapd config

Browse Source 
And tidy things up a bit
This commit is contained in:
Joe Haig 2016-08-05 15:50:05 +01:00
parent 15a4ece433
commit 671016e685
2 changed files with 180 additions and 170 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
includes/functions.php
View File

@ -20,6 +20,35 @@ function CSRFValidate() {
return hash_equals($_POST['csrf_token'], $_SESSION['csrf_token']); return hash_equals($_POST['csrf_token'], $_SESSION['csrf_token']);
} }
/**
* Test whether array is associative
*/
function isAssoc($arr) {
return array_keys($arr) !== range(0, count($arr) - 1);
}
/**
*
* Display a selector field for a form. Arguments are:
* $name: Field name
* $options: Array of options
* $selected: Selected option (optional)
* If $options is an associative array this should be the key
*
*/
function SelectorOptions($name, $options, $selected = null) {
echo "<select class=\"form-control\" name=\"$name\">";
foreach ( $options as $opt => $label) {
$select = '';
$key = isAssoc($options) ? $opt : $label;
if( $key == $selected ) {
$select = " selected";
}
echo "<option value=\"$key\"$select>$label</options>";
}
echo "</select>";
}
/** /**
* *
* @param string $input * @param string $input

363
includes/hostapd.php
View File

@ -1,188 +1,17 @@
<?php <?php
include_once( 'includes/status_messages.php' );
/** /**
* *
* *
*/ */
function DisplayHostAPDConfig(){ function DisplayHostAPDConfig(){
exec( 'cat '. RASPI_HOSTAPD_CONFIG, $return ); $status = new StatusMessages();
exec( 'pidof hostapd | wc -l', $hostapdstatus);
if( $hostapdstatus[0] == 0 ) {
$status = '<div class="alert alert-warning alert-dismissable">HostAPD is not running
<button type="button" class="close" data-dismiss="alert" aria-hidden="true">×</button></div>';
} else {
$status = '<div class="alert alert-success alert-dismissable">HostAPD is running
<button type="button" class="close" data-dismiss="alert" aria-hidden="true">×</button></div>';
}
$arrConfig = array();
$arrChannel = array('a','b','g');
$arrSecurity = array( 1 => 'WPA', 2 => 'WPA2',3=> 'WPA+WPA2');
$arrEncType = array('TKIP' => 'TKIP', 'CCMP' => 'CCMP', 'TKIP CCMP' => 'TKIP+CCMP');
foreach( $return as $a ) {
if( $a[0] != "#" ) {
$arrLine = explode( "=",$a) ;
$arrConfig[$arrLine[0]]=$arrLine[1];
}
};
?>
<div class="row">
<div class="col-lg-12">
<div class="panel panel-primary">
<div class="panel-heading"><i class="fa fa-dot-circle-o fa-fw"></i> Configure hotspot
</div>
<!-- /.panel-heading -->
<div class="panel-body">
<!-- Nav tabs -->
<ul class="nav nav-tabs">
<li class="active"><a href="#basic" data-toggle="tab">Basic</a>
</li>
<li><a href="#security" data-toggle="tab">Security</a>
</li>
<li><a href="#advanced" data-toggle="tab">Advanced</a>
</li>
</ul>
<!-- Tab panes -->
<div class="tab-content">
<p><?php echo $status; ?></p>
<div class="tab-pane fade in active" id="basic">
<h4>Basic settings</h4>
<form role="form" action="/?page=save_hostapd_conf" method="POST">
<div class="row">
<div class="form-group col-md-4">
<label for="code">Interface</label>
<select class="form-control" name="interface">
<?php
exec("ip -o link show | awk -F': ' '{print $2}'", $interfaces);
foreach( $interfaces as $int ) {
$select = '';
if( $int == $arrConfig['interface'] ) {
$select = " selected";
}
echo '<option value="'.$int.'"'.$select.'>'.$int.'</option>';
}
?>
</select>
</div>
</div>
<div class="row">
<div class="form-group col-md-4">
<label for="code">SSID</label>
<input type="text" class="form-control" name="ssid" value="<?php echo $arrConfig['ssid']; ?>" />
</div>
</div>
<div class="row">
<div class="form-group col-md-4">
<label for="code">Wireless Mode</label>
<select class="form-control" name="hw_mode">
<?php
foreach( $arrChannel as $Mode ) {
$select = '';
if( $arrConfig['hw_mode'] == $Mode ) {
$select = ' selected';
}
echo '<option value="'.$Mode.'"'.$select.'>'.$Mode.'</option>';
}
?>
</select>
</div>
</div>
<div class="row">
<div class="form-group col-md-4">
<label for="code">Channel</label>
<select class="form-control" name="channel">'
<?php
for( $channel = 1; $channel < 14; $channel++ ) {
$select = '';
if( $channel == $arrConfig['channel'] ) {
$select = " selected";
}
echo '<option value="'.$channel.'"'.$select.'>'.$channel.'</option>';
}
?>
</select>
</div>
</div>
</div>
<div class="tab-pane fade" id="security">
<h4>Security settings</h4>
<div class="row">
<div class="form-group col-md-4">
<label for="code">Security type</label>
<select class="form-control" name="wpa">
<?php
foreach( $arrSecurity as $SecVal => $SecMode ) {
$select = '';
if( $SecVal == $arrConfig['wpa'] ) {
$select = ' selected';
}
echo '<option value="'.$SecVal.'"'.$select.'>'.$SecMode.'</option>';
}
?>
</select>
</div>
</div>
<div class="row">
<div class="form-group col-md-4">
<label for="code">Encryption Type</label>
<select class="form-control" name="wpa_pairwise">
<?php
foreach( $arrEncType as $EncConf => $Enc ) {
$select = '';
if( $Enc == $arrConfig['wpa_pairwise'] ) {
$select = ' selected';
}
echo '<option value="'.$EncConf.'"'.$select.'>'.$Enc.'</option>';
} ?>
</select>
</div>
</div>
<div class="row">
<div class="form-group col-md-4">
<label for="code">PSK</label>
<input type="text" class="form-control" name="wpa_passphrase" value="<?php echo $arrConfig['wpa_passphrase'] ?>" />
</div>
</div>
</div>
<div class="tab-pane fade in" id="advanced">
<h4>Advanced settings</h4>
<div class="row">
<div class="form-group col-md-4">
<label for="code">Country Code</label>
<input type="text" class="form-control" name="country_code" value="<?php echo $arrConfig['country_code'] ?>" />
</div>
</div>
</div>
<input type="submit" class="btn btn-outline btn-primary" name="SaveHostAPDSettings" value="Save settings" />
<?php
if($hostapdstatus[0] == 0) {
echo '<input type="submit" class="btn btn-success" name="StartHotspot" value="Start hotspot" />';
} else {
echo '<input type="submit" class="btn btn-warning" name="StopHotspot" value="Stop hotspot" />';
};
?>
</form>
</div><!-- ./ Panel body -->
</div><!-- /.panel-primary -->
<div class="panel-footer"> Information provided by hostapd</div>
</div><!-- /.col-lg-12 -->
</div><!-- /.row -->
<?php
}
?>
<?php
/**
*
*
*/
function SaveHostAPDConfig(){
if( isset($_POST['SaveHostAPDSettings']) ) { if( isset($_POST['SaveHostAPDSettings']) ) {
if (CSRFValidate()) {
$config = 'driver=nl80211'.PHP_EOL $config = 'driver=nl80211'.PHP_EOL
.'ctrl_interface='.RASPI_HOSTAPD_CTRL_INTERFACE.PHP_EOL .'ctrl_interface='.RASPI_HOSTAPD_CTRL_INTERFACE.PHP_EOL
.'ctrl_interface_group=0'.PHP_EOL .'ctrl_interface_group=0'.PHP_EOL
@ -203,26 +32,178 @@ function SaveHostAPDConfig(){
system( "sudo cp /tmp/hostapddata " . RASPI_HOSTAPD_CONFIG, $return ); system( "sudo cp /tmp/hostapddata " . RASPI_HOSTAPD_CONFIG, $return );
if( $return == 0 ) { if( $return == 0 ) {
echo "Wifi Hotspot settings saved"; $status->addMessage('Wifi Hotspot settings saved', 'success');
} else { } else {
echo "Wifi Hotspot settings failed to be saved"; $status->addMessage('Wifi Hotspot settings failed to be saved', 'danger');
} }
} elseif( isset($_POST['SaveOpenVPNSettings']) ) { } else {
error_log('CSRF violation');
}
} elseif( isset($_POST['StartHotspot']) ) {
if (CSRFValidate()) {
$status->addMessage('Attempting to start hotspot', 'info');
exec( 'sudo /etc/init.d/hostapd start', $return );
foreach( $return as $line ) {
$status->addMessage($line, 'info');
}
} else {
error_log('CSRF violation');
}
} elseif( isset($_POST['StopHotspot']) ) {
if (CSRFValidate()) {
$status->addMessage('Attempting to stop hotspot', 'info');
exec( 'sudo /etc/init.d/hostapd stop', $return );
foreach( $return as $line ) {
$status->addMessage($line, 'info');
}
} else {
error_log('CSRF violation');
}
}
exec( 'cat '. RASPI_HOSTAPD_CONFIG, $return );
exec( 'pidof hostapd | wc -l', $hostapdstatus);
if( $hostapdstatus[0] == 0 ) {
$status->addMessage('HostAPD is not running', 'warning');
} else {
$status->addMessage('HostAPD is running', 'success');
}
$arrConfig = array();
$arrChannel = array('a','b','g');
$arrSecurity = array( 1 => 'WPA', 2 => 'WPA2',3=> 'WPA+WPA2');
$arrEncType = array('TKIP' => 'TKIP', 'CCMP' => 'CCMP', 'TKIP CCMP' => 'TKIP+CCMP');
foreach( $return as $a ) {
if( $a[0] != "#" ) {
$arrLine = explode( "=",$a) ;
$arrConfig[$arrLine[0]]=$arrLine[1];
}
};
?>
<div class="row">
<div class="col-lg-12">
<div class="panel panel-primary">
<div class="panel-heading"><i class="fa fa-dot-circle-o fa-fw"></i> Configure hotspot</div>
<!-- /.panel-heading -->
<div class="panel-body">
<form role="form" action="/?page=hostapd_conf" method="POST">
<!-- Nav tabs -->
<ul class="nav nav-tabs">
<li class="active"><a href="#basic" data-toggle="tab">Basic</a></li>
<li><a href="#security" data-toggle="tab">Security</a></li>
<li><a href="#advanced" data-toggle="tab">Advanced</a></li>
</ul>
<!-- Tab panes -->
<div class="tab-content">
<p><?php $status->showMessages(); ?></p>
<div class="tab-pane fade in active" id="basic">
<h4>Basic settings</h4>
<?php CSRFToken() ?>
<div class="row">
<div class="form-group col-md-4">
<label for="code">Interface</label>
<?php
exec("ip -o link show | awk -F': ' '{print $2}'", $interfaces);
SelectorOptions('interface', $interfaces, $arrConfig['interface']);
?>
</div>
</div>
<div class="row">
<div class="form-group col-md-4">
<label for="code">SSID</label>
<input type="text" class="form-control" name="ssid" value="<?php echo $arrConfig['ssid']; ?>" />
</div>
</div>
<div class="row">
<div class="form-group col-md-4">
<label for="code">Wireless Mode</label>
<?php SelectorOptions('hw_mode', $arrChannel, $arrConfig['hw_mode']); ?>
</div>
</div>
<div class="row">
<div class="form-group col-md-4">
<label for="code">Channel</label>
<?php SelectorOptions('channel', range(1, 14), intval($arrConfig['channel'])) ?>
</div>
</div>
</div>
<div class="tab-pane fade" id="security">
<h4>Security settings</h4>
<div class="row">
<div class="form-group col-md-4">
<label for="code">Security type</label>
<?php SelectorOptions('wpa', $arrSecurity, $arrConfig['wpa']); ?>
</div>
</div>
<div class="row">
<div class="form-group col-md-4">
<label for="code">Encryption Type</label>
<?php
/*
* NB, the original tests $arrConfig['wpa_pairwise'] against
* the value in the $arrEncType array rather than the key. I
* think there must be something wrong in the case of
* 'TKIP CCMP' => 'TKIP+CCMP' but I am not yet sure what
* exactly is correct.
* At I read it, 'TKIP CCMP' would get written to the
* hostapd.conf file when it is saved but the correct option
* would only be selected if it reads 'TKIP+CCMP'. This is
* clearly broken.
* Now it is consistent, albeit possibly still broken.
*/
?>
<?php SelectorOptions('wpa_pairwise', $arrEncType, $arrConfig['wpa_pairwise']); ?>
</div>
</div>
<div class="row">
<div class="form-group col-md-4">
<label for="code">PSK</label>
<input type="text" class="form-control" name="wpa_passphrase" value="<?php echo $arrConfig['wpa_passphrase'] ?>" />
</div>
</div>
</div>
<div class="tab-pane fade" id="advanced">
<h4>Advanced settings</h4>
<div class="row">
<div class="form-group col-md-4">
<label for="code">Country Code</label>
<input type="text" class="form-control" name="country_code" value="<?php echo $arrConfig['country_code'] ?>" />
</div>
</div>
</div><!-- ./ Panel body -->
<input type="submit" class="btn btn-outline btn-primary" name="SaveHostAPDSettings" value="Save settings" />
<?php
if($hostapdstatus[0] == 0) {
echo '<input type="submit" class="btn btn-success" name="StartHotspot" value="Start hotspot" />';
} else {
echo '<input type="submit" class="btn btn-warning" name="StopHotspot" value="Stop hotspot" />';
};
?>
</form>
</div><!-- /.panel-primary -->
<div class="panel-footer"> Information provided by hostapd</div>
</div><!-- /.col-lg-12 -->
</div><!-- /.row -->
<?php
}
?>
<?php
/**
*
* NB This function is also used for TOR and VPN so don't completely delete
*
*/
function SaveHostAPDConfig(){
if( isset($_POST['SaveOpenVPNSettings']) ) {
// TODO // TODO
} elseif( isset($_POST['SaveTORProxySettings']) ) { } elseif( isset($_POST['SaveTORProxySettings']) ) {
// TODO // TODO
} elseif( isset($_POST['StartHotspot']) ) {
echo "Attempting to start hotspot";
exec( 'sudo /etc/init.d/hostapd start', $return );
foreach( $return as $line ) {
echo $line."<br />";
}
} elseif( isset($_POST['StopHotspot']) ) {
echo "Attempting to stop hotspot";
exec( 'sudo /etc/init.d/hostapd stop', $return );
foreach( $return as $line ) {
echo $line."<br />";
}
} elseif( isset($_POST['StartOpenVPN']) ) { } elseif( isset($_POST['StartOpenVPN']) ) {
echo "Attempting to start openvpn"; echo "Attempting to start openvpn";
exec( 'sudo /etc/init.d/openvpn start', $return ); exec( 'sudo /etc/init.d/openvpn start', $return );