aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjim-p <jimp@pfsense.org>2014-02-11 13:06:48 -0500
committerjim-p <jimp@pfsense.org>2014-02-11 13:14:52 -0500
commit7de75e388f9c8e094bc737bcc30b31b026fc4e4d (patch)
tree7a471b030637647f476eb302b3e9c7a516bbbf33
parentcb1a7e1e52a8f54199e917f64f4e621c32de2422 (diff)
downloadpfsense-packages-7de75e388f9c8e094bc737bcc30b31b026fc4e4d.tar.gz
pfsense-packages-7de75e388f9c8e094bc737bcc30b31b026fc4e4d.tar.bz2
pfsense-packages-7de75e388f9c8e094bc737bcc30b31b026fc4e4d.zip
Set credentials in headers for basic auth, rather than the URL. Corrects issues with special characters in passwords.
-rw-r--r--config/autoconfigbackup/autoconfigbackup.inc5
-rw-r--r--config/autoconfigbackup/autoconfigbackup.php13
2 files changed, 12 insertions, 6 deletions
diff --git a/config/autoconfigbackup/autoconfigbackup.inc b/config/autoconfigbackup/autoconfigbackup.inc
index e236aba8..9feace47 100644
--- a/config/autoconfigbackup/autoconfigbackup.inc
+++ b/config/autoconfigbackup/autoconfigbackup.inc
@@ -86,8 +86,8 @@ function test_connection($post) {
// Populate available backups
$curl_session = curl_init();
- curl_setopt($curl_session, CURLOPT_USERPWD, "{$username}:{$password}");
curl_setopt($curl_session, CURLOPT_URL, $get_url);
+ curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}")));
curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($curl_session, CURLOPT_POST, 1);
curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1);
@@ -148,7 +148,7 @@ function upload_config($reasonm = "") {
$encryptpw = $config['installedpackages']['autoconfigbackup']['config'][0]['crypto_password'];
// Define upload_url, must be present after other variable definitions due to username, password
- $upload_url = "https://{$username}:{$password}@portal.pfsense.org/pfSconfigbackups/backup.php";
+ $upload_url = "https://portal.pfsense.org/pfSconfigbackups/backup.php";
if(!$username or !$password or !$encryptpw) {
if(!file_exists("/cf/conf/autoconfigback.notice")) {
@@ -195,6 +195,7 @@ function upload_config($reasonm = "") {
// Check configuration into the ESF repo
$curl_session = curl_init();
curl_setopt($curl_session, CURLOPT_URL, $upload_url);
+ curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}")));
curl_setopt($curl_session, CURLOPT_POST, count($post_fields));
curl_setopt($curl_session, CURLOPT_POSTFIELDS, $fields_string);
curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1);
diff --git a/config/autoconfigbackup/autoconfigbackup.php b/config/autoconfigbackup/autoconfigbackup.php
index 5ebe8e20..c0c15b95 100644
--- a/config/autoconfigbackup/autoconfigbackup.php
+++ b/config/autoconfigbackup/autoconfigbackup.php
@@ -46,13 +46,13 @@ $username = $config['installedpackages']['autoconfigbackup']['config'][0]['use
$password = $config['installedpackages']['autoconfigbackup']['config'][0]['password'];
// URL to restore.php
-$get_url = "https://{$username}:{$password}@portal.pfsense.org/pfSconfigbackups/restore.php";
+$get_url = "https://portal.pfsense.org/pfSconfigbackups/restore.php";
// URL to stats
-$stats_url = "https://{$username}:{$password}@portal.pfsense.org/pfSconfigbackups/showstats.php";
+$stats_url = "https://portal.pfsense.org/pfSconfigbackups/showstats.php";
// URL to delete.php
-$del_url = "https://{$username}:{$password}@portal.pfsense.org/pfSconfigbackups/delete.php";
+$del_url = "https://portal.pfsense.org/pfSconfigbackups/delete.php";
// Set hostname
if($_REQUEST['hostname'])
@@ -79,10 +79,11 @@ else
include("head.inc");
function get_hostnames() {
- global $stats_url, $username, $oper_sep;
+ global $stats_url, $username, $password, $oper_sep;
// Populate available backups
$curl_session = curl_init();
curl_setopt($curl_session, CURLOPT_URL, $stats_url);
+ curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}")));
curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($curl_session, CURLOPT_POST, 1);
curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1);
@@ -157,6 +158,7 @@ function get_hostnames() {
if($_REQUEST['rmver'] != "") {
$curl_session = curl_init();
curl_setopt($curl_session, CURLOPT_URL, $del_url);
+ curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}")));
curl_setopt($curl_session, CURLOPT_POST, 3);
curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1);
@@ -183,6 +185,7 @@ function get_hostnames() {
// Phone home and obtain backups
$curl_session = curl_init();
curl_setopt($curl_session, CURLOPT_URL, $get_url);
+ curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}")));
curl_setopt($curl_session, CURLOPT_POST, 3);
curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1);
@@ -246,6 +249,7 @@ EOF;
// Phone home and obtain backups
$curl_session = curl_init();
curl_setopt($curl_session, CURLOPT_URL, $get_url);
+ curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}")));
curl_setopt($curl_session, CURLOPT_POST, 3);
curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1);
@@ -297,6 +301,7 @@ EOF;
// Populate available backups
$curl_session = curl_init();
curl_setopt($curl_session, CURLOPT_URL, $get_url);
+ curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}")));
curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($curl_session, CURLOPT_POST, 1);
curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1);