Pi-Hole/web
1
0
Fork 0
mirror of https://github.com/pi-hole/web.git synced 2026-04-28 12:44:07 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'devel' into wildcard_blacklisting

Browse Source
This commit is contained in:
DL6ER
2017-01-09 14:51:54 +01:00
parent 3c3f6ef916 a05c03fec1
commit bd36baa18b
14 changed files with 180 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
scripts/pi-hole/php/auth.php
View File

@@ -35,7 +35,11 @@ function check_cors() {
// to validate that the client is authorized, only unauthorized.
$server_host = $_SERVER['HTTP_HOST'];
// If HTTP_HOST contains a non-standard port (!= 80) we have to strip the port
// Use parse_url if HTTP_HOST contains a colon (:) to get the host name
// e.g.
// https://pi.hole
// pi.hole:8080
// However, we don't use parse_url(...) if there is no colon, since it will fail for e.g. "pi.hole"
if(strpos($server_host, ":"))
{
$server_host = parse_url($_SERVER['HTTP_HOST'], PHP_URL_HOST);
@@ -48,7 +52,7 @@ function check_cors() {
if(isset($_SERVER['HTTP_ORIGIN'])) {
$server_origin = $_SERVER['HTTP_ORIGIN'];
// If HTTP_ORIGIN contains a non-standard port (!= 80) we have to strip the port
// Detect colon in $_SERVER['HTTP_ORIGIN'] (see comment above)
if(strpos($server_origin, ":"))
{
$server_origin = parse_url($_SERVER['HTTP_ORIGIN'], PHP_URL_HOST);
@@ -99,14 +103,19 @@ function check_csrf($token) {
function check_domain() {
if(isset($_POST['domain'])){
$validDomain = is_valid_domain_name($_POST['domain']);
if(!$validDomain){
log_and_die($_POST['domain']. ' is not a valid domain');
$domains = explode(" ",$_POST['domain']);
foreach($domains as $domain)
{
$validDomain = is_valid_domain_name($domain);
if(!$validDomain){
log_and_die(htmlspecialchars($domain. ' is not a valid domain'));
}
}
}
}
function list_verify($type) {
global $pwhash, $wrongpassword;
if(!isset($_POST['domain']) || !isset($_POST['list']) || !(isset($_POST['pw']) || isset($_POST['token']))) {
log_and_die("Missing POST variables");
}
@@ -121,11 +130,11 @@ function list_verify($type) {
require("password.php");
if(strlen($pwhash) == 0)
{
log_and_die("No password set - ${type}listing with password not supported");
log_and_die("No password set - ".htmlspecialchars($type)."listing with password not supported");
}
elseif($wrongpassword)
{
log_and_die("Wrong password - ${type}listing of ${_POST['domain']} not permitted");
log_and_die("Wrong password - ".htmlspecialchars($type)."listing of ${_POST['domain']} not permitted");
}
}
else

28
scripts/pi-hole/php/data.php
View File

@@ -679,14 +679,12 @@
$byTimeAds[$time] = 1;
}
}
else
{
if (isset($byTimeDomains[$time])) {
$byTimeDomains[$time]++;
}
else {
$byTimeDomains[$time] = 1;
}
if (isset($byTimeDomains[$time])) {
$byTimeDomains[$time]++;
}
else {
$byTimeDomains[$time] = 1;
}
}
return [$byTimeDomains,$byTimeAds];
@@ -721,14 +719,12 @@
$byTimeAds[$time] = 1;
}
}
else
{
if (isset($byTimeDomains[$time])) {
$byTimeDomains[$time]++;
}
else {
$byTimeDomains[$time] = 1;
}
if (isset($byTimeDomains[$time])) {
$byTimeDomains[$time]++;
}
else {
$byTimeDomains[$time] = 1;
}
}
return [$byTimeDomains,$byTimeAds];

49
scripts/pi-hole/php/header.php
View File

@@ -83,15 +83,16 @@
$memory_usage = -1;
}
if($auth) {
// For session timer
$maxlifetime = ini_get("session.gc_maxlifetime");
// For session timer
$maxlifetime = ini_get("session.gc_maxlifetime");
// Generate CSRF token
if(empty($_SESSION['token'])) {
$_SESSION['token'] = base64_encode(openssl_random_pseudo_bytes(32));
// Generate CSRF token
if(empty($_SESSION['token'])) {
$_SESSION['token'] = base64_encode(openssl_random_pseudo_bytes(32));
}
$token = $_SESSION['token'];
}
$token = $_SESSION['token'];
if(isset($setupVars['WEBUIBOXEDLAYOUT']))
{
@@ -171,7 +172,7 @@
<!-- /JS Warning -->
<script src="scripts/pi-hole/js/header.js"></script>
<!-- Send token to JS -->
<div id="token" hidden><?php echo $token ?></div>
<div id="token" hidden><?php if($auth) echo $token; ?></div>
<div class="wrapper">
<header class="main-header">
<!-- Logo -->
@@ -249,25 +250,25 @@
<!-- Sidebar user panel -->
<div class="user-panel">
<div class="pull-left image">
<img src="img/logo.svg" class="img-responsive" alt="Pi-hole logo" />
<img src="img/logo.svg" class="img-responsive" alt="Pi-hole logo" style="display: table; table-layout: fixed; height: 67px;" />
</div>
<div class="pull-left info">
<p>Status</p>
<?php
$pistatus = exec('sudo pihole status web');
if ($pistatus == "1") {
echo '<a href="#" id="status"><i class="fa fa-circle" style="color:#7FFF00"></i> Active</a>';
echo '<a id="status"><i class="fa fa-circle" style="color:#7FFF00"></i> Active</a>';
} elseif ($pistatus == "0") {
echo '<a href="#" id="status"><i class="fa fa-circle" style="color:#FF0000"></i> Offline</a>';
echo '<a id="status"><i class="fa fa-circle" style="color:#FF0000"></i> Offline</a>';
} elseif ($pistatus == "-1") {
echo '<a href="#" id="status"><i class="fa fa-circle" style="color:#FF0000"></i> DNS service not running</a>';
echo '<a id="status"><i class="fa fa-circle" style="color:#FF0000"></i> DNS service not running</a>';
} else {
echo '<a href="#" id="status"><i class="fa fa-circle" style="color:#ff9900"></i> Unknown</a>';
echo '<a id="status"><i class="fa fa-circle" style="color:#ff9900"></i> Unknown</a>';
}
// CPU Temp
if ($celsius >= -273.15) {
echo "<a href=\"#\" id=\"temperature\"><i class=\"fa fa-fire\" style=\"color:";
echo "<a id=\"temperature\"><i class=\"fa fa-fire\" style=\"color:";
if ($celsius > 60) {
echo "#FF0000";
}
@@ -293,33 +294,33 @@
?>
<br/>
<?php
echo '<a href="#"><i class="fa fa-circle" style="color:';
echo "<a><i class=\"fa fa-circle\" style=\"color:";
if ($loaddata[0] > $nproc) {
echo '#FF0000';
echo "#FF0000";
}
else
{
echo '#7FFF00';
echo "#7FFF00";
}
echo '""></i> Load:&nbsp;&nbsp;' . $loaddata[0] . '&nbsp;&nbsp;' . $loaddata[1] . '&nbsp;&nbsp;'. $loaddata[2] . '</a>';
echo "\"></i> Load:&nbsp;&nbsp;" . $loaddata[0] . "&nbsp;&nbsp;" . $loaddata[1] . "&nbsp;&nbsp;". $loaddata[2] . "</a>";
?>
<br/>
<?php
echo '<a href="#"><i class="fa fa-circle" style="color:';
echo "<a><i class=\"fa fa-circle\" style=\"color:";
if ($memory_usage > 0.75 || $memory_usage < 0.0) {
echo '#FF0000';
echo "#FF0000";
}
else
{
echo '#7FFF00';
echo "#7FFF00";
}
if($memory_usage > 0.0)
{
echo '""></i> Memory usage:&nbsp;&nbsp;' . sprintf("%.1f",100.0*$memory_usage) . '%</a>';
echo "\"></i> Memory usage:&nbsp;&nbsp;" . sprintf("%.1f",100.0*$memory_usage) . "%</a>";
}
else
{
echo '""></i> Memory usage:&nbsp;&nbsp; N/A</a>';
echo "\"></i> Memory usage:&nbsp;&nbsp; N/A</a>";
}
?>
</div>
@@ -442,7 +443,7 @@
// Show Logout button if $auth is set and authorization is required
if(strlen($pwhash) > 0) { ?>
<li>
<a href="index.php?logout">
<a href="?logout">
<i class="fa fa-user-times"></i> <span>Logout</span>
</a>
</li>

12
scripts/pi-hole/php/loginpage.php
View File

@@ -13,13 +13,19 @@
</div>
<div class="panel-body">
<form action="" method="post">
<form action="" id="loginform" method="post">
<div class="form-group has-feedback <?php if ($wrongpassword) { ?>has-error<?php } ?> ">
<input type="password" name="pw" class="form-control" placeholder="Password" autofocus>
<input type="password" id="loginpw" name="pw" class="form-control" placeholder="Password" autofocus>
<span class="glyphicon glyphicon-lock form-control-feedback"></span>
</div>
<div class="row">
<div class="col-xs-4 col-xs-offset-8">
<div class="col-xs-8">
<ul>
<li><tt>Return</tt> &rarr; Log in and go to requested page (<?php echo $scriptname; ?>)</li>
<li><tt>Ctrl+Return</tt> &rarr; Log in and go to Settings page</li>
</ul>
</div>
<div class="col-xs-4">
<button type="submit" href="#" class="btn btn-primary pull-right"><i class="glyphicon glyphicon-log-in"></i>&nbsp;&nbsp;&nbsp;Log in</button>
</div>
</div>

1
scripts/pi-hole/php/password.php
View File

@@ -21,6 +21,7 @@
}
$wrongpassword = false;
$auth = false;
// Test if password is set
if(strlen($pwhash) > 0)

15
scripts/pi-hole/php/savesettings.php
View File

@@ -355,10 +355,21 @@ function validDomain($domain_name)
$error .= "Lease time ".$leasetime." is invalid!<br>";
}
if(isset($_POST["useIPv6"]))
{
$ipv6 = "true";
$type = "(IPv4 + IPv6)";
}
else
{
$ipv6 = "false";
$type = "(IPv4)";
}
if(!strlen($error))
{
exec("sudo pihole -a enabledhcp ".$from." ".$to." ".$router." ".$leasetime." ".$domain);
$success .= "The DHCP server has been activated";
exec("sudo pihole -a enabledhcp ".$from." ".$to." ".$router." ".$leasetime." ".$domain." ".$ipv6);
$success .= "The DHCP server has been activated ".$type;
}
}
else