Pi-Hole/web
1
0
Fork 0
mirror of https://github.com/pi-hole/web.git synced 2026-04-22 09:48:56 +01:00
Code Issues Packages Projects Releases Wiki Activity

Run PHP-CS-Fixer on all files

Browse Source 
Signed-off-by: DL6ER <dl6er@dl6er.de>
This commit is contained in:
DL6ER
2022-08-07 10:52:23 +02:00
parent 69e118ad45
commit 6ec4b8a529
47 changed files with 2643 additions and 2831 deletions
Download Patch File Download Diff File Expand all files Collapse all files

346
api_db.php
View File

@@ -9,14 +9,18 @@
$api = true;
header('Content-type: application/json');
require("scripts/pi-hole/php/database.php");
require("scripts/pi-hole/php/password.php");
require("scripts/pi-hole/php/auth.php");
require_once("scripts/pi-hole/php/func.php");
require 'scripts/pi-hole/php/database.php';
require 'scripts/pi-hole/php/password.php';
require 'scripts/pi-hole/php/auth.php';
require_once 'scripts/pi-hole/php/func.php';
check_cors();
// Set maximum execution time to 10 minutes
ini_set("max_execution_time","600");
ini_set('max_execution_time', '600');
$data = array();
@@ -26,31 +30,29 @@ $data = array();
$QUERYDB = getQueriesDBFilename();
$db = SQLite3_connect($QUERYDB);
if(isset($_GET["network"]) && $auth)
{
if (isset($_GET['network']) && $auth) {
$network = array();
$results = $db->query('SELECT * FROM network');
while($results !== false && $res = $results->fetchArray(SQLITE3_ASSOC))
{
$id = intval($res["id"]);
while (false !== $results && $res = $results->fetchArray(SQLITE3_ASSOC)) {
$id = intval($res['id']);
// Get IP addresses and host names for this device
$res["ip"] = array();
$res["name"] = array();
$network_addresses = $db->query("SELECT ip,name FROM network_addresses WHERE network_id = $id ORDER BY lastSeen DESC");
while($network_addresses !== false && $network_address = $network_addresses->fetchArray(SQLITE3_ASSOC))
{
array_push($res["ip"],$network_address["ip"]);
if($network_address["name"] !== null)
array_push($res["name"],utf8_encode($network_address["name"]));
else
array_push($res["name"],"");
$res['ip'] = array();
$res['name'] = array();
$network_addresses = $db->query("SELECT ip,name FROM network_addresses WHERE network_id = {$id} ORDER BY lastSeen DESC");
while (false !== $network_addresses && $network_address = $network_addresses->fetchArray(SQLITE3_ASSOC)) {
array_push($res['ip'], $network_address['ip']);
if (null !== $network_address['name']) {
array_push($res['name'], utf8_encode($network_address['name']));
} else {
array_push($res['name'], '');
}
}
$network_addresses->finalize();
// UTF-8 encode vendor
$res["macVendor"] = utf8_encode($res["macVendor"]);
$res['macVendor'] = utf8_encode($res['macVendor']);
array_push($network, $res);
}
$results->finalize();
@@ -58,48 +60,42 @@ if(isset($_GET["network"]) && $auth)
$data = array_merge($data, array('network' => $network));
}
if (isset($_GET['getAllQueries']) && $auth)
{
if (isset($_GET['getAllQueries']) && $auth) {
$allQueries = array();
if($_GET['getAllQueries'] !== "empty")
{
$from = intval($_GET["from"]);
$until = intval($_GET["until"]);
if ('empty' !== $_GET['getAllQueries']) {
$from = intval($_GET['from']);
$until = intval($_GET['until']);
// Use table "query_storage"
// - replace domain ID with domain
// - replace client ID with client name
// - replace forward ID with forward destination
$dbquery = "SELECT timestamp, type,";
$dbquery = 'SELECT timestamp, type,';
$dbquery .= " CASE typeof(domain) WHEN 'integer' THEN (SELECT domain FROM domain_by_id d WHERE d.id = q.domain) ELSE domain END domain,";
$dbquery .= " CASE typeof(client) WHEN 'integer' THEN (";
$dbquery .= " SELECT CASE TRIM(name) WHEN '' THEN c.ip ELSE c.name END name FROM client_by_id c WHERE c.id = q.client";
$dbquery .= " ) ELSE client END client,";
$dbquery .= ' ) ELSE client END client,';
$dbquery .= " CASE typeof(forward) WHEN 'integer' THEN (SELECT forward FROM forward_by_id f WHERE f.id = q.forward) ELSE forward END forward,";
$dbquery .= " status, reply_type, reply_time, dnssec";
$dbquery .= " FROM query_storage q";
$dbquery .= " WHERE timestamp >= :from AND timestamp <= :until ";
if(isset($_GET["types"]))
{
$types = $_GET["types"];
if(preg_match("/^[0-9]+(?:,[0-9]+)*$/", $types) === 1)
{
$dbquery .= ' status, reply_type, reply_time, dnssec';
$dbquery .= ' FROM query_storage q';
$dbquery .= ' WHERE timestamp >= :from AND timestamp <= :until ';
if (isset($_GET['types'])) {
$types = $_GET['types'];
if (1 === preg_match('/^[0-9]+(?:,[0-9]+)*$/', $types)) {
// Append selector to DB query. The used regex ensures
// that only numbers, separated by commas are accepted
// to avoid code injection and other malicious things
// We accept only valid lists like "1,2,3"
// We reject ",2,3", "1,2," and similar arguments
$dbquery .= "AND status IN (".$types.") ";
}
else
{
die("Error. Selector types specified using an invalid format.");
$dbquery .= 'AND status IN ('.$types.') ';
} else {
exit('Error. Selector types specified using an invalid format.');
}
}
$dbquery .= "ORDER BY timestamp ASC";
$dbquery .= 'ORDER BY timestamp ASC';
$stmt = $db->prepare($dbquery);
$stmt->bindValue(":from", intval($from), SQLITE3_INTEGER);
$stmt->bindValue(":until", intval($until), SQLITE3_INTEGER);
$stmt->bindValue(':from', intval($from), SQLITE3_INTEGER);
$stmt->bindValue(':until', intval($until), SQLITE3_INTEGER);
$results = $stmt->execute();
// Start the JSON string
@@ -110,24 +106,24 @@ if (isset($_GET['getAllQueries']) && $auth)
while ($row = $results->fetchArray(SQLITE3_ASSOC)) {
// Insert a comma before the next record (except on the first one)
if (!$first) {
echo ",";
echo ',';
} else {
$first = false;
}
// Format, encode, transform each field (if necessary).
$time = $row["timestamp"];
$query_type = getQueryTypeStr($row["type"]); // Convert query type ID to name
$domain = utf8_encode(str_replace("~"," ",$row["domain"]));
$client = $row["client"];
$status = $row["status"];
$destination = utf8_encode($row["forward"]);
$reply_type = $row["reply_type"];
$reply_time = $row["reply_time"];
$dnssec = $row["dnssec"];
$time = $row['timestamp'];
$query_type = getQueryTypeStr($row['type']); // Convert query type ID to name
$domain = utf8_encode(str_replace('~', ' ', $row['domain']));
$client = $row['client'];
$status = $row['status'];
$destination = utf8_encode($row['forward']);
$reply_type = $row['reply_type'];
$reply_time = $row['reply_time'];
$dnssec = $row['dnssec'];
// Insert into array and output it in JSON format
echo json_encode([$time, $query_type, $domain, $client, $status, $destination, $reply_type, $reply_time, $dnssec]);
echo json_encode(array($time, $query_type, $domain, $client, $status, $destination, $reply_type, $reply_time, $dnssec));
}
}
@@ -135,56 +131,47 @@ if (isset($_GET['getAllQueries']) && $auth)
echo ']}';
// exit at the end
exit();
exit;
}
// only used if getAllQueries==empty
$result = array('data' => $allQueries);
$data = array_merge($data, $result);
}
if (isset($_GET['topClients']) && $auth)
{
if (isset($_GET['topClients']) && $auth) {
// $from = intval($_GET["from"]);
$limit = "";
if(isset($_GET["from"]) && isset($_GET["until"]))
{
$limit = "WHERE timestamp >= :from AND timestamp <= :until";
}
elseif(isset($_GET["from"]) && !isset($_GET["until"]))
{
$limit = "WHERE timestamp >= :from";
}
elseif(!isset($_GET["from"]) && isset($_GET["until"]))
{
$limit = "WHERE timestamp <= :until";
$limit = '';
if (isset($_GET['from'], $_GET['until'])) {
$limit = 'WHERE timestamp >= :from AND timestamp <= :until';
} elseif (isset($_GET['from']) && !isset($_GET['until'])) {
$limit = 'WHERE timestamp >= :from';
} elseif (!isset($_GET['from']) && isset($_GET['until'])) {
$limit = 'WHERE timestamp <= :until';
}
$dbquery = "SELECT CASE typeof(client) WHEN 'integer' THEN (";
$dbquery .= " SELECT CASE TRIM(name) WHEN '' THEN c.ip ELSE c.name END name FROM client_by_id c WHERE c.id = q.client)";
$dbquery .= " ELSE client END client, count(client) FROM query_storage q ".$limit." GROUP BY client ORDER BY count(client) DESC LIMIT 20";
$dbquery .= ' ELSE client END client, count(client) FROM query_storage q '.$limit.' GROUP BY client ORDER BY count(client) DESC LIMIT 20';
$stmt = $db->prepare($dbquery);
$stmt->bindValue(":from", intval($_GET['from']), SQLITE3_INTEGER);
$stmt->bindValue(":until", intval($_GET['until']), SQLITE3_INTEGER);
$stmt->bindValue(':from', intval($_GET['from']), SQLITE3_INTEGER);
$stmt->bindValue(':until', intval($_GET['until']), SQLITE3_INTEGER);
$results = $stmt->execute();
$clientnums = array();
if(!is_bool($results))
while ($row = $results->fetchArray())
{
if (!is_bool($results)) {
while ($row = $results->fetchArray()) {
// $row[0] is the client IP
if(array_key_exists($row[0], $clientnums))
{
if (array_key_exists($row[0], $clientnums)) {
// Entry already exists, add to it (might appear multiple times due to mixed capitalization in the database)
$clientnums[$row[0]] += intval($row[1]);
}
else
{
} else {
// Entry does not yet exist
$clientnums[$row[0]] = intval($row[1]);
}
}
}
// Sort by number of hits
arsort($clientnums);
@@ -196,46 +183,37 @@ if (isset($_GET['topClients']) && $auth)
$data = array_merge($data, $result);
}
if (isset($_GET['topDomains']) && $auth)
{
$limit = "";
if (isset($_GET['topDomains']) && $auth) {
$limit = '';
if(isset($_GET["from"]) && isset($_GET["until"]))
{
$limit = " AND timestamp >= :from AND timestamp <= :until";
}
elseif(isset($_GET["from"]) && !isset($_GET["until"]))
{
$limit = " AND timestamp >= :from";
}
elseif(!isset($_GET["from"]) && isset($_GET["until"]))
{
$limit = " AND timestamp <= :until";
if (isset($_GET['from'], $_GET['until'])) {
$limit = ' AND timestamp >= :from AND timestamp <= :until';
} elseif (isset($_GET['from']) && !isset($_GET['until'])) {
$limit = ' AND timestamp >= :from';
} elseif (!isset($_GET['from']) && isset($_GET['until'])) {
$limit = ' AND timestamp <= :until';
}
// Select top permitted domains only
$stmt = $db->prepare('SELECT domain,count(domain) FROM queries WHERE status IN (2,3,12,13,14)'.$limit.' GROUP by domain order by count(domain) desc limit 20');
$stmt->bindValue(":from", intval($_GET['from']), SQLITE3_INTEGER);
$stmt->bindValue(":until", intval($_GET['until']), SQLITE3_INTEGER);
$stmt->bindValue(':from', intval($_GET['from']), SQLITE3_INTEGER);
$stmt->bindValue(':until', intval($_GET['until']), SQLITE3_INTEGER);
$results = $stmt->execute();
$domains = array();
if(!is_bool($results))
while ($row = $results->fetchArray())
{
if (!is_bool($results)) {
while ($row = $results->fetchArray()) {
// Convert domain to lower case UTF-8
$c = utf8_encode(strtolower($row[0]));
if(array_key_exists($c, $domains))
{
if (array_key_exists($c, $domains)) {
// Entry already exists, add to it (might appear multiple times due to mixed capitalization in the database)
$domains[$c] += intval($row[1]);
}
else
{
} else {
// Entry does not yet exist
$domains[$c] = intval($row[1]);
}
}
}
// Sort by number of hits
arsort($domains);
@@ -247,130 +225,119 @@ if (isset($_GET['topDomains']) && $auth)
$data = array_merge($data, $result);
}
if (isset($_GET['topAds']) && $auth)
{
$limit = "";
if (isset($_GET['topAds']) && $auth) {
$limit = '';
if(isset($_GET["from"]) && isset($_GET["until"]))
{
$limit = " AND timestamp >= :from AND timestamp <= :until";
}
elseif(isset($_GET["from"]) && !isset($_GET["until"]))
{
$limit = " AND timestamp >= :from";
}
elseif(!isset($_GET["from"]) && isset($_GET["until"]))
{
$limit = " AND timestamp <= :until";
if (isset($_GET['from'], $_GET['until'])) {
$limit = ' AND timestamp >= :from AND timestamp <= :until';
} elseif (isset($_GET['from']) && !isset($_GET['until'])) {
$limit = ' AND timestamp >= :from';
} elseif (!isset($_GET['from']) && isset($_GET['until'])) {
$limit = ' AND timestamp <= :until';
}
$stmt = $db->prepare('SELECT domain,count(domain) FROM queries WHERE status IN (1,4,5,6,7,8,9,10,11)'.$limit.' GROUP by domain order by count(domain) desc limit 10');
$stmt->bindValue(":from", intval($_GET['from']), SQLITE3_INTEGER);
$stmt->bindValue(":until", intval($_GET['until']), SQLITE3_INTEGER);
$stmt->bindValue(':from', intval($_GET['from']), SQLITE3_INTEGER);
$stmt->bindValue(':until', intval($_GET['until']), SQLITE3_INTEGER);
$results = $stmt->execute();
$addomains = array();
if(!is_bool($results))
while ($row = $results->fetchArray())
{
if (!is_bool($results)) {
while ($row = $results->fetchArray()) {
$addomains[utf8_encode($row[0])] = intval($row[1]);
}
}
$result = array('top_ads' => $addomains);
$data = array_merge($data, $result);
}
if (isset($_GET['getMinTimestamp']) && $auth)
{
if (isset($_GET['getMinTimestamp']) && $auth) {
$results = $db->query('SELECT MIN(timestamp) FROM queries');
if(!is_bool($results))
if (!is_bool($results)) {
$result = array('mintimestamp' => $results->fetchArray()[0]);
else
} else {
$result = array();
}
$data = array_merge($data, $result);
}
if (isset($_GET['getMaxTimestamp']) && $auth)
{
if (isset($_GET['getMaxTimestamp']) && $auth) {
$results = $db->query('SELECT MAX(timestamp) FROM queries');
if(!is_bool($results))
if (!is_bool($results)) {
$result = array('maxtimestamp' => $results->fetchArray()[0]);
else
} else {
$result = array();
}
$data = array_merge($data, $result);
}
if (isset($_GET['getQueriesCount']) && $auth)
{
if (isset($_GET['getQueriesCount']) && $auth) {
$results = $db->query('SELECT COUNT(timestamp) FROM queries');
if(!is_bool($results))
if (!is_bool($results)) {
$result = array('count' => $results->fetchArray()[0]);
else
} else {
$result = array();
}
$data = array_merge($data, $result);
}
if (isset($_GET['getDBfilesize']) && $auth)
{
$filesize = filesize("/etc/pihole/pihole-FTL.db");
if (isset($_GET['getDBfilesize']) && $auth) {
$filesize = filesize('/etc/pihole/pihole-FTL.db');
$result = array('filesize' => $filesize);
$data = array_merge($data, $result);
}
if (isset($_GET['getGraphData']) && $auth)
{
$limit = "";
if (isset($_GET['getGraphData']) && $auth) {
$limit = '';
if(isset($_GET["from"]) && isset($_GET["until"]))
{
$limit = " AND timestamp >= :from AND timestamp <= :until";
}
elseif(isset($_GET["from"]) && !isset($_GET["until"]))
{
$limit = " AND timestamp >= :from";
}
elseif(!isset($_GET["from"]) && isset($_GET["until"]))
{
$limit = " AND timestamp <= :until";
if (isset($_GET['from'], $_GET['until'])) {
$limit = ' AND timestamp >= :from AND timestamp <= :until';
} elseif (isset($_GET['from']) && !isset($_GET['until'])) {
$limit = ' AND timestamp >= :from';
} elseif (!isset($_GET['from']) && isset($_GET['until'])) {
$limit = ' AND timestamp <= :until';
}
$interval = 600;
if(isset($_GET["interval"]))
{
$q = intval($_GET["interval"]);
if($q >= 10)
if (isset($_GET['interval'])) {
$q = intval($_GET['interval']);
if ($q >= 10) {
$interval = $q;
}
}
// Round $from and $until to match the requested $interval
$from = intval((intval($_GET['from'])/$interval)*$interval);
$until = intval((intval($_GET['until'])/$interval)*$interval);
$from = intval((intval($_GET['from']) / $interval) * $interval);
$until = intval((intval($_GET['until']) / $interval) * $interval);
// Count permitted queries in intervals
$stmt = $db->prepare('SELECT (timestamp/:interval)*:interval interval, COUNT(*) FROM queries WHERE (status != 0 )'.$limit.' GROUP by interval ORDER by interval');
$stmt->bindValue(":from", $from, SQLITE3_INTEGER);
$stmt->bindValue(":until", $until, SQLITE3_INTEGER);
$stmt->bindValue(":interval", $interval, SQLITE3_INTEGER);
$stmt->bindValue(':from', $from, SQLITE3_INTEGER);
$stmt->bindValue(':until', $until, SQLITE3_INTEGER);
$stmt->bindValue(':interval', $interval, SQLITE3_INTEGER);
$results = $stmt->execute();
// Parse the DB result into graph data, filling in missing interval sections with zero
function parseDBData($results, $interval, $from, $until) {
function parseDBData($results, $interval, $from, $until)
{
$data = array();
$first_db_timestamp = -1;
if(!is_bool($results)) {
if (!is_bool($results)) {
// Read in the data
while($row = $results->fetchArray()) {
while ($row = $results->fetchArray()) {
// $data[timestamp] = value_in_this_interval
$data[$row[0]] = intval($row[1]);
if($first_db_timestamp === -1)
if (-1 === $first_db_timestamp) {
$first_db_timestamp = intval($row[0]);
}
}
}
@@ -381,9 +348,10 @@ if (isset($_GET['getGraphData']) && $auth)
$aligned_from = $from + (($first_db_timestamp - $from) % $interval);
// Fill gaps in returned data
for($i = $aligned_from; $i < $until; $i += $interval) {
if(!array_key_exists($i, $data))
for ($i = $aligned_from; $i < $until; $i += $interval) {
if (!array_key_exists($i, $data)) {
$data[$i] = 0;
}
}
return $data;
@@ -396,9 +364,9 @@ if (isset($_GET['getGraphData']) && $auth)
// Count blocked queries in intervals
$stmt = $db->prepare('SELECT (timestamp/:interval)*:interval interval, COUNT(*) FROM queries WHERE status IN (1,4,5,6,7,8,9,10,11)'.$limit.' GROUP by interval ORDER by interval');
$stmt->bindValue(":from", $from, SQLITE3_INTEGER);
$stmt->bindValue(":until", $until, SQLITE3_INTEGER);
$stmt->bindValue(":interval", $interval, SQLITE3_INTEGER);
$stmt->bindValue(':from', $from, SQLITE3_INTEGER);
$stmt->bindValue(':until', $until, SQLITE3_INTEGER);
$stmt->bindValue(':interval', $interval, SQLITE3_INTEGER);
$results = $stmt->execute();
$addomains = parseDBData($results, $interval, $from, $until);
@@ -407,37 +375,38 @@ if (isset($_GET['getGraphData']) && $auth)
$data = array_merge($data, $result);
}
if (isset($_GET['status']) && $auth)
{
$extra = ";";
if(isset($_GET["ignore"]) && $_GET["ignore"] === 'DNSMASQ_WARN')
if (isset($_GET['status']) && $auth) {
$extra = ';';
if (isset($_GET['ignore']) && 'DNSMASQ_WARN' === $_GET['ignore']) {
$extra = "WHERE type != 'DNSMASQ_WARN';";
}
$results = $db->query('SELECT COUNT(*) FROM message '.$extra);
if(!is_bool($results))
if (!is_bool($results)) {
$result = array('message_count' => $results->fetchArray()[0]);
else
} else {
$result = array();
}
$data = array_merge($data, $result);
}
if(isset($_GET["messages"]) && $auth)
{
$extra = ";";
if(isset($_GET["ignore"]) && $_GET["ignore"] === 'DNSMASQ_WARN')
if (isset($_GET['messages']) && $auth) {
$extra = ';';
if (isset($_GET['ignore']) && 'DNSMASQ_WARN' === $_GET['ignore']) {
$extra = "WHERE type != 'DNSMASQ_WARN';";
}
$messages = array();
$results = $db->query('SELECT * FROM message '.$extra);
while($results !== false && $res = $results->fetchArray(SQLITE3_ASSOC))
{
while (false !== $results && $res = $results->fetchArray(SQLITE3_ASSOC)) {
// Convert string to to UTF-8 encoding to ensure php-json can handle it.
// Furthermore, convert special characters to HTML entities to prevent XSS attacks.
foreach ($res as $key => $value) {
if (is_string($value))
if (is_string($value)) {
$res[$key] = htmlspecialchars(utf8_encode($value));
}
}
array_push($messages, $res);
}
@@ -445,11 +414,8 @@ if(isset($_GET["messages"]) && $auth)
$data = array_merge($data, array('messages' => $messages));
}
if(isset($_GET["jsonForceObject"]))
{
if (isset($_GET['jsonForceObject'])) {
echo json_encode($data, JSON_FORCE_OBJECT);
}
else
{
} else {
echo json_encode($data);
}