danwin1210/hosting
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Show error message on login when account has not yet been created

Browse Source
This commit is contained in:
Daniel Winzen
2018-03-03 19:22:57 +01:00
parent 47b9b6e3a6
commit 9eb5c2ae3c
3 changed files with 29 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
README.md
View File

@ -26,17 +26,17 @@ The following command will install all required packages:
apt-get --no-install-recommends install apt-transport-tor aspell curl dovecot-imapd dovecot-pop3d git haveged hunspell iptables locales-all logrotate mariadb-server nginx-light postfix postfix-mysql php7.0-bcmath php7.0-bz2 php7.0-curl php7.0-dba php7.0-enchant php7.0-fpm php7.0-gd php7.0-gmp php7.0-imap php7.0-json php7.0-mbstring php7.0-mcrypt php7.0-mysql php7.0-opcache php7.0-pspell php7.0-readline php7.0-recode php7.0-soap php7.0-sqlite3 php7.0-tidy php7.0-xml php7.0-xmlrpc php7.0-xsl php7.0-zip php7.1-bcmath php7.1-bz2 php7.1-cli php7.1-curl php7.1-dba php7.1-enchant php7.1-fpm php7.1-gd php7.1-gmp php7.1-imap php7.1-intl php7.1-json php7.1-mbstring php7.1-mcrypt php7.1-mysql php7.1-opcache php7.1-pspell php7.1-readline php7.1-recode php7.1-soap php7.1-sqlite3 php7.1-tidy php7.1-xml php7.1-xmlrpc php7.1-xsl php7.1-zip php7.2-bcmath php7.2-bz2 php7.2-cli php7.2-curl php7.2-dba php7.2-enchant php7.2-fpm php7.2-gd php7.2-gmp php7.2-imap php7.2-intl php7.2-json php7.2-mbstring php7.2-mysql php7.2-opcache php7.2-pspell php7.2-readline php7.2-recode php7.2-soap php7.2-sqlite3 php7.2-tidy php7.2-xml php7.2-xmlrpc php7.2-xsl php7.2-zip phpmyadmin php-imagick sasl2-bin ssh subversion tor vsftpd && apt-get --no-install-recommends install adminer apt-get --no-install-recommends install apt-transport-tor aspell curl dovecot-imapd dovecot-pop3d git haveged hunspell iptables locales-all logrotate mariadb-server nginx-light postfix postfix-mysql php7.0-bcmath php7.0-bz2 php7.0-curl php7.0-dba php7.0-enchant php7.0-fpm php7.0-gd php7.0-gmp php7.0-imap php7.0-json php7.0-mbstring php7.0-mcrypt php7.0-mysql php7.0-opcache php7.0-pspell php7.0-readline php7.0-recode php7.0-soap php7.0-sqlite3 php7.0-tidy php7.0-xml php7.0-xmlrpc php7.0-xsl php7.0-zip php7.1-bcmath php7.1-bz2 php7.1-cli php7.1-curl php7.1-dba php7.1-enchant php7.1-fpm php7.1-gd php7.1-gmp php7.1-imap php7.1-intl php7.1-json php7.1-mbstring php7.1-mcrypt php7.1-mysql php7.1-opcache php7.1-pspell php7.1-readline php7.1-recode php7.1-soap php7.1-sqlite3 php7.1-tidy php7.1-xml php7.1-xmlrpc php7.1-xsl php7.1-zip php7.2-bcmath php7.2-bz2 php7.2-cli php7.2-curl php7.2-dba php7.2-enchant php7.2-fpm php7.2-gd php7.2-gmp php7.2-imap php7.2-intl php7.2-json php7.2-mbstring php7.2-mysql php7.2-opcache php7.2-pspell php7.2-readline php7.2-recode php7.2-soap php7.2-sqlite3 php7.2-tidy php7.2-xml php7.2-xmlrpc php7.2-xsl php7.2-zip phpmyadmin php-imagick sasl2-bin ssh subversion tor vsftpd && apt-get --no-install-recommends install adminer
``` ```
For optimum spell checking capabilities you can optionally install the following packages:
```
apt-get install aspell-am aspell-ar aspell-ar-large aspell-bg aspell-bn aspell-br aspell-ca aspell-cs aspell-cy aspell-da aspell-de aspell-el aspell-en aspell-eo aspell-eo-cx7 aspell-es aspell-et aspell-eu aspell-eu-es aspell-fa aspell-fo aspell-fr aspell-ga aspell-gl-minimos aspell-gu aspell-he aspell-hi aspell-hr aspell-hsb aspell-hu aspell-hy aspell-is aspell-it aspell-kk aspell-kn aspell-ku aspell-lt aspell-lv aspell-ml aspell-mr aspell-nl aspell-no aspell-or aspell-pa aspell-pl aspell-pt aspell-pt-br aspell-pt-pt aspell-ro aspell-ru aspell-sk aspell-sl aspell-sv aspell-ta aspell-te aspell-tl aspell-uk aspell-uz hunspell-af hunspell-an hunspell-ar hunspell-be hunspell-bg hunspell-bn hunspell-br hunspell-bs hunspell-ca hunspell-cs hunspell-da hunspell-de-at hunspell-de-ch hunspell-de-de hunspell-el hunspell-en-au hunspell-en-ca hunspell-en-gb hunspell-en-med hunspell-en-us hunspell-en-za hunspell-es hunspell-eu hunspell-eu-es hunspell-fr hunspell-fr-comprehensive hunspell-gd hunspell-gl hunspell-gu hunspell-he hunspell-hi hunspell-hr hunspell-hu hunspell-is hunspell-it hunspell-kk hunspell-kmr hunspell-ko hunspell-lo hunspell-lt hunspell-ml hunspell-ne hunspell-nl hunspell-no hunspell-oc hunspell-pl hunspell-pt-br hunspell-pt-pt hunspell-ro hunspell-ru hunspell-se hunspell-si hunspell-sk hunspell-sl hunspell-sr hunspell-sv hunspell-sw hunspell-te hunspell-th hunspell-tools hunspell-uk hunspell-uz hunspell-vi
```
Note that both, debian and the torproject have hidden service package archives, so you may want to edit /etc/apt/sources.list to load from those instead: Note that both, debian and the torproject have hidden service package archives, so you may want to edit /etc/apt/sources.list to load from those instead:
``` ```
deb tor+http://vwakviie2ienjx6t.onion/debian sid main deb tor+http://vwakviie2ienjx6t.onion/debian sid main
deb tor+http://sdscoq7snqtznauu.onion/torproject.org sid main deb tor+http://sdscoq7snqtznauu.onion/torproject.org sid main
``` ```
For optimum spell checking capabilities you can optionally install the following packages:
```
apt-get install aspell-am aspell-ar aspell-ar-large aspell-bg aspell-bn aspell-br aspell-ca aspell-cs aspell-cy aspell-da aspell-de aspell-de-alt aspell-doc aspell-el aspell-en aspell-eo aspell-eo-cx7 aspell-es aspell-et aspell-eu aspell-eu-es aspell-fa aspell-fo aspell-fr aspell-ga aspell-gl-minimos aspell-gu aspell-he aspell-hi aspell-hr aspell-hsb aspell-hu aspell-hy aspell-is aspell-it aspell-kk aspell-kn aspell-ku aspell-lt aspell-lv aspell-ml aspell-mr aspell-nl aspell-no aspell-or aspell-pa aspell-pl aspell-pt aspell-pt-br aspell-pt-pt aspell-ro aspell-ru aspell-sk aspell-sl aspell-sv aspell-ta aspell-te aspell-tl aspell-uk aspell-uz hunspell-af hunspell-an hunspell-ar hunspell-be hunspell-bg hunspell-bn hunspell-br hunspell-bs hunspell-ca hunspell-cs hunspell-da hunspell-de-at hunspell-de-ch hunspell-de-de hunspell-el hunspell-en-au hunspell-en-ca hunspell-en-gb hunspell-en-med hunspell-en-us hunspell-en-za hunspell-es hunspell-eu hunspell-eu-es hunspell-fr hunspell-fr-comprehensive hunspell-gd hunspell-gl hunspell-gu hunspell-he hunspell-hi hunspell-hr hunspell-hu hunspell-is hunspell-it hunspell-kk hunspell-kmr hunspell-ko hunspell-lo hunspell-lt hunspell-ml hunspell-ne hunspell-nl hunspell-no hunspell-oc hunspell-pl hunspell-pt-br hunspell-pt-pt hunspell-ro hunspell-ru hunspell-se hunspell-si hunspell-sk hunspell-sl hunspell-sr hunspell-sv hunspell-sw hunspell-te hunspell-th hunspell-tools hunspell-uk hunspell-uz hunspell-vi
```
Copy (and modify according to your needs) the site files in var/www to /var/www and the configuration files in etc to /etc after installation has finished. Then restart tor: Copy (and modify according to your needs) the site files in var/www to /var/www and the configuration files in etc to /etc after installation has finished. Then restart tor:
``` ```
service tor restart service tor restart

16
var/www/html/files.php
View File

@ -392,9 +392,10 @@ function ftp_recursive_upload($ftp, $path){
function ftp_recursive_delete($ftp, $file){ function ftp_recursive_delete($ftp, $file){
if(@ftp_chdir($ftp, $file)){ if(@ftp_chdir($ftp, $file)){
$list = ftp_nlist($ftp, '.'); if($list = ftp_nlist($ftp, '.')){
foreach($list as $tmp){ foreach($list as $tmp){
ftp_recursive_delete($ftp, $tmp); ftp_recursive_delete($ftp, $tmp);
}
} }
ftp_chdir($ftp, '..'); ftp_chdir($ftp, '..');
ftp_rmdir($ftp, $file); ftp_rmdir($ftp, $file);
@ -433,11 +434,14 @@ function send_edit($ftp, $dir){
$tmpfile='/tmp/'.uniqid(); $tmpfile='/tmp/'.uniqid();
foreach($_POST['files'] as $file){ foreach($_POST['files'] as $file){
echo '<tr><td>'.htmlspecialchars($file).'</td><td><textarea name="files['.htmlspecialchars($file).']" rows="10" cols="30">'; echo '<tr><td>'.htmlspecialchars($file).'</td><td><textarea name="files['.htmlspecialchars($file).']" rows="10" cols="30">';
ftp_get($ftp, $tmpfile, $file, FTP_BINARY); if(ftp_get($ftp, $tmpfile, $file, FTP_BINARY)){
echo htmlspecialchars(file_get_contents($tmpfile)); echo htmlspecialchars(file_get_contents($tmpfile));
}
echo '</textarea></td></tr>'; echo '</textarea></td></tr>';
} }
unlink($tmpfile); if(file_exists($tmpfile)){
unlink($tmpfile);
}
echo '</table>'; echo '</table>';
echo '<input type="submit" name="edit_2" value="Save"></form>'; echo '<input type="submit" name="edit_2" value="Save"></form>';
echo '<p><a href="files.php?path='.htmlspecialchars($dir).'">Go back</a>.</p>'; echo '<p><a href="files.php?path='.htmlspecialchars($dir).'">Go back</a>.</p>';

19
var/www/html/login.php
View File

@ -22,20 +22,29 @@ if($_SERVER['REQUEST_METHOD']==='POST'){
$msg.='<p style="color:red;">Error: username may not be empty.</p>'; $msg.='<p style="color:red;">Error: username may not be empty.</p>';
$ok=false; $ok=false;
}else{ }else{
$stmt=$db->prepare('SELECT username, password FROM users WHERE username=?;'); $stmt=$db->prepare('SELECT username, password, onion FROM users WHERE username=?;');
$stmt->execute([$_POST['username']]); $stmt->execute([$_POST['username']]);
$tmp=[]; $tmp=[];
if(($tmp=$stmt->fetch(PDO::FETCH_NUM))===false && preg_match('/^([2-7a-z]{16}).onion$/', $_POST['username'], $match)){ if(($tmp=$stmt->fetch(PDO::FETCH_NUM))===false && preg_match('/^([2-7a-z]{16}).onion$/', $_POST['username'], $match)){
$stmt=$db->prepare('SELECT username, password FROM users WHERE onion=?;'); $stmt=$db->prepare('SELECT username, password, onion FROM users WHERE onion=?;');
$stmt->execute([$match[1]]); $stmt->execute([$match[1]]);
$tmp=$stmt->fetch(PDO::FETCH_NUM); $tmp=$stmt->fetch(PDO::FETCH_NUM);
} }
if($tmp){ if($tmp){
if(!isset($_POST['pass']) || !password_verify($_POST['pass'], $tmp[1])){ $username=$tmp[0];
$password=$tmp[1];
$stmt=$db->prepare('SELECT approved FROM new_account WHERE onion=?;');
$stmt->execute([$tmp[2]]);
if($tmp=$stmt->fetch(PDO::FETCH_NUM)){
if(REQUIRE_APPROVAL && !$tmp[0]){
$msg.='<p style="color:red;">Error: Your account is pending admin approval. Please try again later.</p>';
}else{
$msg.='<p style="color:red;">Error: Your account is pending creation. Please try again in a minute.</p>';
}
$ok=false;
}elseif(!isset($_POST['pass']) || !password_verify($_POST['pass'], $password)){
$msg.='<p style="color:red;">Error: wrong password.</p>'; $msg.='<p style="color:red;">Error: wrong password.</p>';
$ok=false; $ok=false;
}else{
$username=$tmp[0];
} }
}else{ }else{
$msg.='<p style="color:red;">Error: username was not found. If you forgot it, you can enter youraccount.onion instead.</p>'; $msg.='<p style="color:red;">Error: username was not found. If you forgot it, you can enter youraccount.onion instead.</p>';