diff --git a/ajax/networking/gen_int_config.php b/ajax/networking/gen_int_config.php
index d0f59ff3..8d042991 100644
--- a/ajax/networking/gen_int_config.php
+++ b/ajax/networking/gen_int_config.php
@@ -3,7 +3,7 @@ session_start();
include_once('../../includes/config.php');
include_once('../../includes/functions.php');
-if(isset($_POST['generate']) && isset($_POST['csrf_token']) && CSRFValidate()) {
+if(isset($_POST['generate'])) {
$cnfNetworking = array_diff(scandir(RASPI_CONFIG_NETWORKING, 1),array('..','.','dhcpcd.conf'));
$cnfNetworking = array_combine($cnfNetworking,$cnfNetworking);
$strConfFile = "";
diff --git a/ajax/networking/get_int_config.php b/ajax/networking/get_int_config.php
index d29ee735..d39f12b3 100644
--- a/ajax/networking/get_int_config.php
+++ b/ajax/networking/get_int_config.php
@@ -4,7 +4,7 @@ include_once('../../includes/config.php');
include_once('../../includes/functions.php');
-if(isset($_POST['interface']) && isset($_POST['csrf_token']) && CSRFValidate()) {
+if(isset($_POST['interface'])) {
$int = preg_replace('/[^a-z0-9]/', '', $_POST['interface']);
if(!file_exists(RASPI_CONFIG_NETWORKING.'/'.$int.'.ini')) {
touch(RASPI_CONFIG_NETWORKING.'/'.$int.'.ini');
diff --git a/ajax/networking/get_ip_summary.php b/ajax/networking/get_ip_summary.php
index 810c6265..3383337d 100644
--- a/ajax/networking/get_ip_summary.php
+++ b/ajax/networking/get_ip_summary.php
@@ -2,7 +2,7 @@
session_start();
include_once('../../includes/functions.php');
-if(isset($_POST['interface']) && isset($_POST['csrf_token']) && CSRFValidate()) {
+if(isset($_POST['interface'])) {
$int = preg_replace('/[^a-z0-9]/','',$_POST['interface']);
exec('ip a s '.$int,$intOutput,$intResult);
$intOutput = array_map('htmlentities', $intOutput);
diff --git a/ajax/networking/save_int_config.php b/ajax/networking/save_int_config.php
index 77fcd865..e8b4f4d1 100644
--- a/ajax/networking/save_int_config.php
+++ b/ajax/networking/save_int_config.php
@@ -2,7 +2,7 @@
session_start();
include_once('../../includes/config.php');
include_once('../../includes/functions.php');
- if(isset($_POST['interface']) && isset($_POST['csrf_token']) && CSRFValidate()) {
+ if(isset($_POST['interface'])) {
$int = $_POST['interface'];
$cfg = [];
$file = $int.".ini";
diff --git a/includes/admin.php b/includes/admin.php
index b335f6be..22353461 100755
--- a/includes/admin.php
+++ b/includes/admin.php
@@ -6,34 +6,30 @@ function DisplayAuthConfig($username, $password)
{
$status = new StatusMessages();
if (isset($_POST['UpdateAdminPassword'])) {
- if (CSRFValidate()) {
- if (password_verify($_POST['oldpass'], $password)) {
- $new_username=trim($_POST['username']);
- if ($_POST['newpass'] !== $_POST['newpassagain']) {
- $status->addMessage('New passwords do not match', 'danger');
- } elseif ($new_username == '') {
- $status->addMessage('Username must not be empty', 'danger');
- } else {
- if (!file_exists(RASPI_ADMIN_DETAILS)) {
- $tmpauth = fopen(RASPI_ADMIN_DETAILS, 'w');
- fclose($tmpauth);
- }
-
- if ($auth_file = fopen(RASPI_ADMIN_DETAILS, 'w')) {
- fwrite($auth_file, $new_username.PHP_EOL);
- fwrite($auth_file, password_hash($_POST['newpass'], PASSWORD_BCRYPT).PHP_EOL);
- fclose($auth_file);
- $username = $new_username;
- $status->addMessage('Admin password updated');
- } else {
- $status->addMessage('Failed to update admin password', 'danger');
- }
- }
+ if (password_verify($_POST['oldpass'], $password)) {
+ $new_username=trim($_POST['username']);
+ if ($_POST['newpass'] !== $_POST['newpassagain']) {
+ $status->addMessage('New passwords do not match', 'danger');
+ } elseif ($new_username == '') {
+ $status->addMessage('Username must not be empty', 'danger');
} else {
- $status->addMessage('Old password does not match', 'danger');
+ if (!file_exists(RASPI_ADMIN_DETAILS)) {
+ $tmpauth = fopen(RASPI_ADMIN_DETAILS, 'w');
+ fclose($tmpauth);
+ }
+
+ if ($auth_file = fopen(RASPI_ADMIN_DETAILS, 'w')) {
+ fwrite($auth_file, $new_username.PHP_EOL);
+ fwrite($auth_file, password_hash($_POST['newpass'], PASSWORD_BCRYPT).PHP_EOL);
+ fclose($auth_file);
+ $username = $new_username;
+ $status->addMessage('Admin password updated');
+ } else {
+ $status->addMessage('Failed to update admin password', 'danger');
+ }
}
} else {
- error_log('CSRF violation');
+ $status->addMessage('Old password does not match', 'danger');
}
}
?>
diff --git a/includes/configure_client.php b/includes/configure_client.php
index 8c3f08b3..d1640041 100755
--- a/includes/configure_client.php
+++ b/includes/configure_client.php
@@ -53,7 +53,7 @@ function DisplayWPAConfig()
if (isset($_POST['connect'])) {
$result = 0;
exec('sudo wpa_cli -i ' . RASPI_WPA_CTRL_INTERFACE . ' select_network '.strval($_POST['connect']));
- } elseif (isset($_POST['client_settings']) && CSRFValidate()) {
+ } elseif (isset($_POST['client_settings'])) {
$tmp_networks = $networks;
if ($wpa_file = fopen('/tmp/wifidata', 'w')) {
fwrite($wpa_file, 'ctrl_interface=DIR=' . RASPI_WPA_CTRL_INTERFACE . ' GROUP=netdev' . PHP_EOL);
diff --git a/includes/dhcp.php b/includes/dhcp.php
index cc5133c1..82e80bec 100755
--- a/includes/dhcp.php
+++ b/includes/dhcp.php
@@ -12,64 +12,60 @@ function DisplayDHCPConfig()
$status = new StatusMessages();
if (isset($_POST['savedhcpdsettings'])) {
- if (CSRFValidate()) {
- $errors = '';
- define('IFNAMSIZ', 16);
- if (!preg_match('/^[a-zA-Z0-9]+$/', $_POST['interface']) ||
- strlen($_POST['interface']) >= IFNAMSIZ) {
- $errors .= _('Invalid interface name.').'
'.PHP_EOL;
+ $errors = '';
+ define('IFNAMSIZ', 16);
+ if (!preg_match('/^[a-zA-Z0-9]+$/', $_POST['interface']) ||
+ strlen($_POST['interface']) >= IFNAMSIZ) {
+ $errors .= _('Invalid interface name.').'
'.PHP_EOL;
+ }
+
+ if (!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/', $_POST['RangeStart']) &&
+ !empty($_POST['RangeStart'])) { // allow ''/null ?
+ $errors .= _('Invalid DHCP range start.').'
'.PHP_EOL;
+ }
+
+ if (!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/', $_POST['RangeEnd']) &&
+ !empty($_POST['RangeEnd'])) { // allow ''/null ?
+ $errors .= _('Invalid DHCP range end.').'
'.PHP_EOL;
+ }
+
+ if (!ctype_digit($_POST['RangeLeaseTime']) && $_POST['RangeLeaseTimeUnits'] !== 'infinite') {
+ $errors .= _('Invalid DHCP lease time, not a number.').'
'.PHP_EOL;
+ }
+
+ if (!in_array($_POST['RangeLeaseTimeUnits'], array('m', 'h', 'd', 'infinite'))) {
+ $errors .= _('Unknown DHCP lease time unit.').'
'.PHP_EOL;
+ }
+
+ $return = 1;
+ if (empty($errors)) {
+ $config = 'interface='.$_POST['interface'].PHP_EOL.
+ 'dhcp-range='.$_POST['RangeStart'].','.$_POST['RangeEnd'].
+ ',255.255.255.0,';
+ if ($_POST['RangeLeaseTimeUnits'] !== 'infinite') {
+ $config .= $_POST['RangeLeaseTime'];
}
- if (!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/', $_POST['RangeStart']) &&
- !empty($_POST['RangeStart'])) { // allow ''/null ?
- $errors .= _('Invalid DHCP range start.').'
'.PHP_EOL;
- }
+ $config .= $_POST['RangeLeaseTimeUnits'].PHP_EOL;
- if (!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/', $_POST['RangeEnd']) &&
- !empty($_POST['RangeEnd'])) { // allow ''/null ?
- $errors .= _('Invalid DHCP range end.').'
'.PHP_EOL;
- }
-
- if (!ctype_digit($_POST['RangeLeaseTime']) && $_POST['RangeLeaseTimeUnits'] !== 'infinite') {
- $errors .= _('Invalid DHCP lease time, not a number.').'
'.PHP_EOL;
- }
-
- if (!in_array($_POST['RangeLeaseTimeUnits'], array('m', 'h', 'd', 'infinite'))) {
- $errors .= _('Unknown DHCP lease time unit.').'
'.PHP_EOL;
- }
-
- $return = 1;
- if (empty($errors)) {
- $config = 'interface='.$_POST['interface'].PHP_EOL.
- 'dhcp-range='.$_POST['RangeStart'].','.$_POST['RangeEnd'].
- ',255.255.255.0,';
- if ($_POST['RangeLeaseTimeUnits'] !== 'infinite') {
- $config .= $_POST['RangeLeaseTime'];
+ for ($i=0; $i < count($_POST["static_leases"]["mac"]); $i++) {
+ $mac = trim($_POST["static_leases"]["mac"][$i]);
+ $ip = trim($_POST["static_leases"]["ip"][$i]);
+ if ($mac != "" && $ip != "") {
+ $config .= "dhcp-host=$mac,$ip".PHP_EOL;
}
-
- $config .= $_POST['RangeLeaseTimeUnits'].PHP_EOL;
-
- for ($i=0; $i < count($_POST["static_leases"]["mac"]); $i++) {
- $mac = trim($_POST["static_leases"]["mac"][$i]);
- $ip = trim($_POST["static_leases"]["ip"][$i]);
- if ($mac != "" && $ip != "") {
- $config .= "dhcp-host=$mac,$ip".PHP_EOL;
- }
- }
-
- file_put_contents("/tmp/dhcpddata", $config);
- system('sudo cp /tmp/dhcpddata '.RASPI_DNSMASQ_CONFIG, $return);
- } else {
- $status->addMessage($errors, 'danger');
}
- if ($return == 0) {
- $status->addMessage('Dnsmasq configuration updated successfully', 'success');
- } else {
- $status->addMessage('Dnsmasq configuration failed to be updated.', 'danger');
- }
+ file_put_contents("/tmp/dhcpddata", $config);
+ system('sudo cp /tmp/dhcpddata '.RASPI_DNSMASQ_CONFIG, $return);
} else {
- error_log('CSRF violation');
+ $status->addMessage($errors, 'danger');
+ }
+
+ if ($return == 0) {
+ $status->addMessage('Dnsmasq configuration updated successfully', 'success');
+ } else {
+ $status->addMessage('Dnsmasq configuration failed to be updated.', 'danger');
}
}
@@ -77,36 +73,28 @@ function DisplayDHCPConfig()
$dnsmasq_state = ($dnsmasq[0] > 0);
if (isset($_POST['startdhcpd'])) {
- if (CSRFValidate()) {
- if ($dnsmasq_state) {
- $status->addMessage('dnsmasq already running', 'info');
- } else {
- exec('sudo /etc/init.d/dnsmasq start', $dnsmasq, $return);
- if ($return == 0) {
- $status->addMessage('Successfully started dnsmasq', 'success');
- $dnsmasq_state = true;
- } else {
- $status->addMessage('Failed to start dnsmasq', 'danger');
- }
- }
+ if ($dnsmasq_state) {
+ $status->addMessage('dnsmasq already running', 'info');
} else {
- error_log('CSRF violation');
+ exec('sudo /etc/init.d/dnsmasq start', $dnsmasq, $return);
+ if ($return == 0) {
+ $status->addMessage('Successfully started dnsmasq', 'success');
+ $dnsmasq_state = true;
+ } else {
+ $status->addMessage('Failed to start dnsmasq', 'danger');
+ }
}
} elseif (isset($_POST['stopdhcpd'])) {
- if (CSRFValidate()) {
- if ($dnsmasq_state) {
- exec('sudo /etc/init.d/dnsmasq stop', $dnsmasq, $return);
- if ($return == 0) {
- $status->addMessage('Successfully stopped dnsmasq', 'success');
- $dnsmasq_state = false;
- } else {
- $status->addMessage('Failed to stop dnsmasq', 'danger');
- }
+ if ($dnsmasq_state) {
+ exec('sudo /etc/init.d/dnsmasq stop', $dnsmasq, $return);
+ if ($return == 0) {
+ $status->addMessage('Successfully stopped dnsmasq', 'success');
+ $dnsmasq_state = false;
} else {
- $status->addMessage('dnsmasq already stopped', 'info');
+ $status->addMessage('Failed to stop dnsmasq', 'danger');
}
} else {
- error_log('CSRF violation');
+ $status->addMessage('dnsmasq already stopped', 'info');
}
} else {
if ($dnsmasq_state) {
diff --git a/includes/hostapd.php b/includes/hostapd.php
index 6912bd92..0da1c795 100755
--- a/includes/hostapd.php
+++ b/includes/hostapd.php
@@ -22,34 +22,22 @@ function DisplayHostAPDConfig()
exec("ip -o link show | awk -F': ' '{print $2}'", $interfaces);
if (isset($_POST['SaveHostAPDSettings'])) {
- if (CSRFValidate()) {
- SaveHostAPDConfig($arrSecurity, $arrEncType, $arr80211Standard, $interfaces, $status);
- } else {
- error_log('CSRF violation');
- }
+ SaveHostAPDConfig($arrSecurity, $arrEncType, $arr80211Standard, $interfaces, $status);
} elseif (isset($_POST['StartHotspot'])) {
- if (CSRFValidate()) {
- $status->addMessage('Attempting to start hotspot', 'info');
- if ($arrHostapdConf['WifiAPEnable'] == 1) {
- exec('sudo /etc/raspap/hostapd/servicestart.sh --interface uap0 --seconds 3', $return);
- } else {
- exec('sudo /etc/raspap/hostapd/servicestart.sh --seconds 5', $return);
- }
- foreach ($return as $line) {
- $status->addMessage($line, 'info');
- }
+ $status->addMessage('Attempting to start hotspot', 'info');
+ if ($arrHostapdConf['WifiAPEnable'] == 1) {
+ exec('sudo /etc/raspap/hostapd/servicestart.sh --interface uap0 --seconds 3', $return);
} else {
- error_log('CSRF violation');
+ exec('sudo /etc/raspap/hostapd/servicestart.sh --seconds 5', $return);
+ }
+ foreach ($return as $line) {
+ $status->addMessage($line, 'info');
}
} elseif (isset($_POST['StopHotspot'])) {
- if (CSRFValidate()) {
- $status->addMessage('Attempting to stop hotspot', 'info');
- exec('sudo /etc/init.d/hostapd stop', $return);
- foreach ($return as $line) {
- $status->addMessage($line, 'info');
- }
- } else {
- error_log('CSRF violation');
+ $status->addMessage('Attempting to stop hotspot', 'info');
+ exec('sudo /etc/init.d/hostapd stop', $return);
+ foreach ($return as $line) {
+ $status->addMessage($line, 'info');
}
}
diff --git a/includes/system.php b/includes/system.php
index 4b27c1d9..746963c9 100755
--- a/includes/system.php
+++ b/includes/system.php
@@ -63,13 +63,9 @@ function DisplaySystem()
$status = new StatusMessages();
if (isset($_POST['SaveLanguage'])) {
- if (CSRFValidate()) {
- if (isset($_POST['locale'])) {
- $_SESSION['locale'] = $_POST['locale'];
- $status->addMessage('Language setting saved', 'success');
- }
- } else {
- error_log('CSRF violation');
+ if (isset($_POST['locale'])) {
+ $_SESSION['locale'] = $_POST['locale'];
+ $status->addMessage('Language setting saved', 'success');
}
}