5 files changed, 23 insertions, 36 deletions
diff --git a/config/autoconfigbackup/autoconfigbackup.inc b/config/autoconfigbackup/autoconfigbackup.inc
index 0286ffec..9feace47 100644
--- a/config/autoconfigbackup/autoconfigbackup.inc
+++ b/config/autoconfigbackup/autoconfigbackup.inc
@@ -86,8 +86,8 @@ function test_connection($post) {
 
 	// Populate available backups
 	$curl_session = curl_init();
-	curl_setopt($curl_session, CURLOPT_USERPWD, "{$username}:{$password}");
 	curl_setopt($curl_session, CURLOPT_URL, $get_url);
+	curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}")));
 	curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0);
 	curl_setopt($curl_session, CURLOPT_POST, 1);
 	curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1);
@@ -148,7 +148,7 @@ function upload_config($reasonm = "") {
 	$encryptpw 			= $config['installedpackages']['autoconfigbackup']['config'][0]['crypto_password'];
 
 	// Define upload_url, must be present after other variable definitions due to username, password
-	$upload_url = "https://{$username}:{$password}@portal.pfsense.org/pfSconfigbackups/backup.php";
+	$upload_url = "https://portal.pfsense.org/pfSconfigbackups/backup.php";
 
 	if(!$username or !$password or !$encryptpw) {
 		if(!file_exists("/cf/conf/autoconfigback.notice")) {
@@ -192,9 +192,10 @@ function upload_config($reasonm = "") {
 					$fields_string .= $key.'='.$value.'&'; 
 				rtrim($fields_string,'&');
 
-				// Check configuration into the BSDP repo
+				// Check configuration into the ESF repo
 				$curl_session = curl_init();
 				curl_setopt($curl_session, CURLOPT_URL, $upload_url);  
+				curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}")));
 				curl_setopt($curl_session, CURLOPT_POST, count($post_fields));  
 				curl_setopt($curl_session, CURLOPT_POSTFIELDS, $fields_string);
 				curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1);		
diff --git a/config/autoconfigbackup/autoconfigbackup.php b/config/autoconfigbackup/autoconfigbackup.php
index 5ebe8e20..c0c15b95 100644
--- a/config/autoconfigbackup/autoconfigbackup.php
+++ b/config/autoconfigbackup/autoconfigbackup.php
@@ -46,13 +46,13 @@ $username			= $config['installedpackages']['autoconfigbackup']['config'][0]['use
 $password			= $config['installedpackages']['autoconfigbackup']['config'][0]['password'];
 
 // URL to restore.php
-$get_url			= "https://{$username}:{$password}@portal.pfsense.org/pfSconfigbackups/restore.php";
+$get_url			= "https://portal.pfsense.org/pfSconfigbackups/restore.php";
 
 // URL to stats
-$stats_url			= "https://{$username}:{$password}@portal.pfsense.org/pfSconfigbackups/showstats.php";
+$stats_url			= "https://portal.pfsense.org/pfSconfigbackups/showstats.php";
 
 // URL to delete.php
-$del_url			= "https://{$username}:{$password}@portal.pfsense.org/pfSconfigbackups/delete.php";
+$del_url			= "https://portal.pfsense.org/pfSconfigbackups/delete.php";
 
 // Set hostname
 if($_REQUEST['hostname'])
@@ -79,10 +79,11 @@ else
 include("head.inc");
 
 function get_hostnames() {
-	global $stats_url, $username, $oper_sep;
+	global $stats_url, $username, $password, $oper_sep;
 	// Populate available backups
 	$curl_session = curl_init();
 	curl_setopt($curl_session, CURLOPT_URL, $stats_url);  
+	curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}")));
 	curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0);	
 	curl_setopt($curl_session, CURLOPT_POST, 1);
 	curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1);
@@ -157,6 +158,7 @@ function get_hostnames() {
 				if($_REQUEST['rmver'] != "") {
 					$curl_session = curl_init();
 					curl_setopt($curl_session, CURLOPT_URL, $del_url);
+					curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}")));
 					curl_setopt($curl_session, CURLOPT_POST, 3);				
 					curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0);	
 					curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1);	
@@ -183,6 +185,7 @@ function get_hostnames() {
 					// Phone home and obtain backups
 					$curl_session = curl_init();
 					curl_setopt($curl_session, CURLOPT_URL, $get_url);
+					curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}")));
 					curl_setopt($curl_session, CURLOPT_POST, 3);				
 					curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0);	
 					curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1);	
@@ -246,6 +249,7 @@ EOF;
 					// Phone home and obtain backups
 					$curl_session = curl_init();
 					curl_setopt($curl_session, CURLOPT_URL, $get_url);
+					curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}")));
 					curl_setopt($curl_session, CURLOPT_POST, 3);				
 					curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0);	
 					curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1);	
@@ -297,6 +301,7 @@ EOF;
 				// Populate available backups
 				$curl_session = curl_init();
 				curl_setopt($curl_session, CURLOPT_URL, $get_url);  
+				curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}")));
 				curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0);	
 				curl_setopt($curl_session, CURLOPT_POST, 1);
 				curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1);
diff --git a/config/autoconfigbackup/autoconfigbackup.xml b/config/autoconfigbackup/autoconfigbackup.xml
index a7640f7e..8694a371 100644
--- a/config/autoconfigbackup/autoconfigbackup.xml
+++ b/config/autoconfigbackup/autoconfigbackup.xml
@@ -34,10 +34,10 @@
 		*/
         ]]>
 	</copyright>
-    <description>Automatically backs up your pfSense configuration.  All contents are encrypted on the server.  Requires pfSense Premium Support Portal Subscription from https://portal.pfsense.org</description>
-    <requirements>pfSense Premium Support Portal</requirements>
+    <description>Automatically backs up your pfSense configuration.  All contents are encrypted on the server.  Requires Gold or Support Subscription from https://portal.pfsense.org</description>
+    <requirements>pfSense Portal subscription</requirements>
 	<name>AutoConfigBackup</name>
-	<version>1.20</version>
+	<version>1.21</version>
 	<title>Diagnostics: Auto Configuration Backup</title>
 	<savetext>Change</savetext>
 	<include_file>/usr/local/pkg/autoconfigbackup.inc</include_file>
@@ -122,7 +122,7 @@
 		</field>
 		<field>
 			<fielddescr>Encryption Password</fielddescr>
-			<description>This password will be used to encrypt config.xml before sending to portal.pfsense.org.  Do not share the password and keep it safe!</description>
+			<description>This password will be used to encrypt config.xml before uploading. We recommend not setting this to the same thing as your portal.pfsense.org account. Keep record of this password in a safe place - without it, your configurations will be impossible to restore.</description>
 			<fieldname>crypto_password</fieldname>
 			<type>password</type>
 		</field>
diff --git a/config/autoconfigbackup/autoconfigbackup_backup.php b/config/autoconfigbackup/autoconfigbackup_backup.php
index 47336c27..2676aabe 100644
--- a/config/autoconfigbackup/autoconfigbackup_backup.php
+++ b/config/autoconfigbackup/autoconfigbackup_backup.php
@@ -35,28 +35,7 @@ $pfSversion = str_replace("\n", "", file_get_contents("/etc/version"));
 if(strstr($pfSversion, "1.2")) 
 	require("crypt_acb.php");
 
-// Seperator used during client / server communications
-$oper_sep			= "\|\|";
-
-// Encryption password 
-$decrypt_password 	= $config['installedpackages']['autoconfigbackup']['config'][0]['crypto_password'];
-
-// Defined username
-$username			= $config['installedpackages']['autoconfigbackup']['config'][0]['username'];
-
-// Defined password
-$password			= $config['installedpackages']['autoconfigbackup']['config'][0]['password'];
-
-// URL to restore.php
-$get_url			= "https://{$username}:{$password}@portal.pfsense.org/pfSconfigbackups/restore.php";
-
-// URL to delete.php
-$del_url			= "https://{$username}:{$password}@portal.pfsense.org/pfSconfigbackups/delete.php";
-
-// Set hostname
-$hostname			= $config['system']['hostname'] . "." . $config['system']['domain'];
-
-if(!$username) {
+if(!$config['installedpackages']['autoconfigbackup']['config'][0]['username']) {
 	Header("Location: /pkg_edit.php?xml=autoconfigbackup.xml&id=0&savemsg=Please+setup+Auto+Config+Backup");
 	exit;
 }
diff --git a/config/autoconfigbackup/autoconfigbackup_stats.php b/config/autoconfigbackup/autoconfigbackup_stats.php
index c024d689..b45d3993 100644
--- a/config/autoconfigbackup/autoconfigbackup_stats.php
+++ b/config/autoconfigbackup/autoconfigbackup_stats.php
@@ -48,13 +48,13 @@ $username			= $config['installedpackages']['autoconfigbackup']['config'][0]['use
 $password			= $config['installedpackages']['autoconfigbackup']['config'][0]['password'];
 
 // URL to restore.php
-$get_url			= "https://{$username}:{$password}@portal.pfsense.org/pfSconfigbackups/restore.php";
+$get_url			= "https://portal.pfsense.org/pfSconfigbackups/restore.php";
 
 // URL to delete.php
-$del_url			= "https://{$username}:{$password}@portal.pfsense.org/pfSconfigbackups/delete.php";
+$del_url			= "https://portal.pfsense.org/pfSconfigbackups/delete.php";
 
 // URL to stats.php
-$stats_url			= "https://{$username}:{$password}@portal.pfsense.org/pfSconfigbackups/showstats.php";
+$stats_url			= "https://portal.pfsense.org/pfSconfigbackups/showstats.php";
 
 // Set hostname
 $hostname			= $config['system']['hostname'] . "." . $config['system']['domain'];
@@ -67,6 +67,7 @@ if(!$username) {
 if($_REQUEST['delhostname']) {
 	$curl_session = curl_init();
 	curl_setopt($curl_session, CURLOPT_URL, $del_url);
+	curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}")));
 	curl_setopt($curl_session, CURLOPT_POST, 2);				
 	curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0);	
 	curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1);	
@@ -138,6 +139,7 @@ include("head.inc");
 	// Populate available backups
 	$curl_session = curl_init();
 	curl_setopt($curl_session, CURLOPT_URL, $stats_url);  
+	curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}")));
 	curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0);	
 	curl_setopt($curl_session, CURLOPT_POST, 1);
 	curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1);