vh/NetAlertX
1
0
Fork 0
mirror of https://github.com/jokob-sk/NetAlertX.git synced 2025-12-07 09:36:05 -08:00
Code Issues Actions Packages Projects Releases Wiki Activity

🔃Sync enhancements

Browse Source
This commit is contained in:
jokob-sk
2024-09-29 11:12:38 +10:00
parent 0bdc4c4ed1
commit a17e066f34
3 changed files with 37 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
front/php/templates/security.php
View File

@@ -69,25 +69,45 @@ if (!empty($config_file_lines_password)) {
$nax_Password = ''; // or handle accordingly
}
// active Session or valid cookie (cookie not extends)
if($nax_WebProtection == 'true')
{
if(isset($_SESSION["login"]) == FALSE )
{
// Web protection is enabled, so we need to authenticate the request
if ($nax_WebProtection == 'true') {
// 2 methods of authentication - bearer in the request or password supplied by the user
if (!isset($_SESSION["login"])) {
$_SESSION["login"] = 0;
}
}
if ($_SESSION["login"] == 1 || $isLogonPage || (isset($_COOKIE[$CookieSaveLoginName]) && $nax_Password == $_COOKIE[$CookieSaveLoginName]))
{
// Retrieve the authorization header
$headers = apache_request_headers();
$auth_header = $headers['Authorization'] ?? '';
// Find SYNC_api_token line
$config_file_lines_token = array_values(preg_grep('/^SYNC_api_token.*=/', $config_file_lines));
if (!empty($config_file_lines_token)) {
$token_line = explode("'", $config_file_lines_token[0]);
$api_token = $token_line[1];
} else {
// Default behavior if SYNC_api_token is not found
$api_token = ''; // or handle accordingly
}
$expected_token = 'Bearer ' . $api_token;
// Verify the authorization token
if (!empty($api_token) && $auth_header === $expected_token) {
// Valid Bearer token, set session login to 1
$_SESSION["login"] = 1;
} else if (!empty($auth_header)) {
echo "[Security] Incorrect Bearer Token";
}
if ($_SESSION["login"] == 1 || $isLogonPage || (isset($_COOKIE[$CookieSaveLoginName]) && $nax_Password == $_COOKIE[$CookieSaveLoginName])) {
// Logged in or stay on this page if we are on the index.php already
} else
{
} else {
// we need to redirect
header('Location: /index.php');
exit(); // ensure script stops after header redirection
}
}
}
?>