diff --git a/api_FTL.php b/api_FTL.php index 524d2d2d..e48983a2 100644 --- a/api_FTL.php +++ b/api_FTL.php @@ -229,25 +229,47 @@ if (isset($_GET['getAllQueries']) && $auth) $data = array_merge($data, $result); } -if (isset($_GET['enable'], $_GET['token']) && $auth) { - check_csrf($_GET['token']); - exec('sudo pihole enable'); - $data = array_merge($data, array("status" => "enabled")); -} -elseif (isset($_GET['disable'], $_GET['token']) && $auth) { - check_csrf($_GET['token']); - $disable = intval($_GET['disable']); - // intval returns the integer value on success, or 0 on failure - if($disable > 0) - { - exec("sudo pihole disable ".$disable."s"); - } - else - { - exec('sudo pihole disable'); - } - $data = array_merge($data, array("status" => "disabled")); -} + if (isset($_GET['enable']) && $auth) { + if(isset($_GET["auth"])) + { + if($_GET["auth"] !== $pwhash) + die("Not authorized!"); + } + else + { + // Skip token validation if explicit auth string is given + check_csrf($_GET['token']); + } + exec('sudo pihole enable'); + $data = array_merge($data, array("status" => "enabled")); + unlink("../custom_disable_timer"); + } + elseif (isset($_GET['disable']) && $auth) { + if(isset($_GET["auth"])) + { + if($_GET["auth"] !== $pwhash) + die("Not authorized!"); + } + else + { + // Skip token validation if explicit auth string is given + check_csrf($_GET['token']); + } + $disable = intval($_GET['disable']); + // intval returns the integer value on success, or 0 on failure + if($disable > 0) + { + $timestamp = time(); + exec("sudo pihole disable ".$disable."s"); + file_put_contents("../custom_disable_timer",($timestamp+$disable)*1000); + } + else + { + exec('sudo pihole disable'); + unlink("../custom_disable_timer"); + } + $data = array_merge($data, array("status" => "disabled")); + } if(isset($_GET["recentBlocked"])) {