diff --git a/etc/postfix/sql/alias.cf b/etc/postfix/sql/alias.cf index bd3efaf..fc865b4 100644 --- a/etc/postfix/sql/alias.cf +++ b/etc/postfix/sql/alias.cf @@ -2,4 +2,4 @@ user = hosting password = MY_PASSWORD hosts = localhost dbname = hosting -query = SELECT '%d@dhosting4okcs22v.onion' FROM users WHERE '%d' = CONCAT(onion, '.onion') +query = SELECT '%d@dhosting4okcs22v.onion' FROM users WHERE '%d' = system_account diff --git a/etc/tor/instances/2/torrc b/etc/tor/instances/2/torrc deleted file mode 100644 index 5a8bfd8..0000000 --- a/etc/tor/instances/2/torrc +++ /dev/null @@ -1,7 +0,0 @@ -ClientUseIPv6 1 -ClientUseIPv4 1 -SOCKSPort 0 -MaxClientCircuitsPending 1024 -NumEntryGuards 6 -NumDirectoryGuards 6 -NumPrimaryGuards 6 diff --git a/etc/tor/instances/3/torrc b/etc/tor/instances/3/torrc deleted file mode 100644 index 5a8bfd8..0000000 --- a/etc/tor/instances/3/torrc +++ /dev/null @@ -1,7 +0,0 @@ -ClientUseIPv6 1 -ClientUseIPv4 1 -SOCKSPort 0 -MaxClientCircuitsPending 1024 -NumEntryGuards 6 -NumDirectoryGuards 6 -NumPrimaryGuards 6 diff --git a/etc/tor/instances/4/torrc b/etc/tor/instances/4/torrc deleted file mode 100644 index 5a8bfd8..0000000 --- a/etc/tor/instances/4/torrc +++ /dev/null @@ -1,7 +0,0 @@ -ClientUseIPv6 1 -ClientUseIPv4 1 -SOCKSPort 0 -MaxClientCircuitsPending 1024 -NumEntryGuards 6 -NumDirectoryGuards 6 -NumPrimaryGuards 6 diff --git a/etc/tor/instances/5/torrc b/etc/tor/instances/5/torrc deleted file mode 100644 index 5a8bfd8..0000000 --- a/etc/tor/instances/5/torrc +++ /dev/null @@ -1,7 +0,0 @@ -ClientUseIPv6 1 -ClientUseIPv4 1 -SOCKSPort 0 -MaxClientCircuitsPending 1024 -NumEntryGuards 6 -NumDirectoryGuards 6 -NumPrimaryGuards 6 diff --git a/etc/tor/instances/6/torrc b/etc/tor/instances/6/torrc deleted file mode 100644 index 5a8bfd8..0000000 --- a/etc/tor/instances/6/torrc +++ /dev/null @@ -1,7 +0,0 @@ -ClientUseIPv6 1 -ClientUseIPv4 1 -SOCKSPort 0 -MaxClientCircuitsPending 1024 -NumEntryGuards 6 -NumDirectoryGuards 6 -NumPrimaryGuards 6 diff --git a/etc/tor/instances/7/torrc b/etc/tor/instances/7/torrc deleted file mode 100644 index 5a8bfd8..0000000 --- a/etc/tor/instances/7/torrc +++ /dev/null @@ -1,7 +0,0 @@ -ClientUseIPv6 1 -ClientUseIPv4 1 -SOCKSPort 0 -MaxClientCircuitsPending 1024 -NumEntryGuards 6 -NumDirectoryGuards 6 -NumPrimaryGuards 6 diff --git a/etc/tor/instances/a/torrc b/etc/tor/instances/a/torrc deleted file mode 100644 index 5a8bfd8..0000000 --- a/etc/tor/instances/a/torrc +++ /dev/null @@ -1,7 +0,0 @@ -ClientUseIPv6 1 -ClientUseIPv4 1 -SOCKSPort 0 -MaxClientCircuitsPending 1024 -NumEntryGuards 6 -NumDirectoryGuards 6 -NumPrimaryGuards 6 diff --git a/etc/tor/instances/b/torrc b/etc/tor/instances/b/torrc deleted file mode 100644 index 5a8bfd8..0000000 --- a/etc/tor/instances/b/torrc +++ /dev/null @@ -1,7 +0,0 @@ -ClientUseIPv6 1 -ClientUseIPv4 1 -SOCKSPort 0 -MaxClientCircuitsPending 1024 -NumEntryGuards 6 -NumDirectoryGuards 6 -NumPrimaryGuards 6 diff --git a/etc/tor/instances/c/torrc b/etc/tor/instances/c/torrc deleted file mode 100644 index 5a8bfd8..0000000 --- a/etc/tor/instances/c/torrc +++ /dev/null @@ -1,7 +0,0 @@ -ClientUseIPv6 1 -ClientUseIPv4 1 -SOCKSPort 0 -MaxClientCircuitsPending 1024 -NumEntryGuards 6 -NumDirectoryGuards 6 -NumPrimaryGuards 6 diff --git a/etc/tor/instances/d/torrc b/etc/tor/instances/d/torrc deleted file mode 100644 index 5a8bfd8..0000000 --- a/etc/tor/instances/d/torrc +++ /dev/null @@ -1,7 +0,0 @@ -ClientUseIPv6 1 -ClientUseIPv4 1 -SOCKSPort 0 -MaxClientCircuitsPending 1024 -NumEntryGuards 6 -NumDirectoryGuards 6 -NumPrimaryGuards 6 diff --git a/etc/tor/instances/e/torrc b/etc/tor/instances/e/torrc deleted file mode 100644 index 5a8bfd8..0000000 --- a/etc/tor/instances/e/torrc +++ /dev/null @@ -1,7 +0,0 @@ -ClientUseIPv6 1 -ClientUseIPv4 1 -SOCKSPort 0 -MaxClientCircuitsPending 1024 -NumEntryGuards 6 -NumDirectoryGuards 6 -NumPrimaryGuards 6 diff --git a/etc/tor/instances/f/torrc b/etc/tor/instances/f/torrc deleted file mode 100644 index 5a8bfd8..0000000 --- a/etc/tor/instances/f/torrc +++ /dev/null @@ -1,7 +0,0 @@ -ClientUseIPv6 1 -ClientUseIPv4 1 -SOCKSPort 0 -MaxClientCircuitsPending 1024 -NumEntryGuards 6 -NumDirectoryGuards 6 -NumPrimaryGuards 6 diff --git a/etc/tor/instances/g/torrc b/etc/tor/instances/g/torrc deleted file mode 100644 index 5a8bfd8..0000000 --- a/etc/tor/instances/g/torrc +++ /dev/null @@ -1,7 +0,0 @@ -ClientUseIPv6 1 -ClientUseIPv4 1 -SOCKSPort 0 -MaxClientCircuitsPending 1024 -NumEntryGuards 6 -NumDirectoryGuards 6 -NumPrimaryGuards 6 diff --git a/etc/tor/instances/h/torrc b/etc/tor/instances/h/torrc deleted file mode 100644 index 5a8bfd8..0000000 --- a/etc/tor/instances/h/torrc +++ /dev/null @@ -1,7 +0,0 @@ -ClientUseIPv6 1 -ClientUseIPv4 1 -SOCKSPort 0 -MaxClientCircuitsPending 1024 -NumEntryGuards 6 -NumDirectoryGuards 6 -NumPrimaryGuards 6 diff --git a/etc/tor/instances/i/torrc b/etc/tor/instances/i/torrc deleted file mode 100644 index 5a8bfd8..0000000 --- a/etc/tor/instances/i/torrc +++ /dev/null @@ -1,7 +0,0 @@ -ClientUseIPv6 1 -ClientUseIPv4 1 -SOCKSPort 0 -MaxClientCircuitsPending 1024 -NumEntryGuards 6 -NumDirectoryGuards 6 -NumPrimaryGuards 6 diff --git a/etc/tor/instances/j/torrc b/etc/tor/instances/j/torrc deleted file mode 100644 index 5a8bfd8..0000000 --- a/etc/tor/instances/j/torrc +++ /dev/null @@ -1,7 +0,0 @@ -ClientUseIPv6 1 -ClientUseIPv4 1 -SOCKSPort 0 -MaxClientCircuitsPending 1024 -NumEntryGuards 6 -NumDirectoryGuards 6 -NumPrimaryGuards 6 diff --git a/etc/tor/instances/k/torrc b/etc/tor/instances/k/torrc deleted file mode 100644 index 5a8bfd8..0000000 --- a/etc/tor/instances/k/torrc +++ /dev/null @@ -1,7 +0,0 @@ -ClientUseIPv6 1 -ClientUseIPv4 1 -SOCKSPort 0 -MaxClientCircuitsPending 1024 -NumEntryGuards 6 -NumDirectoryGuards 6 -NumPrimaryGuards 6 diff --git a/etc/tor/instances/l/torrc b/etc/tor/instances/l/torrc deleted file mode 100644 index 5a8bfd8..0000000 --- a/etc/tor/instances/l/torrc +++ /dev/null @@ -1,7 +0,0 @@ -ClientUseIPv6 1 -ClientUseIPv4 1 -SOCKSPort 0 -MaxClientCircuitsPending 1024 -NumEntryGuards 6 -NumDirectoryGuards 6 -NumPrimaryGuards 6 diff --git a/etc/tor/instances/m/torrc b/etc/tor/instances/m/torrc deleted file mode 100644 index 5a8bfd8..0000000 --- a/etc/tor/instances/m/torrc +++ /dev/null @@ -1,7 +0,0 @@ -ClientUseIPv6 1 -ClientUseIPv4 1 -SOCKSPort 0 -MaxClientCircuitsPending 1024 -NumEntryGuards 6 -NumDirectoryGuards 6 -NumPrimaryGuards 6 diff --git a/etc/tor/instances/n/torrc b/etc/tor/instances/n/torrc deleted file mode 100644 index 5a8bfd8..0000000 --- a/etc/tor/instances/n/torrc +++ /dev/null @@ -1,7 +0,0 @@ -ClientUseIPv6 1 -ClientUseIPv4 1 -SOCKSPort 0 -MaxClientCircuitsPending 1024 -NumEntryGuards 6 -NumDirectoryGuards 6 -NumPrimaryGuards 6 diff --git a/etc/tor/instances/o/torrc b/etc/tor/instances/o/torrc deleted file mode 100644 index 5a8bfd8..0000000 --- a/etc/tor/instances/o/torrc +++ /dev/null @@ -1,7 +0,0 @@ -ClientUseIPv6 1 -ClientUseIPv4 1 -SOCKSPort 0 -MaxClientCircuitsPending 1024 -NumEntryGuards 6 -NumDirectoryGuards 6 -NumPrimaryGuards 6 diff --git a/etc/tor/instances/p/torrc b/etc/tor/instances/p/torrc deleted file mode 100644 index 5a8bfd8..0000000 --- a/etc/tor/instances/p/torrc +++ /dev/null @@ -1,7 +0,0 @@ -ClientUseIPv6 1 -ClientUseIPv4 1 -SOCKSPort 0 -MaxClientCircuitsPending 1024 -NumEntryGuards 6 -NumDirectoryGuards 6 -NumPrimaryGuards 6 diff --git a/etc/tor/instances/q/torrc b/etc/tor/instances/q/torrc deleted file mode 100644 index 5a8bfd8..0000000 --- a/etc/tor/instances/q/torrc +++ /dev/null @@ -1,7 +0,0 @@ -ClientUseIPv6 1 -ClientUseIPv4 1 -SOCKSPort 0 -MaxClientCircuitsPending 1024 -NumEntryGuards 6 -NumDirectoryGuards 6 -NumPrimaryGuards 6 diff --git a/etc/tor/instances/r/torrc b/etc/tor/instances/r/torrc deleted file mode 100644 index 5a8bfd8..0000000 --- a/etc/tor/instances/r/torrc +++ /dev/null @@ -1,7 +0,0 @@ -ClientUseIPv6 1 -ClientUseIPv4 1 -SOCKSPort 0 -MaxClientCircuitsPending 1024 -NumEntryGuards 6 -NumDirectoryGuards 6 -NumPrimaryGuards 6 diff --git a/etc/tor/instances/s/torrc b/etc/tor/instances/s/torrc deleted file mode 100644 index 5a8bfd8..0000000 --- a/etc/tor/instances/s/torrc +++ /dev/null @@ -1,7 +0,0 @@ -ClientUseIPv6 1 -ClientUseIPv4 1 -SOCKSPort 0 -MaxClientCircuitsPending 1024 -NumEntryGuards 6 -NumDirectoryGuards 6 -NumPrimaryGuards 6 diff --git a/etc/tor/instances/t/torrc b/etc/tor/instances/t/torrc deleted file mode 100644 index 5a8bfd8..0000000 --- a/etc/tor/instances/t/torrc +++ /dev/null @@ -1,7 +0,0 @@ -ClientUseIPv6 1 -ClientUseIPv4 1 -SOCKSPort 0 -MaxClientCircuitsPending 1024 -NumEntryGuards 6 -NumDirectoryGuards 6 -NumPrimaryGuards 6 diff --git a/etc/tor/instances/u/torrc b/etc/tor/instances/u/torrc deleted file mode 100644 index 5a8bfd8..0000000 --- a/etc/tor/instances/u/torrc +++ /dev/null @@ -1,7 +0,0 @@ -ClientUseIPv6 1 -ClientUseIPv4 1 -SOCKSPort 0 -MaxClientCircuitsPending 1024 -NumEntryGuards 6 -NumDirectoryGuards 6 -NumPrimaryGuards 6 diff --git a/etc/tor/instances/v/torrc b/etc/tor/instances/v/torrc deleted file mode 100644 index 5a8bfd8..0000000 --- a/etc/tor/instances/v/torrc +++ /dev/null @@ -1,7 +0,0 @@ -ClientUseIPv6 1 -ClientUseIPv4 1 -SOCKSPort 0 -MaxClientCircuitsPending 1024 -NumEntryGuards 6 -NumDirectoryGuards 6 -NumPrimaryGuards 6 diff --git a/etc/tor/instances/w/torrc b/etc/tor/instances/w/torrc deleted file mode 100644 index 5a8bfd8..0000000 --- a/etc/tor/instances/w/torrc +++ /dev/null @@ -1,7 +0,0 @@ -ClientUseIPv6 1 -ClientUseIPv4 1 -SOCKSPort 0 -MaxClientCircuitsPending 1024 -NumEntryGuards 6 -NumDirectoryGuards 6 -NumPrimaryGuards 6 diff --git a/etc/tor/instances/x/torrc b/etc/tor/instances/x/torrc deleted file mode 100644 index 5a8bfd8..0000000 --- a/etc/tor/instances/x/torrc +++ /dev/null @@ -1,7 +0,0 @@ -ClientUseIPv6 1 -ClientUseIPv4 1 -SOCKSPort 0 -MaxClientCircuitsPending 1024 -NumEntryGuards 6 -NumDirectoryGuards 6 -NumPrimaryGuards 6 diff --git a/etc/tor/instances/y/torrc b/etc/tor/instances/y/torrc deleted file mode 100644 index 5a8bfd8..0000000 --- a/etc/tor/instances/y/torrc +++ /dev/null @@ -1,7 +0,0 @@ -ClientUseIPv6 1 -ClientUseIPv4 1 -SOCKSPort 0 -MaxClientCircuitsPending 1024 -NumEntryGuards 6 -NumDirectoryGuards 6 -NumPrimaryGuards 6 diff --git a/etc/tor/instances/z/torrc b/etc/tor/instances/z/torrc deleted file mode 100644 index 5a8bfd8..0000000 --- a/etc/tor/instances/z/torrc +++ /dev/null @@ -1,7 +0,0 @@ -ClientUseIPv6 1 -ClientUseIPv4 1 -SOCKSPort 0 -MaxClientCircuitsPending 1024 -NumEntryGuards 6 -NumDirectoryGuards 6 -NumPrimaryGuards 6 diff --git a/var/www/common.php b/var/www/common.php index b1afbb2..db819de 100644 --- a/var/www/common.php +++ b/var/www/common.php @@ -4,12 +4,12 @@ const DBUSER='hosting'; // Database user const DBPASS='MY_PASSWORD'; // Database password const DBNAME='hosting'; // Database const PERSISTENT=true; // Use persistent database conection true/false -const DBVERSION=5; //database layout version +const DBVERSION=6; //database layout version const CAPTCHA=0; // Captcha difficulty (0=off, 1=simple, 2=moderate, 3=extreme) const ADDRESS='dhosting4okcs22v.onion'; // our own address const SERVERS=[ //servers and ports we are running on 'dhosting4okcs22v.onion'=>['sftp'=>22, 'ftp'=>21, 'pop3'=>'110', 'imap'=>'143', 'smtp'=>'25'], -'danwin1210.me'=>['sftp'=>22, 'ftp'=>21, 'pop3'=>'', 'imap'=>'', 'smtp'=>''] +'hosting.danwin1210.me'=>['sftp'=>222, 'ftp'=>21, 'pop3'=>'1995', 'imap'=>'1993', 'smtp'=>'1465'] ]; const EMAIL_TO=''; //Send email notifications about new registrations to this address const INDEX_MD5S=[ //MD5 sums of index.hosting.html files that should be considdered as unchanged for deletion @@ -200,3 +200,28 @@ function check_captcha_error(){ } return false; } + +function rewrite_torrc(PDO $db, string $key){ +$torrc="ClientUseIPv6 1 +ClientUseIPv4 1 +SOCKSPort 0 +MaxClientCircuitsPending 1024 +NumEntryGuards 6 +NumDirectoryGuards 6 +NumPrimaryGuards 6 +"; + $stmt=$db->prepare('SELECT onions.onion, users.system_account, onions.num_intros, onions.enable_smtp, onions.version FROM onions INNER JOIN users ON (users.id=onions.user_id) WHERE onions.onion LIKE ? AND enabled=1;'); + $stmt->execute(["$key%"]); + while($tmp=$stmt->fetch(PDO::FETCH_NUM)){ + $torrc.="HiddenServiceDir /var/lib/tor-instances/$key/hidden_service_$tmp[0].onion/ +HiddenServiceNumIntroductionPoints $tmp[2] +HiddenServiceVersion $tmp[4] +HiddenServicePort 80 unix:/var/run/nginx/$tmp[1] +"; + if($tmp[3]){ + $torrc.="HiddenServicePort 25\n"; + } + } + file_put_contents("/etc/tor/instances/$key/torrc", $torrc); + exec("service tor@$key reload"); +} diff --git a/var/www/cron.php b/var/www/cron.php index 05f786a..4e059da 100644 --- a/var/www/cron.php +++ b/var/www/cron.php @@ -9,12 +9,13 @@ $reload=[]; //add new accounts $del=$db->prepare("DELETE FROM new_account WHERE user_id=?;"); -$update_priv=$db->prepare("UPDATE users SET private_key=? WHERE onion=?;"); +$update_priv=$db->prepare("UPDATE onions SET private_key=? WHERE user_id=?;"); $approval = REQUIRE_APPROVAL ? 'WHERE new_account.approved=1': ''; -$stmt=$db->query("SELECT users.onion, users.username, new_account.password, users.private_key, users.php, users.autoindex, users.id FROM new_account INNER JOIN users ON (users.id=new_account.user_id) $approval LIMIT 100;"); +$stmt=$db->query("SELECT users.system_account, users.username, new_account.password, onions.private_key, users.php, users.autoindex, users.id, onions.onion FROM new_account INNER JOIN users ON (users.id=new_account.user_id) INNER JOIN onions ON (onions.user_id=users.id) $approval LIMIT 100;"); while($id=$stmt->fetch(PDO::FETCH_NUM)){ - $onion=$id[0]; - $firstchar=substr($onion, 0, 1); + $onion=$id[7]; + $system_account=$id[0]; + $firstchar=substr($system_account, 0, 1); $reload[$firstchar]=true; //php openssl implementation has some issues, re-export using native openssl $pkey=openssl_pkey_get_private($id[3]); @@ -22,21 +23,21 @@ while($id=$stmt->fetch(PDO::FETCH_NUM)){ openssl_pkey_free($pkey); $priv_key=shell_exec('openssl rsa < key.tmp'); unlink('key.tmp'); - $update_priv->execute([$priv_key, $onion]); + $update_priv->execute([$priv_key, $id[6]]); //add and manage rights of system user - exec('useradd -l -p '. escapeshellarg($id[2]) . " -g www-data -k /var/www/skel -m -s /usr/sbin/nologin $onion.onion"); - chown("/home/$onion.onion", 'root'); - chgrp("/home/$onion.onion", 'www-data'); - chmod("/home/$onion.onion", 0550); + exec('useradd -l -p ' . escapeshellarg($id[2]) . ' -g www-data -k /var/www/skel -m -s /usr/sbin/nologin ' . escapeshellarg($system_account)); + chown("/home/$system_account", 'root'); + chgrp("/home/$system_account", 'www-data'); + chmod("/home/$system_account", 0550); foreach(['.ssh', 'data', 'Maildir', 'tmp'] as $dir){ - mkdir("/home/$onion.onion/$dir", 0700); - chown("/home/$onion.onion/$dir", "$onion.onion"); - chgrp("/home/$onion.onion/$dir", 'www-data'); + mkdir("/home/$system_account/$dir", 0700); + chown("/home/$system_account/$dir", $system_account); + chgrp("/home/$system_account/$dir", 'www-data'); } - foreach(['logs'] as $dir){ - mkdir("/home/$onion.onion/$dir", 0550); - chown("/home/$onion.onion/$dir", "$onion.onion"); - chgrp("/home/$onion.onion/$dir", 'www-data'); + foreach(['logs']){ + mkdir("/home/$system_account/$dir", 0550); + chown("/home/$system_account/$dir", $system_account); + chgrp("/home/$system_account/$dir", 'www-data'); } //configuration for services @@ -45,13 +46,13 @@ if($id[4]>0){ $php_location=" location ~ [^/]\.php(/|\$) { include snippets/fastcgi-php.conf; - fastcgi_pass unix:/run/php/$onion; + fastcgi_pass unix:/run/php/$system_account; } "; }else{ $php_location=''; } -if($id[5]!=0){ +if($id[5]){ $autoindex='on'; }else{ $autoindex='off'; @@ -59,14 +60,14 @@ if($id[5]!=0){ $nginx="server { listen [::]:80; - listen unix:/var/run/nginx/$onion; - root /home/$onion.onion/www; + listen unix:/var/run/nginx/$system_account; + root /home/$system_account/www; server_name $onion.onion *.$onion.onion; - access_log /var/log/nginx/access_$onion.onion.log custom buffer=16k flush=1m; - access_log /home/$onion.onion/logs/access.log custom buffer=16k flush=1m; - error_log /var/log/nginx/error_$onion.onion.log notice; - error_log /home/$onion.onion/logs/error.log notice; - disable_symlinks on from=/home/$onion.onion/www; + access_log /var/log/nginx/access_$system_account.log custom buffer=8k flush=1m; + access_log /home/$system_account/logs/access.log custom buffer=8k flush=1m; + error_log /var/log/nginx/error_$system_account.log notice; + error_log /home/$system_account/logs/error.log notice; + disable_symlinks on from=/home/$system_account; autoindex $autoindex; location / { try_files \$uri \$uri/ =404;$php_location @@ -74,33 +75,33 @@ $nginx="server { } "; -$php="[$onion] -user = $onion.onion +$php="[$system_account] +user = $system_account group = www-data -listen = /run/php/$onion +listen = /run/php/$system_account listen.owner = www-data listen.group = www-data listen.mode = 0660 pm = ondemand pm.max_children = 20 pm.process_idle_timeout = 10s; -php_admin_value[sendmail_path] = '/usr/bin/php /var/www/sendmail_wrapper.php \"$onion.onion <$onion.onion@" . ADDRESS . ">\" | /usr/sbin/sendmail -t -i' +php_admin_value[sendmail_path] = '/usr/bin/php /var/www/sendmail_wrapper.php \"$system_account <$system_account@" . ADDRESS . ">\" | /usr/sbin/sendmail -t -i' php_admin_value[memory_limit] = 256M php_admin_value[disable_functions] = exec,link,passthru,pcntl_alarm,pcntl_async_signals,pcntl_exec,pcntl_fork,pcntl_get_last_error,pcntl_getpriority,pcntl_setpriority,pcntl_signal,pcntl_signal_dispatch,pcntl_signal_get_handler,pcntl_sigprocmask,pcntl_sigtimedwait,pcntl_sigwaitinfo,pcntl_strerror,pcntl_waitpid,pcntl_wait,pcntl_wexitstatus,pcntl_wifcontinued,pcntl_wifexited,pcntl_wifsignaled,pcntl_wifstopped,pcntl_wstopsig,pcntl_wtermsig,popen,posix_ctermid,posix_getgrgid,posix_getgrnam,posix_getpgid,posix_getpwnam,posix_getpwuid,posix_getrlimit,posix_getsid,posix_kill,posix_setegid,posix_seteuid,posix_setgid,posix_setpgid,posix_setrlimit,posix_setuid,posix_ttyname,posix_uname,proc_open,putenv,shell_exec,socket_listen,socket_create_listen,socket_bind,stream_socket_server,symlink,system -php_admin_value[open_basedir] = /home/$onion.onion -php_admin_value[upload_tmp_dir] = /home/$onion.onion/tmp -php_admin_value[soap.wsdl_cache_dir] = /home/$onion.onion/tmp -php_admin_value[session.save_path] = /home/$onion.onion/tmp +php_admin_value[open_basedir] = /home/$system_account +php_admin_value[upload_tmp_dir] = /home/$system_account/tmp +php_admin_value[soap.wsdl_cache_dir] = /home/$system_account/tmp +php_admin_value[session.save_path] = /home/$system_account/tmp "; //save configuration files - file_put_contents("/etc/nginx/sites-enabled/$onion.onion", $nginx); + file_put_contents("/etc/nginx/sites-enabled/$system_account", $nginx); if($id[4]==1){ - file_put_contents("/etc/php/7.0/fpm/pool.d/$firstchar/$onion.conf", $php); + file_put_contents("/etc/php/7.0/fpm/pool.d/$firstchar/$system_account.conf", $php); }elseif($id[4]==2){ - file_put_contents("/etc/php/7.1/fpm/pool.d/$firstchar/$onion.conf", $php); + file_put_contents("/etc/php/7.1/fpm/pool.d/$firstchar/$system_account.conf", $php); }elseif($id[4]==3){ - file_put_contents("/etc/php/7.2/fpm/pool.d/$firstchar/$onion.conf", $php); + file_put_contents("/etc/php/7.2/fpm/pool.d/$firstchar/$system_account.conf", $php); } //save hidden service mkdir("/var/lib/tor-instances/$firstchar/hidden_service_$onion.onion", 0700); @@ -114,42 +115,41 @@ php_admin_value[session.save_path] = /home/$onion.onion/tmp chgrp("/var/lib/tor-instances/$firstchar/hidden_service_$onion.onion/", "_tor-$firstchar"); chgrp("/var/lib/tor-instances/$firstchar/hidden_service_$onion.onion/hostname", "_tor-$firstchar"); chgrp("/var/lib/tor-instances/$firstchar/hidden_service_$onion.onion/private_key", "_tor-$firstchar"); - //add hidden service to torrc - $torrc=file_get_contents("/etc/tor/instances/$firstchar/torrc"); - $torrc.="HiddenServiceDir /var/lib/tor-instances/$firstchar/hidden_service_$onion.onion/\nHiddenServicePort 80 unix:/var/run/nginx/$onion\nHiddenServicePort 25\n"; - file_put_contents("/etc/tor/instances/$firstchar/torrc", $torrc); //remove from to-add queue $del->execute([$id[6]]); } //delete old accounts -$del=$db->prepare("DELETE FROM users WHERE onion=?"); -$stmt=$db->query("SELECT onion, id, mysql_user FROM users WHERE todelete=1 LIMIT 100;"); +$del=$db->prepare("DELETE FROM users WHERE id=?;"); +$stmt=$db->query("SELECT system_account, id, mysql_user FROM users WHERE todelete=1 LIMIT 100;"); $onions=$stmt->fetchAll(PDO::FETCH_NUM); +$stmt=$db->prepare('SELECT onion FROM onions WHERE user_id=?;'); +$del_onions=$db->prepare('DELETE FROM onions WHERE user_id=?;'); foreach($onions as $onion){ $firstchar=substr($onion[0], 0, 1); $reload[$firstchar]=true; //delete config files - if(file_exists("/etc/php/7.0/fpm/pool.d/$firstchar/$onion[0].conf")){ - unlink("/etc/php/7.0/fpm/pool.d/$firstchar/$onion[0].conf"); + foreach(['7.0', '7.1', '7.2'] as $v){ + // new naming schema + if(file_exists("/etc/php/$v/fpm/pool.d/$firstchar/$onion[0].conf")){ + unlink("/etc/php/$v/fpm/pool.d/$firstchar/$onion[0].conf"); + } + // old naming schema + if(file_exists("/etc/php/$v/fpm/pool.d/$firstchar/".substr($onion[0], 0, 16).".conf")){ + unlink("/etc/php/$v/fpm/pool.d/$firstchar/".substr($onion[0], 0, 16).".conf"); + } } - if(file_exists("/etc/php/7.1/fpm/pool.d/$firstchar/$onion[0].conf")){ - unlink("/etc/php/7.1/fpm/pool.d/$firstchar/$onion[0].conf"); - } - if(file_exists("/etc/php/7.2/fpm/pool.d/$firstchar/$onion[0].conf")){ - unlink("/etc/php/7.2/fpm/pool.d/$firstchar/$onion[0].conf"); - } - unlink("/etc/nginx/sites-enabled/$onion[0].onion"); - //clean torrc from user - $torrc=file_get_contents("/etc/tor/instances/$firstchar/torrc"); - $torrc=str_replace("HiddenServiceDir /var/lib/tor-instances/$firstchar/hidden_service_$onion[0].onion/\nHiddenServicePort 80 unix:/var/run/nginx/$onion[0]\nHiddenServicePort 25\n", '', $torrc); - file_put_contents("/etc/tor/instances/$firstchar/torrc", $torrc); - //delete hidden service from tor - if(file_exists("/var/lib/tor-instances/$firstchar/hidden_service_$onion[0].onion/")){ - unlink("/var/lib/tor-instances/$firstchar/hidden_service_$onion[0].onion/hostname"); - unlink("/var/lib/tor-instances/$firstchar/hidden_service_$onion[0].onion/private_key"); - rmdir("/var/lib/tor-instances/$firstchar/hidden_service_$onion[0].onion/"); + unlink("/etc/nginx/sites-enabled/$onion[0]"); + $stmt->execute([$onion[1]]); + while($tmp=$stmt->fetch(PDO::FETCH_NUM)){ + //delete hidden service from tor + if(file_exists("/var/lib/tor-instances/$firstchar/hidden_service_$tmp[0].onion/")){ + unlink("/var/lib/tor-instances/$firstchar/hidden_service_$tmp[0].onion/hostname"); + unlink("/var/lib/tor-instances/$firstchar/hidden_service_$tmp[0].onion/private_key"); + rmdir("/var/lib/tor-instances/$firstchar/hidden_service_$tmp[0].onion/"); + } } + $del_onions->execute([$onion[1]]); } //reload services @@ -160,18 +160,29 @@ foreach($reload as $key => $val){ exec("service php7.0-fpm@$key restart"); exec("service php7.1-fpm@$key restart"); exec("service php7.2-fpm@$key restart"); - exec("service tor@$key reload"); + rewrite_torrc($db, $key); } //continue deleting old accounts $stmt=$db->prepare('SELECT mysql_database FROM mysql_databases WHERE user_id=?;'); foreach($onions as $onion){ //kill processes of the user to allow deleting system users - exec("skill -u $onion[0].onion"); + exec('skill -u ' . escapeshellarg($onion[0])); //delete user and group - exec("userdel -rf $onion[0].onion"); + exec('userdel -rf ' . escapeshellarg($onion[0])); //delete all log files - exec("rm -f /var/log/nginx/*$onion[0].onion.log*"); + if(file_exists("/var/log/nginx/access_$onion[0].log")){ + unlink("/var/log/nginx/access_$onion[0].log"); + } + if(file_exists("/var/log/nginx/access_$onion[0].log.1")){ + unlink("/var/log/nginx/access_$onion[0].log.1"); + } + if(file_exists("/var/log/nginx/error_$onion[0].log")){ + unlink("/var/log/nginx/error_$onion[0].log"); + } + if(file_exists("/var/log/nginx/error_$onion[0].log.1")){ + unlink("/var/log/nginx/error_$onion[0].log.1"); + } //delete user from database $db->exec("DROP USER '$onion[2]'@'%';"); $stmt->execute([$onion[1]]); @@ -180,13 +191,13 @@ foreach($onions as $onion){ } $db->exec('FLUSH PRIVILEGES;'); //delete user from user database - $del->execute([$onion[0]]); + $del->execute([$onion[1]]); } // update passwords -$stmt=$db->query("SELECT users.onion, pass_change.password, users.id FROM pass_change INNER JOIN users ON (users.id=pass_change.user_id) LIMIT 100;"); +$stmt=$db->query("SELECT users.system_account, pass_change.password, users.id FROM pass_change INNER JOIN users ON (users.id=pass_change.user_id) LIMIT 100;"); $del=$db->prepare("DELETE FROM pass_change WHERE user_id=?;"); while($onion=$stmt->fetch(PDO::FETCH_NUM)){ - exec('usermod -p '. escapeshellarg($onion[1]) . " $onion[0].onion"); + exec('usermod -p '. escapeshellarg($onion[1]) . ' ' . escapeshellarg($onion[0])); $del->execute([$onion[2]]); } diff --git a/var/www/find_old.php b/var/www/find_old.php index cea4d7d..762d978 100644 --- a/var/www/find_old.php +++ b/var/www/find_old.php @@ -7,30 +7,28 @@ try{ } //delete tmp files older than 24 hours -exec('find /home -path "/home/*.onion/tmp/*" -cmin +1440 -delete'); +exec('find /home -path "/home/*/tmp/*" -cmin +1440 -delete'); //delete unused accounts older than 30 days -$del=$db->prepare('UPDATE users SET todelete=1 WHERE onion=?;'); -$stmt=$db->prepare('SELECT onion FROM users WHERE dateaddedprepare('UPDATE users SET todelete=1 WHERE id=?;'); +$stmt=$db->prepare('SELECT system_account, id FROM users WHERE dateaddedexecute([time()-60*60*24*30]); $all=$stmt->fetchAll(PDO::FETCH_NUM); foreach($all as $tmp){ - $tmp=$tmp[0].'.onion'; - if(filemtime("/home/$tmp")>time()-60*60*24*30){ + if(filemtime("/home/$tmp[0]")>time()-60*60*24*30){ continue; } - $count_www=count(scandir("/home/$tmp/www/")); + $count_www=count(scandir("/home/$tmp[0]/www/")); //check data empty and www no more than 1 file - if($count_www>3 || count(scandir("/home/$tmp/data/"))>2){ + if($count_www>3 || count(scandir("/home/$tmp[0]/data/"))>2){ continue; } //check www empty or index unmodified if($count_www===3){ - if(!file_exists("/home/$tmp/www/index.hosting.html") || !in_array(md5_file("/home/$tmp/www/index.hosting.html"), INDEX_MD5S)){ + if(!file_exists("/home/$tmp[0]/www/index.hosting.html") || !in_array(md5_file("/home/$tmp[0]/www/index.hosting.html"), INDEX_MD5S)){ continue; } } //no data found, safe to delete -// $del->execute([substr($tmp, 0, 16)]); -var_dump($tmp); + $del->execute([substr($tmp[1], 0, 16)]); } diff --git a/var/www/html/admin.php b/var/www/html/admin.php index 3513575..e71a694 100644 --- a/var/www/html/admin.php +++ b/var/www/html/admin.php @@ -52,7 +52,7 @@ if(empty($_SESSION['logged_in'])){ }elseif($_REQUEST['action']==='list'){ echo ''; echo ''; - $stmt=$db->query('SELECT onion FROM users WHERE public=0 ORDER BY onion;'); + $stmt=$db->query('SELECT onions.onion FROM users INNER JOIN onions ON (onions.user_id=users.id) WHERE users.public=0 ORDER BY onions.onion;'); while($tmp=$stmt->fetch(PDO::FETCH_NUM)){ echo ""; } @@ -65,7 +65,7 @@ if(empty($_SESSION['logged_in'])){ } echo '
Onion link
$tmp[0].onion
'; echo ''; - $stmt=$db->query('SELECT users.username, users.onion FROM users INNER JOIN new_account ON (users.id=new_account.user_id) WHERE new_account.approved=0 ORDER BY users.username;'); + $stmt=$db->query('SELECT users.username, onions.onion FROM users INNER JOIN new_account ON (users.id=new_account.user_id) INNER JOIN onions ON (onions.user_id=users.id) WHERE new_account.approved=0 ORDER BY users.username;'); while($tmp=$stmt->fetch(PDO::FETCH_NUM)){ echo ""; } @@ -81,11 +81,11 @@ if(empty($_SESSION['logged_in'])){ echo '
'; if(!empty($_POST['onion'])){ if(preg_match('~^([a-z2-7]{16})(\.onion)?$~', $_POST['onion'], $match)){ - $stmt=$db->prepare('SELECT null FROM users WHERE onion=?;'); + $stmt=$db->prepare('SELECT user_id FROM onions WHERE onion=?;'); $stmt->execute([$match[1]]); - if($stmt->fetch(PDO::FETCH_NUM)){ - $stmt=$db->prepare('UPDATE users SET todelete=1 WHERE onion=?;'); - $stmt->execute([$match[1]]); + if($user_id=$stmt->fetch(PDO::FETCH_NUM)){ + $stmt=$db->prepare('UPDATE users SET todelete=1 WHERE id=?;'); + $stmt->execute($user_id); echo "

Successfully queued for deletion!

"; }else{ echo "

Onion address not hosted by us!

"; diff --git a/var/www/html/delete.php b/var/www/html/delete.php index 8ceecee..5e35f36 100644 --- a/var/www/html/delete.php +++ b/var/www/html/delete.php @@ -12,8 +12,8 @@ if($_SERVER['REQUEST_METHOD']==='POST'){ if(!isset($_POST['pass']) || !password_verify($_POST['pass'], $user['password'])){ $msg.='

Wrong password.

'; }else{ - $stmt=$db->prepare('UPDATE users SET todelete=1 WHERE onion=?;'); - $stmt->execute([$user['onion']]); + $stmt=$db->prepare('UPDATE users SET todelete=1 WHERE id=?;'); + $stmt->execute([$user['id']]); session_destroy(); header('Location: login.php'); exit; diff --git a/var/www/html/files.php b/var/www/html/files.php index e33446d..7fc38da 100644 --- a/var/www/html/files.php +++ b/var/www/html/files.php @@ -15,7 +15,7 @@ if(empty($_SESSION['ftp_pass'])){ exit; } $ftp=ftp_connect('127.0.0.1') or die ('No Connection to FTP server!'); -if(@!ftp_login($ftp, "$user[onion].onion", $_SESSION['ftp_pass'])){ +if(@!ftp_login($ftp, $user[system_account], $_SESSION['ftp_pass'])){ send_login(); exit; } diff --git a/var/www/html/home.php b/var/www/html/home.php index aa336fc..a57e86c 100644 --- a/var/www/html/home.php +++ b/var/www/html/home.php @@ -15,22 +15,34 @@ echo ''; echo ''; echo ''; echo "

Logged in as $user[username] Logout | Change passwords | FileManager | Delete account

"; -echo "

Enter system account password to check your $user[onion].onion@" . ADDRESS . " mail:

UsernameOnion addressAction
$tmp[0]$tmp[1].onion

"; -echo '

Domain

'; +echo "

Enter system account password to check your $user[system_account]@" . ADDRESS . " mail:

"; +echo '

Domains

'; echo ''; -echo ''; -echo "'; +$stmt=$db->prepare('SELECT onion, private_key, enabled, enable_smtp, num_intros FROM onions WHERE user_id=?;'); +$stmt->execute([$user['id']]); +while($onion=$stmt->fetch(PDO::FETCH_ASSOC)){ + echo ""; } -echo ''; echo '
OnionPrivate key
$user[onion].onion"; -if(isset($_REQUEST['show_priv'])){ - echo "
$user[private_key]
"; -}else{ - echo 'Show private key'; +echo '
OnionPrivate keyEnabledSMTP enabledNr. of intros
$onion[onion].onion"; + if(isset($_REQUEST['show_priv'])){ + echo "
$onion[private_key]
"; + }else{ + echo 'Show private key'; + } + echo '		'; + echo $onion['enabled'] ? 'Yes' : 'No'; + echo ''; + echo $onion['enable_smtp'] ? 'Yes' : 'No'; + echo "$onion[num_intros]
'; echo '

MySQL Database

'; echo ''; echo ''; -echo ""; +$stmt=$db->prepare('SELECT mysql_database FROM mysql_databases WHERE user_id=?;'); +$stmt->execute([$user['id']]); +while($mysql=$stmt->fetch(PDO::FETCH_ASSOC)){ + echo ""; +} echo '
DatabaseHostUser
$user[onion]localhost$user[onion].onion
$mysql[mysql_database]localhost$user[mysql_user]
'; echo '

Change MySQL password

'; echo '

You can use PHPMyAdmin and Adminer for web based database administration.

'; @@ -38,7 +50,7 @@ echo '

System Account

'; echo ''; echo ''; foreach(SERVERS as $server=>$tmp){ - echo ""; + echo ""; } echo '
UsernameHostFTP PortSFTP PortPOP3 PortIMAP PortSMTP port
$user[onion].onion$server$tmp[ftp]$tmp[sftp]$tmp[pop3]$tmp[imap]$tmp[smtp]
$user[system_account]$server$tmp[ftp]$tmp[sftp]$tmp[pop3]$tmp[imap]$tmp[smtp]
'; echo '

Change system account password

'; diff --git a/var/www/html/index.php b/var/www/html/index.php index 9dd2d0b..23b6642 100644 --- a/var/www/html/index.php +++ b/var/www/html/index.php @@ -31,7 +31,7 @@ if(isset($_SERVER['HTTP_HOST']) && preg_match('/danwin1210\.(i2p|me)$/', $_SERVE
  • Web-based file management
  • FTP access
  • SFTP access
    • -
  • No disk quota
    • +
  • No disk quota, but please be fair about your disk usage
  • mail() can send e-mails from your.onion@ (your.onion@hosting.danwin1210.me for clearnet)
  • Webmail and IMAP, POP3 and SMTP access to your mail account
  • Mail sent to anything@your.onion gets automatically redirected to your inbox
    • @@ -53,5 +53,6 @@ if(isset($_SERVER['HTTP_HOST']) && preg_match('/danwin1210\.(i2p|me)$/', $_SERVE
  • No proxy scripts! (You are already using TOR and this will just burden the network)
  • No IP logger or similar de-anonymizer sites!
  • I preserve the right to delete any site for violating these rules and adding new rules at any time.
    • +
  • Should you not honor these rules, I will (have to) work together with Law Enfocements!
    • diff --git a/var/www/html/list.php b/var/www/html/list.php index 0f39c38..1613d3a 100644 --- a/var/www/html/list.php +++ b/var/www/html/list.php @@ -21,9 +21,9 @@ $hidden=$stmt->fetch(PDO::FETCH_NUM); echo "

    Here a list of $count[0] public hosted sites ($hidden[0] sites hidden):

    "; echo ''; echo ''; -$stmt=$db->query('SELECT username, onion FROM users WHERE public=1 ORDER BY onion;'); +$stmt=$db->query('SELECT onions.onion FROM users INNER JOIN onions ON (onions.user_id=users.id) WHERE users.public=1 ORDER BY onions.onion;'); while($tmp=$stmt->fetch(PDO::FETCH_NUM)){ - echo ""; + echo ""; } echo '
    Onion link
    $tmp[1].onion
    $tmp[0].onion
    '; echo ''; diff --git a/var/www/html/log.php b/var/www/html/log.php index f8b2f95..b9fa60f 100644 --- a/var/www/html/log.php +++ b/var/www/html/log.php @@ -22,6 +22,6 @@ header("Content-disposition: filename=\"$type.log\""); header('Pragma: no-cache'); header('Cache-Control: no-cache, no-store, must-revalidate, max-age=0'); header('Expires: 0'); -if(file_exists("/var/log/nginx/{$type}_$user[onion].onion.log$old")){ - header("X-Accel-Redirect: /nginx/{$type}_$user[onion].onion.log$old"); +if(file_exists("/var/log/nginx/{$type}_$user[system_account].log$old")){ + header("X-Accel-Redirect: /nginx/{$type}_$user[system_account].log$old"); } diff --git a/var/www/html/login.php b/var/www/html/login.php index bcd90ad..7129f93 100644 --- a/var/www/html/login.php +++ b/var/www/html/login.php @@ -22,18 +22,18 @@ if($_SERVER['REQUEST_METHOD']==='POST'){ $msg.='

    Error: username may not be empty.

    '; $ok=false; }else{ - $stmt=$db->prepare('SELECT username, password, onion FROM users WHERE username=?;'); + $stmt=$db->prepare('SELECT username, password, id FROM users WHERE username=?;'); $stmt->execute([$_POST['username']]); $tmp=[]; if(($tmp=$stmt->fetch(PDO::FETCH_NUM))===false && preg_match('/^([2-7a-z]{16}).onion$/', $_POST['username'], $match)){ - $stmt=$db->prepare('SELECT username, password, onion FROM users WHERE onion=?;'); + $stmt=$db->prepare('SELECT users.username, users.password, users.id FROM users INNER JOIN onions ON (onions.user_id=users.id) WHERE onions.onion=?;'); $stmt->execute([$match[1]]); $tmp=$stmt->fetch(PDO::FETCH_NUM); } if($tmp){ $username=$tmp[0]; $password=$tmp[1]; - $stmt=$db->prepare('SELECT new_account.approved FROM new_account INNER JOIN users ON (users.id=new_account.user_id) WHERE users.onion=?;'); + $stmt=$db->prepare('SELECT new_account.approved FROM new_account INNER JOIN users ON (users.id=new_account.user_id) WHERE users.id=?;'); $stmt->execute([$tmp[2]]); if($tmp=$stmt->fetch(PDO::FETCH_NUM)){ if(REQUIRE_APPROVAL && !$tmp[0]){ diff --git a/var/www/html/password.php b/var/www/html/password.php index 7627c7d..9bdd5ce 100644 --- a/var/www/html/password.php +++ b/var/www/html/password.php @@ -19,8 +19,8 @@ if($_SERVER['REQUEST_METHOD']==='POST'){ }else{ if($_REQUEST['type']==='acc'){ $hash=password_hash($_POST['newpass'], PASSWORD_DEFAULT); - $stmt=$db->prepare('UPDATE users SET password=? WHERE username=?;'); - $stmt->execute([$hash, $user['username']]); + $stmt=$db->prepare('UPDATE users SET password=? WHERE id=?;'); + $stmt->execute([$hash, $user['id']]); $msg.='

    Successfully changed account password.

    '; }elseif($_REQUEST['type']==='sys'){ $stmt=$db->prepare('INSERT INTO pass_change (user_id, password) VALUES (?, ?);'); @@ -28,7 +28,7 @@ if($_SERVER['REQUEST_METHOD']==='POST'){ $stmt->execute([$user['id'], $hash]); $msg.='

    Successfully changed system account password, change will take affect within the next minute.

    '; }elseif($_REQUEST['type']==='sql'){ - $stmt=$db->prepare("SET PASSWORD FOR '$user[onion].onion'@'%'=PASSWORD(?);"); + $stmt=$db->prepare("SET PASSWORD FOR '$user[mysql_user]'@'%'=PASSWORD(?);"); $stmt->execute([$_POST['newpass']]); $db->exec('FLUSH PRIVILEGES;'); $msg.='

    Successfully changed sql password.

    '; diff --git a/var/www/html/register.php b/var/www/html/register.php index 41dabc6..08086be 100644 --- a/var/www/html/register.php +++ b/var/www/html/register.php @@ -54,7 +54,7 @@ if($_SERVER['REQUEST_METHOD']==='POST'){ } } if($ok){ - $check=$db->prepare('SELECT null FROM users WHERE onion=?;'); + $check=$db->prepare('SELECT null FROM onions WHERE onion=?;'); if(isset($_REQUEST['private_key']) && !empty(trim($_REQUEST['private_key']))){ $priv_key=trim($_REQUEST['private_key']); if(($pkey=openssl_pkey_get_private($priv_key))!==false){ @@ -102,13 +102,15 @@ if($_SERVER['REQUEST_METHOD']==='POST'){ echo '

    To prevent abuse a site can only be registered every 60 seconds, but one has already been registered within the last 60 seconds. Please try again.

    '; $ok=false; }elseif($ok){ - $stmt=$db->prepare('INSERT INTO users (username, password, onion, private_key, dateadded, public, php, autoindex, mysql_user) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?);'); - $stmt->execute([$_POST['username'], $hash, $onion, $priv_key, time(), $public, $php, $autoindex, "$onion.onion"]); + $stmt=$db->prepare('INSERT INTO users (username, system_account, password, dateadded, public, php, autoindex, mysql_user) VALUES (?, ?, ?, ?, ?, ?, ?, ?);'); + $stmt->execute([$_POST['username'], "$onion.onion", $hash, time(), $public, $php, $autoindex, "$onion.onion"]); $stmt=$db->prepare('SELECT id FROM users WHERE username=?;'); $stmt->execute([$_POST['username']]); $user_id=$stmt->fetch(PDO::FETCH_NUM)[0]; $stmt=$db->prepare('INSERT INTO mysql_databases (user_id, mysql_database) VALUES (?, ?);'); $stmt->execute([$user_id, $onion]); + $stmt=$db->prepare('INSERT INTO onions (user_id, onion, private_key, version) VALUES (?, ?, ?, ?);'); + $stmt->execute([$user_id, $onion, $priv_key, 2]); $create_user=$db->prepare("CREATE USER '$onion.onion'@'%' IDENTIFIED BY ?;"); $create_user->execute([$_POST['pass']]); $db->exec("CREATE DATABASE IF NOT EXISTS `$onion`;"); diff --git a/var/www/setup.php b/var/www/setup.php index 95f79c5..3eeb294 100644 --- a/var/www/setup.php +++ b/var/www/setup.php @@ -22,11 +22,12 @@ $version; if(!@$version=$db->query("SELECT value FROM settings WHERE setting='version';")){ //create tables $db->exec('CREATE TABLE captcha (id int(11) NOT NULL AUTO_INCREMENT PRIMARY KEY, time int(11) NOT NULL, code char(5) COLLATE latin1_bin NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_bin;'); - $db->exec('CREATE TABLE users (id int(11) NOT NULL AUTO_INCREMENT PRIMARY KEY, onion char(16) COLLATE latin1_bin NOT NULL UNIQUE, username varchar(50) COLLATE latin1_bin NOT NULL UNIQUE, password varchar(255) COLLATE latin1_bin NOT NULL, private_key varchar(1000) COLLATE latin1_bin NOT NULL, dateadded int(10) unsigned NOT NULL, public tinyint(3) unsigned NOT NULL, php tinyint(1) unsigned NOT NULL, autoindex tinyint(1) unsigned NOT NULL, todelete tinyint(1) UNSIGNED NOT NULL, mysql_user varchar(32) NOT NULL, KEY public (public), KEY dateadded (dateadded), KEY todelete (todelete)) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_bin;'); + $db->exec('CREATE TABLE users (id int(11) NOT NULL AUTO_INCREMENT PRIMARY KEY, system_account varchar(32) COLLATE latin1_bin NOT NULL UNIQUE, username varchar(50) COLLATE latin1_bin NOT NULL UNIQUE, password varchar(255) COLLATE latin1_bin NOT NULL, dateadded int(10) unsigned NOT NULL, public tinyint(1) unsigned NOT NULL, php tinyint(1) unsigned NOT NULL, autoindex tinyint(1) unsigned NOT NULL, todelete tinyint(1) UNSIGNED NOT NULL, mysql_user varchar(32) NOT NULL, KEY dateadded (dateadded), KEY public (public), KEY todelete (todelete)) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_bin;'); $db->exec('CREATE TABLE new_account (user_id int(11) NOT NULL PRIMARY KEY, password varchar(255) COLLATE latin1_bin NOT NULL, approved tinyint(1) UNSIGNED NOT NULL, CONSTRAINT new_account_ibfk_1 FOREIGN KEY (user_id) REFERENCES users (id) ON DELETE CASCADE ON UPDATE CASCADE) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_bin;'); $db->exec('CREATE TABLE pass_change (user_id int(11) NOT NULL PRIMARY KEY, password varchar(255) COLLATE latin1_bin NOT NULL, CONSTRAINT pass_change_ibfk_1 FOREIGN KEY (user_id) REFERENCES users (id) ON DELETE CASCADE ON UPDATE CASCADE) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_bin;'); - $db->exec('CREATE TABLE mysql_databases (user_id int(11) NOT NULL KEY, mysql_database varchar(64) COLLATE latin1_bin NOT NULL, CONSTRAINT mysql_database_ibfk_1 FOREIGN KEY (user_id) REFERENCES users (id) ON DELETE CASCADE ON UPDATE CASCADE) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_bin;'); + $db->exec('CREATE TABLE mysql_databases (user_id int(11) NOT NULL, mysql_database varchar(64) COLLATE latin1_bin NOT NULL, KEY user_id, CONSTRAINT mysql_database_ibfk_1 FOREIGN KEY (user_id) REFERENCES users (id) ON DELETE CASCADE ON UPDATE CASCADE) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_bin;'); $db->exec('CREATE TABLE settings (setting varchar(50) CHARACTER SET latin1 COLLATE latin1_bin NOT NULL PRIMARY KEY, value text CHARACTER SET utf8mb4 COLLATE utf8mb4_bin NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_bin;'); + $db->exec("CREATE TABLE onions (user_id int(11) NOT NULL, onion varchar(56) COLLATE latin1_bin NOT NULL PRIMARY KEY, private_key varchar(1000) COLLATE latin1_bin NOT NULL, version tinyint(1) NOT NULL, enabled tinyint(1) NOT NULL DEFAULT '1', num_intros tinyint(3) NOT NULL DEFAULT '3', enable_smtp tinyint(1) NOT NULL DEFAULT '1', KEY user_id (user_id), KEY enabled (enabled), CONSTRAINT onions_ibfk_1 FOREIGN KEY (user_id) REFERENCES users (id) ON DELETE CASCADE ON UPDATE CASCADE) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_bin;"); $stmt=$db->prepare("INSERT INTO settings (setting, value) VALUES ('version', ?);"); $stmt->execute([DBVERSION]); echo "Database has successfully been set up\n"; @@ -37,20 +38,6 @@ if(!@$version=$db->query("SELECT value FROM settings WHERE setting='version';")) $db->exec('ALTER TABLE new_account ADD approved tinyint(1) UNSIGNED NOT NULL;'); $db->exec('DROP TABLE del_account;'); } - if($version<3){ - $stmt=$db->query("SELECT onion FROM users;"); - while($id=$stmt->fetch(PDO::FETCH_NUM)){ - $onion=$id[0]; - $firstchar=substr($onion, 0, 1); - $replace=str_replace("listen unix:/var/run/nginx.sock;", "listen unix:/var/run/nginx/$onion backlog=2048;", file_get_contents("/etc/nginx/sites-enabled/$onion.onion")); - file_put_contents("/etc/nginx/sites-enabled/$onion.onion", $replace); - $torrc=file_get_contents("/etc/tor/instances/$firstchar/torrc"); - $torrc=str_replace("$onion.onion/\nHiddenServicePort 80 unix:/var/run/nginx.sock", "$onion.onion/\nHiddenServicePort 80 unix:/var/run/nginx/$onion", $torrc); - file_put_contents("/etc/tor/instances/$firstchar/torrc", $torrc); - } - exec('service nginx reload'); - exec("service tor reload"); - } if($version<4){ $db->exec('ALTER TABLE new_account DROP FOREIGN KEY new_account_ibfk_1;'); $db->exec('ALTER TABLE pass_change DROP FOREIGN KEY pass_change_ibfk_1;'); @@ -72,6 +59,25 @@ if(!@$version=$db->query("SELECT value FROM settings WHERE setting='version';")) $db->exec('CREATE TABLE mysql_databases (user_id int(11) NOT NULL KEY, mysql_database varchar(64) COLLATE latin1_bin NOT NULL, CONSTRAINT mysql_database_ibfk_1 FOREIGN KEY (user_id) REFERENCES users (id) ON DELETE CASCADE ON UPDATE CASCADE) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_bin;'); $db->exec("INSERT INTO mysql_databases (user_id, mysql_database) SELECT id, onion FROM users;"); } + if($version<6){ + $db->exec('ALTER TABLE mysql_databases DROP PRIMARY KEY, ADD INDEX user_id (user_id);'); + $db->exec("CREATE TABLE onions (user_id int(11) NOT NULL, onion varchar(56) COLLATE latin1_bin NOT NULL PRIMARY KEY, private_key varchar(1000) COLLATE latin1_bin NOT NULL, version tinyint(1) NOT NULL, enabled tinyint(1) NOT NULL DEFAULT '1', num_intros tinyint(3) NOT NULL DEFAULT '3', enable_smtp tinyint(1) NOT NULL DEFAULT '1', KEY user_id (user_id), KEY enabled (enabled), CONSTRAINT onions_ibfk_1 FOREIGN KEY (user_id) REFERENCES users (id) ON DELETE CASCADE ON UPDATE CASCADE) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_bin;"); + $db->exec("INSERT INTO onions (user_id, onion, private_key, version) SELECT id, onion, private_key, 2 FROM users;"); + $db->exec('ALTER TABLE users DROP private_key;'); + $db->exec('ALTER TABLE users CHANGE onion system_account varchar(32) CHARACTER SET latin1 COLLATE latin1_bin NOT NULL;'); + $db->exec("UPDATE users SET system_account = CONCAT(system_account, '.onion');"); + $stmt=$db->query("SELECT system_account FROM users;"); + while($id=$stmt->fetch(PDO::FETCH_NUM)){ + $system_account=$id[0]; + $onion=substr($id[0], 0, 16); + $replace=preg_replace("~listen\sunix:/var/run/nginx(/[a-z2-7]{16}|\.sock)(\sbacklog=2048)?;~", "listen unix:/var/run/nginx/$system_account backlog=2048;", file_get_contents("/etc/nginx/sites-enabled/$system_account")); + file_put_contents("/etc/nginx/sites-enabled/$system_account", $replace); + } + foreach(['2', '3', '4', '5', '6', '7', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z'] as $key){ + rewrite_torrc($db, $key); + } + exec('service nginx reload'); + } $stmt=$db->prepare("UPDATE settings SET value=? WHERE setting='version';"); $stmt->execute([DBVERSION]); if(DBVERSION!=$version){