From 7de75e388f9c8e094bc737bcc30b31b026fc4e4d Mon Sep 17 00:00:00 2001 From: jim-p Date: Tue, 11 Feb 2014 13:06:48 -0500 Subject: Set credentials in headers for basic auth, rather than the URL. Corrects issues with special characters in passwords. --- config/autoconfigbackup/autoconfigbackup.inc | 5 +++-- config/autoconfigbackup/autoconfigbackup.php | 13 +++++++++---- 2 files changed, 12 insertions(+), 6 deletions(-) (limited to 'config/autoconfigbackup') diff --git a/config/autoconfigbackup/autoconfigbackup.inc b/config/autoconfigbackup/autoconfigbackup.inc index e236aba8..9feace47 100644 --- a/config/autoconfigbackup/autoconfigbackup.inc +++ b/config/autoconfigbackup/autoconfigbackup.inc @@ -86,8 +86,8 @@ function test_connection($post) { // Populate available backups $curl_session = curl_init(); - curl_setopt($curl_session, CURLOPT_USERPWD, "{$username}:{$password}"); curl_setopt($curl_session, CURLOPT_URL, $get_url); + curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}"))); curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($curl_session, CURLOPT_POST, 1); curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1); @@ -148,7 +148,7 @@ function upload_config($reasonm = "") { $encryptpw = $config['installedpackages']['autoconfigbackup']['config'][0]['crypto_password']; // Define upload_url, must be present after other variable definitions due to username, password - $upload_url = "https://{$username}:{$password}@portal.pfsense.org/pfSconfigbackups/backup.php"; + $upload_url = "https://portal.pfsense.org/pfSconfigbackups/backup.php"; if(!$username or !$password or !$encryptpw) { if(!file_exists("/cf/conf/autoconfigback.notice")) { @@ -195,6 +195,7 @@ function upload_config($reasonm = "") { // Check configuration into the ESF repo $curl_session = curl_init(); curl_setopt($curl_session, CURLOPT_URL, $upload_url); + curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}"))); curl_setopt($curl_session, CURLOPT_POST, count($post_fields)); curl_setopt($curl_session, CURLOPT_POSTFIELDS, $fields_string); curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1); diff --git a/config/autoconfigbackup/autoconfigbackup.php b/config/autoconfigbackup/autoconfigbackup.php index 5ebe8e20..c0c15b95 100644 --- a/config/autoconfigbackup/autoconfigbackup.php +++ b/config/autoconfigbackup/autoconfigbackup.php @@ -46,13 +46,13 @@ $username = $config['installedpackages']['autoconfigbackup']['config'][0]['use $password = $config['installedpackages']['autoconfigbackup']['config'][0]['password']; // URL to restore.php -$get_url = "https://{$username}:{$password}@portal.pfsense.org/pfSconfigbackups/restore.php"; +$get_url = "https://portal.pfsense.org/pfSconfigbackups/restore.php"; // URL to stats -$stats_url = "https://{$username}:{$password}@portal.pfsense.org/pfSconfigbackups/showstats.php"; +$stats_url = "https://portal.pfsense.org/pfSconfigbackups/showstats.php"; // URL to delete.php -$del_url = "https://{$username}:{$password}@portal.pfsense.org/pfSconfigbackups/delete.php"; +$del_url = "https://portal.pfsense.org/pfSconfigbackups/delete.php"; // Set hostname if($_REQUEST['hostname']) @@ -79,10 +79,11 @@ else include("head.inc"); function get_hostnames() { - global $stats_url, $username, $oper_sep; + global $stats_url, $username, $password, $oper_sep; // Populate available backups $curl_session = curl_init(); curl_setopt($curl_session, CURLOPT_URL, $stats_url); + curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}"))); curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($curl_session, CURLOPT_POST, 1); curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1); @@ -157,6 +158,7 @@ function get_hostnames() { if($_REQUEST['rmver'] != "") { $curl_session = curl_init(); curl_setopt($curl_session, CURLOPT_URL, $del_url); + curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}"))); curl_setopt($curl_session, CURLOPT_POST, 3); curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1); @@ -183,6 +185,7 @@ function get_hostnames() { // Phone home and obtain backups $curl_session = curl_init(); curl_setopt($curl_session, CURLOPT_URL, $get_url); + curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}"))); curl_setopt($curl_session, CURLOPT_POST, 3); curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1); @@ -246,6 +249,7 @@ EOF; // Phone home and obtain backups $curl_session = curl_init(); curl_setopt($curl_session, CURLOPT_URL, $get_url); + curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}"))); curl_setopt($curl_session, CURLOPT_POST, 3); curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1); @@ -297,6 +301,7 @@ EOF; // Populate available backups $curl_session = curl_init(); curl_setopt($curl_session, CURLOPT_URL, $get_url); + curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}"))); curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($curl_session, CURLOPT_POST, 1); curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1); -- cgit v1.2.3