Skip to content
This repository has been archived by the owner on Aug 27, 2022. It is now read-only.

protection: handle login check earlier to protect other endpoints #205

Merged
merged 1 commit into from
Mar 10, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 15 additions & 7 deletions admin/diskusage.php
Original file line number Diff line number Diff line change
@@ -1,8 +1,21 @@
<?php
session_start();

require_once('../lib/config.php');
require_once('../lib/diskusage.php');
require_once '../lib/config.php';

// Login / Authentication check
if (
!$config['login']['enabled'] ||
(!$config['protect']['localhost_admin'] && $_SERVER['REMOTE_ADDR'] === $_SERVER['SERVER_ADDR']) ||
(isset($_SESSION['auth']) && $_SESSION['auth'] === true) ||
!$config['protect']['admin']
) {
require_once '../lib/diskusage.php';
} else {
header('location: ../login');
exit();
}

?>

<!DOCTYPE html>
Expand Down Expand Up @@ -38,7 +51,6 @@
<body class="loginbody">
<div class="login-panel">
<h2>Photobooth <span data-i18n="disk_usage"></span></h2>
<?php if( !$config['login']['enabled'] || !$config['protect']['localhost_admin'] && $_SERVER['REMOTE_ADDR'] === $_SERVER['SERVER_ADDR'] || (isset($_SESSION['auth']) && $_SESSION['auth'] === true) || !$config['protect']['admin']): ?>
<a class="btn btn--tiny btn--flex back-to-admin" href="./"><i class="fa fa-arrow-left"></i></a>
<button class="download-zip-btn btn btn--tiny btn--flex">
<span data-i18n="download_zip"></span>
Expand All @@ -55,10 +67,6 @@

}
?>
<?php else:
header("location: ../login");
exit;
endif; ?>
</div>

<div id="adminsettings">
Expand Down
25 changes: 14 additions & 11 deletions admin/index.php
Original file line number Diff line number Diff line change
@@ -1,7 +1,19 @@
<?php
session_start();
require_once('../lib/config.php');
require_once('../lib/configsetup.inc.php');
require_once '../lib/config.php';

// Login / Authentication check
if (
!$config['login']['enabled'] ||
(!$config['protect']['localhost_admin'] && $_SERVER['REMOTE_ADDR'] === $_SERVER['SERVER_ADDR']) ||
(isset($_SESSION['auth']) && $_SESSION['auth'] === true) ||
!$config['protect']['admin']
) {
require_once '../lib/configsetup.inc.php';
} else {
header('location: ../login');
exit();
}
?>
<!DOCTYPE html>
<html>
Expand All @@ -26,10 +38,6 @@
<body>
<!-- NavBar content -->
<?php
// Login / Authentication check
if( !$config['login']['enabled'] || !$config['protect']['localhost_admin'] && $_SERVER['REMOTE_ADDR'] === $_SERVER['SERVER_ADDR'] || (isset($_SESSION['auth']) && $_SESSION['auth'] === true) || !$config['protect']['admin'] )
{

/***********************
** PHP helper functions
***********************/
Expand Down Expand Up @@ -258,11 +266,6 @@ function isElementHidden($element_class, $setting)
echo '</div>';
}
}
else
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This one needed to be removed too

{
header("location: ../login");
exit;
}
?>
</div>
</form>
Expand Down
58 changes: 31 additions & 27 deletions index.php
Original file line number Diff line number Diff line change
@@ -1,31 +1,41 @@
<?php
session_start();

require_once('lib/config.php');
require_once('lib/db.php');
require_once('lib/filter.php');

if ($config['database']['enabled']) {
$images = getImagesFromDB();
} else {
$images = getImagesFromDirectory($config['foldersAbs']['images']);
require_once 'lib/config.php';
if ($config['live_keying']['enabled']) {
header('location: livechroma.php');
}

$imagelist = ($config['gallery']['newest_first'] === true) ? array_reverse($images) : $images;

if ($config['ui']['style'] === 'modern') {
$btnClass1 = 'round-btn';
$btnClass2 = 'round-btn';
$galleryIcon = 'fa-picture-o';
// Login / Authentication check
if (
!$config['login']['enabled'] ||
(!$config['protect']['localhost_index'] && $_SERVER['REMOTE_ADDR'] === $_SERVER['SERVER_ADDR']) ||
((isset($_SESSION['auth']) && $_SESSION['auth'] === true) || !$config['protect']['index'])
) {
require_once 'lib/db.php';
require_once 'lib/filter.php';

if ($config['database']['enabled']) {
$images = getImagesFromDB();
} else {
$images = getImagesFromDirectory($config['foldersAbs']['images']);
}

$imagelist = $config['gallery']['newest_first'] === true ? array_reverse($images) : $images;

if ($config['ui']['style'] === 'modern') {
$btnClass1 = 'round-btn';
$btnClass2 = 'round-btn';
$galleryIcon = 'fa-picture-o';
} else {
$btnClass1 = 'btn';
$btnClass2 = '';
$galleryIcon = 'fa-th';
}
} else {
$btnClass1 = 'btn';
$btnClass2 = '';
$galleryIcon = 'fa-th';
header('location: login');
exit();
}

if ($config['live_keying']['enabled']):
header("location: livechroma.php");
endif;
?>
<!DOCTYPE html>
<html>
Expand Down Expand Up @@ -65,8 +75,6 @@
<video id="video--preview" autoplay playsinline></video>
<body class="deselect">
<div id="wrapper">
<?php if( !$config['login']['enabled'] || !$config['protect']['localhost_index'] && $_SERVER['REMOTE_ADDR'] === $_SERVER['SERVER_ADDR'] || (isset($_SESSION['auth']) && $_SESSION['auth'] === true || !$config['protect']['index'])): ?>

<?php include('template/' . $config['ui']['style'] . '.template.php'); ?>

<!-- image Filter Pane -->
Expand Down Expand Up @@ -184,10 +192,6 @@
<div style="position:absolute; bottom:0; right:0;">
<img src="resources/img/spacer.png" alt="adminsettings" ondblclick="adminsettings()" />
</div>
<?php else:
header("location: login");
exit;
endif; ?>
</div>

<script src="node_modules/whatwg-fetch/dist/fetch.umd.js"></script>
Expand Down
47 changes: 26 additions & 21 deletions livechroma.php
Original file line number Diff line number Diff line change
@@ -1,24 +1,34 @@
<?php
session_start();

require_once('lib/config.php');
require_once('lib/db.php');

if ($config['database']['enabled']) {
$images = getImagesFromDB();
require_once 'lib/config.php';

// Login / Authentication check
if (
!$config['login']['enabled'] ||
(!$config['protect']['localhost_index'] && $_SERVER['REMOTE_ADDR'] === $_SERVER['SERVER_ADDR']) ||
((isset($_SESSION['auth']) && $_SESSION['auth'] === true) || !$config['protect']['index'])
) {
require_once 'lib/db.php';

if ($config['database']['enabled']) {
$images = getImagesFromDB();
} else {
$images = getImagesFromDirectory($config['foldersAbs']['images']);
}
$imagelist = $config['gallery']['newest_first'] === true ? array_reverse($images) : $images;

if ($config['ui']['style'] === 'modern') {
$btnClass1 = 'round-btn';
$btnClass2 = 'round-btn';
} else {
$btnClass1 = 'btn btn--small btn--flex';
$btnClass2 = 'btn';
}
} else {
$images = getImagesFromDirectory($config['foldersAbs']['images']);
header('location: login');
exit();
}
$imagelist = ($config['gallery']['newest_first'] === true) ? array_reverse($images) : $images;

if ($config['ui']['style'] === 'modern') {
$btnClass1 = 'round-btn';
$btnClass2 = 'round-btn';
} else {
$btnClass1 = 'btn btn--small btn--flex';
$btnClass2 = 'btn';
}

?>
<!doctype html>
<html>
Expand Down Expand Up @@ -53,7 +63,6 @@
</head>
<body>
<div class="chromawrapper">
<?php if( !$config['login']['enabled'] || !$config['protect']['localhost_index'] && $_SERVER['REMOTE_ADDR'] === $_SERVER['SERVER_ADDR'] || (isset($_SESSION['auth']) && $_SESSION['auth'] === true || !$config['protect']['index'])): ?>
<div class="top-bar">
<?php if (!$config['live_keying']['enabled']): ?>
<a href="index.php" class="<?php echo $btnClass1; ?> closebtn"><i class="fa fa-times"></i></a>
Expand Down Expand Up @@ -140,10 +149,6 @@

<div class="modal" id="print_mesg">
<div class="modal__body"><span data-i18n="printing"></span></div>
<?php else:
header("location: login");
exit;
endif; ?>
</div>

<script src="node_modules/whatwg-fetch/dist/fetch.umd.js"></script>
Expand Down