Pi-Hole/web
1
0
Fork 0
mirror of https://github.com/pi-hole/web.git synced 2026-02-24 03:35:18 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,273 Commits 24 Branches 113 Tags
cd1c57a8f9611117feab64b8cc37367ae1bf296b
Commit Graph

83 Commits

Author SHA1 Message Date
DL6ER
cd1c57a8f9 Improved memory usage determination 2016-12-16 12:19:16 +01:00
DL6ER
ea1645f562 Apply change of layout immediately and use this state to check the checkbox 2016-12-13 17:16:29 +01:00
DL6ER
b0556852cb Add "Interface appearence" option 2016-12-13 14:58:47 +01:00
DL6ER
9cff0d41bc Fix wrong comment 2016-12-13 12:09:02 +01:00
DL6ER
f01c441783 Removed changing of CPU temperature unit from Help Center 2016-12-12 13:17:37 +01:00
DL6ER
bade1ad0ad Add "Settings" to main navigation 2016-12-10 21:04:17 +01:00
Mcat12
0dec4b8aa0 Protect Enable/Disable with a CSRF token check 
The token is now added for all pages.
 2016-12-04 13:16:45 -05:00
Mcat12
ee0913a7a2 Move enable/disable to API 
Also check CORS for all API calls. With the same import, we can
enable CSRF token checking on the API.
 2016-12-03 13:40:04 -05:00
Mcat12
40c6ee9f5a Remove strict flag and change Host check 
Since the Host header is easily manipulated, we can only check if
it's wrong and can't use it to validate that the client is authorized,
only unauthorized. There's no need for the strict flag anymore
because of this.
 2016-12-02 16:06:43 -05:00
Mcat12
6b8fa7dbe4 Merge remote-tracking branch 'origin/devel' into secure-pause-resume 
Conflicts:
	header.php
 2016-12-01 20:47:04 -05:00
DL6ER
9dfe10fd01 Changed a comment 2016-11-24 12:58:28 +01:00
DL6ER
fbe715c338 Small fix in password.php: Verify that there is a password hash before trying to access it 2016-11-24 12:54:26 +01:00
DL6ER
35f250352f Small fix for header.php (prevent accumulation of "PHP Notice: Undefined index: TEMPERATUREUNIT" in lighttpd's error.log) 2016-11-24 12:47:56 +01:00
DL6ER
f3fa7ff8fa Show 'Help' only if authorized 2016-11-23 18:08:19 +01:00
DL6ER
d9adcccbc3 Merge branch 'devel' into auth 
Conflicts:
	header.php
 2016-11-23 18:02:40 +01:00
Mcat12
f8442e954e Merge pull request #209 from DL6ER/queryads 
Query list of ad-serving domains via Web UI
 2016-11-23 11:35:15 -05:00
DL6ER
7f7604a6af Add "Query adlists" feature 2016-11-22 15:23:30 +01:00
DL6ER
eedb141549 Add "Update Lists" section 2016-11-22 13:23:38 +01:00
DL6ER
d19048f5e6 Add changing of temperature unit from the web UI 2016-11-22 12:44:01 +01:00
DL6ER
87f5cc1009 Add "Help" to main navigation 2016-11-22 12:19:39 +01:00
DL6ER
3dea0cf937 Moved Donate item outside of $auth scope on the main menu 2016-11-21 10:52:56 +01:00
DL6ER
1cf031ab68 Show "-- : --" if session timer has expired. Show session timer only if user is logged in. 2016-11-20 21:14:34 +01:00
DL6ER
829c8544db Completely hide session timer if there is no session (i.e. no password set) 2016-11-20 21:09:00 +01:00
DL6ER
0cd099f6f1 Added session timer 2016-11-20 21:05:08 +01:00
DL6ER
cd75d7e7a3 Remove hash from the javascript scripts. 2016-11-20 15:34:03 +01:00
DL6ER
02dc741209 Move from GET to SESSION variables for the sake of convenience 2016-11-20 15:27:35 +01:00
J den Hartog
05c8522d4f standalone mode for iOS 
This will make the admin page look more like a native iOS application when started from Home Screen on iOS. It also won't create a tab in iOS Safari and will make spaceflight more convenient. See *Hiding Safari User Interface Components* on:

https://developer.apple.com/library/content/documentation/AppleApplications/Reference/SafariWebContent/ConfiguringWebApplications/ConfiguringWebApplications.html
 2016-11-20 15:17:20 +01:00
DL6ER
2c93be0174 Extended current password protection to gravity.sh page 2016-11-20 14:52:53 +01:00
DL6ER
6781fa7919 Merge branch 'devel' into auth 2016-11-20 14:47:25 +01:00
DL6ER
aad1b65a82 Added comments to header.php 2016-11-19 13:01:55 +01:00
DL6ER
8ecd218908 Many changes that are documented in PR #197 2016-11-18 21:31:30 +01:00
DL6ER
66e4da7724 Run gravity.sh from the web UI 2016-11-18 13:43:05 +01:00
DL6ER
ef38679050 Merge branch 'devel' into auth 2016-11-18 12:35:41 +01:00
Mcat12
b2b93e90b3 Add flag for strict CORS 
Prevents enable/disable from requests without CORS info
 2016-11-17 16:47:14 -05:00
DL6ER
4372c2e25b Extend hash auth to API calls 2016-11-16 23:35:10 +01:00
DL6ER
9fd67a0cce Merge branch 'devel' into loaddisplay 
Conflicts:
	header.php
 2016-11-16 23:16:22 +01:00
DL6ER
8c278f3853 Resolve merge conflict from updateing devel branch 2016-11-16 23:12:00 +01:00
DL6ER
08aab09f79 Merge branch 'devel' into auth 
Conflicts:
	header.php
 2016-11-16 23:11:20 +01:00
DL6ER
dc03f93940 Capitalized variable name 2016-11-16 22:32:48 +01:00
DL6ER
41fe76c5ac Capitalized variable name 2016-11-16 22:29:44 +01:00
DL6ER
6d5c90139b Compute double hashes to avoid rainbow table vulnerability 2016-11-16 22:12:52 +01:00
DL6ER
06df8f08a2 Always use only hashes for the password 2016-11-16 21:52:53 +01:00
DL6ER
4dfbcff97d Hide main navigation if user is not logged in 2016-11-16 20:36:17 +01:00
DL6ER
cb874e7c69 Show "Logout" only if (a) password is set and (b) user has successfully logged in. 2016-11-16 13:16:49 +01:00
DL6ER
7cbd9bd9db Show "Logout" only if a password is defined 2016-11-16 12:53:47 +01:00
DL6ER
70f9076eb4 Added "Logout" button which redirects to index.php without providing the password hash 2016-11-16 12:26:37 +01:00
DL6ER
72e5fc5655 Change button text to 'Login' 2016-11-16 12:16:57 +01:00
DL6ER
c3a6b0ef5e Fixed a typo 2016-11-16 12:14:58 +01:00
DL6ER
a754c3c511 Use hashed once logged in to hide the plain-text password 2016-11-16 12:11:44 +01:00
DL6ER
3bc6474e2a Add server-side password protection for the web interface 2016-11-16 11:47:38 +01:00