diff options
| -rw-r--r-- | src/etc/inc/auth_check.inc | 79 | ||||
| -rw-r--r-- | src/usr/local/www/bandwidth_by_ip.php | 2 | ||||
| -rw-r--r-- | src/usr/local/www/getstats.php | 2 | ||||
| -rw-r--r-- | src/usr/local/www/ifstats.php | 2 | ||||
| -rw-r--r-- | src/usr/local/www/widgets/widgets/ipsec.widget.php | 2 |
5 files changed, 83 insertions, 4 deletions
diff --git a/src/etc/inc/auth_check.inc b/src/etc/inc/auth_check.inc new file mode 100644 index 0000000..93dbd7a --- /dev/null +++ b/src/etc/inc/auth_check.inc @@ -0,0 +1,79 @@ +<?php +/* + * auth_check.inc + * + * part of pfSense (https://www.pfsense.org) + * Copyright (c) 2017 Rubicon Communications, LLC (Netgate) + * All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +// this function is a duplicate from cmp_page_matches() in priv.inc +// however unconditionally including priv.inc takes significant more time/cpu +function cmp_page_matches2($page, & $matches, $fullwc = true) { + +// $dbg_matches = implode(",", $matches); +// log_error("debug: checking page {$page} match with {$dbg_matches}"); + + if (!is_array($matches)) { + return false; + } + + /* skip any leading fwdslash */ + $test = strpos($page, "/"); + if ($test !== false && $test == 0) { + $page = substr($page, 1); + } + + /* look for a match */ + foreach ($matches as $match) { + + /* possibly ignore full wildcard match */ + if (!$fullwc && !strcmp($match , "*")) { + continue; + } + + /* compare exact or wildcard match */ + $match = str_replace(array(".", "*", "?"), array("\.", ".*", "\?"), $match); + $result = preg_match("@^/{$match}$@", "/{$page}"); + + if ($result) { + return true; + } + } + + return false; +} + +function session_read_single_var($varname) { + $session_started = false; + if (!session_id()) { + session_start(); + $session_started = true; + } + $result = $_SESSION[$varname]; + if ($session_started) { + // if we started the session then lets close it.. + session_abort(); + } + return $result; +} + +$session_pagematch = session_read_single_var("page-match"); + +$pageuri = $_SERVER['REQUEST_URI']; +if (cmp_page_matches2($pageuri, $session_pagematch)) { + return; // auth OK +} +require_once("authgui.inc");
\ No newline at end of file diff --git a/src/usr/local/www/bandwidth_by_ip.php b/src/usr/local/www/bandwidth_by_ip.php index 9259924..d403dcc 100644 --- a/src/usr/local/www/bandwidth_by_ip.php +++ b/src/usr/local/www/bandwidth_by_ip.php @@ -19,7 +19,7 @@ * limitations under the License. */ -require_once('guiconfig.inc'); +require_once('auth_check.inc'); require_once('interfaces.inc'); require_once('pfsense-utils.inc'); require_once('util.inc'); diff --git a/src/usr/local/www/getstats.php b/src/usr/local/www/getstats.php index 9bc913f..940a7dc 100644 --- a/src/usr/local/www/getstats.php +++ b/src/usr/local/www/getstats.php @@ -32,7 +32,7 @@ header("Expires: " . gmdate("D, j M Y H:i:s", time()) . " GMT"); header("Cache-Control: no-cache, no-store, must-revalidate"); // HTTP/1.1 header("Pragma: no-cache"); // HTTP/1.0 -require_once("guiconfig.inc"); +require_once("auth_check.inc"); include_once("includes/functions.inc.php"); echo get_stats(); diff --git a/src/usr/local/www/ifstats.php b/src/usr/local/www/ifstats.php index dd10b93..671d5df 100644 --- a/src/usr/local/www/ifstats.php +++ b/src/usr/local/www/ifstats.php @@ -28,7 +28,7 @@ $nocsrf = true; -require_once('guiconfig.inc'); +require_once('auth_check.inc'); require_once("interfaces.inc"); diff --git a/src/usr/local/www/widgets/widgets/ipsec.widget.php b/src/usr/local/www/widgets/widgets/ipsec.widget.php index 62aa804..1c66153 100644 --- a/src/usr/local/www/widgets/widgets/ipsec.widget.php +++ b/src/usr/local/www/widgets/widgets/ipsec.widget.php @@ -28,7 +28,7 @@ $nocsrf = true; -require_once("guiconfig.inc"); +require_once("auth_check.inc"); require_once("functions.inc"); require_once("ipsec.inc"); |
