From 98a982289729177662756e473ff9327df3d4e331 Mon Sep 17 00:00:00 2001 From: Joe Haig Date: Sat, 28 May 2016 20:19:19 +0100 Subject: [PATCH 1/4] Avoid breaking hostapd config file with tabs --- includes/functions.php | 21 +++++++-------------- 1 file changed, 7 insertions(+), 14 deletions(-) diff --git a/includes/functions.php b/includes/functions.php index a957c2c..a2ee6b9 100755 --- a/includes/functions.php +++ b/includes/functions.php @@ -995,20 +995,13 @@ function SaveHostAPDConfig(){ auth_algs=1 wpa_key_mgmt=WPA-PSK'; - $config .= "interface=".$_POST['interface']." - "; - $config .= "ssid=".$_POST['ssid']." - "; - $config .= "hw_mode=".$_POST['hw_mode']." - "; - $config .= "channel=".$_POST['channel']." - "; - $config .= "wpa=".$_POST['wpa']." - "; - $config .='wpa_passphrase='.$_POST['wpa_passphrase'].' - '; - $config .="wpa_pairwise=".$_POST['wpa_pairwise']." - "; + $config .= "interface=".$_POST['interface'].PHP_EOL; + $config .= "ssid=".$_POST['ssid'].PHP_EOL; + $config .= "hw_mode=".$_POST['hw_mode'].PHP_EOL; + $config .= "channel=".$_POST['channel'].PHP_EOL; + $config .= "wpa=".$_POST['wpa'].PHP_EOL; + $config .='wpa_passphrase='.$_POST['wpa_passphrase'].PHP_EOL; + $config .="wpa_pairwise=".$_POST['wpa_pairwise'].PHP_EOL; $config .="country_code=".$_POST['country_code']; exec( "echo '$config' > /tmp/hostapddata", $return ); From 926d7ba13b304d2351925d21dbd1ad1cd0fb2429 Mon Sep 17 00:00:00 2001 From: Joe Haig Date: Sat, 28 May 2016 21:12:02 +0100 Subject: [PATCH 2/4] Add more PHP_EOLs --- includes/functions.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/includes/functions.php b/includes/functions.php index a2ee6b9..4f6020c 100755 --- a/includes/functions.php +++ b/includes/functions.php @@ -988,12 +988,12 @@ function DisplayTorProxyConfig(){ */ function SaveHostAPDConfig(){ if( isset($_POST['SaveHostAPDSettings']) ) { - $config = 'driver=nl80211 - ctrl_interface='. RASPI_HOSTAPD_CTRL_INTERFACE .' - ctrl_interface_group=0 - beacon_int=100 - auth_algs=1 - wpa_key_mgmt=WPA-PSK'; + $config = 'driver=nl80211'.PHP_EOL + .'ctrl_interface='.RASPI_HOSTAPD_CTRL_INTERFACE.PHP_EOL + .'ctrl_interface_group=0'.PHP_EOL + .'beacon_int=100'.PHP_EOL + .'auth_algs=1'.PHP_EOL + .'wpa_key_mgmt=WPA-PSK'.PHP_EOL; $config .= "interface=".$_POST['interface'].PHP_EOL; $config .= "ssid=".$_POST['ssid'].PHP_EOL; From 4e77adce33f89f5cfd23218a1a293d16cdf5d673 Mon Sep 17 00:00:00 2001 From: Joseph Haig Date: Sun, 29 May 2016 16:38:43 +0100 Subject: [PATCH 3/4] Add simple authentication --- README.md | 8 ++++ includes/admin.php | 78 +++++++++++++++++++++++++++++++++++++++ includes/authenticate.php | 17 +++++++++ index.php | 14 ++++++- raspap.php | 14 +++++++ 5 files changed, 130 insertions(+), 1 deletion(-) create mode 100755 includes/admin.php create mode 100644 includes/authenticate.php create mode 100644 raspap.php diff --git a/README.md b/README.md index c098597..8e53aca 100644 --- a/README.md +++ b/README.md @@ -59,11 +59,19 @@ Set the files ownership to `www-data` user. ```sh sudo chown -R www-data:www-data /var/www ``` +Move the RaspAP configuration file to the correct location +```sh +sudo mkdir /etc/raspad +sudo mv /var/www/raspad.php /etc/raspad/ +sudo chown -R www-data:www-data /etc/raspad +``` Reboot and it should be up and running! ```sh sudo reboot ``` +The default username is 'admin' and the default password is 'secret'. + ## Optional services OpenVPN and TOR are two additional services that run perfectly well on the RPi, and are a nice way to extend the usefulness of your WiFi router. I've started on interfaces to administer these services. Not everyone will need them, so for the moment they are disabled by default. You can enable them by changing these options in `index.php`: diff --git a/includes/admin.php b/includes/admin.php new file mode 100755 index 0000000..12d12fe --- /dev/null +++ b/includes/admin.php @@ -0,0 +1,78 @@ +'.$message; + if ($dismissable) $status .= ''; + $status .= ''; + + return $status; +} + +function DisplayRaspAPConfig($username, $password){ + $status = ''; + if (isset($_POST['UpdateAdminPassword'])) { + if (password_verify($_POST['oldpass'], $password)) { + $new_username=trim($_POST['username']); + if ($_POST['newpass'] != $_POST['newpassagain']) { + $status = Status('New passwords do not match', 'danger'); + } else if ($new_username == '') { + $status = Status('Username must not be empty', 'danger'); + } else { + if ($auth_file = fopen(RASPI_ADMIN_DETAILS, 'w')) { + fwrite($auth_file, $new_username.PHP_EOL); + fwrite($auth_file, password_hash($_POST['newpass'], PASSWORD_BCRYPT).PHP_EOL); + fclose($auth_file); + $username = $new_username; + $status = Status('Admin password updated'); + } else { + $status = Status('Failed to update admin password', 'danger'); + } + } + } else { + $status = Status('Old password does not match', 'danger'); + } + } +?> +
+
+
+
RaspAP Configuration
+
+

+
+
+
+ + +
+
+
+
+ + +
+
+
+
+ + +
+
+
+
+ + +
+
+ +
+
+
+
+
+ diff --git a/includes/authenticate.php b/includes/authenticate.php new file mode 100644 index 0000000..a69a5ce --- /dev/null +++ b/includes/authenticate.php @@ -0,0 +1,17 @@ + "admin"); +$valid_users = array_keys($valid_passwords); + +$user = $_SERVER['PHP_AUTH_USER']; +$pass = $_SERVER['PHP_AUTH_PW']; + +//$validated = (in_array($user, $valid_users)) && ($pass == $valid_passwords[$user]); +$validated = ($user == $config['admin_user']) && password_verify($pass, $config['admin_pass']); + +if (!$validated) { + header('WWW-Authenticate: Basic realm="RaspAP"'); + header('HTTP/1.0 401 Unauthorized'); + die ("Not authorized"); +} + +?> diff --git a/index.php b/index.php index 7743ee0..ce05797 100755 --- a/index.php +++ b/index.php @@ -20,6 +20,9 @@ * @see http://sirlagz.net/2013/02/08/raspap-webgui/ */ +define('RASPI_CONFIG', '/etc/raspap'); +define('RASPI_ADMIN_DETAILS', RASPI_CONFIG.'/raspap.auth'); + // Constants for configuration file paths. // These are typical for default RPi installs. Modify if needed. define('RASPI_DNSMASQ_CONFIG', '/etc/dnsmasq.conf'); @@ -36,6 +39,9 @@ define('RASPI_TORPROXY_CONFIG', '/etc/tor/torrc'); define('RASPI_OPENVPN_ENABLED', false ); define('RASPI_TORPROXY_ENABLED', false ); +include_once( RASPI_CONFIG.'/raspap.php' ); +include_once( 'includes/authenticate.php' ); +include_once( 'includes/admin.php' ); include_once( 'includes/functions.php' ); $output = $return = 0; @@ -94,7 +100,7 @@ $page = $_GET['page']; - RaspAP Wifi Portal v1.0 + RaspAP Wifi Portal v1.0 @@ -124,6 +130,9 @@ $page = $_GET['page']; Configure TOR proxy +
  • + Configure RaspAP +
    • @@ -161,6 +170,9 @@ $page = $_GET['page']; case "torproxy_conf": DisplayTorProxyConfig(); break; + case "admin_conf": + DisplayRaspAPConfig($config['admin_user'], $config['admin_pass']); + break; case "save_hostapd_conf": SaveHostAPDConfig(); break; diff --git a/raspap.php b/raspap.php new file mode 100644 index 0000000..9f5430b --- /dev/null +++ b/raspap.php @@ -0,0 +1,14 @@ + 'admin', + 'admin_pass' => '$2y$10$YKIyWAmnQLtiJAy6QgHQ.eCpY4m.HCEbiHaTgN6.acNC6bDElzt.i' +); + +if ( $auth_details = fopen(RASPI_CONFIG.'/raspap.auth', 'r') ) { + $config['admin_user'] = trim(fgets($auth_details)); + $config['admin_pass'] = trim(fgets($auth_details)); + fclose($auth_details); +} + +?> From a3e37866e6ee42012b4c4f0b3de36000be5d23bd Mon Sep 17 00:00:00 2001 From: Joe Haig Date: Sun, 29 May 2016 17:45:07 +0100 Subject: [PATCH 4/4] Clean up --- includes/authenticate.php | 4 ---- 1 file changed, 4 deletions(-) diff --git a/includes/authenticate.php b/includes/authenticate.php index a69a5ce..8a72967 100644 --- a/includes/authenticate.php +++ b/includes/authenticate.php @@ -1,11 +1,7 @@ "admin"); -$valid_users = array_keys($valid_passwords); - $user = $_SERVER['PHP_AUTH_USER']; $pass = $_SERVER['PHP_AUTH_PW']; -//$validated = (in_array($user, $valid_users)) && ($pass == $valid_passwords[$user]); $validated = ($user == $config['admin_user']) && password_verify($pass, $config['admin_pass']); if (!$validated) {