Set credentials in headers for basic auth, rather than the URL. Corrects issues with special characters in passwords.

1 files changed, 9 insertions, 4 deletions

diff --git a/config/autoconfigbackup/autoconfigbackup.php b/config/autoconfigbackup/autoconfigbackup.php
index 5ebe8e20..c0c15b95 100644
--- a/config/autoconfigbackup/autoconfigbackup.php
+++ b/config/autoconfigbackup/autoconfigbackup.php
@@ -46,13 +46,13 @@ $username			= $config['installedpackages']['autoconfigbackup']['config'][0]['use
 $password			= $config['installedpackages']['autoconfigbackup']['config'][0]['password'];
 
 // URL to restore.php
-$get_url			= "https://{$username}:{$password}@portal.pfsense.org/pfSconfigbackups/restore.php";
+$get_url			= "https://portal.pfsense.org/pfSconfigbackups/restore.php";
 
 // URL to stats
-$stats_url			= "https://{$username}:{$password}@portal.pfsense.org/pfSconfigbackups/showstats.php";
+$stats_url			= "https://portal.pfsense.org/pfSconfigbackups/showstats.php";
 
 // URL to delete.php
-$del_url			= "https://{$username}:{$password}@portal.pfsense.org/pfSconfigbackups/delete.php";
+$del_url			= "https://portal.pfsense.org/pfSconfigbackups/delete.php";
 
 // Set hostname
 if($_REQUEST['hostname'])
@@ -79,10 +79,11 @@ else
 include("head.inc");
 
 function get_hostnames() {
-	global $stats_url, $username, $oper_sep;
+	global $stats_url, $username, $password, $oper_sep;
 	// Populate available backups
 	$curl_session = curl_init();
 	curl_setopt($curl_session, CURLOPT_URL, $stats_url);  
+	curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}")));
 	curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0);	
 	curl_setopt($curl_session, CURLOPT_POST, 1);
 	curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1);
@@ -157,6 +158,7 @@ function get_hostnames() {
 				if($_REQUEST['rmver'] != "") {
 					$curl_session = curl_init();
 					curl_setopt($curl_session, CURLOPT_URL, $del_url);
+					curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}")));
 					curl_setopt($curl_session, CURLOPT_POST, 3);				
 					curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0);	
 					curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1);	
@@ -183,6 +185,7 @@ function get_hostnames() {
 					// Phone home and obtain backups
 					$curl_session = curl_init();
 					curl_setopt($curl_session, CURLOPT_URL, $get_url);
+					curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}")));
 					curl_setopt($curl_session, CURLOPT_POST, 3);				
 					curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0);	
 					curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1);	
@@ -246,6 +249,7 @@ EOF;
 					// Phone home and obtain backups
 					$curl_session = curl_init();
 					curl_setopt($curl_session, CURLOPT_URL, $get_url);
+					curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}")));
 					curl_setopt($curl_session, CURLOPT_POST, 3);				
 					curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0);	
 					curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1);	
@@ -297,6 +301,7 @@ EOF;
 				// Populate available backups
 				$curl_session = curl_init();
 				curl_setopt($curl_session, CURLOPT_URL, $get_url);  
+				curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}")));
 				curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0);	
 				curl_setopt($curl_session, CURLOPT_POST, 1);
 				curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1);