diff options
| author | nachoparker <nacho@ownyourbits.com> | 2017-08-17 23:02:54 +0300 |
|---|---|---|
| committer | nachoparker <nacho@ownyourbits.com> | 2017-08-17 23:02:54 +0300 |
| commit | 3d8063221d382b2ae83d58aaa729465e0c6faad0 (patch) | |
| tree | 3d4441f56313a8ce2a72b021dd26a6d0febae9ef /ncp-web/ncp-launcher.php | |
| parent | ba953428c752f921471dfacc890ada7c0d2c440f (diff) | |
ncp-web: poweroff buttonv0.23.0
Diffstat (limited to 'ncp-web/ncp-launcher.php')
| -rw-r--r-- | ncp-web/ncp-launcher.php | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/ncp-web/ncp-launcher.php b/ncp-web/ncp-launcher.php index f410640b..032b01ef 100644 --- a/ncp-web/ncp-launcher.php +++ b/ncp-web/ncp-launcher.php @@ -12,10 +12,10 @@ include ('csrf.php'); session_start(); -if ( !$_POST['ref'] ) exit( '{ "output": "Invalid request" }' ); - if ( $_POST['action'] == "cfgreq" ) { + if ( !$_POST['ref'] ) exit( '{ "output": "Invalid request" }' ); + //CSFR check $token = isset($_POST['csrf_token']) ? $_POST['csrf_token'] : ''; if ( empty($token) || !validateCSRFToken($token) ) @@ -64,6 +64,8 @@ if ( $_POST['action'] == "cfgreq" ) else if ( $_POST['action'] == "launch" && $_POST['config'] ) { + if ( !$_POST['ref'] ) exit( '{ "output": "Invalid request" }' ); + // CSRF check $token = isset($_POST['csrf_token']) ? $_POST['csrf_token'] : ''; if ( empty($token) || !validateCSRFToken($token) ) @@ -100,6 +102,15 @@ else if ( $_POST['action'] == "launch" && $_POST['config'] ) echo json_encode( shell_exec( 'bash -c "sudo /home/www/ncp-launcher.sh ' . $file . '"' ) ) . ' }'; } +else if ( $_POST['action'] == "poweroff" ) +{ + // CSRF check + $token = isset($_POST['csrf_token']) ? $_POST['csrf_token'] : ''; + if ( empty($token) || !validateCSRFToken($token) ) + exit( '{ "output": "Unauthorized request. Try reloading the page" }' ); + shell_exec( 'bash -c "( sleep 2 && sudo halt ) 2>/dev/null >/dev/null &"' ); +} + // License // // This script is free software; you can redistribute it and/or modify it |