diff --git a/var/www/common.php b/var/www/common.php index 55f5bca..d040a4a 100644 --- a/var/www/common.php +++ b/var/www/common.php @@ -248,6 +248,9 @@ function send_captcha() { function check_login(){ global $db; + if(empty($_SESSION['csrf_token']){ + $_SESSION['csrf_token']=sha1(uniqid()); + } if(empty($_SESSION['hosting_username'])){ header('Location: login.php'); session_destroy(); @@ -506,3 +509,10 @@ function add_user_db(PDO $db, int $user_id) : ?string { $db->exec('FLUSH PRIVILEGES;'); return $mysql_db; } + +function check_csrf_error(){ + if(empty($_POST['csrf_token']) || $_POST['csrf_token'] !== $_SESSION['csrf_token']){ + return 'Invalid CSRF token, please try again.'; + } + return false; +} diff --git a/var/www/html/admin.php b/var/www/html/admin.php index ac1fcb4..1b6254c 100644 --- a/var/www/html/admin.php +++ b/var/www/html/admin.php @@ -21,6 +21,7 @@ $error=false; if($_SERVER['REQUEST_METHOD']==='POST' && isSet($_POST['pass']) && $_POST['pass']===ADMIN_PASSWORD){ if(!($error=check_captcha_error())){ $_SESSION['logged_in']=true; + $_SESSION['csrf_token']=sha1(uniqid()); } } if(empty($_SESSION['logged_in'])){ @@ -54,25 +55,30 @@ if(empty($_SESSION['logged_in'])){ echo 'UsernameOnion linkAction'; $stmt=$db->query('SELECT users.username, onions.onion FROM users INNER JOIN onions ON (onions.user_id=users.id) ORDER BY users.username;'); while($tmp=$stmt->fetch(PDO::FETCH_NUM)){ - echo "
$tmp[0]$tmp[1].onion
"; + echo "
$tmp[0]$tmp[1].onion
"; } echo ''; }elseif($_REQUEST['action']==='approve'){ if(!empty($_POST['onion'])){ - $stmt=$db->prepare('UPDATE new_account INNER JOIN users ON (users.id=new_account.user_id) SET new_account.approved=1 WHERE users.onion=?;'); - $stmt->execute([$_POST['onion']]); - echo '

Successfully approved

'; + if($error=check_csrf_error()){ + echo '

'.$error.'

'; + }else{ + $stmt=$db->prepare('UPDATE new_account INNER JOIN users ON (users.id=new_account.user_id) SET new_account.approved=1 WHERE users.onion=?;'); + $stmt->execute([$_POST['onion']]); + echo '

Successfully approved

'; + } } echo ''; echo ''; $stmt=$db->query('SELECT users.username, onions.onion FROM users INNER JOIN new_account ON (users.id=new_account.user_id) INNER JOIN onions ON (onions.user_id=users.id) WHERE new_account.approved=0 ORDER BY users.username;'); while($tmp=$stmt->fetch(PDO::FETCH_NUM)){ - echo ""; + echo ""; } echo '
UsernameOnion addressAction
$tmp[0]$tmp[1].onion
$tmp[0]$tmp[1].onion
'; }elseif($_REQUEST['action']==='delete'){ echo '

Delete accouts:

'; echo "
"; + echo ''; echo '

Onion address:

'; echo '

'; if(!empty($_POST['onion'])){ - if(preg_match('~^([a-z2-7]{16}|[a-z2-7]{56})(\.onion)?$~', $_POST['onion'], $match)){ + if($error=check_csrf_error()){ + echo '

'.$error.'

'; + }elseif(preg_match('~^([a-z2-7]{16}|[a-z2-7]{56})(\.onion)?$~', $_POST['onion'], $match)){ $stmt=$db->prepare('SELECT user_id FROM onions WHERE onion=?;'); $stmt->execute([$match[1]]); if($user_id=$stmt->fetch(PDO::FETCH_NUM)){ @@ -97,6 +105,7 @@ if(empty($_SESSION['logged_in'])){ }elseif($_REQUEST['action']==='suspend'){ echo '

Suspend hidden service:

'; echo "
"; + echo ''; echo '

Onion address:

'; echo '

'; if(!empty($_POST['onion'])){ - if(preg_match('~^([a-z2-7]{16}|[a-z2-7]{56})(\.onion)?$~', $_POST['onion'], $match)){ + if($error=check_csrf_error()){ + echo '

'.$error.'

'; + }elseif(preg_match('~^([a-z2-7]{16}|[a-z2-7]{56})(\.onion)?$~', $_POST['onion'], $match)){ $stmt=$db->prepare('SELECT null FROM onions WHERE onion=?;'); $stmt->execute([$match[1]]); if($stmt->fetch(PDO::FETCH_NUM)){ @@ -123,6 +134,7 @@ if(empty($_SESSION['logged_in'])){ }elseif(in_array($_REQUEST['action'], ['edit', 'edit_2'], true)){ echo '

Edit hidden service:

'; echo "
"; + echo ''; echo '

Onion address:

'; echo '

'; if(!empty($_POST['onion'])){ - if(preg_match('~^([a-z2-7]{16}|[a-z2-7]{56})(\.onion)?$~', $_POST['onion'], $match)){ + if($error=check_csrf_error()){ + echo '

'.$error.'

'; + }elseif(preg_match('~^([a-z2-7]{16}|[a-z2-7]{56})(\.onion)?$~', $_POST['onion'], $match)){ if($_REQUEST['action']==='edit_2'){ $stmt=$db->prepare('SELECT version FROM onions WHERE onion=?;'); $stmt->execute([$match[1]]); @@ -162,6 +176,7 @@ if(empty($_SESSION['logged_in'])){ $stmt->execute([$match[1]]); if($onion=$stmt->fetch(PDO::FETCH_NUM)){ echo "
"; + echo ''; echo ''; echo ''; echo '
OnionEnabledSMTP enabledNr. of introsMax streams per rend circuitSave