From d5d7078776de8524cef4ffec6c35e405682c36c6 Mon Sep 17 00:00:00 2001 From: Daniel Winzen Date: Mon, 22 Oct 2018 21:45:08 +0200 Subject: [PATCH] Allow editing hidden service options --- var/www/html/admin.php | 74 +++++++++++++++++++++++++++++++++++---- var/www/html/home.php | 48 +++++++++++++++++++------ var/www/html/register.php | 4 +-- 3 files changed, 106 insertions(+), 20 deletions(-) diff --git a/var/www/html/admin.php b/var/www/html/admin.php index e71a694..5e8c989 100644 --- a/var/www/html/admin.php +++ b/var/www/html/admin.php @@ -42,7 +42,7 @@ if(empty($_SESSION['logged_in'])){ $cnt=$stmt->fetch(PDO::FETCH_NUM)[0]; echo "Approve pending sites ($cnt) | "; } - echo "List of hidden hosted sites | Delete accounts | Logout

"; + echo "List of accounts | Delete accounts | Edit hidden services | Logout

"; if(empty($_REQUEST['action']) || $_REQUEST['action']==='login'){ echo '

Welcome to the admin panel!

'; }elseif($_REQUEST['action']==='logout'){ @@ -51,10 +51,10 @@ if(empty($_SESSION['logged_in'])){ exit; }elseif($_REQUEST['action']==='list'){ echo ''; - echo ''; - $stmt=$db->query('SELECT onions.onion FROM users INNER JOIN onions ON (onions.user_id=users.id) WHERE users.public=0 ORDER BY onions.onion;'); + echo ''; + $stmt=$db->query('SELECT users.username, onions.onion FROM users INNER JOIN onions ON (onions.user_id=users.id) ORDER BY users.username;'); while($tmp=$stmt->fetch(PDO::FETCH_NUM)){ - echo ""; + echo ""; } echo '
Onion link
UsernameOnion linkAction
$tmp[0].onion
$tmp[0]$tmp[1].onion
'; }elseif($_REQUEST['action']==='approve'){ @@ -64,10 +64,10 @@ if(empty($_SESSION['logged_in'])){ echo '

Successfully approved

'; } echo ''; - echo ''; + echo ''; $stmt=$db->query('SELECT users.username, onions.onion FROM users INNER JOIN new_account ON (users.id=new_account.user_id) INNER JOIN onions ON (onions.user_id=users.id) WHERE new_account.approved=0 ORDER BY users.username;'); while($tmp=$stmt->fetch(PDO::FETCH_NUM)){ - echo ""; + echo ""; } echo '
UsernameOnion addressAction
UsernameOnion addressAction
$tmp[0]$tmp[1].onion
$tmp[0]$tmp[1].onion
'; }elseif($_REQUEST['action']==='delete'){ @@ -80,7 +80,7 @@ if(empty($_SESSION['logged_in'])){ echo '" required autofocus>

'; echo '
'; if(!empty($_POST['onion'])){ - if(preg_match('~^([a-z2-7]{16})(\.onion)?$~', $_POST['onion'], $match)){ + if(preg_match('~^([a-z2-7]{16}|[a-z2-7]{56})(\.onion)?$~', $_POST['onion'], $match)){ $stmt=$db->prepare('SELECT user_id FROM onions WHERE onion=?;'); $stmt->execute([$match[1]]); if($user_id=$stmt->fetch(PDO::FETCH_NUM)){ @@ -94,6 +94,66 @@ if(empty($_SESSION['logged_in'])){ echo "

Invalid onion address!

"; } } + }elseif(in_array($_REQUEST['action'], ['edit', 'edit_2'], true)){ + echo '

Edit hidden service:

'; + echo "
"; + echo '

Onion address:

'; + echo '

'; + if(!empty($_POST['onion'])){ + if(preg_match('~^([a-z2-7]{16}|[a-z2-7]{56})(\.onion)?$~', $_POST['onion'], $match)){ + if($_REQUEST['action']==='edit_2'){ + $stmt=$db->prepare('SELECT version FROM onions WHERE onion=?;'); + $stmt->execute([$match[1]]); + if($onion=$stmt->fetch(PDO::FETCH_NUM)){ + $stmt=$db->prepare('UPDATE onions SET enabled = ?, enable_smtp = ?, num_intros = ?, max_streams = ? WHERE onion=?;'); + $enabled = isset($_REQUEST['enabled']) ? 1 : 0; + $enable_smtp = isset($_REQUEST['enable_smtp']) ? 1 : 0; + $num_intros = intval($_REQUEST['num_intros']); + if($num_intros<3){ + $num_intros = 3; + }elseif($onion[0]==2 && $num_intros>10){ + $num_intros = 10; + }elseif($num_intros>20){ + $num_intros = 20; + } + $max_streams = intval($_REQUEST['max_streams']); + if($max_streams<0){ + $max_streams = 0; + }elseif($max_streams>65535){ + $max_streams = 65535; + } + $stmt->execute([$enabled, $enable_smtp, $num_intros, $max_streams, $match[1]]); + $stmt=$db->prepare('UPDATE service_instances SET reload = 1 WHERE id=?'); + $stmt->execute([substr($match[1], 0, 1)]); + echo "

Changes successfully saved!

"; + } + } + $stmt=$db->prepare('SELECT onion, enabled, enable_smtp, num_intros, max_streams, version FROM onions WHERE onion=?;'); + $stmt->execute([$match[1]]); + if($onion=$stmt->fetch(PDO::FETCH_NUM)){ + echo "
"; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + }else{ + echo "

Onion address not hosted by us!

"; + } + }else{ + echo "

Invalid onion address!

"; + } + } } } echo ''; diff --git a/var/www/html/home.php b/var/www/html/home.php index 01ade44..9ecba6f 100644 --- a/var/www/html/home.php +++ b/var/www/html/home.php @@ -7,6 +7,33 @@ try{ } session_start(); $user=check_login(); +if(isset($_REQUEST['action']) && isset($_REQUEST['onion']) && $_REQUEST['action']==='edit'){ + $stmt=$db->prepare('SELECT onions.version FROM onions INNER JOIN users ON (users.id=onions.user_id) WHERE onions.onion=? AND users.id=?;'); + $stmt->execute([$_REQUEST['onion'], $user['id']]); + if($onion=$stmt->fetch(PDO::FETCH_NUM)){ + $stmt=$db->prepare('UPDATE onions SET enabled = ?, enable_smtp = ?, num_intros = ?, max_streams = ? WHERE onion=?;'); + $enabled = isset($_REQUEST['enabled']) ? 1 : 0; + $enable_smtp = isset($_REQUEST['enable_smtp']) ? 1 : 0; + $num_intros = intval($_REQUEST['num_intros']); + if($num_intros<3){ + $num_intros = 3; + }elseif($onion[0]==2 && $num_intros>10){ + $num_intros = 10; + }elseif($num_intros>20){ + $num_intros = 20; + } + $max_streams = intval($_REQUEST['max_streams']); + if($max_streams<0){ + $max_streams = 0; + }elseif($max_streams>65535){ + $max_streams = 65535; + } + $stmt->execute([$enabled, $enable_smtp, $num_intros, $max_streams, $_REQUEST['onion']]); + $stmt=$db->prepare('UPDATE service_instances SET reload = 1 WHERE id=?'); + $stmt->execute([substr($_REQUEST['onion'], 0, 1)]); + } +} + header('Content-Type: text/html; charset=UTF-8'); echo ''; echo 'Daniel\'s Hosting - Dashboard'; @@ -18,24 +45,25 @@ echo "

Logged in as $user[username] Logout | Enter system account password to check your $user[system_account]@" . ADDRESS . " mail:

OnionEnabledSMTP enabledNr. of introsMax streams per rend circuitSave

"; echo '

Domains

'; echo ''; -echo ''; +echo ''; $stmt=$db->prepare('SELECT onion, private_key, enabled, enable_smtp, num_intros, max_streams FROM onions WHERE user_id=?;'); $stmt->execute([$user['id']]); while($onion=$stmt->fetch(PDO::FETCH_ASSOC)){ - echo "'; - echo ""; - echo ""; - echo ''; + echo ''; + echo ''; + echo ''; + echo ''; + echo ''; } echo '
OnionPrivate keyEnabledSMTP enabledNr. of introsMax streams per rendezvous circuit
OnionPrivate keyEnabledSMTP enabledNr. of introsMax streams per rend circuitSave
$onion[onion].onion"; + echo "
$onion[onion].onion"; if(isset($_REQUEST['show_priv'])){ echo "
$onion[private_key]
"; }else{ echo 'Show private key'; } - echo '		'; - echo $onion['enabled'] ? 'Yes' : 'No'; - echo ''; - echo $onion['enable_smtp'] ? 'Yes' : 'No'; - echo '$onion[num_intros]$onion[max_streams]
'; echo '

MySQL Database

'; diff --git a/var/www/html/register.php b/var/www/html/register.php index 08086be..65d423f 100644 --- a/var/www/html/register.php +++ b/var/www/html/register.php @@ -104,9 +104,7 @@ if($_SERVER['REQUEST_METHOD']==='POST'){ }elseif($ok){ $stmt=$db->prepare('INSERT INTO users (username, system_account, password, dateadded, public, php, autoindex, mysql_user) VALUES (?, ?, ?, ?, ?, ?, ?, ?);'); $stmt->execute([$_POST['username'], "$onion.onion", $hash, time(), $public, $php, $autoindex, "$onion.onion"]); - $stmt=$db->prepare('SELECT id FROM users WHERE username=?;'); - $stmt->execute([$_POST['username']]); - $user_id=$stmt->fetch(PDO::FETCH_NUM)[0]; + $user_id = $db->lastInsertId(); $stmt=$db->prepare('INSERT INTO mysql_databases (user_id, mysql_database) VALUES (?, ?);'); $stmt->execute([$user_id, $onion]); $stmt=$db->prepare('INSERT INTO onions (user_id, onion, private_key, version) VALUES (?, ?, ?, ?);');