Setup: Use HTTP POST instead of GET when testing MySQL and RPC credentials.

This so they don't end up in the webserver access log ;)

diff --git a/api/installation.php b/api/installation.php
index 76711f36af7bb964e208a5452d09f157e5eaed5b..f167ac04322a53720529efa40109912cf1048387 100644 (file)
--- a/api/installation.php
+++ b/api/installation.php
@@ -8,9 +8,9 @@ require_once "../inc/common.php";
 if (file_exists("../config/config.php"))
                die(json_encode(["error" => "Configuration file exists."]));
 
-if (!isset($_GET) || empty($_GET))
+if (!isset($_POST) || empty($_POST))
                die(json_encode(["error" => "Incorrect parameters"]));
-foreach($_GET as $key => $str)
+foreach($_POST as $key => $str)
                ${$key} = $str;
 
 if ($method == "sql")

diff --git a/api/installation2.php b/api/installation2.php
index b3545e1e1cbb9fb06cfece1298aa7219df54ea24..e9dde108a6090f01c646e80bbb17dfda86a49fc6 100644 (file)
--- a/api/installation2.php
+++ b/api/installation2.php
@@ -6,10 +6,10 @@ require_once "../inc/common.php";
 if (isset($config['unrealircd']) && empty($config['unrealircd']['host']))
                die(json_encode(["error" => "Already configured."]));
 
-if (!isset($_GET) || empty($_GET))
+if (!isset($_POST) || empty($_POST))
                die(json_encode(["error" => "Incorrect parameters"]));
 
-foreach($_GET as $key => $str)
+foreach($_POST as $key => $str)
                ${$key} = $str;
 
 if ($method == "rpc")

diff --git a/settings/install.php b/settings/install.php
index 61505b89ee6de0ea5e4cd3f16f42f4301431b065..dc4d59d1744de7dfcf7443045da8fcd155a8cb8f 100644 (file)
--- a/settings/install.php
+++ b/settings/install.php
@@ -343,7 +343,15 @@ $writable = (is_writable("../config/")) ? true: false;
        sql_test_conn.addEventListener('click', e => {
                sql_test_conn.classList.add('disabled');
                sql_test_conn.innerHTML = "Checking...";
-               fetch(BASE_URL + 'api/installation.php?method=sql&host='+encodeURIComponent(sql_host.value)+'&database='+encodeURIComponent(sql_db.value)+'&user='+encodeURIComponent(sql_user.value)+'&password='+encodeURIComponent(sql_pass.value))
+               fetch(BASE_URL + 'api/installation.php', {
+                     method:'POST',
+                     headers: {'Content-Type':'application/x-www-form-urlencoded'},
+                     body: 'method=sql&'+
+                           'host='+encodeURIComponent(sql_host.value)+
+                           '&database='+encodeURIComponent(sql_db.value)+
+                           '&user='+encodeURIComponent(sql_user.value)+
+                           '&password='+encodeURIComponent(sql_pass.value)
+                     })
                .then(response => response.json())
                .then(data => {
                        if (data.success)

diff --git a/settings/install2.php b/settings/install2.php
index 8ce991f9835e0c259dd874de2f6f049668159191..3f9806b62a1f21c9d3d622fc1f5889044114b98a 100644 (file)
--- a/settings/install2.php
+++ b/settings/install2.php
@@ -181,7 +181,16 @@ $writable = (is_writable("../config/")) ? true: false;
        test_conn.addEventListener('click', e => {
                test_conn.classList.add('disabled');
                test_conn.innerHTML = "Checking...";
-               fetch(BASE_URL + 'api/installation2.php?method=rpc&host='+encodeURIComponent(rpc_host.value)+'&port='+encodeURIComponent(rpc_port.value)+'&user='+encodeURIComponent(rpc_user.value)+'&password='+encodeURIComponent(rpc_pass.value)+'&tls_verify='+rpc_tls.checked)
+               fetch(BASE_URL + 'api/installation2.php', {
+                     method:'POST',
+                     headers: {'Content-Type':'application/x-www-form-urlencoded'},
+                     body: 'method=rpc&'+
+                           'host='+encodeURIComponent(rpc_host.value)+
+                           '&port='+encodeURIComponent(rpc_port.value)+
+                           '&user='+encodeURIComponent(rpc_user.value)+
+                           '&password='+encodeURIComponent(rpc_pass.value)+
+                           '&tls_verify='+rpc_tls.checked
+                     })
                .then(response => response.json())
                .then(data => {
                        if (data.success)