1
0
mirror of https://github.com/billz/raspap-webgui.git synced 2023-10-10 13:37:24 +02:00

Merge pull request #494 from JohnTheNerd/master

Properly locked down the back-end in monitoring mode
This commit is contained in:
Bill Zimmerman 2020-02-15 00:05:32 +01:00 committed by GitHub
commit c0af41a53b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 174 additions and 154 deletions

View File

@ -1,5 +1,7 @@
<?php <?php
require_once 'config.php';
/** /**
* Show dashboard page. * Show dashboard page.
*/ */
@ -146,6 +148,7 @@ function DisplayDashboard(&$extraFooterScripts)
} }
if (!RASPI_MONITOR_ENABLED) {
if (isset($_POST['ifdown_wlan0'])) { if (isset($_POST['ifdown_wlan0'])) {
// Pressed stop button // Pressed stop button
if ($interfaceState === 'UP') { if ($interfaceState === 'UP') {
@ -174,6 +177,7 @@ function DisplayDashboard(&$extraFooterScripts)
} else { } else {
$status->addMessage(sprintf(_('Interface is %s.'), strtolower($interfaceState)), $classMsgDevicestatus); $status->addMessage(sprintf(_('Interface is %s.'), strtolower($interfaceState)), $classMsgDevicestatus);
} }
}
echo renderTemplate("dashboard", compact( echo renderTemplate("dashboard", compact(
"status", "status",

View File

@ -1,6 +1,7 @@
<?php <?php
include_once('includes/status_messages.php'); include_once('includes/status_messages.php');
require_once 'config.php';
/** /**
* *
@ -11,6 +12,7 @@ function DisplayDHCPConfig()
{ {
$status = new StatusMessages(); $status = new StatusMessages();
if (!RASPI_MONITOR_ENABLED) {
if (isset($_POST['savedhcpdsettings'])) { if (isset($_POST['savedhcpdsettings'])) {
$errors = ''; $errors = '';
define('IFNAMSIZ', 16); define('IFNAMSIZ', 16);
@ -76,10 +78,12 @@ function DisplayDHCPConfig()
$status->addMessage('Dnsmasq configuration failed to be updated.', 'danger'); $status->addMessage('Dnsmasq configuration failed to be updated.', 'danger');
} }
} }
}
exec('pidof dnsmasq | wc -l', $dnsmasq); exec('pidof dnsmasq | wc -l', $dnsmasq);
$dnsmasq_state = ($dnsmasq[0] > 0); $dnsmasq_state = ($dnsmasq[0] > 0);
if (!RASPI_MONITOR_ENABLED) {
if (isset($_POST['startdhcpd'])) { if (isset($_POST['startdhcpd'])) {
if ($dnsmasq_state) { if ($dnsmasq_state) {
$status->addMessage('dnsmasq already running', 'info'); $status->addMessage('dnsmasq already running', 'info');
@ -105,6 +109,7 @@ function DisplayDHCPConfig()
$status->addMessage('dnsmasq already stopped', 'info'); $status->addMessage('dnsmasq already stopped', 'info');
} }
} }
}
$serviceStatus = $dnsmasq_state ? "up" : "down"; $serviceStatus = $dnsmasq_state ? "up" : "down";

View File

@ -2,6 +2,7 @@
include_once('includes/status_messages.php'); include_once('includes/status_messages.php');
include_once('app/lib/system.php'); include_once('app/lib/system.php');
require_once 'config.php';
/** /**
* *
@ -25,6 +26,7 @@ function DisplayHostAPDConfig()
$managedModeEnabled = false; $managedModeEnabled = false;
exec("ip -o link show | awk -F': ' '{print $2}'", $interfaces); exec("ip -o link show | awk -F': ' '{print $2}'", $interfaces);
if (!RASPI_MONITOR_ENABLED) {
if (isset($_POST['SaveHostAPDSettings'])) { if (isset($_POST['SaveHostAPDSettings'])) {
SaveHostAPDConfig($arrSecurity, $arrEncType, $arr80211Standard, $interfaces, $status); SaveHostAPDConfig($arrSecurity, $arrEncType, $arr80211Standard, $interfaces, $status);
} elseif (isset($_POST['StartHotspot'])) { } elseif (isset($_POST['StartHotspot'])) {
@ -44,6 +46,7 @@ function DisplayHostAPDConfig()
$status->addMessage($line, 'info'); $status->addMessage($line, 'info');
} }
} }
}
exec('cat '. RASPI_HOSTAPD_CONFIG, $hostapdconfig); exec('cat '. RASPI_HOSTAPD_CONFIG, $hostapdconfig);
exec('iwgetid '. RASPI_WIFI_CLIENT_INTERFACE. ' -r', $wifiNetworkID); exec('iwgetid '. RASPI_WIFI_CLIENT_INTERFACE. ' -r', $wifiNetworkID);

View File

@ -1,6 +1,7 @@
<?php <?php
include_once('includes/status_messages.php'); include_once('includes/status_messages.php');
require_once 'config.php';
/** /**
* *
@ -10,6 +11,7 @@ include_once('includes/status_messages.php');
function DisplayOpenVPNConfig() function DisplayOpenVPNConfig()
{ {
$status = new StatusMessages(); $status = new StatusMessages();
if (!RASPI_MONITOR_ENABLED) {
if (isset($_POST['SaveOpenVPNSettings'])) { if (isset($_POST['SaveOpenVPNSettings'])) {
if (isset($_POST['authUser'])) { if (isset($_POST['authUser'])) {
$authUser = strip_tags(trim($_POST['authUser'])); $authUser = strip_tags(trim($_POST['authUser']));
@ -31,6 +33,7 @@ function DisplayOpenVPNConfig()
$status->addMessage($line, 'info'); $status->addMessage($line, 'info');
} }
} }
}
exec('pidof openvpn | wc -l', $openvpnstatus); exec('pidof openvpn | wc -l', $openvpnstatus);
exec('wget https://ipinfo.io/ip -qO -', $return); exec('wget https://ipinfo.io/ip -qO -', $return);

View File

@ -1,6 +1,7 @@
<?php <?php
include_once('includes/status_messages.php'); include_once('includes/status_messages.php');
require_once 'config.php';
/** /**
* *
@ -72,6 +73,7 @@ function DisplaySystem()
} }
} }
if (!RASPI_MONITOR_ENABLED) {
if (isset($_POST['SaveServerPort'])) { if (isset($_POST['SaveServerPort'])) {
if (isset($_POST['serverPort'])) { if (isset($_POST['serverPort'])) {
if (strlen($_POST['serverPort']) > 4 || !is_numeric($_POST['serverPort'])) { if (strlen($_POST['serverPort']) > 4 || !is_numeric($_POST['serverPort'])) {
@ -85,12 +87,20 @@ function DisplaySystem()
} }
} }
} }
if (isset($_POST['system_reboot'])) {
$status->addMessage("System Rebooting Now!", "warning", false);
$result = shell_exec("sudo /sbin/reboot");
}
if (isset($_POST['system_shutdown'])) {
$status->addMessage("System Shutting Down Now!", "warning", false);
$result = shell_exec("sudo /sbin/shutdown -h now");
}
}
if (isset($_POST['RestartLighttpd'])) { if (isset($_POST['RestartLighttpd'])) {
$status->addMessage('Restarting lighttpd in 3 seconds...','info'); $status->addMessage('Restarting lighttpd in 3 seconds...','info');
exec('sudo /etc/raspap/lighttpd/configport.sh --restart'); exec('sudo /etc/raspap/lighttpd/configport.sh --restart');
} }
exec('cat '. RASPI_LIGHTTPD_CONFIG, $return); exec('cat '. RASPI_LIGHTTPD_CONFIG, $return);
$conf = ParseConfig($return); $conf = ParseConfig($return);
$ServerPort = $conf['server.port']; $ServerPort = $conf['server.port'];
@ -118,14 +128,5 @@ function DisplaySystem()
'el_GR.UTF-8' => 'Ελληνικά' 'el_GR.UTF-8' => 'Ελληνικά'
); );
if (isset($_POST['system_reboot'])) {
$status->addMessage("System Rebooting Now!", "warning", false);
$result = shell_exec("sudo /sbin/reboot");
}
if (isset($_POST['system_shutdown'])) {
$status->addMessage("System Shutting Down Now!", "warning", false);
$result = shell_exec("sudo /sbin/shutdown -h now");
}
echo renderTemplate("system", compact("arrLocales", "status", "system", "ServerPort")); echo renderTemplate("system", compact("arrLocales", "status", "system", "ServerPort"));
} }

View File

@ -2,6 +2,10 @@
require_once 'config.php'; require_once 'config.php';
require_once RASPI_CONFIG.'/raspap.php'; require_once RASPI_CONFIG.'/raspap.php';
if (RASPI_MONITOR_ENABLED) {
die();
};
session_start(); session_start();
header('X-Frame-Options: SAMEORIGIN'); header('X-Frame-Options: SAMEORIGIN');
header("Content-Security-Policy: default-src 'none'; frame-src 'self'; connect-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'"); header("Content-Security-Policy: default-src 'none'; frame-src 'self'; connect-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'");