php clean-up, logon fix

2025-12-07 01:26:11 -08:00 · 2022-12-31 14:02:30 +11:00
parent c35b22dc53
commit e7fe5f795a
12 changed files with 103 additions and 133 deletions
--- a/front/deviceDetails.php
+++ b/front/deviceDetails.php
@@ -8,14 +8,6 @@
 #--------------------------------------------------------------------------- -->
 <?php
 session_start();
 if ($_SESSION["login"] != 1)
  {
      header('Location: index.php');
      exit;
  }
  require 'php/templates/header.php';
  require 'php/server/db.php';
 ?>
--- a/front/devices.php
+++ b/front/devices.php
@@ -8,20 +8,11 @@
 #--------------------------------------------------------------------------- -->
 <?php
  session_start();
  if(array_search('login', $_SESSION) != FALSE)
  {
    if ($_SESSION["login"] != 1)
    {
        header('Location: index.php');
        exit;
    }    
  }
  require 'php/templates/header.php';
  require 'php/templates/graph.php';
  require 'php/server/util.php';
  // check permissions
  $dbPath = "../db/pialert.db";
--- a/front/events.php
+++ b/front/events.php
@@ -8,14 +8,6 @@
 #--------------------------------------------------------------------------- -->
 <?php
 session_start();
 if ($_SESSION["login"] != 1)
  {
      header('Location: index.php');
      exit;
  }
  require 'php/templates/header.php';
 ?>
--- a/front/help_faq.php
+++ b/front/help_faq.php
@@ -1,12 +1,4 @@
 <?php
 session_start();
 if ($_SESSION["login"] != 1)
  {
      header('Location: index.php');
      exit;
  }
  require 'php/templates/header.php';
 ?>
 <!-- Page ------------------------------------------------------------------ -->
--- a/front/index.php
+++ b/front/index.php
@@ -1,33 +1,9 @@
 <?php
 session_start();
 if(array_search('action', $_REQUEST) != FALSE)
 {
  if ($_REQUEST['action'] == 'logout') {
    session_destroy();
    setcookie("PiAler_SaveLogin", "", time() - 3600);
    header('Location: index.php');
  }    
 }
 require 'php/templates/language/lang.php';
 require 'php/templates/skinUI.php';
-
+require 'php/templates/security.php';
 // ##################################################
 // ## Login Processing start
 // ##################################################
 $config_file = "../config/pialert.conf";
 $config_file_lines = file($config_file);
 // ###################################
 // ## PIALERT_WEB_PROTECTION FALSE
 // ###################################
 $config_file_lines_bypass = array_values(preg_grep('/^PIALERT_WEB_PROTECTION\s.*/', $config_file_lines));
 $protection_line = explode("=", $config_file_lines_bypass[0]);
 $Pia_WebProtection = strtolower(trim($protection_line[1]));
 if ($Pia_WebProtection != 'true')
  {
@@ -36,46 +12,44 @@ if ($Pia_WebProtection != 'true')
      exit;
  }
 // ###################################
 // ## PIALERT_WEB_PROTECTION TRUE
 // ###################################
 $config_file_lines = array_values(preg_grep('/^PIALERT_WEB_PASSWORD\s.*/', $config_file_lines));
 $password_line = explode("'", $config_file_lines[0]);
 $Pia_Password = $password_line[1];
 // Password without Cookie check -> pass and set initial cookie
-if ($Pia_Password == hash('sha256',$_POST["loginpassword"]))
+if (isset ($_POST["loginpassword"]) && $Pia_Password == hash('sha256',$_POST["loginpassword"]))
  {
      header('Location: devices.php');
      $_SESSION["login"] = 1;
-      if (isset($_POST['PWRemember'])) {setcookie("PiAler_SaveLogin", hash('sha256',$_POST["loginpassword"]), time()+604800);}
+      if (isset($_POST['PWRemember'])) {setcookie("PiAlert_SaveLogin", hash('sha256',$_POST["loginpassword"]), time()+604800);}
  }
 // active Session or valid cookie (cookie not extends)
-if (($_SESSION["login"] == 1) || ($Pia_Password == $_COOKIE["PiAler_SaveLogin"]))
+if (( isset ($_SESSION["login"]) && ($_SESSION["login"] == 1)) || (isset ($_COOKIE["PiAlert_SaveLogin"]) && $Pia_Password == $_COOKIE["PiAlert_SaveLogin"]))
  {
      header('Location: devices.php');
      $_SESSION["login"] = 1;
-      if (isset($_POST['PWRemember'])) {setcookie("PiAler_SaveLogin", hash('sha256',$_POST["loginpassword"]), time()+604800);}
+      if (isset($_POST['PWRemember'])) {setcookie("PiAlert_SaveLogin", hash('sha256',$_POST["loginpassword"]), time()+604800);}
  }
 $login_headline = lang('Login_Toggle_Info_headline');
 $login_info = "";
 // no active session, cookie not checked
-if ($_SESSION["login"] != 1)
+if (isset ($_SESSION["login"]) == FALSE || $_SESSION["login"] != 1)
  {
-      if (file_exists('../db/setting_darkmode')) {$ENABLED_DARKMODE = True;}
+    if ($Pia_Password == '8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92') 
-      if ($Pia_Password == '8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92') {
+    {
-        $login_info = 'Defaultpassword "123456" is still active';
+      $login_info = lang('Login_Default_PWD');
-        $login_mode = 'danger';
+      $login_mode = 'danger';
-        $login_display_mode = 'display: block;';
+      $login_display_mode = 'display: block;';
-        $login_headline = lang('Login_Toggle_Alert_headline');
+      $login_headline = lang('Login_Toggle_Alert_headline');
-        $login_icon = 'fa-ban';
+      $login_icon = 'fa-ban';
-  } else {
+    } 
-    $login_mode = 'info';
+    else 
-    $login_display_mode = 'display: none;';
+    {
-    $login_headline = lang('Login_Toggle_Info_headline');
+      $login_mode = 'info';
-    $login_icon = 'fa-info';
+      $login_display_mode = 'display: none;';
-  }
+      $login_headline = lang('Login_Toggle_Info_headline');
      $login_icon = 'fa-info';
    }
 }
 // ##################################################
 // ## Login Processing end
@@ -196,8 +170,3 @@ function Passwordhinfo() {
 </script>
 </body>
 </html>
 <?php
  }
 ?>
--- a/front/maintenance.php
+++ b/front/maintenance.php
@@ -1,14 +1,4 @@
 <?php
 session_start();
 // Turn off php errors
 error_reporting(0);
 if ($_SESSION["login"] != 1)
  {
      header('Location: index.php');
      exit;
  }
 //------------------------------------------------------------------------------
 //  Pi.Alert
@@ -113,12 +103,20 @@ $Pia_Archive_diskusage = number_format(($Pia_Archive_diskusage / 1000000),2,",",
 $latestfiles = glob($Pia_Archive_Path."pialertdb_*.zip");
 natsort($latestfiles);
 $latestfiles = array_reverse($latestfiles,False);
-$latestbackup = $latestfiles[0];
+
-$latestbackup_date = date ("Y-m-d H:i:s", filemtime($latestbackup));
+$latestbackup = 'none';
 $latestbackup_date = 'no backup';
 if (count($latestfiles) > 0)
 {
  $latestbackup = $latestfiles[0];
  $latestbackup_date = date ("Y-m-d H:i:s", filemtime($latestbackup));
 }
 // Skin selector -----------------------------------------------------------------
-if (submit && isset($_POST['skinselector_set'])) {
+if (isset($_POST['submit']) && submit && isset($_POST['skinselector_set'])) {
  $pia_skin_set_dir = '../db/';
  $pia_skin_selector = htmlspecialchars($_POST['skinselector']);
  if (in_array($pia_skin_selector, $pia_installed_skins)) {
--- a/front/network.php
+++ b/front/network.php
@@ -1,14 +1,4 @@
 <?php
  session_start();
  // Turn off php errors
  error_reporting(0);
  if ($_SESSION["login"] != 1)
  {
      header('Location: index.php');
      exit;
  }
  require 'php/templates/header.php';
  require 'php/server/db.php';
--- a/front/php/templates/header.php
+++ b/front/php/templates/header.php
@@ -12,6 +12,7 @@
 require '/home/pi/pialert/front/php/templates/timezone.php';
 require '/home/pi/pialert/front/php/templates/skinUI.php';
 require '/home/pi/pialert/front/php/templates/language/lang.php';
 require '/home/pi/pialert/front/php/templates/security.php';
 ?>
--- a/front/php/templates/language/en_us.php
+++ b/front/php/templates/language/en_us.php
@@ -37,6 +37,7 @@ $lang['en_us'] = array(
 'Login_Toggle_Info' => 'Password Information',
 'Login_Toggle_Info_headline' => 'Password Information',
 'Login_Toggle_Alert_headline' => 'Password Alert!',
 'Login_Default_PWD' => 'Default password "123456" is still active.',
 //////////////////////////////////////////////////////////////////
 // Device Page
--- a/front/php/templates/security.php
+++ b/front/php/templates/security.php
@@ -0,0 +1,64 @@
 <?php
 $url = 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
 $isLogonPage = FALSE;
 if (strpos($url,'index.php') !== false) {
    $isLogonPage = TRUE;
 } 
 session_start();
 if(array_search('action', $_REQUEST) != FALSE)
 {
  if ($_REQUEST['action'] == 'logout') {
    session_destroy();
    setcookie("PiAlert_SaveLogin", "", time() - 3600);
    header('Location: index.php');
  }    
 }
 // ##################################################
 // ## Login Processing start
 // ##################################################
 $config_file = "../config/pialert.conf";
 $config_file_lines = file($config_file);
 // ###################################
 // ## PIALERT_WEB_PROTECTION FALSE
 // ###################################
 $config_file_lines_bypass = array_values(preg_grep('/^PIALERT_WEB_PROTECTION.*=/', $config_file_lines));
 $protection_line = explode("=", $config_file_lines_bypass[0]);
 $Pia_WebProtection = strtolower(trim($protection_line[1]));
 // ###################################
 // ## PIALERT_WEB_PROTECTION TRUE
 // ###################################
 $config_file_lines = array_values(preg_grep('/^PIALERT_WEB_PASSWORD.*=/', $config_file_lines));
 $password_line = explode("'", $config_file_lines[0]);
 $Pia_Password = $password_line[1];
 // active Session or valid cookie (cookie not extends)
 if($Pia_WebProtection == 'true')
 {
    if(isset ($_SESSION["login"]) == FALSE )
    {
        $_SESSION["login"] = 0;
    }     
    if ( ($_SESSION["login"] == 1) || $isLogonPage ||  (( isset($_COOKIE["PiAlert_SaveLogin"]) && $Pia_Password == $_COOKIE["PiAlert_SaveLogin"])))
    {
        //Logged in or stay on this page if we are on the index.php already   
    } else 
    {
        // we need to redirect        
        header('Location: index.php');
    } 
 }
 ?>
--- a/front/presence.php
+++ b/front/presence.php
@@ -8,14 +8,6 @@
 #--------------------------------------------------------------------------- -->
 <?php
 session_start();
 if ($_SESSION["login"] != 1)
  {
      header('Location: index.php');
      exit;
  }
  require 'php/templates/header.php';
  require 'php/templates/graph.php';
 ?>
--- a/front/settings.php
+++ b/front/settings.php
@@ -1,19 +1,7 @@
 <?php
 session_start();
 if ($_SESSION["login"] != 1)
 {
    header('Location: index.php');
    exit;
 }
 require 'php/templates/header.php';
 foreach (glob("../db/setting_language*") as $filename) {
    $pia_lang_selected = str_replace('setting_language_','',basename($filename));
 }
 if (strlen($pia_lang_selected) == 0) {$pia_lang_selected = 'en_us';}
 //------------------------------------------------------------------------------
 // External files