Copy disable coutdown timer and new (simplified) API token authentification from PHP API to FTL API

2026-04-25 11:19:59 +01:00 · 2017-02-28 14:49:43 +01:00
parent 7a73053bfd
commit 43b60829dc
1 changed files with 41 additions and 19 deletions
--- a/api_FTL.php
+++ b/api_FTL.php
@@ -229,25 +229,47 @@ if (isset($_GET['getAllQueries']) && $auth)
 	$data = array_merge($data, $result);
 }

-if (isset($_GET['enable'], $_GET['token']) && $auth) {
-	check_csrf($_GET['token']);
-	exec('sudo pihole enable');
-	$data = array_merge($data, array("status" => "enabled"));
-}
-elseif (isset($_GET['disable'], $_GET['token']) && $auth) {
-	check_csrf($_GET['token']);
-	$disable = intval($_GET['disable']);
-	// intval returns the integer value on success, or 0 on failure
-	if($disable > 0)
-	{
-		exec("sudo pihole disable ".$disable."s");
-	}
-	else
-	{
-		exec('sudo pihole disable');
-	}
-	$data = array_merge($data, array("status" => "disabled"));
-}
+    if (isset($_GET['enable']) && $auth) {
+        if(isset($_GET["auth"]))
+        {
+            if($_GET["auth"] !== $pwhash)
+                die("Not authorized!");
+        }
+        else
+        {
+            // Skip token validation if explicit auth string is given
+            check_csrf($_GET['token']);
+        }
+        exec('sudo pihole enable');
+        $data = array_merge($data, array("status" => "enabled"));
+        unlink("../custom_disable_timer");
+    }
+    elseif (isset($_GET['disable']) && $auth) {
+        if(isset($_GET["auth"]))
+        {
+            if($_GET["auth"] !== $pwhash)
+                die("Not authorized!");
+        }
+        else
+        {
+            // Skip token validation if explicit auth string is given
+            check_csrf($_GET['token']);
+        }
+        $disable = intval($_GET['disable']);
+        // intval returns the integer value on success, or 0 on failure
+        if($disable > 0)
+        {
+            $timestamp = time();
+            exec("sudo pihole disable ".$disable."s");
+            file_put_contents("../custom_disable_timer",($timestamp+$disable)*1000);
+        }
+        else
+        {
+            exec('sudo pihole disable');
+            unlink("../custom_disable_timer");
+        }
+        $data = array_merge($data, array("status" => "disabled"));
+    }

 if(isset($_GET["recentBlocked"]))
 {