Update webpanel; added auth

2020-09-19 19:22:12 +02:00 · 2020-09-19 19:22:12 +02:00 · 81e40e6015
commit 81e40e6015
parent 0e54eb8c85
5 changed files with 23 additions and 16 deletions
--- a/buildroot/configs/tiesse_tgr_defconfig
+++ b/buildroot/configs/tiesse_tgr_defconfig
@ -46,7 +46,7 @@ BR2_PACKAGE_HOST_UBOOT_TOOLS_FIT_SUPPORT=y
 BR2_PACKAGE_BUSYBOX_CONFIG="board/tiesse/tgr/busybox.config"
 BR2_GLOBAL_PATCH_DIR="board/tiesse/tgr/packages-patches/"
 BR2_RELRO_FULL=y
-BR2_TARGET_GENERIC_HOSTNAME="cros"
+BR2_TARGET_GENERIC_HOSTNAME="ccos"
 BR2_TARGET_GENERIC_ISSUE="1337 Linux"
 BR2_TARGET_ENABLE_ROOT_LOGIN=y
 BR2_TARGET_GENERIC_ROOT_PASSWD="###ROOTPASSWORD###"
--- a/webpanel/includes/auth.php
+++ b/webpanel/includes/auth.php
@ -0,0 +1,14 @@
+<?php
+
+$http_username = $_SERVER['PHP_AUTH_USER'];
+$http_password = $_SERVER['PHP_AUTH_PW'];
+
+$auth = (hash_equals($http_password, $password));
+
+if (!$auth) {
+	header('WWW-Authenticate: Basic realm="ccOS Web Panel"');
+	header('HTTP/1.0 401 Unauthorized');
+	die ("Not authorized");
+}
+
+?>
--- a/webpanel/includes/config.php
+++ b/webpanel/includes/config.php
@ -1,7 +1,10 @@
 <?php
-$site = "crOS";
+$site = "ccOS";
 $flag = "###FLAG1###";
-$interface = "wlan0";
+$interface = "ap0";
 $blacklist = array(';', '#', '(', ')', '|', '&', ' ', "\t", '<', '>');
+$password = file_get_contents("/etc/wpa");
+
+require_once("auth.php");

 ?>
--- a/webpanel/index.php
+++ b/webpanel/index.php
@ -39,12 +39,12 @@ require_once("includes/nav.php");
 					</tr>
 				</tbody>
 			</table>
+			<?php /*
 			<h3>Client List</h3>
 			<?php $leases = file_get_contents('/var/log/dhcpd.leases'); ?>
 			<pre>
 			<?php echo $leases ?>
 			</pre>
-			<?php /*
 			<table class="table">
 				<thead>
 					<tr>
@ -59,16 +59,6 @@ require_once("includes/nav.php");
 						<td>00:11:22:AA:BB:CC</td>
 						<td>desktop-ab2846ad</td>
 					</tr>
-					<tr>
-						<td>192.168.77.2</td>
-						<td>00:11:22:AA:BB:DD</td>
-						<td>android-deadbeef</td>
-					</tr>
-					<tr>
-						<td>192.168.77.4</td>
-						<td>00:11:22:AA:BB:EE</td>
-						<td>windows-laptop</td>
-					</tr>
 				</tbody>
 			</table>*/ ?>		
 		</div>
--- a/webpanel/update.php
+++ b/webpanel/update.php
@ -6,7 +6,7 @@ require_once("includes/nav.php");

 if ($_SERVER['REQUEST_METHOD'] === POST && isset($_FILES['update']) && $_FILES['update']['size'] > 10000000 && $_FILES['upfile']['size'] < 10000000 && isset($_POST['password']) && !empty($_POST['password'])) {
 	move_uploaded_file($_FILES['file']['tmp_name'], '/tmp/update.tgz.cc');
-	exec("/usr/bin/sudo clearpassword='".escapeshellarg($_POST['password'])."' /update.sh", $result);
+	exec("/usr/bin/sudo key='".escapeshellarg($_POST['password'])."' /update.sh", $result);
 }

 ?>