From 9eb5c2ae3c7de2533d4028f1f5f52c5b2a3b7496 Mon Sep 17 00:00:00 2001 From: Daniel Winzen Date: Sat, 3 Mar 2018 19:22:57 +0100 Subject: [PATCH] Show error message on login when account has not yet been created --- README.md | 10 +++++----- var/www/html/files.php | 16 ++++++++++------ var/www/html/login.php | 19 ++++++++++++++----- 3 files changed, 29 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index d01c99f..bfbba26 100644 --- a/README.md +++ b/README.md @@ -26,17 +26,17 @@ The following command will install all required packages: apt-get --no-install-recommends install apt-transport-tor aspell curl dovecot-imapd dovecot-pop3d git haveged hunspell iptables locales-all logrotate mariadb-server nginx-light postfix postfix-mysql php7.0-bcmath php7.0-bz2 php7.0-curl php7.0-dba php7.0-enchant php7.0-fpm php7.0-gd php7.0-gmp php7.0-imap php7.0-json php7.0-mbstring php7.0-mcrypt php7.0-mysql php7.0-opcache php7.0-pspell php7.0-readline php7.0-recode php7.0-soap php7.0-sqlite3 php7.0-tidy php7.0-xml php7.0-xmlrpc php7.0-xsl php7.0-zip php7.1-bcmath php7.1-bz2 php7.1-cli php7.1-curl php7.1-dba php7.1-enchant php7.1-fpm php7.1-gd php7.1-gmp php7.1-imap php7.1-intl php7.1-json php7.1-mbstring php7.1-mcrypt php7.1-mysql php7.1-opcache php7.1-pspell php7.1-readline php7.1-recode php7.1-soap php7.1-sqlite3 php7.1-tidy php7.1-xml php7.1-xmlrpc php7.1-xsl php7.1-zip php7.2-bcmath php7.2-bz2 php7.2-cli php7.2-curl php7.2-dba php7.2-enchant php7.2-fpm php7.2-gd php7.2-gmp php7.2-imap php7.2-intl php7.2-json php7.2-mbstring php7.2-mysql php7.2-opcache php7.2-pspell php7.2-readline php7.2-recode php7.2-soap php7.2-sqlite3 php7.2-tidy php7.2-xml php7.2-xmlrpc php7.2-xsl php7.2-zip phpmyadmin php-imagick sasl2-bin ssh subversion tor vsftpd && apt-get --no-install-recommends install adminer ``` +For optimum spell checking capabilities you can optionally install the following packages: +``` +apt-get install aspell-am aspell-ar aspell-ar-large aspell-bg aspell-bn aspell-br aspell-ca aspell-cs aspell-cy aspell-da aspell-de aspell-el aspell-en aspell-eo aspell-eo-cx7 aspell-es aspell-et aspell-eu aspell-eu-es aspell-fa aspell-fo aspell-fr aspell-ga aspell-gl-minimos aspell-gu aspell-he aspell-hi aspell-hr aspell-hsb aspell-hu aspell-hy aspell-is aspell-it aspell-kk aspell-kn aspell-ku aspell-lt aspell-lv aspell-ml aspell-mr aspell-nl aspell-no aspell-or aspell-pa aspell-pl aspell-pt aspell-pt-br aspell-pt-pt aspell-ro aspell-ru aspell-sk aspell-sl aspell-sv aspell-ta aspell-te aspell-tl aspell-uk aspell-uz hunspell-af hunspell-an hunspell-ar hunspell-be hunspell-bg hunspell-bn hunspell-br hunspell-bs hunspell-ca hunspell-cs hunspell-da hunspell-de-at hunspell-de-ch hunspell-de-de hunspell-el hunspell-en-au hunspell-en-ca hunspell-en-gb hunspell-en-med hunspell-en-us hunspell-en-za hunspell-es hunspell-eu hunspell-eu-es hunspell-fr hunspell-fr-comprehensive hunspell-gd hunspell-gl hunspell-gu hunspell-he hunspell-hi hunspell-hr hunspell-hu hunspell-is hunspell-it hunspell-kk hunspell-kmr hunspell-ko hunspell-lo hunspell-lt hunspell-ml hunspell-ne hunspell-nl hunspell-no hunspell-oc hunspell-pl hunspell-pt-br hunspell-pt-pt hunspell-ro hunspell-ru hunspell-se hunspell-si hunspell-sk hunspell-sl hunspell-sr hunspell-sv hunspell-sw hunspell-te hunspell-th hunspell-tools hunspell-uk hunspell-uz hunspell-vi +``` + Note that both, debian and the torproject have hidden service package archives, so you may want to edit /etc/apt/sources.list to load from those instead: ``` deb tor+http://vwakviie2ienjx6t.onion/debian sid main deb tor+http://sdscoq7snqtznauu.onion/torproject.org sid main ``` -For optimum spell checking capabilities you can optionally install the following packages: -``` -apt-get install aspell-am aspell-ar aspell-ar-large aspell-bg aspell-bn aspell-br aspell-ca aspell-cs aspell-cy aspell-da aspell-de aspell-de-alt aspell-doc aspell-el aspell-en aspell-eo aspell-eo-cx7 aspell-es aspell-et aspell-eu aspell-eu-es aspell-fa aspell-fo aspell-fr aspell-ga aspell-gl-minimos aspell-gu aspell-he aspell-hi aspell-hr aspell-hsb aspell-hu aspell-hy aspell-is aspell-it aspell-kk aspell-kn aspell-ku aspell-lt aspell-lv aspell-ml aspell-mr aspell-nl aspell-no aspell-or aspell-pa aspell-pl aspell-pt aspell-pt-br aspell-pt-pt aspell-ro aspell-ru aspell-sk aspell-sl aspell-sv aspell-ta aspell-te aspell-tl aspell-uk aspell-uz hunspell-af hunspell-an hunspell-ar hunspell-be hunspell-bg hunspell-bn hunspell-br hunspell-bs hunspell-ca hunspell-cs hunspell-da hunspell-de-at hunspell-de-ch hunspell-de-de hunspell-el hunspell-en-au hunspell-en-ca hunspell-en-gb hunspell-en-med hunspell-en-us hunspell-en-za hunspell-es hunspell-eu hunspell-eu-es hunspell-fr hunspell-fr-comprehensive hunspell-gd hunspell-gl hunspell-gu hunspell-he hunspell-hi hunspell-hr hunspell-hu hunspell-is hunspell-it hunspell-kk hunspell-kmr hunspell-ko hunspell-lo hunspell-lt hunspell-ml hunspell-ne hunspell-nl hunspell-no hunspell-oc hunspell-pl hunspell-pt-br hunspell-pt-pt hunspell-ro hunspell-ru hunspell-se hunspell-si hunspell-sk hunspell-sl hunspell-sr hunspell-sv hunspell-sw hunspell-te hunspell-th hunspell-tools hunspell-uk hunspell-uz hunspell-vi -``` - Copy (and modify according to your needs) the site files in var/www to /var/www and the configuration files in etc to /etc after installation has finished. Then restart tor: ``` service tor restart diff --git a/var/www/html/files.php b/var/www/html/files.php index 72b480c..e33446d 100644 --- a/var/www/html/files.php +++ b/var/www/html/files.php @@ -392,9 +392,10 @@ function ftp_recursive_upload($ftp, $path){ function ftp_recursive_delete($ftp, $file){ if(@ftp_chdir($ftp, $file)){ - $list = ftp_nlist($ftp, '.'); - foreach($list as $tmp){ - ftp_recursive_delete($ftp, $tmp); + if($list = ftp_nlist($ftp, '.')){ + foreach($list as $tmp){ + ftp_recursive_delete($ftp, $tmp); + } } ftp_chdir($ftp, '..'); ftp_rmdir($ftp, $file); @@ -433,11 +434,14 @@ function send_edit($ftp, $dir){ $tmpfile='/tmp/'.uniqid(); foreach($_POST['files'] as $file){ echo ''.htmlspecialchars($file).''; } - unlink($tmpfile); + if(file_exists($tmpfile)){ + unlink($tmpfile); + } echo ''; echo ''; echo '

Go back.

'; diff --git a/var/www/html/login.php b/var/www/html/login.php index 779037b..2fb75e8 100644 --- a/var/www/html/login.php +++ b/var/www/html/login.php @@ -22,20 +22,29 @@ if($_SERVER['REQUEST_METHOD']==='POST'){ $msg.='

Error: username may not be empty.

'; $ok=false; }else{ - $stmt=$db->prepare('SELECT username, password FROM users WHERE username=?;'); + $stmt=$db->prepare('SELECT username, password, onion FROM users WHERE username=?;'); $stmt->execute([$_POST['username']]); $tmp=[]; if(($tmp=$stmt->fetch(PDO::FETCH_NUM))===false && preg_match('/^([2-7a-z]{16}).onion$/', $_POST['username'], $match)){ - $stmt=$db->prepare('SELECT username, password FROM users WHERE onion=?;'); + $stmt=$db->prepare('SELECT username, password, onion FROM users WHERE onion=?;'); $stmt->execute([$match[1]]); $tmp=$stmt->fetch(PDO::FETCH_NUM); } if($tmp){ - if(!isset($_POST['pass']) || !password_verify($_POST['pass'], $tmp[1])){ + $username=$tmp[0]; + $password=$tmp[1]; + $stmt=$db->prepare('SELECT approved FROM new_account WHERE onion=?;'); + $stmt->execute([$tmp[2]]); + if($tmp=$stmt->fetch(PDO::FETCH_NUM)){ + if(REQUIRE_APPROVAL && !$tmp[0]){ + $msg.='

Error: Your account is pending admin approval. Please try again later.

'; + }else{ + $msg.='

Error: Your account is pending creation. Please try again in a minute.

'; + } + $ok=false; + }elseif(!isset($_POST['pass']) || !password_verify($_POST['pass'], $password)){ $msg.='

Error: wrong password.

'; $ok=false; - }else{ - $username=$tmp[0]; } }else{ $msg.='

Error: username was not found. If you forgot it, you can enter youraccount.onion instead.

';