mirror/webgui
1
0
Fork 0
mirror of https://github.com/unraid/webgui.git synced 2025-12-30 22:20:23 -06:00
Code Issues Packages Projects Releases Wiki Activity

localhost endpoint now requires authentication

Browse Source
This commit is contained in:
Tom Mortensen
2025-06-25 15:07:47 -07:00
parent ec2742fa27
commit 732129de72
2 changed files with 0 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
emhttp/plugins/dynamix/include/DefaultPageLayout.php
View File

@@ -139,7 +139,6 @@ if (count($pages)) {
?>
<? include "$docroot/plugins/dynamix.my.servers/include/myservers1.php" ?>
<? require_once "$docroot/webGui/include/DefaultPageLayout/GUIModeSessionFix.php"; ?>
</head>
<body>

26
emhttp/plugins/dynamix/include/DefaultPageLayout/GUIModeSessionFix.php
View File

@@ -1,26 +0,0 @@
<?php
/**
* This file is used to fix the session for the Unraid web interface when booted in GUI mode.
* This can be deleted if GUI mode authentication is enabled.
*/
function is_localhost_gui()
{
// Use the peer IP, not the Host header which can be spoofed
return $_SERVER['REMOTE_ADDR'] === '127.0.0.1' || $_SERVER['REMOTE_ADDR'] === '::1';
}
function is_good_session_gui()
{
return isset($_SESSION) && isset($_SESSION['unraid_user']) && isset($_SESSION['unraid_login']);
}
if (is_localhost_gui() && !is_good_session_gui()) {
if (session_status() === PHP_SESSION_ACTIVE) {
session_destroy();
}
session_start();
$_SESSION['unraid_login'] = time();
$_SESSION['unraid_user'] = 'root';
session_write_close();
my_logger("Unraid GUI-boot: created root session for localhost request.");
}
?>