From 74ee1b02b08e6c517d533be74ec6b491cf4e5d00 Mon Sep 17 00:00:00 2001
From: Erich Eckner <git@eckner.net>
Date: Wed, 31 Jul 2019 10:06:53 +0200
Subject: httpdocs/index.php: password-protection

---
 httpdocs/index.php | 76 ++++++++++++++++++++++++++++++++++++++----------------
 1 file changed, 54 insertions(+), 22 deletions(-)

diff --git a/httpdocs/index.php b/httpdocs/index.php
index 0513515..f3a8df2 100644
--- a/httpdocs/index.php
+++ b/httpdocs/index.php
@@ -1,6 +1,6 @@
 <?php
 
-$f = popen('/usr/bin/gpio read 27','r');
+$f = popen('/usr/bin/gpio read 27', 'r');
 if ($f === false) {
   print 'Cannot access gpio';
   die();
@@ -8,32 +8,64 @@ if ($f === false) {
 $l = trim(fgets($f));
 pclose($f);
 
-print "<html>\n";
-print "<head>\n";
+if (array_key_exists('HTTPS', $_SERVER)
+&& ($_SERVER['HTTPS'] == 'on'))
+  $https = true;
+else
+  $https = false;
+
+function push_it() {
+  if (!array_key_exists('password', $_POST))
+    return;
+  $f = fopen('../password', 'r');
+  if ($f === false) {
+    print '<font color="ff0000">Cannot read password file</font><br>' . "\n";
+    return;
+  }
+  $saved_hash = trim(fgets($f));
+  fclose($f);
+  $entered_hash = hash('sha512', $_POST['password']);
+  if ($saved_hash != $entered_hash) {
+    print '<font color="ff0000">Wrong password: ' . $entered_hash . '</font><br>' . "\n";
+    return;
+  }
+  foreach ($_POST as $key => $dummy)
+    if (preg_match('/^push_([0-9]+)$/', $key, $duration))
+      break;
+  if (count($duration) != 2)
+    return;
+  $duration = $duration[1];
+  if (($duration > 0)
+  && ($duration < 300)) {
+    print 'pushing for ' . ($duration * 0.1) . ' seconds ... <br>' . "\n";
+    shell_exec('/usr/bin/gpio write 28 1');
+    flush();
+    usleep(100000 * $duration);
+    shell_exec('/usr/bin/gpio write 28 0');
+    print '... done<br>' . "\n";
+  }
+}
+
+print '<html>' . "\n";
+print '<head>' . "\n";
 print '<title>fileserver lights-out</title>' . "\n";
-if (array_key_exists('push', $_GET))
+if (array_key_exists('password', $_POST))
   print '<meta http-equiv="refresh" content="1;/">' . "\n";
-print "</head>\n";
-print "<body>\n";
+print '</head>' . "\n";
+print '<body>' . "\n";
 print 'Fileserver is currently ';
 if ($l == '1')
   print '<font color="ff0000">off</font>';
 else
   print '<font color="00ff00">on</font>';
-print "<br>\n";
-if (array_key_exists('push', $_GET)
-&& ($_GET['push'] > 0)
-&& ($_GET['push'] < 300)) {
-  print 'pushing for ' . ($_GET['push'] * 0.1) . ' seconds ... <br>' . "\n";
-  shell_exec('/usr/bin/gpio write 28 1');
-  flush();
-  usleep(100000 * $_GET['push']);
-  shell_exec('/usr/bin/gpio write 28 0');
-  print '... done<br>' . "\n";
+print '<br>' . "\n";
+if ($https) {
+  push_it();
+  print '<form action="" method="post">' . "\n";
+  print 'Passwort: <input name="password" type="password"><br>' . "\n";
+  print '<input type="submit" name="push_1" value="short power button push"><br>' . "\n";
+  print '<input type="submit" name="push_150" value="long power button push"><br>' . "\n";
+  print '</form>' . "\n";
 }
-print '<a href="?push=1">short power button push</a>';
-print "<br>\n";
-print '<a href="?push=150">long power button push</a>';
-print "<br>\n";
-print "</body>\n";
-print "</html>\n";
+print '</body>' . "\n";
+print '</html>' . "\n";
-- 
cgit v1.2.3-54-g00ecf