From 5cd13e9269ea68ca4acbecb5808ce0856c9ec563 Mon Sep 17 00:00:00 2001
From: Daniel Winzen <d@winzen4.de>
Date: Thu, 6 Dec 2018 16:24:35 +0100
Subject: [PATCH] Introduced selection between v2, v3 and custom hidden service

---
 var/www/common.php        |  11 ++--
 var/www/html/register.php | 124 ++++++++++++++++++++------------------
 2 files changed, 73 insertions(+), 62 deletions(-)
diff --git a/var/www/common.php b/var/www/common.php
index b37d70f..3d8e9b9 100644
--- a/var/www/common.php
+++ b/var/www/common.php
@@ -321,7 +321,9 @@ function private_key_to_onion(string $priv_key) : array {
 	$message = '';
 	$onion = '';
 	$priv_key = trim($priv_key);
+	$version = 0;
 	if(($pkey = openssl_pkey_get_private($priv_key)) !== false){
+		$version = 2;
 		$details=openssl_pkey_get_details($pkey);
 		if($details['bits'] !== 1024){
 			$message = 'Error: private key not of bitsize 1024.';
@@ -330,19 +332,20 @@ function private_key_to_onion(string $priv_key) : array {
 			$onion = get_onion_v2($pkey);
 		}
 		openssl_pkey_free($pkey);
-		return ['ok' => $ok, 'message' => $message, 'onion' => $onion];
+		return ['ok' => $ok, 'message' => $message, 'onion' => $onion, 'version' => $version];
 	} elseif(($priv = base64_decode($priv_key, true)) !== false){
+		$version = 3;
 		if(strpos($priv, '== ed25519v1-secret: type0 ==' . hex2bin('000000')) !== 0 || strlen($priv) !== 96){
 			$message = 'Error: v3 secret key invalid.';
 			$ok = false;
 		} else {
 			$onion = get_onion_v3(substr($priv, 32));
 		}
-		return ['ok' => $ok, 'message' => $message, 'onion' => $onion];
+		return ['ok' => $ok, 'message' => $message, 'onion' => $onion, 'version' => $version];
 	}
 	$message = 'Error: private key invalid.';
 	$ok = false;
-	return ['ok' => $ok, 'message' => $message, 'onion' => $onion];
+	return ['ok' => $ok, 'message' => $message, 'onion' => $onion, 'version' => $version];
 }
 
 function generate_new_onion(int $version = 3) : array {
@@ -359,7 +362,7 @@ function generate_new_onion(int $version = 3) : array {
 		$priv_key = base64_encode('== ed25519v1-secret: type0 ==' . hex2bin('000000') . $sk);
 		$onion = get_onion_v3($sk);
 	}
-	return ['priv_key' => $priv_key, 'onion' => $onion];
+	return ['priv_key' => $priv_key, 'onion' => $onion, 'version' => $version];
 }
 
 function ed25519_seckey_expand(string $seed) : string {
diff --git a/var/www/html/register.php b/var/www/html/register.php
index a564af1..eae5e79 100644
--- a/var/www/html/register.php
+++ b/var/www/html/register.php
@@ -11,22 +11,35 @@ if(!empty($_SESSION['hosting_username'])){
 	header('Location: home.php');
 	exit;
 }
-echo '<!DOCTYPE html><html><head>';
-echo '<title>Daniel\'s Hosting - Register</title>';
-echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8">';
-echo '<meta name="author" content="Daniel Winzen">';
-echo '<meta name="viewport" content="width=device-width, initial-scale=1">';
-echo '</head><body>';
-echo '<h1>Hosting - Register</h1>';
-echo '<p><a href="index.php">Info</a> | Register | <a href="login.php">Login</a> | <a href="list.php">List of hosted sites</a> | <a href="faq.php">FAQ</a></p>';
+?>
+<!DOCTYPE html><html><head>
+<title>Daniel's Hosting - Register</title>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<meta name="author" content="Daniel Winzen">
+<meta name="viewport" content="width=device-width, initial-scale=1">
+<style type="text/css">#custom_onion:not(checked)+#private_key{display:none;}#custom_onion:checked+#private_key{display:block;}</style>
+</head><body>
+<h1>Hosting - Register</h1>
+<p><a href="index.php">Info</a> | Register | <a href="login.php">Login</a> | <a href="list.php">List of hosted sites</a> | <a href="faq.php">FAQ</a></p>
+<?php
 if($_SERVER['REQUEST_METHOD']==='POST'){
 	$ok=true;
 	$onion='';
-	$public=0;
+	$onion_version=3;
+	$public_list=0;
 	$php=0;
 	$autoindex=0;
 	$hash='';
 	$priv_key='';
+	if(isset($_POST['public']) && $_POST['public']==1){
+		$public_list=1;
+	}
+	if(isset($_POST['php']) && in_array($_POST['php'], PHP_VERSIONS)){
+		$php = $_POST['php'];
+	}
+	if(isset($_POST['autoindex']) && $_POST['autoindex']==1){
+		$autoindex=1;
+	}
 	if($error=check_captcha_error()){
 		echo "<p style=\"color:red;\">$error</p>";
 		$ok=false;
@@ -54,10 +67,11 @@ if($_SERVER['REQUEST_METHOD']==='POST'){
 		}
 	}
 	if($ok){
-		if(isset($_REQUEST['private_key']) && !empty(trim($_REQUEST['private_key']))){
+		if(isset($_REQUEST['onion_type']) && $_REQUEST['onion_type']==='custom' && isset($_REQUEST['private_key']) && !empty(trim($_REQUEST['private_key']))){
 			$priv_key = trim($_REQUEST['private_key']);
 			$data = private_key_to_onion($priv_key);
 			$onion = $data['onion'];
+			$onion_version = $data['version'];
 			if(!$data['ok']){
 				echo "<p style=\"color:red;\">$data[message]</p>";
 				$ok = false;
@@ -70,28 +84,18 @@ if($_SERVER['REQUEST_METHOD']==='POST'){
 				}
 			}
 		}else{
+			if(isset($_REQUEST['onion_type']) && in_array($_REQUEST['onion_type'], [2, 3])){
+				$onion_version = $_REQUEST['onion_type'];
+			}
 			$check=$db->prepare('SELECT null FROM onions WHERE onion=?;');
 			do{
-				$data = generate_new_onion(3);
+				$data = generate_new_onion($onion_version);
 				$priv_key = $data['priv_key'];
 				$onion = $data['onion'];
+				$onion_version = $data['version'];
 				$check->execute([$onion]);
 			}while($check->fetch(PDO::FETCH_NUM));
 		}
-		if(isset($_POST['public']) && $_POST['public']==1){
-			$public=1;
-		}
-		if(isset($_POST['php'])){
-			foreach(PHP_VERSIONS as $key=>$version){
-				if($_POST['php']===$version){
-					$php=$key;
-					break;
-				}
-			}
-		}
-		if(isset($_POST['autoindex']) && $_POST['autoindex']==1){
-			$autoindex=1;
-		}
 		$priv_key=trim(str_replace("\r", '', $priv_key));
 		$hash=password_hash($_POST['pass'], PASSWORD_DEFAULT);
 	}
@@ -102,12 +106,12 @@ if($_SERVER['REQUEST_METHOD']==='POST'){
 		$ok=false;
 	}elseif($ok){
 		$stmt=$db->prepare('INSERT INTO users (username, system_account, password, dateadded, public, php, autoindex, mysql_user) VALUES (?, ?, ?, ?, ?, ?, ?, ?);');
-		$stmt->execute([$_POST['username'], substr("$onion.onion", 0, 32), $hash, time(), $public, $php, $autoindex, substr("$onion.onion", 0, 32)]);
+		$stmt->execute([$_POST['username'], substr("$onion.onion", 0, 32), $hash, time(), $public_list, $php, $autoindex, substr("$onion.onion", 0, 32)]);
 		$user_id = $db->lastInsertId();
 		$stmt=$db->prepare('INSERT INTO mysql_databases (user_id, mysql_database) VALUES (?, ?);');
 		$stmt->execute([$user_id, substr($onion, 0, 32)]);
 		$stmt=$db->prepare('INSERT INTO onions (user_id, onion, private_key, version) VALUES (?, ?, ?, ?);');
-		$stmt->execute([$user_id, $onion, $priv_key, 3]);
+		$stmt->execute([$user_id, $onion, $priv_key, $onion_version]);
 		$create_user=$db->prepare("CREATE USER ?@'%' IDENTIFIED BY ?;");
 		$create_user->execute([substr("$onion.onion", 0, 32), $_POST['pass']]);
 		$db->exec("CREATE DATABASE IF NOT EXISTS `" . substr($onion, 0, 32) . "`;");
@@ -125,43 +129,47 @@ if($_SERVER['REQUEST_METHOD']==='POST'){
 		echo "<p style=\"color:green;\">Your onion domain <a href=\"http://$onion.onion\" target=\"_blank\">$onion.onion</a> has successfully been created. Please wait up to one minute until the changes have been processed. You can then login <a href=\"login.php\">here</a>.</p>";
 	}
 }
-echo '<form method="POST" action="register.php"><table>';
-echo '<tr><td>Username</td><td><input type="text" name="username" value="';
-if(isset($_POST['username'])){
-	echo htmlspecialchars($_POST['username']);
-}
-echo '" required autofocus></td></tr>';
-echo '<tr><td>Password</td><td><input type="password" name="pass" required></td></tr>';
-echo '<tr><td>Confirm password</td><td><input type="password" name="passconfirm" required></td></tr>';
+?>
+<form method="POST" action="register.php"><table>
+<tr><td>Username</td><td><input type="text" name="username" value="<?php
+echo isset($_POST['username']) ? htmlspecialchars($_POST['username']) : '';
+?>" required autofocus></td></tr>
+<tr><td>Password</td><td><input type="password" name="pass" required></td></tr>
+<tr><td>Confirm password</td><td><input type="password" name="passconfirm" required></td></tr>
+<?php
 send_captcha();
-if($_SERVER['REQUEST_METHOD']!=='POST' || (isset($_POST['public']) && $_POST['public']==1)){
-	$public=' checked';
+if($_SERVER['REQUEST_METHOD']!=='POST' || (isset($public_list) && $public_list==1)){
+	$public_list=' checked';
 }else{
-	$public='';
+	$public_list='';
 }
-if(isset($_POST['autoindex']) && $_POST['autoindex']==1){
+if(isset($autoindex) && $autoindex==1){
 	$autoindex=' checked';
 }else{
 	$autoindex='';
 }
-echo '<tr><td>PHP version</td><td><select name="php">
-<option value="0"';
-echo (isset($_POST['php']) && $_POST['php']==0) ? ' selected' : '';
-echo '>None</option>';
-foreach(PHP_VERSIONS as $version){
-	echo "<option value=\"$version\"";
-	echo (isset($_POST['php']) && $_POST['php']===$version || (!isset($_POST['php']) && $version===DEFAULT_PHP_VERSION)) ? ' selected' : '';
+?>
+<tr><td>PHP version</td><td><select name="php">
+<option value="0">None</option>
+<?php
+foreach(PHP_VERSIONS as $key => $version){
+	echo "<option value=\"$key\"";
+	echo ((isset($_POST['php']) && $_POST['php']==$key) || (!isset($_POST['php']) && $version===DEFAULT_PHP_VERSION)) ? ' selected' : '';
 	echo ">PHP $version</option>";
 }
-echo '</select></td></tr>';
-echo '<tr><td colspan=2><label><input type="checkbox" name="public" value="1"'.$public.'>Publish site on list of hosted sites</label></td></tr>';
-echo '<tr><td colspan=2><label><input type="checkbox" name="autoindex" value="1"'.$autoindex.'>Enable autoindex (listing of files)</label></td></tr>';
-echo '<tr><td>Custom private key<br>(optional)</td><td><textarea name="private_key" rows="5" cols="28">';
-if(isset($_REQUEST['private_key'])){
-	echo htmlspecialchars($_REQUEST['private_key']);
-}
-echo '</textarea></td></tr>';
-echo '<tr><td colspan="2"><label><input type="checkbox" name="accept_privacy" required>I have read and agreed to the <a href="/privacy.php" target="_blank">Privacy Policy</a></label><br></td></tr>';
-echo '<tr><td colspan="2"><input type="submit" value="Register"></td></tr>';
-echo '</table></form>';
-echo '</body></html>';
+?>
+</select></td></tr>
+<tr><td colspan=2><label><input type="checkbox" name="public" value="1"<?php echo $public_list; ?>>Publish site on list of hosted sites</label></td></tr>
+<tr><td colspan=2><label><input type="checkbox" name="autoindex" value="1"<?php echo $autoindex; ?>>Enable autoindex (listing of files)</label></td></tr>
+<tr><td colspan=2>Type of hidden service:<br>
+<label><input type="radio" name="onion_type" value="3"<?php echo (!isset($_POST['onion_type']) || isset($_POST['onion_type']) && $_POST['onion_type']==3) ? ' checked' : ''; ?>>Random v3 Address</label>
+<label><input type="radio" name="onion_type" value="2"<?php echo isset($_POST['onion_type']) && $_POST['onion_type']==2 ? ' checked' : ''; ?>>Random v2 Address</label>
+<label><input id="custom_onion" type="radio" name="onion_type" value="custom"<?php echo isset($_POST['onion_type']) && $_POST['onion_type']==='custom' ? ' checked' : ''; ?>>Custom private key
+<textarea id="private_key" name="private_key" rows="5" cols="28">
+<?php echo isset($_REQUEST['private_key']) ? htmlspecialchars($_REQUEST['private_key']) : ''; ?>
+</textarea>
+</label></td></tr>
+<tr><td colspan="2"><label><input type="checkbox" name="accept_privacy" required>I have read and agreed to the <a href="/privacy.php" target="_blank">Privacy Policy</a></label><br></td></tr>
+<tr><td colspan="2"><input type="submit" value="Register"></td></tr>
+</table></form>
+</body></html>

Username
Password
Confirm password
PHP version
PHP version
Publish site on list of hosted sites
Enable autoindex (listing of files)
Custom private key (optional)	'; -if(isset($_REQUEST['private_key'])){ - echo htmlspecialchars($_REQUEST['private_key']); -} -echo '
I have read and agreed to the Privacy Policy