Track quota usage and allow upgrading quotas

2019-12-14 20:59:04 +01:00
parent fee1c135c2
commit 0e0fb54eae
11 changed files with 300 additions and 40 deletions
--- a/var/www/html/coinpayments_ipn.php
+++ b/var/www/html/coinpayments_ipn.php
@@ -0,0 +1,44 @@
+<?php
+require('../common.php');
+
+if(empty($_SERVER['HTTP_HMAC'])){
+	die("No HMAC signature sent");
+}
+
+$merchant = $_POST['merchant'] ?? '';
+if(empty($merchant)){
+	die("No Merchant ID passed");
+}
+
+if($merchant !== COINPAYMENTS_MERCHANT_ID){
+	die("Invalid Merchant ID");
+}
+
+$request = file_get_contents('php://input');
+if(empty($request)){
+	die("Error reading POST data");
+}
+
+$hmac = hash_hmac("sha512", $request, COINPAYMENTS_IPN_SECRET);
+if($hmac !== $_SERVER['HTTP_HMAC']){
+	die("HMAC signature does not match");
+}
+
+$db = get_db_instance();
+$status = 0;
+if($_POST['status'] < 0){
+	$status = -1;
+}elseif($_POST['status'] > 0 && $_POST['status'] < 100){
+	$status = 1;
+}elseif($_POST['status'] >= 100){
+	$status = 2;
+}
+$stmt = $db->prepare('SELECT status FROM payments WHERE txn_id = ?;');
+$stmt->execute([$_POST['txn_id']]);
+if($tmp = $stmt->fetch(PDO::FETCH_ASSOC)){
+	if($status != $tmp['status']){
+		$stmt = $db->prepare('UPDATE payments SET status = ? WHERE txn_id = ?;');
+		$stmt->execute([$status, $_POST['txn_id']]);
+		payment_status_update($_POST['txn_id']);
+	}
+}
--- a/var/www/html/home.php
+++ b/var/www/html/home.php
@@ -3,6 +3,7 @@ include('../common.php');
 $db = get_db_instance();
 session_start();
 $user=check_login();
+header('Content-Type: text/html; charset=UTF-8');
 if(isset($_POST['action']) && $_POST['action']==='add_db'){
 	if($error=check_csrf_error()){
 		die($error);
@@ -186,17 +187,18 @@ if(isset($_REQUEST['action']) && isset($_POST['domain']) && $_POST['action']==='
 		enqueue_instance_reload();
 	}
 }
-
-header('Content-Type: text/html; charset=UTF-8');
-echo '<!DOCTYPE html><html><head>';
-echo '<title>Daniel\'s Hosting - Dashboard</title>';
-echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8">';
-echo '<meta name="author" content="Daniel Winzen">';
-echo '<meta name="viewport" content="width=device-width, initial-scale=1">';
-echo '<link rel="canonical" href="' . CANONICAL_URL . $_SERVER['SCRIPT_NAME'] . '">';
-echo '<style type="text/css">#custom_onion:not(checked)+#private_key{display:none;}#custom_onion:checked+#private_key{display:block;}</style>';
-echo '</head><body>';
-echo "<p>Logged in as $user[username] <a href=\"logout.php\">Logout</a> | <a href=\"password.php\">Change passwords</a> | <a target=\"_blank\" href=\"files.php\">FileManager</a> | <a href=\"delete.php\">Delete account</a></p>";
+?>
+<!DOCTYPE html><html><head>
+<title>Daniel's Hosting - Dashboard</title>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<meta name="author" content="Daniel Winzen">
+<meta name="viewport" content="width=device-width, initial-scale=1">
+<link rel="canonical" href="<?php echo CANONICAL_URL . $_SERVER['SCRIPT_NAME']; ?>">
+<style type="text/css">#custom_onion:not(checked)+#private_key{display:none;}#custom_onion:checked+#private_key{display:block;}</style>
+<style>td{padding:5px}meter{width:200px}</style>
+</head><body>
+<p>Logged in as <?php echo htmlspecialchars($user['username']); ?> <a href="logout.php">Logout</a> | <a href="password.php">Change passwords</a> | <a target="_blank" href="files.php">FileManager</a> | <a href="delete.php">Delete account</a></p>
+<?php
 if(!empty($msg)){
 	echo $msg;
 }
@@ -300,21 +302,31 @@ echo '</table>';
 if($count_dbs<MAX_NUM_USER_DBS){
 	echo '<p><form action="home.php" method="post"><input type="hidden" name="csrf_token" value="'.$_SESSION['csrf_token'].'"><button type="submit" name="action" value="add_db">Add new database</button></form></p>';
 }
-echo '<p><a href="password.php?type=sql">Change MySQL password</a></p>';
-echo '<p>You can use <a href="/phpmyadmin/" target="_blank">PHPMyAdmin</a> and <a href="/adminer/?username='.htmlspecialchars($user['mysql_user']).'" target="_blank">Adminer</a> for web based database administration.</p>';
-echo '<h3>System Account</h3>';
-echo '<table border="1">';
-echo '<tr><th>Username</th><th>Host</th><th>FTP Port</th><th>SFTP Port</th><th>POP3 Port</th><th>IMAP Port</th><th>SMTP port</th></tr>';
+?>
+<p><a href="password.php?type=sql">Change MySQL password</a></p>
+<p>You can use <a href="/phpmyadmin/" target="_blank">PHPMyAdmin</a> and <a href="/adminer/?username=<?php echo rawurlencode($user['mysql_user']); ?>" target="_blank">Adminer</a> for web based database administration.</p>
+<h3>System Account</h3>
+<table border="1">
+<tr><th>Username</th><th>Host</th><th>FTP Port</th><th>SFTP Port</th><th>POP3 Port</th><th>IMAP Port</th><th>SMTP port</th></tr>
+<?php
 foreach(SERVERS as $server=>$tmp){
 	echo "<tr><td>$user[system_account]</td><td>$server</td><td>$tmp[ftp]</td><td>$tmp[sftp]</td><td>$tmp[pop3]</td><td>$tmp[imap]</td><td>$tmp[smtp]</td></tr>";
 }
-echo '</table>';
-echo '<p><a href="password.php?type=sys">Change system account password</a></p>';
-echo '<p>You can use the <a target="_blank" href="files.php">FileManager</a> for web based file management.</p>';
-echo '<h3>Logs</h3>';
-echo '<table border="1">';
-echo '<tr><th>Date</th><th>access.log</th><th>error.log</th></tr>';
-echo '<tr><td>Today</td><td><a href="log.php?type=access&amp;old=0" target="_blank">access.log</log></td><td><a href="log.php?type=error&amp;old=0" target="_blank">error.log</a></td></tr>';
-echo '<tr><td>Yesterday</td><td><a href="log.php?type=access&amp;old=1" target="_blank">access.log</log></td><td><a href="log.php?type=error&amp;old=1" target="_blank">error.log</a></td></tr>';
-echo '</table>';
-echo '</body></html>';
+?>
+</table>
+<p><a href="password.php?type=sys">Change system account password</a></p>
+<p>You can use the <a target="_blank" href="files.php">FileManager</a> for web based file management.</p>
+<?php
+$stmt = $db->prepare('SELECT quota_size, quota_size_used FROM disk_quota WHERE user_id = ?;');
+$stmt->execute([$user['id']]);
+$quota = $stmt->fetch(PDO::FETCH_ASSOC);
+$quota_usage = $quota['quota_size_used'] / $quota['quota_size'];
+?>
+<p>Your disk usage: <meter value="<?php echo round($quota_usage, 2); ?>"><?php echo round($quota_usage * 100); ?>%</meter> - <?php echo round($quota_usage * 100, 2); ?>% (updated hourly) <a href="upgrade.php">Upgrade</a></p>
+<h3>Logs</h3>
+<table border="1">
+<tr><th>Date</th><th>access.log</th><th>error.log</th></tr>
+<tr><td>Today</td><td><a href="log.php?type=access&amp;old=0" target="_blank">access.log</log></td><td><a href="log.php?type=error&amp;old=0" target="_blank">error.log</a></td></tr>
+<tr><td>Yesterday</td><td><a href="log.php?type=access&amp;old=1" target="_blank">access.log</log></td><td><a href="log.php?type=error&amp;old=1" target="_blank">error.log</a></td></tr>
+</table>
+</body></html>
--- a/var/www/html/index.php
+++ b/var/www/html/index.php
@@ -22,9 +22,9 @@ header('X-Accel-Expires: 60');
 <li>MariaDB (MySQL) database support</li>
 <li><a href="/phpmyadmin/" target="_blank">PHPMyAdmin</a> and <a href="/adminer/" target="_blank">Adminer</a> for web based database administration</li>
 <li>Web-based file manager</li>
-<li>FTP access</li>
-<li>SFTP access</li>
-<li>10GB disk quota and a maximum of 100.000 files. If you need more, just <a href="https://danwin1210.me/contact.php">contact me</a></li>
+<li>FTP and SFTP access</li>
+<li>command line access to shell via SSH</li>
+<li>1GB disk quota and a maximum of 100.000 files. - upgradable</li>
 <li>mail() can send e-mails from your.onion@<?php echo ADDRESS; ?> (your.onion@hosting.danwin1210.me for clearnet) - not yet working but will return in future, use <a href="https://github.com/PHPMailer/PHPMailer" target="_blank">https://github.com/PHPMailer/PHPMailer</a> or similar for now</li>
 <li>Webmail and IMAP, POP3 and SMTP access to your mail account</li>
 <li>Mail sent to anything@your.onion gets automatically redirected to your inbox</li>
--- a/var/www/html/login.php
+++ b/var/www/html/login.php
@@ -73,7 +73,8 @@ if(isset($_POST['username'])){
 echo '" required autofocus></td></tr>';
 echo '<tr><td>Password</td><td><input type="password" name="pass" required></td></tr>';
 send_captcha();
-echo '<tr><td colspan="2"><input type="submit" value="Login"></td></tr>';
-echo '</table></form>';
-echo '<p>If you disabled cookies, please re-enable them. You can\'t log in without!</p>';
-echo '</body></html>';
+?>
+<tr><td colspan="2"><input type="submit" value="Login"></td></tr>
+</table></form>
+<p>If you disabled cookies, please re-enable them. You can't log in without!</p>
+</body></html>
--- a/var/www/html/robots.txt
+++ b/var/www/html/robots.txt
@@ -0,0 +1,3 @@
+User-agent: *
+Allow: /
+
--- a/var/www/html/upgrade.php
+++ b/var/www/html/upgrade.php
@@ -0,0 +1,70 @@
+<?php
+require('../common.php');
+session_start();
+$user=check_login();
+use chillerlan\QRCode\QRCode;
+use chillerlan\QRCode\QROptions;
+header('Content-Type: text/html; charset=UTF-8');
+?>
+<!DOCTYPE html><html><head>
+<title>Daniel's Hosting - Upgrade account</title>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<meta name="author" content="Daniel Winzen">
+<meta name="viewport" content="width=device-width, initial-scale=1">
+<link rel="canonical" href="<?php echo CANONICAL_URL . $_SERVER['SCRIPT_NAME']; ?>">
+<style>td{padding:5px;}</style>
+</head><body>
+<h1>Hosting - Upgrade account</h1>
+<?php
+$rates = coinpayments_get_rates();
+if($rates === false){
+	echo '<p>An error occured talking to coinpayments</p>';
+}else{
+?>
+	<form action="upgrade.php" method="post">
+	<table border="1">
+	<tr><td>Desired upgrade</td><td>
+	<select name="upgrade">
+	<?php
+	foreach(ACCOUNT_UPGRADES as $name => $upgrade){
+		echo '<option value="'.htmlspecialchars($name).'">'.htmlspecialchars($upgrade['name']).' ($'.$upgrade['usd_price'].')</option>';
+	}
+	?>
+	</td></tr>
+	<tr><td>Desired payment currency</td><td>
+	<select name="currency">
+	<?php
+	$i=0;
+	foreach($rates as $symbol => $rate){
+		if($rate['accepted']===1 && in_array('payments', $rate['capabilities'])){
+			echo '<option value="'.htmlspecialchars($symbol).'">'.htmlspecialchars($rate['name']).' ('.htmlspecialchars($symbol).')</option>';
+		}
+	}
+	?>
+	</select></td></tr>
+	<tr><td colspan="2" style="text-align:center;"><button type="submit">Pay now</button></td></tr>
+	</table>
+	</form>
+<?php
+}
+if(isset($_POST['currency']) && isset($_POST['upgrade'])){
+	if(!isset(ACCOUNT_UPGRADES[$_POST['upgrade']])){
+		echo "<p>Sorry, looks like you didn't select a valid upgrade.</p>";
+	}elseif(!isset($rates[$_POST['currency']]) || $rates[$_POST['currency']]['accepted'] !== 1 || !in_array('payments', $rates[$_POST['currency']]['capabilities'])){
+		echo "<p>Sorry, looks like you didn't select a valid payment currency.</p>";
+	}else{
+		$db = get_db_instance();
+		$transaction = coinpayments_create_transaction($_POST['currency'], ACCOUNT_UPGRADES[$_POST['upgrade']]['usd_price'], $_POST['upgrade'], $user['id']);
+		if($transaction === false){
+			echo "<p>An error occured creating the transaction, please try again</p>";
+		}else{
+			echo "<p>Please pay $transaction[amount] $_POST[currency] to $transaction[address]</p>";
+			echo '<img src="'.(new QRCode(new QROptions(['outputType' => QRCode::OUTPUT_IMAGE_PNG, 'eccLevel' => QRCode::ECC_H])))->render($transaction['address']).'" alt="QR Code">';
+			echo '<p>Once paid, it can take a while until the upgrade is applied to your account. Usually within an hour.</p>';
+		}
+	}
+}
+?>
+<p><a href="home.php">Go back to dashboard.</a></p>
+</body>
+</html>