Mirrors/wrapperr
2
0
Fork 0
mirror of https://github.com/aunefyren/wrapperr synced 2025-03-04 22:47:15 +00:00
Code Issues Projects Releases Packages Wiki Activity

Username support & Sensitive info warning in README

Browse source 
You must now configure a username for more security.
Warning about access to /config added.
This commit is contained in:
aunefyren 2021-10-04 14:26:50 +02:00
parent 5284af5029
commit 77aae5925c
9 changed files with 53 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.gitignore vendored Normal file
View file

@ -0,0 +1,4 @@
config/wrapped.log
config/config.json
config/config.json

4
README.md
View file

@ -36,9 +36,11 @@ In your php.ini file you may have to change:
You need to give PHP permission to read and write to files in the directory called <b>config</b>.
The config directory contains sensitive information that must be accessed by PHP scripts! There is an .htaccess file included that is effective with Apache, but if you are using Nginx you must add a directory deny in your Nginx configuration!
The cache is stored in config/cache.json, but can be cleared using the admin menu.
Your password is hashed and stored in the config.json.
Your password is hashed and stored in the config/config.json.
If you visit <b>your-domain-or-ip/caching.html</b> you can do a pre-caching of a set of users. This is very useful if you want to prepare for a lot of traffic.

2
admin.html
View file

@ -67,6 +67,7 @@ var tautulli_root = "";
var ssl = false;
var password = "";
var username = "";
var library_id_movies = "";
var library_id_shows = "";
@ -94,6 +95,7 @@ var cache_age_limit = 7;
var use_logs = true;
var current_password = "";
var current_username = "";
$(document).ready(function() {

22
admin.js
View file

@ -70,6 +70,11 @@ function login_menu() {
topFunction();
var html = '<form id="password_login_form" onsubmit="get_config();return false">'
html += '<div class="form-group">';
html += '<label for="username" title="The username chosen during first-time setup.">Username</label>';
html += '<input type="text" class="form-control" id="username" value="" minlength=4 autocomplete="on" required />';
html += '</div>';
html += '<div class="form-group">';
html += '<label for="password" title="The password chosen during first-time setup.">Password</label>';
html += '<input type="password" class="form-control" id="password" value="" autocomplete="off" required />';
@ -87,6 +92,11 @@ function set_password(back) {
topFunction();
var html = '<form id="password_form" onsubmit="set_tautulli(false);return false">'
html += '<div class="form-group">';
html += '<label for="username" title="The username needed to change the config-file remotely.">Set an admin username</label>';
html += '<input type="text" class="form-control" id="username" value="' + username + '" minlength=4 autocomplete="on" required />';
html += '</div>';
html += '<div class="form-group">';
html += '<label for="password" title="The password needed to change the config-file remotely.">Set an admin password</label>';
html += '<input type="password" class="form-control" id="password" value="' + password + '" autocomplete="off" required />';
@ -109,11 +119,15 @@ function set_tautulli(back) {
topFunction();
if(!back) {
if(document.getElementById('password').value == document.getElementById('password_2').value) {
password = document.getElementById('password').value;
if(document.getElementById('password').value != document.getElementById('password_2').value) {
alert("The passwords must match.");
document.getElementById('password').value = "";
document.getElementById('password_2').value = "";
document.getElementById('password').focus();
return false;
} else {
alert("The passwords must match.");
return false;
password = document.getElementById('password').value;
username = document.getElementById('username').value;
}
}

9
api/get_config.php
View file

@ -12,14 +12,15 @@ if(empty($data)) {
exit(0);
}
if(empty($config->password)) {
echo json_encode(array("error" => false, "message" => "No password set.", "password" => false, "data" => array()));
if(empty($config->password) || empty($config->username)) {
echo json_encode(array("error" => false, "message" => "Password and/or username not set.", "password" => false, "data" => array()));
exit(0);
}
$password = htmlspecialchars($data->password);
$username = htmlspecialchars($data->username);
if(password_verify($password, $config->password)) {
if(password_verify($password, $config->password) && $username == $config->username) {
// Log API request if enabled
if($config->use_logs) {
@ -32,7 +33,7 @@ if(password_verify($password, $config->password)) {
echo json_encode(array("error" => false, "message" => "Login successful.", "password" => true, "data" => $config));
exit(0);
} else {
echo json_encode(array("error" => true, "message" => "Password not accepted.", "password" => true, "data" => array()));
echo json_encode(array("error" => true, "message" => "Username and password combination not accepted.", "password" => true, "data" => array()));
exit(0);
}

5
api/set_config.php
View file

@ -16,13 +16,14 @@ if(!empty($data)) {
exit(0);
}
$password = htmlspecialchars($data->password);
$username = htmlspecialchars($data->username);
if(empty($config->password)) {
save_config();
exit(0);
}
if(password_verify($password, $config->password)) {
if(password_verify($password, $config->password) && $username == $config->username) {
// Log API request if enabled
if($config->use_logs) {
if(!log_activity()) {
@ -34,7 +35,7 @@ if(password_verify($password, $config->password)) {
save_config();
exit(0);
} else {
echo json_encode(array("error" => true, "message" => "Password not accepted.", "password" => true));
echo json_encode(array("error" => true, "message" => "Password and username combination not accepted.", "password" => true));
exit(0);
}

12
caching.js
View file

@ -123,7 +123,8 @@ function topFunction() {
function get_config_cache() {
config_form = {
"password" : ""
"password" : "",
"username" : "",
};
var config_data = JSON.stringify(config_form);
@ -147,9 +148,11 @@ function get_config_cache() {
function get_config() {
current_password = document.getElementById('password').value;
current_username = document.getElementById('username').value;
config_form = {
"password" : current_password
"password" : current_password,
"username" : current_username
};
var config_data = JSON.stringify(config_form);
@ -177,6 +180,11 @@ function login_menu() {
topFunction();
var html = '<form id="password_login_form" onsubmit="get_config();return false">'
html += '<div class="form-group">';
html += '<label for="username" title="The username chosen during first-time setup.">Username</label>';
html += '<input type="text" class="form-control" id="username" value="" autocomplete="on" minlength=4 required />';
html += '</div>';
html += '<div class="form-group">';
html += '<label for="password" title="The password chosen during first-time setup.">Password</label>';
html += '<input type="password" class="form-control" id="password" value="" autocomplete="off" required />';

8
get_config.js
View file

@ -1,7 +1,8 @@
function get_config_initial() {
config_form = {
"password" : ""
"password" : "",
"username" : "",
};
var config_data = JSON.stringify(config_form);
@ -27,9 +28,11 @@ function get_config_initial() {
function get_config() {
current_password = document.getElementById('password').value;
current_username = document.getElementById('username').value;
config_form = {
"password" : current_password
"password" : current_password,
"username" : current_username,
};
var config_data = JSON.stringify(config_form);
@ -51,6 +54,7 @@ function get_config() {
ssl = result.data.ssl;
username = result.data.username;
password = "";
library_id_movies = result.data.library_id_movies;

2
set_config.js
View file

@ -4,6 +4,7 @@ function set_config() {
config_form = {
"password" : current_password,
"username" : current_username,
"clear_cache" : clear_cache,
"data" : {
"tautulli_apikey" : tautulli_apikey,
@ -13,6 +14,7 @@ function set_config() {
"tautulli_root" : tautulli_root,
"ssl" : ssl,
"password" : password,
"username" : username,
"library_id_movies" : library_id_movies,
"library_id_shows" : library_id_shows,
"library_id_music" : library_id_music,