From 8eb0ba8f3a0ba5e59e1cab05e485cfeee2ff6067 Mon Sep 17 00:00:00 2001
From: dg9vh <kim@huebel-online.de>
Date: Tue, 25 Oct 2016 19:49:47 +0000
Subject: [PATCH] enabling password security for script-buttons

---
 scripts/halt.php        | 18 +++++++++++++++++-
 scripts/log.php         | 24 +++++++++++++++++-------
 scripts/reboot.php      | 17 +++++++++++++++++
 scripts/rebootmmdvm.php | 18 +++++++++++++++++-
 setup.php               | 32 ++++++++++++++++++++++++++++++++
 version.php             |  2 +-
 6 files changed, 101 insertions(+), 10 deletions(-)

diff --git a/scripts/halt.php b/scripts/halt.php
index bd5a45c..c4fdb7c 100644
--- a/scripts/halt.php
+++ b/scripts/halt.php
@@ -8,6 +8,14 @@ $start = $time;
 include "../config/config.php";
 include "../include/tools.php";
 include "../include/functions.php";
+if (!isset($_SERVER['PHP_AUTH_USER'])) {
+    header('WWW-Authenticate: Basic realm="Dashboard"');
+    header('HTTP/1.0 401 Unauthorized');
+    echo 'Zur Ausführung bitte die geforderten Login-Daten eingeben!';
+    exit;
+} else {
+	if ($_SERVER['PHP_AUTH_USER'] == HALTUSER && $_SERVER['PHP_AUTH_PW'] == HALTPW) {
+	$fileName = MMDVMLOGPATH."/".MMDVMLOGPREFIX."-".date("Y-m-d").".log";
 ?>
 <!doctype html>
 <html lang="es">
@@ -58,7 +66,15 @@ $time = explode(' ', $time);
 $time = $time[1] + $time[0];
 $finish = $time;
 $total_time = round(($finish - $start), 4);
-echo '<!--Page generated in '.$total_time.' seconds.-->';	
+echo '<!--Page generated in '.$total_time.' seconds.-->';
+		} else {
+			
+    header('WWW-Authenticate: Basic realm="Dashboard"');
+    header('HTTP/1.0 401 Unauthorized');
+    echo 'Zur Ausführung bitte die geforderten Login-Daten eingeben!';
+    exit;
+		}
+	}
 ?> | get your own at: <a href="https://github.com/dg9vh/MMDVMHost-Dashboard">https://github.com/dg9vh/MMDVMHost-Dashboard</a>
 	</div>
   </body>
diff --git a/scripts/log.php b/scripts/log.php
index 7cfc8d5..1991de7 100644
--- a/scripts/log.php
+++ b/scripts/log.php
@@ -9,7 +9,14 @@ include "../config/config.php";
 include "../include/tools.php";
 include "../include/functions.php";
 
-$fileName = MMDVMLOGPATH."/".MMDVMLOGPREFIX."-".date("Y-m-d").".log";
+if (!isset($_SERVER['PHP_AUTH_USER'])) {
+    header('WWW-Authenticate: Basic realm="Dashboard"');
+    header('HTTP/1.0 401 Unauthorized');
+    echo 'Zur Ausführung bitte die geforderten Login-Daten eingeben!';
+    exit;
+} else {
+	if ($_SERVER['PHP_AUTH_USER'] == VIEWLOGUSER && $_SERVER['PHP_AUTH_PW'] == VIEWLOGPW) {
+	$fileName = MMDVMLOGPATH."/".MMDVMLOGPREFIX."-".date("Y-m-d").".log";
 ?>
 <!doctype html>
 <html lang="es">
@@ -81,7 +88,6 @@ while (!$file->eof()) {
 
 // Unset the file to call __destruct(), closing the file handle.
 $file = null;
-
 ?>
    </table>
    </div>
@@ -99,6 +105,14 @@ $time = $time[1] + $time[0];
 $finish = $time;
 $total_time = round(($finish - $start), 4);
 echo '<!--Page generated in '.$total_time.' seconds.-->';	
+		} else {
+			
+    header('WWW-Authenticate: Basic realm="Dashboard"');
+    header('HTTP/1.0 401 Unauthorized');
+    echo 'Zur Ausführung bitte die geforderten Login-Daten eingeben!';
+    exit;
+		}
+	}
 ?> | get your own at: <a href="https://github.com/dg9vh/MMDVMHost-Dashboard">https://github.com/dg9vh/MMDVMHost-Dashboard</a>
 	</div>
 	<script>
@@ -106,8 +120,4 @@ $(document).ready(function(){
 
 var logT = $('#log').dataTable( {
     "aaSorting": [[1,'asc']]
-  } );
-});
-</script>
-  </body>
-</html>
+  } );});	</script>
diff --git a/scripts/reboot.php b/scripts/reboot.php
index cef12e9..99e84a7 100644
--- a/scripts/reboot.php
+++ b/scripts/reboot.php
@@ -8,6 +8,15 @@ $start = $time;
 include "../config/config.php";
 include "../include/tools.php";
 include "../include/functions.php";
+if (!isset($_SERVER['PHP_AUTH_USER'])) {
+    header('WWW-Authenticate: Basic realm="Dashboard"');
+    header('HTTP/1.0 401 Unauthorized');
+    echo 'Zur Ausführung bitte die geforderten Login-Daten eingeben!';
+    exit;
+} else {
+	if ($_SERVER['PHP_AUTH_USER'] == REBOOTUSER && $_SERVER['PHP_AUTH_PW'] == REBOOTPW) {
+	$fileName = MMDVMLOGPATH."/".MMDVMLOGPREFIX."-".date("Y-m-d").".log";
+
 ?>
 <!doctype html>
 <html lang="es">
@@ -58,6 +67,14 @@ $time = $time[1] + $time[0];
 $finish = $time;
 $total_time = round(($finish - $start), 4);
 echo '<!--Page generated in '.$total_time.' seconds.-->';	
+		} else {
+			
+    header('WWW-Authenticate: Basic realm="Dashboard"');
+    header('HTTP/1.0 401 Unauthorized');
+    echo 'Zur Ausführung bitte die geforderten Login-Daten eingeben!';
+    exit;
+		}
+	}
 ?> | get your own at: <a href="https://github.com/dg9vh/MMDVMHost-Dashboard">https://github.com/dg9vh/MMDVMHost-Dashboard</a>
 	</div>
   </body>
diff --git a/scripts/rebootmmdvm.php b/scripts/rebootmmdvm.php
index 3db6d26..f5c2ca3 100644
--- a/scripts/rebootmmdvm.php
+++ b/scripts/rebootmmdvm.php
@@ -9,6 +9,14 @@ $start = $time;
 include "../config/config.php";
 include "../include/tools.php";
 include "../include/functions.php";
+if (!isset($_SERVER['PHP_AUTH_USER'])) {
+    header('WWW-Authenticate: Basic realm="Dashboard"');
+    header('HTTP/1.0 401 Unauthorized');
+    echo 'Zur Ausführung bitte die geforderten Login-Daten eingeben!';
+    exit;
+} else {
+	if ($_SERVER['PHP_AUTH_USER'] == RESTARTUSER && $_SERVER['PHP_AUTH_PW'] == RESTARTPW) {
+	$fileName = MMDVMLOGPATH."/".MMDVMLOGPREFIX."-".date("Y-m-d").".log";
 ?>
 <!doctype html>
 <html lang="es">
@@ -59,7 +67,15 @@ $time = explode(' ', $time);
 $time = $time[1] + $time[0];
 $finish = $time;
 $total_time = round(($finish - $start), 4);
-echo '<!--Page generated in '.$total_time.' seconds.-->';	
+echo '<!--Page generated in '.$total_time.' seconds.-->';
+		} else {
+			
+    header('WWW-Authenticate: Basic realm="Dashboard"');
+    header('HTTP/1.0 401 Unauthorized');
+    echo 'Zur Ausführung bitte die geforderten Login-Daten eingeben!';
+    exit;
+		}
+	}
 ?> | get your own at: <a href="https://github.com/dg9vh/MMDVMHost-Dashboard">https://github.com/dg9vh/MMDVMHost-Dashboard</a>
 	</div>
   </body>
diff --git a/setup.php b/setup.php
index fe25bd4..3059158 100644
--- a/setup.php
+++ b/setup.php
@@ -151,6 +151,38 @@ include "include/tools.php";
         <span class="input-group-addon" id="ENABLEMANAGEMENT" style="width: 300px">Enable Management-Functions below</span>
         <div class="panel-body"><input type="checkbox" name="ENABLEMANAGEMENT" <?php if (constant("ENABLEMANAGEMENT")) echo "checked" ?>></div>
       </div>
+      <div class="input-group">
+        <span class="input-group-addon" id="VIEWLOGUSER" style="width: 300px">Username for view log:</span>
+        <input type="text" value="<?php echo constant("VIEWLOGUSER") ?>" name="VIEWLOGUSER" class="form-control" placeholder="username" aria-describedby="VIEWLOGUSER">
+      </div>	
+      <div class="input-group">
+        <span class="input-group-addon" id="VIEWLOGPW" style="width: 300px">Password for view log:</span>
+        <input type="text" value="<?php echo constant("VIEWLOGPW") ?>" name="VIEWLOGPW" class="form-control" placeholder="password" aria-describedby="VIEWLOGPW">
+      </div>	
+      <div class="input-group">
+        <span class="input-group-addon" id="HALTUSER" style="width: 300px">Username for halt:</span>
+        <input type="text" value="<?php echo constant("HALTUSER") ?>" name="HALTUSER" class="form-control" placeholder="username" aria-describedby="HALTUSER">
+      </div>	
+      <div class="input-group">
+        <span class="input-group-addon" id="HALTPW" style="width: 300px">Password for halt:</span>
+        <input type="text" value="<?php echo constant("HALTPW") ?>" name="HALTPW" class="form-control" placeholder="password" aria-describedby="HALTPW">
+      </div>	
+      <div class="input-group">
+        <span class="input-group-addon" id="REBOOTUSER" style="width: 300px">Username for reboot:</span>
+        <input type="text" value="<?php echo constant("REBOOTUSER") ?>" name="REBOOTUSER" class="form-control" placeholder="username" aria-describedby="REBOOTUSER">
+      </div>	
+      <div class="input-group">
+        <span class="input-group-addon" id="REBOOTPW" style="width: 300px">Password for reboot:</span>
+        <input type="text" value="<?php echo constant("REBOOTPW") ?>" name="REBOOTPW" class="form-control" placeholder="password" aria-describedby="REBOOTPW">
+      </div>	
+      <div class="input-group">
+        <span class="input-group-addon" id="RESTARTUSER" style="width: 300px">Username for restart:</span>
+        <input type="text" value="<?php echo constant("RESTARTUSER") ?>" name="RESTARTUSER" class="form-control" placeholder="username" aria-describedby="RESTARTUSER">
+      </div>	
+      <div class="input-group">
+        <span class="input-group-addon" id="RESTARTPW" style="width: 300px">Password for restart:</span>
+        <input type="text" value="<?php echo constant("RESTARTPW") ?>" name="RESTARTPW" class="form-control" placeholder="password" aria-describedby="RESTARTPW">
+      </div>	
       <div class="input-group">
         <span class="input-group-addon" id="REBOOTMMDVM" style="width: 300px">Reboot MMDVMHost command:</span>
         <input type="text" value="<?php echo constant("REBOOTMMDVM") ?>" name="REBOOTMMDVM" class="form-control" placeholder="sudo systemctl restart mmdvmhost.service" aria-describedby="REBOOTMMDVM">
diff --git a/version.php b/version.php
index 21a8baf..6caf628 100644
--- a/version.php
+++ b/version.php
@@ -1,3 +1,3 @@
 <?php
-define("VERSION", "20161025-1");
+define("VERSION", "20161025-2");
 ?>