From d76984517c4e29e8af3751134d6cb361bdbb1c65 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Mon, 12 Dec 2022 12:44:20 +0100
Subject: [PATCH] Add RASPI_AUTH_ENABLED flag to config #280

---
 config/config.php         |  5 ++++-
 includes/authenticate.php | 24 +++++++++++++-----------
 2 files changed, 17 insertions(+), 12 deletions(-)

diff --git a/config/config.php b/config/config.php
index d4f9266e..4589092d 100755
--- a/config/config.php
+++ b/config/config.php
@@ -29,10 +29,13 @@ define('RASPI_LIGHTTPD_CONFIG', '/etc/lighttpd/lighttpd.conf');
 define('RASPI_ACCESS_CHECK_IP', '1.1.1.1');
 define('RASPI_ACCESS_CHECK_DNS', 'one.one.one.one');
 
-// Constant for the 5GHz wireless regulatory domain
+// Constants for the 5GHz wireless regulatory domain.
 define('RASPI_5GHZ_ISO_ALPHA2', array('NL','US'));
 define('RASPI_5GHZ_MAX_CHANNEL', 165);
 
+// Enable basic authentication for the web admin.
+define('RASPI_AUTH_ENABLED', true);
+
 // Optional services, set to true to enable.
 define('RASPI_WIFICLIENT_ENABLED', true);
 define('RASPI_HOTSPOT_ENABLED', true);
diff --git a/includes/authenticate.php b/includes/authenticate.php
index af2eb307..3059ff42 100755
--- a/includes/authenticate.php
+++ b/includes/authenticate.php
@@ -5,16 +5,18 @@ $pass = $_SERVER['PHP_AUTH_PW'] ?? "";
 require_once RASPI_CONFIG.'/raspap.php';
 $config = getConfig();
 
-$validated = ($user == $config['admin_user']) && password_verify($pass, $config['admin_pass']);
-
-if (!$validated) {
-    header('WWW-Authenticate: Basic realm="RaspAP"');
-    if (function_exists('http_response_code')) {
-        // http_response_code will respond with proper HTTP version back.
-        http_response_code(401);
-    } else {
-        header('HTTP/1.0 401 Unauthorized');
+if (RASPI_AUTH_ENABLED) {
+    $validated = ($user == $config['admin_user']) && password_verify($pass, $config['admin_pass']);
+    if (!$validated) {
+        header('WWW-Authenticate: Basic realm="RaspAP"');
+        if (function_exists('http_response_code')) {
+            // http_response_code will respond with proper HTTP version back.
+            http_response_code(401);
+        } else {
+            header('HTTP/1.0 401 Unauthorized');
+        }
+        exit('Not authorized'.PHP_EOL);
     }
-
-    exit('Not authorized'.PHP_EOL);
+} else {
+    $validated = true;
 }