danwin1210/hosting
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Refactor DB foreign keys to auto_incrementing id instead of onion

Browse Source 
Allows moving domains into separate table at a later stage
This commit is contained in:
Daniel Winzen
2018-10-16 21:09:16 +02:00
parent 81c2364b7b
commit 6eb068222c
7 changed files with 38 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
var/www/html/admin.php
View File

@ -27,7 +27,7 @@ if(empty($_SESSION['logged_in'])){
echo "<form action=\"$_SERVER[SCRIPT_NAME]\" method=\"POST\"><table>";
echo "<tr><td>Password </td><td><input type=\"password\" name=\"pass\" size=\"30\" required autofocus></td></tr>";
send_captcha();
echo "<tr><td colspan=\"2\"><input type=\"submit\" name=\"action\" value=\"Login\"></td></tr>";
echo "<tr><td colspan=\"2\"><input type=\"submit\" name=\"action\" value=\"login\"></td></tr>";
echo '</table></form>';
if($error){
echo "<p style=\"color:red;\">$error</p>";
@ -59,13 +59,13 @@ if(empty($_SESSION['logged_in'])){
echo '</table>';
}elseif($_REQUEST['action']==='approve'){
if(!empty($_POST['onion'])){
$stmt=$db->prepare('UPDATE new_account SET approved=1 WHERE onion=?;');
$stmt=$db->prepare('UPDATE new_account INNER JOIN users ON (users.id=new_account.user_id) SET new_account.approved=1 WHERE users.onion=?;');
$stmt->execute([$_POST['onion']]);
echo '<p style="color:green;">Successfully approved</p>';
}
echo '<table border="1">';
echo '<tr><td>Username</td><td>Onion address</td><td>Action</td></tr>';
$stmt=$db->query('SELECT users.username, users.onion FROM users INNER JOIN new_account ON (users.onion=new_account.onion) WHERE new_account.approved=0 ORDER BY users.username;');
$stmt=$db->query('SELECT users.username, users.onion FROM users INNER JOIN new_account ON (users.id=new_account.user_id) WHERE new_account.approved=0 ORDER BY users.username;');
while($tmp=$stmt->fetch(PDO::FETCH_NUM)){
echo "<form action=\"$_SERVER[SCRIPT_NAME]\" method=\"POST\"><input type=\"hidden\" name=\"onion\" value=\"$tmp[1]\"><tr><td>$tmp[0]</td><td>$tmp[1].onion</td><td><input type=\"submit\" name=\"action\" value=\"approve\"><input type=\"submit\" name=\"action\" value=\"delete\"></td></tr></form>";
}

2
var/www/html/login.php
View File

@ -33,7 +33,7 @@ if($_SERVER['REQUEST_METHOD']==='POST'){
if($tmp){
$username=$tmp[0];
$password=$tmp[1];
$stmt=$db->prepare('SELECT approved FROM new_account WHERE onion=?;');
$stmt=$db->prepare('SELECT new_account.approved FROM new_account INNER JOIN users ON (users.id=new_account.user_id) WHERE users.onion=?;');
$stmt->execute([$tmp[2]]);
if($tmp=$stmt->fetch(PDO::FETCH_NUM)){
if(REQUIRE_APPROVAL && !$tmp[0]){

4
var/www/html/password.php
View File

@ -23,9 +23,9 @@ if($_SERVER['REQUEST_METHOD']==='POST'){
$stmt->execute([$hash, $user['username']]);
$msg.='<p style="color:green;">Successfully changed account password.</p>';
}elseif($_REQUEST['type']==='sys'){
$stmt=$db->prepare('INSERT INTO pass_change (onion, password) VALUES (?, ?);');
$stmt=$db->prepare('INSERT INTO pass_change (user_id, password) VALUES (?, ?);');
$hash=get_system_hash($_POST['newpass']);
$stmt->execute([$user['onion'], $hash]);
$stmt->execute([$user['id'], $hash]);
$msg.='<p style="color:green;">Successfully changed system account password, change will take affect within the next minute.</p>';
}elseif($_REQUEST['type']==='sql'){
$stmt=$db->prepare("SET PASSWORD FOR '$user[onion].onion'@'%'=PASSWORD(?);");

7
var/www/html/register.php
View File

@ -104,13 +104,16 @@ if($_SERVER['REQUEST_METHOD']==='POST'){
}elseif($ok){
$stmt=$db->prepare('INSERT INTO users (username, password, onion, private_key, dateadded, public, php, autoindex) VALUES (?, ?, ?, ?, ?, ?, ?, ?);');
$stmt->execute([$_POST['username'], $hash, $onion, $priv_key, time(), $public, $php, $autoindex]);
$stmt=$db->prepare('SELECT id FROM users WHERE username=?;');
$stmt->execute([$_POST['username']]);
$user_id=$stmt->fetch(PDO::FETCH_NUM)[0];
$create_user=$db->prepare("CREATE USER '$onion.onion'@'%' IDENTIFIED BY ?;");
$create_user->execute([$_POST['pass']]);
$db->exec("CREATE DATABASE IF NOT EXISTS `$onion`;");
$db->exec("GRANT ALL PRIVILEGES ON `$onion`.* TO '$onion.onion'@'%';");
$db->exec('FLUSH PRIVILEGES;');
$stmt=$db->prepare('INSERT INTO new_account (onion, password) VALUES (?, ?);');
$stmt->execute([$onion, get_system_hash($_POST['pass'])]);
$stmt=$db->prepare('INSERT INTO new_account (user_id, password) VALUES (?, ?);');
$stmt->execute([$user_id, get_system_hash($_POST['pass'])]);
if(EMAIL_TO!==''){
$title="A new hidden service $onion has been created";
$msg="A new hidden service http://$onion.onion has been created";