danwin1210/hosting
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Various optimizations

Browse Source
This commit is contained in:
Daniel Winzen
2019-11-02 19:41:05 +01:00
parent f857083765
commit 6b19346b20
15 changed files with 134 additions and 136 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
var/www/common.php
View File

@ -166,7 +166,6 @@ function base32_encode(string $input) : string {
}
function send_captcha() {
global $db;
if(!CAPTCHA || !extension_loaded('gd')){
return;
}
@ -178,6 +177,7 @@ function send_captcha() {
}
$randid = mt_rand();
$time = time();
$db = get_db_instance();
$stmt = $db->prepare('INSERT INTO captcha (id, time, code) VALUES (?, ?, ?);');
$stmt->execute([$randid, $time, $code]);
echo "<tr><td>Copy: ";
@ -264,7 +264,6 @@ function send_captcha() {
}
function check_login(){
global $db;
if(empty($_SESSION['csrf_token'])){
$_SESSION['csrf_token']=sha1(uniqid());
}
@ -273,6 +272,7 @@ function check_login(){
session_destroy();
exit;
}
$db = get_db_instance();
$stmt=$db->prepare('SELECT * FROM users WHERE username=?;');
$stmt->execute([$_SESSION['hosting_username']]);
if(!$user=$stmt->fetch(PDO::FETCH_ASSOC)){
@ -293,11 +293,11 @@ function get_system_hash($pass) {
}
function check_captcha_error() {
global $db;
if(CAPTCHA){
if(!isset($_REQUEST['challenge'])){
return 'Error: Wrong Captcha';
}else{
$db = get_db_instance();
$stmt=$db->prepare('SELECT code FROM captcha WHERE id=?;');
$stmt->execute([$_REQUEST['challenge']]);
$stmt->bindColumn(1, $code);
@ -318,7 +318,8 @@ function check_captcha_error() {
return false;
}
function rewrite_torrc(PDO $db, string $instance){
function rewrite_torrc(string $instance){
$db = get_db_instance();
$update_onion=$db->prepare('UPDATE onions SET private_key=? WHERE onion=?;');
$torrc='ClientUseIPv6 1
ClientUseIPv4 1
@ -466,7 +467,8 @@ function ed25519_seckey_expand(string $seed) : string {
return $sk;
}
function rewrite_nginx_config(PDO $db){
function rewrite_nginx_config(){
$db = get_db_instance();
$nginx='';
$rewrites = [];
// rewrite rules
@ -567,7 +569,8 @@ function rewrite_nginx_config(PDO $db){
exec('systemctl reload nginx');
}
function rewrite_php_config(PDO $db, string $key){
function rewrite_php_config(string $key){
$db = get_db_instance();
$stmt=$db->prepare("SELECT system_account FROM users WHERE instance = ? AND php=? AND todelete!=1 AND id NOT IN (SELECT user_id FROM new_account);");
foreach(array_replace(PHP_VERSIONS, DISABLED_PHP_VERSIONS) as $php_key => $version){
$stmt->execute([$key, $php_key]);
@ -604,7 +607,8 @@ php_admin_value[session.save_path] = /tmp
}
}
function add_mysql_user(PDO $db, string $password) : string {
function add_mysql_user(string $password) : string {
$db = get_db_instance();
$mysql_user = '';
$stmt = $db->prepare('SELECT null FROM users WHERE mysql_user = ?;');
do {
@ -616,7 +620,8 @@ function add_mysql_user(PDO $db, string $password) : string {
return $mysql_user;
}
function add_user_db(PDO $db, int $user_id) : ?string {
function add_user_db(int $user_id) : ?string {
$db = get_db_instance();
$mysql_db = '';
$stmt = $db->prepare('SELECT COUNT(*) FROM mysql_databases WHERE user_id = ?;');
$stmt->execute([$user_id]);
@ -641,7 +646,8 @@ function add_user_db(PDO $db, int $user_id) : ?string {
return $mysql_db;
}
function del_user_db(PDO $db, int $user_id, string $mysql_db) {
function del_user_db(int $user_id, string $mysql_db) {
$db = get_db_instance();
$stmt = $db->prepare('SELECT mysql_user FROM users WHERE id = ?;');
$stmt->execute([$user_id]);
$user = $stmt->fetch(PDO::FETCH_ASSOC);
@ -656,17 +662,20 @@ function del_user_db(PDO $db, int $user_id, string $mysql_db) {
}
}
function get_new_tor_instance(PDO $db){
function get_new_tor_instance(){
$db = get_db_instance();
$stmt = $db->query('SELECT s.ID FROM service_instances AS s LEFT JOIN onions AS o ON (s.ID = o.instance) GROUP BY s.ID ORDER BY count(s.ID) LIMIT 1;');
return $stmt->fetch(PDO::FETCH_NUM)[0];
}
function add_user_onion(PDO $db, int $user_id, string $onion, string $priv_key, int $onion_version) {
function add_user_onion(int $user_id, string $onion, string $priv_key, int $onion_version) {
$db = get_db_instance();
$stmt=$db->prepare('INSERT INTO onions (user_id, onion, private_key, version, enabled, enable_smtp, instance) VALUES (?, ?, ?, ?, 1, 0, ?);');
$stmt->execute([$user_id, $onion, $priv_key, $onion_version, get_new_tor_instance($db)]);
$stmt->execute([$user_id, $onion, $priv_key, $onion_version, get_new_tor_instance()]);
}
function del_user_onion(PDO $db, int $user_id, string $onion) {
function del_user_onion(int $user_id, string $onion) {
$db = get_db_instance();
$stmt = $db->prepare('SELECT null FROM onions WHERE user_id = ? AND onion = ? AND enabled IN (0, 1);');
$stmt->execute([$user_id, $onion]);
if($stmt->fetch()){
@ -675,7 +684,7 @@ function del_user_onion(PDO $db, int $user_id, string $onion) {
}
}
function add_user_domain(PDO $db, int $user_id, string $domain) : string {
function add_user_domain(int $user_id, string $domain) : string {
$domain = strtolower($domain);
if(strlen($domain) > 255){
return "Domain can't be longer than 255 characters.";
@ -692,6 +701,7 @@ function add_user_domain(PDO $db, int $user_id, string $domain) : string {
return 'Invalid domain';
}
}
$db = get_db_instance();
$stmt = $db->prepare('SELECT null FROM domains WHERE domain = ?;');
$stmt->execute([$domain]);
if($stmt->fetch()){
@ -702,7 +712,8 @@ function add_user_domain(PDO $db, int $user_id, string $domain) : string {
return '';
}
function del_user_domain(PDO $db, int $user_id, string $domain) {
function del_user_domain(int $user_id, string $domain) {
$db = get_db_instance();
$stmt = $db->prepare('SELECT null FROM domains WHERE user_id = ? AND domain = ? AND enabled IN (0, 1);');
$stmt->execute([$user_id, $domain]);
if($stmt->fetch()){
@ -718,7 +729,8 @@ function check_csrf_error(){
return false;
}
function enqueue_instance_reload($db, $instance = null){
function enqueue_instance_reload($instance = null){
$db = get_db_instance();
if($instance === null){
$stmt=$db->prepare('UPDATE service_instances SET reload = 1 LIMIT 1;');
}else{
@ -726,3 +738,16 @@ function enqueue_instance_reload($db, $instance = null){
$stmt->execute([$instance]);
}
}
function get_db_instance(){
static $db = null;
if($db !== null){
return $db;
}
try{
$db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME, DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]);
}catch(PDOException $e){
die('No Connection to MySQL database!');
}
return $db;
}

12
var/www/cron.php
View File

@ -1,10 +1,6 @@
<?php
include('common.php');
try{
$db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME, DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]);
}catch(PDOException $e){
die('No Connection to MySQL database!');
}
$db = get_db_instance();
//instances to reload
$reload=[];
@ -77,11 +73,11 @@ foreach($onions as $onion){
//reload services
if(!empty($reload)){
rewrite_nginx_config($db);
rewrite_nginx_config();
}
foreach($reload as $key => $val){
rewrite_php_config($db, $key);
rewrite_torrc($db, $key);
rewrite_php_config($key);
rewrite_torrc($key);
}
//continue deleting old accounts

6
var/www/find_old.php
View File

@ -1,10 +1,6 @@
<?php
include('common.php');
try{
$db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME, DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]);
}catch(PDOException $e){
die('No Connection to MySQL database!');
}
$db = get_db_instance();
//delete tmp files older than 24 hours
$stmt=$db->query('SELECT system_account FROM users;');

60
var/www/html/admin.php
View File

@ -1,23 +1,23 @@
<?php
include('../common.php');
try{
$db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME, DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]);
}catch(PDOException $e){
die('No Connection to MySQL database!');
}
$db = get_db_instance();
header('Content-Type: text/html; charset=UTF-8');
session_start(['name'=>'hosting_admin']);
if($_SERVER['REQUEST_METHOD']==='HEAD'){
exit; // headers sent, no further processing needed
}
echo '<!DOCTYPE html><html><head>';
echo '<title>Daniel\'s Hosting - Admin panel</title>';
echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8">';
echo '<meta name="author" content="Daniel Winzen">';
echo '<meta name="viewport" content="width=device-width, initial-scale=1">';
echo '<link rel="canonical" href="'.CANONICAL_URL. $_SERVER['SCRIPT_NAME'] .'">';
echo '</head><body>';
echo '<h1>Hosting - Admin panel</h1>';
?>
<!DOCTYPE html><html><head>
<title>Daniel's Hosting - Admin panel</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="author" content="Daniel Winzen">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="canonical" href="'.CANONICAL_URL. $_SERVER['SCRIPT_NAME'] .'">
<style>td{padding:5px;}</style>
<base target="_blank">
</head><body>
<h1>Hosting - Admin panel</h1>
<?php
$error=false;
if($_SERVER['REQUEST_METHOD']==='POST' && isset($_POST['pass']) && $_POST['pass']===ADMIN_PASSWORD){
if(!($error=check_captcha_error())){
@ -26,7 +26,7 @@ if($_SERVER['REQUEST_METHOD']==='POST' && isset($_POST['pass']) && $_POST['pass'
}
}
if(empty($_SESSION['logged_in'])){
echo '<form action="' . $_SERVER['SCRIPT_NAME'] . '" method="POST"><table>';
echo '<form action="' . $_SERVER['SCRIPT_NAME'] . '" method="POST" target="_self"><table>';
echo "<tr><td>Password </td><td><input type=\"password\" name=\"pass\" size=\"30\" required autofocus></td></tr>";
send_captcha();
echo "<tr><td colspan=\"2\"><input type=\"submit\" name=\"action\" value=\"login\"></td></tr>";
@ -42,9 +42,9 @@ if(empty($_SESSION['logged_in'])){
if(REQUIRE_APPROVAL){
$stmt=$db->query('SELECT COUNT(*) FROM new_account WHERE approved=0;');
$cnt=$stmt->fetch(PDO::FETCH_NUM)[0];
echo '<a href="' . $_SERVER['SCRIPT_NAME'] . "?action=approve\">Approve pending sites ($cnt)</a> | ";
echo '<a href="' . $_SERVER['SCRIPT_NAME'] . "?action=approve\" target=\"_self\">Approve pending sites ($cnt)</a> | ";
}
echo '<a href="' . $_SERVER['SCRIPT_NAME'] . '?action=list">List of accounts</a> | <a href="' . $_SERVER['SCRIPT_NAME'] . '?action=delete">Delete accounts</a> | <a href="' . $_SERVER['SCRIPT_NAME'] . '?action=suspend">Suspend hidden services</a> | <a href="' . $_SERVER['SCRIPT_NAME'] . '?action=edit">Edit hidden services</a> | <a href="' . $_SERVER['SCRIPT_NAME'] . '?action=logout">Logout</a></p>';
echo '<a href="' . $_SERVER['SCRIPT_NAME'] . '?action=list" target="_self">List of accounts</a> | <a href="' . $_SERVER['SCRIPT_NAME'] . '?action=delete" target="_self">Delete accounts</a> | <a href="' . $_SERVER['SCRIPT_NAME'] . '?action=suspend" target="_self">Suspend hidden services</a> | <a href="' . $_SERVER['SCRIPT_NAME'] . '?action=edit" target="_self">Edit hidden services</a> | <a href="' . $_SERVER['SCRIPT_NAME'] . '?action=logout" target="_self">Logout</a></p>';
if(empty($_REQUEST['action']) || $_REQUEST['action']==='login'){
echo '<p>Welcome to the admin panel!</p>';
}elseif($_REQUEST['action'] === 'logout'){
@ -52,7 +52,8 @@ if(empty($_SESSION['logged_in'])){
header('Location: ' . $_SERVER['SCRIPT_NAME']);
exit;
}elseif($_REQUEST['action'] === 'list'){
echo '<form action="' . $_SERVER['SCRIPT_NAME'] . "\" method=\"POST\"><input type=\"hidden\" name=\"csrf_token\" value=\"$_SESSION[csrf_token]\">";
echo '<form action="' . $_SERVER['SCRIPT_NAME'] . '" method="POST">';
echo '<input type="hidden" name="csrf_token" value="' . $_SESSION['csrf_token'] . '">';
echo '<table border="1">';
echo '<tr><th>Username</th><th>Onion link</th><th>Action</th></tr>';
$stmt=$db->query('SELECT users.username, onions.onion, onions.enabled FROM users INNER JOIN onions ON (onions.user_id=users.id) ORDER BY users.username;');
@ -70,7 +71,7 @@ if(empty($_SESSION['logged_in'])){
echo '<br>';
}
if($onion[1]=='1'){
echo "<a href=\"http://$onion[0].onion\" target=\"_blank\">$onion[0].onion</a>";
echo "<a href=\"http://$onion[0].onion\">$onion[0].onion</a>";
}else{
echo "$onion[0].onion";
}
@ -89,12 +90,13 @@ if(empty($_SESSION['logged_in'])){
echo '<p style="color:green;">Successfully approved</p>';
}
}
echo '<form action="' . $_SERVER['SCRIPT_NAME'] . "\" method=\"POST\"><input type=\"hidden\" name=\"csrf_token\" value=\"$_SESSION[csrf_token]\">";
echo '<form action="' . $_SERVER['SCRIPT_NAME'] . '" method="POST" target="_self">';
echo '<input type="hidden" name="csrf_token" value="' . $_SESSION['csrf_token'] . '">';
echo '<table border="1">';
echo '<tr><th>Username</th><th>Onion address</th><th>Action</th></tr>';
$stmt=$db->query('SELECT users.username, onions.onion FROM users INNER JOIN new_account ON (users.id=new_account.user_id) INNER JOIN onions ON (onions.user_id=users.id) WHERE new_account.approved=0 ORDER BY users.username;');
while($tmp=$stmt->fetch(PDO::FETCH_NUM)){
echo "<tr><td>$tmp[0]</td><td><a href=\"http://$tmp[1].onion\" target=\"_blank\">$tmp[1].onion</a></td><td><button type=\"submit\" name=\"action\" value=\"approve_$tmp[1]\">Approve</button><button type=\"submit\" name=\"action\" value=\"delete_$tmp[1]\">Delete</button></td></tr>";
echo "<tr><td>$tmp[0]</td><td><a href=\"http://$tmp[1].onion\">$tmp[1].onion</a></td><td><button type=\"submit\" name=\"action\" value=\"approve_$tmp[1]\">Approve</button><button type=\"submit\" name=\"action\" value=\"delete_$tmp[1]\">Delete</button></td></tr>";
}
echo '</table></form>';
}elseif(substr($_REQUEST['action'], 0, 6) === 'delete'){
@ -105,7 +107,7 @@ if(empty($_SESSION['logged_in'])){
$onion = substr($_REQUEST['action'], 7);
}
echo '<p>Delete accouts:</p>';
echo '<form action="' . $_SERVER['SCRIPT_NAME'] . '" method="POST">';
echo '<form action="' . $_SERVER['SCRIPT_NAME'] . '" method="POST" target="_self">';
echo '<input type="hidden" name="csrf_token" value="' . $_SESSION['csrf_token'] . '">';
echo '<p>Onion address: <input type="text" name="onion" size="30" value="';
echo htmlspecialchars($onion);
@ -136,8 +138,8 @@ if(empty($_SESSION['logged_in'])){
$onion = substr($_REQUEST['action'], 8);
}
echo '<p>Suspend hidden service:</p>';
echo '<form action="' . $_SERVER['SCRIPT_NAME'] . '" method="POST">';
echo '<input type="hidden" name="csrf_token" value="'.$_SESSION['csrf_token'].'">';
echo '<form action="' . $_SERVER['SCRIPT_NAME'] . '" method="POST" target="_self">';
echo '<input type="hidden" name="csrf_token" value="' . $_SESSION['csrf_token'] . '">';
echo '<p>Onion address: <input type="text" name="onion" size="30" value="';
echo htmlspecialchars($onion);
echo '" required autofocus></p>';
@ -152,7 +154,7 @@ if(empty($_SESSION['logged_in'])){
$stmt=$db->prepare('UPDATE onions SET enabled=-2 WHERE onion=?;');
$stmt->execute([$match[1]]);
echo "<p style=\"color:green;\">Successfully queued for suspension!</p>";
enqueue_instance_reload($db, $instance[0]);
enqueue_instance_reload($instance[0]);
}else{
echo "<p style=\"color:red;\">Onion address not hosted by us!</p>";
}
@ -168,8 +170,8 @@ if(empty($_SESSION['logged_in'])){
$onion = substr($_REQUEST['action'], 5);
}
echo '<p>Edit hidden service:</p>';
echo '<form action="' . $_SERVER['SCRIPT_NAME'] . '" method="POST">';
echo '<input type="hidden" name="csrf_token" value="'.$_SESSION['csrf_token'].'">';
echo '<form action="' . $_SERVER['SCRIPT_NAME'] . '" method="POST" target="_self">';
echo '<input type="hidden" name="csrf_token" value="' . $_SESSION['csrf_token'] . '">';
echo '<p>Onion address: <input type="text" name="onion" size="30" value="';
echo htmlspecialchars($onion);
echo '" required autofocus></p>';
@ -200,15 +202,15 @@ if(empty($_SESSION['logged_in'])){
$max_streams = 65535;
}
$stmt->execute([$enabled, $enable_smtp, $num_intros, $max_streams, $match[1]]);
enqueue_instance_reload($db, $onion[1]);
enqueue_instance_reload($onion[1]);
echo "<p style=\"color:green;\">Changes successfully saved!</p>";
}
}
$stmt=$db->prepare('SELECT onion, enabled, enable_smtp, num_intros, max_streams, version FROM onions WHERE onion=?;');
$stmt->execute([$match[1]]);
if($onion=$stmt->fetch(PDO::FETCH_NUM)){
echo '<form action="' . $_SERVER['SCRIPT_NAME'] . '" method="POST">';
echo '<input type="hidden" name="csrf_token" value="'.$_SESSION['csrf_token'].'">';
echo '<form action="' . $_SERVER['SCRIPT_NAME'] . '" method="POST" target="_self">';
echo '<input type="hidden" name="csrf_token" value="' . $_SESSION['csrf_token'] . '">';
echo '<table border="1"><tr><th>Onion</th><th>Enabled</th><th>SMTP enabled</th><th>Nr. of intros</th><th>Max streams per rend circuit</th><th>Save</th></tr>';
echo '<tr><td><input type="text" name="onion" size="15" value="'.$onion[0].'" required autofocus></td>';
echo '<td><label><input type="checkbox" name="enabled" value="1"';

6
var/www/html/delete.php
View File

@ -1,10 +1,6 @@
<?php
include('../common.php');
try{
$db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME, DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]);
}catch(PDOException $e){
die('No Connection to MySQL database!');
}
$db = get_db_instance();
session_start();
$user=check_login();
$msg='';

1
var/www/html/faq.php
View File

@ -1,6 +1,7 @@
<?php
include('../common.php');
header('Content-Type: text/html; charset=UTF-8');
header('X-Accel-Expires: 60');
?>
<!DOCTYPE html><html><head>
<title>Daniel's Hosting - FAQ</title>

18
var/www/html/files.php
View File

@ -1,10 +1,6 @@
<?php
include('../common.php');
try{
$db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME, DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]);
}catch(PDOException $e){
die('No Connection to MySQL database!');
}
$db = get_db_instance();
session_start();
$user=check_login();
if(!empty($_POST['ftp_pass'])){
@ -137,7 +133,7 @@ if(!empty($_POST['mkfile']) && !empty($_POST['name'])){
}
$tmpfile='/tmp/'.uniqid();
touch($tmpfile);
ftp_put($ftp, $_POST['name'], $tmpfile, FTP_BINARY);
@ftp_put($ftp, $_POST['name'], $tmpfile, FTP_BINARY);
unlink($tmpfile);
}
@ -155,7 +151,7 @@ if(!empty($_POST['rename_2']) && !empty($_POST['files'])){
die($error);
}
foreach($_POST['files'] as $old=>$new){
ftp_rename($ftp, $old, $new);
@ftp_rename($ftp, $old, $new);
}
}
@ -174,7 +170,7 @@ if(!empty($_POST['edit_2']) && !empty($_POST['files'])){
$tmpfile='/tmp/'.uniqid();
foreach($_POST['files'] as $name=>$content){
file_put_contents($tmpfile, $content);
ftp_put($ftp, $name, $tmpfile, FTP_BINARY);
@ftp_put($ftp, $name, $tmpfile, FTP_BINARY);
}
unlink($tmpfile);
}
@ -197,7 +193,7 @@ if(!empty($_POST['unzip']) && !empty($_POST['files'])){
continue;
}
$tmpfile='/tmp/'.uniqid().'.zip';
if(!ftp_get($ftp, $tmpfile, $file, FTP_BINARY)){
if(@!ftp_get($ftp, $tmpfile, $file, FTP_BINARY)){
continue;
}
//prevent zip-bombs
@ -232,7 +228,7 @@ if(!empty($_FILES['files'])){
$c=count($_FILES['files']['name']);
for($i=0; $i<$c; ++$i){
if($_FILES['files']['error'][$i]===UPLOAD_ERR_OK){
ftp_put($ftp, $dir.$_FILES['files']['name'][$i], $_FILES['files']['tmp_name'][$i], FTP_BINARY);
@ftp_put($ftp, $dir.$_FILES['files']['name'][$i], $_FILES['files']['tmp_name'][$i], FTP_BINARY);
unlink($_FILES['files']['tmp_name'][$i]);
}
}
@ -424,7 +420,7 @@ function ftp_recursive_upload($ftp, $path){
ftp_chdir($ftp, '..');
rmdir($dir->path.$file);
}else{
ftp_put($ftp, $file, $dir->path.$file, FTP_BINARY);
@ftp_put($ftp, $file, $dir->path.$file, FTP_BINARY);
unlink($dir->path.$file);
}
}

31
var/www/html/home.php
View File

@ -1,17 +1,13 @@
<?php
include('../common.php');
try{
$db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME, DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]);
}catch(PDOException $e){
die('No Connection to MySQL database!');
}
$db = get_db_instance();
session_start();
$user=check_login();
if(isset($_POST['action']) && $_POST['action']==='add_db'){
if($error=check_csrf_error()){
die($error);
}
add_user_db($db, $user['id']);
add_user_db($user['id']);
}
if(isset($_POST['action']) && $_POST['action']==='del_db' && !empty($_POST['db'])){
if($error=check_csrf_error()){
@ -37,7 +33,7 @@ if(isset($_POST['action']) && $_POST['action']==='del_db_2' && !empty($_POST['db
if($error=check_csrf_error()){
die($error);
}
del_user_db($db, $user['id'], $_POST['db']);
del_user_db($user['id'], $_POST['db']);
}
if(isset($_POST['action']) && $_POST['action']==='del_onion' && !empty($_POST['onion'])){
if($error=check_csrf_error()){
@ -102,24 +98,24 @@ if(isset($_POST['action']) && $_POST['action']==='add_onion'){
$ok = false;
}
if($ok){
add_user_onion($db, $user['id'], $onion, $priv_key, $onion_version);
add_user_onion($user['id'], $onion, $priv_key, $onion_version);
}
}
if(isset($_POST['action']) && $_POST['action']==='del_onion_2' && !empty($_POST['onion'])){
if($error=check_csrf_error()){
die($error);
}
del_user_onion($db, $user['id'], $_POST['onion']);
del_user_onion($user['id'], $_POST['onion']);
}
if(isset($_POST['action']) && $_POST['action']==='add_domain' && !empty($_POST['domain'])){
if($error=check_csrf_error()){
die($error);
}
$error = add_user_domain($db, $user['id'], $_POST['domain']);
$error = add_user_domain($user['id'], $_POST['domain']);
if(!empty($error)){
$msg = "<p style=\"color:red;\">$error</p>";
}else{
enqueue_instance_reload($db);
enqueue_instance_reload();
}
}
if(isset($_POST['action']) && $_POST['action']==='del_domain' && !empty($_POST['domain'])){
@ -146,8 +142,8 @@ if(isset($_POST['action']) && $_POST['action']==='del_domain_2' && !empty($_POST
if($error=check_csrf_error()){
die($error);
}
del_user_domain($db, $user['id'], $_POST['domain']);
enqueue_instance_reload($db);
del_user_domain($user['id'], $_POST['domain']);
enqueue_instance_reload();
}
if(isset($_REQUEST['action']) && isset($_REQUEST['onion']) && $_REQUEST['action']==='edit_onion'){
if($error=check_csrf_error()){
@ -174,7 +170,7 @@ if(isset($_REQUEST['action']) && isset($_REQUEST['onion']) && $_REQUEST['action'
$max_streams = 65535;
}
$stmt->execute([$enabled, $enable_smtp, $num_intros, $max_streams, $_REQUEST['onion']]);
enqueue_instance_reload($db, substr($_REQUEST['onion'], 0, 1));
enqueue_instance_reload(substr($_REQUEST['onion'], 0, 1));
}
}
if(isset($_REQUEST['action']) && isset($_POST['domain']) && $_POST['action']==='edit_domain'){
@ -187,7 +183,7 @@ if(isset($_REQUEST['action']) && isset($_POST['domain']) && $_POST['action']==='
$stmt=$db->prepare('UPDATE domains SET enabled = ? WHERE domain = ?;');
$enabled = isset($_POST['enabled']) ? 1 : 0;
$stmt->execute([$enabled, $_POST['domain']]);
enqueue_instance_reload($db);
enqueue_instance_reload();
}
}
@ -296,7 +292,8 @@ while($mysql=$stmt->fetch(PDO::FETCH_ASSOC)){
echo '<form action="home.php" method="post">';
echo '<input type="hidden" name="csrf_token" value="'.$_SESSION['csrf_token'].'">';
echo '<input type="hidden" name="db" value="'.$mysql['mysql_database'].'">';
echo "<tr><td>$mysql[mysql_database]</td><td>localhost</td><td>$user[mysql_user]</td><td><button type=\"submit\" name=\"action\" value=\"del_db\">Delete</button></td></tr>";
echo '<tr><td>'.htmlspecialchars($mysql['mysql_database']).'</td><td>localhost</td><td>'.htmlspecialchars($user['mysql_user']).'</td>';
echo '<td><button type="submit" name="action" value="del_db">Delete</button></td></tr>';
echo '</form>';
}
echo '</table>';
@ -304,7 +301,7 @@ if($count_dbs<MAX_NUM_USER_DBS){
echo '<p><form action="home.php" method="post"><input type="hidden" name="csrf_token" value="'.$_SESSION['csrf_token'].'"><button type="submit" name="action" value="add_db">Add new database</button></form></p>';
}
echo '<p><a href="password.php?type=sql">Change MySQL password</a></p>';
echo '<p>You can use <a href="/phpmyadmin/" target="_blank">PHPMyAdmin</a> and <a href="/adminer/" target="_blank">Adminer</a> for web based database administration.</p>';
echo '<p>You can use <a href="/phpmyadmin/" target="_blank">PHPMyAdmin</a> and <a href="/adminer/?username='.htmlspecialchars($user['mysql_user']).'" target="_blank">Adminer</a> for web based database administration.</p>';
echo '<h3>System Account</h3>';
echo '<table border="1">';
echo '<tr><th>Username</th><th>Host</th><th>FTP Port</th><th>SFTP Port</th><th>POP3 Port</th><th>IMAP Port</th><th>SMTP port</th></tr>';

1
var/www/html/index.php
View File

@ -1,6 +1,7 @@
<?php
include('../common.php');
header('Content-Type: text/html; charset=UTF-8');
header('X-Accel-Expires: 60');
?>
<!DOCTYPE html><html><head>
<title>Daniel's Hosting</title>

38
var/www/html/list.php
View File

@ -1,20 +1,21 @@
<?php
header('Content-Type: text/html; charset=UTF-8');
include_once('../common.php');
try{
$db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME, DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]);
}catch(PDOException $e){
die('No Connection to MySQL database!');
}
echo '<!DOCTYPE html><html><head>';
echo '<title>Daniel\'s Hosting - List of hosted sites</title>';
echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8">';
echo '<meta name="author" content="Daniel Winzen">';
echo '<meta name="viewport" content="width=device-width, initial-scale=1">';
echo '<link rel="canonical" href="' . CANONICAL_URL . $_SERVER['SCRIPT_NAME'] . '">';
echo '</head><body>';
echo '<h1>Hosting - List of hosted sites</h1>';
echo '<p><a href="index.php">Info</a> | <a href="register.php">Register</a> | <a href="login.php">Login</a> | List of hosted sites | <a href="faq.php">FAQ</a></p>';
header('Content-Type: text/html; charset=UTF-8');
header('X-Accel-Expires: 60');
$db = get_db_instance();
?>
<!DOCTYPE html><html><head>
<title>Daniel's Hosting - List of hosted sites</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="author" content="Daniel Winzen">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="canonical" href="<?php echo CANONICAL_URL . $_SERVER['SCRIPT_NAME']; ?>">
<style>td{padding:5px;}</style>
<base target="_blank">
</head><body>
<h1>Hosting - List of hosted sites</h1>
<p><a href="index.php" target="_self">Info</a> | <a href="register.php" target="_self">Register</a> | <a href="login.php" target="_self">Login</a> | List of hosted sites | <a href="faq.php" target="_self">FAQ</a></p>
<?php
$stmt=$db->query('SELECT COUNT(*) FROM users WHERE public=1;');
$count=$stmt->fetch(PDO::FETCH_NUM);
$stmt=$db->query('SELECT COUNT(*) FROM users WHERE public=0;');
@ -24,7 +25,8 @@ echo '<table border="1">';
echo '<tr><td>Onion link</td></tr>';
$stmt=$db->query('SELECT onions.onion FROM users INNER JOIN onions ON (onions.user_id=users.id) WHERE users.public=1 ORDER BY onions.onion;');
while($tmp=$stmt->fetch(PDO::FETCH_NUM)){
echo "<tr><td><a href=\"http://$tmp[0].onion\" target=\"_blank\">$tmp[0].onion</a></td></tr>";
echo "<tr><td><a href=\"http://$tmp[0].onion\">$tmp[0].onion</a></td></tr>";
}
echo '</table>';
echo '</body></html>';
?>
</table>
</body></html>

5
var/www/html/log.php
View File

@ -1,10 +1,5 @@
<?php
include('../common.php');
try{
$db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME, DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]);
}catch(PDOException $e){
die('No Connection to MySQL database!');
}
session_start();
$user=check_login();
if(!isset($_REQUEST['old']) || $_REQUEST['old']==0){

6
var/www/html/login.php
View File

@ -1,10 +1,6 @@
<?php
include('../common.php');
try{
$db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME, DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]);
}catch(PDOException $e){
die('No Connection to MySQL database!');
}
$db = get_db_instance();
header('Content-Type: text/html; charset=UTF-8');
session_start();
if(!empty($_SESSION['hosting_username'])){

6
var/www/html/password.php
View File

@ -1,10 +1,6 @@
<?php
include('../common.php');
try{
$db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME, DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]);
}catch(PDOException $e){
die('No Connection to MySQL database!');
}
$db = get_db_instance();
session_start();
$user=check_login();
if(!isset($_REQUEST['type'])){

14
var/www/html/register.php
View File

@ -1,10 +1,6 @@
<?php
include('../common.php');
try{
$db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME, DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]);
}catch(PDOException $e){
die('No Connection to MySQL database!');
}
$db = get_db_instance();
header('Content-Type: text/html; charset=UTF-8');
session_start();
if(!empty($_SESSION['hosting_username'])){
@ -106,14 +102,14 @@ if($_SERVER['REQUEST_METHOD']==='POST'){
echo '<p style="color:red;">To prevent abuse a site can only be registered every 60 seconds, but one has already been registered within the last 60 seconds. Please try again.</p>';
$ok=false;
}elseif($ok){
$mysql_user = add_mysql_user($db, $_POST['pass']);
$mysql_user = add_mysql_user($_POST['pass']);
$stmt=$db->prepare('INSERT INTO users (username, system_account, password, dateadded, public, php, autoindex, mysql_user, instance) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?);');
$stmt->execute([$_POST['username'], substr("$onion.onion", 0, 32), $hash, time(), $public_list, $php, $autoindex, $mysql_user, get_new_tor_instance($db)]);
$stmt->execute([$_POST['username'], substr("$onion.onion", 0, 32), $hash, time(), $public_list, $php, $autoindex, $mysql_user, get_new_tor_instance()]);
$user_id = $db->lastInsertId();
$stmt = $db->prepare('INSERT INTO disk_quota (user_id, quota_size, quota_files) VALUES (?, ?, ?);');
$stmt->execute([$user_id, DEFAULT_QUOTA_SIZE, DEFAULT_QUOTA_FILES]);
add_user_onion($db, $user_id, $onion, $priv_key, $onion_version);
add_user_db($db, $user_id);
add_user_onion($user_id, $onion, $priv_key, $onion_version);
add_user_db($user_id);
$stmt=$db->prepare('INSERT INTO new_account (user_id, password) VALUES (?, ?);');
$stmt->execute([$user_id, get_system_hash($_POST['pass'])]);
if(EMAIL_TO!==''){

7
var/www/setup.php
View File

@ -272,6 +272,9 @@ if(!SKIP_USER_CHROOT_UPDATE){
exec('grep ' . escapeshellarg($tmp['system_account']) . ' /etc/passwd >> ' . escapeshellarg("/home/$tmp[system_account]/etc/passwd"));
}
}
if(!file_exists("/etc/nginx/sites-enabled/")){
mkdir("/etc/nginx/sites-enabled/", 0755, true);
}
file_put_contents('/etc/nginx/sites-enabled/default', NGINX_DEFAULT);
if(!file_exists("/etc/nginx/streams-enabled/")){
mkdir("/etc/nginx/streams-enabled/", 0755, true);
@ -290,11 +293,11 @@ foreach(SERVICE_INSTANCES as $instance){
exec('useradd -d '.escapeshellarg("/var/lib/tor-instances/$instance").' -r -s /bin/false -M -U '.escapeshellarg("_tor-$instance"));
exec('install -Z -d -m 02700 -o '.escapeshellarg("_tor-$instance").' -g '.escapeshellarg("_tor-$instance").' '.escapeshellarg("/var/lib/tor-instances/$instance"));
exec('install -d '.escapeshellarg("/etc/tor/instances/$instance"));
rewrite_torrc($db, $instance);
rewrite_torrc($instance);
exec("systemctl enable ".escapeshellarg("tor@$instance"));
exec("systemctl start ".escapeshellarg("tor@$instance"));
foreach(PHP_VERSIONS as $version){
rewrite_php_config($db, $instance);
rewrite_php_config($instance);
exec("systemctl enable ".escapeshellarg("php$version-fpm@$instance"));
exec("systemctl start ".escapeshellarg("php$version-fpm@$instance"));
}