$Delay = $Mem->get('Delay'); //Load Delay from Memcache if ($Delay) { //If it is set then Wait $Msg = 'Wait'; } else { //No Delay, check Password $Password = $_POST['password']; if (isset($_POST['username'])) { $Username = $_POST['username']; } else { $Username = ''; } if (!file_exists($FileAccessLog)) { //Create ntrk-access.log file ExecAction('create-accesslog', true, false); } //Use built in password_verify function to compare with $Config['Password'] hash if ($Username == $Config['Username'] && password_verify($Password, $Config['Password'])) { $_SESSION['sid'] = 1; //Set session to enabled header('Location: index.php'); //Redirect to index.php } else { $Mem->set('Delay', $Config['Delay'], 0, $Config['Delay']); $Msg = "Incorrect username or password"; //Deny attacker knowledge of whether username OR password is wrong error_log(date('d/m/Y H:i:s') . ': Authentication failure for ' . $Username . ' from ' . $_SERVER['REMOTE_ADDR'] . ' port ' . $_SERVER['REMOTE_PORT'] . PHP_EOL, 3, $FileAccessLog); } } }
function ActionTopMenu() { global $Config, $Mem; //Function to Action GET requests from Top Menu //Return value false when no action carried out //1. Is _GET['a'] (action) set? //2a. Delete config out of Memcached, since its about to be changed by ntrk-pause //2b. Execute appropriate action //2c. In the case of Restart or Shutdown we want to delay execution of the command for a couple of seconds to finish off any disk writes //2d. For any other value of 'a' leave this function and carry on with previous page //3. Sleep for 5 seconds to prevent a Race Condition occuring where new config could be loaded before ntrk-pause has been able to modify /etc/notrack/notrack.conf // 5 seconds is too much for an x86 based server, but for a Raspberry Pi 1 its just enough. if (isset($_POST['operation'])) { switch ($_POST['operation']) { case 'force-notrack': ExecAction('force-notrack', true, true); sleep(5); header("Location: ?"); break; case 'restart': sleep(2); ExecAction('restart', true, true); exit(0); break; case 'shutdown': sleep(2); ExecAction('shutdown', true, true); exit(0); break; } } //if (isset($_GET['a'])) { if (isset($_POST['pause-time'])) { $Mem->delete('Config'); //Force reload of config switch ($_POST['pause-time']) { case 'pause5': ExecAction('pause5', true, true); break; case 'pause15': ExecAction('pause15', true, true); break; case 'pause30': ExecAction('pause30', true, true); break; case 'pause60': ExecAction('pause60', true, true); break; case 'start': if ($Config['Status'] != 'Enabled') { ExecAction('start', true, true); } else { return false; } break; case 'stop': ExecAction('stop', true, true); break; default: return false; } sleep(5); header("Location: ?"); } return true; }
function UpdateWebserverConfig() { global $Config; if (isset($_GET['block'])) { switch ($_GET['block']) { case 'pixel': $Config['BlockMessage'] = 'pixel'; ExecAction('blockmsg-pixel', false); break; case 'message': $Config['BlockMessage'] = 'message'; ExecAction('blockmsg-message', false); break; } } }
</head> <body> <?php ActionTopMenu(); draw_topmenu(); draw_configmenu(); echo '<div id="main">' . PHP_EOL; //Main--------------------------------------------------------------- if (isset($_GET['u'])) { //Check if we are running upgrade or displaying status if ($_GET['u'] == '1') { //Doing the upgrade echo '<div class="sys-group">' . PHP_EOL; echo '<h5>NoTrack Upgrade</h5></div>' . PHP_EOL; ExecAction('upgrade-notrack', false); echo '<pre>'; passthru('sudo ntrk-exec 2>&1'); //echo $Msg; echo '</pre>' . PHP_EOL; echo '<div class="sys-group">' . PHP_EOL; echo '<div class="centered">' . PHP_EOL; //Center div for button echo '<button class="button-blue" onclick="window.location=\'./\'">Back</button>' . PHP_EOL; echo '</div></div>' . PHP_EOL; $Mem->delete('Config'); //Delete config from Memcache } else { echo 'Invalid upgrade request'; } } else {
function UpdateWebserverConfig() { global $Config; //1. Config should already be in Memcache //2. Has POST request block got a value? //3. Run ntrk-exec with appropriate change to Webserver setting //4. Onward process is WriteTmpConfig function if (isset($_POST['block'])) { switch ($_POST['block']) { case 'pixel': $Config['BlockMessage'] = 'pixel'; ExecAction('blockmsg-pixel', false); break; case 'message': $Config['BlockMessage'] = 'message'; ExecAction('blockmsg-message', false); break; } } }