Structure changes for future features
This commit is contained in:
Daniel Winzen
@ -52,7 +52,7 @@ if(empty($_SESSION['logged_in'])){
|
||||
}elseif($_REQUEST['action']==='list'){
|
||||
echo '<table border="1">';
|
||||
echo '<tr><td>Onion link</td></tr>';
|
||||
$stmt=$db->query('SELECT onion FROM users WHERE public=0 ORDER BY onion;');
|
||||
$stmt=$db->query('SELECT onions.onion FROM users INNER JOIN onions ON (onions.user_id=users.id) WHERE users.public=0 ORDER BY onions.onion;');
|
||||
while($tmp=$stmt->fetch(PDO::FETCH_NUM)){
|
||||
echo "<tr><td><a href=\"http://$tmp[0].onion\" target=\"_blank\">$tmp[0].onion</a></td></tr>";
|
||||
}
|
||||
@ -65,7 +65,7 @@ if(empty($_SESSION['logged_in'])){
|
||||
}
|
||||
echo '<table border="1">';
|
||||
echo '<tr><td>Username</td><td>Onion address</td><td>Action</td></tr>';
|
||||
$stmt=$db->query('SELECT users.username, users.onion FROM users INNER JOIN new_account ON (users.id=new_account.user_id) WHERE new_account.approved=0 ORDER BY users.username;');
|
||||
$stmt=$db->query('SELECT users.username, onions.onion FROM users INNER JOIN new_account ON (users.id=new_account.user_id) INNER JOIN onions ON (onions.user_id=users.id) WHERE new_account.approved=0 ORDER BY users.username;');
|
||||
while($tmp=$stmt->fetch(PDO::FETCH_NUM)){
|
||||
echo "<form action=\"$_SERVER[SCRIPT_NAME]\" method=\"POST\"><input type=\"hidden\" name=\"onion\" value=\"$tmp[1]\"><tr><td>$tmp[0]</td><td>$tmp[1].onion</td><td><input type=\"submit\" name=\"action\" value=\"approve\"><input type=\"submit\" name=\"action\" value=\"delete\"></td></tr></form>";
|
||||
}
|
||||
@ -81,11 +81,11 @@ if(empty($_SESSION['logged_in'])){
|
||||
echo '<input type="submit" name="action" value="delete"></form><br>';
|
||||
if(!empty($_POST['onion'])){
|
||||
if(preg_match('~^([a-z2-7]{16})(\.onion)?$~', $_POST['onion'], $match)){
|
||||
$stmt=$db->prepare('SELECT null FROM users WHERE onion=?;');
|
||||
$stmt=$db->prepare('SELECT user_id FROM onions WHERE onion=?;');
|
||||
$stmt->execute([$match[1]]);
|
||||
if($stmt->fetch(PDO::FETCH_NUM)){
|
||||
$stmt=$db->prepare('UPDATE users SET todelete=1 WHERE onion=?;');
|
||||
$stmt->execute([$match[1]]);
|
||||
if($user_id=$stmt->fetch(PDO::FETCH_NUM)){
|
||||
$stmt=$db->prepare('UPDATE users SET todelete=1 WHERE id=?;');
|
||||
$stmt->execute($user_id);
|
||||
echo "<p style=\"color:green;\">Successfully queued for deletion!</p>";
|
||||
}else{
|
||||
echo "<p style=\"color:red;\">Onion address not hosted by us!</p>";
|
||||
|
||||
@ -12,8 +12,8 @@ if($_SERVER['REQUEST_METHOD']==='POST'){
|
||||
if(!isset($_POST['pass']) || !password_verify($_POST['pass'], $user['password'])){
|
||||
$msg.='<p style="color:red;">Wrong password.</p>';
|
||||
}else{
|
||||
$stmt=$db->prepare('UPDATE users SET todelete=1 WHERE onion=?;');
|
||||
$stmt->execute([$user['onion']]);
|
||||
$stmt=$db->prepare('UPDATE users SET todelete=1 WHERE id=?;');
|
||||
$stmt->execute([$user['id']]);
|
||||
session_destroy();
|
||||
header('Location: login.php');
|
||||
exit;
|
||||
|
||||
@ -15,7 +15,7 @@ if(empty($_SESSION['ftp_pass'])){
|
||||
exit;
|
||||
}
|
||||
$ftp=ftp_connect('127.0.0.1') or die ('No Connection to FTP server!');
|
||||
if(@!ftp_login($ftp, "$user[onion].onion", $_SESSION['ftp_pass'])){
|
||||
if(@!ftp_login($ftp, $user[system_account], $_SESSION['ftp_pass'])){
|
||||
send_login();
|
||||
exit;
|
||||
}
|
||||
|
||||
@ -15,22 +15,34 @@ echo '<meta name="author" content="Daniel Winzen">';
|
||||
echo '<meta name="viewport" content="width=device-width, initial-scale=1">';
|
||||
echo '</head><body>';
|
||||
echo "<p>Logged in as $user[username] <a href=\"logout.php\">Logout</a> | <a href=\"password.php\">Change passwords</a> | <a target=\"_blank\" href=\"files.php\">FileManager</a> | <a href=\"delete.php\">Delete account</a></p>";
|
||||
echo "<p>Enter system account password to check your $user[onion].onion@" . ADDRESS . " mail:</td><td><form action=\"squirrelmail/src/redirect.php\" method=\"post\" target=\"_blank\"><input type=\"hidden\" name=\"login_username\" value=\"$user[onion].onion\"><input type=\"password\" name=\"secretkey\"><input type=\"submit\" value=\"Login to webmail\"></form></p>";
|
||||
echo '<h3>Domain</h3>';
|
||||
echo "<p>Enter system account password to check your $user[system_account]@" . ADDRESS . " mail:</td><td><form action=\"squirrelmail/src/redirect.php\" method=\"post\" target=\"_blank\"><input type=\"hidden\" name=\"login_username\" value=\"$user[system_account]\"><input type=\"password\" name=\"secretkey\"><input type=\"submit\" value=\"Login to webmail\"></form></p>";
|
||||
echo '<h3>Domains</h3>';
|
||||
echo '<table border="1">';
|
||||
echo '<tr><th>Onion</th><th>Private key</th></tr>';
|
||||
echo "<tr><td><a href=\"http://$user[onion].onion\" target=\"_blank\">$user[onion].onion</a></td><td>";
|
||||
if(isset($_REQUEST['show_priv'])){
|
||||
echo "<pre>$user[private_key]</pre>";
|
||||
}else{
|
||||
echo '<a href="home.php?show_priv=1">Show private key</a>';
|
||||
echo '<tr><th>Onion</th><th>Private key</th><th>Enabled</th><th>SMTP enabled</th><th>Nr. of intros</th></tr>';
|
||||
$stmt=$db->prepare('SELECT onion, private_key, enabled, enable_smtp, num_intros FROM onions WHERE user_id=?;');
|
||||
$stmt->execute([$user['id']]);
|
||||
while($onion=$stmt->fetch(PDO::FETCH_ASSOC)){
|
||||
echo "<tr><td><a href=\"http://$onion[onion].onion\" target=\"_blank\">$onion[onion].onion</a></td><td>";
|
||||
if(isset($_REQUEST['show_priv'])){
|
||||
echo "<pre>$onion[private_key]</pre>";
|
||||
}else{
|
||||
echo '<a href="home.php?show_priv=1">Show private key</a>';
|
||||
}
|
||||
echo '</td><td>';
|
||||
echo $onion['enabled'] ? 'Yes' : 'No';
|
||||
echo '</td><td>';
|
||||
echo $onion['enable_smtp'] ? 'Yes' : 'No';
|
||||
echo "</td><td>$onion[num_intros]</td></tr>";
|
||||
}
|
||||
echo '</td></tr>';
|
||||
echo '</table>';
|
||||
echo '<h3>MySQL Database</h3>';
|
||||
echo '<table border="1">';
|
||||
echo '<tr><th>Database</th><th>Host</th><th>User</th></tr>';
|
||||
echo "<tr><td>$user[onion]</td><td>localhost</td><td>$user[onion].onion</td></tr>";
|
||||
$stmt=$db->prepare('SELECT mysql_database FROM mysql_databases WHERE user_id=?;');
|
||||
$stmt->execute([$user['id']]);
|
||||
while($mysql=$stmt->fetch(PDO::FETCH_ASSOC)){
|
||||
echo "<tr><td>$mysql[mysql_database]</td><td>localhost</td><td>$user[mysql_user]</td></tr>";
|
||||
}
|
||||
echo '</table>';
|
||||
echo '<p><a href="password.php?type=sql">Change MySQL password</a></p>';
|
||||
echo '<p>You can use <a href="/phpmyadmin/" target="_blank">PHPMyAdmin</a> and <a href="/adminer/" target="_blank">Adminer</a> for web based database administration.</p>';
|
||||
@ -38,7 +50,7 @@ echo '<h3>System Account</h3>';
|
||||
echo '<table border="1">';
|
||||
echo '<tr><th>Username</th><th>Host</th><th>FTP Port</th><th>SFTP Port</th><th>POP3 Port</th><th>IMAP Port</th><th>SMTP port</th></tr>';
|
||||
foreach(SERVERS as $server=>$tmp){
|
||||
echo "<tr><td>$user[onion].onion</td><td>$server</td><td>$tmp[ftp]</td><td>$tmp[sftp]</td><td>$tmp[pop3]</td><td>$tmp[imap]</td><td>$tmp[smtp]</td></tr>";
|
||||
echo "<tr><td>$user[system_account]</td><td>$server</td><td>$tmp[ftp]</td><td>$tmp[sftp]</td><td>$tmp[pop3]</td><td>$tmp[imap]</td><td>$tmp[smtp]</td></tr>";
|
||||
}
|
||||
echo '</table>';
|
||||
echo '<p><a href="password.php?type=sys">Change system account password</a></p>';
|
||||
|
||||
@ -31,7 +31,7 @@ if(isset($_SERVER['HTTP_HOST']) && preg_match('/danwin1210\.(i2p|me)$/', $_SERVE
|
||||
<li>Web-based file management</li>
|
||||
<li>FTP access</li>
|
||||
<li>SFTP access</li>
|
||||
<li>No disk quota</li>
|
||||
<li>No disk quota, but please be fair about your disk usage</li>
|
||||
<li>mail() can send e-mails from your.onion@<?php echo ADDRESS; ?> (your.onion@hosting.danwin1210.me for clearnet)</li>
|
||||
<li>Webmail and IMAP, POP3 and SMTP access to your mail account</li>
|
||||
<li>Mail sent to anything@your.onion gets automatically redirected to your inbox</li>
|
||||
@ -53,5 +53,6 @@ if(isset($_SERVER['HTTP_HOST']) && preg_match('/danwin1210\.(i2p|me)$/', $_SERVE
|
||||
<li>No proxy scripts! (You are already using TOR and this will just burden the network)</li>
|
||||
<li>No IP logger or similar de-anonymizer sites!</li>
|
||||
<li>I preserve the right to delete any site for violating these rules and adding new rules at any time.</li>
|
||||
<li>Should you not honor these rules, I will (have to) work together with Law Enfocements!</li>
|
||||
</ul>
|
||||
</body></html>
|
||||
|
||||
@ -21,9 +21,9 @@ $hidden=$stmt->fetch(PDO::FETCH_NUM);
|
||||
echo "<p>Here a list of $count[0] public hosted sites ($hidden[0] sites hidden):</p>";
|
||||
echo '<table border="1">';
|
||||
echo '<tr><td>Onion link</td></tr>';
|
||||
$stmt=$db->query('SELECT username, onion FROM users WHERE public=1 ORDER BY onion;');
|
||||
$stmt=$db->query('SELECT onions.onion FROM users INNER JOIN onions ON (onions.user_id=users.id) WHERE users.public=1 ORDER BY onions.onion;');
|
||||
while($tmp=$stmt->fetch(PDO::FETCH_NUM)){
|
||||
echo "<tr><td><a href=\"http://$tmp[1].onion\" target=\"_blank\">$tmp[1].onion</a></td></tr>";
|
||||
echo "<tr><td><a href=\"http://$tmp[0].onion\" target=\"_blank\">$tmp[0].onion</a></td></tr>";
|
||||
}
|
||||
echo '</table>';
|
||||
echo '</body></html>';
|
||||
|
||||
@ -22,6 +22,6 @@ header("Content-disposition: filename=\"$type.log\"");
|
||||
header('Pragma: no-cache');
|
||||
header('Cache-Control: no-cache, no-store, must-revalidate, max-age=0');
|
||||
header('Expires: 0');
|
||||
if(file_exists("/var/log/nginx/{$type}_$user[onion].onion.log$old")){
|
||||
header("X-Accel-Redirect: /nginx/{$type}_$user[onion].onion.log$old");
|
||||
if(file_exists("/var/log/nginx/{$type}_$user[system_account].log$old")){
|
||||
header("X-Accel-Redirect: /nginx/{$type}_$user[system_account].log$old");
|
||||
}
|
||||
|
||||
@ -22,18 +22,18 @@ if($_SERVER['REQUEST_METHOD']==='POST'){
|
||||
$msg.='<p style="color:red;">Error: username may not be empty.</p>';
|
||||
$ok=false;
|
||||
}else{
|
||||
$stmt=$db->prepare('SELECT username, password, onion FROM users WHERE username=?;');
|
||||
$stmt=$db->prepare('SELECT username, password, id FROM users WHERE username=?;');
|
||||
$stmt->execute([$_POST['username']]);
|
||||
$tmp=[];
|
||||
if(($tmp=$stmt->fetch(PDO::FETCH_NUM))===false && preg_match('/^([2-7a-z]{16}).onion$/', $_POST['username'], $match)){
|
||||
$stmt=$db->prepare('SELECT username, password, onion FROM users WHERE onion=?;');
|
||||
$stmt=$db->prepare('SELECT users.username, users.password, users.id FROM users INNER JOIN onions ON (onions.user_id=users.id) WHERE onions.onion=?;');
|
||||
$stmt->execute([$match[1]]);
|
||||
$tmp=$stmt->fetch(PDO::FETCH_NUM);
|
||||
}
|
||||
if($tmp){
|
||||
$username=$tmp[0];
|
||||
$password=$tmp[1];
|
||||
$stmt=$db->prepare('SELECT new_account.approved FROM new_account INNER JOIN users ON (users.id=new_account.user_id) WHERE users.onion=?;');
|
||||
$stmt=$db->prepare('SELECT new_account.approved FROM new_account INNER JOIN users ON (users.id=new_account.user_id) WHERE users.id=?;');
|
||||
$stmt->execute([$tmp[2]]);
|
||||
if($tmp=$stmt->fetch(PDO::FETCH_NUM)){
|
||||
if(REQUIRE_APPROVAL && !$tmp[0]){
|
||||
|
||||
@ -19,8 +19,8 @@ if($_SERVER['REQUEST_METHOD']==='POST'){
|
||||
}else{
|
||||
if($_REQUEST['type']==='acc'){
|
||||
$hash=password_hash($_POST['newpass'], PASSWORD_DEFAULT);
|
||||
$stmt=$db->prepare('UPDATE users SET password=? WHERE username=?;');
|
||||
$stmt->execute([$hash, $user['username']]);
|
||||
$stmt=$db->prepare('UPDATE users SET password=? WHERE id=?;');
|
||||
$stmt->execute([$hash, $user['id']]);
|
||||
$msg.='<p style="color:green;">Successfully changed account password.</p>';
|
||||
}elseif($_REQUEST['type']==='sys'){
|
||||
$stmt=$db->prepare('INSERT INTO pass_change (user_id, password) VALUES (?, ?);');
|
||||
@ -28,7 +28,7 @@ if($_SERVER['REQUEST_METHOD']==='POST'){
|
||||
$stmt->execute([$user['id'], $hash]);
|
||||
$msg.='<p style="color:green;">Successfully changed system account password, change will take affect within the next minute.</p>';
|
||||
}elseif($_REQUEST['type']==='sql'){
|
||||
$stmt=$db->prepare("SET PASSWORD FOR '$user[onion].onion'@'%'=PASSWORD(?);");
|
||||
$stmt=$db->prepare("SET PASSWORD FOR '$user[mysql_user]'@'%'=PASSWORD(?);");
|
||||
$stmt->execute([$_POST['newpass']]);
|
||||
$db->exec('FLUSH PRIVILEGES;');
|
||||
$msg.='<p style="color:green;">Successfully changed sql password.</p>';
|
||||
|
||||
@ -54,7 +54,7 @@ if($_SERVER['REQUEST_METHOD']==='POST'){
|
||||
}
|
||||
}
|
||||
if($ok){
|
||||
$check=$db->prepare('SELECT null FROM users WHERE onion=?;');
|
||||
$check=$db->prepare('SELECT null FROM onions WHERE onion=?;');
|
||||
if(isset($_REQUEST['private_key']) && !empty(trim($_REQUEST['private_key']))){
|
||||
$priv_key=trim($_REQUEST['private_key']);
|
||||
if(($pkey=openssl_pkey_get_private($priv_key))!==false){
|
||||
@ -102,13 +102,15 @@ if($_SERVER['REQUEST_METHOD']==='POST'){
|
||||
echo '<p style="color:red;">To prevent abuse a site can only be registered every 60 seconds, but one has already been registered within the last 60 seconds. Please try again.</p>';
|
||||
$ok=false;
|
||||
}elseif($ok){
|
||||
$stmt=$db->prepare('INSERT INTO users (username, password, onion, private_key, dateadded, public, php, autoindex, mysql_user) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?);');
|
||||
$stmt->execute([$_POST['username'], $hash, $onion, $priv_key, time(), $public, $php, $autoindex, "$onion.onion"]);
|
||||
$stmt=$db->prepare('INSERT INTO users (username, system_account, password, dateadded, public, php, autoindex, mysql_user) VALUES (?, ?, ?, ?, ?, ?, ?, ?);');
|
||||
$stmt->execute([$_POST['username'], "$onion.onion", $hash, time(), $public, $php, $autoindex, "$onion.onion"]);
|
||||
$stmt=$db->prepare('SELECT id FROM users WHERE username=?;');
|
||||
$stmt->execute([$_POST['username']]);
|
||||
$user_id=$stmt->fetch(PDO::FETCH_NUM)[0];
|
||||
$stmt=$db->prepare('INSERT INTO mysql_databases (user_id, mysql_database) VALUES (?, ?);');
|
||||
$stmt->execute([$user_id, $onion]);
|
||||
$stmt=$db->prepare('INSERT INTO onions (user_id, onion, private_key, version) VALUES (?, ?, ?, ?);');
|
||||
$stmt->execute([$user_id, $onion, $priv_key, 2]);
|
||||
$create_user=$db->prepare("CREATE USER '$onion.onion'@'%' IDENTIFIED BY ?;");
|
||||
$create_user->execute([$_POST['pass']]);
|
||||
$db->exec("CREATE DATABASE IF NOT EXISTS `$onion`;");
|
||||
|
||||
Reference in New Issue
Block a user