diff --git a/ajax/adblock/update_blocklist.php b/ajax/adblock/update_blocklist.php
index 796959f1..0084892d 100644
--- a/ajax/adblock/update_blocklist.php
+++ b/ajax/adblock/update_blocklist.php
@@ -2,6 +2,8 @@
 
 require '../../includes/csrf.php';
 require_once '../../includes/config.php';
+require_once '../../src/RaspAP/Auth/HTTPAuth.php';
+require_once '../../includes/authenticate.php';
 
 if (isset($_POST['blocklist_id'])) {
     $blocklist_id = escapeshellcmd($_POST['blocklist_id']);
@@ -50,4 +52,3 @@ if (isset($_POST['blocklist_id'])) {
     $jsonData = ['return'=>2,'output'=>['Error getting data']];
     echo json_encode($jsonData);
 }
-
diff --git a/ajax/bandwidth/get_bandwidth.php b/ajax/bandwidth/get_bandwidth.php
index 70e9b882..16e8b566 100644
--- a/ajax/bandwidth/get_bandwidth.php
+++ b/ajax/bandwidth/get_bandwidth.php
@@ -1,8 +1,9 @@
 <?php
 
 require '../../includes/csrf.php';
-
 require_once '../../includes/config.php';
+require_once '../../src/RaspAP/Auth/HTTPAuth.php';
+require_once '../../includes/authenticate.php';
 
 $interface = filter_input(INPUT_GET, 'inet', FILTER_SANITIZE_SPECIAL_CHARS);
 if (empty($interface)) {
@@ -13,8 +14,7 @@ if (empty($interface)) {
     } else {
         exit('No network interfaces found.');
     }
-} 
-
+}
 define('IFNAMSIZ', 16);
 if (strlen($interface) > IFNAMSIZ) {
     exit('Interface name too long.');
@@ -72,14 +72,12 @@ for ($i = count($jsonData) - 1; $i >= 0; --$i) {
     $datareceived = round($jsonData[$i]['rx'] / $dsu_factor, 0);
 
     if ($timeunits === 'm') {
-        echo '{ "date": "' , $dt->format('Y-m') , '", "rx": "' , $datareceived , 
+        echo '{ "date": "' , $dt->format('Y-m') , '", "rx": "' , $datareceived ,
         '", "tx": "' , $datasend , '" }';
     } else {
-        echo '{ "date": "' , $dt->format('Y-m-d') , '", "rx": "' , $datareceived , 
+        echo '{ "date": "' , $dt->format('Y-m-d') , '", "rx": "' , $datareceived ,
         '", "tx": "' , $datasend , '" }';
     }
 }
 
 echo ' ]';
-
-
diff --git a/ajax/bandwidth/get_bandwidth_hourly.php b/ajax/bandwidth/get_bandwidth_hourly.php
index 5e2f93f1..b0f9f3e6 100644
--- a/ajax/bandwidth/get_bandwidth_hourly.php
+++ b/ajax/bandwidth/get_bandwidth_hourly.php
@@ -1,6 +1,9 @@
-<?php 
+<?php
 
 require '../../includes/csrf.php';
+require_once '../../includes/config.php';
+require_once '../../src/RaspAP/Auth/HTTPAuth.php';
+require_once '../../includes/authenticate.php';
 
 if (filter_input(INPUT_GET, 'tu') == 'h') {
 
diff --git a/ajax/logging/clearlog.php b/ajax/logging/clearlog.php
index a5c67385..44273f94 100644
--- a/ajax/logging/clearlog.php
+++ b/ajax/logging/clearlog.php
@@ -2,12 +2,19 @@
 
 require '../../includes/csrf.php';
 require_once '../../includes/config.php';
+require_once '../../src/RaspAP/Auth/HTTPAuth.php';
+require_once '../../includes/authenticate.php';
 require_once '../../includes/functions.php';
 
 if (isset($_POST['logfile'])) {
-    $logfile = escapeshellcmd($_POST['logfile']);
+    $logfile = escapeshellarg($_POST['logfile']);
+    $valid = '/(\/var\/log|\/tmp)/';
 
-    // truncate requested log file
-    exec("sudo truncate -s 0 $logfile", $return);
+    if (preg_match($valid, $logfile)) {
+        // truncate requested log file
+        exec("sudo truncate -s 0 $logfile", $return);
+    } else {
+        $return = 1;
+    }
     echo json_encode($return);
 }
diff --git a/ajax/networking/do_sys_reset.php b/ajax/networking/do_sys_reset.php
index 05f36615..068c0d0a 100644
--- a/ajax/networking/do_sys_reset.php
+++ b/ajax/networking/do_sys_reset.php
@@ -1,6 +1,8 @@
 <?php
 
 require_once '../../includes/config.php';
+require_once '../../src/RaspAP/Auth/HTTPAuth.php';
+require_once '../../includes/authenticate.php';
 require_once '../../includes/session.php';
 require_once '../../includes/functions.php';
 
@@ -16,7 +18,7 @@ if (isset($_POST['csrf_token'])) {
         array("src" => $path .'/090_wlan0.conf', "tmp" => "/tmp/dnsmasqdata", "dest" => RASPI_DNSMASQ_PREFIX.'wlan0.conf'),
         array("src" => $path .'/090_raspap.conf', "tmp" => "/tmp/dnsmasqdata", "dest" => RASPI_DNSMASQ_PREFIX.'raspap.conf'),
     );
-    
+
     foreach ($configs as $config) {
         try {
             $tmp = file_get_contents($config["src"]);
@@ -32,4 +34,3 @@ if (isset($_POST['csrf_token'])) {
 } else {
     handleInvalidCSRFToken();
 }
-
diff --git a/ajax/networking/get_all_interfaces.php b/ajax/networking/get_all_interfaces.php
index b4e18572..0b304460 100644
--- a/ajax/networking/get_all_interfaces.php
+++ b/ajax/networking/get_all_interfaces.php
@@ -1,6 +1,9 @@
 <?php
 
 require '../../includes/csrf.php';
+require_once '../../includes/config.php';
+require_once '../../src/RaspAP/Auth/HTTPAuth.php';
+require_once '../../includes/authenticate.php';
 
 exec("ls /sys/class/net | grep -v lo", $interfaces);
 echo json_encode($interfaces);
diff --git a/ajax/networking/get_channel.php b/ajax/networking/get_channel.php
index 89d59ca2..c5e21fb5 100644
--- a/ajax/networking/get_channel.php
+++ b/ajax/networking/get_channel.php
@@ -2,6 +2,8 @@
 
 require '../../includes/csrf.php';
 require_once '../../includes/config.php';
+require_once '../../src/RaspAP/Auth/HTTPAuth.php';
+require_once '../../includes/authenticate.php';
 
 exec('cat '. RASPI_HOSTAPD_CONFIG, $hostapdconfig);
 $arrConfig = array();
diff --git a/ajax/networking/get_frequencies.php b/ajax/networking/get_frequencies.php
index 8926bfb1..e2ced448 100644
--- a/ajax/networking/get_frequencies.php
+++ b/ajax/networking/get_frequencies.php
@@ -1,7 +1,10 @@
 <?php
 
 require '../../includes/csrf.php';
-require '../../src/RaspAP/Parsers/IwParser.php';
+require_once '../../includes/config.php';
+require_once '../../src/RaspAP/Auth/HTTPAuth.php';
+require_once '../../src/RaspAP/Parsers/IwParser.php';
+require_once '../../includes/authenticate.php';
 
 if (isset($_POST['interface'])) {
 
@@ -11,4 +14,3 @@ if (isset($_POST['interface'])) {
 
     echo json_encode($supportedFrequencies);
 }
-
diff --git a/ajax/networking/get_ip_summary.php b/ajax/networking/get_ip_summary.php
index bee214de..545273f9 100644
--- a/ajax/networking/get_ip_summary.php
+++ b/ajax/networking/get_ip_summary.php
@@ -3,6 +3,9 @@
 require '../../includes/csrf.php';
 
 require_once '../../includes/functions.php';
+require_once '../../includes/config.php';
+require_once '../../src/RaspAP/Auth/HTTPAuth.php';
+require_once '../../includes/authenticate.php';
 
 if (isset($_POST['interface'])) {
     $int = preg_replace('/[^a-z0-9]/', '', $_POST['interface']);
diff --git a/ajax/networking/get_netcfg.php b/ajax/networking/get_netcfg.php
index 24ee228a..757a9c1e 100644
--- a/ajax/networking/get_netcfg.php
+++ b/ajax/networking/get_netcfg.php
@@ -2,8 +2,10 @@
 
 require '../../includes/csrf.php';
 require_once '../../includes/config.php';
+require_once '../../src/RaspAP/Auth/HTTPAuth.php';
+require_once '../../includes/authenticate.php';
 
-$interface = $_GET['iface'];
+$interface = $_POST['iface'];
 
 if (isset($interface)) {
     // fetch dnsmasq.conf settings for interface
diff --git a/ajax/networking/get_nl80211_band.php b/ajax/networking/get_nl80211_band.php
index 156413b0..103dee7d 100644
--- a/ajax/networking/get_nl80211_band.php
+++ b/ajax/networking/get_nl80211_band.php
@@ -2,12 +2,19 @@
 
 require '../../includes/csrf.php';
 require_once '../../includes/config.php';
+require_once '../../src/RaspAP/Auth/HTTPAuth.php';
+require_once '../../includes/authenticate.php';
 require_once '../../includes/locale.php';
 
 if (isset($_POST['interface'])) {
 
     define( 'NL80211_BAND_24GHZ', 0x1 );
     define( 'NL80211_BAND_5GHZ', 0x2 );
+
+    if(!preg_match('/^[a-zA-Z0-9]+$/', $_POST['interface'])) {
+      exit('Invalid interface name.');
+    }
+
     $iface = escapeshellcmd($_POST['interface']);
     $flags = 0;
 
@@ -17,7 +24,7 @@ if (isset($_POST['interface'])) {
 
     // get frequencies supported by device
     exec('iw '.$phy.' info | sed -rn "s/^.*\*\s([0-9]{4})\sMHz.*/\1/p"', $frequencies);
-    
+
     if (count(preg_grep('/^24[0-9]{2}/i', $frequencies)) >0) {
         $flags += NL80211_BAND_24GHZ;
     }
@@ -40,4 +47,3 @@ if (isset($_POST['interface'])) {
     }
     echo json_encode($msg);
 }
-
diff --git a/ajax/networking/get_wgcfg.php b/ajax/networking/get_wgcfg.php
index 6a9d771d..e10f9c01 100644
--- a/ajax/networking/get_wgcfg.php
+++ b/ajax/networking/get_wgcfg.php
@@ -2,8 +2,9 @@
 
 require '../../includes/csrf.php';
 require_once '../../includes/config.php';
+require_once '../../src/RaspAP/Auth/HTTPAuth.php';
+require_once '../../includes/authenticate.php';
 
 // fetch wg client.conf
 exec('sudo cat '. RASPI_WIREGUARD_PATH.'client.conf', $return);
 echo implode(PHP_EOL,$return);
-
diff --git a/ajax/networking/get_wgkey.php b/ajax/networking/get_wgkey.php
index ba5d8335..9e3ae791 100644
--- a/ajax/networking/get_wgkey.php
+++ b/ajax/networking/get_wgkey.php
@@ -2,17 +2,19 @@
 
 require '../../includes/csrf.php';
 require_once '../../includes/config.php';
+require_once '../../src/RaspAP/Auth/HTTPAuth.php';
+require_once '../../includes/authenticate.php';
 
 $entity = escapeshellcmd($_POST['entity']);
 
 if (isset($entity)) {
-   
+
     // generate public/private key pairs for entity
     $pubkey = RASPI_WIREGUARD_PATH.$entity.'-public.key';
     $privkey = RASPI_WIREGUARD_PATH.$entity.'-private.key';
     $pubkey_tmp = '/tmp/'.$entity.'-public.key';
     $privkey_tmp = '/tmp/'.$entity.'-private.key';
-     
+
     exec("sudo wg genkey | tee $privkey_tmp | wg pubkey > $pubkey_tmp", $return);
     $wgdata['pubkey'] = str_replace("\n",'',file_get_contents($pubkey_tmp));
     exec("sudo mv $privkey_tmp $privkey", $return);
diff --git a/ajax/networking/wifi_stations.php b/ajax/networking/wifi_stations.php
index ecc9c098..5b9fc0cb 100644
--- a/ajax/networking/wifi_stations.php
+++ b/ajax/networking/wifi_stations.php
@@ -2,6 +2,8 @@
 
 require '../../includes/csrf.php';
 require_once '../../includes/config.php';
+require_once '../../src/RaspAP/Auth/HTTPAuth.php';
+require_once '../../includes/authenticate.php';
 require_once '../../includes/defaults.php';
 require_once '../../includes/functions.php';
 require_once '../../includes/wifi_functions.php';
@@ -14,7 +16,7 @@ knownWifiStations($networks);
 nearbyWifiStations($networks, !isset($_REQUEST["refresh"]));
 connectedWifiStations($networks);
 sortNetworksByRSSI($networks);
-foreach ($networks as $ssid => $network) $networks[$ssid]["ssidutf8"] = ssid2utf8( $ssid ); 
+foreach ($networks as $ssid => $network) $networks[$ssid]["ssidutf8"] = ssid2utf8( $ssid );
 
 $connected = array_filter($networks, function($n) { return $n['connected']; } );
 $known     = array_filter($networks, function($n) { return !$n['connected'] && $n['configured']; } );
diff --git a/ajax/openvpn/activate_ovpncfg.php b/ajax/openvpn/activate_ovpncfg.php
index 06cff8b9..ac0a33cf 100644
--- a/ajax/openvpn/activate_ovpncfg.php
+++ b/ajax/openvpn/activate_ovpncfg.php
@@ -2,6 +2,8 @@
 
 require '../../includes/csrf.php';
 require_once '../../includes/config.php';
+require_once '../../src/RaspAP/Auth/HTTPAuth.php';
+require_once '../../includes/authenticate.php';
 require_once '../../includes/functions.php';
 
 if (isset($_POST['cfg_id'])) {
@@ -24,4 +26,3 @@ if (isset($_POST['cfg_id'])) {
 
     echo json_encode($return);
 }
-
diff --git a/ajax/openvpn/del_ovpncfg.php b/ajax/openvpn/del_ovpncfg.php
index 26e0a6c0..23bf9799 100644
--- a/ajax/openvpn/del_ovpncfg.php
+++ b/ajax/openvpn/del_ovpncfg.php
@@ -2,6 +2,8 @@
 
 require '../../includes/csrf.php';
 require_once '../../includes/config.php';
+require_once '../../src/RaspAP/Auth/HTTPAuth.php';
+require_once '../../includes/authenticate.php';
 require_once '../../includes/functions.php';
 
 if (isset($_POST['cfg_id'])) {
@@ -11,4 +13,3 @@ if (isset($_POST['cfg_id'])) {
     $jsonData = ['return'=>$return];
     echo json_encode($jsonData);
 }
-
diff --git a/ajax/system/sys_actions.php b/ajax/system/sys_actions.php
index ec7aef16..b5b09d10 100644
--- a/ajax/system/sys_actions.php
+++ b/ajax/system/sys_actions.php
@@ -1,6 +1,9 @@
 <?php
 
 require '../../includes/csrf.php';
+require_once '../../includes/config.php';
+require_once '../../src/RaspAP/Auth/HTTPAuth.php';
+require_once '../../includes/authenticate.php';
 
 $action = escapeshellcmd($_POST['a']);
 
@@ -18,4 +21,3 @@ if (isset($action)) {
     }
     echo json_encode($response);
 }
-
diff --git a/ajax/system/sys_debug.php b/ajax/system/sys_debug.php
index bb1fed31..43c3bed6 100644
--- a/ajax/system/sys_debug.php
+++ b/ajax/system/sys_debug.php
@@ -2,6 +2,8 @@
 
 require '../../includes/csrf.php';
 require_once '../../includes/config.php';
+require_once '../../src/RaspAP/Auth/HTTPAuth.php';
+require_once '../../includes/authenticate.php';
 
 if (isset($_POST['csrf_token'])) {
     if (csrfValidateRequest() && !CSRFValidate()) {
@@ -20,4 +22,3 @@ if (isset($_POST['csrf_token'])) {
 } else {
     handleInvalidCSRFToken();
 }
-
diff --git a/ajax/system/sys_get_logfile.php b/ajax/system/sys_get_logfile.php
index 7652092e..34de0f4c 100644
--- a/ajax/system/sys_get_logfile.php
+++ b/ajax/system/sys_get_logfile.php
@@ -1,7 +1,9 @@
-<?php 
+<?php
 
 require '../../includes/csrf.php';
 require_once '../../includes/config.php';
+require_once '../../src/RaspAP/Auth/HTTPAuth.php';
+require_once '../../includes/authenticate.php';
 
 $tempDir = sys_get_temp_dir();
 $filePath = $tempDir . DIRECTORY_SEPARATOR . RASPI_DEBUG_LOG;
@@ -19,4 +21,3 @@ if (isset($filePath)) {
     header('Location: '.'/system_info');
     exit();
 }
-
diff --git a/ajax/system/sys_perform_update.php b/ajax/system/sys_perform_update.php
index 5008bbd1..74699360 100644
--- a/ajax/system/sys_perform_update.php
+++ b/ajax/system/sys_perform_update.php
@@ -1,6 +1,9 @@
 <?php
 
 require '../../includes/csrf.php';
+require_once '../../includes/config.php';
+require_once '../../src/RaspAP/Auth/HTTPAuth.php';
+require_once '../../includes/authenticate.php';
 
 if (isset($_POST['csrf_token'])) {
     if (csrfValidateRequest() && !CSRFValidate()) {
@@ -18,4 +21,3 @@ if (isset($_POST['csrf_token'])) {
 } else {
     handleInvalidCSRFToken();
 }
-
diff --git a/ajax/system/sys_read_logfile.php b/ajax/system/sys_read_logfile.php
index 946a68cc..39fc8d83 100644
--- a/ajax/system/sys_read_logfile.php
+++ b/ajax/system/sys_read_logfile.php
@@ -1,5 +1,9 @@
 <?php
 
+require_once '../../includes/config.php';
+require_once '../../src/RaspAP/Auth/HTTPAuth.php';
+require_once '../../includes/authenticate.php';
+
 $logFile = '/tmp/raspap_install.log';
 $searchStrings = [
     'Configure update' => 1,
@@ -40,4 +44,3 @@ if (file_exists($logFile)) {
 } else {
     echo json_encode("File does not exist: $logFile");
 }
-
diff --git a/app/js/custom.js b/app/js/custom.js
index febf7609..9dfc98f7 100644
--- a/app/js/custom.js
+++ b/app/js/custom.js
@@ -216,7 +216,8 @@ Option toggles are set dynamically depending on the loaded configuration
 */
 function loadInterfaceDHCPSelect() {
     var strInterface = $('#cbxdhcpiface').val();
-    $.get('ajax/networking/get_netcfg.php?iface='+strInterface,function(data){
+    var csrfToken = $('meta[name=csrf_token]').attr('content');
+    $.post('ajax/networking/get_netcfg.php', {'iface' : strInterface, 'csrf_token': csrfToken}, function(data){
         jsonData = JSON.parse(data);
         $('#dhcp-iface')[0].checked = jsonData.DHCPEnabled;
         $('#txtipaddress').val(jsonData.StaticIP);