From 7de75e388f9c8e094bc737bcc30b31b026fc4e4d Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Tue, 11 Feb 2014 13:06:48 -0500
Subject: Set credentials in headers for basic auth, rather than the URL.
 Corrects issues with special characters in passwords.

---
 config/autoconfigbackup/autoconfigbackup.inc |  5 +++--
 config/autoconfigbackup/autoconfigbackup.php | 13 +++++++++----
 2 files changed, 12 insertions(+), 6 deletions(-)

(limited to 'config/autoconfigbackup')

diff --git a/config/autoconfigbackup/autoconfigbackup.inc b/config/autoconfigbackup/autoconfigbackup.inc
index e236aba8..9feace47 100644
--- a/config/autoconfigbackup/autoconfigbackup.inc
+++ b/config/autoconfigbackup/autoconfigbackup.inc
@@ -86,8 +86,8 @@ function test_connection($post) {
 
 	// Populate available backups
 	$curl_session = curl_init();
-	curl_setopt($curl_session, CURLOPT_USERPWD, "{$username}:{$password}");
 	curl_setopt($curl_session, CURLOPT_URL, $get_url);
+	curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}")));
 	curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0);
 	curl_setopt($curl_session, CURLOPT_POST, 1);
 	curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1);
@@ -148,7 +148,7 @@ function upload_config($reasonm = "") {
 	$encryptpw 			= $config['installedpackages']['autoconfigbackup']['config'][0]['crypto_password'];
 
 	// Define upload_url, must be present after other variable definitions due to username, password
-	$upload_url = "https://{$username}:{$password}@portal.pfsense.org/pfSconfigbackups/backup.php";
+	$upload_url = "https://portal.pfsense.org/pfSconfigbackups/backup.php";
 
 	if(!$username or !$password or !$encryptpw) {
 		if(!file_exists("/cf/conf/autoconfigback.notice")) {
@@ -195,6 +195,7 @@ function upload_config($reasonm = "") {
 				// Check configuration into the ESF repo
 				$curl_session = curl_init();
 				curl_setopt($curl_session, CURLOPT_URL, $upload_url);  
+				curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}")));
 				curl_setopt($curl_session, CURLOPT_POST, count($post_fields));  
 				curl_setopt($curl_session, CURLOPT_POSTFIELDS, $fields_string);
 				curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1);		
diff --git a/config/autoconfigbackup/autoconfigbackup.php b/config/autoconfigbackup/autoconfigbackup.php
index 5ebe8e20..c0c15b95 100644
--- a/config/autoconfigbackup/autoconfigbackup.php
+++ b/config/autoconfigbackup/autoconfigbackup.php
@@ -46,13 +46,13 @@ $username			= $config['installedpackages']['autoconfigbackup']['config'][0]['use
 $password			= $config['installedpackages']['autoconfigbackup']['config'][0]['password'];
 
 // URL to restore.php
-$get_url			= "https://{$username}:{$password}@portal.pfsense.org/pfSconfigbackups/restore.php";
+$get_url			= "https://portal.pfsense.org/pfSconfigbackups/restore.php";
 
 // URL to stats
-$stats_url			= "https://{$username}:{$password}@portal.pfsense.org/pfSconfigbackups/showstats.php";
+$stats_url			= "https://portal.pfsense.org/pfSconfigbackups/showstats.php";
 
 // URL to delete.php
-$del_url			= "https://{$username}:{$password}@portal.pfsense.org/pfSconfigbackups/delete.php";
+$del_url			= "https://portal.pfsense.org/pfSconfigbackups/delete.php";
 
 // Set hostname
 if($_REQUEST['hostname'])
@@ -79,10 +79,11 @@ else
 include("head.inc");
 
 function get_hostnames() {
-	global $stats_url, $username, $oper_sep;
+	global $stats_url, $username, $password, $oper_sep;
 	// Populate available backups
 	$curl_session = curl_init();
 	curl_setopt($curl_session, CURLOPT_URL, $stats_url);  
+	curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}")));
 	curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0);	
 	curl_setopt($curl_session, CURLOPT_POST, 1);
 	curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1);
@@ -157,6 +158,7 @@ function get_hostnames() {
 				if($_REQUEST['rmver'] != "") {
 					$curl_session = curl_init();
 					curl_setopt($curl_session, CURLOPT_URL, $del_url);
+					curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}")));
 					curl_setopt($curl_session, CURLOPT_POST, 3);				
 					curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0);	
 					curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1);	
@@ -183,6 +185,7 @@ function get_hostnames() {
 					// Phone home and obtain backups
 					$curl_session = curl_init();
 					curl_setopt($curl_session, CURLOPT_URL, $get_url);
+					curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}")));
 					curl_setopt($curl_session, CURLOPT_POST, 3);				
 					curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0);	
 					curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1);	
@@ -246,6 +249,7 @@ EOF;
 					// Phone home and obtain backups
 					$curl_session = curl_init();
 					curl_setopt($curl_session, CURLOPT_URL, $get_url);
+					curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}")));
 					curl_setopt($curl_session, CURLOPT_POST, 3);				
 					curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0);	
 					curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1);	
@@ -297,6 +301,7 @@ EOF;
 				// Populate available backups
 				$curl_session = curl_init();
 				curl_setopt($curl_session, CURLOPT_URL, $get_url);  
+				curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}")));
 				curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0);	
 				curl_setopt($curl_session, CURLOPT_POST, 1);
 				curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1);
-- 
cgit v1.2.3