From 801ca5a788a087020e3de2327b0435cd2e853ce4 Mon Sep 17 00:00:00 2001
From: Guillaume Rossolini <g.rossolini@gmail.com>
Date: Mon, 23 Dec 2024 18:00:00 +0100
Subject: [PATCH 01/30] Update README.md

Replaced dead link for SSL certificates
---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 59467b59..584f9a25 100644
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
 [![Release 3.2.4](https://img.shields.io/badge/release-v3.2.4-green)](https://github.com/raspap/raspap-webgui/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Join Insiders](https://img.shields.io/static/v1?label=Insiders&message=%E2%9D%A4&logo=GitHub&color=ff69b4)](https://github.com/sponsors/RaspAP) [![Build Status](https://app.travis-ci.com/RaspAP/raspap-webgui.svg?branch=master)](https://app.travis-ci.com/RaspAP/raspap-webgui) [![Crowdin](https://badges.crowdin.net/raspap/localized.svg)](https://crowdin.com/project/raspap) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Reddit](https://img.shields.io/badge/%2Fr%2FRaspAP-e05d44?style=flat&logo=Reddit&logoColor=white&labelColor=e05d44&color=b14835)](https://reddit.com/r/RaspAP) [![Discord](https://img.shields.io/discord/642436993451819018?color=7289DA&label=Discord&logo=discord&style=flat)](https://discord.gg/KVAsaAR)
 
 
-RaspAP is feature-rich wireless router software that _just works_ on many popular [Debian-based devices](#supported-operating-systems), including the Raspberry Pi. Our popular [Quick installer](#quick-installer) and [Docker container](#docker-support) create a known-good default configuration for all current Raspberry Pis with onboard wireless. A fully responsive, mobile-ready interface gives you control over the relevant services and networking options. Advanced DHCP settings, WireGuard and OpenVPN support, [SSL certificates](https://docs.raspap.com/ssl-quick/), security audits, [captive portal integration](https://docs.raspap.com/captive/), themes and [multilingual options](https://docs.raspap.com/translations/) are included.
+RaspAP is feature-rich wireless router software that _just works_ on many popular [Debian-based devices](#supported-operating-systems), including the Raspberry Pi. Our popular [Quick installer](#quick-installer) and [Docker container](#docker-support) create a known-good default configuration for all current Raspberry Pis with onboard wireless. A fully responsive, mobile-ready interface gives you control over the relevant services and networking options. Advanced DHCP settings, WireGuard and OpenVPN support, [SSL certificates](https://docs.raspap.com/ssl/), security audits, [captive portal integration](https://docs.raspap.com/captive/), themes and [multilingual options](https://docs.raspap.com/translations/) are included.
 
 RaspAP has been featured on sites such as [Instructables](http://www.instructables.com/id/Raspberry-Pi-As-Completely-Wireless-Router/), [Adafruit](https://blog.adafruit.com/2016/06/24/raspap-wifi-configuration-portal-piday-raspberrypi-raspberry_pi/), [Raspberry Pi Weekly](https://www.raspberrypi.org/weekly/commander/) and [Awesome Raspberry Pi](https://project-awesome.org/thibmaek/awesome-raspberry-pi) and implemented in countless projects.
 

From 5902a8d6a014ca94884c302ccf09eb40b667fdcc Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 1 Jan 2025 00:37:25 -0800
Subject: [PATCH 02/30] Update template + wg-keygen js handler

---
 app/js/custom.js       | 12 ++++++------
 templates/wg/peers.php |  6 ++----
 2 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/app/js/custom.js b/app/js/custom.js
index 53ea7ae3..c33a5d5a 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -623,18 +623,18 @@ function clearBlocklistStatus() {
     $('#cbxblocklist-status').removeClass('check-updated').addClass('check-hidden');
 }
 
-// Handler for the wireguard generate key button
+// Handler for the WireGuard generate key button
 $('.wg-keygen').click(function(){
-    var entity_pub = $(this).parent('div').prev('input[type="text"]');
-    var entity_priv = $(this).parent('div').next('input[type="hidden"]');
+    var parentGroup = $(this).closest('.input-group');
+    var entity_pub = parentGroup.find('input[type="text"]');
     var updated = entity_pub.attr('name')+"-pubkey-status";
-    var csrfToken = $('meta[name=csrf_token]').attr('content');
+    var csrfToken = $('meta[name="csrf_token"]').attr('content');
     $.post('ajax/networking/get_wgkey.php',{'entity':entity_pub.attr('name'), 'csrf_token': csrfToken},function(data){
         var jsonData = JSON.parse(data);
         entity_pub.val(jsonData.pubkey);
         $('#' + updated).removeClass('check-hidden').addClass('check-updated').delay(500).animate({ opacity: 1 }, 700);
-    })
-})
+    });
+});
 
 // Handler for wireguard client.conf download
 $('.wg-client-dl').click(function(){
diff --git a/templates/wg/peers.php b/templates/wg/peers.php
index fad228c4..a625b4c9 100644
--- a/templates/wg/peers.php
+++ b/templates/wg/peers.php
@@ -21,10 +21,8 @@
         </div>
         <div class="input-group col-md-12">
           <input type="text" class="form-control" name="wg-peer" id="wg-peerpubkey" value="<?php echo htmlspecialchars($wg_peerpubkey, ENT_QUOTES); ?>" />
-          <div class="input-group-append">
-            <button class="btn btn-outline-secondary rounded-end wg-keygen" type="button"><i class="fas fa-magic"></i></button>
-            <span id="wg-peer-pubkey-status" class="input-group-addon check-hidden ms-2 mt-1"><i class="fas fa-check"></i></span>
-          </div>
+          <div class="btn btn-outline-secondary rounded-end wg-keygen"><i class="fa-solid fa-wand-magic-sparkles"></i></div>
+          <span id="wg-peer-pubkey-status" class="input-group-addon check-hidden ms-2 mt-1"><i class="fas fa-check"></i></span>
         </div>
       </div>
 

From 531970d9c6c6d4ed0c7e286ba905d1b17c191816 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 1 Jan 2025 00:41:56 -0800
Subject: [PATCH 03/30] Extend wg peer endpoint validation w/ subdomain +
 hostname

---
 includes/wireguard.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/includes/wireguard.php b/includes/wireguard.php
index ed47a6e1..2cca31db 100755
--- a/includes/wireguard.php
+++ b/includes/wireguard.php
@@ -207,7 +207,10 @@ function SaveWireGuardConfig($status)
         }
         if (isset($_POST['wg_pendpoint']) && strlen(trim($_POST['wg_pendpoint']) >0 )) {
             $wg_pendpoint_seg = substr($_POST['wg_pendpoint'],0,strpos($_POST['wg_pendpoint'],':'));
-            if (!filter_var($wg_pendpoint_seg,FILTER_VALIDATE_IP)) {
+            $host_port = explode(':', $wg_pendpoint_seg);
+            $hostname = $host_port[0];
+            if (!filter_var($hostname, FILTER_VALIDATE_IP) && 
+                !filter_var($hostname, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME)) {
                 $status->addMessage('Invalid value for endpoint address', 'danger');
                 $good_input = false;
             }

From bfd5859ce1b87cb0f9c3e85f1ee5bfce6aaa6b4a Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Fri, 3 Jan 2025 00:38:45 -0800
Subject: [PATCH 04/30] Revise bootstrap 5.3 adblock update btn

---
 templates/adblock/general.php | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/templates/adblock/general.php b/templates/adblock/general.php
index c39a8b41..ff3d16f5 100644
--- a/templates/adblock/general.php
+++ b/templates/adblock/general.php
@@ -30,10 +30,8 @@
                 <option disabled="disabled"></option>
                 <?php echo optionsForSelect(blocklistProviders()) ?>
               </select>
-              <div class="input-group-append">
-                <button class="btn btn-sm btn-outline-secondary rounded-end" type="button" onclick="updateBlocklist()"><?php echo _("Update now"); ?></button>
-                <span id="cbxblocklist-status" class="input-group-addon check-hidden ms-2 mt-1"><i class="fas fa-check"></i></span>
-              </div>
+              <button class="btn btn-sm btn-outline-secondary rounded-end" type="button" onclick="updateBlocklist()"><?php echo _("Update now"); ?></button>
+              <span id="cbxblocklist-status" class="input-group-addon check-hidden ms-2 mt-1"><i class="fas fa-check"></i></span>
             </div>
           </div>
         </div>

From 0c31b5ba714d4c7608f8c4317b1b49427e5d492e Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sun, 19 Jan 2025 00:23:06 -0800
Subject: [PATCH 05/30] Set dhcp-ignore=tag:!known from option switch

---
 includes/dhcp.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/includes/dhcp.php b/includes/dhcp.php
index 47b8edfa..fd6a47ac 100755
--- a/includes/dhcp.php
+++ b/includes/dhcp.php
@@ -268,6 +268,9 @@ function updateDnsmasqConfig($iface,$status)
         }
         $config .= PHP_EOL;
     }
+    if ($_POST['dhcp-ignore'] == "1") {
+        $config .= 'dhcp-ignore=tag:!known'.PHP_EOL;
+    }
     file_put_contents("/tmp/dnsmasqdata", $config);
     $msg = file_exists(RASPI_DNSMASQ_PREFIX.$iface.'.conf') ? 'updated' : 'added';
     system('sudo cp /tmp/dnsmasqdata '.RASPI_DNSMASQ_PREFIX.$iface.'.conf', $result);

From 6f1c34f28d0168d8ea6647ef3e459b11078e4dc7 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 20 Jan 2025 00:51:00 -0800
Subject: [PATCH 06/30] Initial commit

---
 ajax/session/do_check_session.php | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 ajax/session/do_check_session.php

diff --git a/ajax/session/do_check_session.php b/ajax/session/do_check_session.php
new file mode 100644
index 00000000..401ea30c
--- /dev/null
+++ b/ajax/session/do_check_session.php
@@ -0,0 +1,28 @@
+<?php
+
+require '../../includes/csrf.php';
+require_once '../../includes/session.php';
+require_once '../../includes/config.php';
+require_once '../../src/RaspAP/Auth/HTTPAuth.php';
+require_once '../../includes/authenticate.php';
+
+$lastActivity = $_SESSION['lastActivity'] ?? time();
+$sessionLifetime = time() - $lastActivity;
+$status = $sessionLifetime >= RASPI_SESSION_TIMEOUT ? 'session_expired' : 'active';
+
+// send response
+header('Content-Type: application/json');
+header('Cache-Control: no-store, no-cache, must-revalidate, max-age=0');
+header('Expires: Thu, 01 Jan 1970 00:00:00 GMT');
+header('Pragma: no-cache');
+
+$response = [
+    'status' => $status,
+    'last_activity' => $lastActivity,
+    'session_lifetime' => $sessionLifetime,
+    'timeout_duration' => RASPI_SESSION_TIMEOUT
+];
+
+echo json_encode($response);
+exit();
+

From 3cf22a9cbbaea8bafd9b1784cc9ecaac4fd8569c Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 20 Jan 2025 00:52:28 -0800
Subject: [PATCH 07/30] Define RASPI_SESSION_TIMEOUT

---
 config/config.php     | 1 +
 includes/defaults.php | 1 +
 2 files changed, 2 insertions(+)

diff --git a/config/config.php b/config/config.php
index 2950632d..feaeecea 100755
--- a/config/config.php
+++ b/config/config.php
@@ -11,6 +11,7 @@ define('RASPI_CACHE_PATH', sys_get_temp_dir() . '/raspap');
 define('RASPI_ERROR_LOG', sys_get_temp_dir() . '/raspap_error.log');
 define('RASPI_DEBUG_LOG', 'raspap_debug.log');
 define('RASPI_LOG_SIZE_LIMIT', 64);
+define('RASPI_SESSION_TIMEOUT', 1440);
 
 // Constants for configuration file paths.
 // These are typical for default RPi installs. Modify if needed.
diff --git a/includes/defaults.php b/includes/defaults.php
index 3b918b58..e7c42cbd 100755
--- a/includes/defaults.php
+++ b/includes/defaults.php
@@ -16,6 +16,7 @@ $defaults = [
   'RASPI_ERROR_LOG' => sys_get_temp_dir() . '/raspap_error.log',
   'RASPI_DEBUG_LOG' => 'raspap_debug.log',
   'RASPI_LOG_SIZE_LIMIT' =>  64,
+  'RASPI_SESSION_TIMEOUT' => 1440,
 
   // Constants for configuration file paths.
   // These are typical for default RPi installs. Modify if needed.

From 866d8eb5b02b132f9332d8dea3e655d6b480f0c2 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 20 Jan 2025 00:53:26 -0800
Subject: [PATCH 08/30] Update w/ sessionTimeoutModal, lastActivity

---
 includes/footer.php | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/includes/footer.php b/includes/footer.php
index 38965fc6..c35a2fc2 100644
--- a/includes/footer.php
+++ b/includes/footer.php
@@ -1,3 +1,5 @@
+<?php $_SESSION['lastActivity'] = time(); ?>
+
  <div class="d-flex align-items-center justify-content-between small">
   <div class="text-muted">
     <span class="pe-2"><a href="/about">v<?php echo RASPI_VERSION; ?></a></span>  |
@@ -8,3 +10,19 @@
   </div>
 </div>
 
+<div class="modal fade" id="sessionTimeoutModal" tabindex="-1" aria-labelledby="sessionTimeoutLabel" aria-hidden="true">
+  <div class="modal-dialog modal-dialog-centered">
+    <div class="modal-content">
+      <div class="modal-header">
+        <div class="modal-title" id="sessionTimeoutLabel"><i class="fa fa-clock me-2"></i><?php echo _("Session Expired"); ?></div>
+      </div>
+      <div class="modal-body">
+        <?php echo _("Your session has expired. Please login to continue.") ?>
+      </div>
+      <div class="modal-footer">
+        <button type="button" id="js-session-expired-login" class="btn btn-outline btn-primary"><?php echo _("Login"); ?></button>
+      </div>
+    </div>
+  </div>
+</div>
+

From c51b520b8dec840c059f2bc20f1b682fc0f0a12a Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 20 Jan 2025 00:55:21 -0800
Subject: [PATCH 09/30] Decouple session from csrf handler, set initial
 lastActivity

---
 includes/csrf.php    | 1 -
 includes/session.php | 5 +++++
 index.php            | 1 +
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/includes/csrf.php b/includes/csrf.php
index bca935df..4e098e5b 100755
--- a/includes/csrf.php
+++ b/includes/csrf.php
@@ -1,7 +1,6 @@
 <?php
 
 require_once 'functions.php';
-require_once 'session.php';
 
 if (csrfValidateRequest() && !CSRFValidate()) {
     handleInvalidCSRFToken();
diff --git a/includes/session.php b/includes/session.php
index fe447f3d..12e45fec 100755
--- a/includes/session.php
+++ b/includes/session.php
@@ -3,3 +3,8 @@
 if (session_status() == PHP_SESSION_NONE) {
     session_start();
 }
+
+if (!isset($_SESSION['lastActivity'])) {
+    $_SESSION['lastActivity'] = time();
+}
+
diff --git a/index.php b/index.php
index c1d39e94..badd2762 100755
--- a/index.php
+++ b/index.php
@@ -23,6 +23,7 @@
  * as you leave these references intact in the header comments of your source files.
  */
 
+require 'includes/session.php';
 require 'includes/csrf.php';
 ensureCSRFSessionToken();
 

From 187041b0309cfae043d1bcb9e74e17b38d2291f3 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 20 Jan 2025 00:58:18 -0800
Subject: [PATCH 10/30] Add checkSession(), showSessionExpiredModal()

---
 app/js/custom.js | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/app/js/custom.js b/app/js/custom.js
index c33a5d5a..d63daa05 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -671,6 +671,28 @@ window.addEventListener('load', function() {
     });
 }, false);
 
+let sessionCheckInterval = setInterval(checkSession, 5000);
+
+function checkSession() {
+    $.get('ajax/session/do_check_session.php', function (data) {
+        if (data.status === 'session_expired') {
+            clearInterval(sessionCheckInterval);
+            showSessionExpiredModal();
+        }
+    }).fail(function (jqXHR, status, err) {
+        console.error("Error checking session status:", status, err);
+    });
+}
+
+function showSessionExpiredModal() {
+    $('#sessionTimeoutModal').modal('show');
+}
+
+$(document).on("click", "#js-session-expired-login", function(e) {
+    console.log('clicked!');
+    window.location.href = '/login';
+});
+
 // DHCP or Static IP option group
 $('#chkstatic').on('change', function() {
     if (this.checked) {

From 3f883a70de2757a56d23b3cf40206af0b5d938e7 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 21 Jan 2025 00:29:14 -0800
Subject: [PATCH 11/30] Initial commit

---
 includes/login.php  | 38 ++++++++++++++++++++++++++++++++++++++
 templates/login.php | 42 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 80 insertions(+)
 create mode 100644 includes/login.php
 create mode 100644 templates/login.php

diff --git a/includes/login.php b/includes/login.php
new file mode 100644
index 00000000..89374894
--- /dev/null
+++ b/includes/login.php
@@ -0,0 +1,38 @@
+<?php
+
+require_once 'includes/config.php';
+require_once 'includes/functions.php';
+
+/**
+ * Handler for administrative user login
+ */
+function DisplayLogin()
+{
+    // initialize auth object
+    $auth = new \RaspAP\Auth\HTTPAuth;
+
+    // handle page action
+    if (RASPI_AUTH_ENABLED) {
+        if (isset($_POST['login-auth'])) {
+            // authenticate user
+            $username = $_POST['username'];
+            $password = $_POST['password'];
+            $redirectUrl = $_POST['redirect-url'];
+            if ($auth->login($username, $password)) {
+                $config = $auth->getAuthConfig();
+                header('Location: ' . $redirectUrl);
+                die();
+            } else {
+                $status = "Login failed";
+            }
+        }
+    }
+
+    echo renderTemplate(
+        "login", compact(
+            "status",
+            "redirectUrl"
+        )
+    );
+}
+
diff --git a/templates/login.php b/templates/login.php
new file mode 100644
index 00000000..41d1f3f1
--- /dev/null
+++ b/templates/login.php
@@ -0,0 +1,42 @@
+
+<!-- fullscreen modal -->
+<div class="modal" id="modal-admin-login" data-bs-backdrop="static" data-bs-keyboard="false" role="dialog" aria-labelledby="ModalLabel" aria-hidden="true">
+  <div class="modal-dialog modal-fullscreen" role="document">
+    <div class="modal-content">
+      <div class="modal-body">
+        <div class="row h-100 justify-content-center align-items-center">
+          <div class="col-12">
+            <!-- branding -->
+            <div class="text-center mb-3">
+              <img src="app/img/raspAP-logo.php" class="navbar-logo" alt="RaspAP logo" class="img-fluid" style="max-width: 100px;">
+              <h2 class="login-brand">RaspAP</h2>
+              <div class="mt-2 admin-login"><?php echo _("Administrator login") ?></div>
+              <div class="text-center text-danger mt-1 mb-3"><?php echo $status ?></div>
+            </div>
+            <div class="text-center mb-4">
+              <form id="admin-login-form" action="login" method="POST" class="needs-validation" novalidate>
+              <?php echo CSRFTokenFieldTag() ?>
+                <div class="form-group">
+                  <input type="hidden" name="login-auth">
+                  <input type="hidden" id="redirect-url" name="redirect-url" value="<?php echo htmlspecialchars($redirectUrl, ENT_QUOTES, 'UTF-8'); ?>">
+                  <input type="text" class="form-control" id="username" name="username" placeholder="<?php echo _("Username") ?>" required>
+                </div>
+                <div class="mt-2">
+                  <div class="input-group has-validation">
+                    <input type="password" class="form-control rounded-start border-end-0 no-right-radius" id="password" name="password" placeholder="<?php echo _("Password") ?>" required>
+                    <button class="btn bg-white btn-passwd-append border-start-0 js-toggle-password" type="button" id="passwd-toggle" data-bs-target="[name=password]" data-toggle-with="fas fa-eye-slash text-secondary text-opacity-50">
+                      <i class="fas fa-eye text-secondary text-opacity-50"></i>
+                    </button>
+                  </div>
+
+                </div>
+                <button type="submit" class="btn btn-outline btn-admin-login rounded-pill w-75 mt-4"><?php echo _("Login") ?></button>
+                <div class="small mt-2"><a href="https://docs.raspap.com/authentication/#restoring-defaults" target="_blank"><?php echo _("Forgot password") ?></a></div>
+              </form>
+            </div>
+          </div><!-- /.col -->
+        </div><!-- /.row -->
+      </div><!-- /.modal-body -->
+    </div><!-- /.modal-content -->
+  </div><!-- /.modal-dialog -->
+</div>

From 792ce0c956a4c21fd1f88f35f3f66933f655dfc4 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 21 Jan 2025 00:29:59 -0800
Subject: [PATCH 12/30] Include login.php, buffer page output

---
 index.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/index.php b/index.php
index badd2762..3e060dc0 100755
--- a/index.php
+++ b/index.php
@@ -36,6 +36,7 @@ require_once 'includes/functions.php';
 
 // Default page actions
 require_once 'includes/dashboard.php';
+require_once 'includes/login.php';
 require_once 'includes/authenticate.php';
 require_once 'includes/admin.php';
 require_once 'includes/dhcp.php';
@@ -97,6 +98,7 @@ initializeApp();
 
   <body class="sb-nav-fixed">
     <!-- Navbar -->
+    <?php ob_start(); ?>
     <?php require_once 'includes/navbar.php'; ?>
     <!-- End of Navbar -->
     <div id="layoutSidenav">
@@ -124,6 +126,7 @@ initializeApp();
         </footer>
       </div>
     </div>
+    <?php ob_end_flush(); ?>
     <!-- jQuery -->
     <script src="dist/jquery/jquery.min.js"></script>
 

From 6dbdf89760718a6205a13568405b47904ca3a666 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 21 Jan 2025 00:30:40 -0800
Subject: [PATCH 13/30] Add DisplayLogin() page handler

---
 includes/page_actions.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/includes/page_actions.php b/includes/page_actions.php
index 2e406bf8..c9649792 100755
--- a/includes/page_actions.php
+++ b/includes/page_actions.php
@@ -70,6 +70,9 @@ function handleCorePageAction(string $page, array &$extraFooterScripts): void
         case "/about":
             DisplayAbout();
             break;
+        case "/login":
+            DisplayLogin();
+            break;
         default:
             DisplayDashboard($extraFooterScripts);
     }

From 6cb0be96b461a78ac24c64bbdadace8fff69f6c9 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 21 Jan 2025 00:31:49 -0800
Subject: [PATCH 14/30] Set data-bs-backdrop + data-bs-keyboard attributes

---
 includes/footer.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/includes/footer.php b/includes/footer.php
index c35a2fc2..b12c0f1c 100644
--- a/includes/footer.php
+++ b/includes/footer.php
@@ -1,6 +1,6 @@
 <?php $_SESSION['lastActivity'] = time(); ?>
 
- <div class="d-flex align-items-center justify-content-between small">
+<div class="d-flex align-items-center justify-content-between small">
   <div class="text-muted">
     <span class="pe-2"><a href="/about">v<?php echo RASPI_VERSION; ?></a></span>  |
     <span class="ps-2">Created by the <a href="https://github.com/RaspAP" target="_blank" rel="noopener">RaspAP Team</a></span>
@@ -10,7 +10,7 @@
   </div>
 </div>
 
-<div class="modal fade" id="sessionTimeoutModal" tabindex="-1" aria-labelledby="sessionTimeoutLabel" aria-hidden="true">
+<div class="modal fade" data-bs-backdrop="static" data-bs-keyboard="false" id="sessionTimeoutModal" tabindex="-1" aria-labelledby="sessionTimeoutLabel" aria-hidden="true">
   <div class="modal-dialog modal-dialog-centered">
     <div class="modal-content">
       <div class="modal-header">

From 111c9581a3d34c6ce132ea36e9dde6cc55cb5eaf Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 21 Jan 2025 00:33:24 -0800
Subject: [PATCH 15/30] Resolve hash_equals() error w/ expired csrf_token, add
 login redirect

---
 includes/functions.php | 35 +++++++++++++++++++----------------
 1 file changed, 19 insertions(+), 16 deletions(-)

diff --git a/includes/functions.php b/includes/functions.php
index 3099defc..01e985d6 100755
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -336,23 +336,26 @@ function CSRFMetaTag()
  */
 function CSRFValidate()
 {
-    if(isset($_POST['csrf_token'])) {
-        $post_token   = $_POST['csrf_token'];
-        $header_token = $_SERVER['HTTP_X_CSRF_TOKEN'] ?? null;
+    if (empty($_SESSION['csrf_token']) || !is_string($_SESSION['csrf_token'])) {
+        error_log('Session expired or CSRF token is missing.');
+        header('Location: /login');
+        exit;
+    }
 
-        if (empty($post_token) && is_null($header_token)) {
-            return false;
-        }
-        $request_token = $post_token;
-        if (empty($post_token)) {
-            $request_token = $header_token;
-        }
-        if (hash_equals($_SESSION['csrf_token'], $request_token)) {
-            return true;
-        } else {
-            error_log('CSRF violation');
-            return false;
-        }
+    $post_token = $_POST['csrf_token'] ?? null;
+    $header_token = $_SERVER['HTTP_X_CSRF_TOKEN'] ?? null;
+
+    if (empty($post_token) && is_null($header_token)) {
+        error_log('CSRF token missing in the request');
+        return false;
+    }
+    $request_token = $post_token ?: $header_token;
+
+    if (hash_equals($_SESSION['csrf_token'], $request_token)) {
+        return true;
+    } else {
+        error_log('CSRF token mismatch');
+        return false;
     }
 }
 

From effcb5e48e4ac92e084cdeee9b8114cb43a5e45f Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 21 Jan 2025 00:35:27 -0800
Subject: [PATCH 16/30] Add global styles for login page

---
 app/css/all.css | 54 +++++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 50 insertions(+), 4 deletions(-)

diff --git a/app/css/all.css b/app/css/all.css
index 7efc2f20..6b500ce2 100644
--- a/app/css/all.css
+++ b/app/css/all.css
@@ -10,6 +10,7 @@ License: GNU General Public License v3.0
   --raspap-content-main: #495057;
   --raspap-text-muted: #858796;
   --raspap-brand-color: #2b8080;
+  --raspap-offwhite: #faf9f6;
 }
 
 a {
@@ -306,16 +307,16 @@ button > i.fas {
 
 /* Font Awesome 5 brands */
 .fa-reddit {
-    color: #ff4500;
+  color: #ff4500;
 }
 .fa-twitter {
-    color: #55acee
+  color: #55acee
 }
 .fa-discord {
-    color: #7289da
+  color: #7289da
 }
 .fa-github {
-    color: #151b23
+  color: #151b23
 }
 
 @keyframes heart {
@@ -332,3 +333,48 @@ button > i.fas {
   animation: heart 1000ms infinite;
 }
 
+#modal-admin-login .modal-content {
+  background: rgb(8,55,55);
+  background: radial-gradient(circle, rgba(8,55,55,1) 50%, rgba(27,112,112,1) 100%);
+  align-items: center;
+}
+
+#modal-admin-login .modal-body {
+  min-width: 330px;
+}
+
+.login-brand {
+  color: var(--raspap-theme-color);
+  filter: brightness(150%);
+}
+
+.admin-login {
+  color: var(--raspap-offwhite);
+  font-size: 1.2em
+}
+
+.btn-admin-login {
+  color: var(--raspap-offwhite);
+  background-color: var(--raspap-theme-color);
+}
+
+.btn-admin-login:hover {
+  color: var(--raspap-offwhite);
+  background-color: #236969;
+}
+
+.no-right-radius {
+  border-top-right-radius: 0 !important;
+  border-bottom-right-radius: 0 !important;
+}
+
+.btn-passwd-append {
+  border: 1px solid #ced4da;
+}
+
+#passwd-toggle:active,
+#passwd-toggle:hover,
+#passwd-toggle:focus {
+  border: 1px solid #ced4da;
+}
+

From 9042ee8c011b32730e76901c8792918a130fe2de Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 21 Jan 2025 00:38:03 -0800
Subject: [PATCH 17/30] Pass redirectUrl as action to login

---
 app/js/custom.js | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/app/js/custom.js b/app/js/custom.js
index d63daa05..ce0bb712 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -674,6 +674,10 @@ window.addEventListener('load', function() {
 let sessionCheckInterval = setInterval(checkSession, 5000);
 
 function checkSession() {
+    // skip session check if on login page
+    if (window.location.pathname === '/login') {
+        return;
+    }
     $.get('ajax/session/do_check_session.php', function (data) {
         if (data.status === 'session_expired') {
             clearInterval(sessionCheckInterval);
@@ -689,8 +693,19 @@ function showSessionExpiredModal() {
 }
 
 $(document).on("click", "#js-session-expired-login", function(e) {
-    console.log('clicked!');
-    window.location.href = '/login';
+    const loginModal = $('#modal-admin-login');
+    const redirectUrl = window.location.pathname;
+    window.location.href = `/login?action=${encodeURIComponent(redirectUrl)}`;
+});
+
+// show modal login on page load
+$(document).ready(function () {
+    const params = new URLSearchParams(window.location.search);
+    const redirectUrl = $('#redirect-url').val() || params.get('action') || '/';
+    $('#modal-admin-login').modal('show');
+    $('#redirect-url').val(redirectUrl);
+    $('#username').focus();
+    $('#username').addClass("focusedInput");
 });
 
 // DHCP or Static IP option group

From bc23dfc1301756c7975069de3daa5b2add4ef85b Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 21 Jan 2025 04:55:56 -0800
Subject: [PATCH 18/30] Remove timeout_duration from response

---
 ajax/session/do_check_session.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/ajax/session/do_check_session.php b/ajax/session/do_check_session.php
index 401ea30c..757619a9 100644
--- a/ajax/session/do_check_session.php
+++ b/ajax/session/do_check_session.php
@@ -19,8 +19,7 @@ header('Pragma: no-cache');
 $response = [
     'status' => $status,
     'last_activity' => $lastActivity,
-    'session_lifetime' => $sessionLifetime,
-    'timeout_duration' => RASPI_SESSION_TIMEOUT
+    'session_lifetime' => $sessionLifetime
 ];
 
 echo json_encode($response);

From bc7d4ef1c17083fa9d5911a41f57a1479adce68e Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 21 Jan 2025 04:59:57 -0800
Subject: [PATCH 19/30] Include session in ajax handlers

---
 ajax/adblock/update_blocklist.php       | 1 +
 ajax/bandwidth/get_bandwidth.php        | 1 +
 ajax/bandwidth/get_bandwidth_hourly.php | 1 +
 ajax/logging/clearlog.php               | 1 +
 ajax/networking/do_sys_reset.php        | 1 +
 ajax/networking/get_all_interfaces.php  | 1 +
 ajax/networking/get_channel.php         | 1 +
 ajax/networking/get_frequencies.php     | 1 +
 ajax/networking/get_ip_summary.php      | 2 +-
 ajax/networking/get_netcfg.php          | 1 +
 ajax/networking/get_nl80211_band.php    | 1 +
 ajax/networking/get_wgcfg.php           | 1 +
 ajax/networking/get_wgkey.php           | 1 +
 ajax/networking/wifi_stations.php       | 1 +
 ajax/openvpn/activate_ovpncfg.php       | 1 +
 ajax/openvpn/del_ovpncfg.php            | 1 +
 ajax/system/sys_actions.php             | 1 +
 ajax/system/sys_chk_update.php          | 1 +
 ajax/system/sys_debug.php               | 1 +
 ajax/system/sys_get_logfile.php         | 1 +
 ajax/system/sys_perform_update.php      | 1 +
 ajax/system/sys_read_logfile.php        | 1 +
 22 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/ajax/adblock/update_blocklist.php b/ajax/adblock/update_blocklist.php
index 0084892d..46f7798e 100644
--- a/ajax/adblock/update_blocklist.php
+++ b/ajax/adblock/update_blocklist.php
@@ -1,6 +1,7 @@
 <?php
 
 require '../../includes/csrf.php';
+require_once '../../includes/session.php';
 require_once '../../includes/config.php';
 require_once '../../src/RaspAP/Auth/HTTPAuth.php';
 require_once '../../includes/authenticate.php';
diff --git a/ajax/bandwidth/get_bandwidth.php b/ajax/bandwidth/get_bandwidth.php
index 16e8b566..76ffb993 100644
--- a/ajax/bandwidth/get_bandwidth.php
+++ b/ajax/bandwidth/get_bandwidth.php
@@ -1,6 +1,7 @@
 <?php
 
 require '../../includes/csrf.php';
+require_once '../../includes/session.php';
 require_once '../../includes/config.php';
 require_once '../../src/RaspAP/Auth/HTTPAuth.php';
 require_once '../../includes/authenticate.php';
diff --git a/ajax/bandwidth/get_bandwidth_hourly.php b/ajax/bandwidth/get_bandwidth_hourly.php
index b0f9f3e6..f68b6e0a 100644
--- a/ajax/bandwidth/get_bandwidth_hourly.php
+++ b/ajax/bandwidth/get_bandwidth_hourly.php
@@ -1,6 +1,7 @@
 <?php
 
 require '../../includes/csrf.php';
+require_once '../../includes/session.php';
 require_once '../../includes/config.php';
 require_once '../../src/RaspAP/Auth/HTTPAuth.php';
 require_once '../../includes/authenticate.php';
diff --git a/ajax/logging/clearlog.php b/ajax/logging/clearlog.php
index 44273f94..ff052f56 100644
--- a/ajax/logging/clearlog.php
+++ b/ajax/logging/clearlog.php
@@ -1,6 +1,7 @@
 <?php
 
 require '../../includes/csrf.php';
+require_once '../../includes/session.php';
 require_once '../../includes/config.php';
 require_once '../../src/RaspAP/Auth/HTTPAuth.php';
 require_once '../../includes/authenticate.php';
diff --git a/ajax/networking/do_sys_reset.php b/ajax/networking/do_sys_reset.php
index 068c0d0a..b9df53cc 100644
--- a/ajax/networking/do_sys_reset.php
+++ b/ajax/networking/do_sys_reset.php
@@ -1,6 +1,7 @@
 <?php
 
 require_once '../../includes/config.php';
+require_once '../../includes/session.php';
 require_once '../../src/RaspAP/Auth/HTTPAuth.php';
 require_once '../../includes/authenticate.php';
 require_once '../../includes/session.php';
diff --git a/ajax/networking/get_all_interfaces.php b/ajax/networking/get_all_interfaces.php
index 0b304460..b88e987b 100644
--- a/ajax/networking/get_all_interfaces.php
+++ b/ajax/networking/get_all_interfaces.php
@@ -1,6 +1,7 @@
 <?php
 
 require '../../includes/csrf.php';
+require_once '../../includes/session.php';
 require_once '../../includes/config.php';
 require_once '../../src/RaspAP/Auth/HTTPAuth.php';
 require_once '../../includes/authenticate.php';
diff --git a/ajax/networking/get_channel.php b/ajax/networking/get_channel.php
index c5e21fb5..099f192a 100644
--- a/ajax/networking/get_channel.php
+++ b/ajax/networking/get_channel.php
@@ -1,6 +1,7 @@
 <?php
 
 require '../../includes/csrf.php';
+require_once '../../includes/session.php';
 require_once '../../includes/config.php';
 require_once '../../src/RaspAP/Auth/HTTPAuth.php';
 require_once '../../includes/authenticate.php';
diff --git a/ajax/networking/get_frequencies.php b/ajax/networking/get_frequencies.php
index e2ced448..53bb89a4 100644
--- a/ajax/networking/get_frequencies.php
+++ b/ajax/networking/get_frequencies.php
@@ -1,6 +1,7 @@
 <?php
 
 require '../../includes/csrf.php';
+require_once '../../includes/session.php';
 require_once '../../includes/config.php';
 require_once '../../src/RaspAP/Auth/HTTPAuth.php';
 require_once '../../src/RaspAP/Parsers/IwParser.php';
diff --git a/ajax/networking/get_ip_summary.php b/ajax/networking/get_ip_summary.php
index 545273f9..9f9b4cee 100644
--- a/ajax/networking/get_ip_summary.php
+++ b/ajax/networking/get_ip_summary.php
@@ -1,7 +1,7 @@
 <?php
 
 require '../../includes/csrf.php';
-
+require_once '../../includes/session.php';
 require_once '../../includes/functions.php';
 require_once '../../includes/config.php';
 require_once '../../src/RaspAP/Auth/HTTPAuth.php';
diff --git a/ajax/networking/get_netcfg.php b/ajax/networking/get_netcfg.php
index 5b7bf2e1..d05f2aae 100644
--- a/ajax/networking/get_netcfg.php
+++ b/ajax/networking/get_netcfg.php
@@ -1,6 +1,7 @@
 <?php
 
 require '../../includes/csrf.php';
+require_once '../../includes/session.php';
 require_once '../../includes/config.php';
 require_once '../../src/RaspAP/Auth/HTTPAuth.php';
 require_once '../../includes/authenticate.php';
diff --git a/ajax/networking/get_nl80211_band.php b/ajax/networking/get_nl80211_band.php
index 103dee7d..e293d705 100644
--- a/ajax/networking/get_nl80211_band.php
+++ b/ajax/networking/get_nl80211_band.php
@@ -1,6 +1,7 @@
 <?php
 
 require '../../includes/csrf.php';
+require_once '../../includes/session.php';
 require_once '../../includes/config.php';
 require_once '../../src/RaspAP/Auth/HTTPAuth.php';
 require_once '../../includes/authenticate.php';
diff --git a/ajax/networking/get_wgcfg.php b/ajax/networking/get_wgcfg.php
index e10f9c01..1479a919 100644
--- a/ajax/networking/get_wgcfg.php
+++ b/ajax/networking/get_wgcfg.php
@@ -1,6 +1,7 @@
 <?php
 
 require '../../includes/csrf.php';
+require_once '../../includes/session.php';
 require_once '../../includes/config.php';
 require_once '../../src/RaspAP/Auth/HTTPAuth.php';
 require_once '../../includes/authenticate.php';
diff --git a/ajax/networking/get_wgkey.php b/ajax/networking/get_wgkey.php
index 9e3ae791..d274e621 100644
--- a/ajax/networking/get_wgkey.php
+++ b/ajax/networking/get_wgkey.php
@@ -1,6 +1,7 @@
 <?php
 
 require '../../includes/csrf.php';
+require_once '../../includes/session.php';
 require_once '../../includes/config.php';
 require_once '../../src/RaspAP/Auth/HTTPAuth.php';
 require_once '../../includes/authenticate.php';
diff --git a/ajax/networking/wifi_stations.php b/ajax/networking/wifi_stations.php
index 5b9fc0cb..a17ebb32 100644
--- a/ajax/networking/wifi_stations.php
+++ b/ajax/networking/wifi_stations.php
@@ -1,6 +1,7 @@
 <?php
 
 require '../../includes/csrf.php';
+require_once '../../includes/session.php';
 require_once '../../includes/config.php';
 require_once '../../src/RaspAP/Auth/HTTPAuth.php';
 require_once '../../includes/authenticate.php';
diff --git a/ajax/openvpn/activate_ovpncfg.php b/ajax/openvpn/activate_ovpncfg.php
index ac0a33cf..066cd9f6 100644
--- a/ajax/openvpn/activate_ovpncfg.php
+++ b/ajax/openvpn/activate_ovpncfg.php
@@ -1,6 +1,7 @@
 <?php
 
 require '../../includes/csrf.php';
+require_once '../../includes/session.php';
 require_once '../../includes/config.php';
 require_once '../../src/RaspAP/Auth/HTTPAuth.php';
 require_once '../../includes/authenticate.php';
diff --git a/ajax/openvpn/del_ovpncfg.php b/ajax/openvpn/del_ovpncfg.php
index 23bf9799..1d6241aa 100644
--- a/ajax/openvpn/del_ovpncfg.php
+++ b/ajax/openvpn/del_ovpncfg.php
@@ -1,6 +1,7 @@
 <?php
 
 require '../../includes/csrf.php';
+require_once '../../includes/session.php';
 require_once '../../includes/config.php';
 require_once '../../src/RaspAP/Auth/HTTPAuth.php';
 require_once '../../includes/authenticate.php';
diff --git a/ajax/system/sys_actions.php b/ajax/system/sys_actions.php
index b5b09d10..dce18402 100644
--- a/ajax/system/sys_actions.php
+++ b/ajax/system/sys_actions.php
@@ -1,6 +1,7 @@
 <?php
 
 require '../../includes/csrf.php';
+require_once '../../includes/session.php';
 require_once '../../includes/config.php';
 require_once '../../src/RaspAP/Auth/HTTPAuth.php';
 require_once '../../includes/authenticate.php';
diff --git a/ajax/system/sys_chk_update.php b/ajax/system/sys_chk_update.php
index 2a177148..8fdd5a0c 100644
--- a/ajax/system/sys_chk_update.php
+++ b/ajax/system/sys_chk_update.php
@@ -1,6 +1,7 @@
 <?php
 
 require '../../includes/csrf.php';
+require_once '../../includes/session.php';
 require_once '../../includes/config.php';
 require_once '../../includes/defaults.php';
 
diff --git a/ajax/system/sys_debug.php b/ajax/system/sys_debug.php
index 43c3bed6..cc3a608b 100644
--- a/ajax/system/sys_debug.php
+++ b/ajax/system/sys_debug.php
@@ -1,6 +1,7 @@
 <?php
 
 require '../../includes/csrf.php';
+require_once '../../includes/session.php';
 require_once '../../includes/config.php';
 require_once '../../src/RaspAP/Auth/HTTPAuth.php';
 require_once '../../includes/authenticate.php';
diff --git a/ajax/system/sys_get_logfile.php b/ajax/system/sys_get_logfile.php
index 34de0f4c..0dc9f3b5 100644
--- a/ajax/system/sys_get_logfile.php
+++ b/ajax/system/sys_get_logfile.php
@@ -1,6 +1,7 @@
 <?php
 
 require '../../includes/csrf.php';
+require_once '../../includes/session.php';
 require_once '../../includes/config.php';
 require_once '../../src/RaspAP/Auth/HTTPAuth.php';
 require_once '../../includes/authenticate.php';
diff --git a/ajax/system/sys_perform_update.php b/ajax/system/sys_perform_update.php
index 74699360..b92320a5 100644
--- a/ajax/system/sys_perform_update.php
+++ b/ajax/system/sys_perform_update.php
@@ -1,6 +1,7 @@
 <?php
 
 require '../../includes/csrf.php';
+require_once '../../includes/session.php';
 require_once '../../includes/config.php';
 require_once '../../src/RaspAP/Auth/HTTPAuth.php';
 require_once '../../includes/authenticate.php';
diff --git a/ajax/system/sys_read_logfile.php b/ajax/system/sys_read_logfile.php
index 39fc8d83..defdd79a 100644
--- a/ajax/system/sys_read_logfile.php
+++ b/ajax/system/sys_read_logfile.php
@@ -1,6 +1,7 @@
 <?php
 
 require_once '../../includes/config.php';
+require_once '../../includes/session.php';
 require_once '../../src/RaspAP/Auth/HTTPAuth.php';
 require_once '../../includes/authenticate.php';
 

From 21b9feb0ef092afffc3afadc6e3a22366ab2e055 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 21 Jan 2025 05:14:18 -0800
Subject: [PATCH 20/30] Refactor auth method: http basic > user login

---
 includes/authenticate.php    | 10 ++--------
 src/RaspAP/Auth/HTTPAuth.php | 18 ++++--------------
 2 files changed, 6 insertions(+), 22 deletions(-)

diff --git a/includes/authenticate.php b/includes/authenticate.php
index bceac97d..401ab443 100755
--- a/includes/authenticate.php
+++ b/includes/authenticate.php
@@ -1,16 +1,10 @@
 <?php
 
 if (RASPI_AUTH_ENABLED) {
-    $user = $_SERVER['PHP_AUTH_USER'] ?? '';
-    $pass = $_SERVER['PHP_AUTH_PW'] ?? '';
-
     $auth = new \RaspAP\Auth\HTTPAuth;
 
     if (!$auth->isLogged()) {
-        if ($auth->login($user, $pass)) {
-            $config = $auth->getAuthConfig();
-        } else {
-            $auth->authenticate();
-        }
+        $auth->authenticate();
     }
 }
+
diff --git a/src/RaspAP/Auth/HTTPAuth.php b/src/RaspAP/Auth/HTTPAuth.php
index 9751075f..d32a36ad 100755
--- a/src/RaspAP/Auth/HTTPAuth.php
+++ b/src/RaspAP/Auth/HTTPAuth.php
@@ -15,12 +15,6 @@ namespace RaspAP\Auth;
 
 class HTTPAuth
 {
-
-    /**
-     * @var string $realm
-     */
-    public $realm = 'Authentication Required';
-
     /**
      * Stored login credentials
      * @var array $auth_config
@@ -57,15 +51,11 @@ class HTTPAuth
     public function authenticate()
     {
         if (!$this->isLogged()) {
-            header('HTTP/1.0 401 Unauthorized');
-            header('WWW-Authenticate: Basic realm="'.$this->realm.'"');
-            if (function_exists('http_response_code')) {
-                // http_response_code will respond with proper HTTP version
-                http_response_code(401);
-            } else {
-                header('HTTP/1.0 401 Unauthorized');
+            $redirectUrl = $_SERVER['REQUEST_URI'];
+            if (strpos($redirectUrl, '/login') === false) {
+                header('Location: /login?action=' . urlencode($redirectUrl));
+                exit();
             }
-            exit('Not authorized'.PHP_EOL);
         }
     }
 

From 9c4f8be363720bb3a698ed73f23b371b35062fb6 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 21 Jan 2025 05:22:22 -0800
Subject: [PATCH 21/30] Fix: include session

---
 includes/functions.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/includes/functions.php b/includes/functions.php
index 01e985d6..bb63c1ee 100755
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -1,3 +1,4 @@
+<?php require_once 'session.php'; ?>
 <?php
 /* Functions for Networking */
 

From 2b92d028f6071bcd51ecfac912274c0f6ecd0e0b Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 21 Jan 2025 05:23:19 -0800
Subject: [PATCH 22/30] Minor: define status + redirectUrl vars

---
 includes/login.php | 2 ++
 1 file changed, 2 insertions(+)
 mode change 100644 => 100755 includes/login.php

diff --git a/includes/login.php b/includes/login.php
old mode 100644
new mode 100755
index 89374894..e3084a27
--- a/includes/login.php
+++ b/includes/login.php
@@ -10,6 +10,8 @@ function DisplayLogin()
 {
     // initialize auth object
     $auth = new \RaspAP\Auth\HTTPAuth;
+    $status = null;
+    $redirectUrl = null;
 
     // handle page action
     if (RASPI_AUTH_ENABLED) {

From 0fd65fdbc2721f5e811e83773b900105d0e516bc Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 21 Jan 2025 05:23:42 -0800
Subject: [PATCH 23/30] Minor: mode change

---
 app/img/raspAP-logo.php  | 0
 app/img/wg-qr-code.php   | 0
 app/img/wifi-qr-code.php | 0
 includes/footer.php      | 0
 includes/restapi.php     | 0
 templates/login.php      | 0
 templates/restapi.php    | 0
 7 files changed, 0 insertions(+), 0 deletions(-)
 mode change 100644 => 100755 app/img/raspAP-logo.php
 mode change 100644 => 100755 app/img/wg-qr-code.php
 mode change 100644 => 100755 app/img/wifi-qr-code.php
 mode change 100644 => 100755 includes/footer.php
 mode change 100644 => 100755 includes/restapi.php
 mode change 100644 => 100755 templates/login.php
 mode change 100644 => 100755 templates/restapi.php

diff --git a/app/img/raspAP-logo.php b/app/img/raspAP-logo.php
old mode 100644
new mode 100755
diff --git a/app/img/wg-qr-code.php b/app/img/wg-qr-code.php
old mode 100644
new mode 100755
diff --git a/app/img/wifi-qr-code.php b/app/img/wifi-qr-code.php
old mode 100644
new mode 100755
diff --git a/includes/footer.php b/includes/footer.php
old mode 100644
new mode 100755
diff --git a/includes/restapi.php b/includes/restapi.php
old mode 100644
new mode 100755
diff --git a/templates/login.php b/templates/login.php
old mode 100644
new mode 100755
diff --git a/templates/restapi.php b/templates/restapi.php
old mode 100644
new mode 100755

From 259fac717f3188a5a51386c2828550011ded0faf Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 21 Jan 2025 05:35:34 -0800
Subject: [PATCH 24/30] Update static label with RASPI_BRAND_TEXT

---
 templates/login.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/login.php b/templates/login.php
index 41d1f3f1..57207245 100755
--- a/templates/login.php
+++ b/templates/login.php
@@ -9,7 +9,7 @@
             <!-- branding -->
             <div class="text-center mb-3">
               <img src="app/img/raspAP-logo.php" class="navbar-logo" alt="RaspAP logo" class="img-fluid" style="max-width: 100px;">
-              <h2 class="login-brand">RaspAP</h2>
+              <h2 class="login-brand"><?php echo htmlspecialchars(RASPI_BRAND_TEXT); ?></h2>
               <div class="mt-2 admin-login"><?php echo _("Administrator login") ?></div>
               <div class="text-center text-danger mt-1 mb-3"><?php echo $status ?></div>
             </div>

From 50ed5f9f4b9e061def0e775fb97422f4ccf9156e Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Tue, 21 Jan 2025 05:36:13 -0800
Subject: [PATCH 25/30] Update en_US locale w/ new msgs, compile .mo

---
 locale/en_US/LC_MESSAGES/messages.mo | Bin 42621 -> 43019 bytes
 locale/en_US/LC_MESSAGES/messages.po |  20 ++++++++++++++++++++
 2 files changed, 20 insertions(+)

diff --git a/locale/en_US/LC_MESSAGES/messages.mo b/locale/en_US/LC_MESSAGES/messages.mo
index fd8a0a6552a77a33ce2529228bd94e52e68d9042..d1c38e1f3fe2e4aea23d38c09db8dde0ac69c255 100644
GIT binary patch
delta 11399
zcmd7YhkuUO|Httw5+Vc<gb2+|B!U<TYHuP!B1Y{|BnXiplvuYtYqe5J?OJUqO>0$Y
zt=6c~qNr*qHA<^$RnhP3opbW|`4fKE<MFwlXI$f)&pFq9r@r6k$8*g&mCJqE-z(GM
z$d$`+N@0Yb<782;?^3Jd<gMg5;pl^@7=<CY8Vlkf^u{yj!b_MNpQA5&MmSD!^ut0J
zj;~^E%<DLAC(WKP8r#sZ02A;h^v5cd9Vb6F!61x7PfW&QI0W^8DX4)g!vI{1MQ}Ir
zAm;=Y#viab-ojv>?^LN`9uSX3>F9<rn1*`5P7KBqSOEXPP<)03v20ZWBT)nFi0U7T
z8rVBn8n@W~<JOxP!1EoiY9{qTSdw~eYX{T=Qc*V=Z_Pxdc(d)#!a~&dqcZRvDsvZY
z`(2Eu{v4ILHjySH3Fyv4LstsE_&SE+5LEjj+rA84)Hk9Ya0LDEG`7U6sF_!cGO3To
zSn5474mY9?K0=-ERA(PSOm*_Fk&mT8C(OZon2Dos6>9BE)G#wFhg#bjsFb(H?wE?o
z$WiMl^rwCfi{dR*CSPDQ7O1J6$5PegQzxFGK@Yxx8pwStjL%S+Dae-9K!Z>jsDx^-
zZf%V0S0@g&SH_^uUy2Rz18jshu{?&?G8s&8Q_zU|pkBX?n2d)|Gp}0Pq`n?%#yzZV
z)XdhP)^rDI0-vKYaoF}BM@{I8?f)H%QGbMbjorR=9OpWPYN!zh)ODPx7>3#dAEGY!
z1X&H|8{7U2H9*gLj`Io@!a%Hop%{bOBdMtC+^E+u3-uQ5!HQaiqZ9&Yc!*jG-})va
z!KfSeM_o7#OW-`)z5!j-52FTt1GQw2u{ipWcddCD)Ih7D9$X*WV=Ouztp9QfBPp+F
z$Skoa3)LCF##R{I*m1gGGLkiCzx7`nM!iN8vnST02C@Y;kiDo3oWdZyg3Q=?j+#(-
zQ!>l*ok$9rc}r9ZyP<9{0`=hOs7(BfTC*3Z8I^5jW?BW6!DtM|o~ZN3V-b80HL$Iy
zJ@O@L;K$Idjs|=mYOUi?o24UaK)q0FKMcKa2I@g?qRv}u>zh&MA4JXU2Xx^tsJF$V
zg}J{E>VAHxfrPbS{q-6}(jXh+Tx^Xc@dAe71JuldqK);e-7%8(v9`V$!>E6Ydd(i7
zQeUd2$w+N1L%lO<pcyU6e>n=1X$Z#+s2QF@4d4c9rnzFwuJ%REAPTj)Vo<MPXVi5m
zsHK~N%50`>Ux!+XJ(w3yp$2-vO+mX=J1rbaU|DQ}+U<#`{_z-snW%y7LLWSXdGIpk
z#_OmD{EiyX1Jr=>$C{LvMm;zjm2r1l3QAEAd%|ecuAPFqa1m-I>rpe_j(X4`)D4cI
zC!R-b%1hRpsLlKUy|G|x(;t8ua9LA#I~6Es^VCG8G6r=)Pt**OFdvRXT{r_Zpn0}^
z1!^FhP?_0|E<BCO#C_C^|3%%mY#Xx_6|ty(1sY}-9H#^7fdf&gcB7VHEo$a_P+uU&
zFc)4xU%Z6M;4O^6+;QeXQK<XXMNP0BDzk~G35-Nfp6^Vfpc&3Wjd&4y;d0c8Yp?)*
zf*Qz|s7#$iZN_VuAD?0=%oA_kk`OFUy%|=(!Kl5JY2Ar#jr>Ony6`bp!lG@>Uo4H$
zMZFj5LN{t)Yj7-Xz|t6!U<Td<HN#kRVRzKb$07UBnU7k+3s?((Ng)54d5LyrW+CWD
zJqpvY8EVaTpi;dL^|gH*wF&dJH`n>0ZXAqy&B8DV>)Q5JsPi{q3~olg{G3Pa$-f>@
zw}WYDiW<OlEQpJ-2(HIMxEr;}j-t-HjwA7r?N8}w&L4*bXkUQJ*a{5CwYL2@>i!qq
z6!^h%ZlTsb>^1Y+RYl#P32N=yqLwBDtKd2;f@iQW-bCH-DQZGKolNQrqXu3MmFXI`
z-pJ~1OMz>g-l!3NhAzB}8u@=%2EF)6%pM?Crd}1bBt20N9)x;O22R9Ts0Zfb7fb^z
zhMG`$EQU4Fhb`r_rl1R7vnM23(^0#65^AP%kqeyFs2hHWy5Se72OUEV=o}WsUr_^o
zf*PPlSJUrjEsg$q|0`0^4H}>x7=snDBkHYiTi-*ab{A^1eTDw`4QfU|Vj%v7x=;RY
zW`M;}0}DmHZBeKR$E#iMe=iEU(O}d_C!l6J7rWzPtb>1JJXWSL8pmM^Jb-Ly$EOFs
zoY=#<5p}-@*a$s)I!<G3hOKZay8BQ#K_L#S^)i2-Pe9%HFiu6^-h4aaLZr#Ljv7ew
z*UfACHV&fh&CS~4aO9TGe$-OA`kL1-3RSO-TGH6Q<X<D~MT6FC2r4y`Q7L>2OX3RD
z=G=wl@G6!@?|$Znp{OOPg}S~WDx>kJrR{@}n1Xt3SD=>a<9=@Qpd&PB0B2D*x{caA
zf1%d)DQX~oiRMqTN~rUuVieB7Fx-p9@j7ZC&ry4(0N+MlSPV6>lBf)XxhVuusEcK>
z6DoxnwtfU7sNb;$_BZE8qaM%~^%e}rc{mZPW1#`&!Oc+jZ;jP(0B*-6r~$d#4m2a~
zXiY(NOhs+NS=a#IMy2vJdgCSQHOxi*4%YN=oIf#~dMFzr72`1kzd$YZ71Z_j(53hP
z35DD=1P(T@NiZsf5vUn9$5*i<=EXU-e-XB!{t+hNKd3d2O))9%iJEybdg3(HQqDr%
ze<gbB{og?$fQEgjH93cR&~4Oi{TrKO?jh!9H5T(zAB5U7Z(t10K|SCM2IFlkfcZ#6
zD3(BFpdo6h<1mQlJ3}exgf~$m`vkSSkLm=xY4u7o19f33+H0XUWk+io7NkBKb)R>w
z+fW%kV*5{GA?laWt+n`rf>QU$cK8f6?{^?7bpufuNx?ig5`A$ThT$yRzSXwxKo{)?
zQTM-&es~vK;tSNoqKA=xrM~Yl)(tZ-4iBO>pZ{=kK`D%)o`@RxVpRVI%!k`>6z)MS
zO^tMOUSrh#6HqB1fZcI6DkHz8lYbTN(BO~vQEQregh^#djHX@zvzH2W-aXWVJx7{>
z6h!Tn5~$2nL=ChSDg!NTds}M{jG#T)O+lOG9n=NeQLo!!Y=mBKn7`qgqf(fH8qj#u
z9yo}}cm*}{)}+COol!F$ZC!>%sqaNC>G!A!xPPFa3|zG*+(f1Jxjn&qwAt1EsP{M=
zuVWk3fTJ?ZZ$wkn-uN1e;R&pc*KB)<F=l|l_zLZnFi=U2r4UL(B5H=SQ5P;lZMu`F
z*XTS}#NRLg3y(ER5su18J=BdSqpn+xCGZ2=egIw6uc8L-IZjK)q86c0oQ6=;>(c<0
z$~LG6cft199~}>Vgpk#7c8@pzUQlg<`S*ffu@&w0xMvrfhPCmswfIEypWO+lJ+U7P
z(dQhcpv`j;m4Q1LgwIhk4xD6W)Et%CIMgQWhosPX19klZ)PvWcGVw2J$x2Q(6KaT>
zXe=s&ebF6EA%lW0co&P{PE?AHqc+JU<c)N0*!Hed%vvX-_R3JyfX1K(I2ZLBvKIBA
zji~eX+4>RG`M*pd|5~fRX>j2)RBB33H4g|y-7o?*kfx~DE6&;t=TaYlCGjDKq2Dy~
zR@Jh0wvNI``WM^!5v`FfxJ5&GT{zvOzBVc&9kC3iqXwFZ<!}Xt;{ntR@1O?YIm68K
z6%3^wj+#I`YHuZ?Uc+?Mbu--*w00{|Dc@#0zCta<dDMgNU>H6`tzoH|W&ky?EcKqK
z-98c3|1O5$Hq^k*qL$zu=E0|!8{HnW%mchpBl1HHs5~m=bx;p(j!OMt)aD#*`xl`$
z?Ml>jTTv6)kDBp!s0Up^U4H{T@d5Id@%wKIj@N9noBhz66Dp!!!zk2<8`^pc)aGf2
zN@XJI{0!6tCSg8Yg1T-kYCs>@_T8v~9Kw=%|G%T)qTw#)#e#FpjEkdg+z_=C(WnP@
zv!<aQI2D!ZWvC_Chno3$)c3~?%!Ln84}OBmVD2~B*n0oVP|$<oQ8(;_n&A*sYA2#*
zun?8H)tC?0p$5Day>J)myuGLgpFj=d5^CVTqc)>nnfwrd?ot%WQqcE6BP@@-u>#IO
zZLV$BGpLb2MqO8Ap81c`YN$V0dY}u(psrhn8rWVOiw98WHJWb*-g7?r*9`m9;KEU;
znJ>Xs_#tWyA7U+hhMIYe1!iWAP}j#}I`&3o@_Y2fA5p)iH&L4~Y@xX>0(IYd3(3FM
zwkZus*vWS6L0xbFWAF$zL;ttT13IDVz0eQWU_s16-ETh@!gHwC?>E$W9&el94u4et
zOg9BxumlU>N2rwT#&Fzc+i#*C@CfT;?nNerO|dZb)~M@yqLywjR>DlIf?r_~yoWm9
zE7RQ19Y8@T3q^mdj2c;ERH_qfy}NZVzDE04)BsPT3!kC}9`ug+#&n@JXH%?<tx-#o
zfttv4<T-99lfpzA)}bC4w%Cj?5;db{SPa{t4-P;LaG33%WSx)N)yq*c-Gn;-3)GCi
zM&0iM>Nz*iSMUFQ3Pox74>jVVOUwvMqedKIt%J%?H0lOjQ4dVSiZ~SYRxGpbL}m6Y
zYP0=>y8aq!LXR;}?|*@J&5g>VMpzy7;3lZoEgm)FLAHGi>P9nAsa%Sh=_c%sSy%@P
zE#+Elh0(YKTj0;w9z&Or|JD>nQ;-KyH}reY{P7u#jj8v>R=5iL;BAb<Hp|VQ=SxvH
zzKT;Ze1-Y<g3Z{Ay2na0kk>Jt`o}m3LspUhwiM>AGXG$38MRjRSDV)_9#!v%TGRfh
z0ggc}*(_9MR-l$*3zo#)sLgp6%i#+wjUj8y{hFYbq{ABWuN!ouK`9-CTHEm$i8E2}
z?QRUjW2gsRM-AXF)Q$42HG8K3YHb5h1Bt*c*b;T#DvZJn7={<!6pB;uc;5^p5VdJ4
zpch7>9{4IM15GgqJ7HNIj>=%BtzX9o>Uq~0YogBYi<;;J)E=9M^U(bsh3XV4tv3(u
zjk;g}R>LW{9X~}c9K68{c&K$Is(lq|6RyJs_%SMzchMW4Se=dL*Dx=7=>5+*D%gT%
zQ-z+3gpP)U9-t$Yw!cyTXN9TwDRtgjr!{_$!-+R2|3qj~IY)i!UsHJ(*AhBz60hoi
z|Lc%lH6JZt^h<TkK<oG?7yXPgh_l2Cq6BRZ?9C=p&pF0Y_=5IHwl5j;(6++Xzr`a&
zQPnm7ycC9_j_#DT<3CX+#}I?F*VcRCEusqT<MA^*M~t-Ry@nqU&uo1kdf98$be<??
z>n_UfTYS_fn$UQc$VYUhKA+HWkoYRQWIjsMKawa#w4|w-?dyoI(dJ3qCVr<Li8;q6
z3bky#F?KLz&7VIGsq`k=o5t+64=C@Vv=ciK(<nE`kMT=<i_pf*ISx~JPMcoiBgD^?
zwZruG<QyHT`x3v=5U>86{l^zt_VIgmqpeta&^CqgAmZUmU8^X+pl=#+kElb;Cq5?H
z(>IBTB_>cmg!>5{e-c%RR<uuX^KqX_0P*tig!XYXTqVAue1TX=j3#Om|I)q<R}m{I
z>z#guxI=tM+@L+@_=ds~TMxlT)W5Wy+4;XtqaUH~>gx7H_4g#+rv5$guWff>1ERRC
z>%49Rzd6oX+S(BrL=<s@wlP?MI8DS7S7@7xUtnwHzXp}dRCHXUTnf8lIx&;jLo6fo
zy?+P4BlPQbfY335*iM^{VT1?Y4LQeF+QX>Kz{*4;d*0`?m885#>)(}19F_h=J<1b^
zoMRDf!-;alKQw-1JH}W~(VlZ0qg;{jA)e598LJY-C_h6TdGHYN4)GTCEn5G7i0f4J
zL-QNu=eQ34CQef3CnEcJY87Yb%fL5@7&X}AZQMg7(cgubMGPed*#5`X)A$YT?p73n
zC|tsgI38ceYJ`r%_&P2iUL^vlx53G%Ob@f?)x(R_ui^^)8cz`Vm8?a)LOBSF6P*bC
z_^j6Y_onbGo#EIJ7ZOD%>zG4qCCbp&jd=M8v-PGlrW1vzw<T7;bl!WE9~1E}U-(kF
zrM~||IpLhW=vzAHQoe^zZJW-2M;{y)h*V;M?Q2K*Jmvi_oqLn=547jT4fyhrK;<Fr
zk$6oVdjF;qzC;fq=eW;FyNSHEVVyM?gJ~~~DYmT=^^KJ4+Ipz<Bigk_`|u>OTy>5t
zqC|Fy=O3dGXDdfJ;U~&I#Cm)308FG_o5)Z3DC#&)xh9cC<Q&nqJR1{;Ep+T9ezfhm
z@E2SD9G95+o6FnK@Q7GWb*5=@{=#IU2GQKMi88i48ygc%h))O|qqv8T3b>f~i&#Uw
zJn?`iLVXjFNjdxZe?U#5GBKD~N`w%9aFSlnoFkAzAL2h^H{nfmrhh%oCH|v)3L6kQ
zVyM4Q<Q%stjG&%q+m5S4>pzefMf^xiw4H-6oG441j_H(l;@#{TU(M885KD<9+6oa-
zL|y8?ppIxm_UAG_57M^-(}?$pfz;grd~Bwoqc2g7c!Ow4`z}JqXSjyQZK_T`t2b@s
zi4DXV+g6rxKO*PYW(#SweMlT23jbffJNrMKa!!^hboR#~_$D!r$Ru)(6BHihRIL8=
zd)RZz(KeX!WZSoyazUb*?f(J0(>IH#l>L)uPmG|WFX2i3SKF4uCECBE5<!fk{3-50
z9a_RJ#6n^YZGDKbwlAx2@~6294@pi<P9HJ6&xo|)u9UO^$*EaoDyIkd4oDl}8rmm4
zeN@`;#H`548F~EMsME>*boK9(oRXB7wQ1&<`~}j}lhaaNEk+Mb9!`^M(Kf%Ru4yBO
zyV8?P&%i$Et|Zf2#g&kf)F(a3JjgX7&DAe0bwqON$fT^3?{D$Qx-{UH=l`bx{SSw8
BwyFRC

delta 11009
zcmZ|TcYIFg|Htu@h!{zTh>*m%$q*xmU9n<>7!k3n2&tN_8N0pJXzf|8+M6oANYR=_
zDXki%h+1E&W=oV-mG<{~-`ADzqyPNQqaV-Db)D;+bFFjVxjX%|_sbLB?yEsQ3mlFY
zUXD{-7Id7o-i~v*lxiJkaCygx!6En-F2V@RSHW=#U@Ydry6D0tm>YYeKMug6I10J7
zGY4zp3e4*`Zs&q+a2;E5;u)r3(~6E0gdd_GeuCk+19RaSEP_9v9&jJkkzBEk6M}xo
z1DrBg2rFO{tcM!g1oY$i&MJ~%Dz;#AJdC=re<jnf3<gkcgi)A+1#kqG!O5tOZ9tv>
z3e}-|SOUE(oAWMfT~r4<V{xAE3?d1`8P@e!fbt>Kjm}u_qNdiXiaDPL3sMe2jXWAP
zW0h=u0wz;#i<+?&s2N#<zPK6P{v@A~MB_nw;ts0*A-eDd>H#I<948Q?uo>1wjr<+d
zh!$ZB+=i|31?IyRRZaW$$bZff{!zzIRb~Fw;2IVA@h*<UC#W?aSj{vXg?hjg)RZsB
zu6PJFBPFXFBQc0_dDN2DL(OC=CSp(2jBh}-i>X0L500;4dYXuZD5s!ipcksAgHSWz
zw)O8@KS1`Kvl2_;NmTn^u^#@74X|!a$0>{BP&2p&)uA1363=Ug{iq17Wkx;`U6f~|
zM!eN}7K17Oj#^W{+GYR+Q8N*SI`2ZwYz=$90T!X$0`>Z);VpDeB2ka~zv4KPa13g5
z{DZo{w~pg5%T94reF|!6I$=pn$55PrQMd#(!b7O*&Z0J5o_O;X1tK3IPDu>WY9x_p
zEz(d^G7NR&-KYz*uo&L3^?#v@a#&r{@p#mdwZx*>4YlSOsE$rTy}olW6_=so<v7`x
zq22J9h1yPC-};OS!&$H-9EP27A2LZ!NJC>A971^tYEL{z&7gOJ=|~W21|l&WYoJEl
z7B!%8sF|INK|J4COrj~=f*Q#&)PpafW};dnvu3HN5sg5NbOJJk&LS*@+feP#U}1cO
z>X=Vsvqyqa9WRAi%DL#)CRs?LC0K>(*$(u<Z&438jcRw>ma|dq^YVGB5rv}*BT+Nb
z6!n1CsQa}?y=DDTZ&ikMLKEhHCKa=(2*VOh%?D9!)QEam-PYw8NBsd?&c<lUh1fWH
zy=tSTJPkDy<FGU?Ms;)_M&eP7!TX8KzeX6`%yggvYNUx6g(;{Jj6iLw8K~E5G3vUl
zs3rRvHPu<R{w`_>^o61a2V*prKrLMpjKSC3BxOh@V=>%-YH$!EFbg#^FHs#UmSm>3
z4Cba>4)bDVREKJ#I@AU=<vmdk9*COy`KTFMVb8nwl4!Snjk@q6Y9#kiBYuv#FkcI^
z`2wt=s7)J%d9Z=4Z-%~<+u8D~sJ-$AYUW0x+Rs8d>~=mR$xp>*)P<j;I&i?&pF;Kg
z5^5%HqYJ%TnvqAKMpzMb<94X2?}~chAnPR541J86*{xVi@BcXxjr14P2gM8Y#{8|!
zg9A`g7KRnECh9@ys2dJIjc@{LCKsRvunskIJ25}*MlID5^ud!@kmoyRN%Y{GsE%Z#
zdamzKZN4JthZV3m)<V4<?XfHl$8xv?wU>@s@1i>HpKPv+!3va{qW&-$f^HYdY!Y3#
z71gt|I2JFW8n$m^dOj32!m;SW8K{wOMz)FbC29%tr_f0(gc^Ag7Qprxi0L>Cho><A
zn#wy=_~Rqg*XB#q?v8J3E=)k(I0dz~ov=3!u=Qt9?JpuPigOhkW7$-*R0B}uVHk+J
zP#rp!%KYnw7pN$R_febdFWWGroxUWv5$gO>RQt^sfCo`Cb_!$goUMO}dVpVhzWXr@
zwf3E`5T>E7AL=I2+Kor8%|@(*=dm#6?qDtmMcuFhYR2kd5H><}tOIJQd)xA0<UeOT
z|EOc<(S`q@I_&CbJ{jFnB<fi+jKvhxQoMtD;B?dj7U6i@h<Z?kPNriuQ6p)NMX)30
z!-1&lM%eT3SwBE+=2gf5-Od&gU2q6BH78Ivyo!3z15}6pz+m*@t5F>eMRl+Y>U^BF
zK5AxKqOR|bdSE{+j~S@9XoW}Ce;<ja^b%^5-9X*oE^0(CP@i-`UCfOtqB>X`_25L*
zYt{}m;z73Fjk?baR7aPi2D$~i;^+8^-v8iN&EM(Cm`HgkHpQPX70c7QCBAJvj=Euy
z*UTT6k=T&(>zIUVu_r#n*4Vb2`SW`@>b|#e62^9C{@JL`b`t(`e0!LV^u}S7Kg0eQ
zlg1Yc&PT3wZlabdfv4!TYlkX#L2cRrs1CYOOEwENGpkWck%?h=peO6E-Fb<MNX*sC
zeBi{OZkUK#lFq0b^gvDNAk^AUz&M<Vdan;)D4s?==pL#AzoYKsmu~h>5Nc_|)0uzu
zB#sJ}*=dDpxE8D8CXB{wSQLF<HytU7+B22V2Wz4p7>}BPW*ClLu?&tx&EO(izK0bl
z2e^Biqz>wWKB$pSL~XM9I15*z9$4iK)2=pFq1+yK;$-x}x_wMX6RcfO^+QmbZv@uE
z@u(Se?<dJaa@=|by(wp54KMyb0BVVX`kCMV@fbmQBWjILVjjGLF1&@g(U*;*x5FPb
zbD^k##bHfMKwe|FGs-r27h7@SV@$!HQEOdmfSKABs2S>rxo{|I4M(6JFay<*H5h`M
zP@fZrQG4kGHo>b{3L^&UzN~*^5^a(;*c@L+-FP#q;bGKL+{7r%Mvc7an`UjJQ5{P{
zo$rn6&~z+;tL^!N)+?wE{)wL7|AB9rO&Du!j(R{k>PADY(@;~p3Jc%{)RgW*jr?oW
zjGeOeH!zv<W7Lc#3^Fs)6n!Ztqv!X32a;$idf5|G(Vy}hbm3Ce1NNg{v!mDyFQ7(V
zYOonmJhq^mimh=e=EM7__D@l7RlOmm<AaAV|7tLviu^bYN8$qX!+@ctVJK?K%AsDT
zhS(L;Q8RMDdIW<ge~Vhut5^Vk!$kDvQ;ijOl2GlA52K_9U#3DGxs8P|8#M#DhMNuq
zqGrH_s*kbOz>1U`q4vrkEQqsFui0{JfLE|AmdG$O*c8>Fj&73TBukMu$Jvb<dE^K)
z^;J+KZfhNm!IVEjt?4Gz0JfrLVvjw45H+Cl_WX4$Lis-G_4Q(!Z=pMiL_PK!Wxf=`
zQJZ50>VoxH4fomlY*YuIVM+8EZ9Z}%Fp6?L48(NQb;D7w;RX!AZCD-;V2D=Z9*Ne%
zYmAwaVAPGfqAnbR#c-mnUxF^mdr%#}j9Rh>sJG>B)S8EkH64vYJva_iu>m@Ku+2ly
z@BjJZ%<unvZ=2u$dohVN!S9&wgzi|I@-FKmWPdv4*gM)2i%}g}jp|4yY6gyAIG#t1
z_%UigCB~bXjYiM!|GFfhoM?l(K|kz_W3eQjL#^3wsHrddt{G_rGKEe&mcmq2`=MAE
z=b}2c7PUuqpgR5~YKf~(VE(m9ULnyEG)Ap?N7R?bK-2?<pxRBb<$0*~pP)vx7hQM+
zH6uTx9`Gybeos*y@SAAfo)BxqMAm;MC#p~phWjxZvrr?_pDEI1ZHRG{(`<Pjs{MA<
z>y?F?a<9o|CQ4vw%5_m4?T(Sy2V-!?WVadN4l2}v6R45i#wg52jiBgzW>dwYUcb7i
znQ4n!vc9OP9%JjLp_X7J>cKlO8uz0%=`B<TUb;!jkVL<4c6k!2K`)HJF{q9$Lv`#6
z^u@!N8^1w4;54d3S*Q*@LQT2%6!YK!)CX5})C?t{&bzyjXt(x7T{s#wlIf_|Xffu(
zji}AH#kw1{X^&zayl(67pgQ=(mj6QSl{{0;%!Q%aS4KMQc50ERC&{P_yP!IdX6px|
zdOj946I0NIt1&Nrh0*vO>c&q{Q~v_BRDsisQK%WJgPPg4==uGhL86h)LVZvyMQ{8R
z_24b2DcghktiOPIkk52;Lx0o=BTzG06E%QlsF~}8`LQdi!*8Gu4noiG|KTKh@FY}6
z=AnAN61Dkuq92|>eOFvWy%kTfEEbtzenZwn?WI1}X{e5GMqPItE8x$lKTLvn_1rF!
zDkQqFEvje3aV(BTHGGQddEr@RgvHTCITkhYWK6=Is3rUqYvFd($nRkRe2SVOpV{X3
zMUmO8zov3375+FE>)|rg?!Jt=@CNF}*{HRBhP}~$j;SAtYCjsAqZ=FJG1UG2=bCab
z22$>fx^KU^y#Ko4C@Ko#4AdrDVjJ$l49dss`TFxr`(zBDz87l724f6n*!pFt2W-N+
zxCb?Z&#(}B%{SK<c9WE&qBLr4T4E&}iG^_;>Vn;<8=gRo=tm5~o2ZWej+$!U4@|ib
zcA#7u)v=N2!WF0vA4GjJx{s2mXLm3bvr$V?YJquRMbrc0aXhv}J?I3gV;4{}aTkl=
zAD9mVJ~Y=AMV&8et$}`&8)IR;|7}QgK|1P&Z=x=6qaHL9)uDwLjB8OH-i?}(!}k35
z)@!Jld4Rh9AJhZ$e`LOfLr`x+f=AZBJBg-rENYWYMBQK-YD7y>pLCh18-0iBU>2%l
zw^6Uz6VyxvE;RKn)O})69c_pjXdCQ`UC{IUe+Nl26%R2H>wj#1r%%RI%HLv3EV;<o
zA9cf>*Z_}UL(IL{yoQO`lkyyFjgPSzHe6!vI|V0EK8c>+|LvBV-~a1T9r0ae-p>x$
zpYm~RgVmRt-~W?POLYVF+C8!5=g68m{wqueU8p6ijGCDys2OaJVVJgp_1EqkOGPBE
zL4DvHM?K&+YDxY?-N0FCrZf<>wh<VIl~C_>8fvMApdK_G)q#&t_t}KnJDI4Z-Mi9l
zdh$ILovHZ6HcVV)eyOy^XzIsfQCyGe$N|)zIfZ(iE}$NG88riUFdScC87#Ki%wRmK
zJRK|I7Pn1)L|u?~jd?&MYLivRS=b2mz%!_JSy%<1;!ccSYdUfT)zKT)=e9m*o!NXv
zQJ=7-Q8Vc7L82S?w+=;b%45(Ab-YUQ2{E5|VyZm<eoFasvg4@ZZ=#wfGykO7dX?G{
zd^9*$sEZ-qBl>u;{`aZW?mR^3=tz9v$(VK;{Yrih&tPjji+73D<mIpzYE5+{5|fF2
z)aljSi*twzlCqAk$gg`c{log}s6}X}|H4Uam?+{W^52MPLa$p>T!9@39lI$H#-E8w
zgo_wQL=%-bcZc|ks7{#|>wm`=WYwv!M>KHrPb+)s`~NjD|LaA?xBgY9^fbZi>|7v*
zaBVNlKpmS5PH|hlP5Dck`{G!8UR)(cQRmif{Euqv(FOTDabDz9SeMuv?ZP%hQ9?U7
z=XfJ0!S=*5+rBvY9ijp85p_*)3ZbL4)<4KLJc17iFI(<m+BpBk>4ZK?$8l~gG0C?1
z#%h~7rzvlsP*H8LJF)U#Z61+#Aa+q7K~(dy>z_>JAH;p4C-In*uM)k<%i_1hL!vX~
zoy0qYj?s7t_h2?ou=P5Zb2KEWZ|gT$_fgl9JipfeJqknZiLw|>q*JG36Zv=e6jym_
z_}s>Kh)-?V7bg&Wgn0gj*lO$RSVbwKBlq~m)~z5fP451VM8{1$Xj12~t$RfIn$6R#
zWl){|jC1efU-p`J$qx{%h`z+z#1Djyw!{)*2jx+C6z39rueqJvwh{Ht1M;7+1ol-0
z#}VRV+hz^=5&dj=p|u>=A%@d7gy>@H&tYxKH*haLC)Se>!vI{6v;K`Jd_tv;jYJj7
zImc(@Gi;f^C7fr(aLTud_QX`87Li3<C3IZGB1BbNet~&xuJf14kK;&9<v@~fd$PRF
za-6Z{Lgew}@8db0;7Fp}6@6@*g4Q>wOCX9-u8(<$TjYg_(d1VM9j{QHYf{Ipufd!n
zlH?6e>e!AqFoT##o`UCzJw!=jEzyMfn#4LHj7XwR$3lZsin@v9xo`-6O_U&75Y4G`
z>HQC+pkpd=jLJCTF434+MCh1??TDX=G|D@PSbJ^@xsHL9mlFF4AIh(xz6s-r|B}Cr
zi}4iEhkOm8{pW;GkwEx)D$M_YRQeS$llse88$Tp;_@n-;s*KZZo$9L)t0-@?b-5{T
zBoD_KgpT=y=MNd2MfA}6=N!Yxd*>7|mT3I1veLS?{SNXi<e@|}VjATW#8z@|;xKu6
z{8IHemN-O=r<`;AM&kMWyGL@3=uZP3`LH`NPi5jcagnsJPI4p@zf<=vJ|+GkUJ{e3
z`wyX`jlnr=%d;@c*0msiM!aU9@2QTnC&f{sAMq`X8WK9T6JbOq@fLMeaWj!~q*B+7
z*iA)V?2KcG0^~ZL;Mc@9Q*<ih0gXSEq?@g5ON0D2FGPNp(BW<H{Fb|A^K8zoBVTXJ
z2W?vwU$J#VtzthhfapZK=J+SRsr8>id{5~3lX&3C%-{M=$w%08^T<PqOv*91lF%`m
z@{hzZQ*>S@|AP34@?e~em+%MFdjCSyAR4J$jDK{Dp}|f395)jY#7xSGcuEa8>Jh&a
z1E?FJ3VSTW0Gmf~?gK(c3NFV^o|5@zIdy-K)+BP}?C&2bT<1g}5lQ??lq7mmKZrO_
zo)5d?N#b>K9Tmt2d1d-m*y){lI(BeKW=fL`-^`0GM*C&<?6@T`vvHpVx&NONo4o!H
DI1EYP

diff --git a/locale/en_US/LC_MESSAGES/messages.po b/locale/en_US/LC_MESSAGES/messages.po
index 95fa1281..8a9c0a63 100644
--- a/locale/en_US/LC_MESSAGES/messages.po
+++ b/locale/en_US/LC_MESSAGES/messages.po
@@ -1566,3 +1566,23 @@ msgstr "Restarting restapi.service"
 msgid "Information provided by restapi.service"
 msgstr "Information provided by restapi.service"
 
+#: includes/login.php
+
+msgid "Session Expired"
+msgstr "Session Expired"
+
+msgid "Your session has expired. Please login to continue."
+msgstr "Your session has expired. Please login to continue."
+
+msgid "Login"
+msgstr "Login"
+
+msgid "Administrator login"
+msgstr "Administrator login"
+
+msgid "Forgot password"
+msgstr "Forgot password"
+
+msgid "Login failed"
+msgstr "Login failed"
+

From ec0dd304ee09a27b482566c16bb7af3d54d4faa0 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 22 Jan 2025 00:11:22 -0800
Subject: [PATCH 26/30] Add csrf token check, destroy session on timeout

---
 ajax/session/do_check_session.php | 5 +++++
 app/js/custom.js                  | 3 ++-
 2 files changed, 7 insertions(+), 1 deletion(-)
 mode change 100644 => 100755 ajax/session/do_check_session.php

diff --git a/ajax/session/do_check_session.php b/ajax/session/do_check_session.php
old mode 100644
new mode 100755
index 757619a9..35460050
--- a/ajax/session/do_check_session.php
+++ b/ajax/session/do_check_session.php
@@ -10,6 +10,11 @@ $lastActivity = $_SESSION['lastActivity'] ?? time();
 $sessionLifetime = time() - $lastActivity;
 $status = $sessionLifetime >= RASPI_SESSION_TIMEOUT ? 'session_expired' : 'active';
 
+if ($status = 'session_expired') {
+    session_unset(); // unset all session variables
+    session_destroy(); // destroy the session
+}
+
 // send response
 header('Content-Type: application/json');
 header('Cache-Control: no-store, no-cache, must-revalidate, max-age=0');
diff --git a/app/js/custom.js b/app/js/custom.js
index ce0bb712..a3380e15 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -678,7 +678,8 @@ function checkSession() {
     if (window.location.pathname === '/login') {
         return;
     }
-    $.get('ajax/session/do_check_session.php', function (data) {
+    var csrfToken = $('meta[name=csrf_token]').attr('content');
+    $.post('ajax/session/do_check_session.php',{'csrf_token': csrfToken},function (data) {
         if (data.status === 'session_expired') {
             clearInterval(sessionCheckInterval);
             showSessionExpiredModal();

From cd3fde71e30e37f4f54e71ef4c99808ee349c995 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 22 Jan 2025 00:35:52 -0800
Subject: [PATCH 27/30] Revise login background gradient

---
 app/css/all.css | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/app/css/all.css b/app/css/all.css
index 6b500ce2..59f43cbb 100644
--- a/app/css/all.css
+++ b/app/css/all.css
@@ -334,8 +334,7 @@ button > i.fas {
 }
 
 #modal-admin-login .modal-content {
-  background: rgb(8,55,55);
-  background: radial-gradient(circle, rgba(8,55,55,1) 50%, rgba(27,112,112,1) 100%);
+  background: radial-gradient(circle at 120% -20%, #032626, #052c2c, #073232, #0a3838, #0d3f3f, #114545, #144c4c);
   align-items: center;
 }
 

From 2ca7448bd3ffc934f41ef9a3a2e2e0f5114096c4 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 22 Jan 2025 00:46:00 -0800
Subject: [PATCH 28/30] Define RASPI_BRAND_TITLE, replace static title

---
 config/config.php     | 1 +
 includes/defaults.php | 1 +
 index.php             | 2 +-
 3 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/config/config.php b/config/config.php
index feaeecea..17c40cb4 100755
--- a/config/config.php
+++ b/config/config.php
@@ -1,6 +1,7 @@
 <?php
 
 define('RASPI_BRAND_TEXT', 'RaspAP');
+define('RASPI_BRAND_TITLE', RASPI_BRAND_TEXT.' Admin Panel');
 define('RASPI_CONFIG', '/etc/raspap');
 define('RASPI_CONFIG_NETWORK', RASPI_CONFIG.'/networking/defaults.json');
 define('RASPI_CONFIG_PROVIDERS', 'config/vpn-providers.json');
diff --git a/includes/defaults.php b/includes/defaults.php
index e7c42cbd..98f56a73 100755
--- a/includes/defaults.php
+++ b/includes/defaults.php
@@ -6,6 +6,7 @@ if (!defined('RASPI_CONFIG')) {
 
 $defaults = [
   'RASPI_BRAND_TEXT' => 'RaspAP',
+  'RASPI_BRAND_TITLE' => RASPI_BRAND_TEXT.' Admin Panel',
   'RASPI_VERSION' => '3.2.4',
   'RASPI_CONFIG_NETWORK' => RASPI_CONFIG.'/networking/defaults.json',
   'RASPI_CONFIG_PROVIDERS' => 'config/vpn-providers.json',
diff --git a/index.php b/index.php
index 3e060dc0..32c86af9 100755
--- a/index.php
+++ b/index.php
@@ -65,7 +65,7 @@ initializeApp();
     <meta name="description" content="">
     <meta name="author" content="">
 
-    <title><?php echo _("RaspAP WiFi Configuration Portal"); ?></title>
+    <title><?php echo RASPI_BRAND_TITLE; ?></title>
 
     <!-- Bootstrap Core CSS -->
     <link href="dist/bootstrap/css/bootstrap.min.css" rel="stylesheet">

From 42b6c8fce3b0f4969e960281ffbee6e19be278fc Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 22 Jan 2025 07:38:36 -0800
Subject: [PATCH 29/30] Fix: correctly evaluate session status

---
 ajax/session/do_check_session.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ajax/session/do_check_session.php b/ajax/session/do_check_session.php
index 35460050..cdd0d4ac 100755
--- a/ajax/session/do_check_session.php
+++ b/ajax/session/do_check_session.php
@@ -10,7 +10,7 @@ $lastActivity = $_SESSION['lastActivity'] ?? time();
 $sessionLifetime = time() - $lastActivity;
 $status = $sessionLifetime >= RASPI_SESSION_TIMEOUT ? 'session_expired' : 'active';
 
-if ($status = 'session_expired') {
+if ($status === 'session_expired') {
     session_unset(); // unset all session variables
     session_destroy(); // destroy the session
 }

From eb25142e034f018675971e9dd2733cdfd7b462df Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 22 Jan 2025 23:52:05 -0800
Subject: [PATCH 30/30] Update release version

---
 README.md             | 2 +-
 includes/defaults.php | 2 +-
 index.php             | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 584f9a25..d6bff4c3 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,5 @@
 ![](https://i.imgur.com/xeKD93p.png)
-[![Release 3.2.4](https://img.shields.io/badge/release-v3.2.4-green)](https://github.com/raspap/raspap-webgui/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Join Insiders](https://img.shields.io/static/v1?label=Insiders&message=%E2%9D%A4&logo=GitHub&color=ff69b4)](https://github.com/sponsors/RaspAP) [![Build Status](https://app.travis-ci.com/RaspAP/raspap-webgui.svg?branch=master)](https://app.travis-ci.com/RaspAP/raspap-webgui) [![Crowdin](https://badges.crowdin.net/raspap/localized.svg)](https://crowdin.com/project/raspap) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Reddit](https://img.shields.io/badge/%2Fr%2FRaspAP-e05d44?style=flat&logo=Reddit&logoColor=white&labelColor=e05d44&color=b14835)](https://reddit.com/r/RaspAP) [![Discord](https://img.shields.io/discord/642436993451819018?color=7289DA&label=Discord&logo=discord&style=flat)](https://discord.gg/KVAsaAR)
+[![Release 3.2.5](https://img.shields.io/badge/release-v3.2.5-green)](https://github.com/raspap/raspap-webgui/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Join Insiders](https://img.shields.io/static/v1?label=Insiders&message=%E2%9D%A4&logo=GitHub&color=ff69b4)](https://github.com/sponsors/RaspAP) [![Build Status](https://app.travis-ci.com/RaspAP/raspap-webgui.svg?branch=master)](https://app.travis-ci.com/RaspAP/raspap-webgui) [![Crowdin](https://badges.crowdin.net/raspap/localized.svg)](https://crowdin.com/project/raspap) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Reddit](https://img.shields.io/badge/%2Fr%2FRaspAP-e05d44?style=flat&logo=Reddit&logoColor=white&labelColor=e05d44&color=b14835)](https://reddit.com/r/RaspAP) [![Discord](https://img.shields.io/discord/642436993451819018?color=7289DA&label=Discord&logo=discord&style=flat)](https://discord.gg/KVAsaAR)
 
 
 RaspAP is feature-rich wireless router software that _just works_ on many popular [Debian-based devices](#supported-operating-systems), including the Raspberry Pi. Our popular [Quick installer](#quick-installer) and [Docker container](#docker-support) create a known-good default configuration for all current Raspberry Pis with onboard wireless. A fully responsive, mobile-ready interface gives you control over the relevant services and networking options. Advanced DHCP settings, WireGuard and OpenVPN support, [SSL certificates](https://docs.raspap.com/ssl/), security audits, [captive portal integration](https://docs.raspap.com/captive/), themes and [multilingual options](https://docs.raspap.com/translations/) are included.
diff --git a/includes/defaults.php b/includes/defaults.php
index 98f56a73..4ed1860d 100755
--- a/includes/defaults.php
+++ b/includes/defaults.php
@@ -7,7 +7,7 @@ if (!defined('RASPI_CONFIG')) {
 $defaults = [
   'RASPI_BRAND_TEXT' => 'RaspAP',
   'RASPI_BRAND_TITLE' => RASPI_BRAND_TEXT.' Admin Panel',
-  'RASPI_VERSION' => '3.2.4',
+  'RASPI_VERSION' => '3.2.5',
   'RASPI_CONFIG_NETWORK' => RASPI_CONFIG.'/networking/defaults.json',
   'RASPI_CONFIG_PROVIDERS' => 'config/vpn-providers.json',
   'RASPI_CONFIG_API' => RASPI_CONFIG.'/api',
diff --git a/index.php b/index.php
index 32c86af9..50eeec73 100755
--- a/index.php
+++ b/index.php
@@ -14,7 +14,7 @@
  * @author  Lawrence Yau <sirlagz@gmail.com>
  * @author  Bill Zimmerman <billzimmerman@gmail.com>
  * @license GNU General Public License, version 3 (GPL-3.0)
- * @version 3.2.4
+ * @version 3.2.5
  * @link    https://github.com/RaspAP/raspap-webgui/
  * @link    https://raspap.com/
  * @see     http://sirlagz.net/2013/02/08/raspap-webgui/