From 6bfa7d58167047c327dff8eb99bcc077f01f958d Mon Sep 17 00:00:00 2001
From: leiweibau <105860611+leiweibau@users.noreply.github.com>
Date: Sat, 23 Jul 2022 19:58:55 +0200
Subject: [PATCH] make password protection configurable

---
 config/pialert.conf |  1 +
 front/index.php     | 37 +++++++++++++++++++++++++++++--------
 2 files changed, 30 insertions(+), 8 deletions(-)

diff --git a/config/pialert.conf b/config/pialert.conf
index 7c6f8043..fb917f36 100644
--- a/config/pialert.conf
+++ b/config/pialert.conf
@@ -12,6 +12,7 @@ DB_PATH           = PIALERT_PATH + '/db/pialert.db'
 LOG_PATH          = PIALERT_PATH + '/log'
 VENDORS_DB        = '/usr/share/arp-scan/ieee-oui.txt'
 PRINT_LOG         = False
+PIALERT_WEB_PROTECTION = False
 PIALERT_WEB_PASSWORD = '8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92'
 
 SMTP_SERVER       = 'smtp.gmail.com'
diff --git a/front/index.php b/front/index.php
index 29a08607..a73c3e14 100644
--- a/front/index.php
+++ b/front/index.php
@@ -4,23 +4,39 @@ session_start();
 if ($_REQUEST['action'] == 'logout') {
   session_destroy();
   header('Location: /pialert/index.php');
-//  session_start();
-//  $_SESSION["login"] = 236789046202545614837645948;
 }
-
+##################################################
+## Login Processing start
+##################################################
 $config_file = "../config/pialert.conf";
 $config_file_lines = file($config_file);
+
+###################################
+## PIALERT_WEB_PROTECTION FALSE
+###################################
+
+$config_file_lines_bypass = array_values(preg_grep('/^PIALERT_WEB_PROTECTION\s.*/', $config_file_lines));
+$protection_line = explode("=", $config_file_lines_bypass[0]);
+$Pia_WebProtection = strtolower(trim($protection_line[1]));
+
+if ($Pia_WebProtection == 'false')
+  {
+      header('Location: /pialert/devices.php');
+      $_SESSION["login"] = 1;
+      exit;
+  }
+
+###################################
+## PIALERT_WEB_PROTECTION TRUE
+###################################
+
 $config_file_lines = array_values(preg_grep('/^PIALERT_WEB_PASSWORD\s.*/', $config_file_lines));
-//print_r($password_line);
 $password_line = explode("'", $config_file_lines[0]);
 $Pia_Password = $password_line[1];
-//echo $Pia_Password;
 
 if ($Pia_Password == hash('sha256',$_POST["loginpassword"]))
   {
       header('Location: /pialert/devices.php');
-      # Userdaten korrekt - User ist eingeloggt
-      # Login merken !
       $_SESSION["login"] = 1;
   }
 
@@ -32,7 +48,12 @@ if ($_SESSION["login"] == 1)
 if ($_SESSION["login"] != 1)
   {
       if (file_exists('../db/setting_darkmode')) {$ENABLED_DARKMODE = True;}
-      if ($Pia_Password == '8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92') {$login_info = 'Defaultpassword "123456" is still active';}
+      if ($Pia_Password == '8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92') {$login_info = 'Defaultpassword "123456" is still active';
+  }
+
+##################################################
+## Login Processing end
+##################################################
 ?>
 
 <!DOCTYPE html>