danwin1210/hosting
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Daniel Winzen
2017-04-30 19:32:42 +02:00
commit e0b35fb943
222 changed files with 8816 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
var/www/html/delete.php Normal file
View File

@ -0,0 +1,36 @@
<?php
include('../common.php');
try{
$db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME, DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]);
}catch(PDOException $e){
die('No Connection to MySQL database!');
}
session_start();
$user=check_login();
$msg='';
if($_SERVER['REQUEST_METHOD']==='POST'){
if(!isset($_POST['pass']) || !password_verify($_POST['pass'], $user['password'])){
$msg.='<p style="color:red;">Wrong password.</p>';
}else{
$stmt=$db->prepare('INSERT INTO del_account (onion) VALUES (?);');
$stmt->execute([$user['onion']]);
session_destroy();
header('Location: login.php');
exit;
}
}
header('Content-Type: text/html; charset=UTF-8');
echo '<!DOCTYPE html><html><head>';
echo '<title>Daniel\'s Hosting - Delete account</title>';
echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8">';
echo '<meta name=viewport content="width=device-width, initial-scale=1">';
echo '</head><body>';
echo '<p>This will delete your account and all data asociated with it. It can\'t be un-done. Are you sure?</p>';
echo $msg;
echo '<form method="POST" action="delete.php"><table>';
echo '<tr><td>Enter your account password to confirm</td><td><input type="password" name="pass" required autofocus></td></tr>';
echo '<tr><td colspan="2"><input type="submit" value="Delete"></td></tr>';
echo '</table></form>';
echo '<p><a href="home.php">No, don\'t delete.</a></p>';
echo '</body></html>';
?>

BIN
var/www/html/favicon.ico Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.1 KiB

56
var/www/html/home.php Normal file
View File

@ -0,0 +1,56 @@
<?php
include('../common.php');
try{
$db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME, DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]);
}catch(PDOException $e){
die('No Connection to MySQL database!');
}
session_start();
$user=check_login();
header('Content-Type: text/html; charset=UTF-8');
echo '<!DOCTYPE html><html><head>';
echo '<title>Daniel\'s Hosting - Dashboard</title>';
echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8">';
echo '<meta name=viewport content="width=device-width, initial-scale=1">';
echo '</head><body>';
echo "<p>Logged in as $user[username] <a href=\"logout.php\">Logout</a> | <a href=\"password.php\">Change passwords</a> | <a href=\"delete.php\">Delete account</a></p>";
$mail=0;
if(file_exists("/home/$user[onion].onion/Maildir/new/")){
$mail=count(scandir("/home/$user[onion].onion/Maildir/new/"))-2;
}
echo "<p>Enter system account password to check your $user[onion].onion@" . ADDRESS . " mail ($mail new):</td><td><form action=\"squirrelmail/src/redirect.php\" method=\"post\" target=\"_blank\"><input type=\"hidden\" name=\"login_username\" value=\"$user[onion].onion\"><input type=\"password\" name=\"secretkey\"><input type=\"submit\" value=\"Login to webmail\"></form></p>";
echo '<p>There is no Web-based file management yet, you\'ll need to use an FTP client like <a href="https://filezilla-project.org/">FileZilla</a> (<a href="http://tt3j2x4k5ycaa5zt.onion/tutorials/torify-ftp/" target="_blank">Torify FileZilla</a>) for now, to manage files. A web based file manager is planned.</p>';
echo '<h3>Domain</h3>';
echo '<table border="1">';
echo '<tr><th>Onion</th><th>Private key</th></tr>';
echo "<tr><td><a href=\"http://$user[onion].onion\" target=\"_blank\">$user[onion].onion</a></td><td>";
if(isset($_REQUEST['show_priv'])){
echo "<pre>$user[private_key]</pre>";
}else{
echo '<a href="home.php?show_priv=1">Show private key</a>';
}
echo '</td></tr>';
echo '</table>';
echo '<h3>MySQL Database</h3>';
echo '<table border="1">';
echo '<tr><th>Database</th><th>Host</th><th>User</th></tr>';
echo "<tr><td>$user[onion]</td><td>localhost</td><td>$user[onion].onion</td></tr>";
echo '</table>';
echo '<p><a href="password.php?type=sql">Change MySQL password</a></p>';
echo '<p>You can use <a href="/phpmyadmin/" target="_blank">PHPMyAdmin</a> and <a href="/adminer/" target="_blank">Adminer</a> for web based database administration.</p>';
echo '<h3>System Account</h3>';
echo '<table border="1">';
echo '<tr><th>Username</th><th>Host</th><th>FTP Port</th><th>SFTP Port</th><th>POP3 Port</th><th>IMAP Port</th><th>SMTP port</th></tr>';
foreach(SERVERS as $server=>$tmp){
echo "<tr><td>$user[onion].onion</td><td>$server</td><td>$tmp[ftp]</td><td>$tmp[sftp]</td><td>$tmp[pop3]</td><td>$tmp[imap]</td><td>$tmp[smtp]</td></tr>";
}
echo '</table>';
echo '<p><a href="password.php?type=sys">Change system account password</a></p>';
echo '<h3>Logs</h3>';
echo '<table border="1">';
echo '<tr><th>Date</th><th>access.log</th><th>error.log</th></tr>';
echo '<tr><td>Today</td><td><a href="log.php?type=access&amp;old=0" target="_blank">access.log</log></td><td><a href="log.php?type=error&amp;old=0" target="_blank">error.log</a></td></tr>';
echo '<tr><td>Yesterday</td><td><a href="log.php?type=access&amp;old=1" target="_blank">access.log</log></td><td><a href="log.php?type=error&amp;old=1" target="_blank">error.log</a></td></tr>';
echo '</table>';
echo '</body></html>';
?>

43
var/www/html/index.php Normal file
View File

@ -0,0 +1,43 @@
<?php
include('../common.php');
header('Content-Type: text/html; charset=UTF-8');
echo '<!DOCTYPE html><html><head>';
echo '<title>Daniel\'s Hosting</title>';
echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8">';
echo '<meta name=viewport content="width=device-width, initial-scale=1">';
echo '</head><body>';
echo '<p>Info | <a href="register.php">Register</a> | <a href="login.php">Login</a> | <a href="list.php">List of hosted sites</a></p>';
echo '<p>Here you can get yourself a hosting account on my server.</p>';
echo '<p>What you will get:</p>';
echo '<ul>';
echo '<li>Chose between PHP 7.0 or 7.1</li>';
echo '<li>Nginx Webserver</li>';
echo '<li>SQLite support</li>';
echo '<li>1 MariaDB (MySQL) database</li>';
echo '<li><a href="/phpmyadmin/" target="_blank">PHPMyAdmin</a> and <a href="/adminer/" target="_blank">Adminer</a> for web based database administration</li>';
echo '<li><b>No Web-based file management yet, you\'ll need to use an FTP client like <a href="https://filezilla-project.org/">FileZilla</a> (<a href="http://tt3j2x4k5ycaa5zt.onion/tutorials/torify-ftp/" target="_blank">Torify FileZilla</a>) for now, to manage files. A web based file manager is planned.</b></li>';
echo '<li>FTP access</li>';
echo '<li>SFTP access</li>';
echo '<li>No disk quota</li>';
echo '<li>mail() can send e-mails from your.onion@' . ADDRESS . ' and you get imap, pop3 and smtp access</li>';
echo '<li>Your own .onion address</li>';
echo '<li>There is a missing feature or you need a special configuration? Just <a href="http://tt3j2x4k5ycaa5zt.onion/contact.php">contact me</a> and I\'ll see what I can do.</li>';
echo '<li>Empty accounts will be deleted after a month</li>';
echo '<li>More to come…</li>';
echo '</ul>';
echo '<h2>Rules</h2>';
echo '<ul>';
echo '<li>No child pornography!</li>';
echo '<li>No terroristic propaganda!</li>';
echo '<li>No illegal content according to German law!</li>';
echo '<li>No malware! (e.g. botnets)</li>';
echo '<li>No phishing!</li>';
echo '<li>No scams!</li>';
echo '<li>No spam!</li>';
echo '<li>No shops! (mostly scams anyway)</li>';
echo '<li>No proxy scripts!</li>';
echo '<li>No IP logger or similar de-anonymizer sites!</li>';
echo '<li>I preserve the right to delete any site for violating these rules and adding new rules at any time.</li>';
echo '</ul>';
echo '</body></html>';
?>

28
var/www/html/list.php Normal file
View File

@ -0,0 +1,28 @@
<?php
header('Content-Type: text/html; charset=UTF-8');
include_once('../common.php');
try{
$db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME, DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]);
}catch(PDOException $e){
die('No Connection to MySQL database!');
}
echo '<!DOCTYPE html><html><head>';
echo '<title>Daniel\'s Hosting - List of hosted sites</title>';
echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8">';
echo '<meta name=viewport content="width=device-width, initial-scale=1">';
echo '</head><body>';
echo '<p><a href="index.php">Info</a> | <a href="register.php">Register</a> | <a href="login.php">Login</a> | List of hosted sites</p>';
$stmt=$db->query('SELECT COUNT(*) FROM users WHERE public=1;');
$count=$stmt->fetch(PDO::FETCH_NUM);
$stmt=$db->query('SELECT COUNT(*) FROM users WHERE public=0;');
$hidden=$stmt->fetch(PDO::FETCH_NUM);
echo "<p>Here a list of $count[0] public hosted sites ($hidden[0] sites hidden):</p>";
echo '<table border="1">';
echo '<tr><td>Onion link</td></tr>';
$stmt=$db->query('SELECT username, onion FROM users WHERE public=1 ORDER BY onion;');
while($tmp=$stmt->fetch(PDO::FETCH_NUM)){
echo "<tr><td><a href=\"http://$tmp[1].onion\" target=\"_blank\">$tmp[1].onion</a></td></tr>";
}
echo '</table>';
echo '</body></html>';
?>

28
var/www/html/log.php Normal file
View File

@ -0,0 +1,28 @@
<?php
include('../common.php');
try{
$db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME, DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]);
}catch(PDOException $e){
die('No Connection to MySQL database!');
}
session_start();
$user=check_login();
if(!isset($_REQUEST['old']) || $_REQUEST['old']==0){
$old='';
}else{
$old='.1';
}
if(!isset($_REQUEST['type']) || $_REQUEST['type']==='access'){
$type='access';
}else{
$type='error';
}
header('Content-Type: text/plain; charset=UTF-8');
header("Content-disposition: filename=\"$type.log\"");
header('Pragma: no-cache');
header('Cache-Control: no-cache, no-store, must-revalidate, max-age=0');
header('Expires: 0');
if(file_exists("/var/log/nginx/{$type}_$user[onion].onion.log$old")){
readfile("/var/log/nginx/{$type}_$user[onion].onion.log$old");
}
?>

88
var/www/html/login.php Normal file
View File

@ -0,0 +1,88 @@
<?php
include('../common.php');
try{
$db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME, DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]);
}catch(PDOException $e){
die('No Connection to MySQL database!');
}
header('Content-Type: text/html; charset=UTF-8');
session_start();
if(!empty($_SESSION['hosting_username'])){
header('Location: home.php');
exit;
}
$msg='';
if($_SERVER['REQUEST_METHOD']==='POST'){
$ok=true;
if(CAPTCHA){
if(!isset($_REQUEST['challenge'])){
echo '<p style="color:red;">Error: Wrong Captcha</p>';
$ok=false;
}else{
$stmt=$db->prepare('SELECT code FROM captcha WHERE id=?;');
$stmt->execute([$_REQUEST['challenge']]);
$stmt->bindColumn(1, $code);
if(!$stmt->fetch(PDO::FETCH_BOUND)){
echo '<p style="color:red;">Error: Captcha expired</p>';
$ok=false;
}else{
$time=time();
$stmt=$db->prepare('DELETE FROM captcha WHERE id=? OR time<?;');
$stmt->execute([$_REQUEST['challenge'], $time-3600]);
if($_REQUEST['captcha']!==$code){
if(strrev($_REQUEST['captcha'])!==$code){
echo '<p style="color:red;">Error: Wrong captcha</p>';
$ok=false;
}
}
}
}
}
if(!isset($_POST['username']) || $_POST['username']===''){
$msg.='<p style="color:red;">Error, username may not be empty.</p>';
$ok=false;
}else{
$stmt=$db->prepare('SELECT username, password FROM users WHERE username=?;');
$stmt->execute([$_POST['username']]);
$tmp=[];
if(($tmp=$stmt->fetch(PDO::FETCH_NUM))===false && preg_match('/^([2-7a-z]{16}).onion$/', $_POST['username'], $match)){
$stmt=$db->prepare('SELECT username, password FROM users WHERE onion=?;');
$stmt->execute([$match[1]]);
$tmp=$stmt->fetch(PDO::FETCH_NUM);
}
if($tmp){
if(!isset($_POST['pass']) || !password_verify($_POST['pass'], $tmp[1])){
$msg.='<p style="color:red;">Error, wrong password.</p>';
}else{
$_SESSION['hosting_username']=$tmp[0];
session_write_close();
header('Location: home.php');
exit;
}
}else{
$msg.='<p style="color:red;">Error, username was not found. If you forgot it, you can enter youraccount.onion instead.</p>';
}
}
}
echo '<!DOCTYPE html><html><head>';
echo '<title>Daniel\'s Hosting - Login</title>';
echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8">';
echo '<meta name=viewport content="width=device-width, initial-scale=1">';
echo '</head><body>';
echo '<p><a href="index.php">Info</a> | <a href="register.php">Register</a> | Login | <a href="list.php">List of hosted sites</a></p>';
echo $msg;
echo '<form method="POST" action="login.php"><table>';
echo '<tr><td>Username</td><td><input type="text" name="username" value="';
if(isset($_POST['username'])){
echo htmlspecialchars($_POST['username']);
}
echo '" required autofocus></td></tr>';
echo '<tr><td>Password</td><td><input type="password" name="pass" required></td></tr>';
if(CAPTCHA){
send_captcha();
}
echo '<tr><td colspan="2"><input type="submit" value="Login"></td></tr>';
echo '</table></form>';
echo '<p>If you disabled cookies, please re-enable them. You currently can\'t log in without</p>';
echo '</body></html>';
?>

5
var/www/html/logout.php Normal file
View File

@ -0,0 +1,5 @@
<?php
session_start();
session_destroy();
header('Location: login.php');
?>

72
var/www/html/password.php Normal file
View File

@ -0,0 +1,72 @@
<?php
include('../common.php');
try{
$db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME, DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]);
}catch(PDOException $e){
die('No Connection to MySQL database!');
}
session_start();
$user=check_login();
if(!isset($_REQUEST['type'])){
$_REQUEST['type']='acc';
}
$msg='';
if($_SERVER['REQUEST_METHOD']==='POST'){
if(!isset($_POST['pass']) || !password_verify($_POST['pass'], $user['password'])){
$msg.='<p style="color:red;">Wrong password.</p>';
}elseif(!isset($_POST['confirm']) || !isset($_POST['newpass']) || $_POST['newpass']!==$_POST['confirm']){
$msg.='<p style="color:red;">Wrong password.</p>';
}else{
if($_REQUEST['type']==='acc'){
$hash=password_hash($_POST['newpass'], PASSWORD_DEFAULT);
$stmt=$db->prepare('UPDATE users SET password=? WHERE username=?;');
$stmt->execute([$hash, $user['username']]);
$msg.='<p style="color:green;">Successfully changed account password.</p>';
}elseif($_REQUEST['type']==='sys'){
$stmt=$db->prepare('INSERT INTO pass_change (onion, password) VALUES (?, ?);');
$hash=get_system_hash($_POST['newpass']);
$stmt->execute([$user['onion'], $hash]);
$msg.='<p style="color:green;">Successfully changed system account password, change will take affect within the next minute.</p>';
}elseif($_REQUEST['type']==='sql'){
$stmt=$db->prepare("SET PASSWORD FOR '$user[onion].onion'@'localhost'=PASSWORD(?);");
$stmt->execute([$_POST['newpass']]);
$db->exec('FLUSH PRIVILEGES;');
$msg.='<p style="color:green;">Successfully changed sql password.</p>';
}else{
$msg.='<p style="color:red;">Couldn\'t update password: Unknown reset type.</p>';
}
}
}
header('Content-Type: text/html; charset=UTF-8');
echo '<!DOCTYPE html><html><head>';
echo '<title>Daniel\'s Hosting - Change password</title>';
echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8">';
echo '<meta name=viewport content="width=device-width, initial-scale=1">';
echo '</head><body>';
echo $msg;
echo '<form method="POST" action="password.php"><table>';
echo '<tr><td>Reset type:</td><td><select name="type">';
echo '<option value="acc"';
if($_REQUEST['type']==='acc'){
echo ' selected';
}
echo '>Account</option>';
echo '<option value="sys"';
if($_REQUEST['type']==='sys'){
echo ' selected';
}
echo '>System account</option>';
echo '<option value="sql"';
if($_REQUEST['type']==='sql'){
echo ' selected';
}
echo '>MySQL</option>';
echo '</select></td></tr>';
echo '<tr><td>Account password:</td><td><input type="password" name="pass" required autofocus></td></tr>';
echo '<tr><td>New password:</td><td><input type="password" name="newpass" required></td></tr>';
echo '<tr><td>Confirm password:</td><td><input type="password" name="confirm" required></td></tr>';
echo '<tr><td colspan="2"><input type="submit" value="Reset"></td></tr>';
echo '</table></form>';
echo '<p><a href="home.php">Go back to dashboard.</a></p>';
echo '</body></html>';
?>

182
var/www/html/register.php Normal file
View File

@ -0,0 +1,182 @@
<?php
include('../common.php');
try{
$db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME, DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]);
}catch(PDOException $e){
die('No Connection to MySQL database!');
}
header('Content-Type: text/html; charset=UTF-8');
session_start();
if(!empty($_SESSION['hosting_username'])){
header('Location: home.php');
exit;
}
echo '<!DOCTYPE html><html><head>';
echo '<title>Daniel\'s Hosting - Register</title>';
echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8">';
echo '<meta name=viewport content="width=device-width, initial-scale=1">';
echo '</head><body>';
echo '<p><a href="index.php">Info</a> | Register | <a href="login.php">Login</a> | <a href="list.php">List of hosted sites</a></p>';
if($_SERVER['REQUEST_METHOD']==='POST'){
$ok=true;
$onion='';
$public=0;
$php=0;
$autoindex=0;
$hash='';
$priv_key='';
if(empty($_POST['pass'])){
echo '<p style="color:red;">Error, password empty.</p>';
$ok=false;
}elseif(empty($_POST['passconfirm']) || $_POST['pass']!==$_POST['passconfirm']){
echo '<p style="color:red;">Error, password confirmation does not match.</p>';
$ok=false;
}
if(empty($_POST['username'])){
echo '<p style="color:red;">Error, username empty.</p>';
$ok=false;
}elseif(preg_match('/[^a-z0-9\-_\.]/', $_POST['username'])){
echo '<p style="color:red;">Error, username may only contain characters that are in the rage of a-z (lower case) - . _ and 0-9.</p>';
$ok=false;
}elseif(strlen($_POST['username'])>50){
echo '<p style="color:red;">Error, username may not be longer than 50 characters.</p>';
$ok=false;
}else{
$stmt=$db->prepare('SELECT null FROM users WHERE username=?;');
$stmt->execute([$_POST['username']]);
if($stmt->fetch(PDO::FETCH_NUM)){
echo '<p style="color:red;">Error, this username is already registered.</p>';
$ok=false;
}
}
if(CAPTCHA){
if(!isset($_REQUEST['challenge'])){
echo '<p style="color:red;">Error: Wrong Captcha</p>';
$ok=false;
}else{
$stmt=$db->prepare('SELECT code FROM captcha WHERE id=?;');
$stmt->execute([$_REQUEST['challenge']]);
$stmt->bindColumn(1, $code);
if(!$stmt->fetch(PDO::FETCH_BOUND)){
echo '<p style="color:red;">Error: Captcha expired</p>';
$ok=false;
}else{
$time=time();
$stmt=$db->prepare('DELETE FROM captcha WHERE id=? OR time<?;');
$stmt->execute([$_REQUEST['challenge'], $time-3600]);
if($_REQUEST['captcha']!==$code){
if(strrev($_REQUEST['captcha'])!==$code){
echo '<p style="color:red;">Error: Wrong captcha</p>';
$ok=false;
}
}
}
}
}
$check=$db->prepare('SELECT null FROM users WHERE onion=?;');
if(isset($_REQUEST['private_key']) && !empty(trim($_REQUEST['private_key']))){
$priv_key=trim($_REQUEST['private_key']);
if(($pkey=openssl_pkey_get_private($priv_key))!==false){
$details=openssl_pkey_get_details($pkey);
if($details['bits']!==1024){
echo '<p style="color:red;">Error, private key not of bitsize 1024.</p>';
$ok=false;
}else{
$onion=get_onion($pkey);
$check->execute([$onion]);
if($check->fetch(PDO::FETCH_NUM)){
echo '<p style="color:red;">Error onion already exists.</p>';
$ok=false;
}
}
openssl_pkey_free($pkey);
}else{
echo '<p style="color:red;">Error, private key invalid.</p>';
$ok=false;
}
}else{
do{
$pkey=openssl_pkey_new(['private_key_bits'=>1024, 'private_key_type'=>OPENSSL_KEYTYPE_RSA]);
openssl_pkey_export($pkey, $priv_key);
$onion=get_onion($pkey);
openssl_pkey_free($pkey);
$check->execute([$onion]);
}while($check->fetch(PDO::FETCH_NUM));
}
if($ok){
if(isset($_POST['public']) && $_POST['public']==1){
$public=1;
}
if(isset($_POST['php']) && in_array($_POST['php'], [1, 2])){
$php=$_POST['php'];
}
if(isset($_POST['autoindex']) && $_POST['autoindex']==1){
$autoindex=1;
}
$priv_key=trim(str_replace("\r", '', $priv_key));
$hash=password_hash($_POST['pass'], PASSWORD_DEFAULT);
}
$check=$db->prepare('SELECT null FROM users WHERE dateadded>?;');
$check->execute([time()-60]);
if($check->fetch(PDO::FETCH_NUM)){
echo '<p style="color:red;">To prevent abuse a site can only be registered every 60 seconds, but one has already been registered within the last 60 seconds. Please try again.</p>';
$ok=false;
}elseif($ok){
$stmt=$db->prepare('INSERT INTO users (username, password, onion, private_key, dateadded, public, php, autoindex) VALUES (?, ?, ?, ?, ?, ?, ?, ?);');
$stmt->execute([$_POST['username'], $hash, $onion, $priv_key, time(), $public, $php, $autoindex]);
$create_user=$db->prepare("CREATE USER '$onion.onion'@'localhost' IDENTIFIED BY ?;");
$create_user->execute([$_POST['pass']]);
$db->exec("CREATE DATABASE IF NOT EXISTS `$onion`;");
$db->exec("GRANT ALL PRIVILEGES ON `$onion`.* TO '$onion.onion'@'localhost';");
$db->exec('FLUSH PRIVILEGES;');
$stmt=$db->prepare('INSERT INTO new_account (onion, password) VALUES (?, ?);');
$stmt->execute([$onion, get_system_hash($_POST['pass'])]);
$title="A new hidden service $onion has been created";
$msg="A new hidden service http://$onion.onion has been created";
$headers="From: www-data <www-data>\r\nContent-Type: text/plain; charset=UTF-8\r\n";
mail('daniel@tt3j2x4k5ycaa5zt.onion', $title, $msg, $headers);
echo "<p style=\"color:green;\">Your onion domain <a href=\"http://$onion.onion\" target=\"_blank\">$onion.onion</a> has successfully been created. Please wait up to one minute until the changes have been processed. You can then login <a href=\"login.php\">here</a>.</p>";
}
}
echo '<form method="POST" action="register.php"><table>';
echo '<tr><td>Username</td><td><input type="text" name="username" value="';
if(isset($_POST['username'])){
echo htmlspecialchars($_POST['username']);
}
echo '" required autofocus></td></tr>';
echo '<tr><td>Password</td><td><input type="password" name="pass" required></td></tr>';
echo '<tr><td>Confirm password</td><td><input type="password" name="passconfirm" required></td></tr>';
if(CAPTCHA){
send_captcha();
}
if($_SERVER['REQUEST_METHOD']!=='POST' || (isset($_POST['public']) && $_POST['public']==1)){
$public=' checked';
}else{
$public='';
}
if(isset($_POST['autoindex']) && $_POST['public']==1){
$autoindex=' checked';
}else{
$autoindex='';
}
$nophp='';
$php70='';
$php71='';
if(isset($_POST['php']) && $_POST['php']==0){
$nophp=' selected';
}elseif(isset($_POST['php']) && $_POST['php']==2){
$php71=' selected';
}else{
$php70=' selected';
}
echo '<tr><td>PHP version</td><td><select name="php"><option value="0"'.$nophp.'>None</option><option value="1" '.$php70.'>PHP 7.0</option><option value="2"'.$php71.'>PHP 7.1</option></select></td></tr>';
echo '<tr><td colspan=2><label><input type="checkbox" name="public" value="1"'.$public.'>Publish site on list of hosted sites</label></td></tr>';
echo '<tr><td colspan=2><label><input type="checkbox" name="autoindex" value="1"'.$autoindex.'>Enable autoindex (listing of files)</label></td></tr>';
echo '<tr><td>Custom private key<br>(optional)</td><td><textarea name="private_key" rows="5" cols="28">';
if(isset($_REQUEST['private_key'])){
echo htmlspecialchars($_REQUEST['private_key']);
}
echo '</textarea></td></tr>';
echo '<tr><td colspan="2"><input type="submit" value="Register"></td></tr>';
echo '</table></form>';
echo '</body></html>';