Fixes and refactoring WL/BL files more

* CORS was required to auth (bug) - fixed * Logging defaults to the default lighttpd error log * Overridable error log location to support alpine/nginx container or power users * Put the repeated code into a include for sub/add, auth.php * Error logs say what failed much better now * VIRTUAL_HOST should theoretically allow custom hostnames for CORS
2026-05-01 14:12:25 +01:00 · 2016-07-07 00:12:35 -05:00
parent 77395a3e72
commit 657fb7badc
3 changed files with 51 additions and 79 deletions
--- a/php/add.php
+++ b/php/add.php
@@ -1,43 +1,5 @@
 <?php
-function pi_log($message) {
-    error_log($message . "\n", 3, '/var/log/lighttpd/pihole_php.log');
-}
-
-function log_and_die($message) {
-    pi_log($message);
-    die($message);
-}
-
-if(!isset($_POST['domain'], $_POST['list'], $_POST['token'])) {
-    log_and_die("Missing POST variables");
-}
-
-$AUTHORIZED_HOSTNAMES = [
-    'http://' . $_SERVER['SERVER_ADDR'],
-    'http://' . 'pi.hole',
-    'http://' . 'localhost'
-];
-
-// Check CORS
-$CORS_ALLOW_ORIGIN = false;
-if(in_array($_SERVER['HTTP_ORIGIN'], $AUTHORIZED_HOSTNAMES)) {
-    $CORS_ALLOW_ORIGIN = $_SERVER['HTTP_ORIGIN'];
-}
-
-if (!$CORS_ALLOW_ORIGIN) {
-    log_and_die("Failed CORS");
-}
-
-header("Access-Control-Allow-Origin: $CORS_ALLOW_ORIGIN");
-
-session_start();
-// Otherwise probably same origin... out of the scope of CORS
-
-// Check CSRF token
-if(!hash_equals($_SESSION['token'], $_POST['token'])) {
-    log_and_die("Wrong token");
-}
-
+require('auth.php');

 switch($_POST['list']) {
    case "white":