Pi-Hole/web
1
0
Fork 0
mirror of https://github.com/pi-hole/web.git synced 2026-04-24 02:39:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Run PHP-CS-Fixer on all files

Browse Source 
Signed-off-by: DL6ER <dl6er@dl6er.de>
This commit is contained in:
DL6ER
2022-08-07 10:52:23 +02:00
parent 69e118ad45
commit 6ec4b8a529
47 changed files with 2643 additions and 2831 deletions
Download Patch File Download Diff File Expand all files Collapse all files

79
scripts/pi-hole/php/password.php
View File

@@ -7,7 +7,7 @@
* Please see LICENSE file for your rights under this license.
*/
require_once('func.php');
require_once 'func.php';
// Start a new PHP session (or continue an existing one)
// Prevents javascript XSS attacks aimed to steal the session ID
@@ -17,56 +17,46 @@ ini_set('session.use_only_cookies', 1);
session_start();
// Read setupVars.conf file
$setupVars = parse_ini_file("/etc/pihole/setupVars.conf");
$setupVars = parse_ini_file('/etc/pihole/setupVars.conf');
// Try to read password hash from setupVars.conf
if(isset($setupVars['WEBPASSWORD']))
{
if (isset($setupVars['WEBPASSWORD'])) {
$pwhash = $setupVars['WEBPASSWORD'];
}
else
{
$pwhash = "";
} else {
$pwhash = '';
}
// If the user wants to log out, we free all session variables currently registered
// and delete any persistent cookie.
if(isset($_GET["logout"]))
{
if (isset($_GET['logout'])) {
session_unset();
setcookie('persistentlogin', '', 1);
header('Location: index.php');
exit();
exit;
}
$wrongpassword = false;
$auth = false;
// Test if password is set
if(strlen($pwhash) > 0)
{
if (strlen($pwhash) > 0) {
// Check for and authorize from persistent cookie
if (isset($_COOKIE["persistentlogin"]))
{
if (hash_equals($pwhash, $_COOKIE["persistentlogin"]))
{
if (isset($_COOKIE['persistentlogin'])) {
if (hash_equals($pwhash, $_COOKIE['persistentlogin'])) {
$auth = true;
// Refresh cookie with new expiry
// setcookie( $name, $value, $expire, $path, $domain, $secure, $httponly )
setcookie('persistentlogin', $pwhash, time()+60*60*24*7, null, null, null, true );
}
else
{
setcookie('persistentlogin', $pwhash, time() + 60 * 60 * 24 * 7, null, null, null, true);
} else {
// Invalid cookie
$auth = false;
setcookie('persistentlogin', '', 1);
}
}
// Compare doubly hashes password input with saved hash
else if(isset($_POST["pw"]))
{
$postinput = hash('sha256',hash('sha256',$_POST["pw"]));
if(hash_equals($pwhash, $postinput))
{
elseif (isset($_POST['pw'])) {
$postinput = hash('sha256', hash('sha256', $_POST['pw']));
if (hash_equals($pwhash, $postinput)) {
// Regenerate session ID to prevent session fixation
session_regenerate_id();
@@ -74,49 +64,42 @@ if(strlen($pwhash) > 0)
$_SESSION = array();
// Set hash in new session
$_SESSION["hash"] = $pwhash;
$_SESSION['hash'] = $pwhash;
// Set persistent cookie if selected
if (isset($_POST['persistentlogin']))
{
if (isset($_POST['persistentlogin'])) {
// setcookie( $name, $value, $expire, $path, $domain, $secure, $httponly )
setcookie('persistentlogin', $pwhash, time()+60*60*24*7, null, null, null, true );
setcookie('persistentlogin', $pwhash, time() + 60 * 60 * 24 * 7, null, null, null, true);
}
// Login successful, redirect the user to the homepage to discard the POST request
if ($_SERVER['REQUEST_METHOD'] === 'POST' && $_SERVER['QUERY_STRING'] === 'login') {
if ('POST' === $_SERVER['REQUEST_METHOD'] && 'login' === $_SERVER['QUERY_STRING']) {
header('Location: index.php');
exit();
exit;
}
$auth = true;
}
else
{
} else {
$wrongpassword = true;
}
}
// Compare auth hash with saved hash
else if (isset($_SESSION["hash"]))
{
if(hash_equals($pwhash, $_SESSION["hash"]))
elseif (isset($_SESSION['hash'])) {
if (hash_equals($pwhash, $_SESSION['hash'])) {
$auth = true;
}
}
// API can use the hash to get data without logging in via plain-text password
else if (isset($api) && isset($_GET["auth"]))
{
if(hash_equals($pwhash, $_GET["auth"]))
elseif (isset($api, $_GET['auth'])) {
if (hash_equals($pwhash, $_GET['auth'])) {
$auth = true;
}
else
{
}
} else {
// Password or hash wrong
$auth = false;
}
}
else
{
} else {
// No password set
$auth = true;
}
?>