nsinnovations/fusionpbx
2
0
Fork 0
mirror of https://github.com/fusionpbx/fusionpbx.git synced 2026-01-06 03:33:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add http authentication to provisioning.

Browse Source
This commit is contained in:
Mark Crane
2014-01-24 05:53:32 +00:00
parent 752c74ac50
commit b30dce5e80
1 changed files with 39 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
app/provision/index.php
View File

@@ -61,21 +61,6 @@ require_once "resources/require.php";
exit;
}
//if password was defined in the system -> variables page then require the password.
if (strlen($provision['password']) > 0) {
//deny access if the password doesn't match
if ($provision['password'] != check_str($_REQUEST['password'])) {
//log the failed auth attempt to the system, to be available for fail2ban.
openlog('FusionPBX', LOG_NDELAY, LOG_AUTH);
syslog(LOG_WARNING, '['.$_SERVER['REMOTE_ADDR']."] provision attempt bad password for ".check_str($_REQUEST['mac']));
closelog();
usleep(rand(1000000,3500000));//1-3.5 seconds.
echo "access denied";
return;
}
}
//send a request to a remote server to validate the MAC address and secret
if (strlen($_SERVER['auth_server']) > 0) {
$result = send_http_request($_SERVER['auth_server'], 'mac='.check_str($_REQUEST['mac']).'&secret='.check_str($_REQUEST['secret']));
@@ -271,6 +256,45 @@ require_once "resources/require.php";
}
}
//http authentication
//http://www.php.net/manual/en/features.http-auth.php
if (strlen($provision["http_username"]) > 0 && strlen($provision["http_password"]) > 0) {
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="'.$_SESSION['domain_name']." ".date('r').'"');
header('HTTP/1.0 401 Unauthorized');
header("Content-Type: text/plain");
echo 'Authorization Required';
exit;
} else {
if ($_SERVER['PHP_AUTH_USER'] == $provision["http_username"] && $_SERVER['PHP_AUTH_PW'] == $provision["http_password"]) {
//authorized
}
else {
//access denied
header('WWW-Authenticate: Basic realm="'.$_SESSION['domain_name']." ".date('r').'"');
unset($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']);
usleep(rand(1000000,3000000));//1-3 seconds.
echo 'Authorization Required';
exit;
}
}
}
//if password was defined in the system -> variables page then require the password.
if (strlen($provision['password']) > 0) {
//deny access if the password doesn't match
if ($provision['password'] != check_str($_REQUEST['password'])) {
//log the failed auth attempt to the system, to be available for fail2ban.
openlog('FusionPBX', LOG_NDELAY, LOG_AUTH);
syslog(LOG_WARNING, '['.$_SERVER['REMOTE_ADDR']."] provision attempt bad password for ".check_str($_REQUEST['mac']));
closelog();
usleep(rand(1000000,3500000));//1-3.5 seconds.
echo "access denied";
return;
}
}
//set the template directory
$template_directory = $_SERVER["DOCUMENT_ROOT"].PROJECT_PATH.'/resources/templates/provision';
if (strlen($provision["template_directory"]) > 0) {