danwin1210/hosting
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add csrf tokens to all sensitive forms

Browse Source
This commit is contained in:
Daniel Winzen
2019-01-27 17:40:12 +01:00
parent cf83b9901a
commit 9c5294e64e
7 changed files with 79 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
var/www/common.php
View File

@ -248,6 +248,9 @@ function send_captcha() {
function check_login(){ function check_login(){
global $db; global $db;
if(empty($_SESSION['csrf_token']){
$_SESSION['csrf_token']=sha1(uniqid());
}
if(empty($_SESSION['hosting_username'])){ if(empty($_SESSION['hosting_username'])){
header('Location: login.php'); header('Location: login.php');
session_destroy(); session_destroy();
@ -506,3 +509,10 @@ function add_user_db(PDO $db, int $user_id) : ?string {
$db->exec('FLUSH PRIVILEGES;'); $db->exec('FLUSH PRIVILEGES;');
return $mysql_db; return $mysql_db;
} }
function check_csrf_error(){
if(empty($_POST['csrf_token']) || $_POST['csrf_token'] !== $_SESSION['csrf_token']){
return 'Invalid CSRF token, please try again.';
}
return false;
}

25
var/www/html/admin.php
View File

@ -21,6 +21,7 @@ $error=false;
if($_SERVER['REQUEST_METHOD']==='POST' && isSet($_POST['pass']) && $_POST['pass']===ADMIN_PASSWORD){ if($_SERVER['REQUEST_METHOD']==='POST' && isSet($_POST['pass']) && $_POST['pass']===ADMIN_PASSWORD){
if(!($error=check_captcha_error())){ if(!($error=check_captcha_error())){
$_SESSION['logged_in']=true; $_SESSION['logged_in']=true;
$_SESSION['csrf_token']=sha1(uniqid());
} }
} }
if(empty($_SESSION['logged_in'])){ if(empty($_SESSION['logged_in'])){
@ -54,25 +55,30 @@ if(empty($_SESSION['logged_in'])){
echo '<tr><th>Username</th><th>Onion link</th><th>Action</th></tr>'; echo '<tr><th>Username</th><th>Onion link</th><th>Action</th></tr>';
$stmt=$db->query('SELECT users.username, onions.onion FROM users INNER JOIN onions ON (onions.user_id=users.id) ORDER BY users.username;'); $stmt=$db->query('SELECT users.username, onions.onion FROM users INNER JOIN onions ON (onions.user_id=users.id) ORDER BY users.username;');
while($tmp=$stmt->fetch(PDO::FETCH_NUM)){ while($tmp=$stmt->fetch(PDO::FETCH_NUM)){
echo "<form action=\"$_SERVER[SCRIPT_NAME]\" method=\"POST\"><input type=\"hidden\" name=\"onion\" value=\"$tmp[1]\"><tr><td>$tmp[0]</td><td><a href=\"http://$tmp[1].onion\" target=\"_blank\">$tmp[1].onion</a></td><td><input type=\"submit\" name=\"action\" value=\"edit\"></td></tr></form>"; echo "<form action=\"$_SERVER[SCRIPT_NAME]\" method=\"POST\"><input type=\"hidden\" name=\"csrf_token\" value=\"$_SESSION[csrf_token]\"><input type=\"hidden\" name=\"onion\" value=\"$tmp[1]\"><tr><td>$tmp[0]</td><td><a href=\"http://$tmp[1].onion\" target=\"_blank\">$tmp[1].onion</a></td><td><input type=\"submit\" name=\"action\" value=\"edit\"></td></tr></form>";
} }
echo '</table>'; echo '</table>';
}elseif($_REQUEST['action']==='approve'){ }elseif($_REQUEST['action']==='approve'){
if(!empty($_POST['onion'])){ if(!empty($_POST['onion'])){
if($error=check_csrf_error()){
echo '<p style="color:red;">'.$error.'</p>';
}else{
$stmt=$db->prepare('UPDATE new_account INNER JOIN users ON (users.id=new_account.user_id) SET new_account.approved=1 WHERE users.onion=?;'); $stmt=$db->prepare('UPDATE new_account INNER JOIN users ON (users.id=new_account.user_id) SET new_account.approved=1 WHERE users.onion=?;');
$stmt->execute([$_POST['onion']]); $stmt->execute([$_POST['onion']]);
echo '<p style="color:green;">Successfully approved</p>'; echo '<p style="color:green;">Successfully approved</p>';
} }
}
echo '<table border="1">'; echo '<table border="1">';
echo '<tr><th>Username</th><th>Onion address</th><th>Action</th></tr>'; echo '<tr><th>Username</th><th>Onion address</th><th>Action</th></tr>';
$stmt=$db->query('SELECT users.username, onions.onion FROM users INNER JOIN new_account ON (users.id=new_account.user_id) INNER JOIN onions ON (onions.user_id=users.id) WHERE new_account.approved=0 ORDER BY users.username;'); $stmt=$db->query('SELECT users.username, onions.onion FROM users INNER JOIN new_account ON (users.id=new_account.user_id) INNER JOIN onions ON (onions.user_id=users.id) WHERE new_account.approved=0 ORDER BY users.username;');
while($tmp=$stmt->fetch(PDO::FETCH_NUM)){ while($tmp=$stmt->fetch(PDO::FETCH_NUM)){
echo "<form action=\"$_SERVER[SCRIPT_NAME]\" method=\"POST\"><input type=\"hidden\" name=\"onion\" value=\"$tmp[1]\"><tr><td>$tmp[0]</td><td><a href=\"http://$tmp[1].onion\" target=\"_blank\">$tmp[1].onion</a></td><td><input type=\"submit\" name=\"action\" value=\"approve\"><input type=\"submit\" name=\"action\" value=\"delete\"></td></tr></form>"; echo "<form action=\"$_SERVER[SCRIPT_NAME]\" method=\"POST\"><input type=\"hidden\" name=\"csrf_token\" value=\"$_SESSION[csrf_token]\"><input type=\"hidden\" name=\"onion\" value=\"$tmp[1]\"><tr><td>$tmp[0]</td><td><a href=\"http://$tmp[1].onion\" target=\"_blank\">$tmp[1].onion</a></td><td><input type=\"submit\" name=\"action\" value=\"approve\"><input type=\"submit\" name=\"action\" value=\"delete\"></td></tr></form>";
} }
echo '</table>'; echo '</table>';
}elseif($_REQUEST['action']==='delete'){ }elseif($_REQUEST['action']==='delete'){
echo '<p>Delete accouts:</p>'; echo '<p>Delete accouts:</p>';
echo "<form action=\"$_SERVER[SCRIPT_NAME]\" method=\"POST\">"; echo "<form action=\"$_SERVER[SCRIPT_NAME]\" method=\"POST\">";
echo '<input type="hidden" name="csrf_token" value="'.$_SESSION['csrf_token'].'">';
echo '<p>Onion address: <input type="text" name="onion" size="30" value="'; echo '<p>Onion address: <input type="text" name="onion" size="30" value="';
if(isSet($_POST['onion'])){ if(isSet($_POST['onion'])){
echo htmlspecialchars($_POST['onion']); echo htmlspecialchars($_POST['onion']);
@ -80,7 +86,9 @@ if(empty($_SESSION['logged_in'])){
echo '" required autofocus></p>'; echo '" required autofocus></p>';
echo '<input type="submit" name="action" value="delete"></form><br>'; echo '<input type="submit" name="action" value="delete"></form><br>';
if(!empty($_POST['onion'])){ if(!empty($_POST['onion'])){
if(preg_match('~^([a-z2-7]{16}|[a-z2-7]{56})(\.onion)?$~', $_POST['onion'], $match)){ if($error=check_csrf_error()){
echo '<p style="color:red;">'.$error.'</p>';
}elseif(preg_match('~^([a-z2-7]{16}|[a-z2-7]{56})(\.onion)?$~', $_POST['onion'], $match)){
$stmt=$db->prepare('SELECT user_id FROM onions WHERE onion=?;'); $stmt=$db->prepare('SELECT user_id FROM onions WHERE onion=?;');
$stmt->execute([$match[1]]); $stmt->execute([$match[1]]);
if($user_id=$stmt->fetch(PDO::FETCH_NUM)){ if($user_id=$stmt->fetch(PDO::FETCH_NUM)){
@ -97,6 +105,7 @@ if(empty($_SESSION['logged_in'])){
}elseif($_REQUEST['action']==='suspend'){ }elseif($_REQUEST['action']==='suspend'){
echo '<p>Suspend hidden service:</p>'; echo '<p>Suspend hidden service:</p>';
echo "<form action=\"$_SERVER[SCRIPT_NAME]\" method=\"POST\">"; echo "<form action=\"$_SERVER[SCRIPT_NAME]\" method=\"POST\">";
echo '<input type="hidden" name="csrf_token" value="'.$_SESSION['csrf_token'].'">';
echo '<p>Onion address: <input type="text" name="onion" size="30" value="'; echo '<p>Onion address: <input type="text" name="onion" size="30" value="';
if(isSet($_POST['onion'])){ if(isSet($_POST['onion'])){
echo htmlspecialchars($_POST['onion']); echo htmlspecialchars($_POST['onion']);
@ -104,7 +113,9 @@ if(empty($_SESSION['logged_in'])){
echo '" required autofocus></p>'; echo '" required autofocus></p>';
echo '<input type="submit" name="action" value="suspend"></form><br>'; echo '<input type="submit" name="action" value="suspend"></form><br>';
if(!empty($_POST['onion'])){ if(!empty($_POST['onion'])){
if(preg_match('~^([a-z2-7]{16}|[a-z2-7]{56})(\.onion)?$~', $_POST['onion'], $match)){ if($error=check_csrf_error()){
echo '<p style="color:red;">'.$error.'</p>';
}elseif(preg_match('~^([a-z2-7]{16}|[a-z2-7]{56})(\.onion)?$~', $_POST['onion'], $match)){
$stmt=$db->prepare('SELECT null FROM onions WHERE onion=?;'); $stmt=$db->prepare('SELECT null FROM onions WHERE onion=?;');
$stmt->execute([$match[1]]); $stmt->execute([$match[1]]);
if($stmt->fetch(PDO::FETCH_NUM)){ if($stmt->fetch(PDO::FETCH_NUM)){
@ -123,6 +134,7 @@ if(empty($_SESSION['logged_in'])){
}elseif(in_array($_REQUEST['action'], ['edit', 'edit_2'], true)){ }elseif(in_array($_REQUEST['action'], ['edit', 'edit_2'], true)){
echo '<p>Edit hidden service:</p>'; echo '<p>Edit hidden service:</p>';
echo "<form action=\"$_SERVER[SCRIPT_NAME]\" method=\"POST\">"; echo "<form action=\"$_SERVER[SCRIPT_NAME]\" method=\"POST\">";
echo '<input type="hidden" name="csrf_token" value="'.$_SESSION['csrf_token'].'">';
echo '<p>Onion address: <input type="text" name="onion" size="30" value="'; echo '<p>Onion address: <input type="text" name="onion" size="30" value="';
if(isSet($_POST['onion'])){ if(isSet($_POST['onion'])){
echo htmlspecialchars($_POST['onion']); echo htmlspecialchars($_POST['onion']);
@ -130,7 +142,9 @@ if(empty($_SESSION['logged_in'])){
echo '" required autofocus></p>'; echo '" required autofocus></p>';
echo '<input type="submit" name="action" value="edit"></form><br>'; echo '<input type="submit" name="action" value="edit"></form><br>';
if(!empty($_POST['onion'])){ if(!empty($_POST['onion'])){
if(preg_match('~^([a-z2-7]{16}|[a-z2-7]{56})(\.onion)?$~', $_POST['onion'], $match)){ if($error=check_csrf_error()){
echo '<p style="color:red;">'.$error.'</p>';
}elseif(preg_match('~^([a-z2-7]{16}|[a-z2-7]{56})(\.onion)?$~', $_POST['onion'], $match)){
if($_REQUEST['action']==='edit_2'){ if($_REQUEST['action']==='edit_2'){
$stmt=$db->prepare('SELECT version FROM onions WHERE onion=?;'); $stmt=$db->prepare('SELECT version FROM onions WHERE onion=?;');
$stmt->execute([$match[1]]); $stmt->execute([$match[1]]);
@ -162,6 +176,7 @@ if(empty($_SESSION['logged_in'])){
$stmt->execute([$match[1]]); $stmt->execute([$match[1]]);
if($onion=$stmt->fetch(PDO::FETCH_NUM)){ if($onion=$stmt->fetch(PDO::FETCH_NUM)){
echo "<form action=\"$_SERVER[SCRIPT_NAME]\" method=\"POST\">"; echo "<form action=\"$_SERVER[SCRIPT_NAME]\" method=\"POST\">";
echo '<input type="hidden" name="csrf_token" value="'.$_SESSION['csrf_token'].'">';
echo '<table border="1"><tr><th>Onion</th><th>Enabled</th><th>SMTP enabled</th><th>Nr. of intros</th><th>Max streams per rend circuit</th><th>Save</th></tr>'; echo '<table border="1"><tr><th>Onion</th><th>Enabled</th><th>SMTP enabled</th><th>Nr. of intros</th><th>Max streams per rend circuit</th><th>Save</th></tr>';
echo '<tr><td><input type="text" name="onion" size="15" value="'.$onion[0].'" required autofocus></td>'; echo '<tr><td><input type="text" name="onion" size="15" value="'.$onion[0].'" required autofocus></td>';
echo '<td><label><input type="checkbox" name="enabled" value="1"'; echo '<td><label><input type="checkbox" name="enabled" value="1"';

6
var/www/html/delete.php
View File

@ -9,7 +9,9 @@ session_start();
$user=check_login(); $user=check_login();
$msg=''; $msg='';
if($_SERVER['REQUEST_METHOD']==='POST'){ if($_SERVER['REQUEST_METHOD']==='POST'){
if(!isset($_POST['pass']) || !password_verify($_POST['pass'], $user['password'])){ if($error=check_csrf_error()){
$msg.='<p style="color:red;">'.$error.'</p>';
}elseif(!isset($_POST['pass']) || !password_verify($_POST['pass'], $user['password'])){
$msg.='<p style="color:red;">Wrong password.</p>'; $msg.='<p style="color:red;">Wrong password.</p>';
}else{ }else{
$stmt=$db->prepare('UPDATE users SET todelete=1 WHERE id=?;'); $stmt=$db->prepare('UPDATE users SET todelete=1 WHERE id=?;');
@ -29,7 +31,7 @@ header('Content-Type: text/html; charset=UTF-8');
</head><body> </head><body>
<p>This will delete your account and all data asociated with it. It can't be un-done. Are you sure?</p> <p>This will delete your account and all data asociated with it. It can't be un-done. Are you sure?</p>
<?php echo $msg; ?> <?php echo $msg; ?>
<form method="POST" action="delete.php"><table> <form method="POST" action="delete.php"><input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>"><table>
<tr><td>Enter your account password to confirm</td><td><input type="password" name="pass" required autofocus></td></tr> <tr><td>Enter your account password to confirm</td><td><input type="password" name="pass" required autofocus></td></tr>
<tr><td colspan="2"><input type="submit" value="Delete"></td></tr> <tr><td colspan="2"><input type="submit" value="Delete"></td></tr>
</table></form> </table></form>

51
var/www/html/files.php
View File

@ -125,17 +125,15 @@ if(@!ftp_chdir($ftp, $dir)){
} }
if(!empty($_POST['mkdir']) && !empty($_POST['name'])){ if(!empty($_POST['mkdir']) && !empty($_POST['name'])){
if(empty($_POST['csrf_token']) || $_POST['csrf_token'] != $_SESSION['csrf_token']){ if($error=check_csrf_error()){
echo 'Invalid CSRF token, please try again.'; die($error);
exit;
} }
ftp_mkdir($ftp, $_POST['name']); ftp_mkdir($ftp, $_POST['name']);
} }
if(!empty($_POST['mkfile']) && !empty($_POST['name'])){ if(!empty($_POST['mkfile']) && !empty($_POST['name'])){
if(empty($_POST['csrf_token']) || $_POST['csrf_token'] != $_SESSION['csrf_token']){ if($error=check_csrf_error()){
echo 'Invalid CSRF token, please try again.'; die($error);
exit;
} }
$tmpfile='/tmp/'.uniqid(); $tmpfile='/tmp/'.uniqid();
touch($tmpfile); touch($tmpfile);
@ -144,9 +142,8 @@ if(!empty($_POST['mkfile']) && !empty($_POST['name'])){
} }
if(!empty($_POST['delete']) && !empty($_POST['files'])){ if(!empty($_POST['delete']) && !empty($_POST['files'])){
if(empty($_POST['csrf_token']) || $_POST['csrf_token'] != $_SESSION['csrf_token']){ if($error=check_csrf_error()){
echo 'Invalid CSRF token, please try again.'; die($error);
exit;
} }
foreach($_POST['files'] as $file){ foreach($_POST['files'] as $file){
ftp_recursive_delete($ftp, $file); ftp_recursive_delete($ftp, $file);
@ -154,9 +151,8 @@ if(!empty($_POST['delete']) && !empty($_POST['files'])){
} }
if(!empty($_POST['rename_2']) && !empty($_POST['files'])){ if(!empty($_POST['rename_2']) && !empty($_POST['files'])){
if(empty($_POST['csrf_token']) || $_POST['csrf_token'] != $_SESSION['csrf_token']){ if($error=check_csrf_error()){
echo 'Invalid CSRF token, please try again.'; die($error);
exit;
} }
foreach($_POST['files'] as $old=>$new){ foreach($_POST['files'] as $old=>$new){
ftp_rename($ftp, $old, $new); ftp_rename($ftp, $old, $new);
@ -164,18 +160,16 @@ if(!empty($_POST['rename_2']) && !empty($_POST['files'])){
} }
if(!empty($_POST['rename']) && !empty($_POST['files'])){ if(!empty($_POST['rename']) && !empty($_POST['files'])){
if(empty($_POST['csrf_token']) || $_POST['csrf_token'] != $_SESSION['csrf_token']){ if($error=check_csrf_error()){
echo 'Invalid CSRF token, please try again.'; die($error);
exit;
} }
send_rename($dir); send_rename($dir);
exit; exit;
} }
if(!empty($_POST['edit_2']) && !empty($_POST['files'])){ if(!empty($_POST['edit_2']) && !empty($_POST['files'])){
if(empty($_POST['csrf_token']) || $_POST['csrf_token'] != $_SESSION['csrf_token']){ if($error=check_csrf_error()){
echo 'Invalid CSRF token, please try again.'; die($error);
exit;
} }
$tmpfile='/tmp/'.uniqid(); $tmpfile='/tmp/'.uniqid();
foreach($_POST['files'] as $name=>$content){ foreach($_POST['files'] as $name=>$content){
@ -186,14 +180,16 @@ if(!empty($_POST['edit_2']) && !empty($_POST['files'])){
} }
if(!empty($_POST['edit']) && !empty($_POST['files'])){ if(!empty($_POST['edit']) && !empty($_POST['files'])){
if($error=check_csrf_error()){
die($error);
}
send_edit($ftp, $dir); send_edit($ftp, $dir);
exit; exit;
} }
if(!empty($_POST['unzip']) && !empty($_POST['files'])){ if(!empty($_POST['unzip']) && !empty($_POST['files'])){
if(empty($_POST['csrf_token']) || $_POST['csrf_token'] != $_SESSION['csrf_token']){ if($error=check_csrf_error()){
echo 'Invalid CSRF token, please try again.'; die($error);
exit;
} }
$zip = new ZipArchive(); $zip = new ZipArchive();
foreach($_POST['files'] as $file){ foreach($_POST['files'] as $file){
@ -230,9 +226,8 @@ if(!empty($_POST['unzip']) && !empty($_POST['files'])){
if(!empty($_FILES['files'])){ if(!empty($_FILES['files'])){
if(empty($_POST['csrf_token']) || $_POST['csrf_token'] != $_SESSION['csrf_token']){ if($error=check_csrf_error()){
echo 'Invalid CSRF token, please try again.'; die($error);
exit;
} }
$c=count($_FILES['files']['name']); $c=count($_FILES['files']['name']);
for($i=0; $i<$c; ++$i){ for($i=0; $i<$c; ++$i){
@ -308,7 +303,7 @@ $dir=htmlspecialchars($dir);
</head><body> </head><body>
<h1>Index of <?php echo $dir; ?></h1> <h1>Index of <?php echo $dir; ?></h1>
<?php if($dir!=='/'){ ?> <?php if($dir!=='/'){ ?>
<p>Upload up to 1GB and up to 100 files at once <form action="files.php" enctype="multipart/form-data" method="post"><input type="hidden" name="csrf-token" value="<?= $_SESSION['csrf_token'] ?>"><input name="files[]" type="file" multiple><input type="hidden" name="path" value="<?php echo $dir; ?>"><input type="submit" value="Upload"></form></p><br> <p>Upload up to 1GB and up to 100 files at once <form action="files.php" enctype="multipart/form-data" method="post"><input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>"><input name="files[]" type="file" multiple><input type="hidden" name="path" value="<?php echo $dir; ?>"><input type="submit" value="Upload"></form></p><br>
<?php <?php
} }
$fileurl='A'; $fileurl='A';
@ -326,7 +321,7 @@ if($order==='A'){
} }
?> ?>
<form action="files.php" method="post"> <form action="files.php" method="post">
<input type="hidden" name="csrf-token" value="<?= $_SESSION['csrf_token'] ?>"> <input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
<input type="submit" name="mkdir" value="Create directory"> <input type="submit" name="mkdir" value="Create directory">
<input type="submit" name="mkfile" value="Create file"> <input type="submit" name="mkfile" value="Create file">
<input type="text" name="name"><br><br> <input type="text" name="name"><br><br>
@ -453,7 +448,7 @@ function send_rename($dir){
echo '<meta name=viewport content="width=device-width, initial-scale=1">'; echo '<meta name=viewport content="width=device-width, initial-scale=1">';
echo '</head><body>'; echo '</head><body>';
echo '<form action="files.php" method="post">'; echo '<form action="files.php" method="post">';
echo '<input type="hidden" name="csrf-token" value="<'.$_SESSION['csrf_token'].'">'; echo '<input type="hidden" name="csrf_token" value="<'.$_SESSION['csrf_token'].'">';
echo '<input type="hidden" name="path" value="'.htmlspecialchars($dir).'">'; echo '<input type="hidden" name="path" value="'.htmlspecialchars($dir).'">';
echo '<table>'; echo '<table>';
foreach($_POST['files'] as $file){ foreach($_POST['files'] as $file){
@ -472,7 +467,7 @@ function send_edit($ftp, $dir){
echo '<meta name=viewport content="width=device-width, initial-scale=1">'; echo '<meta name=viewport content="width=device-width, initial-scale=1">';
echo '</head><body>'; echo '</head><body>';
echo '<form action="files.php" method="post">'; echo '<form action="files.php" method="post">';
echo '<input type="hidden" name="csrf-token" value="<'.$_SESSION['csrf_token'].'">'; echo '<input type="hidden" name="csrf_token" value="<'.$_SESSION['csrf_token'].'">';
echo '<input type="hidden" name="path" value="'.htmlspecialchars($dir).'">'; echo '<input type="hidden" name="path" value="'.htmlspecialchars($dir).'">';
echo '<table>'; echo '<table>';
$tmpfile='/tmp/'.uniqid(); $tmpfile='/tmp/'.uniqid();

12
var/www/html/home.php
View File

@ -7,10 +7,16 @@ try{
} }
session_start(); session_start();
$user=check_login(); $user=check_login();
if(isset($_REQUEST['action']) && $_REQUEST['action']==='add_db'){ if(isset($_POST['action']) && $_POST['action']==='add_db'){
if($error=check_csrf_error()){
die($error);
}
add_user_db($db, $user['id']); add_user_db($db, $user['id']);
} }
if(isset($_REQUEST['action']) && isset($_REQUEST['onion']) && $_REQUEST['action']==='edit'){ if(isset($_REQUEST['action']) && isset($_REQUEST['onion']) && $_REQUEST['action']==='edit'){
if($error=check_csrf_error()){
die($error);
}
$stmt=$db->prepare('SELECT onions.version FROM onions INNER JOIN users ON (users.id=onions.user_id) WHERE onions.onion = ? AND users.id = ? AND onions.enabled IN (0, 1);'); $stmt=$db->prepare('SELECT onions.version FROM onions INNER JOIN users ON (users.id=onions.user_id) WHERE onions.onion = ? AND users.id = ? AND onions.enabled IN (0, 1);');
$stmt->execute([$_REQUEST['onion'], $user['id']]); $stmt->execute([$_REQUEST['onion'], $user['id']]);
if($onion=$stmt->fetch(PDO::FETCH_NUM)){ if($onion=$stmt->fetch(PDO::FETCH_NUM)){
@ -52,7 +58,7 @@ echo '<tr><th>Onion</th><th>Private key</th><th>Enabled</th><th>SMTP enabled</th
$stmt=$db->prepare('SELECT onion, private_key, enabled, enable_smtp, num_intros, max_streams FROM onions WHERE user_id = ?;'); $stmt=$db->prepare('SELECT onion, private_key, enabled, enable_smtp, num_intros, max_streams FROM onions WHERE user_id = ?;');
$stmt->execute([$user['id']]); $stmt->execute([$user['id']]);
while($onion=$stmt->fetch(PDO::FETCH_ASSOC)){ while($onion=$stmt->fetch(PDO::FETCH_ASSOC)){
echo "<form action=\"home.php\" method=\"post\"><input type=\"hidden\" name=\"onion\" value=\"$onion[onion]\"><tr><td><a href=\"http://$onion[onion].onion\" target=\"_blank\">$onion[onion].onion</a></td><td>"; echo "<form action=\"home.php\" method=\"post\"><input type=\"hidden\" name=\"csrf_token\" value=\"$_SESSION[csrf_token]\"><input type=\"hidden\" name=\"onion\" value=\"$onion[onion]\"><tr><td><a href=\"http://$onion[onion].onion\" target=\"_blank\">$onion[onion].onion</a></td><td>";
if(isset($_REQUEST['show_priv'])){ if(isset($_REQUEST['show_priv'])){
echo "<pre>$onion[private_key]</pre>"; echo "<pre>$onion[private_key]</pre>";
}else{ }else{
@ -86,7 +92,7 @@ while($mysql=$stmt->fetch(PDO::FETCH_ASSOC)){
} }
echo '</table>'; echo '</table>';
if($count_dbs<MAX_NUM_USER_DBS){ if($count_dbs<MAX_NUM_USER_DBS){
echo '<p><form action="home.php" method="post"><button type="submit" name="action" value="add_db">Add new database</button></form></p>'; echo '<p><form action="home.php" method="post"><input type="hidden" name="csrf_token" value="'.$_SESSION['csrf_token'].'"><button type="submit" name="action" value="add_db">Add new database</button></form></p>';
} }
echo '<p><a href="password.php?type=sql">Change MySQL password</a></p>'; echo '<p><a href="password.php?type=sql">Change MySQL password</a></p>';
echo '<p>You can use <a href="/phpmyadmin/" target="_blank">PHPMyAdmin</a> and <a href="/adminer/" target="_blank">Adminer</a> for web based database administration.</p>'; echo '<p>You can use <a href="/phpmyadmin/" target="_blank">PHPMyAdmin</a> and <a href="/adminer/" target="_blank">Adminer</a> for web based database administration.</p>';

2
var/www/html/index.php
View File

@ -34,7 +34,7 @@ if(isset($_SERVER['HTTP_HOST']) && preg_match('/danwin1210\.(i2p|me)$/', $_SERVE
<li>FTP access</li> <li>FTP access</li>
<li>SFTP access</li> <li>SFTP access</li>
<li>No disk quota, but please be fair about your disk usage - quota will come</li> <li>No disk quota, but please be fair about your disk usage - quota will come</li>
<li>mail() can send e-mails from your.onion@<?php echo ADDRESS; ?> (your.onion@hosting.danwin1210.me for clearnet) - not yet working but will return in future</li> <li>mail() can send e-mails from your.onion@<?php echo ADDRESS; ?> (your.onion@hosting.danwin1210.me for clearnet) - not yet working but will return in future, use https://github.com/PHPMailer/PHPMailer or similar for now</li>
<li>Webmail and IMAP, POP3 and SMTP access to your mail account</li> <li>Webmail and IMAP, POP3 and SMTP access to your mail account</li>
<li>Mail sent to anything@your.onion gets automatically redirected to your inbox</li> <li>Mail sent to anything@your.onion gets automatically redirected to your inbox</li>
<li>Your own .onion address</li> <li>Your own .onion address</li>

5
var/www/html/password.php
View File

@ -12,6 +12,9 @@ if(!isset($_REQUEST['type'])){
} }
$msg=''; $msg='';
if($_SERVER['REQUEST_METHOD']==='POST'){ if($_SERVER['REQUEST_METHOD']==='POST'){
if($error=check_csrf_error()){
$msg.='<p style="color:red;">'.$error.'</p>';
}
if(!isset($_POST['pass']) || !password_verify($_POST['pass'], $user['password'])){ if(!isset($_POST['pass']) || !password_verify($_POST['pass'], $user['password'])){
$msg.='<p style="color:red;">Wrong password.</p>'; $msg.='<p style="color:red;">Wrong password.</p>';
}elseif(!isset($_POST['confirm']) || !isset($_POST['newpass']) || $_POST['newpass']!==$_POST['confirm']){ }elseif(!isset($_POST['confirm']) || !isset($_POST['newpass']) || $_POST['newpass']!==$_POST['confirm']){
@ -45,7 +48,7 @@ echo '<meta name="author" content="Daniel Winzen">';
echo '<meta name="viewport" content="width=device-width, initial-scale=1">'; echo '<meta name="viewport" content="width=device-width, initial-scale=1">';
echo '</head><body>'; echo '</head><body>';
echo $msg; echo $msg;
echo '<form method="POST" action="password.php"><table>'; echo '<form method="POST" action="password.php"><input type="hidden" name="csrf_token" value="'.$_SESSION['csrf_token'].'"><table>';
echo '<tr><td>Reset type:</td><td><select name="type">'; echo '<tr><td>Reset type:</td><td><select name="type">';
echo '<option value="acc"'; echo '<option value="acc"';
if($_REQUEST['type']==='acc'){ if($_REQUEST['type']==='acc'){