mmk2410/rangitaki
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

API auth

Browse source
This commit is contained in:
Marcel Kapfer (mmk2410) 2016-04-22 18:18:21 +02:00
parent 39da838ebd
commit e0dc2622c2
4 changed files with 15 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
bin/init_rcc.php
View file

@ -16,22 +16,21 @@ if ($username == "") {
} }
echo 'Password: '; echo 'Password: ';
$password = exec('read -s PW; echo $PW'); $password = readline("Password: ");
if ($password == "") { if ($password == "") {
echo "No password given. Aborting...\n"; echo "No password given. Aborting...\n";
exit(); exit();
} }
$hash = password_hash($password, PASSWORD_BCRYPT);
$username = '$username = "' . $username . '";'; $username = '$username = "' . $username . '";';
$hash = '$hash = "' . $hash . '";'; $password = '$password = "' . $password . '";';
$file = '<?php' . "\n" . $username . "\n" . $hash . "\n"; $file = '<?php' . "\n" . $username . "\n" . $password . "\n";
if (file_put_contents('./rcc/password.php', $file)) { if (file_put_contents('./rcc/password.php', $file)) {
echo "\nPassword hash successfully saved.\n"; chmod('./rcc/password.php', 0640);
echo "\nPassword successfully saved.\n";
} }
$config = new Config('config.yaml', 'vendor/autoload.php'); $config = new Config('config.yaml', 'vendor/autoload.php');

6
config.yaml
View file

@ -1,3 +1,3 @@
rcc: # settings concerning the rangitaki control center rcc:
rcc: on # enable rangitaki control center (enable: 'on') rcc: 'off'
api: on # enable rangitaki api (enable: 'on') api: 'on'

7
rcc/api/auth/auth.php
View file

@ -5,12 +5,13 @@
require 'DigestAuth.php'; require 'DigestAuth.php';
require '../../password.php';
use \mmk2410\rbe\digestAuth\DigestAuth as DigestAuth; use \mmk2410\rbe\digestAuth\DigestAuth as DigestAuth;
$realm = 'Restricted area'; $realm = 'Restricted area';
//user => password $users = array($username => $password);
$users = array('admin' => 'mypass', 'guest' => 'guest');
if (empty($_SERVER['PHP_AUTH_DIGEST'])) { if (empty($_SERVER['PHP_AUTH_DIGEST'])) {
header('HTTP/1.1 401 Unauthorized'); header('HTTP/1.1 401 Unauthorized');
@ -24,6 +25,7 @@ if (empty($_SERVER['PHP_AUTH_DIGEST'])) {
// analyze the PHP_AUTH_DIGEST variable // analyze the PHP_AUTH_DIGEST variable
if (!($data = DigestAuth::httpDigestParse($_SERVER['PHP_AUTH_DIGEST'])) || if (!($data = DigestAuth::httpDigestParse($_SERVER['PHP_AUTH_DIGEST'])) ||
!isset($users[$data['username']])) { !isset($users[$data['username']])) {
var_dump($_SERVER["PHP_AUTH_DIGEST"]);
die('Wrong Credentials!'); die('Wrong Credentials!');
} }
@ -34,5 +36,6 @@ $A2 = md5($_SERVER['REQUEST_METHOD'].':'.$data['uri']);
$valid_response = md5($A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2); $valid_response = md5($A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2);
if ($data['response'] != $valid_response) { if ($data['response'] != $valid_response) {
var_dump($_SERVER["PHP_AUTH_PW"]);
die('Wrong Credentials!'); die('Wrong Credentials!');
} }

4
rcc/password.php
View file

@ -1,3 +1,3 @@
<?php <?php
// Set here your RCC password $username = "example";
$password = "setyourpassword"; $password = "example";