danwin1210/hosting
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Make scripts translatable

Browse Source
This commit is contained in:
Daniel Winzen
2023-01-22 20:00:49 +01:00
parent 21eb38c393
commit 78ba449fa3
22 changed files with 1652 additions and 418 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
var/www/vendor/
var/www/composer.lock
*~

8
README.md
View File

@ -3,6 +3,14 @@ General Information:
This is a setup for a Tor based shared hosting server. It is provided as is and before putting it into production you should make changes according to your needs. This is a work in progress and you should carefully check the commit history for changes before updating.
Translation:
--------------------------
Translations are managed in [Weblate](https://weblate.danwin1210.de/projects/DanWin/hosting).
If you prefer manually submitting translations, the script `update-translations.sh` can be used to update the language template and translation files from source.
It will generate the file `var/www/locale/hosting.pot` which you can then use as basis to create a new language file in `var/www/YOUR_LANG_CODE/LC_MESSAGES/hosting.po` and edit it with a translation program, such as [Poedit](https://poedit.net/).
Once you are done, you can open a pull request, or [email me](mailto:daniel@danwin1210.de), to include the translation.
Installation Instructions:
--------------------------

3
update-translation.sh Executable file
View File

@ -0,0 +1,3 @@
#!/bin/bash
xgettext --from-code UTF-8 -o var/www/locale/hosting.pot `find var/www/ -iname '*.php'`
for translation in `find var/www/locale -iname '*.po'`; do msgmerge -U "$translation" var/www/locale/hosting.pot; msgfmt -o ${translation:0:-2}mo "$translation"; done

156
var/www/common.php
View File

@ -63,62 +63,6 @@ session.use_strict_mode = 1
session.serialize_handler=igbinary
apc.serializer=igbinary
';
const NGINX_DEFAULT = 'server {
listen unix:/var/run/nginx/suspended backlog=4096 proxy_protocol;
add_header Content-Type text/html;
location / {
return 200 \'<html lang="en" dir="ltr"><head><title>Suspended</title></head><body>This domain has been suspended due to violation of our <a href="http://' . ADDRESS . '">hosting rules</a>.</body></html>\';
}
}
server {
listen [::]:80 ipv6only=off fastopen=100 backlog=4096 default_server;
listen unix:/var/run/nginx.sock backlog=4096 default_server;
root /var/www/html;
index index.php;
server_name ' . ADDRESS . ' *.' . ADDRESS . ';
location / {
try_files $uri $uri/ =404;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_param DOCUMENT_ROOT /html;
fastcgi_param SCRIPT_FILENAME /html$fastcgi_script_name;
fastcgi_pass unix:/var/run/php/8.2-hosting;
}
}
location /squirrelmail {
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_param DOCUMENT_ROOT /html;
fastcgi_param SCRIPT_FILENAME /html$fastcgi_script_name;
fastcgi_pass unix:/var/run/php/8.2-squirrelmail;
}
}
location /phpmyadmin {
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_param DOCUMENT_ROOT /html;
fastcgi_param SCRIPT_FILENAME /html$fastcgi_script_name;
fastcgi_pass unix:/run/php/8.2-phpmyadmin;
}
}
location /adminer {
root /var/www/html/adminer;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_param DOCUMENT_ROOT /html/adminer;
fastcgi_param SCRIPT_FILENAME /html/adminer$fastcgi_script_name;
fastcgi_pass unix:/run/php/8.2-adminer;
}
}
location /externals/jush/ {
root /var/www/html/adminer;
}
location /nginx/ {
root /var/log/;
internal;
}
}
';
const MAX_NUM_USER_DBS = 5; //maximum number of databases a user may have
const MAX_NUM_USER_ONIONS = 3; //maximum number of onion domains a user may have
const MAX_NUM_USER_DOMAINS = 3; //maximum number of clearnet domains a user may have
@ -143,6 +87,57 @@ const COINPAYMENTS_IPN_SECRET = 'COINPAYMENTS_IPN_SECRET'; //Coinpayments IPN se
const COINPAYMENTS_FAKE_BUYER_EMAIL = 'daniel@danwin1210.me'; //fixed email used for the required buyer email field
const SITE_NAME = "Daniel's Hosting"; //globally changes the sites title
const HOME_MOUNT_PATH = '/home'; //mount path of the home directory. Usually /home as own partition or / on a system with no extra home partition
const CONTACT_URL = 'https://danwin1210.de/contact.php'; //url to contact form
const PRIVACY_URL = 'https://danwin1210.de/privacy.php'; //url to privacy policy
const CLEARNET_A = '116.202.17.147'; // IPv4 Address of your clearnet gateway
const CLEARNET_AAAA = '2a01:4f8:c010:d56::1'; // IPv6 Address of your clearnet gateway
const CLEARNET_ADDRESS = 'hosting.danwin1210.me'; //Domain under which the service is reachable in clearnet
const CLEARNET_SUBDOMAINS = 'danwin1210.me'; //domain of which all subdomains are mapped to this server
const DEFAULT_LANG = 'en'; //default language
const LANGUAGES = [ //available languages
'en' => ['name' => 'English', 'locale' => 'en_GB', 'dir' => 'ltr'],
];
$language = DEFAULT_LANG;
$locale = LANGUAGES[DEFAULT_LANG]['locale'];
$dir = LANGUAGES[DEFAULT_LANG]['dir'];
if(isset($_REQUEST['lang']) && isset(LANGUAGES[$_REQUEST['lang']])){
$locale = LANGUAGES[$_REQUEST['lang']]['locale'];
$language = $_REQUEST['lang'];
$dir = LANGUAGES[$_REQUEST['lang']]['dir'];
setcookie('language', $_REQUEST['lang'], ['expires' => 0, 'path' => '/', 'domain' => '', 'secure' => ($_SERVER['HTTPS'] ?? '' === 'on'), 'httponly' => true, 'samesite' => 'Strict']);
}elseif(isset($_COOKIE['language']) && isset(LANGUAGES[$_COOKIE['language']])){
$locale = LANGUAGES[$_COOKIE['language']]['locale'];
$language = $_COOKIE['language'];
$dir = LANGUAGES[$_COOKIE['language']]['dir'];
}elseif(!empty($_SERVER['HTTP_ACCEPT_LANGUAGE'])){
$prefLocales = array_reduce(
explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']),
function (array $res, string $el) {
list($l, $q) = array_merge(explode(';q=', $el), [1]);
$res[$l] = (float) $q;
return $res;
}, []);
arsort($prefLocales);
foreach($prefLocales as $l => $q){
$lang = locale_lookup(array_keys(LANGUAGES), $l);
if(!empty($lang)){
$locale = LANGUAGES[$lang]['locale'];
$language = $lang;
$dir = LANGUAGES[$lang]['dir'];
setcookie('language', $lang, ['expires' => 0, 'path' => '/', 'domain' => '', 'secure' => ($_SERVER['HTTPS'] ?? '' === 'on'), 'httponly' => true, 'samesite' => 'Strict']);
break;
}
}
}
putenv('LC_ALL='.$locale);
setlocale(LC_ALL, $locale);
bindtextdomain('hosting', __DIR__.'/locale');
bind_textdomain_codeset('hosting', 'UTF-8');
textdomain('hosting');
function get_onion_v2($pkey) : string {
$keyData = openssl_pkey_get_details($pkey);
@ -205,7 +200,7 @@ function send_captcha(): void
$db = get_db_instance();
$stmt = $db->prepare('INSERT INTO captcha (id, time, code) VALUES (?, ?, ?);');
$stmt->execute([$randid, $time, $code]);
echo "<tr><td>Copy: ";
echo '<tr><td>'._('Copy:').' ';
if(CAPTCHA === 1){
$im = imagecreatetruecolor(55, 24);
$bg = imagecolorallocate($im, 0, 0, 0);
@ -285,7 +280,7 @@ function send_captcha(): void
imagegif($im);
imagedestroy($im);
echo base64_encode(ob_get_clean()).'"></td>';
echo "<td><input type=\"hidden\" name=\"challenge\" value=\"$randid\"><input type=\"text\" name=\"captcha\" autocomplete=\"off\"></td></tr>";
echo '<td><input type="hidden" name="challenge" value="'.$randid.'"><input type="text" name="captcha" autocomplete="off"></td></tr>';
}
function check_login() : array {
@ -364,7 +359,7 @@ NumPrimaryGuards '.NUM_GUARDS.'
while($tmp=$stmt->fetch(PDO::FETCH_ASSOC)){
$system_account = sanitize_system_account($tmp['system_account']);
if($system_account === false){
echo "ERROR: Account $tmp[system_account] looks strange\n";
printf(_('ERROR: Account %s looks strange').PHP_EOL, $tmp['system_account']);
continue;
}
if(!file_exists("/var/lib/tor-instances/$instance/hidden_service_$tmp[onion].onion")){
@ -532,7 +527,7 @@ function rewrite_nginx_config(): void
while($tmp=$stmt->fetch(PDO::FETCH_ASSOC)){
$system_account = sanitize_system_account($tmp['system_account']);
if($system_account === false){
echo "ERROR: Account $tmp[system_account] looks strange\n";
printf(_('ERROR: Account %s looks strange').PHP_EOL, $tmp['system_account']);
continue;
}
if($tmp['php']>0){
@ -570,7 +565,7 @@ function rewrite_nginx_config(): void
while($tmp=$stmt->fetch(PDO::FETCH_ASSOC)){
$system_account = sanitize_system_account($tmp['system_account']);
if($system_account === false){
echo "ERROR: Account $tmp[system_account] looks strange\n";
printf(_('ERROR: Account %s looks strange').PHP_EOL, $tmp['system_account']);
continue;
}
if($tmp['php']>0){
@ -611,7 +606,7 @@ function rewrite_nginx_config(): void
while($tmp=$stmt->fetch(PDO::FETCH_ASSOC)){
$system_account = sanitize_system_account($tmp['system_account']);
if($system_account === false){
echo "ERROR: Account $tmp[system_account] looks strange\n";
printf(_('ERROR: Account %s looks strange').PHP_EOL, $tmp['system_account']);
continue;
}
$nginx_mysql.="server {
@ -655,7 +650,7 @@ pm.max_children = 8
while($tmp=$stmt->fetch(PDO::FETCH_ASSOC)){
$system_account = sanitize_system_account($tmp['system_account']);
if($system_account === false){
echo "ERROR: Account $tmp[system_account] looks strange\n";
printf(_('ERROR: Account %s looks strange').PHP_EOL, $tmp['system_account']);
continue;
}
$php.='['.$tmp['system_account']."]
@ -816,7 +811,7 @@ function del_user_domain(int $user_id, string $domain): void
function check_csrf_error(): false|string
{
if(empty($_POST['csrf_token']) || $_POST['csrf_token'] !== $_SESSION['csrf_token']){
return 'Invalid CSRF token, please try again.';
return _('Invalid CSRF token, please try again.');
}
return false;
}
@ -838,7 +833,7 @@ function get_db_instance() : PDO {
try{
$db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME, DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]);
}catch(PDOException $e){
die('No Connection to MySQL database!');
die(_('No Connection to MySQL database!'));
}
}
return $db;
@ -973,7 +968,7 @@ function setup_chroot(string $account, string $last_account): void
{
$system_account = sanitize_system_account($account);
if($system_account === false){
echo "ERROR: Account $account looks strange\n";
printf(_('ERROR: Account %s looks strange').PHP_EOL, $account);
return;
}
$last_account = sanitize_system_account($last_account);
@ -1016,7 +1011,7 @@ function update_system_user_password(string $user, string $password): void
{
$system_account = sanitize_system_account($user);
if($system_account === false){
echo "ERROR: Account $user looks strange\n";
printf(_('ERROR: Account %s looks strange').PHP_EOL, $user);
return;
}
$fp = fopen("/etc/shadow", "r+");
@ -1058,11 +1053,11 @@ function main_menu(string $current_site): void
{
echo '<p>';
$sites = [
'index.php' => 'Info',
'register.php' => 'Register',
'login.php' => 'Login',
'list.php' => 'List of hosted sites',
'faq.php' => 'FAQ',
'index.php' => _('Info'),
'register.php' => _('Register'),
'login.php' => _('Login'),
'list.php' => _('List of hosted sites'),
'faq.php' => _('FAQ'),
];
$first = true;
foreach($sites as $link => $name){
@ -1086,14 +1081,14 @@ function main_menu(string $current_site): void
function dashboard_menu(array $user, string $current_site): void
{
echo '<p>Logged in as ' . htmlspecialchars($user['username']);
echo '<p>'.sprintf(_('Logged in as %s'), htmlspecialchars($user['username']));
$sites = [
'logout.php' => 'Logout',
'home.php' => 'Dashboard',
'pgp.php' => 'PGP 2FA',
'password.php' => 'Change password',
'files.php' => 'FileManager',
'delete.php' => 'Delete account',
'logout.php' => _('Logout'),
'home.php' => _('Dashboard'),
'pgp.php' => _('PGP 2FA'),
'password.php' => _('Change password'),
'files.php' => _('FileManager'),
'delete.php' => _('Delete account'),
];
foreach($sites as $link => $name){
if($link===$current_site){
@ -1107,8 +1102,9 @@ function dashboard_menu(array $user, string $current_site): void
function print_header(string $sub_title, string $style = '', string $base_target = '_self'): void
{
global $language, $dir;
?>
<!DOCTYPE html><html><head>
<!DOCTYPE html><html lang="<?php echo $language; ?>" dir="<?php echo $dir; ?>"><head>
<title><?php echo htmlspecialchars(SITE_NAME) . ' - ' . htmlspecialchars($sub_title); ?></title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="author" content="Daniel Winzen">

6
var/www/composer.json
View File

@ -9,6 +9,8 @@
"ext-posix": "*",
"ext-gnupg": "*",
"ext-ssh2": "*",
"ext-fileinfo": "*"
}
"ext-fileinfo": "*",
"ext-gettext": "*",
"ext-intl": "*"
}
}

12
var/www/cron.php
View File

@ -26,11 +26,11 @@ $stmt=$db->query("SELECT users.system_account, new_account.password, users.id, u
while($account=$stmt->fetch(PDO::FETCH_ASSOC)){
$system_account = basename($account['system_account']);
if($system_account !== $account['system_account']){
echo "ERROR: Account $account[system_account] looks strange\n";
printf(_("ERROR: Account %s looks strange").PHP_EOL, $account['system_account']);
continue;
}
if(posix_getpwnam($system_account) !== false){
echo "ERROR: Account $account[system_account] already exists\n";
printf(_("ERROR: Account %s already exists").PHP_EOL, $account['system_account']);
continue;
}
$reload[$account['instance']] = true;
@ -52,7 +52,7 @@ $mark_onions=$db->prepare('UPDATE onions SET enabled=-1 WHERE user_id=? AND enab
foreach($accounts as $account){
$system_account = sanitize_system_account($account['system_account']);
if($system_account === false){
echo "ERROR: Account $account[system_account] looks strange\n";
printf(_("ERROR: Account %s looks strange").PHP_EOL, $account['system_account']);
continue;
}
$reload[$account['instance']]=true;
@ -95,7 +95,7 @@ $drop_user=$db->prepare("DROP USER ?@'%';");
foreach($accounts as $account){
$system_account = sanitize_system_account($account['system_account']);
if($system_account === false){
echo "ERROR: Account $account[system_account] looks strange\n";
printf(_("ERROR: Account %s looks strange").PHP_EOL, $account['system_account']);
continue;
}
//kill processes of the user to allow deleting system users
@ -131,7 +131,7 @@ $del=$db->prepare("DELETE FROM pass_change WHERE user_id=?;");
while($account=$stmt->fetch(PDO::FETCH_ASSOC)){
$system_account = sanitize_system_account($account['system_account']);
if($system_account === false){
echo "ERROR: Account $account[system_account] looks strange\n";
printf(_("ERROR: Account %s looks strange").PHP_EOL, $account['system_account']);
continue;
}
update_system_user_password($system_account, $account['password']);
@ -144,7 +144,7 @@ $updated=$db->prepare("UPDATE disk_quota SET updated = 0 WHERE user_id=?;");
while($account=$stmt->fetch(PDO::FETCH_ASSOC)){
$system_account = sanitize_system_account($account['system_account']);
if($system_account === false){
echo "ERROR: Account $account[system_account] looks strange\n";
printf(_("ERROR: Account %s looks strange").PHP_EOL, $account['system_account']);
continue;
}
exec('quotatool -u '. escapeshellarg($system_account) . ' -i -q ' . escapeshellarg($account['quota_files']) . ' -l ' . escapeshellarg($account['quota_files']) . ' ' . HOME_MOUNT_PATH);

6
var/www/find_old.php
View File

@ -9,7 +9,7 @@ $update=$db->prepare('UPDATE disk_quota SET quota_size_used = ?, quota_files_use
foreach($all_accounts as $tmp){
$system_account = sanitize_system_account($tmp['system_account']);
if($system_account === false){
echo "ERROR: Account $tmp[system_account] looks strange\n";
printf(_("ERROR: Account %s looks strange").PHP_EOL, $tmp['system_account']);
continue;
}
$quota = shell_exec('quota -pu ' . escapeshellarg($tmp['system_account']));
@ -25,7 +25,7 @@ foreach($all_accounts as $tmp){
foreach($all_accounts as $tmp){
$system_account = sanitize_system_account($tmp['system_account']);
if($system_account === false){
echo "ERROR: Account $tmp[system_account] looks strange\n";
printf(_("ERROR: Account %s looks strange").PHP_EOL, $tmp['system_account']);
continue;
}
exec('find '.escapeshellarg("/home/$tmp[system_account]/tmp").' -path '.escapeshellarg("/home/$tmp[system_account]/tmp/*").' -cmin +1440 -delete');
@ -41,7 +41,7 @@ $all=$stmt->fetchAll(PDO::FETCH_ASSOC);
foreach($all as $tmp){
$system_account = sanitize_system_account($tmp['system_account']);
if($system_account === false){
echo "ERROR: Account $tmp[system_account] looks strange\n";
printf(_("ERROR: Account %s looks strange").PHP_EOL, $tmp['system_account']);
continue;
}
//check modification times

109
var/www/html/admin.php
View File

@ -6,9 +6,9 @@ session_start(['name'=>'hosting_admin']);
if($_SERVER['REQUEST_METHOD']==='HEAD'){
exit; // headers sent, no further processing needed
}
print_header('Admin panel', 'td{padding:5px;}', '_blank');
print_header(_('Admin panel'), 'td{padding:5px;}', '_blank');
?>
<h1>Hosting - Admin panel</h1>
<h1><?php echo _('Hosting - Admin panel'); ?></h1>
<?php
$error=false;
if($_SERVER['REQUEST_METHOD']==='POST' && isset($_POST['pass']) && $_POST['pass']===ADMIN_PASSWORD){
@ -19,26 +19,26 @@ if($_SERVER['REQUEST_METHOD']==='POST' && isset($_POST['pass']) && $_POST['pass'
}
if(empty($_SESSION['logged_in'])){
echo '<form action="' . $_SERVER['SCRIPT_NAME'] . '" method="POST" target="_self"><table>';
echo "<tr><td>Password </td><td><input type=\"password\" name=\"pass\" size=\"30\" required autofocus></td></tr>";
echo '<tr><td>'._('Password').' </td><td><input type="password" name="pass" size="30" required autofocus></td></tr>';
send_captcha();
echo "<tr><td colspan=\"2\"><input type=\"submit\" name=\"action\" value=\"login\"></td></tr>";
echo '<tr><td colspan="2"><button type="submit" name="action" value="login">'._('Login').'</button></td></tr>';
echo '</table></form>';
if($error){
echo "<p style=\"color:red;\">$error</p>";
echo '<p role="alert" style="color:red">'.$error.'</p>';
}elseif(isset($_POST['pass'])){
echo "<p style=\"color:red;\">Wrong password!</p>";
echo '<p role="alert" style="color:red">'._('Wrong password!').'</p>';
}
echo '<p>If you disabled cookies, please re-enable them. You can\'t log in without!</p>';
echo '<p>'._("If you disabled cookies, please re-enable them. You can't log in without!").'</p>';
}else{
echo '<p>';
if(REQUIRE_APPROVAL){
$stmt=$db->query('SELECT COUNT(*) FROM new_account WHERE approved=0;');
$cnt=$stmt->fetch(PDO::FETCH_NUM)[0];
echo '<a href="' . $_SERVER['SCRIPT_NAME'] . "?action=approve\" target=\"_self\">Approve pending sites ($cnt)</a> | ";
echo '<a href="' . $_SERVER['SCRIPT_NAME'] . '?action=approve" target="_self">'.sprintf(_('Approve pending sites (%s)'), $cnt).'</a> | ';
}
echo '<a href="' . $_SERVER['SCRIPT_NAME'] . '?action=list" target="_self">List of accounts</a> | <a href="' . $_SERVER['SCRIPT_NAME'] . '?action=delete" target="_self">Delete accounts</a> | <a href="' . $_SERVER['SCRIPT_NAME'] . '?action=suspend" target="_self">Suspend hidden services</a> | <a href="' . $_SERVER['SCRIPT_NAME'] . '?action=edit" target="_self">Edit hidden services</a> | <a href="' . $_SERVER['SCRIPT_NAME'] . '?action=logout" target="_self">Logout</a></p>';
echo '<a href="' . $_SERVER['SCRIPT_NAME'] . '?action=list" target="_self">'._('List of accounts').'</a> | <a href="' . $_SERVER['SCRIPT_NAME'] . '?action=delete" target="_self">'._('Delete accounts').'</a> | <a href="' . $_SERVER['SCRIPT_NAME'] . '?action=suspend" target="_self">'._('Suspend hidden services').'</a> | <a href="' . $_SERVER['SCRIPT_NAME'] . '?action=edit" target="_self">'._('Edit hidden services').'</a> | <a href="' . $_SERVER['SCRIPT_NAME'] . '?action=logout" target="_self">'._('Logout').'</a></p>';
if(empty($_REQUEST['action']) || $_REQUEST['action']==='login'){
echo '<p>Welcome to the admin panel!</p>';
echo '<p>'._('Welcome to the admin panel!').'</p>';
}elseif($_REQUEST['action'] === 'logout'){
session_destroy();
header('Location: ' . $_SERVER['SCRIPT_NAME']);
@ -47,9 +47,9 @@ if(empty($_SESSION['logged_in'])){
echo '<form action="' . $_SERVER['SCRIPT_NAME'] . '" method="POST">';
echo '<input type="hidden" name="csrf_token" value="' . $_SESSION['csrf_token'] . '">';
echo '<table border="1">';
echo '<tr><th>Username</th><th>Onion link</th><th>Action</th></tr>';
echo '<tr><th>'._('Username').'</th><th>'._('Onion link').'</th><th>'._('Action').'</th></tr>';
$stmt=$db->query('SELECT users.username, onions.onion, onions.enabled FROM users INNER JOIN onions ON (onions.user_id=users.id) ORDER BY users.username;');
$sccounts = [];
$accounts = [];
while($tmp=$stmt->fetch(PDO::FETCH_NUM)){
$accounts[$tmp[0]] []= [$tmp[1], $tmp[2]];
}
@ -68,43 +68,38 @@ if(empty($_SESSION['logged_in'])){
echo "$onion[0].onion";
}
}
echo "</td><td><button type=\"submit\" name=\"action\" value=\"edit_{$onions[0][0]}\">Edit</button><button type=\"submit\" name=\"action\" value=\"delete_{$onions[0][0]}\">Delete</button><button type=\"submit\" name=\"action\" value=\"suspend_{$onions[0][0]}\">Suspend</button></td></tr>";
echo '</td><td><button type="submit" name="action" value="edit_'.$onions[0][0].'">'._('Edit').'</button><button type="submit" name="action" value="delete_'.$onions[0][0].'">'._('Delete').'</button><button type="submit" name="action" value="suspend_'.$onions[0][0].'">'._('Suspend').'</button></td></tr>';
}
echo '</table></form>';
}elseif(substr($_REQUEST['action'], 0, 7) === 'approve'){
}elseif( str_starts_with( $_REQUEST[ 'action' ], 'approve' ) ){
$onion = substr($_REQUEST['action'], 8);
if(!empty($onion)){
if($error=check_csrf_error()){
echo '<p style="color:red;">'.$error.'</p>';
echo '<p role="alert" style="color:red">'.$error.'</p>';
}else{
$stmt=$db->prepare('UPDATE new_account INNER JOIN onions ON (onions.user_id=new_account.user_id) SET new_account.approved=1 WHERE onions.onion=?;');
$stmt->execute([$onion]);
echo '<p style="color:green;">Successfully approved</p>';
echo '<p role="alert" style="color:green">'._('Successfully approved').'</p>';
}
}
echo '<form action="' . $_SERVER['SCRIPT_NAME'] . '" method="POST" target="_self">';
echo '<input type="hidden" name="csrf_token" value="' . $_SESSION['csrf_token'] . '">';
echo '<table border="1">';
echo '<tr><th>Username</th><th>Onion address</th><th>Action</th></tr>';
echo '<tr><th>'._('Username').'</th><th>'._('Onion address').'</th><th>'._('Action').'</th></tr>';
$stmt=$db->query('SELECT users.username, onions.onion FROM users INNER JOIN new_account ON (users.id=new_account.user_id) INNER JOIN onions ON (onions.user_id=users.id) WHERE new_account.approved=0 ORDER BY users.username;');
while($tmp=$stmt->fetch(PDO::FETCH_NUM)){
echo "<tr><td>$tmp[0]</td><td><a href=\"http://$tmp[1].onion\">$tmp[1].onion</a></td><td><button type=\"submit\" name=\"action\" value=\"approve_$tmp[1]\">Approve</button><button type=\"submit\" name=\"action\" value=\"delete_$tmp[1]\">Delete</button></td></tr>";
echo "<tr><td>$tmp[0]</td><td><a href=\"http://$tmp[1].onion\">$tmp[1].onion</a></td><td><button type=\"submit\" name=\"action\" value=\"approve_$tmp[1]\">"._('Approve').'</button><button type="submit" name="action" value="delete_'.$tmp[1].'">'._('Delete').'</button></td></tr>';
}
echo '</table></form>';
}elseif(substr($_REQUEST['action'], 0, 6) === 'delete'){
$onion = '';
if(isset($_POST['onion'])){
$onion = $_POST['onion'];
}else{
$onion = substr($_REQUEST['action'], 7);
}
echo '<p>Delete accouts:</p>';
}elseif( str_starts_with( $_REQUEST[ 'action' ], 'delete' ) ){
$onion = $_POST[ 'onion' ] ?? substr( $_REQUEST[ 'action' ], 7 );
echo '<p>'._('Delete accounts:').'</p>';
echo '<form action="' . $_SERVER['SCRIPT_NAME'] . '" method="POST" target="_self">';
echo '<input type="hidden" name="csrf_token" value="' . $_SESSION['csrf_token'] . '">';
echo '<p>Onion address: <input type="text" name="onion" size="30" value="';
echo '<p>'._('Onion address:').' <input type="text" name="onion" size="30" value="';
echo htmlspecialchars($onion);
echo '" required autofocus></p>';
echo '<input type="submit" name="action" value="delete"></form><br>';
echo '<button type="submit" name="action" value="delete">'._('Delete').'</button></form><br>';
if(!empty($onion)){
if($error=check_csrf_error()){
echo '<p style="color:red;">'.$error.'</p>';
@ -114,63 +109,53 @@ if(empty($_SESSION['logged_in'])){
if($user_id=$stmt->fetch(PDO::FETCH_NUM)){
$stmt=$db->prepare('UPDATE users SET todelete=1 WHERE id=?;');
$stmt->execute($user_id);
echo "<p style=\"color:green;\">Successfully queued for deletion!</p>";
echo '<p role="alert" style="color:green">'._('Successfully queued for deletion!').'</p>';
}else{
echo "<p style=\"color:red;\">Onion address not hosted by us!</p>";
echo '<p role="alert" style="color:red">'._('Onion address not hosted by us!').'</p>';
}
}else{
echo "<p style=\"color:red;\">Invalid onion address!</p>";
echo '<p role="alert" style="color:red">'._('Invalid onion address!').'</p>';
}
}
}elseif(substr($_REQUEST['action'], 0, 7) === 'suspend'){
$onion = '';
if(isset($_POST['onion'])){
$onion = $_POST['onion'];
}else{
$onion = substr($_REQUEST['action'], 8);
}
echo '<p>Suspend hidden service:</p>';
}elseif( str_starts_with( $_REQUEST[ 'action' ], 'suspend' ) ){
$onion = $_POST[ 'onion' ] ?? substr( $_REQUEST[ 'action' ], 8 );
echo '<p>'._('Suspend hidden service:').'</p>';
echo '<form action="' . $_SERVER['SCRIPT_NAME'] . '" method="POST" target="_self">';
echo '<input type="hidden" name="csrf_token" value="' . $_SESSION['csrf_token'] . '">';
echo '<p>Onion address: <input type="text" name="onion" size="30" value="';
echo '<p>'._('Onion address:').' <input type="text" name="onion" size="30" value="';
echo htmlspecialchars($onion);
echo '" required autofocus></p>';
echo '<input type="submit" name="action" value="suspend"></form><br>';
echo '<button type="submit" name="action" value="suspend">'._('Suspend').'</button></form><br>';
if(!empty($onion)){
if($error=check_csrf_error()){
echo '<p style="color:red;">'.$error.'</p>';
echo '<p role="alert" style="color:red">'.$error.'</p>';
}elseif(preg_match('~^([a-z2-7]{16}|[a-z2-7]{56})(\.onion)?$~', $onion, $match)){
$stmt=$db->prepare('SELECT instance FROM onions WHERE onion=?;');
$stmt->execute([$match[1]]);
if($instance=$stmt->fetch(PDO::FETCH_NUM)){
$stmt=$db->prepare('UPDATE onions SET enabled=-2 WHERE onion=?;');
$stmt->execute([$match[1]]);
echo "<p style=\"color:green;\">Successfully queued for suspension!</p>";
echo '<p role="alert" style="color:green">'._('Successfully queued for suspension!').'</p>';
enqueue_instance_reload($instance[0]);
}else{
echo "<p style=\"color:red;\">Onion address not hosted by us!</p>";
echo '<p role="alert" style="color:red">'._('Onion address not hosted by us!').'</p>';
}
}else{
echo "<p style=\"color:red;\">Invalid onion address!</p>";
echo '<p role="alert" style="color:red">'._('Invalid onion address!').'</p>';
}
}
}elseif(substr($_REQUEST['action'], 0, 4) === 'edit'){
$onion = '';
if(isset($_POST['onion'])){
$onion = $_POST['onion'];
}else{
$onion = substr($_REQUEST['action'], 5);
}
echo '<p>Edit hidden service:</p>';
}elseif( str_starts_with( $_REQUEST[ 'action' ], 'edit' ) ){
$onion = $_POST[ 'onion' ] ?? substr( $_REQUEST[ 'action' ], 5 );
echo '<p>'._('Edit hidden service:').'</p>';
echo '<form action="' . $_SERVER['SCRIPT_NAME'] . '" method="POST" target="_self">';
echo '<input type="hidden" name="csrf_token" value="' . $_SESSION['csrf_token'] . '">';
echo '<p>Onion address: <input type="text" name="onion" size="30" value="';
echo '<p>'._('Onion address:').' <input type="text" name="onion" size="30" value="';
echo htmlspecialchars($onion);
echo '" required autofocus></p>';
echo '<input type="submit" name="action" value="edit"></form><br>';
if(!empty($onion)){
if($error=check_csrf_error()){
echo '<p style="color:red;">'.$error.'</p>';
echo '<p role="alert" style="color:red">'.$error.'</p>';
}elseif(preg_match('~^([a-z2-7]{16}|[a-z2-7]{56})(\.onion)?$~', $onion, $match)){
if(isset($_POST['num_intros'])){
$stmt=$db->prepare('SELECT version, instance FROM onions WHERE onion=?;');
@ -195,7 +180,7 @@ if(empty($_SESSION['logged_in'])){
}
$stmt->execute([$enabled, $enable_smtp, $num_intros, $max_streams, $match[1]]);
enqueue_instance_reload($onion[1]);
echo "<p style=\"color:green;\">Changes successfully saved!</p>";
echo '<p role="alert" style="color:green">'._('Changes successfully saved!').'</p>';
}
}
$stmt=$db->prepare('SELECT onion, enabled, enable_smtp, num_intros, max_streams, version FROM onions WHERE onion=?;');
@ -203,22 +188,22 @@ if(empty($_SESSION['logged_in'])){
if($onion=$stmt->fetch(PDO::FETCH_NUM)){
echo '<form action="' . $_SERVER['SCRIPT_NAME'] . '" method="POST" target="_self">';
echo '<input type="hidden" name="csrf_token" value="' . $_SESSION['csrf_token'] . '">';
echo '<table border="1"><tr><th>Onion</th><th>Enabled</th><th>SMTP enabled</th><th>Nr. of intros</th><th>Max streams per rend circuit</th><th>Save</th></tr>';
echo '<table border="1"><tr><th>'._('Onion').'</th><th>'._('Enabled').'</th><th>'._('SMTP enabled').'</th><th>'._('Nr. of intros').'</th><th>'._('Max streams per rend circuit').'</th><th>'._('Save').'</th></tr>';
echo '<tr><td><input type="text" name="onion" size="15" value="'.$onion[0].'" required autofocus></td>';
echo '<td><label><input type="checkbox" name="enabled" value="1"';
echo $onion[1] ? ' checked' : '';
echo '>Enabled</label></td>';
echo '>'._('Enabled').'</label></td>';
echo '<td><label><input type="checkbox" name="enable_smtp" value="1"';
echo $onion[2] ? ' checked' : '';
echo '>Enabled</label></td>';
echo '>'._('Enabled').'</label></td>';
echo '<td><input type="number" name="num_intros" min="3" max="20" value="'.$onion[3].'"></td>';
echo '<td><input type="number" name="max_streams" min="0" max="65535" value="'.$onion[4].'"></td>';
echo '<td><button type="submit" name="action" value="edit">Save</button></td></tr>';
echo '<td><button type="submit" name="action" value="edit">'._('Save').'</button></td></tr>';
}else{
echo "<p style=\"color:red;\">Onion address not hosted by us!</p>";
echo '<p role="alert" style="color:red">'._('Onion address not hosted by us!').'</p>';
}
}else{
echo "<p style=\"color:red;\">Invalid onion address!</p>";
echo '<p role="alert" style="color:red">'._('Invalid onion address!').'</p>';
}
}
}

14
var/www/html/coinpayments_ipn.php
View File

@ -2,28 +2,28 @@
require('../common.php');
if(!ENABLE_UPGRADES){
die('Upgrades disabled');
die(_('Upgrades disabled'));
}
if(!COINPAYMENTS_ENABLED){
die('CoinPayments disabled');
die(_('CoinPayments disabled'));
}
if(empty($_SERVER['HTTP_HMAC'])){
die("No HMAC signature sent");
die(_('No HMAC signature sent'));
}
$merchant = $_POST['merchant'] ?? '';
if(empty($merchant)){
die("No Merchant ID passed");
die(_('No Merchant ID passed'));
}
if($merchant !== COINPAYMENTS_MERCHANT_ID){
die("Invalid Merchant ID");
die(_('Invalid Merchant ID'));
}
$request = file_get_contents('php://input');
if(empty($request)){
die("Error reading POST data");
die(_('Error reading POST data'));
}
$hmac = hash_hmac("sha512", $request, COINPAYMENTS_IPN_SECRET);
if($hmac !== $_SERVER['HTTP_HMAC']){
die("HMAC signature does not match");
die(_('HMAC signature does not match'));
}
$db = get_db_instance();
$status = 0;

12
var/www/html/delete.php
View File

@ -5,9 +5,9 @@ $user=check_login();
$msg='';
if($_SERVER['REQUEST_METHOD']==='POST'){
if($error=check_csrf_error()){
$msg.='<p style="color:red;">'.$error.'</p>';
$msg.='<p role="alert" style="color:red">'.$error.'</p>';
}elseif(!isset($_POST['pass']) || !password_verify($_POST['pass'], $user['password'])){
$msg.='<p style="color:red;">Wrong password.</p>';
$msg.='<p role="alert" style="color:red">'._('Wrong password!').'</p>';
}else{
$stmt=$db->prepare('UPDATE users SET todelete=1 WHERE id=?;');
$stmt->execute([$user['id']]);
@ -19,11 +19,11 @@ if($_SERVER['REQUEST_METHOD']==='POST'){
header('Content-Type: text/html; charset=UTF-8');
print_header('Delete account');
?>
<p>This will delete your account and all data asociated with it. It can't be un-done. Are you sure?</p>
<p><?php echo _("This will delete your account and all data associated with it. It can't be un-done. Are you sure?"); ?></p>
<?php echo $msg; ?>
<form method="POST" action="delete.php"><input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>"><table>
<tr><td>Enter your account password to confirm</td><td><input type="password" name="pass" required autofocus></td></tr>
<tr><td colspan="2"><input type="submit" value="Delete"></td></tr>
<tr><td><?php echo _('Enter your account password to confirm'); ?></td><td><input type="password" name="pass" required autofocus></td></tr>
<tr><td colspan="2"><button type="submit"><?php echo _('Delete'); ?></button></td></tr>
</table></form>
<p><a href="home.php">No, don't delete.</a></p>
<p><a href="home.php"><?php echo _("No, don't delete."); ?></a></p>
</body></html>

23
var/www/html/faq.php
View File

@ -1,20 +1,19 @@
<?php
require('../common.php');
header('Content-Type: text/html; charset=UTF-8');
header('X-Accel-Expires: 60');
print_header('FAQ');
print_header(_('FAQ'));
?>
<h1>Hosting - FAQ</h1>
<h1><?php echo _('Hosting - FAQ'); ?></h1>
<?php main_menu('faq.php'); ?>
<table border="1">
<tr><th>Question</th><th>Answer</th></tr>
<tr><td>Your rules are so strict. Can't you make an exception for my site?</td><td>No, I will not make exceptions for any site and neither am I corruptible by offering me money. Once I start making an exception for your site, I would have to for every other site as well which is the same as if the rules didn't exist.</td></tr>
<tr><td>I have an .htaccess file, but it doesn't work. How can I fix it?</td><td>.htaccess files are meant for Apache2 webservers. My server is based on NginX, which is much faster due to using static configuration files and not reading files like .htaccess at runtime. You can <a href="https://danwin1210.me/contact.php">contact me</a> and tell me your sites address where the .htaccess file is. I will then check your .htaccess and convert the rules to NginX rules and apply those.</td></tr>
<tr><td>I just uploaded my page, but it's broken. HELP!</td><td>Most likely your site makes use of rewriting rules, which are typically located in an .htaccess file or are mentioned in a README file. Just <a href="https://danwin1210.me/contact.php">contact me</a> in this case. Also see the previous question.</td></tr>
<tr><td>Can I host a porn site?</td><td>Yes as long as your content is legal you may upload adult content.</td></tr>
<tr><td>What is the directory structure for when I connect via sftp?</td><td>There are several directories you on the server for your account:<br><b>Maildir</b> - used to store your mails in (don't touch it)<br><b>data</b> - You can store application data here that should not be accessible via your site. E.g. configuration or database files.<br><b>tmp</b> - anything saved here will automatically be deleted after about 24 hours<br><b>www</b> - this is where you upload your website which becomes then available under your domain.<br><b>logs</b> - you will find webserver logs here<br><b>.ssh</b> - by uploading your ssh public key as authorzed_keys in this folder, you can authenticate to sftp using your ssh key, without a password</td></tr>
<tr><td>My application is very ressource intensive, or I want to host a different service e.g. my own tor relay. Can you get me a VPS?</td><td>Yes, if you have special requirements, want a dedicated VPS for your application or just want to anonymously support the TOR network (or other networks) without having to deal with server setup etc. I can offer you a managed VPS hosting. However, this will not be for free. It depends on which server you want me to get. For details, <a href="https://danwin1210.me/contact.php">contact me</a></td></tr>
<tr><td>I want to also publish my site on clearnet. Can you offer a clearnet relay?</td><td>Yes, I can offer you a free subdomain on my server, e.g. yoursite.danwin1210.me, which you can configure in your dashboard. Or if you have your own domain you can use that one, point your DNS settings to the IPs given in your dashboard and <a href="https://danwin1210.me/contact.php">contact me</a> for setting up an SSL certificate for your domain.</td></tr>
<tr><td>I'm using CloudFlare, but when I open my site, it shows too many redirects.</td><td>By default CloudFlare makes unencrypted requests to the backend server, but my server tells any client that wants an insecure connection to upgrade to a secure connection and use https:// instead of http://. CloudFlare just forwards this redirection to the client, which then again asks CloudFlare for the same thing again, but CloudFlare still connects to my server via an insecure http:// connection. To fix this, go to your CloudFlare dashboard and manage your domains settings. Under "Crypto" you can find settings for SSL. Change the setting from Flexible to Full, which makes CloudFlare use a secure https:// connection when talking to my server.</td></tr>
<tr><th><?php echo _('Question'); ?></th><th><?php echo _('Answer'); ?></th></tr>
<tr><td><?php echo _("Your rules are so strict. Can't you make an exception for my site?"); ?></td><td><?php echo _("No, I will not make exceptions for any site and neither am I corruptible by offering me money. Once I start making an exception for your site, I would have to for every other site as well which is the same as if the rules didn't exist."); ?></td></tr>
<tr><td><?php echo _("I have an .htaccess file, but it doesn't work. How can I fix it?"); ?></td><td><?php printf(_('.htaccess files are meant for Apache2 webservers. My server is based on NginX, which is much faster due to using static configuration files and not reading files like .htaccess at runtime. You can <a href="%s">contact me</a> and tell me your sites address where the .htaccess file is. I will then check your .htaccess and convert the rules to NginX rules and apply those.'), CONTACT_URL); ?></td></tr>
<tr><td><?php echo _("I just uploaded my page, but it's broken. HELP!"); ?></td><td><?php printf(_('Most likely your site makes use of rewriting rules, which are typically located in an .htaccess file or are mentioned in a README file. Just <a href="%s">contact me</a> in this case. Also see the previous question.'), CONTACT_URL); ?></td></tr>
<tr><td><?php echo _('Can I host a porn site?'); ?></td><td><?php echo _('Yes as long as your content is legal you may upload adult content.'); ?></td></tr>
<tr><td><?php echo _('What is the directory structure for when I connect via sftp?'); ?></td><td><?php echo _("There are several directories you on the server for your account:<br><b>Maildir</b> - used to store your mails in (don't touch it)<br><b>data</b> - You can store application data here that should not be accessible via your site. E.g. configuration or database files.<br><b>tmp</b> - anything saved here will automatically be deleted after about 24 hours<br><b>www</b> - this is where you upload your website which becomes then available under your domain.<br><b>logs</b> - you will find webserver logs here<br><b>.ssh</b> - by uploading your ssh public key as authorized_keys in this folder, you can authenticate to sftp using your ssh key, without a password"); ?></td></tr>
<tr><td><?php echo _('My application is very ressource intensive, or I want to host a different service e.g. my own tor relay. Can you get me a VPS?'); ?></td><td><?php echo printf(_('Yes, if you have special requirements, want a dedicated VPS for your application or just want to anonymously support the Tor network (or other networks) without having to deal with server setup etc. I can offer you a managed VPS hosting. However, this will not be for free. It depends on which server you want me to get. For details, <a href="%s">contact me</a>'), CONTACT_URL); ?></td></tr>
<tr><td><?php echo _('I want to also publish my site on clearnet. Can you offer a clearnet relay?'); ?></td><td><?php printf(_('Yes, I can offer you a free subdomain of %1$s, which you can configure in your dashboard. Or if you have your own domain you can use that one, point your DNS settings to the IPs given in your dashboard and <a href="%2$s">contact me</a> for setting up an SSL certificate for your domain.'), CLEARNET_SUBDOMAINS, CONTACT_URL); ?></td></tr>
<tr><td><?php echo _("I'm using CloudFlare, but when I open my site, it shows too many redirects."); ?></td><td><?php echo _('By default CloudFlare makes unencrypted requests to the backend server, but my server tells any client that wants an insecure connection to upgrade to a secure connection and use https:// instead of http://. CloudFlare just forwards this redirection to the client, which then again asks CloudFlare for the same thing again, but CloudFlare still connects to my server via an insecure http:// connection. To fix this, go to your CloudFlare dashboard and manage your domains settings. Under "Crypto" you can find settings for SSL. Change the setting from Flexible to Full, which makes CloudFlare use a secure https:// connection when talking to my server.'); ?></td></tr>
</table>
</body></html>

78
var/www/html/files.php
View File

@ -9,7 +9,7 @@ if(empty($_SESSION['sftp_pass'])){
send_login();
exit;
}
$ssh=ssh2_connect('127.0.0.1') or die ('No Connection to SFTP server!');
$ssh=ssh2_connect('127.0.0.1') or die (_('No Connection to SFTP server!'));
if(@!ssh2_auth_password($ssh, $user['system_account'], $_SESSION['sftp_pass'])){
send_login();
exit;
@ -119,21 +119,21 @@ if(!is_dir("ssh2.sftp://$sftp$dir")){
exit;
}
if(!empty($_POST['mkdir']) && !empty($_POST['name'])){
if(isset($_POST['mkdir']) && !empty($_POST['name'])){
if($error=check_csrf_error()){
die($error);
}
ssh2_sftp_mkdir($sftp, "$dir/$_POST[name]", 0750);
}
if(!empty($_POST['mkfile']) && !empty($_POST['name'])){
if(isset($_POST['mkfile']) && !empty($_POST['name'])){
if($error=check_csrf_error()){
die($error);
}
file_put_contents("ssh2.sftp://$sftp$dir$_POST[name]", '');
}
if(!empty($_POST['delete']) && !empty($_POST['files'])){
if(isset($_POST['delete']) && !empty($_POST['files'])){
if($error=check_csrf_error()){
die($error);
}
@ -142,7 +142,7 @@ if(!empty($_POST['delete']) && !empty($_POST['files'])){
}
}
if(!empty($_POST['rename_2']) && !empty($_POST['files'])){
if(isset($_POST['rename_2']) && !empty($_POST['files'])){
if($error=check_csrf_error()){
die($error);
}
@ -151,7 +151,7 @@ if(!empty($_POST['rename_2']) && !empty($_POST['files'])){
}
}
if(!empty($_POST['rename']) && !empty($_POST['files'])){
if(isset($_POST['rename']) && !empty($_POST['files'])){
if($error=check_csrf_error()){
die($error);
}
@ -159,7 +159,7 @@ if(!empty($_POST['rename']) && !empty($_POST['files'])){
exit;
}
if(!empty($_POST['edit_2']) && !empty($_POST['files'])){
if(isset($_POST['edit_2']) && !empty($_POST['files'])){
if($error=check_csrf_error()){
die($error);
}
@ -168,7 +168,7 @@ if(!empty($_POST['edit_2']) && !empty($_POST['files'])){
}
}
if(!empty($_POST['edit']) && !empty($_POST['files'])){
if(isset($_POST['edit']) && !empty($_POST['files'])){
if($error=check_csrf_error()){
die($error);
}
@ -176,7 +176,7 @@ if(!empty($_POST['edit']) && !empty($_POST['files'])){
exit;
}
if(!empty($_POST['unzip']) && !empty($_POST['files'])){
if(isset($_POST['unzip']) && !empty($_POST['files'])){
if($error=check_csrf_error()){
die($error);
}
@ -264,12 +264,12 @@ $style = '.list td:nth-child(3){word-break:break-all;} .list td:nth-child(5){tex
.doc{min-width:22px; background:no-repeat url(data:img/gif;base64,R0lGODlhFAAWAPL/AAAAADMzM/8zM5lmM//MM2bM/5mZmf///yH5BAUAAAgALAAAAAAUABYAAARvMMhJJ7oYhcO730F2bV5JhtlZceSBjixBFDT7YedMFxwQ+ECYa1c7AI5IgDAwaDY9hqhBqWE5n9AotVXqHqZCbxdcNSbPHTJXnN72zsl2mC0vcwTmOEdNL/E7eHB1a3R/fXtbAVKLjFE/GXCRSBcRADs=);}
.txt{min-width:22px; background:no-repeat url(data:img/gif;base64,R0lGODlhFAAWAPH/AAAAADMzM5mZmf///yH5BAUAAAQALAAAAAAUABYAAANYGLq89JCEQaudIb5pO88R11UiuI3XBXFA61JAEM8nCrtujbeW4AuAmq3yC0puuxcFKBwSjaykcsA8OntQpPTZvFZF2un3iu1ul1kyuuv8Bn7wuE8WkdqNCQA7);}
.sh{min-width:22px; background:no-repeat url(data:img/gif;base64,R0lGODlhFAAWAPH/AAAAADMzM5mZmf///yH5BAUAAAQALAAAAAAUABYAAANgGLq89JCEQaudIb5pO88R11UiuFXAkJIXxAEwjAYATZ9UuuZxjPc7imAoAOBUyBHRKBk5hUzR01L8AXuVanPa0b6usWyU2x2rwDLokTzw8tDiNdnNVksCxLx+eIOg0Q8JADs=);}';
print_header('FileManager - Index of '.$dir, $style);
print_header(sprintf(_('FileManager - Index of %s'), $dir), $style);
$dir=htmlspecialchars($dir);
?>
<h1>Index of <?php echo $dir; ?></h1>
<h1><?php printf(_('Index of %s'), $dir); ?></h1>
<?php if($dir!=='/'){ ?>
<p>Upload up to 1GB and up to 100 files at once <form action="files.php" enctype="multipart/form-data" method="post"><input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>"><input name="files[]" type="file" multiple><input type="hidden" name="path" value="<?php echo $dir; ?>"><input type="submit" value="Upload"></form></p><br>
<p><?php echo _('Upload up to 1GB and up to 100 files at once'); ?> <form action="files.php" enctype="multipart/form-data" method="post"><input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>"><input name="files[]" type="file" multiple><input type="hidden" name="path" value="<?php echo $dir; ?>"><button type="submit"><?php echo _('Upload'); ?></button></form></p><br>
<?php
}
$fileurl='A';
@ -288,22 +288,22 @@ if($order==='A'){
?>
<form action="files.php" method="post">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>">
<input type="submit" name="mkdir" value="Create directory">
<input type="submit" name="mkfile" value="Create file">
<input type="text" name="name"><br><br>
<button type="submit" name="mkdir"><?php echo _('Create directory'); ?></button>
<button type="submit" name="mkfile"><?php echo _('Create file'); ?></button>
<input type="text" name="name" aria-label="<?php echo _('Filename'); ?>" placeholder="<?php echo _('Filename'); ?>"><br><br>
<input type="hidden" name="path" value="<?php echo $dir; ?>">
<input type="submit" name="delete" value="Delete">
<input type="submit" name="rename" value="Rename">
<input type="submit" name="edit" value="Edit">
<input type="submit" name="unzip" value="Unzip"><br>
<button type="submit" name="delete"><?php echo _('Delete'); ?></button>
<button type="submit" name="rename"><?php echo _('Rename'); ?></button>
<button type="submit" name="edit"><?php echo _('Edit'); ?></button>
<button type="submit" name="unzip"><?php echo _('Unzip'); ?></button><br>
<table class="list"><tr>
<th></th><th></th>
<th><a href="files.php?path=<?php echo $dir; ?>&amp;C=N&amp;O=<?php echo $fileurl; ?>">File</a></th>
<th><a href="files.php?path=<?php echo $dir; ?>&amp;C=M&amp;O=<?php echo $dateurl; ?>">Last Modified</a></th>
<th><a href="files.php?path=<?php echo $dir; ?>&amp;C=S&amp;O=<?php echo $sizeurl; ?>">Size</a></th>
<th><a href="files.php?path=<?php echo $dir; ?>&amp;C=N&amp;O=<?php echo $fileurl; ?>"><?php echo _('File'); ?></a></th>
<th><a href="files.php?path=<?php echo $dir; ?>&amp;C=M&amp;O=<?php echo $dateurl; ?>"><?php echo _('Last Modified'); ?></a></th>
<th><a href="files.php?path=<?php echo $dir; ?>&amp;C=S&amp;O=<?php echo $sizeurl; ?>"><?php echo _('Size'); ?></a></th>
</tr>
<tr><td colspan="4"><hr></td></tr>
<tr><td id="checkAllParent"></td><td class="back"></td><td colspan="3"><a href="files.php?path=<?php echo substr($dir, 0, strrpos(rtrim($dir, '/'), '/'))."/&amp;C=$sort&amp;O=$order"?>">Parent Directory</a></td></tr>
<tr><td id="checkAllParent"></td><td class="back"></td><td colspan="3"><a href="files.php?path=<?php echo substr($dir, 0, strrpos(rtrim($dir, '/'), '/'))."/&amp;C=$sort&amp;O=$order"?>"><?php echo _('Parent Directory'); ?></a></td></tr>
<?php
foreach($list as $element){
get_properties($element['name'], $icon, $element['size']);
@ -312,10 +312,10 @@ foreach($list as $element){
?>
<tr><td colspan="4"><hr></td></tr>
</table>
<input type="submit" name="delete" value="Delete">
<input type="submit" name="rename" value="Rename">
<input type="submit" name="edit" value="Edit">
<input type="submit" name="unzip" value="Unzip"><br><br>
<button type="submit" name="delete"><?php echo _('Delete'); ?></button>
<button type="submit" name="rename"><?php echo _('Rename'); ?></button>
<button type="submit" name="edit"><?php echo _('Edit'); ?></button>
<button type="submit" name="unzip"><?php echo _('Unzip'); ?></button><br><br>
</form>
<script>
document.getElementById('checkAllParent').innerHTML = '<input type="checkbox" onclick="toggle(this);">';
@ -343,18 +343,18 @@ function get_properties($name, &$icon, &$size): void
function send_not_found(): void
{
header("HTTP/1.1 404 Not Found");
print_header('FileManager - 404 Not Found');
echo '<p>The requested file '.htmlspecialchars($_REQUEST['path']).' was not found on your account.</p>';
echo '<p><a href="files.php">Go back to home directory</a>.</p>';
print_header(_('FileManager - 404 Not Found'));
echo '<p>'.sprintf(_('The requested file %s was not found on your account.'), htmlspecialchars($_REQUEST['path'])).'</p>';
echo '<p><a href="files.php">'._('Go back to home directory').'</a></p>';
echo '</body></html>';
}
function send_login(): void
{
print_header('FileManager - Login');
print_header(_('FileManager - Login'));
?>
<p>Please type in your system account password: <form action="files.php" method="post"><input name="sftp_pass" type="password" autofocus><input type="submit" value="Login"></form></p>
<p><a href="home.php">Go back to dashboard</a>.</p>
<p><?php echo _('Please type in your system account password:'); ?> <form action="files.php" method="post"><input name="sftp_pass" type="password" autofocus><input type="submit" value="Login"></form></p>
<p><a href="home.php"><?php echo _('Go back to dashboard'); ?></a></p>
</body></html>
<?php
}
@ -378,7 +378,7 @@ function sftp_recursive_delete($sftp, $dir, $file): void
function send_rename($dir): void
{
print_header('FileManager - Rename file');
print_header(_('FileManager - Rename file'));
echo '<form action="files.php" method="post">';
echo '<input type="hidden" name="csrf_token" value="'.$_SESSION['csrf_token'].'">';
echo '<input type="hidden" name="path" value="'.htmlspecialchars($dir).'">';
@ -387,14 +387,14 @@ function send_rename($dir): void
echo '<tr><td>'.htmlspecialchars($file).'</td><td><input type="text" name="files['.htmlspecialchars($file).']" value='.htmlspecialchars($file).'></td></tr>';
}
echo '</table>';
echo '<input type="submit" name="rename_2" value="rename"></form>';
echo '<p><a href="files.php?path='.htmlspecialchars($dir).'">Go back</a>.</p>';
echo '<button type="submit" name="rename_2">'._('Rename').'</button></form>';
echo '<p><a href="files.php?path='.htmlspecialchars($dir).'">'._('Go back').'</a></p>';
echo '</body></html>';
}
function send_edit($sftp, $dir): void
{
print_header('FileManager - Edit file');
print_header(_('FileManager - Edit file'));
echo '<form action="files.php" method="post">';
echo '<input type="hidden" name="csrf_token" value="'.$_SESSION['csrf_token'].'">';
echo '<input type="hidden" name="path" value="'.htmlspecialchars($dir).'">';
@ -407,7 +407,7 @@ function send_edit($sftp, $dir): void
}
}
echo '</table>';
echo '<input type="submit" name="edit_2" value="Save"></form>';
echo '<p><a href="files.php?path='.htmlspecialchars($dir).'">Go back</a>.</p>';
echo '<button type="submit" name="edit_2">'._('Save').'</button></form>';
echo '<p><a href="files.php?path='.htmlspecialchars($dir).'">'._('Go back').'</a></p>';
echo '</body></html>';
}

112
var/www/html/home.php
View File

@ -13,14 +13,14 @@ if(isset($_POST['action']) && $_POST['action']==='del_db' && !empty($_POST['db']
if($error=check_csrf_error()){
die($error);
}
print_header('Delete database');
print_header(_('Delete database'));
?>
<p>This will delete your database <?php echo htmlspecialchars($_POST['db']); ?> and all data asociated with it. It can't be un-done. Are you sure?</p>
<p><?php printf(_("This will delete your database %s and all data associated with it. It can't be un-done. Are you sure?"), htmlspecialchars($_POST['db'])); ?></p>
<form method="post" action="home.php"><input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>">
<input type="hidden" name="db" value="<?php echo htmlspecialchars($_POST['db']); ?>">
<button type="submit" name="action" value="del_db_2">Yes, delete</button>
<button type="submit" name="action" value="del_db_2"><?php echo _('Yes, delete'); ?></button>
</form>
<p><a href="home.php">No, don't delete.</a></p>
<p><a href="home.php"><?php echo _("No, don't delete"); ?></a></p>
</body></html><?php
exit;
}
@ -34,14 +34,14 @@ if(isset($_POST['action']) && $_POST['action']==='del_onion' && !empty($_POST['o
if($error=check_csrf_error()){
die($error);
}
print_header('Delete onion domain');
print_header(_('Delete onion domain'));
?>
<p>This will delete your onion domain <?php echo htmlspecialchars($_POST['onion']); ?>.onion and all data asociated with it. It can't be un-done. Are you sure?</p>
<p><?php printf(_("This will delete your onion domain %s and all data asociated with it. It can't be un-done. Are you sure?"), htmlspecialchars($_POST['onion']).'.onion'); ?></p>
<form method="post" action="home.php"><input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>">
<input type="hidden" name="onion" value="<?php echo htmlspecialchars($_POST['onion']); ?>">
<button type="submit" name="action" value="del_onion_2">Yes, delete</button>
<button type="submit" name="action" value="del_onion_2"><?php echo _('Yes, delete'); ?></button>
</form>
<p><a href="home.php">No, don't delete.</a></p>
<p><a href="home.php"><?php echo _("No, don't delete"); ?></a></p>
</body></html><?php
exit;
}
@ -56,13 +56,13 @@ if(isset($_POST['action']) && $_POST['action']==='add_onion'){
$onion = $data['onion'];
$onion_version = $data['version'];
if(!$data['ok']){
$msg = "<p style=\"color:red;\">$data[message]</p>";
$msg = '<p role="alert" style="color:red">'.$data['message'].'</p>';
$ok = false;
} else {
$check=$db->prepare('SELECT null FROM onions WHERE onion=?;');
$check->execute([$onion]);
if($check->fetch(PDO::FETCH_NUM)){
$msg = '<p style="color:red;">Error onion already exists.</p>';
$msg = '<p role="alert" style="color:red">'._('Error onion already exists.').'</p>';
$ok = false;
}
}
@ -103,21 +103,21 @@ if(isset($_POST['action']) && $_POST['action']==='add_domain' && !empty($_POST['
}
$error = add_user_domain($user['id'], $_POST['domain']);
if(!empty($error)){
$msg = "<p style=\"color:red;\">$error</p>";
$msg = '<p role="alert" style="color:red">'.$error.'</p>';
}
}
if(isset($_POST['action']) && $_POST['action']==='del_domain' && !empty($_POST['domain'])){
if($error=check_csrf_error()){
die($error);
}
print_header('Delete domain');
print_header(_('Delete domain'));
?>
<p>This will delete your domain <?php echo htmlspecialchars($_POST['domain']); ?> and all data asociated with it. It can't be un-done. Are you sure?</p>
<p><?php printf(_("This will delete your domain %s and all data asociated with it. It can't be un-done. Are you sure?"), htmlspecialchars($_POST['domain'])); ?></p>
<form method="post" action="home.php"><input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>">
<input type="hidden" name="domain" value="<?php echo htmlspecialchars($_POST['domain']); ?>">
<button type="submit" name="action" value="del_domain_2">Yes, delete</button>
<button type="submit" name="action" value="del_domain_2"><?php echo _('Yes, delete'); ?></button>
</form>
<p><a href="home.php">No, don't delete.</a></p>
<p><a href="home.php"><?php echo _("No, don't delete"); ?></a></p>
</body></html><?php
exit;
}
@ -168,15 +168,15 @@ if(isset($_REQUEST['action']) && isset($_POST['domain']) && $_POST['action']==='
enqueue_instance_reload();
}
}
print_header('Dashboard', '#custom_onion:not(checked)+#private_key{display:none;}#custom_onion:checked+#private_key{display:block;}td{padding:5px}meter{width:200px}');
print_header(_('Dashboard'), '#custom_onion:not(checked)+#private_key{display:none;}#custom_onion:checked+#private_key{display:block;}td{padding:5px}meter{width:200px}');
dashboard_menu($user, 'home.php');
if(!empty($msg)){
echo $msg;
}
echo "<p>Enter system account password to check your $user[system_account]@" . ADDRESS . " mail:</td><td><form action=\"squirrelmail/src/redirect.php\" method=\"post\" target=\"_blank\"><input type=\"hidden\" name=\"login_username\" value=\"$user[system_account]\"><input type=\"password\" name=\"secretkey\"><input type=\"submit\" value=\"Login to webmail\"></form></p>";
echo '<h3>Onion domains</h3>';
echo '<p>'.sprintf(_('Enter system account password to check your %s mail:'), $user['system_account'].'@' . ADDRESS).'</td><td><form action="squirrelmail/src/redirect.php" method="post" target="_blank"><input type="hidden" name="login_username" value="'.$user['system_account'].'"><input type="password" name="secretkey"><button type="submit">'._('Login to webmail').'</button></form></p>';
echo '<h3>'._('Onion domains').'</h3>';
echo '<table border="1">';
echo '<tr><th>Onion</th><th>Private key</th><th>Enabled</th><th>SMTP enabled</th><th>Nr. of intros</th><th>Max streams per rend circuit</th><th>Action</th></tr>';
echo '<tr><th>'._('Onion').'</th><th>'._('Private key').'</th><th>'._('Enabled').'</th><th>'._('SMTP enabled').'</th><th>'._('Nr. of intros').'</th><th>'._('Max streams per rend circuit').'</th><th>'._('Action').'</th></tr>';
$stmt=$db->prepare('SELECT onion, private_key, enabled, enable_smtp, num_intros, max_streams FROM onions WHERE user_id = ?;');
$stmt->execute([$user['id']]);
$count_onions = 0;
@ -186,46 +186,46 @@ while($onion=$stmt->fetch(PDO::FETCH_ASSOC)){
if(isset($_REQUEST['show_priv'])){
echo "<pre>$onion[private_key]</pre>";
}else{
echo '<a href="home.php?show_priv=1">Show private key</a>';
echo '<a href="home.php?show_priv=1">'._('Show private key').'</a>';
}
echo '</td><td><label><input type="checkbox" name="enabled" value="1"';
echo $onion['enabled'] ? ' checked' : '';
echo '>Enabled</label></td>';
echo '>'._('Enabled').'</label></td>';
echo '<td><label><input type="checkbox" name="enable_smtp" value="1"';
echo $onion['enable_smtp'] ? ' checked' : '';
echo '>Enabled</label></td>';
echo '>'._('Enabled').'</label></td>';
echo '<td><input type="number" name="num_intros" min="3" max="20" value="'.$onion['num_intros'].'"></td>';
echo '<td><input type="number" name="max_streams" min="0" max="65535" value="'.$onion['max_streams'].'"></td>';
if(in_array($onion['enabled'], [0, 1])){
echo '<td><button type="submit" name="action" value="edit_onion">Save</button>';
echo '<button type="submit" name="action" value="del_onion">Delete</button></td>';
echo '<td><button type="submit" name="action" value="edit_onion">'._('Save').'</button>';
echo '<button type="submit" name="action" value="del_onion">'._('Delete').'</button></td>';
}else{
echo '<td>Unavailable</td>';
echo '<td>'._('Unavailable').'</td>';
}
echo '</tr></form>';
}
if($count_onions<MAX_NUM_USER_ONIONS){
echo "<form action=\"home.php\" method=\"post\"><input type=\"hidden\" name=\"csrf_token\" value=\"$_SESSION[csrf_token]\">";
echo '<tr><td colspan="6">Add additional hidden service:<br>';
echo '<tr><td colspan="6">'._('Add additional hidden service:').'<br>';
echo '<label><input type="radio" name="onion_type" value="3"';
echo (!isset($_POST['onion_type']) || $_POST['onion_type']==3) ? ' checked' : '';
echo '>Random v3 Address</label>';
echo '>'._('Random v3 Address').'</label>';
echo '<label><input type="radio" name="onion_type" value="2"';
echo isset($_POST['onion_type']) && $_POST['onion_type']==2 ? ' checked' : '';
echo '>Random v2 Address</label>';
echo '>'._('Random v2 Address').'</label>';
echo '<label><input id="custom_onion" type="radio" name="onion_type" value="custom"';
echo isset($_POST['onion_type']) && $_POST['onion_type']==='custom' ? ' checked' : '';
echo '>Custom private key';
echo '>'._('Custom private key');
echo '<textarea id="private_key" name="private_key" rows="5" cols="28">';
echo isset($_REQUEST['private_key']) ? htmlspecialchars($_REQUEST['private_key']) : '';
echo '</textarea>';
echo '</label></td><td><button type="submit" name="action" value="add_onion">Add onion</button></td></tr></form>';
echo '</label></td><td><button type="submit" name="action" value="add_onion">'._('Add onion').'</button></td></tr></form>';
}
echo '</table>';
if(MAX_NUM_USER_DOMAINS>0){
echo '<h3>Clearnet domains</h3>';
echo '<h3>'._('Clearnet domains').'</h3>';
echo '<table border="1">';
echo '<tr><th>Domain</th><th>Enabled</th><th>Action</th></tr>';
echo '<tr><th>'._('Domain').'</th><th>'._('Enabled').'</th><th>'._('Action').'</th></tr>';
$stmt=$db->prepare('SELECT domain, enabled FROM domains WHERE user_id = ?;');
$stmt->execute([$user['id']]);
$count_domains = 0;
@ -234,29 +234,29 @@ if(MAX_NUM_USER_DOMAINS>0){
echo "<form action=\"home.php\" method=\"post\"><input type=\"hidden\" name=\"csrf_token\" value=\"$_SESSION[csrf_token]\"><input type=\"hidden\" name=\"domain\" value=\"$domain[domain]\"><tr><td><a href=\"https://$domain[domain]\" target=\"_blank\">$domain[domain]</a></td>";
echo '<td><label><input type="checkbox" name="enabled" value="1"';
echo $domain['enabled'] ? ' checked' : '';
echo '>Enabled</label></td>';
echo '>'._('Enabled').'</label></td>';
if(in_array($domain['enabled'], [0, 1])){
echo '<td><button type="submit" name="action" value="edit_domain">Save</button>';
echo '<button type="submit" name="action" value="del_domain">Delete</button></td>';
echo '<td><button type="submit" name="action" value="edit_domain">'._('Save').'</button>';
echo '<button type="submit" name="action" value="del_domain">'._('Delete').'</button></td>';
}else{
echo '<td>Unavailable</td>';
echo '<td>'._('Unavailable').'</td>';
}
echo '</tr></form>';
}
if($count_domains<MAX_NUM_USER_DOMAINS){
echo "<form action=\"home.php\" method=\"post\"><input type=\"hidden\" name=\"csrf_token\" value=\"$_SESSION[csrf_token]\">";
echo '<tr><td colspan="2">Add additional domain:<br>';
echo '<tr><td colspan="2">'._('Add additional domain:').'<br>';
echo '<input type="text" name="domain" value="';
echo isset($_POST['domain']) ? htmlspecialchars($_POST['domain']) : '';
echo '">';
echo '</td><td><button type="submit" name="action" value="add_domain">Add domain</button></td></tr></form>';
echo '</td><td><button type="submit" name="action" value="add_domain">'._('Add domain').'</button></td></tr></form>';
}
echo '</table>';
echo '<p>To enable your clearnet domain, edit your DNS settings and enter 116.202.17.147 as your A record and 2a01:4f8:c010:d56::1 as your AAAA record. Once you have modified your DNS settings, <a href="https://danwin1210.me/contact.php" target="_blank">contact me</a> to configure the SSL certificate. You may also use any subdomain of danwin1210.me, like yoursite.danwin1210.me</p>';
echo '<p>'.sprintf(_('To enable your clearnet domain, edit your DNS settings and enter %1$s as your A record and %2$s as your AAAA record. Once you have modified your DNS settings, <a href="%3$s" target="_blank">contact me</a> to configure the SSL certificate. You may also use any subdomain of %4$s'), CLEARNET_A, CLEARNET_AAAA, CONTACT_URL, CLEARNET_SUBDOMAINS).'</p>';
}
echo '<h3>MySQL Database</h3>';
echo '<h3>'._('MySQL Database<').'/h3>';
echo '<table border="1">';
echo '<tr><th>Database</th><th>Host</th><th>User</th><th>Action</th></tr>';
echo '<tr><th>'._('Database').'</th><th>'._('Host').'</th><th>'._('User').'</th><th>'._('Action').'</th></tr>';
$stmt=$db->prepare('SELECT mysql_database FROM mysql_databases WHERE user_id = ?;');
$stmt->execute([$user['id']]);
$count_dbs = 0;
@ -266,27 +266,27 @@ while($mysql=$stmt->fetch(PDO::FETCH_ASSOC)){
echo '<input type="hidden" name="csrf_token" value="'.$_SESSION['csrf_token'].'">';
echo '<input type="hidden" name="db" value="'.$mysql['mysql_database'].'">';
echo '<tr><td>'.htmlspecialchars($mysql['mysql_database']).'</td><td>localhost</td><td>'.htmlspecialchars($user['mysql_user']).'</td>';
echo '<td><button type="submit" name="action" value="del_db">Delete</button></td></tr>';
echo '<td><button type="submit" name="action" value="del_db">'._('Delete').'</button></td></tr>';
echo '</form>';
}
echo '</table>';
if($count_dbs<MAX_NUM_USER_DBS){
echo '<p><form action="home.php" method="post"><input type="hidden" name="csrf_token" value="'.$_SESSION['csrf_token'].'"><button type="submit" name="action" value="add_db">Add new database</button></form></p>';
echo '<p><form action="home.php" method="post"><input type="hidden" name="csrf_token" value="'.$_SESSION['csrf_token'].'"><button type="submit" name="action" value="add_db">'._('Add new database').'</button></form></p>';
}
?>
<p><a href="password.php?type=sql">Change MySQL password</a></p>
<p>You can use <a href="/phpmyadmin/" target="_blank">PHPMyAdmin</a> and <a href="/adminer/?username=<?php echo rawurlencode($user['mysql_user']); ?>" target="_blank">Adminer</a> for web based database administration.</p>
<h3>System Account</h3>
<p><a href="password.php?type=sql"><?php echo _('Change MySQL password'); ?></a></p>
<p><?php printf(_('You can use <a href="/phpmyadmin/" target="_blank">PHPMyAdmin</a> and <a href="/adminer/?username=%s" target="_blank">Adminer</a> for web based database administration.'), rawurlencode($user['mysql_user'])); ?></p>
<h3><?php echo _('System Account'); ?></h3>
<table border="1">
<tr><th>Username</th><th>Host</th><th>SFTP Port</th><th>POP3 Port</th><th>IMAP Port</th><th>SMTP port</th></tr>
<tr><th><?php echo _('Username'); ?></th><th><?php echo _('Host'); ?></th><th><?php echo _('SFTP Port'); ?></th><th><?php echo _('POP3 Port'); ?></th><th><?php echo _('IMAP Port'); ?></th><th><?php echo _('SMTP port'); ?></th></tr>
<?php
foreach(SERVERS as $server=>$tmp){
echo "<tr><td>$user[system_account]</td><td>$server</td><td>$tmp[sftp]</td><td>$tmp[pop3]</td><td>$tmp[imap]</td><td>$tmp[smtp]</td></tr>";
}
?>
</table>
<p><a href="password.php?type=sys">Change system account password</a></p>
<p>You can use the <a target="_blank" href="files.php">FileManager</a> for web based file management.</p>
<p><a href="password.php?type=sys"><?php echo _('Change system account password'); ?></a></p>
<p><?php echo _('You can use the <a target="_blank" href="files.php">FileManager</a> for web based file management.'); ?></p>
<?php
$stmt = $db->prepare('SELECT quota_size, quota_size_used, quota_files, quota_files_used FROM disk_quota WHERE user_id = ?;');
$stmt->execute([$user['id']]);
@ -294,14 +294,14 @@ $quota = $stmt->fetch(PDO::FETCH_ASSOC);
$quota_usage = $quota['quota_size_used'] / $quota['quota_size'];
$quota_files_usage = $quota['quota_files_used'] / $quota['quota_files'];
$usage_text = bytes_to_human_readable($quota['quota_size_used'] * 1024) . ' of ' . bytes_to_human_readable($quota['quota_size'] * 1024) . ' - ' . round($quota_usage * 100, 2).'%';
$usage_files_text = "$quota[quota_files_used] of $quota[quota_files] - " . round($quota_files_usage * 100, 2).'%';
$usage_files_text = sprintf(_("%d of %d - %f%%"), $quota['quota_files_used'], $quota['quota_files'], round($quota_files_usage * 100, 2));
?>
<p>Your disk usage: <meter value="<?php echo round($quota_usage, 2); ?>"><?php echo $usage_text; ?></meter> - <?php echo $usage_text; ?> (updated hourly) <?php echo ENABLE_UPGRADES ? '<a href="upgrade.php?upgrade=1g_quota">Upgrade</a>' : ''; ?></p>
<p>Your file number usage: <meter value="<?php echo round($quota_files_usage, 2); ?>"><?php echo $usage_files_text; ?></meter> - <?php echo $usage_files_text; ?> (updated hourly) <?php echo ENABLE_UPGRADES ? '<a href="upgrade.php?upgrade=100k_files_quota">Upgrade</a>' : ''; ?></p>
<h3>Logs</h3>
<p><?php echo _('Your disk usage:'); ?> <meter value="<?php echo round($quota_usage, 2); ?>"><?php echo $usage_text; ?></meter> - <?php printf(_('%s (updated hourly)'), $usage_text); ?> <?php echo ENABLE_UPGRADES ? '<a href="upgrade.php?upgrade=1g_quota">'._('Upgrade').'</a>' : ''; ?></p>
<p><?php echo _('Your file number usage:'); ?> <meter value="<?php echo round($quota_files_usage, 2); ?>"><?php echo $usage_files_text; ?></meter> - <?php printf(_('%s (updated hourly)'), $usage_files_text); ?> <?php echo ENABLE_UPGRADES ? '<a href="upgrade.php?upgrade=100k_files_quota">'._('Upgrade').'</a>' : ''; ?></p>
<h3><?php echo _('Logs'); ?></h3>
<table border="1">
<tr><th>Date</th><th>access.log</th><th>error.log</th></tr>
<tr><td>Today</td><td><a href="log.php?type=access&amp;old=0" target="_blank">access.log</a></td><td><a href="log.php?type=error&amp;old=0" target="_blank">error.log</a></td></tr>
<tr><td>Yesterday</td><td><a href="log.php?type=access&amp;old=1" target="_blank">access.log</a></td><td><a href="log.php?type=error&amp;old=1" target="_blank">error.log</a></td></tr>
<tr><th><?php echo _('Date'); ?></th><th>access.log</th><th>error.log</th></tr>
<tr><td><?php echo _('Today'); ?></td><td><a href="log.php?type=access&amp;old=0" target="_blank">access.log</a></td><td><a href="log.php?type=error&amp;old=0" target="_blank">error.log</a></td></tr>
<tr><td><?php echo _('Yesterday'); ?></td><td><a href="log.php?type=access&amp;old=1" target="_blank">access.log</a></td><td><a href="log.php?type=error&amp;old=1" target="_blank">error.log</a></td></tr>
</table>
</body></html>

69
var/www/html/index.php
View File

@ -1,45 +1,44 @@
<?php
require('../common.php');
header('Content-Type: text/html; charset=UTF-8');
header('X-Accel-Expires: 60');
print_header('Info');
print_header(_('Info'));
?>
<h1>Hosting - Info</h1>
<h1><?php echo _('Hosting - Info'); ?></h1>
<?php main_menu('index.php'); ?>
<p>Here you can get yourself a free web hosting account on my server.</p>
<h2>What you get:</h2>
<p><?php echo _('Here you can get yourself a free web hosting account on my server.'); ?></p>
<h2><?php echo _('What you get:'); ?></h2>
<ul>
<li>Completely free anonymous Tor and clearnet web hosting</li>
<li>Choose between PHP <?php echo implode(', ', PHP_VERSIONS); ?> or no PHP support</li>
<li>Nginx Webserver</li>
<li>SQLite support</li>
<li>Up to <?php echo MAX_NUM_USER_DBS; ?> MariaDB (MySQL) databases</li>
<li><a href="/phpmyadmin/" target="_blank">PHPMyAdmin</a> and <a href="/adminer/" target="_blank">Adminer</a> for web based database administration</li>
<li>Web-based file manager</li>
<li>SFTP access</li>
<li>command line access to shell via SSH</li>
<li>1GB disk quota and a maximum of 100.000 files<?php echo ENABLE_UPGRADES ? ' - upgradable' : ''; ?></li>
<li>mail() can send e-mails from your_system_account@<?php echo ADDRESS; ?> (your_system_account@hosting.danwin1210.me for clearnet)</li>
<li>Webmail and IMAP, POP3 and SMTP access to your mail account</li>
<li>Your own .onion domains</li>
<li>Clearnet domains or a free subdomain of danwin1210.me</li>
<li>Empty/Unused accounts will be automatically deleted after a month of inactivity</li>
<li>PGP based Two-Factor Authentication (2FA)</li>
<li>There is a missing feature, or you need a special configuration? Just <a href="https://danwin1210.me/contact.php">contact me</a> and I'll see what I can do.</li>
<li>More to come…</li>
<li><?php echo _('Completely free anonymous Tor and clearnet web hosting'); ?></li>
<li><?php printf(_('Choose between PHP %s or no PHP support'), implode( ', ', PHP_VERSIONS )); ?></li>
<li><?php echo _('Nginx Webserver'); ?></li>
<li><?php echo _('SQLite support'); ?></li>
<li><?php printf(_('Up to %d MariaDB (MySQL) databases'), MAX_NUM_USER_DBS); ?></li>
<li><?php echo _('<a href="/phpmyadmin/" target="_blank">PHPMyAdmin</a> and <a href="/adminer/" target="_blank">Adminer</a> for web based database administration'); ?></li>
<li><?php echo _('Web-based file manager'); ?></li>
<li><?php echo _('SFTP access'); ?></li>
<li><?php echo _('command line access to shell via SSH'); ?></li>
<li><?php echo _('1GB disk quota and a maximum of 100.000 files'); echo ENABLE_UPGRADES ? _(' - upgradable') : ''; ?></li>
<li><?php printf(_('mail() can send e-mails from your_system_account@%1$s (your_system_account@%2$s for clearnet)'), ADDRESS, CLEARNET_ADDRESS); ?></li>
<li><?php echo _('Webmail and IMAP, POP3 and SMTP access to your mail account'); ?></li>
<li><?php echo _('Your own .onion domains'); ?></li>
<li><?php printf(_('Clearnet domains or a free subdomain of %s'), CLEARNET_SUBDOMAINS); ?></li>
<li><?php echo _('Empty/Unused accounts will be automatically deleted after a month of inactivity'); ?></li>
<li><?php echo _('PGP based Two-Factor Authentication (2FA)'); ?></li>
<li><?php printf(_('There is a missing feature, or you need a special configuration? Just <a href="%s">contact me</a> and I\'ll see what I can do.'), CONTACT_URL); ?></li>
<li><?php echo _('More to come…'); ?></li>
</ul>
<h2>Rules</h2>
<h2><?php echo _('Rules'); ?></h2>
<ul>
<li>No child pornography!</li>
<li>No terroristic propaganda!</li>
<li>No illegal content according to German law!</li>
<li>No malware! (e.g. botnets)</li>
<li>No phishing, scams or spam!</li>
<li>No mining without explicit user permission! (e.g. using coinhive)</li>
<li>No shops, markets or any other sites dedicated to making money! (This is a FREE hosting!)</li>
<li>No proxy scripts! (You are already using TOR and this will just burden the network)</li>
<li>No IP logger or similar de-anonymizer sites!</li>
<li>I preserve the right to delete any site for violating these rules and adding new rules at any time.</li>
<li>Should you not honor these rules, I will (have to) work together with Law Enforcement!</li>
<li><?php echo _('No child pornography!'); ?></li>
<li><?php echo _('No terroristic propaganda!'); ?></li>
<li><?php echo _('No illegal content according to German law!'); ?></li>
<li><?php echo _('No malware! (e.g. botnets)'); ?></li>
<li><?php echo _('No phishing, scams or spam!'); ?></li>
<li><?php echo _('No mining without explicit user permission! (e.g. using coinhive)'); ?></li>
<li><?php echo _('No shops, markets or any other sites dedicated to making money! (This is a FREE hosting!)'); ?></li>
<li><?php echo _('No proxy scripts! (You are already using Tor and this will just burden the network)'); ?></li>
<li><?php echo _('No IP logger or similar de-anonymizer sites!'); ?></li>
<li><?php echo _('I preserve the right to delete any site for violating these rules and adding new rules at any time.'); ?></li>
<li><?php echo _('Should you not honor these rules, I will (have to) work together with Law Enforcement!'); ?></li>
</ul>
</body></html>

9
var/www/html/list.php
View File

@ -1,20 +1,19 @@
<?php
require_once('../common.php');
header('Content-Type: text/html; charset=UTF-8');
header('X-Accel-Expires: 60');
$db = get_db_instance();
print_header('List of hosted sites', 'td{padding:5px;}', '_blank');
print_header(_('List of hosted sites'), 'td{padding:5px;}', '_blank');
?>
<h1>Hosting - List of hosted sites</h1>
<h1><?php echo _('Hosting - List of hosted sites'); ?></h1>
<?php
main_menu('list.php');
$stmt=$db->query('SELECT COUNT(*) FROM users WHERE public=1;');
$count=$stmt->fetch(PDO::FETCH_NUM);
$stmt=$db->query('SELECT COUNT(*) FROM users WHERE public=0;');
$hidden=$stmt->fetch(PDO::FETCH_NUM);
echo "<p>Here is a list of $count[0] public hosted sites ($hidden[0] sites hidden):</p>";
echo '<p>'.sprintf(_('Here is a list of %d public hosted sites (%d sites hidden):'), $count[0], $hidden[0]).'</p>';
echo '<table border="1">';
echo '<tr><td>Onion link</td></tr>';
echo '<tr><td>'._('Onion link').'</td></tr>';
$stmt=$db->query('SELECT onions.onion FROM users INNER JOIN onions ON (onions.user_id=users.id) WHERE users.public=1 ORDER BY onions.onion;');
while($tmp=$stmt->fetch(PDO::FETCH_NUM)){
echo "<tr><td><a href=\"http://$tmp[0].onion\">$tmp[0].onion</a></td></tr>";

34
var/www/html/login.php
View File

@ -24,16 +24,16 @@ if($_SERVER['REQUEST_METHOD']==='POST'){
header('Location: home.php');
exit;
}else{
$msg.='<p style="color:red">Wrong 2FA code</p>';
$msg.='<p role="alert" style="color:red">'._('Wrong 2FA code').'</p>';
}
} else {
$db = get_db_instance();
$ok=true;
if($error=check_captcha_error()){
$msg.="<p style=\"color:red;\">$error</p>";
$msg.='<p role="alert" style="color:red">'.$error.'</p>';
$ok=false;
}elseif(!isset($_POST['username']) || $_POST['username']===''){
$msg.='<p style="color:red;">Error: username may not be empty.</p>';
$msg.='<p role="alert" style="color:red">'._('Error: username may not be empty.').'</p>';
$ok=false;
}else{
$stmt=$db->prepare('SELECT username, password, id, tfa, pgp_key FROM users WHERE username=?;');
@ -53,17 +53,17 @@ if($_SERVER['REQUEST_METHOD']==='POST'){
$stmt->execute([$tmp['id']]);
if($tmp=$stmt->fetch(PDO::FETCH_NUM)){
if(REQUIRE_APPROVAL && !$tmp[0]){
$msg.='<p style="color:red;">Error: Your account is pending admin approval. Please try again later.</p>';
$msg.='<p role="alert" style="color:red">'._('Error: Your account is pending admin approval. Please try again later.').'</p>';
}else{
$msg.='<p style="color:red;">Error: Your account is pending creation. Please try again in a minute.</p>';
$msg.='<p role="alert" style="color:red">'._('Error: Your account is pending creation. Please try again in a minute.').'</p>';
}
$ok=false;
}elseif(!isset($_POST['pass']) || !password_verify($_POST['pass'], $password)){
$msg.='<p style="color:red;">Error: wrong password.</p>';
$msg.='<p role="alert" style="color:red">'._('Error: wrong password.').'</p>';
$ok=false;
}
}else{
$msg.='<p style="color:red;">Error: username was not found. If you forgot it, you can enter youraccount.onion instead.</p>';
$msg.='<p role="alert" style="color:red">'._('Error: username was not found. If you forgot it, you can enter youraccount.onion instead.').'</p>';
$ok=false;
}
}
@ -83,7 +83,7 @@ if($_SERVER['REQUEST_METHOD']==='POST'){
}
}
}
print_header('Login');
print_header(_('Login'));
if($tfa){
$gpg = gnupg_init();
gnupg_seterrormode($gpg, GNUPG_ERROR_WARNING);
@ -98,36 +98,36 @@ if($tfa){
}
}
}
$encrypted = gnupg_encrypt($gpg, "To login, please enter the following code to confirm ownership of your key:\n\n".$_SESSION['2fa_code']."\n");
$encrypted = gnupg_encrypt($gpg, _('To login, please enter the following code to confirm ownership of your key:')."\n\n".$_SESSION['2fa_code']."\n");
echo $msg;
echo "<p>To login, please decrypt the following PGP encrypted message and confirm the code:</p>";
echo '<p>'._('To login, please decrypt the following PGP encrypted message and confirm the code:').'</p>';
echo "<textarea readonly=\"readonly\" onclick=\"this.select()\" rows=\"10\" cols=\"70\">$encrypted</textarea>";
?>
<form action="login.php" method="post"><input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>">
<table border="1">
<tr><td><input type="text" name="2fa_code"></td><td><button type="submit">Confirm</button></td></tr>
<tr><td><input type="text" name="2fa_code"></td><td><button type="submit"><?php echo _('Confirm'); ?></button></td></tr>
</table></form>
<p>Don't have the private key at hand? <a href="logout.php">Logout</a></p>
<p><?php echo _("Don't have the private key at hand?"); ?><a href="logout.php"><?php echo _('Logout'); ?></a></p>
</body></html>
<?php
exit;
}
}
?>
<h1>Hosting - Login</h1>
<h1><?php echo _('Hosting - Login'); ?></h1>
<?php
main_menu('login.php');
echo $msg;
?>
<form method="POST" action="login.php"><table>
<tr><td>Username</td><td><input type="text" name="username" value="<?php
<tr><td><?php echo _('Username'); ?></td><td><input type="text" name="username" value="<?php
if(isset($_POST['username'])){
echo htmlspecialchars($_POST['username']);
}
?>" required autofocus></td></tr>
<tr><td>Password</td><td><input type="password" name="pass" required></td></tr>
<tr><td><?php echo _('Password'); ?></td><td><input type="password" name="pass" required></td></tr>
<?php send_captcha(); ?>
<tr><td colspan="2"><input type="submit" value="Login"></td></tr>
<tr><td colspan="2"><button type="submit"><?php echo _('Login'); ?></button></td></tr>
</table></form>
<p>If you disabled cookies, please re-enable them. You can't log in without!</p>
<p><?php echo _("If you disabled cookies, please re-enable them. You can't log in without!"); ?></p>
</body></html>

34
var/www/html/password.php
View File

@ -8,58 +8,58 @@ if(!isset($_REQUEST['type'])){
$msg='';
if($_SERVER['REQUEST_METHOD']==='POST'){
if($error=check_csrf_error()){
$msg.='<p style="color:red;">'.$error.'</p>';
$msg.='<p role="alert" style="color:red">'.$error.'</p>';
}
if(!isset($_POST['pass']) || !password_verify($_POST['pass'], $user['password'])){
$msg.='<p style="color:red;">Wrong password.</p>';
$msg.='<p role="alert" style="color:red">'._('Wrong password!').'</p>';
}elseif(!isset($_POST['confirm']) || !isset($_POST['newpass']) || $_POST['newpass']!==$_POST['confirm']){
$msg.='<p style="color:red;">Wrong password.</p>';
$msg.='<p role="alert" style="color:red">'._('Wrong password!').'</p>';
}else{
if($_REQUEST['type']==='acc'){
$hash=password_hash($_POST['newpass'], PASSWORD_DEFAULT);
$stmt=$db->prepare('UPDATE users SET password=? WHERE id=?;');
$stmt->execute([$hash, $user['id']]);
$msg.='<p style="color:green;">Successfully changed account password.</p>';
$msg.='<p role="alert" style="color:green">'._('Successfully changed account password.').'</p>';
}elseif($_REQUEST['type']==='sys'){
$stmt=$db->prepare('INSERT INTO pass_change (user_id, password) VALUES (?, ?);');
$hash=get_system_hash($_POST['newpass']);
$stmt->execute([$user['id'], $hash]);
$msg.='<p style="color:green;">Successfully changed system account password, change will take effect within the next minute.</p>';
$msg.='<p role="alert" style="color:green">'._('Successfully changed system account password, change will take effect within the next minute.').'</p>';
}elseif($_REQUEST['type']==='sql'){
$stmt=$db->prepare("SET PASSWORD FOR '$user[mysql_user]'@'%'=PASSWORD(?);");
$stmt->execute([$_POST['newpass']]);
$db->exec('FLUSH PRIVILEGES;');
$msg.='<p style="color:green;">Successfully changed sql password.</p>';
$msg.='<p role="alert" style="color:green">'._('Successfully changed sql password.').'</p>';
}else{
$msg.='<p style="color:red;">Couldn\'t update password: Unknown reset type.</p>';
$msg.='<p role="alert" style="color:red">'._("Couldn't update password: Unknown reset type.").'</p>';
}
}
}
header('Content-Type: text/html; charset=UTF-8');
print_header('Change password');
print_header(_('Change password'));
echo $msg;
echo '<form method="POST" action="password.php"><input type="hidden" name="csrf_token" value="'.$_SESSION['csrf_token'].'"><table>';
echo '<tr><td>Reset type:</td><td><select name="type">';
echo '<tr><td>'._('Reset type:').'</td><td><select name="type">';
echo '<option value="acc"';
if($_REQUEST['type']==='acc'){
echo ' selected';
}
echo '>Account</option>';
echo '>'._('Account').'</option>';
echo '<option value="sys"';
if($_REQUEST['type']==='sys'){
echo ' selected';
}
echo '>System account</option>';
echo '>'._('System account').'</option>';
echo '<option value="sql"';
if($_REQUEST['type']==='sql'){
echo ' selected';
}
echo '>MySQL</option>';
echo '>'._('MySQL').'</option>';
echo '</select></td></tr>';
echo '<tr><td>Account password:</td><td><input type="password" name="pass" required autofocus></td></tr>';
echo '<tr><td>New password:</td><td><input type="password" name="newpass" required></td></tr>';
echo '<tr><td>Confirm password:</td><td><input type="password" name="confirm" required></td></tr>';
echo '<tr><td colspan="2"><input type="submit" value="Reset"></td></tr>';
echo '<tr><td>'._('Account password:').'</td><td><input type="password" name="pass" required autofocus></td></tr>';
echo '<tr><td>'._('New password:').'</td><td><input type="password" name="newpass" required></td></tr>';
echo '<tr><td>'._('Confirm password:').'</td><td><input type="password" name="confirm" required></td></tr>';
echo '<tr><td colspan="2"><button type="submit">'._('Reset').'</button></td></tr>';
echo '</table></form>';
echo '<p><a href="home.php">Go back to dashboard.</a></p>';
echo '<p><a href="home.php">'._('Go back to dashboard').'</a></p>';
echo '</body></html>';

22
var/www/html/pgp.php
View File

@ -1,7 +1,7 @@
<?php
require('../common.php');
$user=check_login();
print_header('PGP 2FA');
print_header(_('PGP 2FA'));
dashboard_menu($user, 'pgp.php');
if($_SERVER['REQUEST_METHOD']==='POST'){
if($error=check_csrf_error()){
@ -14,7 +14,7 @@ if($_SERVER['REQUEST_METHOD']==='POST'){
gnupg_setarmor($gpg, 1);
$imported_key = gnupg_import($gpg, $pgp_key);
if(!$imported_key){
echo "<p style=\"color:red\">There was an error importing the key</p>";
echo '<p role="alert" style="color:red">'._('There was an error importing the key').'</p>';
}else{
$db = get_db_instance();
$stmt = $db->prepare('UPDATE users SET pgp_key = ?, tfa = 0, pgp_verified = 0 WHERE id = ?;');
@ -24,7 +24,7 @@ if($_SERVER['REQUEST_METHOD']==='POST'){
}
if(isset($_POST['enable_2fa_code'])){
if($_POST['enable_2fa_code'] !== $_SESSION['enable_2fa_code']){
echo "<p style=\"color:red\">Sorry, the code was incorrect</p>";
echo '<p role="alert" style="color:red">'._('Sorry, the code was incorrect').'</p>';
} else {
$db = get_db_instance();
$stmt = $db->prepare('UPDATE users SET tfa = 1, pgp_verified = 1 WHERE id = ?;');
@ -35,7 +35,7 @@ if($_SERVER['REQUEST_METHOD']==='POST'){
}
if(!empty($user['pgp_key'])){
if($user['tfa'] == '1'){
echo "<p style=\"color:green\">Yay, PGP based 2FA is enabled!</p>";
echo '<p role="alert" style="color:green">'._('Yay, PGP based 2FA is enabled!').'</p>';
} else {
$gpg = gnupg_init();
gnupg_seterrormode($gpg, GNUPG_ERROR_WARNING);
@ -45,7 +45,7 @@ if(!empty($user['pgp_key'])){
$key_info = gnupg_keyinfo($gpg, $imported_key['fingerprint']);
foreach($key_info as $key){
if(!$key['can_encrypt']){
echo "<p>Sorry, this key can't be used to encrypt a message to you. Your key may have expired or has been revoked.</p>";
echo '<p>'._("Sorry, this key can't be used to encrypt a message to you. Your key may have expired or has been revoked.").'</p>';
}else{
foreach($key['subkeys'] as $subkey){
gnupg_addencryptkey($gpg, $subkey['fingerprint']);
@ -53,13 +53,13 @@ if(!empty($user['pgp_key'])){
}
}
$_SESSION['enable_2fa_code'] = bin2hex(random_bytes(3));
if($encrypted = gnupg_encrypt($gpg, "To enable 2FA, please enter the following code to confirm ownership of your key:\n\n$_SESSION[enable_2fa_code]\n")){
echo "<p>To enable 2FA using your PGP key, please decrypt the following PGP encrypted message and confirm the code:</p>";
if($encrypted = gnupg_encrypt($gpg, _('To enable 2FA, please enter the following code to confirm ownership of your key:')."\n\n$_SESSION[enable_2fa_code]\n")){
echo '<p>'._('To enable 2FA using your PGP key, please decrypt the following PGP encrypted message and confirm the code:').'</p>';
echo "<textarea readonly=\"readonly\" onclick=\"this.select()\" rows=\"10\" cols=\"70\">$encrypted</textarea>";
?>
<form action="pgp.php" method="post"><input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>">
<table border="1">
<tr><td><input type="text" name="enable_2fa_code"></td><td><button type="submit">Confirm</button></td></tr>
<tr><td><input type="text" name="enable_2fa_code"></td><td><button type="submit"><?php echo _('Confirm'); ?></button></td></tr>
</table></form>
<hr>
<?php
@ -68,13 +68,13 @@ if(!empty($user['pgp_key'])){
}
}
?>
<p>Add your PGP key for more security features like 2FA:</p>
<p><?php echo _('Add your PGP key for more security features like 2FA:'); ?></p>
<form action="pgp.php" method="post">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>">
<table border="1">
<tr><td><textarea name="pgp_key" rows="10" cols="70"><?php echo $user['pgp_key']; ?></textarea></td></tr>
<tr><td><button type="submit">Update PGP key</button></td></tr>
<tr><td><button type="submit"><?php echo _('Update PGP key'); ?></button></td></tr>
</table>
</form>
<p><a href="home.php">Go back to dashboard.</a></p>
<p><a href="home.php"><?php echo _('Go back to dashboard'); ?></a></p>
</body></html>

54
var/www/html/register.php
View File

@ -6,9 +6,9 @@ if(!empty($_SESSION['hosting_username'])){
header('Location: home.php');
exit;
}
print_header('Register', '#custom_onion:not(checked)+#private_key{display:none;}#custom_onion:checked+#private_key{display:block;}');
print_header(_('Register'), '#custom_onion:not(checked)+#private_key{display:none;}#custom_onion:checked+#private_key{display:block;}');
?>
<h1>Hosting - Register</h1>
<h1><?php echo _('Hosting - Register'); ?></h1>
<?php
main_menu('register.php');
if($_SERVER['REQUEST_METHOD']==='POST'){
@ -31,28 +31,28 @@ if($_SERVER['REQUEST_METHOD']==='POST'){
$autoindex=1;
}
if($error=check_captcha_error()){
echo "<p style=\"color:red;\">$error</p>";
echo '<p role="alert" style="color:red">'.$error.'</p>';
$ok=false;
}elseif(empty($_POST['pass'])){
echo '<p style="color:red;">Error: password empty.</p>';
echo '<p role="alert" style="color:red">'._('Error: password empty.').'</p>';
$ok=false;
}elseif(empty($_POST['passconfirm']) || $_POST['pass']!==$_POST['passconfirm']){
echo '<p style="color:red;">Error: password confirmation does not match.</p>';
echo '<p role="alert" style="color:red">'._('Error: password confirmation does not match.').'</p>';
$ok=false;
}elseif(empty($_POST['username'])){
echo '<p style="color:red;">Error: username empty.</p>';
echo '<p role="alert" style="color:red">'._('Error: username empty.').'</p>';
$ok=false;
}elseif(preg_match('/[^a-z0-9\-_\.]/', $_POST['username'])){
echo '<p style="color:red;">Error: username may only contain characters that are in the rage of a-z (lower case) - . _ and 0-9.</p>';
}elseif(preg_match('/[^a-z0-9\-_.]/', $_POST['username'])){
echo '<p role="alert" style="color:red">'._('Error: username may only contain characters that are in the rage of a-z (lower case) - . _ and 0-9.').'</p>';
$ok=false;
}elseif(strlen($_POST['username'])>50){
echo '<p style="color:red;">Error: username may not be longer than 50 characters.</p>';
echo '<p role="alert" style="color:red">'._('Error: username may not be longer than 50 characters.').'</p>';
$ok=false;
}else{
$stmt=$db->prepare('SELECT null FROM users WHERE username=?;');
$stmt->execute([$_POST['username']]);
if($stmt->fetch(PDO::FETCH_NUM)){
echo '<p style="color:red;">Error: this username is already registered.</p>';
echo '<p role="alert" style="color:red">'._('Error: this username is already registered.').'</p>';
$ok=false;
}
}
@ -63,13 +63,13 @@ if($_SERVER['REQUEST_METHOD']==='POST'){
$onion = $data['onion'];
$onion_version = $data['version'];
if(!$data['ok']){
echo "<p style=\"color:red;\">$data[message]</p>";
echo '<p role="alert" style="color:red">'.$data['message'].'</p>';
$ok = false;
} else {
$check=$db->prepare('SELECT null FROM onions WHERE onion=?;');
$check->execute([$onion]);
if($check->fetch(PDO::FETCH_NUM)){
echo '<p style="color:red;">Error onion already exists.</p>';
echo '<p role="alert" style="color:red">'._('Error onion already exists.').'</p>';
$ok = false;
}
}
@ -92,7 +92,7 @@ if($_SERVER['REQUEST_METHOD']==='POST'){
$check=$db->prepare('SELECT null FROM users WHERE dateadded>?;');
$check->execute([time()-60]);
if($ok && $check->fetch(PDO::FETCH_NUM)){
echo '<p style="color:red;">To prevent abuse a site can only be registered every 60 seconds, but one has already been registered within the last 60 seconds. Please try again.</p>';
echo '<p role="alert" style="color:red">'._('To prevent abuse a site can only be registered every 60 seconds, but one has already been registered within the last 60 seconds. Please try again.').'</p>';
$ok=false;
}elseif($ok){
$mysql_user = add_mysql_user($_POST['pass']);
@ -111,16 +111,16 @@ if($_SERVER['REQUEST_METHOD']==='POST'){
$headers="From: www-data <www-data>\r\nContent-Type: text/plain; charset=UTF-8\r\n";
mail(EMAIL_TO, $title, $msg, $headers);
}
echo "<p style=\"color:green;\">Your onion domain <a href=\"http://$onion.onion\" target=\"_blank\">$onion.onion</a> has successfully been created. Please wait up to one minute until the changes have been processed. You can then login <a href=\"login.php\">here</a>.</p>";
echo '<p role="alert" style="color:green">'.sprintf(_('Your onion domain %s has successfully been created. Please wait up to one minute until the changes have been processed. You can then login <a href="login.php">here</a>.'), "<a href=\"http://$onion.onion\" target=\"_blank\">$onion.onion</a>").'</p>';
}
}
?>
<form method="POST" action="register.php"><table>
<tr><td>Username</td><td><input type="text" name="username" value="<?php
<tr><td><?php echo _('Username'); ?></td><td><input type="text" name="username" value="<?php
echo isset($_POST['username']) ? htmlspecialchars($_POST['username']) : '';
?>" required autofocus></td></tr>
<tr><td>Password</td><td><input type="password" name="pass" required></td></tr>
<tr><td>Confirm password</td><td><input type="password" name="passconfirm" required></td></tr>
<tr><td><?php echo _('Password'); ?></td><td><input type="password" name="pass" required></td></tr>
<tr><td><?php echo _('Confirm password'); ?></td><td><input type="password" name="passconfirm" required></td></tr>
<?php
send_captcha();
if($_SERVER['REQUEST_METHOD']!=='POST' || (isset($public_list) && $public_list==1)){
@ -134,8 +134,8 @@ if(isset($autoindex) && $autoindex==1){
$autoindex='';
}
?>
<tr><td>PHP version</td><td><select name="php">
<option value="0">None</option>
<tr><td><?php echo _('PHP version'); ?></td><td><select name="php">
<option value="0"><?php echo _('None'); ?></option>
<?php
foreach(PHP_VERSIONS as $key => $version){
echo "<option value=\"$key\"";
@ -144,17 +144,17 @@ foreach(PHP_VERSIONS as $key => $version){
}
?>
</select></td></tr>
<tr><td colspan=2><label><input type="checkbox" name="public" value="1"<?php echo $public_list; ?>>Publish site on list of hosted sites</label></td></tr>
<tr><td colspan=2><label><input type="checkbox" name="autoindex" value="1"<?php echo $autoindex; ?>>Enable autoindex (listing of files)</label></td></tr>
<tr><td colspan=2>Type of hidden service:<br>
<label><input type="radio" name="onion_type" value="3"<?php echo (!isset($_POST['onion_type']) || $_POST['onion_type']==3) ? ' checked' : ''; ?>>Random v3 Address</label>
<label><input type="radio" name="onion_type" value="2"<?php echo isset($_POST['onion_type']) && $_POST['onion_type']==2 ? ' checked' : ''; ?>>Random v2 Address</label>
<label><input id="custom_onion" type="radio" name="onion_type" value="custom"<?php echo isset($_POST['onion_type']) && $_POST['onion_type']==='custom' ? ' checked' : ''; ?>>Custom private key
<tr><td colspan=2><label><input type="checkbox" name="public" value="1"<?php echo $public_list; ?>><?php echo _('Publish site on list of hosted sites'); ?></label></td></tr>
<tr><td colspan=2><label><input type="checkbox" name="autoindex" value="1"<?php echo $autoindex; ?>><?php echo _('Enable autoindex (listing of files)'); ?></label></td></tr>
<tr><td colspan=2><?php echo _('Type of hidden service:'); ?><br>
<label><input type="radio" name="onion_type" value="3"<?php echo (!isset($_POST['onion_type']) || $_POST['onion_type']==3) ? ' checked' : ''; ?>><?php echo _('Random v3 Address'); ?></label>
<label><input type="radio" name="onion_type" value="2"<?php echo isset($_POST['onion_type']) && $_POST['onion_type']==2 ? ' checked' : ''; ?>><?php echo _('Random v2 Address'); ?></label>
<label><input id="custom_onion" type="radio" name="onion_type" value="custom"<?php echo isset($_POST['onion_type']) && $_POST['onion_type']==='custom' ? ' checked' : ''; ?>><?php echo _('Custom private key'); ?>
<textarea id="private_key" name="private_key" rows="5" cols="28">
<?php echo isset($_REQUEST['private_key']) ? htmlspecialchars($_REQUEST['private_key']) : ''; ?>
</textarea>
</label></td></tr>
<tr><td colspan="2"><label><input type="checkbox" name="accept_privacy" required>I have read and agreed to the <a href="https://danwin1210.me/privacy.php" target="_blank">Privacy Policy</a></label><br></td></tr>
<tr><td colspan="2"><input type="submit" value="Register"></td></tr>
<tr><td colspan="2"><label><input type="checkbox" name="accept_privacy" required><?php printf(_('I have read and agreed to the <a href="%s" target="_blank">Privacy Policy</a>'), PRIVACY_URL); ?></label><br></td></tr>
<tr><td colspan="2"><button type="submit"><?php echo _('Register'); ?></button></td></tr>
</table></form>
</body></html>

24
var/www/html/upgrade.php
View File

@ -10,16 +10,16 @@ use chillerlan\QRCode\QROptions;
header('Content-Type: text/html; charset=UTF-8');
print_header('Upgrade account', 'td{padding:5px;}');
?>
<h1>Hosting - Upgrade account</h1>
<h1><?php echo _('Hosting - Upgrade account'); ?></h1>
<?php
$rates = coinpayments_get_rates();
if($rates === false){
echo '<p>An error occurred talking to coinpayments</p>';
echo '<p>'._('An error occurred talking to coinpayments').'</p>';
}else{
?>
<form action="upgrade.php" method="post">
<table border="1">
<tr><td>Desired upgrade</td><td>
<tr><td><?php echo _('Desired upgrade'); ?></td><td>
<select name="upgrade">
<?php
foreach(ACCOUNT_UPGRADES as $name => $upgrade){
@ -31,7 +31,7 @@ if($rates === false){
}
?>
</td></tr>
<tr><td>Desired payment currency</td><td>
<tr><td><?php echo _('Desired payment currency'); ?></td><td>
<select name="currency">
<?php
$i=0;
@ -42,29 +42,29 @@ if($rates === false){
}
?>
</select></td></tr>
<tr><td colspan="2" style="text-align:center;"><button type="submit">Pay now</button></td></tr>
<tr><td colspan="2" style="text-align:center"><button type="submit"><?php echo _('Pay now'); ?></button></td></tr>
</table>
</form>
<?php
}
if(isset($_POST['currency']) && isset($_POST['upgrade'])){
if(!isset(ACCOUNT_UPGRADES[$_POST['upgrade']])){
echo "<p>Sorry, looks like you didn't select a valid upgrade.</p>";
echo '<p>'._("Sorry, looks like you didn't select a valid upgrade.").'</p>';
}elseif(!isset($rates[$_POST['currency']]) || $rates[$_POST['currency']]['accepted'] !== 1 || !in_array('payments', $rates[$_POST['currency']]['capabilities'])){
echo "<p>Sorry, looks like you didn't select a valid payment currency.</p>";
echo '<p>'._("Sorry, looks like you didn't select a valid payment currency.").'</p>';
}else{
$db = get_db_instance();
$transaction = coinpayments_create_transaction($_POST['currency'], ACCOUNT_UPGRADES[$_POST['upgrade']]['usd_price'], $_POST['upgrade'], $user['id']);
if($transaction === false){
echo "<p>An error occurred creating the transaction, please try again</p>";
echo '<p>'._('An error occurred creating the transaction, please try again').'</p>';
}else{
echo "<p>Please pay $transaction[amount] $_POST[currency] to $transaction[address]</p>";
echo '<img src="'.(new QRCode(new QROptions(['outputType' => QRCode::OUTPUT_IMAGE_PNG, 'eccLevel' => QRCode::ECC_H])))->render($transaction['address']).'" alt="QR Code">';
echo '<p>Once paid, it can take a while until the upgrade is applied to your account. Usually within an hour.</p>';
echo '<p>'.sprintf(_('Please pay %1$s to %2$s'), "$transaction[amount] $_POST[currency]", $transaction['address']).'</p>';
echo '<img src="'.(new QRCode(new QROptions(['outputType' => QRCode::OUTPUT_IMAGE_PNG, 'eccLevel' => QRCode::ECC_H])))->render($transaction['address']).'" alt="'._('QR Code').'">';
echo '<p>'._('Once paid, it can take a while until the upgrade is applied to your account. Usually within an hour.').'</p>';
}
}
}
?>
<p><a href="home.php">Go back to dashboard.</a></p>
<p><a href="home.php"><?php echo _('Go back to dashboard'); ?></a></p>
</body>
</html>

1195
var/www/locale/hosting.pot Normal file
View File

File diff suppressed because it is too large Load Diff

87
var/www/setup.php
View File

@ -1,8 +1,6 @@
<?php
require('common.php');
if(!extension_loaded('pdo_mysql')){
die("Error: You need to install and enable the PDO php module\n");
}
global $language, $dir;
try{
$db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME . ';charset=utf8mb4', DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]);
}catch(PDOException $e){
@ -12,14 +10,14 @@ try{
if(false!==$db->exec('CREATE DATABASE ' . DBNAME)){
$db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME . ';charset=utf8mb4', DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]);
}else{
die("Error: No database connection!\n");
die(_('Error: No database connection!').PHP_EOL);
}
}catch(PDOException $e){
die("Error: No database connection!\n");
die(_('Error: No database connection!').PHP_EOL);
}
}
$version;
if(!@$version=$db->query("SELECT value FROM settings WHERE setting='version';")){
@$version=$db->query("SELECT value FROM settings WHERE setting='version';");
if(!$version){
//create tables
$db->exec('CREATE TABLE captcha (id int(11) NOT NULL AUTO_INCREMENT PRIMARY KEY, time int(11) NOT NULL, code char(5) COLLATE latin1_bin NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_bin;');
$db->exec("CREATE TABLE service_instances (id char(1) NOT NULL PRIMARY KEY, reload tinyint(1) UNSIGNED NOT NULL DEFAULT '0', KEY reload (reload)) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_bin;");
@ -35,7 +33,7 @@ if(!@$version=$db->query("SELECT value FROM settings WHERE setting='version';"))
$db->exec('CREATE TABLE settings (setting varchar(50) CHARACTER SET latin1 COLLATE latin1_bin NOT NULL PRIMARY KEY, value text CHARACTER SET utf8mb4 COLLATE utf8mb4_bin NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_bin;');
$stmt=$db->prepare("INSERT INTO settings (setting, value) VALUES ('version', ?);");
$stmt->execute([DBVERSION]);
echo "Database and files have successfully been set up\n";
echo _('Database and files have successfully been set up').PHP_EOL;
}else{
$version=$version->fetch(PDO::FETCH_NUM)[0];
if($version<2){
@ -101,15 +99,6 @@ if(!@$version=$db->query("SELECT value FROM settings WHERE setting='version';"))
$db->exec('ALTER TABLE onions CHANGE user_id user_id int(11) NULL;');
$db->exec('ALTER TABLE onions DROP FOREIGN KEY onions_ibfk_1;');
$db->exec('ALTER TABLE onions ADD CONSTRAINT onions_ibfk_1 FOREIGN KEY (user_id) REFERENCES users (id) ON DELETE SET NULL ON UPDATE CASCADE;');
$nginx_default = 'server {
listen unix:/var/run/nginx/suspended backlog=4096;
add_header Content-Type text/html;
location / {
return 200 \'<html lang="en" dir="ltr"><head><title>Suspended</title></head><body>This domain has been suspended due to violation of <a href="http://' . ADDRESS . '">hosting rules</a>.</body></html>\';
}
}
';
file_put_contents('/etc/nginx/sites-enabled/default', $nginx_default, FILE_APPEND);
}
if($version<11){
$db->exec("ALTER TABLE users CHANGE todelete todelete tinyint(1) UNSIGNED NOT NULL DEFAULT '0';");
@ -295,7 +284,7 @@ env[HOME]=/
exec("systemctl enable ".escapeshellarg("php$version-fpm@default"));
exec("systemctl restart ".escapeshellarg("php$version-fpm@default"));
}
echo "Updating chroots, this might take a while…\n";
echo _('Updating chroots, this might take a while…').PHP_EOL;
exec('/var/www/setup_chroot.sh /var/www');
if(!SKIP_USER_CHROOT_UPDATE){
$stmt=$db->query('SELECT system_account FROM users;');
@ -311,7 +300,63 @@ if(!SKIP_USER_CHROOT_UPDATE){
if(!file_exists("/etc/nginx/sites-enabled/")){
mkdir("/etc/nginx/sites-enabled/", 0755, true);
}
file_put_contents('/etc/nginx/sites-enabled/default', NGINX_DEFAULT);
$nginx_default = 'server {
listen unix:/var/run/nginx/suspended backlog=4096 proxy_protocol;
add_header Content-Type text/html;
location / {
return 200 \'<html lang="' . $language . '" dir="' . $dir . '"><head><title>' . _( 'Suspended' ) . '</title></head><body>' . sprintf( _( 'This domain has been suspended due to violation of <a href="%s">hosting rules</a>.' ), 'http://' . ADDRESS ) . '</body></html>\';
}
}
server {
listen [::]:80 ipv6only=off fastopen=100 backlog=4096 default_server;
listen unix:/var/run/nginx.sock backlog=4096 default_server;
root /var/www/html;
index index.php;
server_name ' . ADDRESS . ' *.' . ADDRESS . ';
location / {
try_files $uri $uri/ =404;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_param DOCUMENT_ROOT /html;
fastcgi_param SCRIPT_FILENAME /html$fastcgi_script_name;
fastcgi_pass unix:/var/run/php/8.2-hosting;
}
}
location /squirrelmail {
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_param DOCUMENT_ROOT /html;
fastcgi_param SCRIPT_FILENAME /html$fastcgi_script_name;
fastcgi_pass unix:/var/run/php/8.2-squirrelmail;
}
}
location /phpmyadmin {
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_param DOCUMENT_ROOT /html;
fastcgi_param SCRIPT_FILENAME /html$fastcgi_script_name;
fastcgi_pass unix:/run/php/8.2-phpmyadmin;
}
}
location /adminer {
root /var/www/html/adminer;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_param DOCUMENT_ROOT /html/adminer;
fastcgi_param SCRIPT_FILENAME /html/adminer$fastcgi_script_name;
fastcgi_pass unix:/run/php/8.2-adminer;
}
}
location /externals/jush/ {
root /var/www/html/adminer;
}
location /nginx/ {
root /var/log/;
internal;
}
}
';
file_put_contents('/etc/nginx/sites-enabled/default', $nginx_default);
if(!file_exists("/etc/nginx/streams-enabled/")){
mkdir("/etc/nginx/streams-enabled/", 0755, true);
}
@ -339,7 +384,7 @@ foreach(SERVICE_INSTANCES as $instance){
exec("systemctl start ".escapeshellarg("php$version-fpm@$instance"));
}
$stmt->execute([$instance]);
echo "Successfully added new instance $instance. Don't forget to add _tor-$instance as allowed user to your firewall rules in /etc/rc.local\n";
printf(_('Successfully added new instance %1$s. Don\'t forget to add %2$s as allowed user to your firewall rules in /etc/rc.local').PHP_EOL, $instance, "_tor-$instance");
}
}
// remove no longer enabled php/tor instances
@ -373,4 +418,4 @@ exec('find /var/www/html/ -type d -exec chmod 750 {} \;');
exec('chown root:www-data /var/www/common.php /var/www/composer.json /var/www/composer.lock /var/www/cron.php /var/www/find_old.php /var/www/setup_chroot.sh /var/www/setup.php');
exec('chmod 640 /var/www/common.php /var/www/composer.json /var/www/composer.lock /var/www/cron.php /var/www/find_old.php /var/www/setup.php');
exec('chmod 700 /var/www/setup_chroot.sh');
echo "Done - Database and files have been updated to the latest version :)\n";
echo _('Done - Database and files have been updated to the latest version :)').PHP_EOL;