g/cyberchallenge-modem
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update webpanel; added auth

Browse Source
This commit is contained in:
Giulio 2020-09-19 19:22:12 +02:00
parent 0e54eb8c85
commit 81e40e6015
5 changed files with 23 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
buildroot/configs/tiesse_tgr_defconfig
View File

@ -46,7 +46,7 @@ BR2_PACKAGE_HOST_UBOOT_TOOLS_FIT_SUPPORT=y
BR2_PACKAGE_BUSYBOX_CONFIG="board/tiesse/tgr/busybox.config" BR2_PACKAGE_BUSYBOX_CONFIG="board/tiesse/tgr/busybox.config"
BR2_GLOBAL_PATCH_DIR="board/tiesse/tgr/packages-patches/" BR2_GLOBAL_PATCH_DIR="board/tiesse/tgr/packages-patches/"
BR2_RELRO_FULL=y BR2_RELRO_FULL=y
BR2_TARGET_GENERIC_HOSTNAME="cros" BR2_TARGET_GENERIC_HOSTNAME="ccos"
BR2_TARGET_GENERIC_ISSUE="1337 Linux" BR2_TARGET_GENERIC_ISSUE="1337 Linux"
BR2_TARGET_ENABLE_ROOT_LOGIN=y BR2_TARGET_ENABLE_ROOT_LOGIN=y
BR2_TARGET_GENERIC_ROOT_PASSWD="###ROOTPASSWORD###" BR2_TARGET_GENERIC_ROOT_PASSWD="###ROOTPASSWORD###"

14
webpanel/includes/auth.php Normal file
View File

@ -0,0 +1,14 @@
<?php
$http_username = $_SERVER['PHP_AUTH_USER'];
$http_password = $_SERVER['PHP_AUTH_PW'];
$auth = (hash_equals($http_password, $password));
if (!$auth) {
header('WWW-Authenticate: Basic realm="ccOS Web Panel"');
header('HTTP/1.0 401 Unauthorized');
die ("Not authorized");
}
?>

7
webpanel/includes/config.php
View File

@ -1,7 +1,10 @@
<?php <?php
$site = "crOS"; $site = "ccOS";
$flag = "###FLAG1###"; $flag = "###FLAG1###";
$interface = "wlan0"; $interface = "ap0";
$blacklist = array(';', '#', '(', ')', '|', '&', ' ', "\t", '<', '>'); $blacklist = array(';', '#', '(', ')', '|', '&', ' ', "\t", '<', '>');
$password = file_get_contents("/etc/wpa");
require_once("auth.php");
?> ?>

12
webpanel/index.php
View File

@ -39,12 +39,12 @@ require_once("includes/nav.php");
</tr> </tr>
</tbody> </tbody>
</table> </table>
<?php /*
<h3>Client List</h3> <h3>Client List</h3>
<?php $leases = file_get_contents('/var/log/dhcpd.leases'); ?> <?php $leases = file_get_contents('/var/log/dhcpd.leases'); ?>
<pre> <pre>
<?php echo $leases ?> <?php echo $leases ?>
</pre> </pre>
<?php /*
<table class="table"> <table class="table">
<thead> <thead>
<tr> <tr>
@ -59,16 +59,6 @@ require_once("includes/nav.php");
<td>00:11:22:AA:BB:CC</td> <td>00:11:22:AA:BB:CC</td>
<td>desktop-ab2846ad</td> <td>desktop-ab2846ad</td>
</tr> </tr>
<tr>
<td>192.168.77.2</td>
<td>00:11:22:AA:BB:DD</td>
<td>android-deadbeef</td>
</tr>
<tr>
<td>192.168.77.4</td>
<td>00:11:22:AA:BB:EE</td>
<td>windows-laptop</td>
</tr>
</tbody> </tbody>
</table>*/ ?> </table>*/ ?>
</div> </div>

2
webpanel/update.php
View File

@ -6,7 +6,7 @@ require_once("includes/nav.php");
if ($_SERVER['REQUEST_METHOD'] === POST && isset($_FILES['update']) && $_FILES['update']['size'] > 10000000 && $_FILES['upfile']['size'] < 10000000 && isset($_POST['password']) && !empty($_POST['password'])) { if ($_SERVER['REQUEST_METHOD'] === POST && isset($_FILES['update']) && $_FILES['update']['size'] > 10000000 && $_FILES['upfile']['size'] < 10000000 && isset($_POST['password']) && !empty($_POST['password'])) {
move_uploaded_file($_FILES['file']['tmp_name'], '/tmp/update.tgz.cc'); move_uploaded_file($_FILES['file']['tmp_name'], '/tmp/update.tgz.cc');
exec("/usr/bin/sudo clearpassword='".escapeshellarg($_POST['password'])."' /update.sh", $result); exec("/usr/bin/sudo key='".escapeshellarg($_POST['password'])."' /update.sh", $result);
} }
?> ?>