Added token verification

Moved CNAME functions to func.php Added teleporter support Fixed CNAME and DNS file declaration (filename was declarated in seperate file, therefore trying to read those files from func.php failed) Fixed error and success response functions in func.php (calling addCustomDNSEntry and addCustomCNAMEEntry repeatedly from teleporter failed because of error function defined inside of those functions) Signed-off-by: Matthias Rank <development@m-rank.de>
2026-04-25 11:19:59 +01:00 · 2020-05-21 14:48:13 +02:00
parent e380d9222a
commit 212da94228
6 changed files with 228 additions and 155 deletions
--- a/scripts/pi-hole/php/customcname.php
+++ b/scripts/pi-hole/php/customcname.php
@@ -2,130 +2,22 @@

    require_once "func.php";

-    $customCNAMEFile = "/etc/dnsmasq.d/05-pihole-custom-cname.conf";
+    require_once('auth.php');
+
+    // Authentication checks
+    if (isset($_POST['token'])) {
+        check_cors();
+        check_csrf($_POST['token']);
+    } else {
+        log_and_die('Not allowed (login session invalid or expired, please relogin on the Pi-hole dashboard)!');
+    }

    switch ($_REQUEST['action'])
    {
-        case 'get':     echo json_encode(echoCustomCNAMEEntries());   break;
-        case 'add':     echo json_encode(addCustomCNAMEEntry());      break;
-        case 'delete':  echo json_encode(deleteCustomCNAMEEntry());   break;
+        case 'get':     echo json_encode(echoCustomCNAMEEntries()); break;
+        case 'add':     echo json_encode(addCustomCNAMEEntry());    break;
+        case 'delete':  echo json_encode(deleteCustomCNAMEEntry()); break;
        default:
            die("Wrong action");
    }
-
-    function echoCustomCNAMEEntries()
-    {
-        $entries = getCustomCNAMEEntries();
-
-        $data = [];
-        foreach ($entries as $entry)
-            $data[] = [ $entry->domain, $entry->target ];
-
-        return [ "data" => $data ];
-    }
-
-    function getCustomCNAMEEntries()
-    {
-        global $customCNAMEFile;
-
-        $entries = [];
-
-        $handle = fopen($customCNAMEFile, "r");
-        if ($handle)
-        {
-            while (($line = fgets($handle)) !== false) {
-                $line = str_replace("cname=","", $line);
-                $line = str_replace("\r","", $line);
-                $line = str_replace("\n","", $line);
-                $explodedLine = explode (",", $line);
-
-                if (count($explodedLine) <= 1)
-                    continue;
-
-                $data = new \stdClass();
-                $data->domains = array_slice($explodedLine, 0, -1);
-                $data->domain = implode(",", $data->domains);
-                $data->target = $explodedLine[count($explodedLine)-1];
-                $entries[] = $data;
-            }
-
-            fclose($handle);
-        }
-
-        return $entries;
-    }
-
-    function addCustomCNAMEEntry()
-    {
-        try
-        {
-            $target = !empty($_REQUEST['target']) ? $_REQUEST['target']: "";
-            $domain = !empty($_REQUEST['domain']) ? $_REQUEST['domain']: "";
-
-            if (empty($target))
-                return errorJsonResponse("Target must be set");
-
-            if (empty($domain))
-                return errorJsonResponse("Domain must be set");
-
-            // Check if each submitted domain is valid
-            $domains = array_map('trim', explode(",", $domain));
-            foreach ($domains as $d) {
-                if (!is_valid_domain_name($d))
-                    return errorJsonResponse("Domain '$d' is not valid");
-            }
-
-            $existingEntries = getCustomCNAMEEntries();
-
-            // Check if a record for one of the domains already exists
-            foreach ($existingEntries as $entry)
-                foreach ($domains as $d)
-                    if (in_array($d, $entry->domains))
-                        return errorJsonResponse("There is already a CNAME record for '$d'");
-
-            exec("sudo pihole -a addcustomcname ".$domain." ".$target);
-
-            return successJsonResponse();
-        }
-        catch (\Exception $ex)
-        {
-            return errorJsonResponse($ex->getMessage());
-        }
-    }
-
-    function deleteCustomCNAMEEntry()
-    {
-        try
-        {
-            $target = !empty($_REQUEST['target']) ? $_REQUEST['target']: "";
-            $domain = !empty($_REQUEST['domain']) ? $_REQUEST['domain']: "";
-
-            if (empty($target))
-                return errorJsonResponse("Target must be set");
-
-            if (empty($domain))
-                return errorJsonResponse("Domain must be set");
-
-            $existingEntries = getCustomCNAMEEntries();
-
-            $found = false;
-            foreach ($existingEntries as $entry)
-                if ($entry->domain == $domain)
-                    if ($entry->target == $target) {
-                        $found = true;
-                        break;
-                    }
-
-            if (!$found)
-                return errorJsonResponse("This domain/ip association does not exist");
-
-            exec("sudo pihole -a removecustomcname ".$domain." ".$target);
-
-            return successJsonResponse();
-        }
-        catch (\Exception $ex)
-        {
-            return errorJsonResponse($ex->getMessage());
-        }
-    }
 ?>