4002 Initial commut - NOT fully working

AllskyTeam · Dec 24, 2024 · 3069820 · 3069820
1 parent 6457eeb
commit 3069820
Show file tree

Hide file tree

Showing 3 changed files with 566 additions and 27 deletions.
diff --git a/html/includes/admin.php b/html/includes/admin.php
@@ -22,10 +22,13 @@ function DisplayAuthConfig($username, $password) {
 				} else if ($new_username == '') {
 					$myStatus->addMessage('Username must not be empty.', 'danger');
 				} else {
-					$contents = $new_username.PHP_EOL;
-					$contents .= password_hash($new1, PASSWORD_BCRYPT).PHP_EOL;
-					$ret = updateFile(RASPI_ADMIN_DETAILS, $contents, "admin password file", true);
-					if ($ret === "") {
+
+                    $privateVars = get_decoded_json_file(ALLSKY_ENV, true, "");
+                    $privateVars["WEBUI_USERNAME"] = $new_username;
+                    $privateVars["WEBUI_PASSWORD"] = password_hash($new1, PASSWORD_BCRYPT);
+
+                    $ret = file_put_contents(ALLSKY_ENV, json_encode($privateVars, JSON_PRETTY_PRINT));
+					if ($ret !== false) {
 						$username = $new_username;
 						$myStatus->addMessage("$new_username password updated.", 'success');
 					} else {

diff --git a/html/includes/authenticate.php b/html/includes/authenticate.php
@@ -1,30 +1,24 @@
 <?php
-// Default admin username and password:
-$config = array(
-  'admin_user' => 'admin',
-  'admin_pass' => '$2y$10$YKIyWAmnQLtiJAy6QgHQ.eCpY4m.HCEbiHaTgN6.acNC6bDElzt.i'
-);
 
-// Can be overridden by what's in this file, if it exists:
-if(file_exists(RASPI_ADMIN_DETAILS)) {
-    if ( $auth_details = fopen(RASPI_ADMIN_DETAILS, 'r') ) {
-      $config['admin_user'] = trim(fgets($auth_details));
-      $config['admin_pass'] = trim(fgets($auth_details));
-      fclose($auth_details);
-    }
-}
+if ($useLogin) {
 
+    $privateVars = get_decoded_json_file(ALLSKY_ENV, true, "");
 
-// Check login if needed.
-if ($useLogin) {
-	$user = getVariableOrDefault($_SERVER, "PHP_AUTH_USER", "");
-	$pass = getVariableOrDefault($_SERVER, "PHP_AUTH_PW", "");
-	$validated = ($user == $config['admin_user']) && password_verify($pass, $config['admin_pass']);
+    if ($privateVars !== null) {
+        $adminUser = $privateVars["WEBUI_USERNAME"];
+        $adminPassword = $privateVars["WEBUI_PASSWORD"];
+
+        $user = getVariableOrDefault($_SERVER, "PHP_AUTH_USER", "");
+        $pass = getVariableOrDefault($_SERVER, "PHP_AUTH_PW", "");
+        $validated = ($user == $adminUser) && password_verify($pass, $adminPassword);
 
-	if (! $validated) {
-	  	header('WWW-Authenticate: Basic realm="Allsky Camera"');
-	  	header('HTTP/1.0 401 Unauthorized');
-	  	die ("Not authorized");
-	}
+        if (! $validated) {
+            header('WWW-Authenticate: Basic realm="Allsky Camera"');
+            header('HTTP/1.0 401 Unauthorized');
+            die ("Not authorized");
+        }
+    } else {
+        die ("Missing " . basename(ALLSKY_ENV));
+    }
 }
 ?>