mirror of
https://github.com/billz/raspap-webgui.git
synced 2023-10-10 13:37:24 +02:00
remove splattered, duplicated csrf validation code
since we do that always and early, now.
This commit is contained in:
parent
f989b8060b
commit
87fe8948b8
@ -3,7 +3,7 @@ session_start();
|
||||
include_once('../../includes/config.php');
|
||||
include_once('../../includes/functions.php');
|
||||
|
||||
if(isset($_POST['generate']) && isset($_POST['csrf_token']) && CSRFValidate()) {
|
||||
if(isset($_POST['generate'])) {
|
||||
$cnfNetworking = array_diff(scandir(RASPI_CONFIG_NETWORKING, 1),array('..','.','dhcpcd.conf'));
|
||||
$cnfNetworking = array_combine($cnfNetworking,$cnfNetworking);
|
||||
$strConfFile = "";
|
||||
|
@ -4,7 +4,7 @@ include_once('../../includes/config.php');
|
||||
include_once('../../includes/functions.php');
|
||||
|
||||
|
||||
if(isset($_POST['interface']) && isset($_POST['csrf_token']) && CSRFValidate()) {
|
||||
if(isset($_POST['interface'])) {
|
||||
$int = preg_replace('/[^a-z0-9]/', '', $_POST['interface']);
|
||||
if(!file_exists(RASPI_CONFIG_NETWORKING.'/'.$int.'.ini')) {
|
||||
touch(RASPI_CONFIG_NETWORKING.'/'.$int.'.ini');
|
||||
|
@ -2,7 +2,7 @@
|
||||
session_start();
|
||||
include_once('../../includes/functions.php');
|
||||
|
||||
if(isset($_POST['interface']) && isset($_POST['csrf_token']) && CSRFValidate()) {
|
||||
if(isset($_POST['interface'])) {
|
||||
$int = preg_replace('/[^a-z0-9]/','',$_POST['interface']);
|
||||
exec('ip a s '.$int,$intOutput,$intResult);
|
||||
$intOutput = array_map('htmlentities', $intOutput);
|
||||
|
@ -2,7 +2,7 @@
|
||||
session_start();
|
||||
include_once('../../includes/config.php');
|
||||
include_once('../../includes/functions.php');
|
||||
if(isset($_POST['interface']) && isset($_POST['csrf_token']) && CSRFValidate()) {
|
||||
if(isset($_POST['interface'])) {
|
||||
$int = $_POST['interface'];
|
||||
$cfg = [];
|
||||
$file = $int.".ini";
|
||||
|
@ -6,34 +6,30 @@ function DisplayAuthConfig($username, $password)
|
||||
{
|
||||
$status = new StatusMessages();
|
||||
if (isset($_POST['UpdateAdminPassword'])) {
|
||||
if (CSRFValidate()) {
|
||||
if (password_verify($_POST['oldpass'], $password)) {
|
||||
$new_username=trim($_POST['username']);
|
||||
if ($_POST['newpass'] !== $_POST['newpassagain']) {
|
||||
$status->addMessage('New passwords do not match', 'danger');
|
||||
} elseif ($new_username == '') {
|
||||
$status->addMessage('Username must not be empty', 'danger');
|
||||
} else {
|
||||
if (!file_exists(RASPI_ADMIN_DETAILS)) {
|
||||
$tmpauth = fopen(RASPI_ADMIN_DETAILS, 'w');
|
||||
fclose($tmpauth);
|
||||
}
|
||||
|
||||
if ($auth_file = fopen(RASPI_ADMIN_DETAILS, 'w')) {
|
||||
fwrite($auth_file, $new_username.PHP_EOL);
|
||||
fwrite($auth_file, password_hash($_POST['newpass'], PASSWORD_BCRYPT).PHP_EOL);
|
||||
fclose($auth_file);
|
||||
$username = $new_username;
|
||||
$status->addMessage('Admin password updated');
|
||||
} else {
|
||||
$status->addMessage('Failed to update admin password', 'danger');
|
||||
}
|
||||
}
|
||||
if (password_verify($_POST['oldpass'], $password)) {
|
||||
$new_username=trim($_POST['username']);
|
||||
if ($_POST['newpass'] !== $_POST['newpassagain']) {
|
||||
$status->addMessage('New passwords do not match', 'danger');
|
||||
} elseif ($new_username == '') {
|
||||
$status->addMessage('Username must not be empty', 'danger');
|
||||
} else {
|
||||
$status->addMessage('Old password does not match', 'danger');
|
||||
if (!file_exists(RASPI_ADMIN_DETAILS)) {
|
||||
$tmpauth = fopen(RASPI_ADMIN_DETAILS, 'w');
|
||||
fclose($tmpauth);
|
||||
}
|
||||
|
||||
if ($auth_file = fopen(RASPI_ADMIN_DETAILS, 'w')) {
|
||||
fwrite($auth_file, $new_username.PHP_EOL);
|
||||
fwrite($auth_file, password_hash($_POST['newpass'], PASSWORD_BCRYPT).PHP_EOL);
|
||||
fclose($auth_file);
|
||||
$username = $new_username;
|
||||
$status->addMessage('Admin password updated');
|
||||
} else {
|
||||
$status->addMessage('Failed to update admin password', 'danger');
|
||||
}
|
||||
}
|
||||
} else {
|
||||
error_log('CSRF violation');
|
||||
$status->addMessage('Old password does not match', 'danger');
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
@ -53,7 +53,7 @@ function DisplayWPAConfig()
|
||||
if (isset($_POST['connect'])) {
|
||||
$result = 0;
|
||||
exec('sudo wpa_cli -i ' . RASPI_WPA_CTRL_INTERFACE . ' select_network '.strval($_POST['connect']));
|
||||
} elseif (isset($_POST['client_settings']) && CSRFValidate()) {
|
||||
} elseif (isset($_POST['client_settings'])) {
|
||||
$tmp_networks = $networks;
|
||||
if ($wpa_file = fopen('/tmp/wifidata', 'w')) {
|
||||
fwrite($wpa_file, 'ctrl_interface=DIR=' . RASPI_WPA_CTRL_INTERFACE . ' GROUP=netdev' . PHP_EOL);
|
||||
|
@ -12,64 +12,60 @@ function DisplayDHCPConfig()
|
||||
|
||||
$status = new StatusMessages();
|
||||
if (isset($_POST['savedhcpdsettings'])) {
|
||||
if (CSRFValidate()) {
|
||||
$errors = '';
|
||||
define('IFNAMSIZ', 16);
|
||||
if (!preg_match('/^[a-zA-Z0-9]+$/', $_POST['interface']) ||
|
||||
strlen($_POST['interface']) >= IFNAMSIZ) {
|
||||
$errors .= _('Invalid interface name.').'<br />'.PHP_EOL;
|
||||
$errors = '';
|
||||
define('IFNAMSIZ', 16);
|
||||
if (!preg_match('/^[a-zA-Z0-9]+$/', $_POST['interface']) ||
|
||||
strlen($_POST['interface']) >= IFNAMSIZ) {
|
||||
$errors .= _('Invalid interface name.').'<br />'.PHP_EOL;
|
||||
}
|
||||
|
||||
if (!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/', $_POST['RangeStart']) &&
|
||||
!empty($_POST['RangeStart'])) { // allow ''/null ?
|
||||
$errors .= _('Invalid DHCP range start.').'<br />'.PHP_EOL;
|
||||
}
|
||||
|
||||
if (!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/', $_POST['RangeEnd']) &&
|
||||
!empty($_POST['RangeEnd'])) { // allow ''/null ?
|
||||
$errors .= _('Invalid DHCP range end.').'<br />'.PHP_EOL;
|
||||
}
|
||||
|
||||
if (!ctype_digit($_POST['RangeLeaseTime']) && $_POST['RangeLeaseTimeUnits'] !== 'infinite') {
|
||||
$errors .= _('Invalid DHCP lease time, not a number.').'<br />'.PHP_EOL;
|
||||
}
|
||||
|
||||
if (!in_array($_POST['RangeLeaseTimeUnits'], array('m', 'h', 'd', 'infinite'))) {
|
||||
$errors .= _('Unknown DHCP lease time unit.').'<br />'.PHP_EOL;
|
||||
}
|
||||
|
||||
$return = 1;
|
||||
if (empty($errors)) {
|
||||
$config = 'interface='.$_POST['interface'].PHP_EOL.
|
||||
'dhcp-range='.$_POST['RangeStart'].','.$_POST['RangeEnd'].
|
||||
',255.255.255.0,';
|
||||
if ($_POST['RangeLeaseTimeUnits'] !== 'infinite') {
|
||||
$config .= $_POST['RangeLeaseTime'];
|
||||
}
|
||||
|
||||
if (!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/', $_POST['RangeStart']) &&
|
||||
!empty($_POST['RangeStart'])) { // allow ''/null ?
|
||||
$errors .= _('Invalid DHCP range start.').'<br />'.PHP_EOL;
|
||||
}
|
||||
$config .= $_POST['RangeLeaseTimeUnits'].PHP_EOL;
|
||||
|
||||
if (!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/', $_POST['RangeEnd']) &&
|
||||
!empty($_POST['RangeEnd'])) { // allow ''/null ?
|
||||
$errors .= _('Invalid DHCP range end.').'<br />'.PHP_EOL;
|
||||
}
|
||||
|
||||
if (!ctype_digit($_POST['RangeLeaseTime']) && $_POST['RangeLeaseTimeUnits'] !== 'infinite') {
|
||||
$errors .= _('Invalid DHCP lease time, not a number.').'<br />'.PHP_EOL;
|
||||
}
|
||||
|
||||
if (!in_array($_POST['RangeLeaseTimeUnits'], array('m', 'h', 'd', 'infinite'))) {
|
||||
$errors .= _('Unknown DHCP lease time unit.').'<br />'.PHP_EOL;
|
||||
}
|
||||
|
||||
$return = 1;
|
||||
if (empty($errors)) {
|
||||
$config = 'interface='.$_POST['interface'].PHP_EOL.
|
||||
'dhcp-range='.$_POST['RangeStart'].','.$_POST['RangeEnd'].
|
||||
',255.255.255.0,';
|
||||
if ($_POST['RangeLeaseTimeUnits'] !== 'infinite') {
|
||||
$config .= $_POST['RangeLeaseTime'];
|
||||
for ($i=0; $i < count($_POST["static_leases"]["mac"]); $i++) {
|
||||
$mac = trim($_POST["static_leases"]["mac"][$i]);
|
||||
$ip = trim($_POST["static_leases"]["ip"][$i]);
|
||||
if ($mac != "" && $ip != "") {
|
||||
$config .= "dhcp-host=$mac,$ip".PHP_EOL;
|
||||
}
|
||||
|
||||
$config .= $_POST['RangeLeaseTimeUnits'].PHP_EOL;
|
||||
|
||||
for ($i=0; $i < count($_POST["static_leases"]["mac"]); $i++) {
|
||||
$mac = trim($_POST["static_leases"]["mac"][$i]);
|
||||
$ip = trim($_POST["static_leases"]["ip"][$i]);
|
||||
if ($mac != "" && $ip != "") {
|
||||
$config .= "dhcp-host=$mac,$ip".PHP_EOL;
|
||||
}
|
||||
}
|
||||
|
||||
file_put_contents("/tmp/dhcpddata", $config);
|
||||
system('sudo cp /tmp/dhcpddata '.RASPI_DNSMASQ_CONFIG, $return);
|
||||
} else {
|
||||
$status->addMessage($errors, 'danger');
|
||||
}
|
||||
|
||||
if ($return == 0) {
|
||||
$status->addMessage('Dnsmasq configuration updated successfully', 'success');
|
||||
} else {
|
||||
$status->addMessage('Dnsmasq configuration failed to be updated.', 'danger');
|
||||
}
|
||||
file_put_contents("/tmp/dhcpddata", $config);
|
||||
system('sudo cp /tmp/dhcpddata '.RASPI_DNSMASQ_CONFIG, $return);
|
||||
} else {
|
||||
error_log('CSRF violation');
|
||||
$status->addMessage($errors, 'danger');
|
||||
}
|
||||
|
||||
if ($return == 0) {
|
||||
$status->addMessage('Dnsmasq configuration updated successfully', 'success');
|
||||
} else {
|
||||
$status->addMessage('Dnsmasq configuration failed to be updated.', 'danger');
|
||||
}
|
||||
}
|
||||
|
||||
@ -77,36 +73,28 @@ function DisplayDHCPConfig()
|
||||
$dnsmasq_state = ($dnsmasq[0] > 0);
|
||||
|
||||
if (isset($_POST['startdhcpd'])) {
|
||||
if (CSRFValidate()) {
|
||||
if ($dnsmasq_state) {
|
||||
$status->addMessage('dnsmasq already running', 'info');
|
||||
} else {
|
||||
exec('sudo /etc/init.d/dnsmasq start', $dnsmasq, $return);
|
||||
if ($return == 0) {
|
||||
$status->addMessage('Successfully started dnsmasq', 'success');
|
||||
$dnsmasq_state = true;
|
||||
} else {
|
||||
$status->addMessage('Failed to start dnsmasq', 'danger');
|
||||
}
|
||||
}
|
||||
if ($dnsmasq_state) {
|
||||
$status->addMessage('dnsmasq already running', 'info');
|
||||
} else {
|
||||
error_log('CSRF violation');
|
||||
exec('sudo /etc/init.d/dnsmasq start', $dnsmasq, $return);
|
||||
if ($return == 0) {
|
||||
$status->addMessage('Successfully started dnsmasq', 'success');
|
||||
$dnsmasq_state = true;
|
||||
} else {
|
||||
$status->addMessage('Failed to start dnsmasq', 'danger');
|
||||
}
|
||||
}
|
||||
} elseif (isset($_POST['stopdhcpd'])) {
|
||||
if (CSRFValidate()) {
|
||||
if ($dnsmasq_state) {
|
||||
exec('sudo /etc/init.d/dnsmasq stop', $dnsmasq, $return);
|
||||
if ($return == 0) {
|
||||
$status->addMessage('Successfully stopped dnsmasq', 'success');
|
||||
$dnsmasq_state = false;
|
||||
} else {
|
||||
$status->addMessage('Failed to stop dnsmasq', 'danger');
|
||||
}
|
||||
if ($dnsmasq_state) {
|
||||
exec('sudo /etc/init.d/dnsmasq stop', $dnsmasq, $return);
|
||||
if ($return == 0) {
|
||||
$status->addMessage('Successfully stopped dnsmasq', 'success');
|
||||
$dnsmasq_state = false;
|
||||
} else {
|
||||
$status->addMessage('dnsmasq already stopped', 'info');
|
||||
$status->addMessage('Failed to stop dnsmasq', 'danger');
|
||||
}
|
||||
} else {
|
||||
error_log('CSRF violation');
|
||||
$status->addMessage('dnsmasq already stopped', 'info');
|
||||
}
|
||||
} else {
|
||||
if ($dnsmasq_state) {
|
||||
|
@ -22,34 +22,22 @@ function DisplayHostAPDConfig()
|
||||
exec("ip -o link show | awk -F': ' '{print $2}'", $interfaces);
|
||||
|
||||
if (isset($_POST['SaveHostAPDSettings'])) {
|
||||
if (CSRFValidate()) {
|
||||
SaveHostAPDConfig($arrSecurity, $arrEncType, $arr80211Standard, $interfaces, $status);
|
||||
} else {
|
||||
error_log('CSRF violation');
|
||||
}
|
||||
SaveHostAPDConfig($arrSecurity, $arrEncType, $arr80211Standard, $interfaces, $status);
|
||||
} elseif (isset($_POST['StartHotspot'])) {
|
||||
if (CSRFValidate()) {
|
||||
$status->addMessage('Attempting to start hotspot', 'info');
|
||||
if ($arrHostapdConf['WifiAPEnable'] == 1) {
|
||||
exec('sudo /etc/raspap/hostapd/servicestart.sh --interface uap0 --seconds 3', $return);
|
||||
} else {
|
||||
exec('sudo /etc/raspap/hostapd/servicestart.sh --seconds 5', $return);
|
||||
}
|
||||
foreach ($return as $line) {
|
||||
$status->addMessage($line, 'info');
|
||||
}
|
||||
$status->addMessage('Attempting to start hotspot', 'info');
|
||||
if ($arrHostapdConf['WifiAPEnable'] == 1) {
|
||||
exec('sudo /etc/raspap/hostapd/servicestart.sh --interface uap0 --seconds 3', $return);
|
||||
} else {
|
||||
error_log('CSRF violation');
|
||||
exec('sudo /etc/raspap/hostapd/servicestart.sh --seconds 5', $return);
|
||||
}
|
||||
foreach ($return as $line) {
|
||||
$status->addMessage($line, 'info');
|
||||
}
|
||||
} elseif (isset($_POST['StopHotspot'])) {
|
||||
if (CSRFValidate()) {
|
||||
$status->addMessage('Attempting to stop hotspot', 'info');
|
||||
exec('sudo /etc/init.d/hostapd stop', $return);
|
||||
foreach ($return as $line) {
|
||||
$status->addMessage($line, 'info');
|
||||
}
|
||||
} else {
|
||||
error_log('CSRF violation');
|
||||
$status->addMessage('Attempting to stop hotspot', 'info');
|
||||
exec('sudo /etc/init.d/hostapd stop', $return);
|
||||
foreach ($return as $line) {
|
||||
$status->addMessage($line, 'info');
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -63,13 +63,9 @@ function DisplaySystem()
|
||||
$status = new StatusMessages();
|
||||
|
||||
if (isset($_POST['SaveLanguage'])) {
|
||||
if (CSRFValidate()) {
|
||||
if (isset($_POST['locale'])) {
|
||||
$_SESSION['locale'] = $_POST['locale'];
|
||||
$status->addMessage('Language setting saved', 'success');
|
||||
}
|
||||
} else {
|
||||
error_log('CSRF violation');
|
||||
if (isset($_POST['locale'])) {
|
||||
$_SESSION['locale'] = $_POST['locale'];
|
||||
$status->addMessage('Language setting saved', 'success');
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user