cleanup and tested on alpine/debian

pi-hole · Jul 8, 2016 · d1ef51a · d1ef51a
1 parent 657fb7b
commit d1ef51a
Showing 1 changed file with 16 additions and 11 deletions.
diff --git a/php/auth.php b/php/auth.php
@@ -1,10 +1,8 @@
-<?php $LOG = '/var/log/lighttpd/error.log';
-if (isset($_ENV['piphplog'])) {
-    $LOG = getenv('piphplog');
-}
+<?php
+$ERRORLOG = getenv('PHP_ERROR_LOG');
 
 function pi_log($message) {
-    error_log(date('Y-m-d H:i:s') . ': ' . $message . "\n", 3, $GLOBALS['LOG']);
+    error_log(date('Y-m-d H:i:s') . ': ' . $message . "\n", 3, $GLOBALS['ERRORLOG']);
 }
 
 function log_and_die($message) {
@@ -18,13 +16,19 @@ function log_and_die($message) {
 
 $AUTHORIZED_HOSTNAMES = [
     'http://' . $_SERVER['SERVER_ADDR'],
-    'http://' . 'pi.hole',
-    'http://' . 'localhost'
+    'http://pi.hole',
+    'http://localhost'
 ];
 
-if (isset($_ENV['VIRTUAL_HOST'])) {
-    array_push($AUTHORIZED_HOSTNAMES, 'http://' . $_ENV['VIRTUAL_HOST']);
-}
+# Allow user set virtual hostnames
+$virtual_host = getenv('VIRTUAL_HOST');
+if (! empty($virtual_host))
+    array_push($AUTHORIZED_HOSTNAMES, 'http://' . $virtual_host);
+
+# For docker container's host IP, SERVER_ADDR will be docker0 interface ip
+$server_ip = getenv('ServerIP');
+if (! empty($server_ip))
+    array_push($AUTHORIZED_HOSTNAMES, 'http://' . $server_ip);
 
 // Check CORS
 if(isset($_SERVER['HTTP_ORIGIN'])) {
@@ -36,14 +40,15 @@ function log_and_die($message) {
     header("Access-Control-Allow-Origin: $CORS_ALLOW_ORIGIN");
 } else {
     pi_log("CORS skipped, unknown HTTP_ORIGIN");
+    //pi_log("CORS allowed: " . join(',', $AUTHORIZED_HOSTNAMES));
 }
 
-
 // Otherwise probably same origin... out of the scope of CORS
 session_start();
 
 // Check CSRF token
 if(!isset($_SESSION['token'], $_POST['token']) || !hash_equals($_SESSION['token'], $_POST['token'])) {
     log_and_die("Wrong token");
 }
+
 ?>