1
0
mirror of https://github.com/billz/raspap-webgui.git synced 2023-10-10 13:37:24 +02:00

Add RASPI_AUTH_ENABLED flag to config #280

This commit is contained in:
billz 2022-12-12 12:44:20 +01:00
parent e5778ba01c
commit d76984517c
2 changed files with 17 additions and 12 deletions

View File

@ -29,10 +29,13 @@ define('RASPI_LIGHTTPD_CONFIG', '/etc/lighttpd/lighttpd.conf');
define('RASPI_ACCESS_CHECK_IP', '1.1.1.1'); define('RASPI_ACCESS_CHECK_IP', '1.1.1.1');
define('RASPI_ACCESS_CHECK_DNS', 'one.one.one.one'); define('RASPI_ACCESS_CHECK_DNS', 'one.one.one.one');
// Constant for the 5GHz wireless regulatory domain // Constants for the 5GHz wireless regulatory domain.
define('RASPI_5GHZ_ISO_ALPHA2', array('NL','US')); define('RASPI_5GHZ_ISO_ALPHA2', array('NL','US'));
define('RASPI_5GHZ_MAX_CHANNEL', 165); define('RASPI_5GHZ_MAX_CHANNEL', 165);
// Enable basic authentication for the web admin.
define('RASPI_AUTH_ENABLED', true);
// Optional services, set to true to enable. // Optional services, set to true to enable.
define('RASPI_WIFICLIENT_ENABLED', true); define('RASPI_WIFICLIENT_ENABLED', true);
define('RASPI_HOTSPOT_ENABLED', true); define('RASPI_HOTSPOT_ENABLED', true);

View File

@ -5,9 +5,9 @@ $pass = $_SERVER['PHP_AUTH_PW'] ?? "";
require_once RASPI_CONFIG.'/raspap.php'; require_once RASPI_CONFIG.'/raspap.php';
$config = getConfig(); $config = getConfig();
$validated = ($user == $config['admin_user']) && password_verify($pass, $config['admin_pass']); if (RASPI_AUTH_ENABLED) {
$validated = ($user == $config['admin_user']) && password_verify($pass, $config['admin_pass']);
if (!$validated) { if (!$validated) {
header('WWW-Authenticate: Basic realm="RaspAP"'); header('WWW-Authenticate: Basic realm="RaspAP"');
if (function_exists('http_response_code')) { if (function_exists('http_response_code')) {
// http_response_code will respond with proper HTTP version back. // http_response_code will respond with proper HTTP version back.
@ -15,6 +15,8 @@ if (!$validated) {
} else { } else {
header('HTTP/1.0 401 Unauthorized'); header('HTTP/1.0 401 Unauthorized');
} }
exit('Not authorized'.PHP_EOL); exit('Not authorized'.PHP_EOL);
}
} else {
$validated = true;
} }