danwin1210/hosting
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Allow editing hidden service options

Browse Source
This commit is contained in:
Daniel Winzen
2018-10-22 21:45:08 +02:00
parent b80f30ac03
commit d5d7078776
3 changed files with 106 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
var/www/html/admin.php
View File

@ -42,7 +42,7 @@ if(empty($_SESSION['logged_in'])){
$cnt=$stmt->fetch(PDO::FETCH_NUM)[0]; $cnt=$stmt->fetch(PDO::FETCH_NUM)[0];
echo "<a href=\"$_SERVER[SCRIPT_NAME]?action=approve\">Approve pending sites ($cnt)</a> | "; echo "<a href=\"$_SERVER[SCRIPT_NAME]?action=approve\">Approve pending sites ($cnt)</a> | ";
} }
echo "<a href=\"$_SERVER[SCRIPT_NAME]?action=list\">List of hidden hosted sites</a> | <a href=\"$_SERVER[SCRIPT_NAME]?action=delete\">Delete accounts</a> | <a href=\"$_SERVER[SCRIPT_NAME]?action=logout\">Logout</a></p>"; echo "<a href=\"$_SERVER[SCRIPT_NAME]?action=list\">List of accounts</a> | <a href=\"$_SERVER[SCRIPT_NAME]?action=delete\">Delete accounts</a> | <a href=\"$_SERVER[SCRIPT_NAME]?action=edit\">Edit hidden services</a> | <a href=\"$_SERVER[SCRIPT_NAME]?action=logout\">Logout</a></p>";
if(empty($_REQUEST['action']) || $_REQUEST['action']==='login'){ if(empty($_REQUEST['action']) || $_REQUEST['action']==='login'){
echo '<p>Welcome to the admin panel!</p>'; echo '<p>Welcome to the admin panel!</p>';
}elseif($_REQUEST['action']==='logout'){ }elseif($_REQUEST['action']==='logout'){
@ -51,10 +51,10 @@ if(empty($_SESSION['logged_in'])){
exit; exit;
}elseif($_REQUEST['action']==='list'){ }elseif($_REQUEST['action']==='list'){
echo '<table border="1">'; echo '<table border="1">';
echo '<tr><td>Onion link</td></tr>'; echo '<tr><th>Username</th><th>Onion link</th><th>Action</th></tr>';
$stmt=$db->query('SELECT onions.onion FROM users INNER JOIN onions ON (onions.user_id=users.id) WHERE users.public=0 ORDER BY onions.onion;'); $stmt=$db->query('SELECT users.username, onions.onion FROM users INNER JOIN onions ON (onions.user_id=users.id) ORDER BY users.username;');
while($tmp=$stmt->fetch(PDO::FETCH_NUM)){ while($tmp=$stmt->fetch(PDO::FETCH_NUM)){
echo "<tr><td><a href=\"http://$tmp[0].onion\" target=\"_blank\">$tmp[0].onion</a></td></tr>"; echo "<form action=\"$_SERVER[SCRIPT_NAME]\" method=\"POST\"><input type=\"hidden\" name=\"onion\" value=\"$tmp[1]\"><tr><td>$tmp[0]</td><td><a href=\"http://$tmp[1].onion\" target=\"_blank\">$tmp[1].onion</a></td><td><input type=\"submit\" name=\"action\" value=\"edit\"></td></tr></form>";
} }
echo '</table>'; echo '</table>';
}elseif($_REQUEST['action']==='approve'){ }elseif($_REQUEST['action']==='approve'){
@ -64,10 +64,10 @@ if(empty($_SESSION['logged_in'])){
echo '<p style="color:green;">Successfully approved</p>'; echo '<p style="color:green;">Successfully approved</p>';
} }
echo '<table border="1">'; echo '<table border="1">';
echo '<tr><td>Username</td><td>Onion address</td><td>Action</td></tr>'; echo '<tr><th>Username</th><th>Onion address</th><th>Action</th></tr>';
$stmt=$db->query('SELECT users.username, onions.onion FROM users INNER JOIN new_account ON (users.id=new_account.user_id) INNER JOIN onions ON (onions.user_id=users.id) WHERE new_account.approved=0 ORDER BY users.username;'); $stmt=$db->query('SELECT users.username, onions.onion FROM users INNER JOIN new_account ON (users.id=new_account.user_id) INNER JOIN onions ON (onions.user_id=users.id) WHERE new_account.approved=0 ORDER BY users.username;');
while($tmp=$stmt->fetch(PDO::FETCH_NUM)){ while($tmp=$stmt->fetch(PDO::FETCH_NUM)){
echo "<form action=\"$_SERVER[SCRIPT_NAME]\" method=\"POST\"><input type=\"hidden\" name=\"onion\" value=\"$tmp[1]\"><tr><td>$tmp[0]</td><td>$tmp[1].onion</td><td><input type=\"submit\" name=\"action\" value=\"approve\"><input type=\"submit\" name=\"action\" value=\"delete\"></td></tr></form>"; echo "<form action=\"$_SERVER[SCRIPT_NAME]\" method=\"POST\"><input type=\"hidden\" name=\"onion\" value=\"$tmp[1]\"><tr><td>$tmp[0]</td><td><a href=\"http://$tmp[1].onion\" target=\"_blank\">$tmp[1].onion</a></td><td><input type=\"submit\" name=\"action\" value=\"approve\"><input type=\"submit\" name=\"action\" value=\"delete\"></td></tr></form>";
} }
echo '</table>'; echo '</table>';
}elseif($_REQUEST['action']==='delete'){ }elseif($_REQUEST['action']==='delete'){
@ -80,7 +80,7 @@ if(empty($_SESSION['logged_in'])){
echo '" required autofocus></p>'; echo '" required autofocus></p>';
echo '<input type="submit" name="action" value="delete"></form><br>'; echo '<input type="submit" name="action" value="delete"></form><br>';
if(!empty($_POST['onion'])){ if(!empty($_POST['onion'])){
if(preg_match('~^([a-z2-7]{16})(\.onion)?$~', $_POST['onion'], $match)){ if(preg_match('~^([a-z2-7]{16}|[a-z2-7]{56})(\.onion)?$~', $_POST['onion'], $match)){
$stmt=$db->prepare('SELECT user_id FROM onions WHERE onion=?;'); $stmt=$db->prepare('SELECT user_id FROM onions WHERE onion=?;');
$stmt->execute([$match[1]]); $stmt->execute([$match[1]]);
if($user_id=$stmt->fetch(PDO::FETCH_NUM)){ if($user_id=$stmt->fetch(PDO::FETCH_NUM)){
@ -94,6 +94,66 @@ if(empty($_SESSION['logged_in'])){
echo "<p style=\"color:red;\">Invalid onion address!</p>"; echo "<p style=\"color:red;\">Invalid onion address!</p>";
} }
} }
}elseif(in_array($_REQUEST['action'], ['edit', 'edit_2'], true)){
echo '<p>Edit hidden service:</p>';
echo "<form action=\"$_SERVER[SCRIPT_NAME]\" method=\"POST\">";
echo '<p>Onion address: <input type="text" name="onion" size="30" value="';
if(isSet($_POST['onion'])){
echo htmlspecialchars($_POST['onion']);
}
echo '" required autofocus></p>';
echo '<input type="submit" name="action" value="edit"></form><br>';
if(!empty($_POST['onion'])){
if(preg_match('~^([a-z2-7]{16}|[a-z2-7]{56})(\.onion)?$~', $_POST['onion'], $match)){
if($_REQUEST['action']==='edit_2'){
$stmt=$db->prepare('SELECT version FROM onions WHERE onion=?;');
$stmt->execute([$match[1]]);
if($onion=$stmt->fetch(PDO::FETCH_NUM)){
$stmt=$db->prepare('UPDATE onions SET enabled = ?, enable_smtp = ?, num_intros = ?, max_streams = ? WHERE onion=?;');
$enabled = isset($_REQUEST['enabled']) ? 1 : 0;
$enable_smtp = isset($_REQUEST['enable_smtp']) ? 1 : 0;
$num_intros = intval($_REQUEST['num_intros']);
if($num_intros<3){
$num_intros = 3;
}elseif($onion[0]==2 && $num_intros>10){
$num_intros = 10;
}elseif($num_intros>20){
$num_intros = 20;
}
$max_streams = intval($_REQUEST['max_streams']);
if($max_streams<0){
$max_streams = 0;
}elseif($max_streams>65535){
$max_streams = 65535;
}
$stmt->execute([$enabled, $enable_smtp, $num_intros, $max_streams, $match[1]]);
$stmt=$db->prepare('UPDATE service_instances SET reload = 1 WHERE id=?');
$stmt->execute([substr($match[1], 0, 1)]);
echo "<p style=\"color:green;\">Changes successfully saved!</p>";
}
}
$stmt=$db->prepare('SELECT onion, enabled, enable_smtp, num_intros, max_streams, version FROM onions WHERE onion=?;');
$stmt->execute([$match[1]]);
if($onion=$stmt->fetch(PDO::FETCH_NUM)){
echo "<form action=\"$_SERVER[SCRIPT_NAME]\" method=\"POST\">";
echo '<table border="1"><tr><th>Onion</th><th>Enabled</th><th>SMTP enabled</th><th>Nr. of intros</th><th>Max streams per rend circuit</th><th>Save</th></tr>';
echo '<tr><td><input type="text" name="onion" size="15" value="'.$onion[0].'" required autofocus></td>';
echo '<td><label><input type="checkbox" name="enabled" value="1"';
echo $onion[1] ? ' checked' : '';
echo '>Enabled</label></td>';
echo '<td><label><input type="checkbox" name="enable_smtp" value="1"';
echo $onion[2] ? ' checked' : '';
echo '>Enabled</label></td>';
echo '<td><input type="number" name="num_intros" min="3" max="20" value="'.$onion[3].'"></td>';
echo '<td><input type="number" name="max_streams" min="0" max="65535" value="'.$onion[4].'"></td>';
echo '<td><button type="submit" name="action" value="edit_2">Save</button></td></tr>';
}else{
echo "<p style=\"color:red;\">Onion address not hosted by us!</p>";
}
}else{
echo "<p style=\"color:red;\">Invalid onion address!</p>";
}
}
} }
} }
echo '</body></html>'; echo '</body></html>';

48
var/www/html/home.php
View File

@ -7,6 +7,33 @@ try{
} }
session_start(); session_start();
$user=check_login(); $user=check_login();
if(isset($_REQUEST['action']) && isset($_REQUEST['onion']) && $_REQUEST['action']==='edit'){
$stmt=$db->prepare('SELECT onions.version FROM onions INNER JOIN users ON (users.id=onions.user_id) WHERE onions.onion=? AND users.id=?;');
$stmt->execute([$_REQUEST['onion'], $user['id']]);
if($onion=$stmt->fetch(PDO::FETCH_NUM)){
$stmt=$db->prepare('UPDATE onions SET enabled = ?, enable_smtp = ?, num_intros = ?, max_streams = ? WHERE onion=?;');
$enabled = isset($_REQUEST['enabled']) ? 1 : 0;
$enable_smtp = isset($_REQUEST['enable_smtp']) ? 1 : 0;
$num_intros = intval($_REQUEST['num_intros']);
if($num_intros<3){
$num_intros = 3;
}elseif($onion[0]==2 && $num_intros>10){
$num_intros = 10;
}elseif($num_intros>20){
$num_intros = 20;
}
$max_streams = intval($_REQUEST['max_streams']);
if($max_streams<0){
$max_streams = 0;
}elseif($max_streams>65535){
$max_streams = 65535;
}
$stmt->execute([$enabled, $enable_smtp, $num_intros, $max_streams, $_REQUEST['onion']]);
$stmt=$db->prepare('UPDATE service_instances SET reload = 1 WHERE id=?');
$stmt->execute([substr($_REQUEST['onion'], 0, 1)]);
}
}
header('Content-Type: text/html; charset=UTF-8'); header('Content-Type: text/html; charset=UTF-8');
echo '<!DOCTYPE html><html><head>'; echo '<!DOCTYPE html><html><head>';
echo '<title>Daniel\'s Hosting - Dashboard</title>'; echo '<title>Daniel\'s Hosting - Dashboard</title>';
@ -18,24 +45,25 @@ echo "<p>Logged in as $user[username] <a href=\"logout.php\">Logout</a> | <a hre
echo "<p>Enter system account password to check your $user[system_account]@" . ADDRESS . " mail:</td><td><form action=\"squirrelmail/src/redirect.php\" method=\"post\" target=\"_blank\"><input type=\"hidden\" name=\"login_username\" value=\"$user[system_account]\"><input type=\"password\" name=\"secretkey\"><input type=\"submit\" value=\"Login to webmail\"></form></p>"; echo "<p>Enter system account password to check your $user[system_account]@" . ADDRESS . " mail:</td><td><form action=\"squirrelmail/src/redirect.php\" method=\"post\" target=\"_blank\"><input type=\"hidden\" name=\"login_username\" value=\"$user[system_account]\"><input type=\"password\" name=\"secretkey\"><input type=\"submit\" value=\"Login to webmail\"></form></p>";
echo '<h3>Domains</h3>'; echo '<h3>Domains</h3>';
echo '<table border="1">'; echo '<table border="1">';
echo '<tr><th>Onion</th><th>Private key</th><th>Enabled</th><th>SMTP enabled</th><th>Nr. of intros</th><th>Max streams per rendezvous circuit</th></tr>'; echo '<tr><th>Onion</th><th>Private key</th><th>Enabled</th><th>SMTP enabled</th><th>Nr. of intros</th><th>Max streams per rend circuit</th><th>Save</th></tr>';
$stmt=$db->prepare('SELECT onion, private_key, enabled, enable_smtp, num_intros, max_streams FROM onions WHERE user_id=?;'); $stmt=$db->prepare('SELECT onion, private_key, enabled, enable_smtp, num_intros, max_streams FROM onions WHERE user_id=?;');
$stmt->execute([$user['id']]); $stmt->execute([$user['id']]);
while($onion=$stmt->fetch(PDO::FETCH_ASSOC)){ while($onion=$stmt->fetch(PDO::FETCH_ASSOC)){
echo "<tr><td><a href=\"http://$onion[onion].onion\" target=\"_blank\">$onion[onion].onion</a></td><td>"; echo "<form action=\"home.php\" method=\"post\"><input type=\"hidden\" name=\"onion\" value=\"$onion[onion]\"><tr><td><a href=\"http://$onion[onion].onion\" target=\"_blank\">$onion[onion].onion</a></td><td>";
if(isset($_REQUEST['show_priv'])){ if(isset($_REQUEST['show_priv'])){
echo "<pre>$onion[private_key]</pre>"; echo "<pre>$onion[private_key]</pre>";
}else{ }else{
echo '<a href="home.php?show_priv=1">Show private key</a>'; echo '<a href="home.php?show_priv=1">Show private key</a>';
} }
echo '</td><td>'; echo '</td><td><label><input type="checkbox" name="enabled" value="1"';
echo $onion['enabled'] ? 'Yes' : 'No'; echo $onion['enabled'] ? ' checked' : '';
echo '</td><td>'; echo '>Enabled</label></td>';
echo $onion['enable_smtp'] ? 'Yes' : 'No'; echo '<td><label><input type="checkbox" name="enable_smtp" value="1"';
echo '</td>'; echo $onion['enable_smtp'] ? ' checked' : '';
echo "<td>$onion[num_intros]</td>"; echo '>Enabled</label></td>';
echo "<td>$onion[max_streams]</td>"; echo '<td><input type="number" name="num_intros" min="3" max="20" value="'.$onion['num_intros'].'"></td>';
echo '</tr>'; echo '<td><input type="number" name="max_streams" min="0" max="65535" value="'.$onion['max_streams'].'"></td>';
echo '<td><button type="submit" name="action" value="edit">Save</button></td></tr>';
} }
echo '</table>'; echo '</table>';
echo '<h3>MySQL Database</h3>'; echo '<h3>MySQL Database</h3>';

4
var/www/html/register.php
View File

@ -104,9 +104,7 @@ if($_SERVER['REQUEST_METHOD']==='POST'){
}elseif($ok){ }elseif($ok){
$stmt=$db->prepare('INSERT INTO users (username, system_account, password, dateadded, public, php, autoindex, mysql_user) VALUES (?, ?, ?, ?, ?, ?, ?, ?);'); $stmt=$db->prepare('INSERT INTO users (username, system_account, password, dateadded, public, php, autoindex, mysql_user) VALUES (?, ?, ?, ?, ?, ?, ?, ?);');
$stmt->execute([$_POST['username'], "$onion.onion", $hash, time(), $public, $php, $autoindex, "$onion.onion"]); $stmt->execute([$_POST['username'], "$onion.onion", $hash, time(), $public, $php, $autoindex, "$onion.onion"]);
$stmt=$db->prepare('SELECT id FROM users WHERE username=?;'); $user_id = $db->lastInsertId();
$stmt->execute([$_POST['username']]);
$user_id=$stmt->fetch(PDO::FETCH_NUM)[0];
$stmt=$db->prepare('INSERT INTO mysql_databases (user_id, mysql_database) VALUES (?, ?);'); $stmt=$db->prepare('INSERT INTO mysql_databases (user_id, mysql_database) VALUES (?, ?);');
$stmt->execute([$user_id, $onion]); $stmt->execute([$user_id, $onion]);
$stmt=$db->prepare('INSERT INTO onions (user_id, onion, private_key, version) VALUES (?, ?, ?, ?);'); $stmt=$db->prepare('INSERT INTO onions (user_id, onion, private_key, version) VALUES (?, ?, ?, ?);');