danwin1210/hosting
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Introduced selection between v2, v3 and custom hidden service

Browse Source
This commit is contained in:
Daniel Winzen
2018-12-06 16:24:35 +01:00
parent 305c8bc0c3
commit 5cd13e9269
2 changed files with 73 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
var/www/common.php
View File

@ -321,7 +321,9 @@ function private_key_to_onion(string $priv_key) : array {
$message = ''; $message = '';
$onion = ''; $onion = '';
$priv_key = trim($priv_key); $priv_key = trim($priv_key);
$version = 0;
if(($pkey = openssl_pkey_get_private($priv_key)) !== false){ if(($pkey = openssl_pkey_get_private($priv_key)) !== false){
$version = 2;
$details=openssl_pkey_get_details($pkey); $details=openssl_pkey_get_details($pkey);
if($details['bits'] !== 1024){ if($details['bits'] !== 1024){
$message = 'Error: private key not of bitsize 1024.'; $message = 'Error: private key not of bitsize 1024.';
@ -330,19 +332,20 @@ function private_key_to_onion(string $priv_key) : array {
$onion = get_onion_v2($pkey); $onion = get_onion_v2($pkey);
} }
openssl_pkey_free($pkey); openssl_pkey_free($pkey);
return ['ok' => $ok, 'message' => $message, 'onion' => $onion]; return ['ok' => $ok, 'message' => $message, 'onion' => $onion, 'version' => $version];
} elseif(($priv = base64_decode($priv_key, true)) !== false){ } elseif(($priv = base64_decode($priv_key, true)) !== false){
$version = 3;
if(strpos($priv, '== ed25519v1-secret: type0 ==' . hex2bin('000000')) !== 0 || strlen($priv) !== 96){ if(strpos($priv, '== ed25519v1-secret: type0 ==' . hex2bin('000000')) !== 0 || strlen($priv) !== 96){
$message = 'Error: v3 secret key invalid.'; $message = 'Error: v3 secret key invalid.';
$ok = false; $ok = false;
} else { } else {
$onion = get_onion_v3(substr($priv, 32)); $onion = get_onion_v3(substr($priv, 32));
} }
return ['ok' => $ok, 'message' => $message, 'onion' => $onion]; return ['ok' => $ok, 'message' => $message, 'onion' => $onion, 'version' => $version];
} }
$message = 'Error: private key invalid.'; $message = 'Error: private key invalid.';
$ok = false; $ok = false;
return ['ok' => $ok, 'message' => $message, 'onion' => $onion]; return ['ok' => $ok, 'message' => $message, 'onion' => $onion, 'version' => $version];
} }
function generate_new_onion(int $version = 3) : array { function generate_new_onion(int $version = 3) : array {
@ -359,7 +362,7 @@ function generate_new_onion(int $version = 3) : array {
$priv_key = base64_encode('== ed25519v1-secret: type0 ==' . hex2bin('000000') . $sk); $priv_key = base64_encode('== ed25519v1-secret: type0 ==' . hex2bin('000000') . $sk);
$onion = get_onion_v3($sk); $onion = get_onion_v3($sk);
} }
return ['priv_key' => $priv_key, 'onion' => $onion]; return ['priv_key' => $priv_key, 'onion' => $onion, 'version' => $version];
} }
function ed25519_seckey_expand(string $seed) : string { function ed25519_seckey_expand(string $seed) : string {

124
var/www/html/register.php
View File

@ -11,22 +11,35 @@ if(!empty($_SESSION['hosting_username'])){
header('Location: home.php'); header('Location: home.php');
exit; exit;
} }
echo '<!DOCTYPE html><html><head>'; ?>
echo '<title>Daniel\'s Hosting - Register</title>'; <!DOCTYPE html><html><head>
echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8">'; <title>Daniel's Hosting - Register</title>
echo '<meta name="author" content="Daniel Winzen">'; <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
echo '<meta name="viewport" content="width=device-width, initial-scale=1">'; <meta name="author" content="Daniel Winzen">
echo '</head><body>'; <meta name="viewport" content="width=device-width, initial-scale=1">
echo '<h1>Hosting - Register</h1>'; <style type="text/css">#custom_onion:not(checked)+#private_key{display:none;}#custom_onion:checked+#private_key{display:block;}</style>
echo '<p><a href="index.php">Info</a> | Register | <a href="login.php">Login</a> | <a href="list.php">List of hosted sites</a> | <a href="faq.php">FAQ</a></p>'; </head><body>
<h1>Hosting - Register</h1>
<p><a href="index.php">Info</a> | Register | <a href="login.php">Login</a> | <a href="list.php">List of hosted sites</a> | <a href="faq.php">FAQ</a></p>
<?php
if($_SERVER['REQUEST_METHOD']==='POST'){ if($_SERVER['REQUEST_METHOD']==='POST'){
$ok=true; $ok=true;
$onion=''; $onion='';
$public=0; $onion_version=3;
$public_list=0;
$php=0; $php=0;
$autoindex=0; $autoindex=0;
$hash=''; $hash='';
$priv_key=''; $priv_key='';
if(isset($_POST['public']) && $_POST['public']==1){
$public_list=1;
}
if(isset($_POST['php']) && in_array($_POST['php'], PHP_VERSIONS)){
$php = $_POST['php'];
}
if(isset($_POST['autoindex']) && $_POST['autoindex']==1){
$autoindex=1;
}
if($error=check_captcha_error()){ if($error=check_captcha_error()){
echo "<p style=\"color:red;\">$error</p>"; echo "<p style=\"color:red;\">$error</p>";
$ok=false; $ok=false;
@ -54,10 +67,11 @@ if($_SERVER['REQUEST_METHOD']==='POST'){
} }
} }
if($ok){ if($ok){
if(isset($_REQUEST['private_key']) && !empty(trim($_REQUEST['private_key']))){ if(isset($_REQUEST['onion_type']) && $_REQUEST['onion_type']==='custom' && isset($_REQUEST['private_key']) && !empty(trim($_REQUEST['private_key']))){
$priv_key = trim($_REQUEST['private_key']); $priv_key = trim($_REQUEST['private_key']);
$data = private_key_to_onion($priv_key); $data = private_key_to_onion($priv_key);
$onion = $data['onion']; $onion = $data['onion'];
$onion_version = $data['version'];
if(!$data['ok']){ if(!$data['ok']){
echo "<p style=\"color:red;\">$data[message]</p>"; echo "<p style=\"color:red;\">$data[message]</p>";
$ok = false; $ok = false;
@ -70,28 +84,18 @@ if($_SERVER['REQUEST_METHOD']==='POST'){
} }
} }
}else{ }else{
if(isset($_REQUEST['onion_type']) && in_array($_REQUEST['onion_type'], [2, 3])){
$onion_version = $_REQUEST['onion_type'];
}
$check=$db->prepare('SELECT null FROM onions WHERE onion=?;'); $check=$db->prepare('SELECT null FROM onions WHERE onion=?;');
do{ do{
$data = generate_new_onion(3); $data = generate_new_onion($onion_version);
$priv_key = $data['priv_key']; $priv_key = $data['priv_key'];
$onion = $data['onion']; $onion = $data['onion'];
$onion_version = $data['version'];
$check->execute([$onion]); $check->execute([$onion]);
}while($check->fetch(PDO::FETCH_NUM)); }while($check->fetch(PDO::FETCH_NUM));
} }
if(isset($_POST['public']) && $_POST['public']==1){
$public=1;
}
if(isset($_POST['php'])){
foreach(PHP_VERSIONS as $key=>$version){
if($_POST['php']===$version){
$php=$key;
break;
}
}
}
if(isset($_POST['autoindex']) && $_POST['autoindex']==1){
$autoindex=1;
}
$priv_key=trim(str_replace("\r", '', $priv_key)); $priv_key=trim(str_replace("\r", '', $priv_key));
$hash=password_hash($_POST['pass'], PASSWORD_DEFAULT); $hash=password_hash($_POST['pass'], PASSWORD_DEFAULT);
} }
@ -102,12 +106,12 @@ if($_SERVER['REQUEST_METHOD']==='POST'){
$ok=false; $ok=false;
}elseif($ok){ }elseif($ok){
$stmt=$db->prepare('INSERT INTO users (username, system_account, password, dateadded, public, php, autoindex, mysql_user) VALUES (?, ?, ?, ?, ?, ?, ?, ?);'); $stmt=$db->prepare('INSERT INTO users (username, system_account, password, dateadded, public, php, autoindex, mysql_user) VALUES (?, ?, ?, ?, ?, ?, ?, ?);');
$stmt->execute([$_POST['username'], substr("$onion.onion", 0, 32), $hash, time(), $public, $php, $autoindex, substr("$onion.onion", 0, 32)]); $stmt->execute([$_POST['username'], substr("$onion.onion", 0, 32), $hash, time(), $public_list, $php, $autoindex, substr("$onion.onion", 0, 32)]);
$user_id = $db->lastInsertId(); $user_id = $db->lastInsertId();
$stmt=$db->prepare('INSERT INTO mysql_databases (user_id, mysql_database) VALUES (?, ?);'); $stmt=$db->prepare('INSERT INTO mysql_databases (user_id, mysql_database) VALUES (?, ?);');
$stmt->execute([$user_id, substr($onion, 0, 32)]); $stmt->execute([$user_id, substr($onion, 0, 32)]);
$stmt=$db->prepare('INSERT INTO onions (user_id, onion, private_key, version) VALUES (?, ?, ?, ?);'); $stmt=$db->prepare('INSERT INTO onions (user_id, onion, private_key, version) VALUES (?, ?, ?, ?);');
$stmt->execute([$user_id, $onion, $priv_key, 3]); $stmt->execute([$user_id, $onion, $priv_key, $onion_version]);
$create_user=$db->prepare("CREATE USER ?@'%' IDENTIFIED BY ?;"); $create_user=$db->prepare("CREATE USER ?@'%' IDENTIFIED BY ?;");
$create_user->execute([substr("$onion.onion", 0, 32), $_POST['pass']]); $create_user->execute([substr("$onion.onion", 0, 32), $_POST['pass']]);
$db->exec("CREATE DATABASE IF NOT EXISTS `" . substr($onion, 0, 32) . "`;"); $db->exec("CREATE DATABASE IF NOT EXISTS `" . substr($onion, 0, 32) . "`;");
@ -125,43 +129,47 @@ if($_SERVER['REQUEST_METHOD']==='POST'){
echo "<p style=\"color:green;\">Your onion domain <a href=\"http://$onion.onion\" target=\"_blank\">$onion.onion</a> has successfully been created. Please wait up to one minute until the changes have been processed. You can then login <a href=\"login.php\">here</a>.</p>"; echo "<p style=\"color:green;\">Your onion domain <a href=\"http://$onion.onion\" target=\"_blank\">$onion.onion</a> has successfully been created. Please wait up to one minute until the changes have been processed. You can then login <a href=\"login.php\">here</a>.</p>";
} }
} }
echo '<form method="POST" action="register.php"><table>'; ?>
echo '<tr><td>Username</td><td><input type="text" name="username" value="'; <form method="POST" action="register.php"><table>
if(isset($_POST['username'])){ <tr><td>Username</td><td><input type="text" name="username" value="<?php
echo htmlspecialchars($_POST['username']); echo isset($_POST['username']) ? htmlspecialchars($_POST['username']) : '';
} ?>" required autofocus></td></tr>
echo '" required autofocus></td></tr>'; <tr><td>Password</td><td><input type="password" name="pass" required></td></tr>
echo '<tr><td>Password</td><td><input type="password" name="pass" required></td></tr>'; <tr><td>Confirm password</td><td><input type="password" name="passconfirm" required></td></tr>
echo '<tr><td>Confirm password</td><td><input type="password" name="passconfirm" required></td></tr>'; <?php
send_captcha(); send_captcha();
if($_SERVER['REQUEST_METHOD']!=='POST' || (isset($_POST['public']) && $_POST['public']==1)){ if($_SERVER['REQUEST_METHOD']!=='POST' || (isset($public_list) && $public_list==1)){
$public=' checked'; $public_list=' checked';
}else{ }else{
$public=''; $public_list='';
} }
if(isset($_POST['autoindex']) && $_POST['autoindex']==1){ if(isset($autoindex) && $autoindex==1){
$autoindex=' checked'; $autoindex=' checked';
}else{ }else{
$autoindex=''; $autoindex='';
} }
echo '<tr><td>PHP version</td><td><select name="php"> ?>
<option value="0"'; <tr><td>PHP version</td><td><select name="php">
echo (isset($_POST['php']) && $_POST['php']==0) ? ' selected' : ''; <option value="0">None</option>
echo '>None</option>'; <?php
foreach(PHP_VERSIONS as $version){ foreach(PHP_VERSIONS as $key => $version){
echo "<option value=\"$version\""; echo "<option value=\"$key\"";
echo (isset($_POST['php']) && $_POST['php']===$version || (!isset($_POST['php']) && $version===DEFAULT_PHP_VERSION)) ? ' selected' : ''; echo ((isset($_POST['php']) && $_POST['php']==$key) || (!isset($_POST['php']) && $version===DEFAULT_PHP_VERSION)) ? ' selected' : '';
echo ">PHP $version</option>"; echo ">PHP $version</option>";
} }
echo '</select></td></tr>'; ?>
echo '<tr><td colspan=2><label><input type="checkbox" name="public" value="1"'.$public.'>Publish site on list of hosted sites</label></td></tr>'; </select></td></tr>
echo '<tr><td colspan=2><label><input type="checkbox" name="autoindex" value="1"'.$autoindex.'>Enable autoindex (listing of files)</label></td></tr>'; <tr><td colspan=2><label><input type="checkbox" name="public" value="1"<?php echo $public_list; ?>>Publish site on list of hosted sites</label></td></tr>
echo '<tr><td>Custom private key<br>(optional)</td><td><textarea name="private_key" rows="5" cols="28">'; <tr><td colspan=2><label><input type="checkbox" name="autoindex" value="1"<?php echo $autoindex; ?>>Enable autoindex (listing of files)</label></td></tr>
if(isset($_REQUEST['private_key'])){ <tr><td colspan=2>Type of hidden service:<br>
echo htmlspecialchars($_REQUEST['private_key']); <label><input type="radio" name="onion_type" value="3"<?php echo (!isset($_POST['onion_type']) || isset($_POST['onion_type']) && $_POST['onion_type']==3) ? ' checked' : ''; ?>>Random v3 Address</label>
} <label><input type="radio" name="onion_type" value="2"<?php echo isset($_POST['onion_type']) && $_POST['onion_type']==2 ? ' checked' : ''; ?>>Random v2 Address</label>
echo '</textarea></td></tr>'; <label><input id="custom_onion" type="radio" name="onion_type" value="custom"<?php echo isset($_POST['onion_type']) && $_POST['onion_type']==='custom' ? ' checked' : ''; ?>>Custom private key
echo '<tr><td colspan="2"><label><input type="checkbox" name="accept_privacy" required>I have read and agreed to the <a href="/privacy.php" target="_blank">Privacy Policy</a></label><br></td></tr>'; <textarea id="private_key" name="private_key" rows="5" cols="28">
echo '<tr><td colspan="2"><input type="submit" value="Register"></td></tr>'; <?php echo isset($_REQUEST['private_key']) ? htmlspecialchars($_REQUEST['private_key']) : ''; ?>
echo '</table></form>'; </textarea>
echo '</body></html>'; </label></td></tr>
<tr><td colspan="2"><label><input type="checkbox" name="accept_privacy" required>I have read and agreed to the <a href="/privacy.php" target="_blank">Privacy Policy</a></label><br></td></tr>
<tr><td colspan="2"><input type="submit" value="Register"></td></tr>
</table></form>
</body></html>