AdminAuth: switched to references of already existing strings instead of char pointers created from strings, Capitive Portal through fake dns

data/s/a.svg

@@ -2,9 +2,11 @@
 <!-- Generator: Adobe Illustrator 25.1.0, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
 <svg version="1.2" baseProfile="tiny" id="Ebene_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"
 	 x="0px" y="0px" viewBox="0 0 500 500" overflow="visible" xml:space="preserve">
-<path fill="#CCCCCC" stroke="#000000" stroke-linecap="round" stroke-miterlimit="10" d="M349.5,421.5h-199c-8.28,0-15-6.72-15-15
+<polyline fill="#CCCCCC" stroke="#000000" stroke-miterlimit="10" points="181.5,395.5 86.5,395.5 86.5,300.5 "/>
-	v-255h229v255C364.5,414.78,357.78,421.5,349.5,421.5z"/>
+<g>
-<path fill="#CCCCCC" stroke="#000000" stroke-linecap="round" stroke-miterlimit="10" d="M386.81,99.5H314.5V80.38
+	
-	c0-9.88-8.01-17.88-17.88-17.88h-92.24c-9.88,0-17.88,8.01-17.88,17.88V99.5h-73.31c-5.35,0-9.69,4.34-9.69,9.69v20.62
+		<rect x="355.37" y="40.63" transform="matrix(0.7071 -0.7071 0.7071 0.7071 31.9147 294.7168)" fill="#CCCCCC" stroke="#000000" stroke-width="1" stroke-miterlimit="9.9999" width="32.69" height="136.4"/>
-	c0,5.35,4.34,9.69,9.69,9.69h273.62c5.35,0,9.69-4.34,9.69-9.69v-20.62C396.5,103.84,392.16,99.5,386.81,99.5z"/>
+	
+		<rect x="94.59" y="168.11" transform="matrix(0.7071 -0.7071 0.7071 0.7071 -95.5641 241.9096)" fill="#CCCCCC" stroke="#000000" stroke-width="1" stroke-miterlimit="9.9999" width="299.29" height="136.4"/>
+</g>
 </svg>

data/s/b.svg

@@ -2,11 +2,9 @@
 <!-- Generator: Adobe Illustrator 25.1.0, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
 <svg version="1.2" baseProfile="tiny" id="Ebene_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"
 	 x="0px" y="0px" viewBox="0 0 500 500" overflow="visible" xml:space="preserve">
-<polyline fill="#CCCCCC" stroke="#000000" stroke-miterlimit="10" points="181.5,395.5 86.5,395.5 86.5,300.5 "/>
+<path fill="#CCCCCC" stroke="#000000" stroke-linecap="round" stroke-miterlimit="10" d="M349.5,421.5h-199c-8.28,0-15-6.72-15-15
-<g>
+	v-255h229v255C364.5,414.78,357.78,421.5,349.5,421.5z"/>
-	
+<path fill="#CCCCCC" stroke="#000000" stroke-linecap="round" stroke-miterlimit="10" d="M386.81,99.5H314.5V80.38
-		<rect x="355.37" y="40.63" transform="matrix(0.7071 -0.7071 0.7071 0.7071 31.9147 294.7168)" fill="#CCCCCC" stroke="#000000" stroke-width="1" stroke-miterlimit="9.9999" width="32.69" height="136.4"/>
+	c0-9.88-8.01-17.88-17.88-17.88h-92.24c-9.88,0-17.88,8.01-17.88,17.88V99.5h-73.31c-5.35,0-9.69,4.34-9.69,9.69v20.62
-	
+	c0,5.35,4.34,9.69,9.69,9.69h273.62c5.35,0,9.69-4.34,9.69-9.69v-20.62C396.5,103.84,392.16,99.5,386.81,99.5z"/>
-		<rect x="94.59" y="168.11" transform="matrix(0.7071 -0.7071 0.7071 0.7071 -95.5641 241.9096)" fill="#CCCCCC" stroke="#000000" stroke-width="1" stroke-miterlimit="9.9999" width="299.29" height="136.4"/>
-</g>
 </svg>

data/s/index.html

@@ -1 +1 @@
-<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><title>doorlock_pwa</title><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="mobile-web-app-capable" content="yes"><meta name="apple-mobile-web-app-capable" content="yes"><link rel="apple-touch-icon" href="/assets/icons/apple-touch-icon.png"><link rel="manifest" href="/manifest.json"><meta name="theme-color" content="#673ab8"><style>*{box-sizing:border-box}html{font-family:Helvetica,sans-serif;font-size:16px}body,html{height:100%}body{background-color:#fff;margin:0;padding:0;width:100%}</style><link href="/bundle.45d14.css" rel="stylesheet" media="only x" onload="this.media='all'"><noscript><link rel="stylesheet" href="/bundle.45d14.css"></noscript></head><body><script defer="defer" src="/bundle.1727d.js"></script><script nomodule="" src="/polyfills.058fb.js"></script></body></html>
+<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><title>doorlock_pwa</title><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="mobile-web-app-capable" content="yes"><meta name="apple-mobile-web-app-capable" content="yes"><link rel="apple-touch-icon" href="/assets/icons/apple-touch-icon.png"><link rel="manifest" href="/manifest.json"><meta name="theme-color" content="#673ab8"><style>*{box-sizing:border-box}html{font-family:Helvetica,sans-serif;font-size:16px}body,html{height:100%}body{background-color:#fff;margin:0;padding:0;width:100%}</style><link href="/bundle.45d14.css" rel="stylesheet" media="only x" onload="this.media='all'"><noscript><link rel="stylesheet" href="/bundle.45d14.css"></noscript></head><body><script defer="defer" src="/bundle.357e7.js"></script><script nomodule="" src="/polyfills.058fb.js"></script></body></html>

src/AdminAuth.cpp

@@ -10,50 +10,77 @@ bool AdminAuth::logout(const char *token)
     tokenbuffer->setnull(tid);
     return tid != -1;
 }
-char *AdminAuth::login(const char *username, const char *password)
+char *AdminAuth::login(const String& username, const String& password)
 {
     char *res = nullptr;
     File adminfile = LittleFS.open("admin", "r");
-    bool current_field = false;
+    if (username.equals(adminfile.readStringUntil('\0')) && password.equals(adminfile.readStringUntil('\0')))
-    uint16_t current_pos = 0;
-    Serial.print('-');
-    while (adminfile.available())
-    {
-        char current = adminfile.read();
-        Serial.print(current);
-        Serial.print('-');
-        if (current == 0x00)
-        {
-            if (current_field)
-            {
-                if (password[current_pos] == 0x00)
         res = tokenbuffer->newToken();
-                break;
-            }
-            else
-            {
-                if (username[current_pos] != 0x00)
-                    break;
-                current_pos = 0;
-                current_field = true;
-            }
-        }
-        else if (!current_field)
-        {
-            Serial.print(String(username[current_pos]));
-            if (username[current_pos] == 0x00 || username[current_pos] != current)
-                break;
-            current_pos++;
-        }
-        else
-        {
-            Serial.print(String(password[current_pos]));
-            if (password[current_pos] == 0x00 || password[current_pos] != current)
-                break;
-            current_pos++;
-        }
-        Serial.print(',');
-    }
     adminfile.close();
     return res;
 }
+//char *AdminAuth::login(const char *username, const char *password)
+//{
+//    char *res = nullptr;
+//    File adminfile = LittleFS.open("admin", "r");
+//    bool current_field = false;
+//    uint16_t current_pos = 0;
+//    Serial.print('-');
+//    while (adminfile.available())
+//    {
+//        char current = adminfile.read();
+//        Serial.print(current);
+//        Serial.print('-');
+//
+//        if (current == 0x00)
+//        {
+//            if (current_field)
+//            {
+//                if (password[current_pos] == 0x00)
+//                    res = tokenbuffer->newToken();
+//                break;
+//            }
+//            else
+//            {
+//                if (username[current_pos] != 0x00)
+//                    break;
+//                current_pos = 0;
+//                current_field = true;
+//            }
+//        }
+//        else if (current_pos >= MAX_USERNAMEPASSWORD_LENGTH)
+//            break;
+//        else if (!current_field)
+//        {
+//            Serial.print(String(username[current_pos]));
+//            if (username[current_pos] == 0x00 || username[current_pos] != current)
+//                break;
+//            current_pos++;
+//        }
+//        else
+//        {
+//            Serial.print(String(password[current_pos]));
+//            if (password[current_pos] == 0x00 || password[current_pos] != current)
+//                break;
+//            current_pos++;
+//        }
+//        Serial.print(',');
+//    }
+//    adminfile.close();
+//    return res;
+//}
+bool AdminAuth::setAuth(const String& username, const String& password)
+{
+    if (username.length() == 0 || username.length() > MAX_USERNAMEPASSWORD_LENGTH || password.length()==0 || password.length() > MAX_USERNAMEPASSWORD_LENGTH)
+        return false;
+    File adminfile = LittleFS.open("admin", "w+");
+    adminfile.print(username);
+    adminfile.print('\0');
+    adminfile.print(password);
+    adminfile.print('\0');
+    adminfile.seek(0);
+    adminfile.sendAll(Serial);
+    delay(1);
+    adminfile.close();
+    return true;
+}

src/AdminAuth.h

@@ -2,6 +2,7 @@
 #include "LittleFS.h"
 #define TOKENBUFFERCAPACITY 3
 #define TOKENLENGHT 10
+#define MAX_USERNAMEPASSWORD_LENGTH 25
 namespace webconsole
 {
 
@@ -67,9 +68,11 @@ namespace webconsole
     class AdminAuth
     {
     public:
-        char *login(const char *username, const char *password);
+        //char *login(const char *username, const char *password);
+        char *login(const String &username,const String &password);
         bool isAuth(const char *token);
         bool logout(const char *token);
+        bool setAuth(const String &username, const String &password);
 
     private:
         TokenBuffer *tokenbuffer = new TokenBuffer();

src/WebConsole.cpp

@@ -76,9 +76,7 @@ void WebConsole::_auth()
     }
     else if (action.equals("login"))
     {
-        const char *username = _server->arg("username").c_str();
+        char *token = auth.login(_server->arg("username"), _server->arg("password"));
-        const char *password = _server->arg("password").c_str();
-        char *token = auth.login(username, password);
         if (token == nullptr)
             _server->send(401, "text/plain", "failed!");
         else
@@ -90,6 +88,14 @@ void WebConsole::_auth()
         bool res = auth.logout(token);
         _server->send(200, "text/plain", res ? "success" : "failed");
     }
+    else if (action.equals("update"))
+    {
+        //if (!_isAuth())
+        //    return;
+        bool res = auth.setAuth(_server->arg("username"), _server->arg("password"));
+        _server->send(200, "text/plain", res ? "success" : "failed");
+
+    }
     else
         _server->send(404, "text/plain", "unknown action");
 }

src/main.cpp

@@ -8,6 +8,8 @@
 #include "WebConsole.h"
 #include "UserDb.h"
 #include "Config.h"
+#include <ESP8266mDNS.h>
+#include <DNSServer.h>
 // File config
 Config config;
 userdb::UserDb userdatabase("userdb.csv");
@@ -23,22 +25,25 @@ Keyboard keyboard(200);
 Interface iface;
 // Wifi control
 IPAddress local_IP(192, 168, 4, 22);
-IPAddress gateway(192, 168, 4, 9);
+IPAddress gateway(0, 0, 0, 0);
 IPAddress subnet(255, 255, 255, 0);
-
+IPAddress dns(192, 168, 178, 1);  
-
+DNSServer dnsServer;
 void setup()
 {
 	config.loadConfig();
 	Serial.begin(115200);
 	Serial.println("Starting System");
 	Serial.print("\t1. Network config ->");
-	Serial.println(WiFi.softAPConfig(local_IP, gateway, subnet) ? "Ready" : "Failed!");
+	WiFi.mode(WIFI_AP);
+	Serial.println(WiFi.softAPConfig(local_IP, local_IP, subnet) ? "Ready" : "Failed!");
 	Serial.print("\t2 AP setup " + String(config.SSID)+ " -> ");
 	if (strlen(config.PASS) > 0)
 		 Serial.println(WiFi.softAP(config.SSID, config.PASS) ? "Ready" : "Failed!");
 	else
 		Serial.println(WiFi.softAP(config.SSID) ? "Ready" : "Failed!");
+	WiFi.hostname("Doorlock");
+	dnsServer.start(53, "*", local_IP); // DNS spoofing (Only HTTP)
 	delay(150);
 #ifdef DEBUG
 	userdatabase.print_to_serial();
@@ -52,6 +57,7 @@ void setup()
 
 void loop()
 {
+	dnsServer.processNextRequest();
 	rfid.scan();
 	web.serve();
 	keyboard.scanAsync();