Added admin panel + optional manual approval for new sites
This commit is contained in:
Daniel Winzen
99
var/www/html/admin.php
Normal file
99
var/www/html/admin.php
Normal file
@ -0,0 +1,99 @@
|
||||
<?php
|
||||
include('../common.php');
|
||||
try{
|
||||
$db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME, DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]);
|
||||
}catch(PDOException $e){
|
||||
die('No Connection to MySQL database!');
|
||||
}
|
||||
header('Content-Type: text/html; charset=UTF-8');
|
||||
session_start(['name'=>'hosting_admin']);
|
||||
if($_SERVER['REQUEST_METHOD']==='HEAD'){
|
||||
exit; // headers sent, no further processing needed
|
||||
}
|
||||
echo '<!DOCTYPE html><html><head>';
|
||||
echo '<title>Daniel\'s Hosting - Login</title>';
|
||||
echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8">';
|
||||
echo '<meta name="author" content="Daniel Winzen">';
|
||||
echo '<meta name="viewport" content="width=device-width, initial-scale=1">';
|
||||
echo '</head><body>';
|
||||
echo '<h1>Hosting - Admin panel</h1>';
|
||||
$error=false;
|
||||
if($_SERVER['REQUEST_METHOD']==='POST' && isSet($_POST['pass']) && $_POST['pass']===ADMIN_PASSWORD){
|
||||
if(!($error=check_captcha_error())){
|
||||
$_SESSION['logged_in']=true;
|
||||
}
|
||||
}
|
||||
if(empty($_SESSION['logged_in'])){
|
||||
echo "<form action=\"$_SERVER[SCRIPT_NAME]\" method=\"POST\"><table>";
|
||||
echo "<tr><td>Password </td><td><input type=\"password\" name=\"pass\" size=\"30\" required autofocus></td></tr>";
|
||||
send_captcha();
|
||||
echo "<tr><td colspan=\"2\"><input type=\"submit\" name=\"action\" value=\"Login\"></td></tr>";
|
||||
echo '</table></form>';
|
||||
if($error){
|
||||
echo "<p style=\"color:red;\">$error</p>";
|
||||
}elseif(isSet($_POST['pass'])){
|
||||
echo "<p style=\"color:red;\">Wrong password!</p>";
|
||||
}
|
||||
echo '<p>If you disabled cookies, please re-enable them. You can\'t log in without!</p>';
|
||||
}else{
|
||||
echo '<p>';
|
||||
if(REQUIRE_APPROVAL){
|
||||
$db->query('SELECT COUNT(*) FROM new_account WHERE approved=0;');
|
||||
$cnt=$db->fetch(PDO::FETCH_NUM)[0];
|
||||
echo "<a href=\"$_SERVER[SCRIPT_NAME]?action=approve\">Approve pending sites ($cnt)</a> | ";
|
||||
}
|
||||
echo "<a href=\"$_SERVER[SCRIPT_NAME]?action=list\">List of hidden hosted sites</a> | <a href=\"$_SERVER[SCRIPT_NAME]?action=delete\">Delete accounts</a> | <a href=\"$_SERVER[SCRIPT_NAME]?action=logout\">Logout</a></p>";
|
||||
if(empty($_REQUEST['action'])){
|
||||
echo '<p>Welcome to the admin panel!</p>';
|
||||
}elseif($_REQUEST['action']==='logout'){
|
||||
session_destroy();
|
||||
header("Location: $_SERVER[SCRIPT_NAME]");
|
||||
exit;
|
||||
}elseif($_REQUEST['action']==='list'){
|
||||
echo '<table border="1">';
|
||||
echo '<tr><td>Onion link</td></tr>';
|
||||
$stmt=$db->query('SELECT onion FROM users WHERE public=0 ORDER BY onion;');
|
||||
while($tmp=$stmt->fetch(PDO::FETCH_NUM)){
|
||||
echo "<tr><td><a href=\"http://$tmp[0].onion\" target=\"_blank\">$tmp[0].onion</a></td></tr>";
|
||||
}
|
||||
echo '</table>';
|
||||
}elseif($_REQUEST['action']==='approve'){
|
||||
if(!empty($_POST['onion'])){
|
||||
$stmt=$db->prepare('UPDATE new_account SET approved=1 WHERE onion=?;');
|
||||
$stmt->execute([$_POST['onion']]);
|
||||
echo '<p style="color:green;">Successfully approved</p>';
|
||||
}
|
||||
echo '<table border="1">';
|
||||
echo '<tr><td>Username</td><td>Onion address</td><td>Action</td></tr>';
|
||||
$stmt=$db->query('SELECT username, onion FROM users INNER JOIN new_account ON (user.onion=new_account.onion) WHERE new_account.approved=0 ORDER BY users.username;');
|
||||
while($tmp=$stmt->fetch(PDO::FETCH_NUM)){
|
||||
echo "<form action=\"$_SERVER[SCRIPT_NAME]\" method=\"POST\"><input type=\"hidden\" name=\"onion\" value=\"$tmp[1]\"><tr><td>$tmp[0]</td><td>$tmp[1].onion</td><td><input type=\"submit\" name=\"action\" value=\"approve\"><input type=\"submit\" name=\"action\" value=\"delete\"></td></tr></form>";
|
||||
}
|
||||
echo '</table>';
|
||||
}elseif($_REQUEST['action']==='delete'){
|
||||
echo '<p>Delete accouts:</p>';
|
||||
echo "<form action=\"$_SERVER[SCRIPT_NAME]\" method=\"POST\">";
|
||||
echo '<p>Onion address: <input type="text" name="onion" size="30" value="';
|
||||
if(isSet($_POST['onion'])){
|
||||
echo htmlspecialchars($_POST['onion']);
|
||||
}
|
||||
echo '" required autofocus></p>';
|
||||
echo '<input type="submit" name="action" value="delete"></form><br>';
|
||||
if(!empty($_POST['onion'])){
|
||||
if(preg_match('~^([a-z2-7]{16})(\.onion)?$~', $_POST['onion'], $match)){
|
||||
$stmt=$db->prepare('SELECT null FROM users WHERE onion=?;');
|
||||
$stmt->execute([$match[1]]);
|
||||
if($stmt->fetch(PDO::FETCH_NUM)){
|
||||
$stmt=$db->prepare('UPDATE users SET todelete=1 WHERE onion=?;');
|
||||
$stmt->execute([$match[1]]);
|
||||
echo "<p style=\"color:green;\">Successfully queued for deletion!</p>";
|
||||
}else{
|
||||
echo "<p style=\"color:red;\">Onion address not hosted by us!</p>";
|
||||
}
|
||||
}else{
|
||||
echo "<p style=\"color:red;\">Invalid onion address!</p>";
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
echo '</body></html>';
|
||||
@ -12,7 +12,7 @@ if($_SERVER['REQUEST_METHOD']==='POST'){
|
||||
if(!isset($_POST['pass']) || !password_verify($_POST['pass'], $user['password'])){
|
||||
$msg.='<p style="color:red;">Wrong password.</p>';
|
||||
}else{
|
||||
$stmt=$db->prepare('INSERT INTO del_account (onion) VALUES (?);');
|
||||
$stmt=$db->prepare('UPDATE users SET todelete=1 WHERE onion=?;');
|
||||
$stmt->execute([$user['onion']]);
|
||||
session_destroy();
|
||||
header('Location: login.php');
|
||||
|
||||
@ -1,22 +1,33 @@
|
||||
<?php
|
||||
include('../common.php');
|
||||
header('Content-Type: text/html; charset=UTF-8');
|
||||
if(isset($_SERVER['HTTP_HOST']) && preg_match('/danwin1210\.(i2p|me)$/', $_SERVER['HTTP_HOST'])){
|
||||
if(preg_match('/\.me$/', $_SERVER['HTTP_HOST'])){
|
||||
$host='https://danwin1210.me';
|
||||
}else{
|
||||
$host='http://danwin1210.i2p';
|
||||
}
|
||||
}else{
|
||||
$host='http://tt3j2x4k5ycaa5zt.onion';
|
||||
}
|
||||
?>
|
||||
<!DOCTYPE html><html><head>
|
||||
<title>Daniel's Hosting - FAQ</title>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
||||
<meta name=viewport content="width=device-width, initial-scale=1">
|
||||
<meta name="author" content="Daniel Winzen">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
</head><body>
|
||||
<h1>Hosting - Info</h1>
|
||||
<p><a href="index.php">Info</a> | <a href="register.php">Register</a> | <a href="login.php">Login</a> | <a href="list.php">List of hosted sites</a> | FAQ</p>
|
||||
<table border="1">
|
||||
<tr><th>Question</th><th>Answer</th></tr>
|
||||
<tr><td>Your rules are so strict. Can't you make an exception for my site?</td><td>No, I will not make exceptions for any site and neither am I curruptibly by offering me money. Once I start making an exception for your site, I would have to for every other site as well which is the same as if the rules didn't exist.</td></tr>
|
||||
<tr><td>I have an .htaccess file, but it doesn't work. How can I fix it?</td><td>.htaccess files are meant for Apache2 webservers. My server is based on NginX, which is much faster due to using static configuration files and not reading files like .htaccess at runtime. You can <a href="http://tt3j2x4k5ycaa5zt.onion/contact.php">contact me</a> and tell me your sites address where the .htaccess file is. I will then check your .htaccess and convert the rules to NginX rules and apply those.</td></tr>
|
||||
<tr><td>I just uploaded my page, but it's broken. HELP</td><td>Most likely your site makes use of rewriting rules, which are typically located in an .htaccess file or are mentioned in a readme file. Just <a href="http://tt3j2x4k5ycaa5zt.onion/contact.php">contact me</a> in this case. Also see previous question.</td></tr>
|
||||
<tr><td>I have an .htaccess file, but it doesn't work. How can I fix it?</td><td>.htaccess files are meant for Apache2 webservers. My server is based on NginX, which is much faster due to using static configuration files and not reading files like .htaccess at runtime. You can <a href="<?php echo "$host/contact.php"; ?>">contact me</a> and tell me your sites address where the .htaccess file is. I will then check your .htaccess and convert the rules to NginX rules and apply those.</td></tr>
|
||||
<tr><td>I just uploaded my page, but it's broken. HELP</td><td>Most likely your site makes use of rewriting rules, which are typically located in an .htaccess file or are mentioned in a readme file. Just <a href="<?php echo "$host/contact.php"; ?>">contact me</a> in this case. Also see previous question.</td></tr>
|
||||
<tr><td>Can I host a porn site?</td><td>Yes as long as your content is legal you may upload adult content.</td></tr>
|
||||
<tr><td>What is the directory structure for when I connect via (s)ftp?</td><td>There are several directories you on the server for your account:<br><b>Maildir</b> - used to store your mails in (don't touch it)<br><b>data</b> - You can store application data here that should not be accessible via your site. E.g. configuration or database files.<br><b>tmp</b> - anything saved here will automatically be deleted after about 24 hours<br><b>www</b> - this is where you upload your website which becomes then available under your domain.</td></tr>
|
||||
<tr><td>My application is very ressource intensive or I want to host a different service e.g. my own tor relay. Can you get me a VPS?</td><td>Yes, if you have special requirements, want a dedicated VPS for your application or just want to anonymously support the TOR network (or other networks) without having to deal with server setup etc. I can offer you a managed VPS hosting. However this will not be for free. It depends on which server you want me to get. For details, <a href="http://tt3j2x4k5ycaa5zt.onion/contact.php">contact me</a></td></tr>
|
||||
<tr><td>I want to also publish my site on clearnet. Can you offer a clearnet relay?</td><td>Yes, I can offer you a subdomain on my server, e.g. yoursite.danwin1210.me or if you have your own domain use that. Just <a href="http://tt3j2x4k5ycaa5zt.onion/contact.php">contact me</a> for setting up a clearnet gateway for your site.</td></tr>
|
||||
<tr><td>Can you make my website also available via I2P?</td><td>Sure I can. Just <a href="http://tt3j2x4k5ycaa5zt.onion/contact.php">contact me</a> to set it up for you.</td></tr>
|
||||
<tr><td>What is the directory structure for when I connect via (s)ftp?</td><td>There are several directories you on the server for your account:<br><b>Maildir</b> - used to store your mails in (don't touch it)<br><b>data</b> - You can store application data here that should not be accessible via your site. E.g. configuration or database files.<br><b>tmp</b> - anything saved here will automatically be deleted after about 24 hours<br><b>www</b> - this is where you upload your website which becomes then available under your domain.<br><b>logs</b> - you will find webserver logs here<br><b>.ssh</b> - by uploading your ssh public key as authorzed_keys in this folder, you can authenticate to sftp using your ssh key, without a password</td></tr>
|
||||
<tr><td>My application is very ressource intensive or I want to host a different service e.g. my own tor relay. Can you get me a VPS?</td><td>Yes, if you have special requirements, want a dedicated VPS for your application or just want to anonymously support the TOR network (or other networks) without having to deal with server setup etc. I can offer you a managed VPS hosting. However this will not be for free. It depends on which server you want me to get. For details, <a href="<?php echo "$host/contact.php"; ?>">contact me</a></td></tr>
|
||||
<tr><td>I want to also publish my site on clearnet. Can you offer a clearnet relay?</td><td>Yes, I can offer you a subdomain on my server, e.g. yoursite.danwin1210.me or if you have your own domain use that. Just <a href="<?php echo "$host/contact.php"; ?>">contact me</a> for setting up a clearnet gateway for your site.</td></tr>
|
||||
<tr><td>Can you make my website also available via I2P?</td><td>Sure I can. Just <a href="<?php echo "$host/contact.php"; ?>">contact me</a> to set it up for you.</td></tr>
|
||||
</table>
|
||||
</body></html>
|
||||
|
||||
@ -173,10 +173,16 @@ if(!empty($_POST['unzip']) && !empty($_POST['files'])){
|
||||
continue;
|
||||
}
|
||||
$tmpfile='/tmp/'.uniqid().'.zip';
|
||||
ftp_get($ftp, $tmpfile, $file, FTP_BINARY);
|
||||
if(!ftp_get($ftp, $tmpfile, $file, FTP_BINARY)){
|
||||
continue;
|
||||
}
|
||||
//prevent zip-bombs
|
||||
$size=0;
|
||||
$resource=zip_open($tmpfile);
|
||||
if(!is_resource($resource)){
|
||||
unlink($tmpfile);
|
||||
continue;
|
||||
}
|
||||
while($dir_resource=zip_read($resource)) {
|
||||
$size+=zip_entry_filesize($dir_resource);
|
||||
}
|
||||
@ -198,8 +204,10 @@ if(!empty($_POST['unzip']) && !empty($_POST['files'])){
|
||||
if(!empty($_FILES['files'])){
|
||||
$c=count($_FILES['files']['name']);
|
||||
for($i=0; $i<$c; ++$i){
|
||||
ftp_put($ftp, $dir.$_FILES['files']['name'][$i], $_FILES['files']['tmp_name'][$i], FTP_BINARY);
|
||||
unlink($_FILES['files']['tmp_name'][$i]);
|
||||
if($_FILES['files']['error'][$i]===UPLOAD_ERR_OK){
|
||||
ftp_put($ftp, $dir.$_FILES['files']['name'][$i], $_FILES['files']['tmp_name'][$i], FTP_BINARY);
|
||||
unlink($_FILES['files']['tmp_name'][$i]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -11,15 +11,11 @@ header('Content-Type: text/html; charset=UTF-8');
|
||||
echo '<!DOCTYPE html><html><head>';
|
||||
echo '<title>Daniel\'s Hosting - Dashboard</title>';
|
||||
echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8">';
|
||||
echo '<meta name=viewport content="width=device-width, initial-scale=1">';
|
||||
echo '<meta name="author" content="Daniel Winzen">';
|
||||
echo '<meta name="viewport" content="width=device-width, initial-scale=1">';
|
||||
echo '</head><body>';
|
||||
echo "<p>Logged in as $user[username] <a href=\"logout.php\">Logout</a> | <a href=\"password.php\">Change passwords</a> | <a target=\"_blank\" href=\"files.php\">FileManager</a> | <a href=\"delete.php\">Delete account</a>
|
||||
</p>";
|
||||
$mail=0;
|
||||
if(file_exists("/home/$user[onion].onion/Maildir/new/")){
|
||||
$mail=count(scandir("/home/$user[onion].onion/Maildir/new/"))-2;
|
||||
}
|
||||
echo "<p>Enter system account password to check your $user[onion].onion@" . ADDRESS . " mail ($mail new):</td><td><form action=\"squirrelmail/src/redirect.php\" method=\"post\" target=\"_blank\"><input type=\"hidden\" name=\"login_username\" value=\"$user[onion].onion\"><input type=\"password\" name=\"secretkey\"><input type=\"submit\" value=\"Login to webmail\"></form></p>";
|
||||
echo "<p>Logged in as $user[username] <a href=\"logout.php\">Logout</a> | <a href=\"password.php\">Change passwords</a> | <a target=\"_blank\" href=\"files.php\">FileManager</a> | <a href=\"delete.php\">Delete account</a></p>";
|
||||
echo "<p>Enter system account password to check your $user[onion].onion@" . ADDRESS . " mail:</td><td><form action=\"squirrelmail/src/redirect.php\" method=\"post\" target=\"_blank\"><input type=\"hidden\" name=\"login_username\" value=\"$user[onion].onion\"><input type=\"password\" name=\"secretkey\"><input type=\"submit\" value=\"Login to webmail\"></form></p>";
|
||||
echo '<h3>Domain</h3>';
|
||||
echo '<table border="1">';
|
||||
echo '<tr><th>Onion</th><th>Private key</th></tr>';
|
||||
|
||||
@ -17,6 +17,7 @@ if(isset($_SERVER['HTTP_HOST']) && preg_match('/danwin1210\.(i2p|me)$/', $_SERVE
|
||||
<meta name="author" content="Daniel Winzen">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
</head><body>
|
||||
<h1>Hosting - Info</h1>
|
||||
<p>Info | <a href="register.php">Register</a> | <a href="login.php">Login</a> | <a href="list.php">List of hosted sites</a> | <a href="faq.php">FAQ</a></p>
|
||||
<p>Here you can get yourself a hosting account on my server.</p>
|
||||
<p>What you will get:</p>
|
||||
@ -46,9 +47,8 @@ if(isset($_SERVER['HTTP_HOST']) && preg_match('/danwin1210\.(i2p|me)$/', $_SERVE
|
||||
<li>No terroristic propaganda!</li>
|
||||
<li>No illegal content according to German law!</li>
|
||||
<li>No malware! (e.g. botnets)</li>
|
||||
<li>No phishing!</li>
|
||||
<li>No scams!</li>
|
||||
<li>No spam!</li>
|
||||
<li>No phishing, scams or spam!</li>
|
||||
<li>No mining without explicit user permission! (e.g. using coinhive)</li>
|
||||
<li>No shops, markets or any other sites dedicated to making money! (This is a FREE hosting!)</li>
|
||||
<li>No proxy scripts! (You are already using TOR and this will just burden the network)</li>
|
||||
<li>No IP logger or similar de-anonymizer sites!</li>
|
||||
|
||||
@ -9,8 +9,10 @@ try{
|
||||
echo '<!DOCTYPE html><html><head>';
|
||||
echo '<title>Daniel\'s Hosting - List of hosted sites</title>';
|
||||
echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8">';
|
||||
echo '<meta name=viewport content="width=device-width, initial-scale=1">';
|
||||
echo '<meta name="author" content="Daniel Winzen">';
|
||||
echo '<meta name="viewport" content="width=device-width, initial-scale=1">';
|
||||
echo '</head><body>';
|
||||
echo '<h1>Hosting - List of hosted sites</h1>';
|
||||
echo '<p><a href="index.php">Info</a> | <a href="register.php">Register</a> | <a href="login.php">Login</a> | List of hosted sites | <a href="faq.php">FAQ</a></p>';
|
||||
$stmt=$db->query('SELECT COUNT(*) FROM users WHERE public=1;');
|
||||
$count=$stmt->fetch(PDO::FETCH_NUM);
|
||||
|
||||
@ -15,32 +15,11 @@ $msg='';
|
||||
$username='';
|
||||
if($_SERVER['REQUEST_METHOD']==='POST'){
|
||||
$ok=true;
|
||||
if(CAPTCHA){
|
||||
if(!isset($_REQUEST['challenge'])){
|
||||
$msg.='<p style="color:red;">Error: Wrong Captcha</p>';
|
||||
$ok=false;
|
||||
}else{
|
||||
$stmt=$db->prepare('SELECT code FROM captcha WHERE id=?;');
|
||||
$stmt->execute([$_REQUEST['challenge']]);
|
||||
$stmt->bindColumn(1, $code);
|
||||
if(!$stmt->fetch(PDO::FETCH_BOUND)){
|
||||
$msg.='<p style="color:red;">Error: Captcha expired</p>';
|
||||
$ok=false;
|
||||
}else{
|
||||
$time=time();
|
||||
$stmt=$db->prepare('DELETE FROM captcha WHERE id=? OR time<?;');
|
||||
$stmt->execute([$_REQUEST['challenge'], $time-3600]);
|
||||
if($_REQUEST['captcha']!==$code){
|
||||
if(strrev($_REQUEST['captcha'])!==$code){
|
||||
$msg.='<p style="color:red;">Error: Wrong captcha</p>';
|
||||
$ok=false;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
if(!isset($_POST['username']) || $_POST['username']===''){
|
||||
$msg.='<p style="color:red;">Error, username may not be empty.</p>';
|
||||
if($error=check_captcha_error()){
|
||||
$msg.="<p style=\"color:red;\">$error</p>";
|
||||
$ok=false;
|
||||
}elseif(!isset($_POST['username']) || $_POST['username']===''){
|
||||
$msg.='<p style="color:red;">Error: username may not be empty.</p>';
|
||||
$ok=false;
|
||||
}else{
|
||||
$stmt=$db->prepare('SELECT username, password FROM users WHERE username=?;');
|
||||
@ -53,13 +32,13 @@ if($_SERVER['REQUEST_METHOD']==='POST'){
|
||||
}
|
||||
if($tmp){
|
||||
if(!isset($_POST['pass']) || !password_verify($_POST['pass'], $tmp[1])){
|
||||
$msg.='<p style="color:red;">Error, wrong password.</p>';
|
||||
$msg.='<p style="color:red;">Error: wrong password.</p>';
|
||||
$ok=false;
|
||||
}else{
|
||||
$username=$tmp[0];
|
||||
}
|
||||
}else{
|
||||
$msg.='<p style="color:red;">Error, username was not found. If you forgot it, you can enter youraccount.onion instead.</p>';
|
||||
$msg.='<p style="color:red;">Error: username was not found. If you forgot it, you can enter youraccount.onion instead.</p>';
|
||||
$ok=false;
|
||||
}
|
||||
}
|
||||
@ -76,6 +55,7 @@ echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8">';
|
||||
echo '<meta name="author" content="Daniel Winzen">';
|
||||
echo '<meta name="viewport" content="width=device-width, initial-scale=1">';
|
||||
echo '</head><body>';
|
||||
echo '<h1>Hosting - Login</h1>';
|
||||
echo '<p><a href="index.php">Info</a> | <a href="register.php">Register</a> | Login | <a href="list.php">List of hosted sites</a> | <a href="faq.php">FAQ</a></p>';
|
||||
echo $msg;
|
||||
echo '<form method="POST" action="login.php"><table>';
|
||||
@ -85,10 +65,8 @@ if(isset($_POST['username'])){
|
||||
}
|
||||
echo '" required autofocus></td></tr>';
|
||||
echo '<tr><td>Password</td><td><input type="password" name="pass" required></td></tr>';
|
||||
if(CAPTCHA){
|
||||
send_captcha();
|
||||
}
|
||||
send_captcha();
|
||||
echo '<tr><td colspan="2"><input type="submit" value="Login"></td></tr>';
|
||||
echo '</table></form>';
|
||||
echo '<p>If you disabled cookies, please re-enable them. You currently can\'t log in without</p>';
|
||||
echo '<p>If you disabled cookies, please re-enable them. You can\'t log in without!</p>';
|
||||
echo '</body></html>';
|
||||
|
||||
@ -17,6 +17,7 @@ echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8">';
|
||||
echo '<meta name="author" content="Daniel Winzen">';
|
||||
echo '<meta name="viewport" content="width=device-width, initial-scale=1">';
|
||||
echo '</head><body>';
|
||||
echo '<h1>Hosting - Register</h1>';
|
||||
echo '<p><a href="index.php">Info</a> | Register | <a href="login.php">Login</a> | <a href="list.php">List of hosted sites</a> | <a href="faq.php">FAQ</a></p>';
|
||||
if($_SERVER['REQUEST_METHOD']==='POST'){
|
||||
$ok=true;
|
||||
@ -26,85 +27,63 @@ if($_SERVER['REQUEST_METHOD']==='POST'){
|
||||
$autoindex=0;
|
||||
$hash='';
|
||||
$priv_key='';
|
||||
if(empty($_POST['pass'])){
|
||||
echo '<p style="color:red;">Error, password empty.</p>';
|
||||
if($error=check_captcha_error()){
|
||||
echo "<p style=\"color:red;\">$error</p>";
|
||||
$ok=false;
|
||||
}elseif(empty($_POST['pass'])){
|
||||
echo '<p style="color:red;">Error: password empty.</p>';
|
||||
$ok=false;
|
||||
}elseif(empty($_POST['passconfirm']) || $_POST['pass']!==$_POST['passconfirm']){
|
||||
echo '<p style="color:red;">Error, password confirmation does not match.</p>';
|
||||
echo '<p style="color:red;">Error: password confirmation does not match.</p>';
|
||||
$ok=false;
|
||||
}
|
||||
if(empty($_POST['username'])){
|
||||
echo '<p style="color:red;">Error, username empty.</p>';
|
||||
}elseif(empty($_POST['username'])){
|
||||
echo '<p style="color:red;">Error: username empty.</p>';
|
||||
$ok=false;
|
||||
}elseif(preg_match('/[^a-z0-9\-_\.]/', $_POST['username'])){
|
||||
echo '<p style="color:red;">Error, username may only contain characters that are in the rage of a-z (lower case) - . _ and 0-9.</p>';
|
||||
echo '<p style="color:red;">Error: username may only contain characters that are in the rage of a-z (lower case) - . _ and 0-9.</p>';
|
||||
$ok=false;
|
||||
}elseif(strlen($_POST['username'])>50){
|
||||
echo '<p style="color:red;">Error, username may not be longer than 50 characters.</p>';
|
||||
echo '<p style="color:red;">Error: username may not be longer than 50 characters.</p>';
|
||||
$ok=false;
|
||||
}else{
|
||||
$stmt=$db->prepare('SELECT null FROM users WHERE username=?;');
|
||||
$stmt->execute([$_POST['username']]);
|
||||
if($stmt->fetch(PDO::FETCH_NUM)){
|
||||
echo '<p style="color:red;">Error, this username is already registered.</p>';
|
||||
echo '<p style="color:red;">Error: this username is already registered.</p>';
|
||||
$ok=false;
|
||||
}
|
||||
}
|
||||
if(CAPTCHA){
|
||||
if(!isset($_REQUEST['challenge'])){
|
||||
echo '<p style="color:red;">Error: Wrong Captcha</p>';
|
||||
$ok=false;
|
||||
}else{
|
||||
$stmt=$db->prepare('SELECT code FROM captcha WHERE id=?;');
|
||||
$stmt->execute([$_REQUEST['challenge']]);
|
||||
$stmt->bindColumn(1, $code);
|
||||
if(!$stmt->fetch(PDO::FETCH_BOUND)){
|
||||
echo '<p style="color:red;">Error: Captcha expired</p>';
|
||||
$ok=false;
|
||||
}else{
|
||||
$time=time();
|
||||
$stmt=$db->prepare('DELETE FROM captcha WHERE id=? OR time<?;');
|
||||
$stmt->execute([$_REQUEST['challenge'], $time-3600]);
|
||||
if($_REQUEST['captcha']!==$code){
|
||||
if(strrev($_REQUEST['captcha'])!==$code){
|
||||
echo '<p style="color:red;">Error: Wrong captcha</p>';
|
||||
if($ok){
|
||||
$check=$db->prepare('SELECT null FROM users WHERE onion=?;');
|
||||
if(isset($_REQUEST['private_key']) && !empty(trim($_REQUEST['private_key']))){
|
||||
$priv_key=trim($_REQUEST['private_key']);
|
||||
if(($pkey=openssl_pkey_get_private($priv_key))!==false){
|
||||
$details=openssl_pkey_get_details($pkey);
|
||||
if($details['bits']!==1024){
|
||||
echo '<p style="color:red;">Error: private key not of bitsize 1024.</p>';
|
||||
$ok=false;
|
||||
}else{
|
||||
$onion=get_onion($pkey);
|
||||
$check->execute([$onion]);
|
||||
if($check->fetch(PDO::FETCH_NUM)){
|
||||
echo '<p style="color:red;">Error onion already exists.</p>';
|
||||
$ok=false;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
$check=$db->prepare('SELECT null FROM users WHERE onion=?;');
|
||||
if(isset($_REQUEST['private_key']) && !empty(trim($_REQUEST['private_key']))){
|
||||
$priv_key=trim($_REQUEST['private_key']);
|
||||
if(($pkey=openssl_pkey_get_private($priv_key))!==false){
|
||||
$details=openssl_pkey_get_details($pkey);
|
||||
if($details['bits']!==1024){
|
||||
echo '<p style="color:red;">Error, private key not of bitsize 1024.</p>';
|
||||
$ok=false;
|
||||
openssl_pkey_free($pkey);
|
||||
}else{
|
||||
$onion=get_onion($pkey);
|
||||
$check->execute([$onion]);
|
||||
if($check->fetch(PDO::FETCH_NUM)){
|
||||
echo '<p style="color:red;">Error onion already exists.</p>';
|
||||
$ok=false;
|
||||
}
|
||||
echo '<p style="color:red;">Error: private key invalid.</p>';
|
||||
$ok=false;
|
||||
}
|
||||
openssl_pkey_free($pkey);
|
||||
}else{
|
||||
echo '<p style="color:red;">Error, private key invalid.</p>';
|
||||
$ok=false;
|
||||
do{
|
||||
$pkey=openssl_pkey_new(['private_key_bits'=>1024, 'private_key_type'=>OPENSSL_KEYTYPE_RSA]);
|
||||
openssl_pkey_export($pkey, $priv_key);
|
||||
$onion=get_onion($pkey);
|
||||
openssl_pkey_free($pkey);
|
||||
$check->execute([$onion]);
|
||||
}while($check->fetch(PDO::FETCH_NUM));
|
||||
}
|
||||
}else{
|
||||
do{
|
||||
$pkey=openssl_pkey_new(['private_key_bits'=>1024, 'private_key_type'=>OPENSSL_KEYTYPE_RSA]);
|
||||
openssl_pkey_export($pkey, $priv_key);
|
||||
$onion=get_onion($pkey);
|
||||
openssl_pkey_free($pkey);
|
||||
$check->execute([$onion]);
|
||||
}while($check->fetch(PDO::FETCH_NUM));
|
||||
}
|
||||
if($ok){
|
||||
if(isset($_POST['public']) && $_POST['public']==1){
|
||||
$public=1;
|
||||
}
|
||||
@ -119,7 +98,7 @@ if($_SERVER['REQUEST_METHOD']==='POST'){
|
||||
}
|
||||
$check=$db->prepare('SELECT null FROM users WHERE dateadded>?;');
|
||||
$check->execute([time()-60]);
|
||||
if($check->fetch(PDO::FETCH_NUM)){
|
||||
if($ok && $check->fetch(PDO::FETCH_NUM)){
|
||||
echo '<p style="color:red;">To prevent abuse a site can only be registered every 60 seconds, but one has already been registered within the last 60 seconds. Please try again.</p>';
|
||||
$ok=false;
|
||||
}elseif($ok){
|
||||
@ -149,9 +128,7 @@ if(isset($_POST['username'])){
|
||||
echo '" required autofocus></td></tr>';
|
||||
echo '<tr><td>Password</td><td><input type="password" name="pass" required></td></tr>';
|
||||
echo '<tr><td>Confirm password</td><td><input type="password" name="passconfirm" required></td></tr>';
|
||||
if(CAPTCHA){
|
||||
send_captcha();
|
||||
}
|
||||
send_captcha();
|
||||
if($_SERVER['REQUEST_METHOD']!=='POST' || (isset($_POST['public']) && $_POST['public']==1)){
|
||||
$public=' checked';
|
||||
}else{
|
||||
|
||||
Reference in New Issue
Block a user