danwin1210/hosting
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added canonical tag and store tor/php instance responsibility in db

Browse Source
This commit is contained in:
Daniel Winzen
2019-06-20 18:53:30 +02:00
parent 0462b9a440
commit 851a3103be
13 changed files with 99 additions and 81 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
var/www/common.php
View File

@ -5,9 +5,10 @@ const DBUSER='hosting'; // Database user
const DBPASS='MY_PASSWORD'; // Database password const DBPASS='MY_PASSWORD'; // Database password
const DBNAME='hosting'; // Database const DBNAME='hosting'; // Database
const PERSISTENT=true; // Use persistent database conection true/false const PERSISTENT=true; // Use persistent database conection true/false
const DBVERSION=13; //database layout version const DBVERSION=14; //database layout version
const CAPTCHA=0; // Captcha difficulty (0=off, 1=simple, 2=moderate, 3=extreme) const CAPTCHA=0; // Captcha difficulty (0=off, 1=simple, 2=moderate, 3=extreme)
const ADDRESS='dhosting4xxoydyaivckq7tsmtgi4wfs3flpeyitekkmqwu4v4r46syd.onion'; // our own address const ADDRESS='dhosting4xxoydyaivckq7tsmtgi4wfs3flpeyitekkmqwu4v4r46syd.onion'; // our own address
const CANONICAL_URL='https://hosting.danwin1210.me'; // our preferred domain for search engines
const SERVERS=[ //servers and ports we are running on const SERVERS=[ //servers and ports we are running on
'dhosting4xxoydyaivckq7tsmtgi4wfs3flpeyitekkmqwu4v4r46syd.onion'=>['sftp'=>22, 'ftp'=>21, 'pop3'=>'110', 'imap'=>'143', 'smtp'=>'25'], 'dhosting4xxoydyaivckq7tsmtgi4wfs3flpeyitekkmqwu4v4r46syd.onion'=>['sftp'=>22, 'ftp'=>21, 'pop3'=>'110', 'imap'=>'143', 'smtp'=>'25'],
'hosting.danwin1210.me'=>['sftp'=>22, 'ftp'=>21, 'pop3'=>'995', 'imap'=>'993', 'smtp'=>'465'] 'hosting.danwin1210.me'=>['sftp'=>22, 'ftp'=>21, 'pop3'=>'995', 'imap'=>'993', 'smtp'=>'465']
@ -21,7 +22,7 @@ const INDEX_MD5S=[ //MD5 sums of index.hosting.html files that should be considd
const REQUIRE_APPROVAL=false; //require admin approval of new sites? true/false const REQUIRE_APPROVAL=false; //require admin approval of new sites? true/false
const ENABLE_SHELL_ACCESS=true; //allows users to login via ssh, when disabled only (s)ftp is allowed - run setup.php to migrate existing accounts const ENABLE_SHELL_ACCESS=true; //allows users to login via ssh, when disabled only (s)ftp is allowed - run setup.php to migrate existing accounts
const ADMIN_PASSWORD='MY_PASSWORD'; //password for admin interface const ADMIN_PASSWORD='MY_PASSWORD'; //password for admin interface
const SERVICE_INSTANCES=['2', '3', '4', '5', '6', '7', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z']; const SERVICE_INSTANCES=['2', '3', '4', '5', '6', '7', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z']; //one character per instance - run multiple tor+php-fpm instances for load balancing, remove all but one instance if you expect less than 100 accounts. Adding new instances is always possible at a later time, just removing one takes some manual cleanup for now - run setup.php after change
const DISABLED_PHP_VERSIONS=[]; //php versions still installed on the system but no longer offered for new accounts const DISABLED_PHP_VERSIONS=[]; //php versions still installed on the system but no longer offered for new accounts
const PHP_VERSIONS=[4 => '7.3']; //currently active php versions const PHP_VERSIONS=[4 => '7.3']; //currently active php versions
const DEFAULT_PHP_VERSION='7.3'; //default php version const DEFAULT_PHP_VERSION='7.3'; //default php version
@ -316,8 +317,8 @@ NumEntryGuards 6
NumDirectoryGuards 6 NumDirectoryGuards 6
NumPrimaryGuards 6 NumPrimaryGuards 6
"; ";
$stmt=$db->prepare('SELECT onions.onion, users.system_account, onions.num_intros, onions.enable_smtp, onions.version, onions.max_streams, onions.enabled FROM onions LEFT JOIN users ON (users.id=onions.user_id) WHERE onions.onion LIKE ? AND onions.enabled IN (1, -2) AND users.id NOT IN (SELECT user_id FROM new_account) AND users.todelete!=1;'); $stmt=$db->prepare('SELECT onions.onion, users.system_account, onions.num_intros, onions.enable_smtp, onions.version, onions.max_streams, onions.enabled FROM onions LEFT JOIN users ON (users.id=onions.user_id) WHERE onions.instance = ? AND onions.enabled IN (1, -2) AND users.id NOT IN (SELECT user_id FROM new_account) AND users.todelete!=1;');
$stmt->execute(["$key%"]); $stmt->execute([$key]);
while($tmp=$stmt->fetch(PDO::FETCH_NUM)){ while($tmp=$stmt->fetch(PDO::FETCH_NUM)){
if($tmp[6]==1){ if($tmp[6]==1){
$socket=$tmp[1]; $socket=$tmp[1];
@ -507,9 +508,9 @@ function rewrite_nginx_config(PDO $db){
} }
function rewrite_php_config(PDO $db, string $key){ function rewrite_php_config(PDO $db, string $key){
$stmt=$db->prepare("SELECT system_account FROM users WHERE system_account LIKE ? AND php=? AND todelete!=1 AND id NOT IN (SELECT user_id FROM new_account);"); $stmt=$db->prepare("SELECT system_account FROM users WHERE instance = ? AND php=? AND todelete!=1 AND id NOT IN (SELECT user_id FROM new_account);");
foreach(array_replace(PHP_VERSIONS, DISABLED_PHP_VERSIONS) as $php_key => $version){ foreach(array_replace(PHP_VERSIONS, DISABLED_PHP_VERSIONS) as $php_key => $version){
$stmt->execute(["$key%", $php_key]); $stmt->execute([$key, $php_key]);
$php = "[www] $php = "[www]
user = www-data user = www-data
group = www-data group = www-data
@ -595,6 +596,11 @@ function del_user_db(PDO $db, int $user_id, string $mysql_db) {
} }
} }
function add_user_onion(PDO $db, int $user_id, string $onion, string $priv_key, int $onion_version) {
$stmt=$db->prepare('INSERT INTO onions (user_id, onion, private_key, version, enabled, instance) VALUES (?, ?, ?, ?, 2, ?);');
$stmt->execute([$user_id, $onion, $priv_key, $onion_version, SERVICE_INSTANCES[array_rand(SERVICE_INSTANCES)]]);
}
function del_user_onion(PDO $db, int $user_id, string $onion) { function del_user_onion(PDO $db, int $user_id, string $onion) {
$stmt = $db->prepare('SELECT null FROM onions WHERE user_id = ? AND onion = ? AND enabled IN (0, 1);'); $stmt = $db->prepare('SELECT null FROM onions WHERE user_id = ? AND onion = ? AND enabled IN (0, 1);');
$stmt->execute([$user_id, $onion]); $stmt->execute([$user_id, $onion]);
@ -646,3 +652,12 @@ function check_csrf_error(){
} }
return false; return false;
} }
function enqueue_instance_reload($db, $instance = null){
if($instance === null){
$stmt=$db->prepare('UPDATE service_instances SET reload = 1 LIMIT 1;');
}else{
$stmt=$db->prepare('UPDATE service_instances SET reload = 1 WHERE id = ?;');
$stmt->execute([$instance]);
}
}

64
var/www/cron.php
View File

@ -18,12 +18,12 @@ $db->query('UPDATE service_instances SET reload=0 WHERE reload=1;');
$del=$db->prepare("DELETE FROM new_account WHERE user_id=?;"); $del=$db->prepare("DELETE FROM new_account WHERE user_id=?;");
$enable_onion=$db->prepare("UPDATE onions SET enabled=2 WHERE onion=?;"); $enable_onion=$db->prepare("UPDATE onions SET enabled=2 WHERE onion=?;");
$approval = REQUIRE_APPROVAL ? 'WHERE new_account.approved=1': ''; $approval = REQUIRE_APPROVAL ? 'WHERE new_account.approved=1': '';
$stmt=$db->query("SELECT users.system_account, users.username, new_account.password, users.php, users.autoindex, users.id, onions.onion FROM new_account INNER JOIN users ON (users.id=new_account.user_id) INNER JOIN onions ON (onions.user_id=users.id) $approval LIMIT 100;"); $stmt=$db->query("SELECT users.system_account, users.username, new_account.password, users.php, users.autoindex, users.id, onions.onion, users.instance FROM new_account INNER JOIN users ON (users.id=new_account.user_id) INNER JOIN onions ON (onions.user_id=users.id) $approval LIMIT 100;");
while($id=$stmt->fetch(PDO::FETCH_NUM)){ while($id=$stmt->fetch(PDO::FETCH_NUM)){
$onion=$id[6]; $onion=$id[6];
$system_account=$id[0]; $system_account=$id[0];
$firstchar=substr($system_account, 0, 1); $instance=$id[7];
$reload[$firstchar]=true; $reload[$instance]=true;
$enable_onion->execute([$id[6]]); $enable_onion->execute([$id[6]]);
//add and manage rights of system user //add and manage rights of system user
$shell = ENABLE_SHELL_ACCESS ? '/bin/bash' : '/usr/sbin/nologin'; $shell = ENABLE_SHELL_ACCESS ? '/bin/bash' : '/usr/sbin/nologin';
@ -46,11 +46,11 @@ while($id=$stmt->fetch(PDO::FETCH_NUM)){
//add hidden services to tor //add hidden services to tor
$update_onion=$db->prepare('UPDATE onions SET private_key=?, enabled=1 WHERE onion=?;'); $update_onion=$db->prepare('UPDATE onions SET private_key=?, enabled=1 WHERE onion=?;');
$stmt=$db->query('SELECT onion, private_key, version FROM onions WHERE enabled=2;'); $stmt=$db->query('SELECT onion, private_key, version, instance FROM onions WHERE enabled=2;');
$onions=$stmt->fetchAll(PDO::FETCH_NUM); $onions=$stmt->fetchAll(PDO::FETCH_NUM);
foreach($onions as $onion){ foreach($onions as $onion){
$firstchar=substr($onion[0], 0, 1); $instance = $onion[3];
$reload[$firstchar]=true; $reload[$instance] = true;
if($onion[2]==2){ if($onion[2]==2){
//php openssl implementation has some issues, re-export using native openssl //php openssl implementation has some issues, re-export using native openssl
$pkey=openssl_pkey_get_private($onion[1]); $pkey=openssl_pkey_get_private($onion[1]);
@ -58,57 +58,57 @@ foreach($onions as $onion){
openssl_pkey_free($pkey); openssl_pkey_free($pkey);
$priv_key=shell_exec('echo ' . escapeshellarg($exported) . ' | openssl rsa'); $priv_key=shell_exec('echo ' . escapeshellarg($exported) . ' | openssl rsa');
//save hidden service //save hidden service
mkdir("/var/lib/tor-instances/$firstchar/hidden_service_$onion[0].onion", 0700); mkdir("/var/lib/tor-instances/$instance/hidden_service_$onion[0].onion", 0700);
file_put_contents("/var/lib/tor-instances/$firstchar/hidden_service_$onion[0].onion/private_key", $priv_key); file_put_contents("/var/lib/tor-instances/$instance/hidden_service_$onion[0].onion/private_key", $priv_key);
chmod("/var/lib/tor-instances/$firstchar/hidden_service_$onion[0].onion/private_key", 0600); chmod("/var/lib/tor-instances/$instance/hidden_service_$onion[0].onion/private_key", 0600);
chown("/var/lib/tor-instances/$firstchar/hidden_service_$onion[0].onion/", "_tor-$firstchar"); chown("/var/lib/tor-instances/$instance/hidden_service_$onion[0].onion/", "_tor-$instance");
chown("/var/lib/tor-instances/$firstchar/hidden_service_$onion[0].onion/private_key", "_tor-$firstchar"); chown("/var/lib/tor-instances/$instance/hidden_service_$onion[0].onion/private_key", "_tor-$instance");
chgrp("/var/lib/tor-instances/$firstchar/hidden_service_$onion[0].onion/", "_tor-$firstchar"); chgrp("/var/lib/tor-instances/$instance/hidden_service_$onion[0].onion/", "_tor-$instance");
chgrp("/var/lib/tor-instances/$firstchar/hidden_service_$onion[0].onion/private_key", "_tor-$firstchar"); chgrp("/var/lib/tor-instances/$instance/hidden_service_$onion[0].onion/private_key", "_tor-$instance");
$update_onion->execute([$priv_key, $onion[0]]); $update_onion->execute([$priv_key, $onion[0]]);
}elseif($onion[2]==3){ }elseif($onion[2]==3){
$priv_key=base64_decode($onion[1]); $priv_key=base64_decode($onion[1]);
//save hidden service //save hidden service
mkdir("/var/lib/tor-instances/$firstchar/hidden_service_$onion[0].onion", 0700); mkdir("/var/lib/tor-instances/$instance/hidden_service_$onion[0].onion", 0700);
file_put_contents("/var/lib/tor-instances/$firstchar/hidden_service_$onion[0].onion/hs_ed25519_secret_key", $priv_key); file_put_contents("/var/lib/tor-instances/$instance/hidden_service_$onion[0].onion/hs_ed25519_secret_key", $priv_key);
chmod("/var/lib/tor-instances/$firstchar/hidden_service_$onion[0].onion/hs_ed25519_secret_key", 0600); chmod("/var/lib/tor-instances/$instance/hidden_service_$onion[0].onion/hs_ed25519_secret_key", 0600);
chown("/var/lib/tor-instances/$firstchar/hidden_service_$onion[0].onion/", "_tor-$firstchar"); chown("/var/lib/tor-instances/$instance/hidden_service_$onion[0].onion/", "_tor-$instance");
chown("/var/lib/tor-instances/$firstchar/hidden_service_$onion[0].onion/hs_ed25519_secret_key", "_tor-$firstchar"); chown("/var/lib/tor-instances/$instance/hidden_service_$onion[0].onion/hs_ed25519_secret_key", "_tor-$instance");
chgrp("/var/lib/tor-instances/$firstchar/hidden_service_$onion[0].onion/", "_tor-$firstchar"); chgrp("/var/lib/tor-instances/$instance/hidden_service_$onion[0].onion/", "_tor-$instance");
chgrp("/var/lib/tor-instances/$firstchar/hidden_service_$onion[0].onion/hs_ed25519_secret_key", "_tor-$firstchar"); chgrp("/var/lib/tor-instances/$instance/hidden_service_$onion[0].onion/hs_ed25519_secret_key", "_tor-$instance");
$update_onion->execute([$onion[1], $onion[0]]); $update_onion->execute([$onion[1], $onion[0]]);
} }
} }
//delete old accounts //delete old accounts
$del=$db->prepare("DELETE FROM users WHERE id=?;"); $del=$db->prepare("DELETE FROM users WHERE id=?;");
$stmt=$db->query("SELECT system_account, id, mysql_user FROM users WHERE todelete=1 LIMIT 100;"); $stmt=$db->query("SELECT system_account, id, mysql_user, instance FROM users WHERE todelete=1 LIMIT 100;");
$accounts=$stmt->fetchAll(PDO::FETCH_NUM); $accounts=$stmt->fetchAll(PDO::FETCH_NUM);
$mark_onions=$db->prepare('UPDATE onions SET enabled=-1 WHERE user_id=? AND enabled!=-2;'); $mark_onions=$db->prepare('UPDATE onions SET enabled=-1 WHERE user_id=? AND enabled!=-2;');
foreach($accounts as $account){ foreach($accounts as $account){
$firstchar=substr($account[0], 0, 1); $instance=$account[3];
$reload[$firstchar]=true; $reload[$instance]=true;
$mark_onions->execute([$account[1]]); $mark_onions->execute([$account[1]]);
} }
//delete hidden services from tor //delete hidden services from tor
$del_onions=$db->prepare('DELETE FROM onions WHERE onion=?;'); $del_onions=$db->prepare('DELETE FROM onions WHERE onion=?;');
$stmt=$db->query('SELECT onion FROM onions WHERE enabled=-1;'); $stmt=$db->query('SELECT onion, instance FROM onions WHERE enabled=-1;');
$onions=$stmt->fetchAll(PDO::FETCH_NUM); $onions=$stmt->fetchAll(PDO::FETCH_NUM);
foreach($onions as $onion){ foreach($onions as $onion){
$firstchar=substr($onion[0], 0, 1); $instance = $onion[1];
$reload[$firstchar]=true; $reload[$instance] = true;
if(file_exists("/var/lib/tor-instances/$firstchar/hidden_service_$onion[0].onion/")){ if(file_exists("/var/lib/tor-instances/$instance/hidden_service_$onion[0].onion/")){
if(file_exists("/var/lib/tor-instances/$firstchar/hidden_service_$onion[0].onion/authorized_clients/")){ if(file_exists("/var/lib/tor-instances/$instance/hidden_service_$onion[0].onion/authorized_clients/")){
foreach(glob("/var/lib/tor-instances/$firstchar/hidden_service_$onion[0].onion/authorized_clients/*") as $file){ foreach(glob("/var/lib/tor-instances/$instance/hidden_service_$onion[0].onion/authorized_clients/*") as $file){
unlink($file); unlink($file);
} }
rmdir("/var/lib/tor-instances/$firstchar/hidden_service_$onion[0].onion/authorized_clients"); rmdir("/var/lib/tor-instances/$instance/hidden_service_$onion[0].onion/authorized_clients");
} }
foreach(glob("/var/lib/tor-instances/$firstchar/hidden_service_$onion[0].onion/*") as $file){ foreach(glob("/var/lib/tor-instances/$instance/hidden_service_$onion[0].onion/*") as $file){
unlink($file); unlink($file);
} }
rmdir("/var/lib/tor-instances/$firstchar/hidden_service_$onion[0].onion/"); rmdir("/var/lib/tor-instances/$instance/hidden_service_$onion[0].onion/");
} }
$del_onions->execute([$onion[0]]); $del_onions->execute([$onion[0]]);
} }

27
var/www/html/admin.php
View File

@ -15,6 +15,7 @@ echo '<title>Daniel\'s Hosting - Admin panel</title>';
echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8">'; echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8">';
echo '<meta name="author" content="Daniel Winzen">'; echo '<meta name="author" content="Daniel Winzen">';
echo '<meta name="viewport" content="width=device-width, initial-scale=1">'; echo '<meta name="viewport" content="width=device-width, initial-scale=1">';
echo '<link rel="canonical" href="'.CANONICAL_URL. $_SERVER['SCRIPT_NAME'] .'">';
echo '</head><body>'; echo '</head><body>';
echo '<h1>Hosting - Admin panel</h1>'; echo '<h1>Hosting - Admin panel</h1>';
$error=false; $error=false;
@ -25,7 +26,7 @@ if($_SERVER['REQUEST_METHOD']==='POST' && isset($_POST['pass']) && $_POST['pass'
} }
} }
if(empty($_SESSION['logged_in'])){ if(empty($_SESSION['logged_in'])){
echo '<form action="' . basename(__FILE__) . '" method="POST"><table>'; echo '<form action="' . $_SERVER['SCRIPT_NAME'] . '" method="POST"><table>';
echo "<tr><td>Password </td><td><input type=\"password\" name=\"pass\" size=\"30\" required autofocus></td></tr>"; echo "<tr><td>Password </td><td><input type=\"password\" name=\"pass\" size=\"30\" required autofocus></td></tr>";
send_captcha(); send_captcha();
echo "<tr><td colspan=\"2\"><input type=\"submit\" name=\"action\" value=\"login\"></td></tr>"; echo "<tr><td colspan=\"2\"><input type=\"submit\" name=\"action\" value=\"login\"></td></tr>";
@ -41,17 +42,17 @@ if(empty($_SESSION['logged_in'])){
if(REQUIRE_APPROVAL){ if(REQUIRE_APPROVAL){
$stmt=$db->query('SELECT COUNT(*) FROM new_account WHERE approved=0;'); $stmt=$db->query('SELECT COUNT(*) FROM new_account WHERE approved=0;');
$cnt=$stmt->fetch(PDO::FETCH_NUM)[0]; $cnt=$stmt->fetch(PDO::FETCH_NUM)[0];
echo '<a href="' . basename(__FILE__) . "?action=approve\">Approve pending sites ($cnt)</a> | "; echo '<a href="' . $_SERVER['SCRIPT_NAME'] . "?action=approve\">Approve pending sites ($cnt)</a> | ";
} }
echo '<a href="' . basename(__FILE__) . '?action=list">List of accounts</a> | <a href="' . basename(__FILE__) . '?action=delete">Delete accounts</a> | <a href="' . basename(__FILE__) . '?action=suspend">Suspend hidden services</a> | <a href="' . basename(__FILE__) . '?action=edit">Edit hidden services</a> | <a href="' . basename(__FILE__) . '?action=logout">Logout</a></p>'; echo '<a href="' . $_SERVER['SCRIPT_NAME'] . '?action=list">List of accounts</a> | <a href="' . $_SERVER['SCRIPT_NAME'] . '?action=delete">Delete accounts</a> | <a href="' . $_SERVER['SCRIPT_NAME'] . '?action=suspend">Suspend hidden services</a> | <a href="' . $_SERVER['SCRIPT_NAME'] . '?action=edit">Edit hidden services</a> | <a href="' . $_SERVER['SCRIPT_NAME'] . '?action=logout">Logout</a></p>';
if(empty($_REQUEST['action']) || $_REQUEST['action']==='login'){ if(empty($_REQUEST['action']) || $_REQUEST['action']==='login'){
echo '<p>Welcome to the admin panel!</p>'; echo '<p>Welcome to the admin panel!</p>';
}elseif($_REQUEST['action'] === 'logout'){ }elseif($_REQUEST['action'] === 'logout'){
session_destroy(); session_destroy();
header('Location: ' . basename(__FILE__)); header('Location: ' . $_SERVER['SCRIPT_NAME']);
exit; exit;
}elseif($_REQUEST['action'] === 'list'){ }elseif($_REQUEST['action'] === 'list'){
echo '<form action="' . basename(__FILE__) . "\" method=\"POST\"><input type=\"hidden\" name=\"csrf_token\" value=\"$_SESSION[csrf_token]\">"; echo '<form action="' . $_SERVER['SCRIPT_NAME'] . "\" method=\"POST\"><input type=\"hidden\" name=\"csrf_token\" value=\"$_SESSION[csrf_token]\">";
echo '<table border="1">'; echo '<table border="1">';
echo '<tr><th>Username</th><th>Onion link</th><th>Action</th></tr>'; echo '<tr><th>Username</th><th>Onion link</th><th>Action</th></tr>';
$stmt=$db->query('SELECT users.username, onions.onion FROM users INNER JOIN onions ON (onions.user_id=users.id) ORDER BY users.username;'); $stmt=$db->query('SELECT users.username, onions.onion FROM users INNER JOIN onions ON (onions.user_id=users.id) ORDER BY users.username;');
@ -84,7 +85,7 @@ if(empty($_SESSION['logged_in'])){
echo '<p style="color:green;">Successfully approved</p>'; echo '<p style="color:green;">Successfully approved</p>';
} }
} }
echo '<form action="' . basename(__FILE__) . "\" method=\"POST\"><input type=\"hidden\" name=\"csrf_token\" value=\"$_SESSION[csrf_token]\">"; echo '<form action="' . $_SERVER['SCRIPT_NAME'] . "\" method=\"POST\"><input type=\"hidden\" name=\"csrf_token\" value=\"$_SESSION[csrf_token]\">";
echo '<table border="1">'; echo '<table border="1">';
echo '<tr><th>Username</th><th>Onion address</th><th>Action</th></tr>'; echo '<tr><th>Username</th><th>Onion address</th><th>Action</th></tr>';
$stmt=$db->query('SELECT users.username, onions.onion FROM users INNER JOIN new_account ON (users.id=new_account.user_id) INNER JOIN onions ON (onions.user_id=users.id) WHERE new_account.approved=0 ORDER BY users.username;'); $stmt=$db->query('SELECT users.username, onions.onion FROM users INNER JOIN new_account ON (users.id=new_account.user_id) INNER JOIN onions ON (onions.user_id=users.id) WHERE new_account.approved=0 ORDER BY users.username;');
@ -100,7 +101,7 @@ if(empty($_SESSION['logged_in'])){
$onion = substr($_REQUEST['action'], 7); $onion = substr($_REQUEST['action'], 7);
} }
echo '<p>Delete accouts:</p>'; echo '<p>Delete accouts:</p>';
echo '<form action="' . basename(__FILE__) . '" method="POST">'; echo '<form action="' . $_SERVER['SCRIPT_NAME'] . '" method="POST">';
echo '<input type="hidden" name="csrf_token" value="' . $_SESSION['csrf_token'] . '">'; echo '<input type="hidden" name="csrf_token" value="' . $_SESSION['csrf_token'] . '">';
echo '<p>Onion address: <input type="text" name="onion" size="30" value="'; echo '<p>Onion address: <input type="text" name="onion" size="30" value="';
echo htmlspecialchars($onion); echo htmlspecialchars($onion);
@ -131,7 +132,7 @@ if(empty($_SESSION['logged_in'])){
$onion = substr($_REQUEST['action'], 8); $onion = substr($_REQUEST['action'], 8);
} }
echo '<p>Suspend hidden service:</p>'; echo '<p>Suspend hidden service:</p>';
echo '<form action="' . basename(__FILE__) . '" method="POST">'; echo '<form action="' . $_SERVER['SCRIPT_NAME'] . '" method="POST">';
echo '<input type="hidden" name="csrf_token" value="'.$_SESSION['csrf_token'].'">'; echo '<input type="hidden" name="csrf_token" value="'.$_SESSION['csrf_token'].'">';
echo '<p>Onion address: <input type="text" name="onion" size="30" value="'; echo '<p>Onion address: <input type="text" name="onion" size="30" value="';
echo htmlspecialchars($onion); echo htmlspecialchars($onion);
@ -147,8 +148,7 @@ if(empty($_SESSION['logged_in'])){
$stmt=$db->prepare('UPDATE onions SET enabled=-2 WHERE onion=?;'); $stmt=$db->prepare('UPDATE onions SET enabled=-2 WHERE onion=?;');
$stmt->execute([$match[1]]); $stmt->execute([$match[1]]);
echo "<p style=\"color:green;\">Successfully queued for suspension!</p>"; echo "<p style=\"color:green;\">Successfully queued for suspension!</p>";
$stmt=$db->prepare('UPDATE service_instances SET reload = 1 WHERE id=?'); enqueue_instance_reload($db, substr($match[1], 0, 1));
$stmt->execute([substr($match[1], 0, 1)]);
}else{ }else{
echo "<p style=\"color:red;\">Onion address not hosted by us!</p>"; echo "<p style=\"color:red;\">Onion address not hosted by us!</p>";
} }
@ -164,7 +164,7 @@ if(empty($_SESSION['logged_in'])){
$onion = substr($_REQUEST['action'], 5); $onion = substr($_REQUEST['action'], 5);
} }
echo '<p>Edit hidden service:</p>'; echo '<p>Edit hidden service:</p>';
echo '<form action="' . basename(__FILE__) . '" method="POST">'; echo '<form action="' . $_SERVER['SCRIPT_NAME'] . '" method="POST">';
echo '<input type="hidden" name="csrf_token" value="'.$_SESSION['csrf_token'].'">'; echo '<input type="hidden" name="csrf_token" value="'.$_SESSION['csrf_token'].'">';
echo '<p>Onion address: <input type="text" name="onion" size="30" value="'; echo '<p>Onion address: <input type="text" name="onion" size="30" value="';
echo htmlspecialchars($onion); echo htmlspecialchars($onion);
@ -196,15 +196,14 @@ if(empty($_SESSION['logged_in'])){
$max_streams = 65535; $max_streams = 65535;
} }
$stmt->execute([$enabled, $enable_smtp, $num_intros, $max_streams, $match[1]]); $stmt->execute([$enabled, $enable_smtp, $num_intros, $max_streams, $match[1]]);
$stmt=$db->prepare('UPDATE service_instances SET reload = 1 WHERE id=?'); enqueue_instance_reload($db, substr($match[1], 0, 1));
$stmt->execute([substr($match[1], 0, 1)]);
echo "<p style=\"color:green;\">Changes successfully saved!</p>"; echo "<p style=\"color:green;\">Changes successfully saved!</p>";
} }
} }
$stmt=$db->prepare('SELECT onion, enabled, enable_smtp, num_intros, max_streams, version FROM onions WHERE onion=?;'); $stmt=$db->prepare('SELECT onion, enabled, enable_smtp, num_intros, max_streams, version FROM onions WHERE onion=?;');
$stmt->execute([$match[1]]); $stmt->execute([$match[1]]);
if($onion=$stmt->fetch(PDO::FETCH_NUM)){ if($onion=$stmt->fetch(PDO::FETCH_NUM)){
echo '<form action="' . basename(__FILE__) . '" method="POST">'; echo '<form action="' . $_SERVER['SCRIPT_NAME'] . '" method="POST">';
echo '<input type="hidden" name="csrf_token" value="'.$_SESSION['csrf_token'].'">'; echo '<input type="hidden" name="csrf_token" value="'.$_SESSION['csrf_token'].'">';
echo '<table border="1"><tr><th>Onion</th><th>Enabled</th><th>SMTP enabled</th><th>Nr. of intros</th><th>Max streams per rend circuit</th><th>Save</th></tr>'; echo '<table border="1"><tr><th>Onion</th><th>Enabled</th><th>SMTP enabled</th><th>Nr. of intros</th><th>Max streams per rend circuit</th><th>Save</th></tr>';
echo '<tr><td><input type="text" name="onion" size="15" value="'.$onion[0].'" required autofocus></td>'; echo '<tr><td><input type="text" name="onion" size="15" value="'.$onion[0].'" required autofocus></td>';

1
var/www/html/delete.php
View File

@ -28,6 +28,7 @@ header('Content-Type: text/html; charset=UTF-8');
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="author" content="Daniel Winzen"> <meta name="author" content="Daniel Winzen">
<meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="canonical" href="<?php echo CANONICAL_URL . $_SERVER['SCRIPT_NAME']; ?>">
</head><body> </head><body>
<p>This will delete your account and all data asociated with it. It can't be un-done. Are you sure?</p> <p>This will delete your account and all data asociated with it. It can't be un-done. Are you sure?</p>
<?php echo $msg; ?> <?php echo $msg; ?>

1
var/www/html/faq.php
View File

@ -7,6 +7,7 @@ header('Content-Type: text/html; charset=UTF-8');
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="author" content="Daniel Winzen"> <meta name="author" content="Daniel Winzen">
<meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="canonical" href="<?php echo CANONICAL_URL . $_SERVER['SCRIPT_NAME']; ?>">
</head><body> </head><body>
<h1>Hosting - Info</h1> <h1>Hosting - Info</h1>
<p><a href="index.php">Info</a> | <a href="register.php">Register</a> | <a href="login.php">Login</a> | <a href="list.php">List of hosted sites</a> | FAQ</p> <p><a href="index.php">Info</a> | <a href="register.php">Register</a> | <a href="login.php">Login</a> | <a href="list.php">List of hosted sites</a> | FAQ</p>

2
var/www/html/files.php
View File

@ -286,6 +286,7 @@ $dir=htmlspecialchars($dir);
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="author" content="Daniel Winzen"> <meta name="author" content="Daniel Winzen">
<meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="canonical" href="<?php echo CANONICAL_URL . $_SERVER['SCRIPT_NAME']; ?>">
<title>Daniel's Hosting - FileManager - Index of <?php echo $dir; ?></title> <title>Daniel's Hosting - FileManager - Index of <?php echo $dir; ?></title>
<style type="text/css">.list td:nth-child(3){word-break:break-all;} .list td:nth-child(5){text-align:right;} .list tr{height:28px;} <style type="text/css">.list td:nth-child(3){word-break:break-all;} .list td:nth-child(5){text-align:right;} .list tr{height:28px;}
.back{min-width:22px; background:no-repeat url(data:img/gif;base64,R0lGODlhFAAWAPH/AAAAADMzM2ZmZpmZmSH5BAUAAAQALAAAAAAUABYAAANLSLrc/oKE8CoZM1O7os7c9WmcN04WdoKQdBIANypAHG5YbS/7kus1RlDxA+p4xqSRpmwCKE7nINqMwKi6wEAY1VaS3tBV/OiRz4sEADs=);} .back{min-width:22px; background:no-repeat url(data:img/gif;base64,R0lGODlhFAAWAPH/AAAAADMzM2ZmZpmZmSH5BAUAAAQALAAAAAAUABYAAANLSLrc/oKE8CoZM1O7os7c9WmcN04WdoKQdBIANypAHG5YbS/7kus1RlDxA+p4xqSRpmwCKE7nINqMwKi6wEAY1VaS3tBV/OiRz4sEADs=);}
@ -388,6 +389,7 @@ function send_not_found(){
echo '<title>404 Not Found</title>'; echo '<title>404 Not Found</title>';
echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8">'; echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8">';
echo '<meta name=viewport content="width=device-width, initial-scale=1">'; echo '<meta name=viewport content="width=device-width, initial-scale=1">';
echo '<link rel="canonical" href="'.CANONICAL_URL . $_SERVER['SCRIPT_NAME'].'">';
echo '</head><body>'; echo '</head><body>';
echo '<p>The requested file '.htmlspecialchars($_REQUEST['path']).' was not found on your account.</p>'; echo '<p>The requested file '.htmlspecialchars($_REQUEST['path']).' was not found on your account.</p>';
echo '<p><a href="files.php">Go back to home directory</a>.</p>'; echo '<p><a href="files.php">Go back to home directory</a>.</p>';

19
var/www/html/home.php
View File

@ -22,6 +22,7 @@ if(isset($_POST['action']) && $_POST['action']==='del_db' && !empty($_POST['db']
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="author" content="Daniel Winzen"> <meta name="author" content="Daniel Winzen">
<meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="canonical" href="<?php echo CANONICAL_URL . $_SERVER['SCRIPT_NAME']; ?>">
</head><body> </head><body>
<p>This will delete your database <?php echo htmlspecialchars($_POST['db']); ?> and all data asociated with it. It can't be un-done. Are you sure?</p> <p>This will delete your database <?php echo htmlspecialchars($_POST['db']); ?> and all data asociated with it. It can't be un-done. Are you sure?</p>
<form method="post" action="home.php"><input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>"> <form method="post" action="home.php"><input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>">
@ -47,6 +48,7 @@ if(isset($_POST['action']) && $_POST['action']==='del_onion' && !empty($_POST['o
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="author" content="Daniel Winzen"> <meta name="author" content="Daniel Winzen">
<meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="canonical" href="<?php echo CANONICAL_URL . $_SERVER['SCRIPT_NAME']; ?>">
</head><body> </head><body>
<p>This will delete your onion domain <?php echo htmlspecialchars($_POST['onion']); ?>.onion and all data asociated with it. It can't be un-done. Are you sure?</p> <p>This will delete your onion domain <?php echo htmlspecialchars($_POST['onion']); ?>.onion and all data asociated with it. It can't be un-done. Are you sure?</p>
<form method="post" action="home.php"><input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>"> <form method="post" action="home.php"><input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>">
@ -100,8 +102,7 @@ if(isset($_POST['action']) && $_POST['action']==='add_onion'){
$ok = false; $ok = false;
} }
if($ok){ if($ok){
$stmt=$db->prepare('INSERT INTO onions (user_id, onion, private_key, version, enabled) VALUES (?, ?, ?, ?, 2);'); add_user_onion($db, $user['id'], $onion, $priv_key, $onion_version);
$stmt->execute([$user['id'], $onion, $priv_key, $onion_version]);
} }
} }
if(isset($_POST['action']) && $_POST['action']==='del_onion_2' && !empty($_POST['onion'])){ if(isset($_POST['action']) && $_POST['action']==='del_onion_2' && !empty($_POST['onion'])){
@ -118,8 +119,7 @@ if(isset($_POST['action']) && $_POST['action']==='add_domain' && !empty($_POST['
if(!empty($error)){ if(!empty($error)){
$msg = "<p style=\"color:red;\">$error</p>"; $msg = "<p style=\"color:red;\">$error</p>";
}else{ }else{
$stmt=$db->prepare('UPDATE service_instances SET reload = 1 WHERE id = ?'); enqueue_instance_reload($db);
$stmt->execute([substr($user['system_account'], 0, 1)]);
} }
} }
if(isset($_POST['action']) && $_POST['action']==='del_domain' && !empty($_POST['domain'])){ if(isset($_POST['action']) && $_POST['action']==='del_domain' && !empty($_POST['domain'])){
@ -131,6 +131,7 @@ if(isset($_POST['action']) && $_POST['action']==='del_domain' && !empty($_POST['
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="author" content="Daniel Winzen"> <meta name="author" content="Daniel Winzen">
<meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="canonical" href="<?php echo CANONICAL_URL . $_SERVER['SCRIPT_NAME']; ?>">
</head><body> </head><body>
<p>This will delete your domain <?php echo htmlspecialchars($_POST['domain']); ?> and all data asociated with it. It can't be un-done. Are you sure?</p> <p>This will delete your domain <?php echo htmlspecialchars($_POST['domain']); ?> and all data asociated with it. It can't be un-done. Are you sure?</p>
<form method="post" action="home.php"><input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>"> <form method="post" action="home.php"><input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>">
@ -146,8 +147,7 @@ if(isset($_POST['action']) && $_POST['action']==='del_domain_2' && !empty($_POST
die($error); die($error);
} }
del_user_domain($db, $user['id'], $_POST['domain']); del_user_domain($db, $user['id'], $_POST['domain']);
$stmt=$db->prepare('UPDATE service_instances SET reload = 1 WHERE id = ?'); enqueue_instance_reload($db);
$stmt->execute([substr($user['system_account'], 0, 1)]);
} }
if(isset($_REQUEST['action']) && isset($_REQUEST['onion']) && $_REQUEST['action']==='edit_onion'){ if(isset($_REQUEST['action']) && isset($_REQUEST['onion']) && $_REQUEST['action']==='edit_onion'){
if($error=check_csrf_error()){ if($error=check_csrf_error()){
@ -174,8 +174,7 @@ if(isset($_REQUEST['action']) && isset($_REQUEST['onion']) && $_REQUEST['action'
$max_streams = 65535; $max_streams = 65535;
} }
$stmt->execute([$enabled, $enable_smtp, $num_intros, $max_streams, $_REQUEST['onion']]); $stmt->execute([$enabled, $enable_smtp, $num_intros, $max_streams, $_REQUEST['onion']]);
$stmt=$db->prepare('UPDATE service_instances SET reload = 1 WHERE id = ?'); enqueue_instance_reload($db, substr($_REQUEST['onion'], 0, 1));
$stmt->execute([substr($_REQUEST['onion'], 0, 1)]);
} }
} }
if(isset($_REQUEST['action']) && isset($_POST['domain']) && $_POST['action']==='edit_domain'){ if(isset($_REQUEST['action']) && isset($_POST['domain']) && $_POST['action']==='edit_domain'){
@ -188,8 +187,7 @@ if(isset($_REQUEST['action']) && isset($_POST['domain']) && $_POST['action']==='
$stmt=$db->prepare('UPDATE domains SET enabled = ? WHERE domain = ?;'); $stmt=$db->prepare('UPDATE domains SET enabled = ? WHERE domain = ?;');
$enabled = isset($_POST['enabled']) ? 1 : 0; $enabled = isset($_POST['enabled']) ? 1 : 0;
$stmt->execute([$enabled, $_POST['domain']]); $stmt->execute([$enabled, $_POST['domain']]);
$stmt=$db->prepare('UPDATE service_instances SET reload = 1 WHERE id = ?'); enqueue_instance_reload($db);
$stmt->execute([substr($user['system_account'], 0, 1)]);
} }
} }
@ -199,6 +197,7 @@ echo '<title>Daniel\'s Hosting - Dashboard</title>';
echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8">'; echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8">';
echo '<meta name="author" content="Daniel Winzen">'; echo '<meta name="author" content="Daniel Winzen">';
echo '<meta name="viewport" content="width=device-width, initial-scale=1">'; echo '<meta name="viewport" content="width=device-width, initial-scale=1">';
echo '<link rel="canonical" href="' . CANONICAL_URL . $_SERVER['SCRIPT_NAME'] . '">';
echo '<style type="text/css">#custom_onion:not(checked)+#private_key{display:none;}#custom_onion:checked+#private_key{display:block;}</style>'; echo '<style type="text/css">#custom_onion:not(checked)+#private_key{display:none;}#custom_onion:checked+#private_key{display:block;}</style>';
echo '</head><body>'; echo '</head><body>';
echo "<p>Logged in as $user[username] <a href=\"logout.php\">Logout</a> | <a href=\"password.php\">Change passwords</a> | <a target=\"_blank\" href=\"files.php\">FileManager</a> | <a href=\"delete.php\">Delete account</a></p>"; echo "<p>Logged in as $user[username] <a href=\"logout.php\">Logout</a> | <a href=\"password.php\">Change passwords</a> | <a target=\"_blank\" href=\"files.php\">FileManager</a> | <a href=\"delete.php\">Delete account</a></p>";

16
var/www/html/index.php
View File

@ -1,21 +1,13 @@
<?php <?php
include('../common.php'); include('../common.php');
header('Content-Type: text/html; charset=UTF-8'); header('Content-Type: text/html; charset=UTF-8');
if(isset($_SERVER['HTTP_HOST']) && preg_match('/danwin1210\.(i2p|me)$/', $_SERVER['HTTP_HOST'])){
if(preg_match('/\.me$/', $_SERVER['HTTP_HOST'])){
$host='https://danwin1210.me';
}else{
$host='http://danwin1210.i2p';
}
}else{
$host='http://tt3j2x4k5ycaa5zt.onion';
}
?> ?>
<!DOCTYPE html><html><head> <!DOCTYPE html><html><head>
<title>Daniel's Hosting</title> <title>Daniel's Hosting</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="author" content="Daniel Winzen"> <meta name="author" content="Daniel Winzen">
<meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="canonical" href="<?php echo CANONICAL_URL . $_SERVER['SCRIPT_NAME']; ?>">
</head><body> </head><body>
<h1>Hosting - Info</h1> <h1>Hosting - Info</h1>
<p>Info | <a href="register.php">Register</a> | <a href="login.php">Login</a> | <a href="list.php">List of hosted sites</a> | <a href="faq.php">FAQ</a></p> <p>Info | <a href="register.php">Register</a> | <a href="login.php">Login</a> | <a href="list.php">List of hosted sites</a> | <a href="faq.php">FAQ</a></p>
@ -36,9 +28,9 @@ if(isset($_SERVER['HTTP_HOST']) && preg_match('/danwin1210\.(i2p|me)$/', $_SERVE
<li>mail() can send e-mails from your.onion@<?php echo ADDRESS; ?> (your.onion@hosting.danwin1210.me for clearnet) - not yet working but will return in future, use <a href="https://github.com/PHPMailer/PHPMailer" target="_blank">https://github.com/PHPMailer/PHPMailer</a> or similar for now</li> <li>mail() can send e-mails from your.onion@<?php echo ADDRESS; ?> (your.onion@hosting.danwin1210.me for clearnet) - not yet working but will return in future, use <a href="https://github.com/PHPMailer/PHPMailer" target="_blank">https://github.com/PHPMailer/PHPMailer</a> or similar for now</li>
<li>Webmail and IMAP, POP3 and SMTP access to your mail account</li> <li>Webmail and IMAP, POP3 and SMTP access to your mail account</li>
<li>Mail sent to anything@your.onion gets automatically redirected to your inbox</li> <li>Mail sent to anything@your.onion gets automatically redirected to your inbox</li>
<li>Your own .onion domain</li> <li>Your own .onion domains</li>
<li>On request your own clearnet domain or a free subdomain of danwin1210.me. I can setup an I2P domain as well.</li> <li>Clearnet domains or a free subdomain of danwin1210.me</li>
<li>There is a missing feature or you need a special configuration? Just <a href="<?php echo "$host/contact.php"; ?>">contact me</a> and I'll see what I can do.</li> <li>There is a missing feature or you need a special configuration? Just <a href="<?php echo "https://danwin1210.me/contact.php"; ?>">contact me</a> and I'll see what I can do.</li>
<li>Empty/Unused accounts will be automatically deleted after a month of inactivity</li> <li>Empty/Unused accounts will be automatically deleted after a month of inactivity</li>
<li>More to come…</li> <li>More to come…</li>
</ul> </ul>

1
var/www/html/list.php
View File

@ -11,6 +11,7 @@ echo '<title>Daniel\'s Hosting - List of hosted sites</title>';
echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8">'; echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8">';
echo '<meta name="author" content="Daniel Winzen">'; echo '<meta name="author" content="Daniel Winzen">';
echo '<meta name="viewport" content="width=device-width, initial-scale=1">'; echo '<meta name="viewport" content="width=device-width, initial-scale=1">';
echo '<link rel="canonical" href="' . CANONICAL_URL . $_SERVER['SCRIPT_NAME'] . '">';
echo '</head><body>'; echo '</head><body>';
echo '<h1>Hosting - List of hosted sites</h1>'; echo '<h1>Hosting - List of hosted sites</h1>';
echo '<p><a href="index.php">Info</a> | <a href="register.php">Register</a> | <a href="login.php">Login</a> | List of hosted sites | <a href="faq.php">FAQ</a></p>'; echo '<p><a href="index.php">Info</a> | <a href="register.php">Register</a> | <a href="login.php">Login</a> | List of hosted sites | <a href="faq.php">FAQ</a></p>';

1
var/www/html/login.php
View File

@ -64,6 +64,7 @@ echo '<title>Daniel\'s Hosting - Login</title>';
echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8">'; echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8">';
echo '<meta name="author" content="Daniel Winzen">'; echo '<meta name="author" content="Daniel Winzen">';
echo '<meta name="viewport" content="width=device-width, initial-scale=1">'; echo '<meta name="viewport" content="width=device-width, initial-scale=1">';
echo '<link rel="canonical" href="' . CANONICAL_URL . $_SERVER['SCRIPT_NAME'] . '">';
echo '</head><body>'; echo '</head><body>';
echo '<h1>Hosting - Login</h1>'; echo '<h1>Hosting - Login</h1>';
echo '<p><a href="index.php">Info</a> | <a href="register.php">Register</a> | Login | <a href="list.php">List of hosted sites</a> | <a href="faq.php">FAQ</a></p>'; echo '<p><a href="index.php">Info</a> | <a href="register.php">Register</a> | Login | <a href="list.php">List of hosted sites</a> | <a href="faq.php">FAQ</a></p>';

1
var/www/html/password.php
View File

@ -46,6 +46,7 @@ echo '<title>Daniel\'s Hosting - Change password</title>';
echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8">'; echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8">';
echo '<meta name="author" content="Daniel Winzen">'; echo '<meta name="author" content="Daniel Winzen">';
echo '<meta name="viewport" content="width=device-width, initial-scale=1">'; echo '<meta name="viewport" content="width=device-width, initial-scale=1">';
echo '<link rel="canonical" href="' . CANONICAL_URL . $_SERVER['SCRIPT_NAME'] . '">';
echo '</head><body>'; echo '</head><body>';
echo $msg; echo $msg;
echo '<form method="POST" action="password.php"><input type="hidden" name="csrf_token" value="'.$_SESSION['csrf_token'].'"><table>'; echo '<form method="POST" action="password.php"><input type="hidden" name="csrf_token" value="'.$_SESSION['csrf_token'].'"><table>';

8
var/www/html/register.php
View File

@ -17,6 +17,7 @@ if(!empty($_SESSION['hosting_username'])){
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="author" content="Daniel Winzen"> <meta name="author" content="Daniel Winzen">
<meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="canonical" href="<?php echo CANONICAL_URL . $_SERVER['SCRIPT_NAME']; ?>">
<style type="text/css">#custom_onion:not(checked)+#private_key{display:none;}#custom_onion:checked+#private_key{display:block;}</style> <style type="text/css">#custom_onion:not(checked)+#private_key{display:none;}#custom_onion:checked+#private_key{display:block;}</style>
</head><body> </head><body>
<h1>Hosting - Register</h1> <h1>Hosting - Register</h1>
@ -106,11 +107,10 @@ if($_SERVER['REQUEST_METHOD']==='POST'){
$ok=false; $ok=false;
}elseif($ok){ }elseif($ok){
$mysql_user = add_mysql_user($db, $_POST['pass']); $mysql_user = add_mysql_user($db, $_POST['pass']);
$stmt=$db->prepare('INSERT INTO users (username, system_account, password, dateadded, public, php, autoindex, mysql_user) VALUES (?, ?, ?, ?, ?, ?, ?, ?);'); $stmt=$db->prepare('INSERT INTO users (username, system_account, password, dateadded, public, php, autoindex, mysql_user, instance) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?);');
$stmt->execute([$_POST['username'], substr("$onion.onion", 0, 32), $hash, time(), $public_list, $php, $autoindex, $mysql_user]); $stmt->execute([$_POST['username'], substr("$onion.onion", 0, 32), $hash, time(), $public_list, $php, $autoindex, $mysql_user, SERVICE_INSTANCES[array_rand(SERVICE_INSTANCES)]]);
$user_id = $db->lastInsertId(); $user_id = $db->lastInsertId();
$stmt=$db->prepare('INSERT INTO onions (user_id, onion, private_key, version) VALUES (?, ?, ?, ?);'); add_user_onion($db, $user_id, $onion, $priv_key, $onion_version);
$stmt->execute([$user_id, $onion, $priv_key, $onion_version]);
add_user_db($db, $user_id); add_user_db($db, $user_id);
$stmt=$db->prepare('INSERT INTO new_account (user_id, password) VALUES (?, ?);'); $stmt=$db->prepare('INSERT INTO new_account (user_id, password) VALUES (?, ?);');
$stmt->execute([$user_id, get_system_hash($_POST['pass'])]); $stmt->execute([$user_id, get_system_hash($_POST['pass'])]);

12
var/www/setup.php
View File

@ -22,13 +22,13 @@ $version;
if(!@$version=$db->query("SELECT value FROM settings WHERE setting='version';")){ if(!@$version=$db->query("SELECT value FROM settings WHERE setting='version';")){
//create tables //create tables
$db->exec('CREATE TABLE captcha (id int(11) NOT NULL AUTO_INCREMENT PRIMARY KEY, time int(11) NOT NULL, code char(5) COLLATE latin1_bin NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_bin;'); $db->exec('CREATE TABLE captcha (id int(11) NOT NULL AUTO_INCREMENT PRIMARY KEY, time int(11) NOT NULL, code char(5) COLLATE latin1_bin NOT NULL) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_bin;');
$db->exec("CREATE TABLE users (id int(11) NOT NULL AUTO_INCREMENT PRIMARY KEY, system_account varchar(32) COLLATE latin1_bin NOT NULL UNIQUE, username varchar(50) COLLATE latin1_bin NOT NULL UNIQUE, password varchar(255) COLLATE latin1_bin NOT NULL, dateadded int(10) unsigned NOT NULL, public tinyint(1) unsigned NOT NULL, php tinyint(1) unsigned NOT NULL, autoindex tinyint(1) unsigned NOT NULL, todelete tinyint(1) UNSIGNED NOT NULL DEFAULT '0', mysql_user varchar(32) NOT NULL, KEY dateadded (dateadded), KEY public (public), KEY todelete (todelete)) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_bin;"); $db->exec("CREATE TABLE service_instances (id char(1) NOT NULL PRIMARY KEY, reload tinyint(1) UNSIGNED NOT NULL DEFAULT '0', KEY reload (reload)) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_bin;");
$db->exec("CREATE TABLE users (id int(11) NOT NULL AUTO_INCREMENT PRIMARY KEY, system_account varchar(32) COLLATE latin1_bin NOT NULL UNIQUE, username varchar(50) COLLATE latin1_bin NOT NULL UNIQUE, password varchar(255) COLLATE latin1_bin NOT NULL, dateadded int(10) unsigned NOT NULL, public tinyint(1) unsigned NOT NULL, php tinyint(1) unsigned NOT NULL, autoindex tinyint(1) unsigned NOT NULL, todelete tinyint(1) UNSIGNED NOT NULL DEFAULT '0', mysql_user varchar(32) NOT NULL, instance char(1) NOT NULL DEFAULT '2', KEY dateadded (dateadded), KEY public (public), KEY todelete (todelete), KEY instance (instance), CONSTRAINT instance_ibfk_2 FOREIGN KEY (instance) REFERENCES service_instances (id) ON DELETE RESTRICT ON UPDATE RESTRICT) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_bin;");
$db->exec("CREATE TABLE new_account (user_id int(11) NOT NULL PRIMARY KEY, password varchar(255) COLLATE latin1_bin NOT NULL, approved tinyint(1) UNSIGNED NOT NULL DEFAULT '0', CONSTRAINT new_account_ibfk_1 FOREIGN KEY (user_id) REFERENCES users (id) ON DELETE CASCADE ON UPDATE CASCADE) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_bin;"); $db->exec("CREATE TABLE new_account (user_id int(11) NOT NULL PRIMARY KEY, password varchar(255) COLLATE latin1_bin NOT NULL, approved tinyint(1) UNSIGNED NOT NULL DEFAULT '0', CONSTRAINT new_account_ibfk_1 FOREIGN KEY (user_id) REFERENCES users (id) ON DELETE CASCADE ON UPDATE CASCADE) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_bin;");
$db->exec('CREATE TABLE pass_change (user_id int(11) NOT NULL PRIMARY KEY, password varchar(255) COLLATE latin1_bin NOT NULL, CONSTRAINT pass_change_ibfk_1 FOREIGN KEY (user_id) REFERENCES users (id) ON DELETE CASCADE ON UPDATE CASCADE) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_bin;'); $db->exec('CREATE TABLE pass_change (user_id int(11) NOT NULL PRIMARY KEY, password varchar(255) COLLATE latin1_bin NOT NULL, CONSTRAINT pass_change_ibfk_1 FOREIGN KEY (user_id) REFERENCES users (id) ON DELETE CASCADE ON UPDATE CASCADE) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_bin;');
$db->exec('CREATE TABLE mysql_databases (user_id int(11) NOT NULL, mysql_database varchar(64) COLLATE latin1_bin NOT NULL, KEY user_id (user_id), CONSTRAINT mysql_database_ibfk_1 FOREIGN KEY (user_id) REFERENCES users (id) ON DELETE CASCADE ON UPDATE CASCADE) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_bin;'); $db->exec('CREATE TABLE mysql_databases (user_id int(11) NOT NULL, mysql_database varchar(64) COLLATE latin1_bin NOT NULL, KEY user_id (user_id), CONSTRAINT mysql_database_ibfk_1 FOREIGN KEY (user_id) REFERENCES users (id) ON DELETE CASCADE ON UPDATE CASCADE) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_bin;');
$db->exec("CREATE TABLE onions (user_id int(11) NULL, onion varchar(56) COLLATE latin1_bin NOT NULL PRIMARY KEY, private_key varchar(1000) COLLATE latin1_bin NOT NULL, version tinyint(1) NOT NULL, enabled tinyint(1) NOT NULL DEFAULT '1', num_intros tinyint(3) NOT NULL DEFAULT '3', enable_smtp tinyint(1) NOT NULL DEFAULT '1', max_streams tinyint(3) unsigned NOT NULL DEFAULT '20', KEY user_id (user_id), KEY enabled (enabled), CONSTRAINT onions_ibfk_1 FOREIGN KEY (user_id) REFERENCES users (id) ON DELETE SET NULL ON UPDATE CASCADE) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_bin;"); $db->exec("CREATE TABLE onions (user_id int(11) NULL, onion varchar(56) COLLATE latin1_bin NOT NULL PRIMARY KEY, private_key varchar(1000) COLLATE latin1_bin NOT NULL, version tinyint(1) NOT NULL, enabled tinyint(1) NOT NULL DEFAULT '1', num_intros tinyint(3) NOT NULL DEFAULT '3', enable_smtp tinyint(1) NOT NULL DEFAULT '1', max_streams tinyint(3) unsigned NOT NULL DEFAULT '20', instance char(1) NOT NULL DEFAULT '2', KEY user_id (user_id), KEY enabled (enabled), KEY instance(instance), CONSTRAINT onions_ibfk_1 FOREIGN KEY (user_id) REFERENCES users (id) ON DELETE SET NULL ON UPDATE CASCADE, CONSTRAINT instance_ibfk_1 FOREIGN KEY (instance) REFERENCES service_instances (id) ON DELETE RESTRICT ON UPDATE RESTRICT) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_bin;");
$db->exec("CREATE TABLE domains (user_id int(11) NULL, domain varchar(255) COLLATE latin1_bin NOT NULL PRIMARY KEY, enabled tinyint(1) NOT NULL DEFAULT '1', KEY user_id (user_id), KEY enabled (enabled), CONSTRAINT domains_ibfk_1 FOREIGN KEY (user_id) REFERENCES users (id) ON DELETE CASCADE ON UPDATE CASCADE) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_bin;"); $db->exec("CREATE TABLE domains (user_id int(11) NULL, domain varchar(255) COLLATE latin1_bin NOT NULL PRIMARY KEY, enabled tinyint(1) NOT NULL DEFAULT '1', KEY user_id (user_id), KEY enabled (enabled), CONSTRAINT domains_ibfk_1 FOREIGN KEY (user_id) REFERENCES users (id) ON DELETE CASCADE ON UPDATE CASCADE) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_bin;");
$db->exec("CREATE TABLE service_instances (id char(1) NOT NULL PRIMARY KEY, reload tinyint(1) UNSIGNED NOT NULL DEFAULT '0', KEY reload (reload)) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_bin;");
$stmt=$db->prepare('INSERT INTO service_instances (id) VALUES (?);'); $stmt=$db->prepare('INSERT INTO service_instances (id) VALUES (?);');
foreach(SERVICE_INSTANCES as $key){ foreach(SERVICE_INSTANCES as $key){
$stmt->execute([$key]); $stmt->execute([$key]);
@ -142,6 +142,12 @@ if(!@$version=$db->query("SELECT value FROM settings WHERE setting='version';"))
if($version<13){ if($version<13){
$db->exec("CREATE TABLE domains (user_id int(11) NULL, domain varchar(255) COLLATE latin1_bin NOT NULL PRIMARY KEY, enabled tinyint(1) NOT NULL DEFAULT '1', KEY user_id (user_id), KEY enabled (enabled), CONSTRAINT domains_ibfk_1 FOREIGN KEY (user_id) REFERENCES users (id) ON DELETE CASCADE ON UPDATE CASCADE) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_bin;"); $db->exec("CREATE TABLE domains (user_id int(11) NULL, domain varchar(255) COLLATE latin1_bin NOT NULL PRIMARY KEY, enabled tinyint(1) NOT NULL DEFAULT '1', KEY user_id (user_id), KEY enabled (enabled), CONSTRAINT domains_ibfk_1 FOREIGN KEY (user_id) REFERENCES users (id) ON DELETE CASCADE ON UPDATE CASCADE) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_bin;");
} }
if($version<14){
$db->exec("ALTER TABLE onions ADD instance char(1) NOT NULL DEFAULT '2', ADD KEY instance(instance), ADD CONSTRAINT instance_ibfk_1 FOREIGN KEY (instance) REFERENCES service_instances (id) ON DELETE RESTRICT ON UPDATE RESTRICT;");
$db->exec('UPDATE onions SET instance = SUBSTR(onion, 1, 1);');
$db->exec("ALTER TABLE users ADD instance char(1) NOT NULL DEFAULT '2', ADD KEY instance(instance), ADD CONSTRAINT instance_ibfk_2 FOREIGN KEY (instance) REFERENCES service_instances (id) ON DELETE RESTRICT ON UPDATE RESTRICT;");
$db->exec('UPDATE users SET instance = SUBSTR(system_account, 1, 1);');
}
$stmt=$db->prepare("UPDATE settings SET value=? WHERE setting='version';"); $stmt=$db->prepare("UPDATE settings SET value=? WHERE setting='version';");
$stmt->execute([DBVERSION]); $stmt->execute([DBVERSION]);
} }