Allow remote boxes to execute stuff, eventhough they don't really login

2025-04-19 20:09:14 +03:00 · 2014-09-26 13:47:52 +02:00 · 2014-09-26 13:47:52 +02:00 · 262e3c76a8
commit 262e3c76a8
parent f047f60712
2 changed files with 18 additions and 0 deletions
--- a/includes/config.inc.php-dist
+++ b/includes/config.inc.php-dist
@ -13,6 +13,11 @@ $apisid  = '';      # PowerDNS's :server_id
 #$wefactapiurl = 'https://yourdomain/Pro/apiv2/api.php';
 #$wefactapikey = 'xyz';

+# If you want external scripts to be able to execute stuff here, add the
+# remote-ip to $adminapiips and create a $adminapikey
+#$adminapiips = array();
+#$adminapikey = 'thisshouldbequitealongstring,youknow';
+
 $authdb  = "../etc/pdns.users.sqlite3";

 $templates = array();
--- a/includes/session.inc.php
+++ b/includes/session.inc.php
@ -10,6 +10,19 @@ function is_logged_in() {
    if (isset($_SESSION['logged_in']) && $_SESSION['logged_in'] == "true") {
        return TRUE;
    } else {
+        global $adminapikey;
+        global $adminapiips;
+
+        if (isset($adminapikey) && isset($allowedips)) {
+            if (array_search($_SERVER['REMOTE_ADDR'], $adminapiips) !== FALSE) {
+                if ($_POST['adminapikey'] == $adminapikey) {
+                    # Allow this request, fake that we're logged in.
+                    set_logged_in('admin');
+                    set_is_adminuser();
+                    return TRUE;
+                }
+            }
+        }
        return FALSE;
    }
 }