From 58c689d1693cdbb28b1ef0cb381b4a0ae1b200c3 Mon Sep 17 00:00:00 2001
From: FusionPBX <markjcrane@gmail.com>
Date: Sun, 3 Dec 2017 12:24:20 -0700
Subject: [PATCH] Update index.php

---
 app/provision/index.php | 24 ++++++++++++++++++------
 1 file changed, 18 insertions(+), 6 deletions(-)

diff --git a/app/provision/index.php b/app/provision/index.php
index a1dbfdd638..ad510029cb 100644
--- a/app/provision/index.php
+++ b/app/provision/index.php
@@ -67,6 +67,21 @@
 		}
 	}
 
+//send http error
+	function http_error($error) {
+		if ($error === "404") {
+			header("HTTP/1.0 404 Not Found");
+			echo "<html>\n";
+			echo "<head><title>404 Not Found</title></head>\n";
+			echo "<body bgcolor=\"white\">\n";
+			echo "<center><h1>404 Not Found</h1></center>\n";
+			echo "<hr><center>nginx/1.12.1</center>\n";
+			echo "</body>\n";
+			echo "</html>\n";
+		}
+		exit();
+	}
+
 //check alternate MAC source
 	if (empty($mac)){
 		//set the http user agent
@@ -253,8 +268,7 @@
 //check if provisioning has been enabled
 	if ($provision["enabled"] != "true") {
 		syslog(LOG_WARNING, '['.$_SERVER['REMOTE_ADDR']."] provision attempt but provisioning is not enabled for ".check_str($_REQUEST['mac']));
-		echo "access denied";
-		exit;
+		http_error('404');
 	}
 
 //send a request to a remote server to validate the MAC address and secret
@@ -262,8 +276,7 @@
 		$result = send_http_request($_SERVER['auth_server'], 'mac='.check_str($_REQUEST['mac']).'&secret='.check_str($_REQUEST['secret']));
 		if ($result == "false") {
 			syslog(LOG_WARNING, '['.$_SERVER['REMOTE_ADDR']."] provision attempt but the remote auth server said no for ".check_str($_REQUEST['mac']));
-			echo "access denied";
-			exit;
+			http_error('404');
 		}
 	}
 
@@ -286,8 +299,7 @@
 		}
 		if (!$found) {
 			syslog(LOG_WARNING, '['.$_SERVER['REMOTE_ADDR']."] provision attempt but failed CIDR check for ".check_str($_REQUEST['mac']));
-			echo "access denied";
-			exit;
+			http_error('404');
 		}
 	}