Pi-Hole/web
1
0
Fork 0
mirror of https://github.com/pi-hole/web.git synced 2026-04-24 10:50:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

Check if the API call was made using authentication

Browse Source 
Signed-off-by: RD WebDesign <github@rdwebdesign.com.br>
This commit is contained in:
RD WebDesign
2022-09-03 16:19:13 -03:00
parent b0472ad749
commit a55ae95330
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
scripts/pi-hole/php/password.php
View File

@@ -26,7 +26,7 @@ if (isset($setupVars['WEBPASSWORD'])) {
$pwhash = '';
}
function verifyPassword($pwhash)
function verifyPassword($pwhash, $use_api = false)
{
$validpassword = true;
@@ -86,7 +86,7 @@ function verifyPassword($pwhash)
if (hash_equals($pwhash, $_SESSION['hash'])) {
$_SESSION['auth'] = true;
}
} elseif (isset($api) && isset($_GET['auth'])) {
} elseif ($use_api && isset($_GET['auth'])) {
// API can use the hash to get data without logging in via plain-text password
if (hash_equals($pwhash, $_GET['auth'])) {
$_SESSION['auth'] = true;
@@ -103,5 +103,5 @@ function verifyPassword($pwhash)
return $validpassword;
}
$wrongpassword = !verifyPassword($pwhash);
$wrongpassword = !verifyPassword($pwhash, isset($api));
$auth = $_SESSION['auth'];