Merge pull request #1 from RaspAP/master

Updates from upstream

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

BACKERS.md

@@ -15,23 +15,25 @@ You can [become a sponsor](https://github.com/sponsors/RaspAP) using your indivi
 > ℹ️  **Important**: If you're sponsoring [RaspAP](https://github.com/RaspAP/sponsors) through a GitHub organization, please send a short email to [sponsors@raspap.com](mailto:sponsors@raspap.com) with the name of your organization and the account that should be added as a collaborator.
 
 ### Exclusive features
-When backers were asked which feature they'd most like to see added to RaspAP, the ability to manage multiple OpenVPN client configurations topped the list of requests. We think this is a great idea, so we're adding this as the first feature exclusive to insiders. 
-
-✅ [Multiple OpenVPN client configs](https://docs.raspap.com/openvpn/#multiple-client-configs)  
-✅ [OpenVPN certificate authentication](https://docs.raspap.com/openvpn/#certificate-authentication)  
-✅ OpenVPN service logging  
-✅ Night mode toggle  
-✅ Restrict network to static clients  
-✅ [WireGuard support](https://docs.raspap.com/wireguard/)  
-✅ [Set AP transmit power](https://docs.raspap.com/ap-basics/#transmit-power)  
-
-Look for the list above to grow as we add more exclusive features. 
-
-### Funding targets
+The following features are currently available exclusively to sponsors. A tangible side benefit of sponsorship is that Insiders are able to help steer future development of RaspAP. This is done through Insiders' access to discussions, feature requests, issues and pull requests in the private GitHub repository.
+
+ ✅ [Network device management](https://docs.raspap.com/net-devices/)    
+ ✅ [Firewall settings](https://docs.raspap.com/firewall/)  
+ ✅ [WPA3-Personal AP security](https://docs.raspap.com/ap-basics/#wpa3-personal)  
+ ✅ [802.11w Protected Management Frames](https://docs.raspap.com/ap-basics/#80211w)  
+ ✅ [Printable Wi-Fi signs](https://docs.raspap.com/ap-basics/#printable-signs)  
+ ⚙️ Traffic shaping (in progress)   
+ 
+Look for the list above to grow as we add more exclusive features. Be sure to visit this page from time to time to learn about what's new, check the [Insiders docs page](https://docs.raspap.com/insiders/) and follow [@RaspAP on Twitter](https://twitter.com/rasp_ap) to stay updated.
+
+## Funding targets
 Below is a list of funding targets. When a funding target is reached, the features that are tied to it are merged back into RaspAP and released to the public for general availability.
 
-#### $500 
-The first **Insiders Edition** includes the exclusive features listed above.
+### $1000 
+The second **Insiders Edition** includes the features listed above.
+
+### $500 
+The [first Insiders Edition goal](https://docs.raspap.com/insiders/#500-1st-insiders-edition) was reached in December 2021. Thank you sponsors!
 
 ### Frequently asked questions
 
@@ -73,4 +75,3 @@ Yes. Whether you're an individual or a company, you may use RaspAP Insiders prec
 
 * Please **don't distribute the source code** of Insiders. You may freely use it for public, private or commercial projects, fork it, mirror it, do whatever you want with it, but please don't release the source code, as it would counteract the sponsorware strategy.
 * If you cancel your subscription, you're removed as a collaborator and will miss out on future updates of Insiders. However, you may *use the latest version* that's available to you as long as you like. Just remember that [GitHub deletes private forks](https://docs.github.com/en/github/setting-up-and-managing-your-github-user-account/removing-a-collaborator-from-a-personal-repository).
-

README.md

@@ -1,5 +1,5 @@
 ![](https://i.imgur.com/xeKD93p.png)
-[![Release 2.6.7](https://img.shields.io/badge/release-v2.6.7-green)](https://github.com/raspap/raspap-webgui/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Join Insiders](https://img.shields.io/static/v1?label=Join%20Insiders&message=%E2%9D%A4&logo=GitHub&color=ff69b4)](https://github.com/sponsors/RaspAP) ![https://travis-ci.com/github/raspap/raspap-webgui/](https://api.travis-ci.org/RaspAP/raspap-webgui.svg) [![Crowdin](https://badges.crowdin.net/raspap/localized.svg)](https://crowdin.com/project/raspap) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
+[![Release 2.8.4](https://img.shields.io/badge/release-v2.8.4-green)](https://github.com/raspap/raspap-webgui/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Join Insiders](https://img.shields.io/static/v1?label=Join%20Insiders&message=%E2%9D%A4&logo=GitHub&color=ff69b4)](https://github.com/sponsors/RaspAP) ![https://travis-ci.com/github/raspap/raspap-webgui/](https://api.travis-ci.org/RaspAP/raspap-webgui.svg) [![Crowdin](https://badges.crowdin.net/raspap/localized.svg)](https://crowdin.com/project/raspap) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
 
 RaspAP is feature-rich wireless router software that _just works_ on many popular [Debian-based devices](#supported-operating-systems), including the Raspberry Pi. Our popular [Quick installer](#quick-installer) creates a known-good default configuration for all current Raspberry Pis with onboard wireless. A fully responsive, mobile-ready interface gives you control over the relevant services and networking options. Advanced DHCP settings, WireGuard and OpenVPN support, [SSL certificates](https://docs.raspap.com/ssl-quick/), security audits, [captive portal integration](https://docs.raspap.com/captive/), themes and [multilingual options](https://docs.raspap.com/translations/) are included.
 
@@ -122,9 +122,9 @@ RaspAP was originally made for Raspbian, but now also installs on the following
 
 | Distribution | Release  | Architecture | Support |
 |---|:---:|:---:|:---:|
-| Raspberry Pi OS | (32-bit) Lite Buster | ARM | Official |
-| Armbian | Buster | [ARM](https://docs.armbian.com/#supported-socs) | Official |
-| Debian  |  Buster | ARM / x86_64  | Beta |
+| Raspberry Pi OS | (32-bit) Lite Bullseye | ARM | Official |
+| Armbian | Bullseye | [ARM](https://docs.armbian.com/#supported-socs) | Official |
+| Debian  |  Bullseye | ARM / x86_64  | Beta |
 | Ubuntu  |  18.04 LTS / 19.10 | ARM / x86_64  | Beta |
 
 ![](https://i.imgur.com/luiyYNw.png)

ajax/bandwidth/get_bandwidth.php

@@ -42,10 +42,10 @@ $jsonobj = json_decode($jsonstdoutvnstat[0], true);
 $timeunits = filter_input(INPUT_GET, 'tu');
 if ($timeunits === 'm') {
     // months
-    $jsonData = $jsonobj['interfaces'][0]['traffic']['months'];
+    $jsonData = $jsonobj['interfaces'][0]['traffic']['month'];
 } else {
     // default: days
-    $jsonData = $jsonobj['interfaces'][0]['traffic']['days'];
+    $jsonData = $jsonobj['interfaces'][0]['traffic']['day'];
 }
 
 $datasizeunits = filter_input(INPUT_GET, 'dsu');

ajax/bandwidth/get_bandwidth_hourly.php

@@ -34,19 +34,16 @@ if (filter_input(INPUT_GET, 'tu') == 'h') {
     23     => array('date' => '23:00', 'rx' => 0, 'tx' => 0)
     );
 
-
-
-
     exec(sprintf('vnstat -i %s --json h', escapeshellarg($interface)), $jsonstdoutvnstat, $exitcodedaily);
     if ($exitcodedaily !== 0) {
         exit('vnstat error');
     }
 
     $jsonobj = json_decode($jsonstdoutvnstat[0], true)['interfaces'][0];
-    $jsonData = $jsonobj['traffic']['hours'];
+    $jsonData = $jsonobj['traffic']['hour'];
     for ($i = count($jsonData) - 1; $i >= 0; --$i) {
-        $data_template[$jsonData[$i]['id']]['rx'] = round($jsonData[$i]['rx'] / 1024, 0);
-        $data_template[$jsonData[$i]['id']]['tx'] = round($jsonData[$i]['tx'] / 1024, 0);
+        $data_template[$jsonData[$i]['time']['hour']]['rx'] = round($jsonData[$i]['rx'] / 1024, 0);
+        $data_template[$jsonData[$i]['time']['hour']]['tx'] = round($jsonData[$i]['tx'] / 1024, 0);
     }
 
     $data = array();

ajax/networking/get_netcfg.php

@@ -52,7 +52,7 @@ if (isset($interface)) {
     $dhcpdata['StaticRouters'] = $static_routers[1];
     $dhcpdata['StaticDNS'] = $static_dns[1];
     $dhcpdata['FallbackEnabled'] = empty($fallback) ? false: true;
-    $dhcpdata['DefaultRoute'] = empty($gateway) || $gateway[0] == "gateway";
+    $dhcpdata['DefaultRoute'] = $gateway[0] == "gateway";
 
     echo json_encode($dhcpdata);
 }

ajax/networking/get_wgcfg.php

@@ -0,0 +1,9 @@
+<?php
+
+require '../../includes/csrf.php';
+require_once '../../includes/config.php';
+
+// fetch wg client.conf
+exec('sudo cat '. RASPI_WIREGUARD_PATH.'client.conf', $return);
+echo implode(PHP_EOL,$return);
+

ajax/networking/get_wgkey.php

@@ -0,0 +1,22 @@
+<?php
+
+require '../../includes/csrf.php';
+require_once '../../includes/config.php';
+
+$entity = $_POST['entity'];
+
+if (isset($entity)) {
+   
+    // generate public/private key pairs for entity
+    $pubkey = RASPI_WIREGUARD_PATH.$entity.'-public.key';
+    $privkey = RASPI_WIREGUARD_PATH.$entity.'-private.key';
+    $pubkey_tmp = '/tmp/'.$entity.'-public.key';
+    $privkey_tmp = '/tmp/'.$entity.'-private.key';
+     
+    exec("sudo wg genkey | tee $privkey_tmp | wg pubkey > $pubkey_tmp", $return);
+    $wgdata['pubkey'] = str_replace("\n",'',file_get_contents($pubkey_tmp));
+    exec("sudo mv $privkey_tmp $privkey", $return);
+    exec("sudo mv $pubkey_tmp $pubkey", $return);
+
+    echo json_encode($wgdata);
+}

ajax/networking/save_net_dev_config.php

@@ -0,0 +1,93 @@
+<?php
+/*
+ Save settings of network devices (type, name, PW, APN ...)
+  
+ Called by js saveNetDeviceSettings (App/js/custom.js)
+*/
+
+
+require '../../includes/csrf.php';
+
+require_once '../../includes/config.php';
+require_once '../../includes/functions.php';
+
+if (isset($_POST['interface'])) {
+    $int = $_POST['interface'];
+    $cfg = [];
+    $file = $RASPI_MOBILEDATA_CONFIG;
+    $cfgfile="/etc/wvdial.conf";
+    if ( $int == "mobiledata") {
+        $cfg['pin'] = $_POST["pin-mobile"];
+        $cfg['apn'] = $_POST["apn-mobile"];
+        $cfg['apn_user'] = $_POST["apn-user-mobile"];
+        $cfg['apn_pw'] = $_POST["apn-pw-mobile"];
+        $cfg['router_user'] = $cfg['apn_user'] ;
+        $cfg['router_pw'] = $cfg['apn_pw'] ;
+        if (file_exists($cfgfile)) {
+            if($cfg["pin"] !== "") exec('sudo /bin/sed -i  "s/CPIN=\".*\"/CPIN=\"'.$cfg["pin"].'\"/gi" '.$cfgfile);
+            if($cfg["apn"] !== "") exec('sudo /bin/sed -i "s/\"IP\"\,\".*\"/\"IP\"\,\"'.$cfg["apn"].'\"/gi" '.$cfgfile);
+            if($cfg["apn_user"] !== "") exec('sudo /bin/sed -i "s/^username = .*$/Username = '.$cfg["apn_user"].'/gi" '.$cfgfile);
+            if($cfg["apn_pw"] !== "") exec('sudo /bin/sed -i "s/^password = .*$/Password = '.$cfg["apn_pw"].'/gi" '.$cfgfile);
+        }
+		if (write_php_ini($cfg, RASPI_MOBILEDATA_CONFIG)) {
+			$jsonData = ['return'=>0,'output'=>['Successfully saved mobile data settings']];
+		} else {
+			$jsonData = ['return'=>1,'output'=>['Error saving mobile data settings']];
+		}
+    } else if ( preg_match("/netdevices/",$int)) {
+        if(!isset($_POST['opts']) ) {
+            $jsonData = ['return'=>0,'output'=>['No valid data to add/delete udev rule ']];
+            echo json_encode($jsonData);
+            return;
+        } else {
+            $opts=explode(" ",$_POST['opts'] );
+            $dev=$opts[0];
+            $vid=$_POST["int-vid-".$dev];
+            $pid=$_POST["int-pid-".$dev];
+            $mac=$_POST["int-mac-".$dev];
+            $name=trim($_POST["int-name-".$dev]);
+			// limit device name to letters and numbers. Total length max 20
+            $name=preg_replace("/[^a-z0-9]/", "", strtolower($name));
+            $name=substr($name, 0, min(strlen($name),20));
+            $type=$_POST["int-type-".$dev];
+            $newtype=$_POST["int-new-type-".$dev];
+            $udevfile=$_SESSION["udevrules"]["udev_rules_file"]; // default file /etc/udev/rules.d/80-net-devices.rules";
+
+            // find the rule prototype and prefix
+            $rule = "";
+            foreach($_SESSION["udevrules"]["network_devices"] as $devt) {
+                if($devt["type"]==$newtype) {
+                    $rulenew = $devt["udev_rule"];
+                    $prefix = $devt["name_prefix"];
+                }
+            }
+
+            // check for an existing rule and delete lines with same MAC or same VID/PID
+            if (!empty($vid) && !empty($pid)) {
+                $rule = '^.*ATTRS{idVendor}==\"' . $vid . '\".*ATTRS{idProduct}==\"' . $pid . '\".*$';
+                exec('sudo sed -i "/'.$rule.'/Id" '.$udevfile);  // clear all entries with this VID/PID
+                $rule = '^.*ATTRS{idProduct}==\"' . $pid . '\".*ATTRS{idVendor}==\"' . $vid . '\".*$';
+                exec('sudo sed -i "/'.$rule.'/Id" '.$udevfile);  // clear all entries with this VID/PID
+            }
+            if (!empty($mac)) {
+                exec('sudo sed -i "/^.*'.$mac.'.*$/d" '.$udevfile);  // clear all entries with same MAC
+            }
+            // create new entry
+            if ( ($type != $newtype) || !empty($name) ) { // new device type or new name
+                if (empty($name)) $name = $prefix."%n";
+                if (!empty($mac)) $rule = preg_replace("/\\\$MAC\\\$/i", $mac, $rulenew);
+                if (!empty($vid)) $rule = preg_replace("/\\\$IDVENDOR\\\$/i", $vid, $rule);
+                if (!empty($pid)) $rule = preg_replace("/\\\$IDPRODUCT\\\$/i", $pid, $rule);
+                if (!empty($name)) $rule = preg_replace("/\\\$DEVNAME\\\$/i",$name,$rule);
+                if (!empty($rule)) exec('echo \''.$rule.'\' | sudo /usr/bin/tee -a '.$udevfile);
+            }
+            $jsonData = ['return'=>0,'output'=>['Settings changed for device '.$dev. '<br>Changes will only be in effect after reconnecting the device'  ] ];
+        }
+    } else {
+        $jsonData = ['return'=>1,'output'=>['Unknown network configuration']];
+    }
+} else {
+    $jsonData = ['return'=>2,'output'=>'Unable to detect interface'];
+}
+
+echo json_encode($jsonData);

ajax/networking/wifi_stations.php

@@ -14,6 +14,7 @@ knownWifiStations($networks);
 nearbyWifiStations($networks, !isset($_REQUEST["refresh"]));
 connectedWifiStations($networks);
 sortNetworksByRSSI($networks);
+foreach ($networks as $ssid => $network) $networks[$ssid]["ssidutf8"] = ssid2utf8( $ssid ); 
 
 $connected = array_filter($networks, function($n) { return $n['connected']; } );
 $known     = array_filter($networks, function($n) { return !$n['connected'] && $n['configured']; } );

ajax/openvpn/activate_ovpncfg.php

@@ -0,0 +1,26 @@
+<?php
+
+require_once '../../includes/config.php';
+require_once '../../includes/functions.php';
+
+if (isset($_POST['cfg_id'])) {
+    $ovpncfg_id = $_POST['cfg_id'];
+    $ovpncfg_client = RASPI_OPENVPN_CLIENT_PATH.$ovpncfg_id.'_client.conf';
+    $ovpncfg_login = RASPI_OPENVPN_CLIENT_PATH.$ovpncfg_id.'_login.conf';
+
+    // remove existing client config +login and symbolically link the selected one
+    system("sudo rm ".RASPI_OPENVPN_CLIENT_CONFIG, $return);
+    system("sudo ln -s $ovpncfg_client ".RASPI_OPENVPN_CLIENT_CONFIG, $return);
+    system("sudo rm ".RASPI_OPENVPN_CLIENT_LOGIN, $return);
+    system("sudo ln -s $ovpncfg_login ".RASPI_OPENVPN_CLIENT_LOGIN, $return);
+
+    // restart service
+    exec("sudo /bin/systemctl stop openvpn-client@client", $return);
+    sleep(1);
+    exec("sudo /bin/systemctl enable openvpn-client@client", $return);
+    sleep(1);
+    exec("sudo /bin/systemctl start openvpn-client@client", $return);
+
+    echo json_encode($return);
+}
+

ajax/openvpn/del_ovpncfg.php

@@ -0,0 +1,13 @@
+<?php
+
+require_once '../../includes/config.php';
+require_once '../../includes/functions.php';
+
+if (isset($_POST['cfg_id'])) {
+    $ovpncfg_id = $_POST['cfg_id'];
+    $ovpncfg_files = pathinfo(RASPI_OPENVPN_CLIENT_LOGIN, PATHINFO_DIRNAME).'/'.$ovpncfg_id.'_*.conf';
+    exec("sudo rm $ovpncfg_files", $return);
+    $jsonData = ['return'=>$return];
+    echo json_encode($jsonData);
+}
+

app/css/hackernews.css

@@ -79,6 +79,9 @@ h5.card-title {
   font-family: Verdana, Geneva, sans-serif;
 }
 
+.sidebar-light hr.sidebar-divider {
+  padding-top: 0.5rem;
+}
 
 ul.nav-tabs, .nav-tabs .nav-link {
   background-color: #f6f6ef;
@@ -163,6 +166,7 @@ ul.nav-tabs, .nav-tabs .nav-link {
 .info-item-xs {
   font-size: 0.7rem;
   margin-left: 0.3rem;
+  line-height: 1.5em;
 }
 
 .info-item-wifi {
@@ -200,6 +204,10 @@ ul.nav-tabs, .nav-tabs .nav-link {
   }
 }
 
+.fas.fa-circle {
+    font-size: 0.5rem;
+}
+
 .logoutput {
   width:100%;
   height:300px;

app/img/wg-qr-code.php

@@ -0,0 +1,28 @@
+<?php
+
+require_once '../../includes/config.php';
+require_once '../../includes/defaults.php';
+require_once '../../includes/functions.php';
+
+// prevent direct file access
+if (!isset($_SERVER['HTTP_REFERER'])) {
+    header('HTTP/1.0 403 Forbidden');
+    exit;
+}
+
+exec("sudo cat " .RASPI_WIREGUARD_PATH.'client.conf', $return);
+$peer_conf = implode(PHP_EOL,$return);
+$peer_conf.= PHP_EOL;
+$command = "qrencode -t svg -m 0 -o - " . mb_escapeshellarg($peer_conf);
+$svg = shell_exec($command);
+$etag = hash('sha256', $peer_conf);
+$content_length = strlen($svg);
+$last_modified = date("Y-m-d H:i:s");
+
+header("Content-Type: image/svg+xml");
+header("Content-Length: $content_length");
+header("Last-Modified: $last_modified");
+header("ETag: \"$etag\"");
+header("X-QR-Code-Content: $peer_conf");
+echo shell_exec($command);
+

app/img/wifi-qr-code.php

@@ -10,11 +10,6 @@ if (!isset($_SERVER['HTTP_REFERER'])) {
     exit;
 }
 
-function qr_encode($str)
-{
-    return preg_replace('/(?<!\\\)([\":;,])/', '\\\\\1', $str);
-}
-
 $hostapd = parse_ini_file(RASPI_HOSTAPD_CONFIG, false, INI_SCANNER_RAW);
 
 // assume wpa encryption and get the passphrase
@@ -52,7 +47,8 @@ $content_length = strlen($svg);
 header("Content-Type: image/svg+xml");
 header("Content-Length: $content_length");
 header("Last-Modified: $last_modified");
+header("Content-Disposition: attachment; filename=\"qr.svg\"");
 header("ETag: \"$etag\"");
 header("X-QR-Code-Content: $data");
-echo shell_exec($command);
+echo $svg;
 

app/js/custom.js

@@ -1,6 +1,5 @@
 function msgShow(retcode,msg) {
-    if(retcode == 0) {
-        var alertType = 'success';
+    if(retcode == 0) { var alertType = 'success';
     } else if(retcode == 2 || retcode == 1) {
         var alertType = 'danger';
     }
@@ -123,6 +122,11 @@ $(document).on("click", "#gen_wpa_passphrase", function(e) {
     $('#txtwpapassphrase').val(genPassword(63));
 });
 
+// Enable Bootstrap tooltips
+$(function () {
+  $('[data-toggle="tooltip"]').tooltip()
+})
+
 function genPassword(pwdLen) {
     var pwdChars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
     var rndPass = Array(pwdLen).fill(pwdChars).map(function(x) { return x[Math.floor(Math.random() * x.length)] }).join('');
@@ -252,6 +256,69 @@ $('#hostapdModal').on('shown.bs.modal', function (e) {
 $('#configureClientModal').on('shown.bs.modal', function (e) {
 });
 
+$('#ovpn-confirm-delete').on('click', '.btn-delete', function (e) {
+    var cfg_id = $(this).data('recordId');
+    $.post('ajax/openvpn/del_ovpncfg.php',{'cfg_id':cfg_id},function(data){
+        jsonData = JSON.parse(data);
+        $("#ovpn-confirm-delete").modal('hide');
+        var row = $(document.getElementById("openvpn-client-row-" + cfg_id));
+        row.fadeOut( "slow", function() {
+            row.remove();
+        });
+    });
+});
+
+$('#ovpn-confirm-delete').on('show.bs.modal', function (e) {
+    var data = $(e.relatedTarget).data();
+    $('.btn-delete', this).data('recordId', data.recordId);
+});
+
+$('#ovpn-confirm-activate').on('click', '.btn-activate', function (e) {
+    var cfg_id = $(this).data('record-id');
+    $.post('ajax/openvpn/activate_ovpncfg.php',{'cfg_id':cfg_id},function(data){
+        jsonData = JSON.parse(data);
+        $("#ovpn-confirm-activate").modal('hide');
+        setTimeout(function(){
+            window.location.reload();
+        },300);
+    });
+});
+
+$('#ovpn-confirm-activate').on('shown.bs.modal', function (e) {
+    var data = $(e.relatedTarget).data();
+    $('.btn-activate', this).data('recordId', data.recordId);
+});
+
+$('#ovpn-userpw,#ovpn-certs').on('click', function (e) {
+    if (this.id == 'ovpn-userpw') {
+        $('#PanelCerts').hide();
+        $('#PanelUserPW').show();
+    } else if (this.id == 'ovpn-certs') {
+        $('#PanelUserPW').hide();
+        $('#PanelCerts').show();
+    }
+});
+
+$(document).ready(function(){
+  $("#PanelManual").hide();
+});
+
+$('#wg-upload,#wg-manual').on('click', function (e) {
+    if (this.id == 'wg-upload') {
+        $('#PanelManual').hide();
+        $('#PanelUpload').show();
+    } else if (this.id == 'wg-manual') {
+        $('#PanelUpload').hide();
+        $('#PanelManual').show();
+    }
+});
+
+// Add the following code if you want the name of the file appear on select
+$(".custom-file-input").on("change", function() {
+  var fileName = $(this).val().split("\\").pop();
+  $(this).siblings(".custom-file-label").addClass("selected").html(fileName);
+});
+
 /*
 Sets the wirelss channel select options based on hw_mode and country_code.
 
@@ -320,6 +387,55 @@ function updateBlocklist() {
 function clearBlocklistStatus() {
     $('#cbxblocklist-status').removeClass('check-updated').addClass('check-hidden');
 }
+
+// Handler for the wireguard generate key button
+$('.wg-keygen').click(function(){
+    var entity_pub = $(this).parent('div').prev('input[type="text"]');
+    var entity_priv = $(this).parent('div').next('input[type="hidden"]');
+    var updated = entity_pub.attr('name')+"-pubkey-status";
+    $.post('ajax/networking/get_wgkey.php',{'entity':entity_pub.attr('name') },function(data){
+        var jsonData = JSON.parse(data);
+        entity_pub.val(jsonData.pubkey);
+        $('#' + updated).removeClass('check-hidden').addClass('check-updated').delay(500).animate({ opacity: 1 }, 700);
+    })
+})
+
+// Handler for wireguard client.conf download
+$('.wg-client-dl').click(function(){
+    var req = new XMLHttpRequest();
+    var url = 'ajax/networking/get_wgcfg.php';
+    req.open('get', url, true);
+    req.responseType = 'blob';
+    req.setRequestHeader('Content-type', 'text/plain; charset=UTF-8');
+    req.onreadystatechange = function (event) {
+        if(req.readyState == 4 && req.status == 200) {
+            var blob = req.response;
+            var link=document.createElement('a');
+            link.href=window.URL.createObjectURL(blob);
+            link.download = 'client.conf';
+            link.click();
+        }
+    }
+    req.send();
+})
+
+// Event listener for Bootstrap's form validation
+window.addEventListener('load', function() {
+    // Fetch all the forms we want to apply custom Bootstrap validation styles to
+    var forms = document.getElementsByClassName('needs-validation');
+    // Loop over them and prevent submission
+    var validation = Array.prototype.filter.call(forms, function(form) {
+        form.addEventListener('submit', function(event) {
+          //console.log(event.submitter);
+          if (form.checkValidity() === false) {
+            event.preventDefault();
+            event.stopPropagation();
+          }
+          form.classList.add('was-validated');
+        }, false);
+    });
+}, false);
+
 // Static Array method
 Array.range = (start, end) => Array.from({length: (end - start)}, (v, k) => k + start);
 
@@ -369,6 +485,17 @@ function set_theme(theme) {
     setCookie('theme',theme,90);
 }
 
+$(function() {
+    $('#night-mode').change(function() {
+        var state = $(this).is(':checked');
+        if (state == true && getCookie('theme') != 'lightsout.css') {
+            set_theme('lightsout.css');
+        } else {
+            set_theme('custom.php');
+        }
+   });
+});
+
 function setCookie(cname, cvalue, exdays) {
     var d = new Date();
     d.setTime(d.getTime() + (exdays*24*60*60*1000));

app/lib/system.php

@@ -42,7 +42,7 @@ class Sysinfo
 
     public function usedMemory()
     {
-        $used = shell_exec("free -m | awk '/Mem:/ { total=$2 ; used=$3 } END { print used/total*100}'");
+        $used = shell_exec("free -m | awk 'NR==2{ total=$2 ; used=$3 } END { print used/total*100}'");
         return floor($used);
     }
 

app/lib/uploader.php

@@ -0,0 +1,505 @@
+<?php
+
+/**
+ * Simple PHP upload class
+ *
+ * Adapted from aivis/PHP-file-upload-class
+ *
+ * @description File upload class for RaspAP
+ * @author      Bill Zimmerman <billzimmerman@gmail.com>
+ * @author      Aivis Silins
+ * @link        https://github.com/aivis/PHP-file-upload-class
+ * @license     https://github.com/raspap/raspap-webgui/blob/master/LICENSE
+ */
+
+namespace RaspAP\Uploader;
+
+class Upload
+{
+
+    /**
+     * Default directory persmissions (destination)
+     */
+    protected $default_permissions = 0750;
+
+    /**
+     * File post array
+     *
+     * @var array
+     */
+    protected $file_post = array();
+
+    /**
+     * Destination directory
+     *
+     * @var string
+     */
+    protected $destination;
+
+    /**
+     * Fileinfo
+     *
+     * @var object
+     */
+    protected $finfo;
+
+    /**
+     * Data about file
+     *
+     * @var array
+     */
+    public $file = array();
+
+    /**
+     * Max. file size
+     *
+     * @var int
+     */
+    protected $max_file_size;
+
+    /**
+     * Allowed mime types
+     *
+     * @var array
+     */
+    protected $mimes = array();
+
+    /**
+     * Temp path
+     *
+     * @var string
+     */
+    protected $tmp_name;
+
+    /**
+     * Validation errors
+     *
+     * @var array
+     */
+    protected $validation_errors = array();
+
+    /**
+     * Filename (new)
+     *
+     * @var string
+     */
+    protected $filename;
+
+    /**
+     * Internal callbacks (filesize check, mime, etc)
+     *
+     * @var array
+     */
+    private $callbacks = array();
+
+    /**
+     * Root dir
+     *
+     * @var string
+     */
+    protected $root;
+
+    /**
+     * Return upload object
+     *
+     * $destination    = 'path/to/file/destination/';
+     *
+     * @param  string $destination
+     * @param  string $root
+     * @return Upload
+     */
+    public static function factory($destination, $root = false)
+    {
+        return new Upload($destination, $root);
+    }
+
+    /**
+     *  Define root constant and set & create destination path
+     *
+     * @param string $destination
+     * @param string $root
+     */
+    public function __construct($destination, $root = false)
+    {
+        if ($root) {
+            $this->root = $root;
+        } else {
+            $this->root = $_SERVER['DOCUMENT_ROOT'] . DIRECTORY_SEPARATOR;
+        }
+
+        // set & create destination path
+        if (!$this->set_destination($destination)) {
+            throw new Exception('Upload: Unable to create destination. '.$this->root . $this->destination);
+        }
+        //create finfo object
+        $this->finfo = new \finfo();
+    }
+
+    /**
+     * Set target filename
+     *
+     * @param string $filename
+     */
+    public function set_filename($filename)
+    {
+        $this->filename = $filename;
+    }
+
+    /**
+     * Check & Save file
+     *
+     * Return data about current upload
+     *
+     * @return array
+     */
+    public function upload($filename = false)
+    {
+        if($filename ) {
+            $this->set_filename($filename);
+        }
+
+        $this->set_filename($filename);
+        
+        if ($this->check()) {
+            $this->save();
+        }
+
+        // return state data
+        return $this->get_state();
+    }
+
+    /**
+     * Save file on server
+     * Return state data
+     *
+     * @return array
+     */
+    public function save()
+    {
+        $this->save_file();
+        return $this->get_state();
+    }
+
+    /**
+     * Validate file (execute callbacks)
+     * Returns TRUE if validation successful
+     *
+     * @return bool
+     */
+    public function check()
+    {
+        //execute callbacks (check filesize, mime, also external callbacks
+        $this->validate();
+
+        //add error messages
+        $this->file['errors'] = $this->get_errors();
+
+        //change file validation status
+        $this->file['status'] = empty($this->validation_errors);
+
+        return $this->file['status'];
+    }
+
+    /**
+     * Get current state data
+     *
+     * @return array
+     */
+    public function get_state()
+    {
+        return $this->file;
+    }
+
+    /**
+     * Save file on server
+     */
+    protected function save_file()
+    {
+        //create & set new filename
+        if(empty($this->filename)) {
+            $this->create_new_filename();
+        }
+
+        //set filename
+        $this->file['filename'] = $this->filename;
+
+        //set full path
+        $this->file['full_path'] = $this->root . $this->destination . $this->filename;
+            $this->file['path'] = $this->destination . $this->filename;
+
+        $status = move_uploaded_file($this->tmp_name, $this->file['full_path']);
+
+        //checks whether upload successful
+        if (!$status) {
+            throw new Exception('Upload: Failed to upload file.');
+        }
+
+        //done
+        $this->file['status'] = true;
+    }
+
+    /**
+     * Set data about file
+     */
+    protected function set_file_data()
+    {
+        $file_size = $this->get_file_size();
+        $this->file = array(
+        'status'            => false,
+        'destination'       => $this->destination,
+        'size_in_bytes'     => $file_size,
+        'size_in_mb'        => $this->bytes_to_mb($file_size),
+        'mime'              => $this->get_file_mime(),
+        'filename'          => $this->file_post['name'],
+        'tmp_name'          => $this->file_post['tmp_name'],
+        'post_data'         => $this->file_post,
+        );
+    }
+
+    /**
+     * Set validation error
+     *
+     * @param string $message
+     */
+    public function set_error($message)
+    {
+        $this->validation_errors[] = $message;
+    }
+
+    /**
+     * Return validation errors
+     *
+     * @return array
+     */
+    public function get_errors()
+    {
+        return $this->validation_errors;
+    }
+
+    /**
+     * Set external callback methods
+     *
+     * @param object $instance_of_callback_object
+     * @param array  $callback_methods
+     */
+    public function callbacks($instance_of_callback_object, $callback_methods)
+    {
+        if (empty($instance_of_callback_object)) {
+            throw new Exception('Upload: $instance_of_callback_object cannot be empty.');
+
+        }
+
+        if (!is_array($callback_methods)) {
+            throw new Exception('Upload: $callback_methods data type need to be array.');
+        }
+
+        $this->external_callback_object = $instance_of_callback_object;
+        $this->external_callback_methods = $callback_methods;
+    }
+
+    /**
+     * Execute callbacks
+     */
+    protected function validate()
+    {
+        //get curent errors
+        $errors = $this->get_errors();
+
+        if (empty($errors)) {
+
+            //set data about current file
+            $this->set_file_data();
+
+            //execute internal callbacks
+            $this->execute_callbacks($this->callbacks, $this);
+
+            //execute external callbacks
+            $this->execute_callbacks($this->external_callback_methods, $this->external_callback_object);
+        }
+    }
+
+    /**
+     * Execute callbacks
+     */
+    protected function execute_callbacks($callbacks, $object)
+    {
+        foreach($callbacks as $method) {
+            $object->$method($this);
+
+        }
+    }
+
+    /**
+     * File mime type validation callback
+     *
+     * @param object $object
+     */
+    protected function check_mime_type($object)
+    {
+        if (!empty($object->mimes)) {
+            if (!in_array($object->file['mime'], $object->mimes)) {
+                $object->set_error('MIME type not allowed.');
+            }
+        }
+    }
+
+    /**
+     * Set allowed mime types
+     *
+     * @param array $mimes
+     */
+    public function set_allowed_mime_types($mimes)
+    {
+        $this->mimes        = $mimes;
+        //if mime types is set -> set callback
+        $this->callbacks[]    = 'check_mime_type';
+    }
+
+    /**
+     * File size validation callback
+     *
+     * @param object $object
+     */
+    protected function check_file_size($object)
+    {
+        if (!empty($object->max_file_size)) {
+            $file_size_in_mb = $this->bytes_to_mb($object->file['size_in_bytes']);
+            if ($object->max_file_size <= $file_size_in_mb) {
+                $object->set_error('File exceeds maximum allowed size.');
+            }
+        }
+    }
+
+    /**
+     * Set max file size
+     *
+     * @param int $size
+     */
+    public function set_max_file_size($size)
+    {
+        $this->max_file_size = $size;
+        
+        //if max file size is set -> set callback
+        $this->callbacks[] = 'check_file_size';
+    }
+
+    /**
+     * Set File array to object
+     *
+     * @param array $file
+     */
+    public function file($file)
+    {
+        $this->set_file_array($file);
+    }
+
+    /**
+     * Set file array
+     *
+     * @param array $file
+     */
+    protected function set_file_array($file)
+    {
+        //checks whether file array is valid
+        if (!$this->check_file_array($file)) {
+            //file not selected or some bigger problems (broken files array)
+            $this->set_error('Please select file.');
+        }
+
+        //set file data
+        $this->file_post = $file;
+
+        //set tmp path
+        $this->tmp_name  = $file['tmp_name'];
+    }
+
+    /**
+     * Checks whether Files post array is valid
+     *
+     * @return bool
+     */
+    protected function check_file_array($file)
+    {
+        return isset($file['error'])
+        && !empty($file['name'])
+        && !empty($file['type'])
+        && !empty($file['tmp_name'])
+        && !empty($file['size']);
+    }
+
+    /**
+     * Get file mime type
+     *
+     * @return string
+     */
+    protected function get_file_mime()
+    {
+        return $this->finfo->file($this->tmp_name, FILEINFO_MIME_TYPE);
+    }
+
+    /**
+     * Get file size
+     *
+     * @return int
+     */
+    protected function get_file_size()
+    {
+        return filesize($this->tmp_name);
+    }
+
+    /**
+     * Set destination path (return TRUE on success)
+     *
+     * @param  string $destination
+     * @return bool
+     */
+    protected function set_destination($destination)
+    {
+        $this->destination = $destination . DIRECTORY_SEPARATOR;
+        return $this->destination_exist() ? true : $this->create_destination();
+    }
+
+    /**
+     * Checks whether destination folder exists
+     *
+     * @return bool
+     */
+    protected function destination_exist()
+    {
+        return is_writable($this->root . $this->destination);
+    }
+
+    /**
+     * Create path to destination
+     *
+     * @param  string $dir
+     * @return bool
+     */
+    protected function create_destination()
+    {
+        return mkdir($this->root . $this->destination, $this->default_permissions, true);
+    }
+
+    /**
+     * Set unique filename
+     *
+     * @return string
+     */
+    protected function create_new_filename()
+    {
+        $filename = sha1(mt_rand(1, 9999) . $this->destination . uniqid()) . time();
+        $this->set_filename($filename);
+    }
+
+    /**
+     * Convert bytes to MB
+     *
+     * @param  int $bytes
+     * @return int
+     */
+    protected function bytes_to_mb($bytes)
+    {
+        return round(($bytes / 1048576), 2);
+    }
+}
+

config/090_raspap.conf

@@ -1,4 +1,4 @@
 # RaspAP default config
-log-facility=/tmp/dnsmasq.log
+log-facility=/var/log/dnsmasq.log
 conf-dir=/etc/dnsmasq.d
 

config/client_config/70-mobile-data-sticks.rules

@@ -0,0 +1,4 @@
+# mobile data modem - ttyUSB0 device appears 
+SUBSYSTEM=="tty", KERNEL=="ttyUSB0", TAG+="systemd", ENV{SYSTEMD_WANTS}="start start_ppp0_device.service"
+
+

config/client_config/80-raspap-net-devices.rules

@@ -0,0 +1,3 @@
+SUBSYSTEM=="net", ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="12d1", ATTRS{idProduct}=="14db", NAME="hilink%n",  TAG+="systemd", ENV{SYSTEMD_WANTS}="start start_huawei_hilink@hilink%n.service"
+
+

config/client_config/huawei_hilink_api.sh

@@ -0,0 +1,505 @@
+#!/bin/bash
+#
+# Huawei Hilink API
+# =================
+# - communication with Hilink devices via HTTP
+# - send a standard http request with a xml formatted string to the device (default IP 192.169.8.1)
+# - Howto:
+#   o "source" this script in your own script from the command line
+#   o if hilink_host ip/name differs, set "hilink_host=192.168.178.1" before calling any function
+#   o if the device is locked by a password, set hilink_user="admin"; hilink_password"1234secret"
+#     _login is called automatically
+#     only password type 4 is supported
+#   o if the SIM is requiring a PIN, set "hilink_pin=1234"
+#   o connect device to network: _switchMobileData ON  ( or 1 )
+#   o disconnect device: _switchMobileData OFF  ( or 0 )
+#   o get informations about the device: _getDeviceInformation and _getStatus and _getNetProvider
+#     all functions return XML formatted data in $response.
+#   o _getAllInformations: returns all available informations as key/value pairs (outputs text) 
+#   o Check if device is connected: "if _isConnected; then .... fi"
+#   o $response can be parsed by calling _valueFromResponse 
+#     e.g "_valueFromResponse msisdn" to get the phone number after a call to _getDeviceInformation
+#
+#
+# Usage of functions 
+#     - call the function with parameters (if required)
+#     - return code: 0 - success; 1 - failed
+#     - $status: status information (OK, ERROR)
+#     - $response: xml response to be parsed for the required information
+#
+#
+# required software: curl, base64, sha256sum, sed
+#
+# ToDo: improve error handling
+#
+# zbchristian 2021
+#
+
+# Initialization procedure
+# ========================
+#
+# hilink_host=192.168.8.1       # ip address of device
+# hilink_user="admin"           # user name if locked (default admin)
+# hilink_password="1234Secret"  # password if locked 
+# hilink_pin="1234"             # PIN of SIM
+# _initHilinkAPI                # initialize the API
+#
+# Termination
+# ===========
+# cleanup the API before quitting the shell 
+# _closeHilinkAPI  (optional: add parameter "save" to save the session/token data for subsequent calls. Valid for a few minutes.)
+#
+# BE AWARE, THAT THE API USES SOME GLOBAL VARIABLES : hilink_host, user, password, pin, response, status
+# USE THESE ONLY TO COMMUNICATE WITH THE API.
+# DO NOT USE THE VARIABLE PRE_FIX "hilink_" FOR YOUR OWN VARIABLES
+#
+
+hilink_host_default="192.168.8.1"
+hilink_save_file="/tmp/hilink_api_saved.dat"
+hilink_save_age=60
+hilink_header_file="/tmp/hilink_login_hdr.txt"
+
+# initialize
+function _initHilinkAPI() {
+    local age
+    if [ -z "$hilink_host" ]; then hilink_host=$hilink_host_default; fi
+    if ! _hostReachable; then return 1; fi
+    if [ -f $hilink_save_file ]; then # found file with saved data
+        _getSavedData
+        age=$(( $(date +%s) - $(stat $hilink_save_file  -c %Y) ))
+        if [[ $age -gt $hilink_save_age ]]; then 
+            rm -f $hilink_save_file
+            _logout
+            _sessToken
+        fi
+    fi
+    if [ -z "$hilink_sessID" ] || [ -z "$hilink_token" ]; then _sessToken; fi
+    _login
+    return $?
+}
+
+function _getSavedData() {
+    local dat
+    if [ -f $hilink_save_file ]; then  # restore saved session data
+        dat=$(cat $hilink_save_file)
+        hilink_sessID=$(echo "$dat" | sed -nr 's/sessionid: ([a-z0-9]*)/\1/ip')
+        hilink_token=$(echo "$dat" | sed -nr 's/token: ([a-z0-9]*)/\1/ip')
+        hilink_tokenlist=( $(echo "$dat" | sed -nr 's/tokenlist: ([a-z0-9 ]*)/\1/ip') )
+    fi
+}
+
+# Cleanup
+# parameter: "save" - will store sessionid and tokens in file
+function _closeHilinkAPI() {
+    local opt
+    if [ -z "$hilink_host" ]; then hilink_host=$hilink_host_default; fi
+    if ! _hostReachable; then return 1; fi
+    rm -f $hilink_save_file
+    [ ! -z "$1" ] && opt="${1,,}"
+    if [ ! -z "$opt" ] && [ "$opt" = "save" ]; then
+        echo "sessionid: $hilink_sessID" > $hilink_save_file
+        echo "token: $hilink_token" >> $hilink_save_file
+        echo "tokenlist: ${hilink_tokenlist[@]}" >> $hilink_save_file
+    fi
+    _logout
+    hilink_tokenlist=""
+    hilink_sessID=""
+    hilink_token=""
+    return 0
+}
+
+# get status (connection status, DNS, )
+# parameter: none
+function _getStatus() {
+    if _login; then
+        if _sendRequest "api/monitoring/status"; then
+            if [ ! -z "$1" ]; then _valueFromResponse "$1"; fi
+        fi
+        return $?
+    fi
+    return 1
+}
+
+function _isConnected() {
+    local conn
+    conn=$(_getStatus "connectionstatus")
+    status="NO"
+    if [ ! -z "$conn" ] && [ $conn -eq 901 ]; then
+        status="YES"
+        return 0
+    fi
+    return 1
+}
+
+# get device information (device name, imei, imsi, msisdn-phone number, MAC, WAN IP ...)
+# parameter: name of parameter to return
+function _getDeviceInformation() {
+    if _login; then 
+        if _sendRequest "api/device/information"; then
+            if [ ! -z "$1" ]; then _valueFromResponse "$1"; fi
+        fi
+        return $?
+    fi
+    return 1
+}
+
+# get net provider information 
+# parameter: name of parameter to return 
+function _getNetProvider() {
+    if _login; then 
+        if _sendRequest "api/net/current-plmn"; then
+            if [ ! -z "$1" ]; then _valueFromResponse "$1"; fi
+        fi
+        return $?
+    fi
+    return 1
+}
+
+# get signal level
+# parameter: name of parameter to return
+function _getSignal() {
+    if _login; then
+        if _sendRequest "api/device/signal"; then
+            if [ ! -z "$1" ]; then _valueFromResponse "$1"; fi
+        fi
+        return $?
+    fi
+    return 1
+}
+
+function _getAllInformations() {
+    if _getDeviceInformation; then _keyValuePairs; fi
+    if _getSignal; then _keyValuePairs; fi
+    if _getNetProvider; then _keyValuePairs; fi
+}
+
+# get status of mobile data connection
+# parameter: none
+function _getMobileDataStatus() {
+    if _login; then
+        if _sendRequest "api/dialup/mobile-dataswitch"; then
+                status=$(_valueFromResponse "dataswitch")
+                if [ $? -eq 0  ] && [ ! -z "$status" ]; then echo "$status"; fi
+        fi
+        return $?
+    fi
+    return 1
+}
+
+
+# PIN of SIM can be passed either as $hilink_pin, or as parameter
+# parameter: PIN number of SIM card
+function _enableSIM() {
+#SimState:
+#255 - no SIM,
+#256 - error CPIN, 
+#257 - ready,
+#258 - PIN disabled,
+#259 - check PIN,
+#260 - PIN required,
+#261 - PUK required
+    local simstate
+    if [ ! -z "$1" ]; then hilink_pin="$1"; fi
+    if ! _login; then return 1; fi
+    if _sendRequest "api/pin/status"; then
+        simstate=$(echo $response | sed  -rn 's/.*<simstate>([0-9]*)<\/simstate>.*/\1/pi')
+        if [[ $simstate -eq 257  ]]; then status="SIM ready"; return 0; fi
+        if [[ $simstate -eq 260  ]]; then 
+            status="PIN required"
+            if [ ! -z "$hilink_pin" ]; then _setPIN "$hilink_pin"; fi
+        return $?
+    fi
+        if [[ $simstate -eq 255  ]]; then status="NO SIM"; return 1; fi
+    fi
+    return 1
+}
+
+# obtain session and verification token - stored in vars $hilink_sessID and $token 
+# parameter: none
+function _sessToken() {
+    hilink_tokenlist=""
+    hilink_token=""
+    hilink_sessID=""
+    response=$(curl -s http://$hilink_host/api/webserver/SesTokInfo -m 5 2> /dev/null)
+    if [ -z "$response" ]; then echo "No access to device at $hilink_host"; return 1; fi
+    status=$(echo "$response" | sed  -nr 's/.*<code>([0-9]*)<\/code>.*/\1/ip')
+    if [ -z "$status" ]; then
+        hilink_token=$(echo $response | sed  -r 's/.*<TokInfo>(.*)<\/TokInfo>.*/\1/')
+        hilink_sessID=$(echo $response | sed  -r 's/.*<SesInfo>(.*)<\/SesInfo>.*/\1/')
+        if [ ! -z "$hilink_sessID" ] &&  [ ! -z "$hilink_token" ]; then 
+            hilink_sessID="SessionID=$hilink_sessID"
+            return 0
+        fi
+    fi
+    return 1
+}
+
+# unlock device (if locked) with user name and password
+# requires stored hilink_user="admin"; hilink_password"1234secret";hilink_host=$hilink_host_default 
+# parameter: none
+function _login() {
+    local ret encpw pwtype pwtype3 hashedpw pwtype4 
+    if _loginState; then return 0; fi    # login not required, or already done
+    _sessToken
+    # get password type
+    if ! _sendRequest "api/user/state-login"; then return 1; fi
+    pwtype=$(echo "$response" | sed  -rn 's/.*<password_type>([0-9])<\/password_type>.*/\1/pi')
+    if [ -z "$pwtype" ];then pwtype=4; fi   # fallback is type 4
+    ret=1
+    if [[ ! -z "$hilink_user" ]] && [[ ! -z "$hilink_password" ]]; then
+        # password encoding
+        # type 3 : base64(pw) encoded
+        # type 4 : base64(sha256sum(user + base64(sha256sum(pw)) + token))
+        pwtype3=$(echo -n "$hilink_password" | base64 --wrap=0)
+        hashedpw=$(echo -n "$hilink_password" | sha256sum -b | sed -nr 's/^([0-9a-z]*).*$/\1/ip' )
+        hashedpw=$(echo -n "$hashedpw" | base64 --wrap=0)
+        pwtype4=$(echo -n "$hilink_user$hashedpw$hilink_token" | sha256sum -b | sed -nr 's/^([0-9a-z]*).*$/\1/ip' )
+        encpw=$(echo -n "$pwtype4" | base64 --wrap=0)
+        if [ $pwtype -ne 4 ]; then encpw=$pwtype3; fi
+        hilink_xmldata="<?xml version='1.0' encoding='UTF-8'?><request><Username>$hilink_user</Username><Password>$encpw</Password><password_type>$pwtype</password_type></request>"
+        hilink_xtraopts="--dump-header $hilink_header_file"
+        rm -f $hilink_header_file
+        _sendRequest "api/user/login"
+        if [ ! -z "$status" ] && [ "$status" = "OK" ]; then 
+            # store the list of 30 tokens. Each token is valid for a single request
+            hilink_tokenlist=( $(cat $hilink_header_file | sed -rn 's/^__RequestVerificationToken:\s*([0-9a-z#]*).*$/\1/pi' | sed 's/#/ /g') )
+            _getToken
+            hilink_sessID=$(cat $hilink_header_file  | grep -ioP 'SessionID=([a-z0-9]*)')
+            if [ ! -z "$hilink_sessID" ] &&  [ ! -z "$hilink_token" ]; then ret=0; fi
+        fi
+        rm -f $hilink_header_file
+    fi
+    return $ret
+}
+
+# logout of hilink device
+# parameter: none
+function _logout() {
+    if _loginState; then 
+        hilink_xmldata="<?xml version: '1.0' encoding='UTF-8'?><request><Logout>1</Logout></request>"
+        if _sendRequest "api/user/logout"; then 
+            hilink_tokenlist=""
+            hilink_sessID=""
+            hilink_token=""
+            hilink_login_enabled=""
+        fi
+        return $?
+    fi
+    return 1
+}
+
+# parameter: none
+function _loginState() {
+    local state
+    status="OK"
+    if [ -z "$hilink_login_enabled" ]; then _checkLoginEnabled; fi
+    if [ $hilink_login_enabled -eq 1 ]; then return 0; fi # login is disabled
+    _sendRequest "api/user/state-login"
+    state=`echo "$response" | sed  -rn 's/.*<state>(.*)<\/state>.*/\1/pi'`
+    if [ ! -z "$state" ] && [ $state -eq 0 ]; then       # already logged in
+        return 0
+    fi
+    return 1
+}
+
+function _checkLoginEnabled() {
+    local state
+    if _sendRequest "api/user/hilink_login"; then
+        hilink_login_enabled=0
+        state=$(echo $response | sed  -rn 's/.*<hilink_login>(.*)<\/hilink_login>.*/\1/pi')
+        if [ ! -z "$state" ] && [ $state -eq 0 ]; then       # no login enabled
+            hilink_login_enabled=1
+        fi
+    else
+        hilink_login_enabled=""
+    fi
+}
+
+# switch mobile data on/off  1/0
+# if SIM is locked, $hilink_pin has to be set
+# parameter: state - ON/OFF or 1/0
+function _switchMobileData() {
+    local mode
+    if [ -z "$1" ]; then return 1; fi
+    _login
+    mode="${1,,}"
+    [ "$mode" = "on" ] && mode=1
+    [ "$mode" = "off" ] && mode=0
+    if [[ $mode -ge 0 ]]; then
+        if _enableSIM "$hilink_pin"; then
+            hilink_xmldata="<?xml version: '1.0' encoding='UTF-8'?><request><dataswitch>$mode</dataswitch></request>"
+            _sendRequest "api/dialup/mobile-dataswitch"
+            return $?
+        fi
+    fi
+    return 1
+}
+
+# parameter: PIN of SIM card
+function _setPIN() {
+    local pin
+    if [ -z "$1" ]; then return 1; fi
+    pin="$1"
+    hilink_xmldata="<?xml version: '1.0' encoding='UTF-8'?><request><OperateType>0</OperateType><CurrentPin>$pin</CurrentPin><NewPin></NewPin><PukCode></PukCode></request>"
+    _sendRequest "api/pin/operate"
+    return $?
+}
+
+# Send request to host at http://$hilink_host/$apiurl
+# data in $hilink_xmldata and options in $hilink_xtraopts
+# parameter: apiurl (e.g. "api/user/login")
+function _sendRequest() {
+    local ret apiurl
+    status="ERROR"
+    if [ -z "$1" ]; then return 1; fi 
+    apiurl="$1"
+    ret=1
+    if [ -z "$hilink_sessID" ] || [ -z "$hilink_token" ]; then _sessToken; fi 
+    if [ -z "$hilink_xmldata" ];then
+        response=$(curl -s http://$hilink_host/$apiurl -m 10 \
+                     -H "Cookie: $hilink_sessID")
+    else 
+        response=$(curl -s -X POST http://$hilink_host/$apiurl -m 10 \
+                    -H "Content-Type: text/xml"  \
+                    -H "Cookie: $hilink_sessID" \
+                    -H "__RequestVerificationToken: $hilink_token" \
+                    -d "$hilink_xmldata" $hilink_xtraopts 2> /dev/null)
+        _getToken
+    fi
+    if [ ! -z "$response" ];then 
+        response=$(echo $response | tr -d '\012\015') # delete newline chars 
+        status=$(echo "$response" | sed  -nr 's/.*<code>([0-9]*)<\/code>.*/\1/ip') # check for error code
+        if [ -z "$status" ]; then
+            status="OK"
+            response=$(echo "$response" | sed  -nr 's/.*<response>(.*)<\/response>.*/\1/ip')
+            [ -z "$response" ] && response="none"
+            ret=0
+        else
+            status="ERROR $status"
+        fi
+    else
+        status="ERROR"
+    fi
+    if [[ "$status" =~ ERROR ]]; then _handleError; fi
+    hilink_xtraopts=""
+    hilink_xmldata=""
+    return $ret
+}
+
+# handle the list of tokens available after login
+# parameter: none
+function _getToken() {
+    if [ ! -z "$hilink_tokenlist" ] && [ ${#hilink_tokenlist[@]} -gt 0 ]; then
+        hilink_token