PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]); }catch(PDOException $e){ die('No Connection to MySQL database!'); } header('Content-Type: text/html; charset=UTF-8'); session_start(['name'=>'hosting_admin']); if($_SERVER['REQUEST_METHOD']==='HEAD'){ exit; // headers sent, no further processing needed } echo ''; echo 'Daniel\'s Hosting - Login'; echo ''; echo ''; echo ''; echo ''; echo '

Hosting - Admin panel

'; $error=false; if($_SERVER['REQUEST_METHOD']==='POST' && isSet($_POST['pass']) && $_POST['pass']===ADMIN_PASSWORD){ if(!($error=check_captcha_error())){ $_SESSION['logged_in']=true; $_SESSION['csrf_token']=sha1(uniqid()); } } if(empty($_SESSION['logged_in'])){ echo "'; if($error){ echo "

$error

"; }elseif(isSet($_POST['pass'])){ echo "

Wrong password!

"; } echo '

If you disabled cookies, please re-enable them. You can\'t log in without!

'; }else{ echo '

'; if(REQUIRE_APPROVAL){ $stmt=$db->query('SELECT COUNT(*) FROM new_account WHERE approved=0;'); $cnt=$stmt->fetch(PDO::FETCH_NUM)[0]; echo "Approve pending sites ($cnt) | "; } echo "List of accounts | Delete accounts | Suspend hidden services | Edit hidden services | Logout

"; if(empty($_REQUEST['action']) || $_REQUEST['action']==='login'){ echo '

Welcome to the admin panel!

'; }elseif($_REQUEST['action']==='logout'){ session_destroy(); header("Location: $_SERVER[SCRIPT_NAME]"); exit; }elseif($_REQUEST['action']==='list'){ echo ''; echo ''; $stmt=$db->query('SELECT users.username, onions.onion FROM users INNER JOIN onions ON (onions.user_id=users.id) ORDER BY users.username;'); while($tmp=$stmt->fetch(PDO::FETCH_NUM)){ echo ""; } echo '

Username	Onion link	Action
$tmp[0]	$tmp[1].onion

'; }elseif($_REQUEST['action']==='approve'){ if(!empty($_POST['onion'])){ if($error=check_csrf_error()){ echo '

'.$error.'

'; }else{ $stmt=$db->prepare('UPDATE new_account INNER JOIN users ON (users.id=new_account.user_id) SET new_account.approved=1 WHERE users.onion=?;'); $stmt->execute([$_POST['onion']]); echo '

Successfully approved

'; } } echo ''; echo ''; $stmt=$db->query('SELECT users.username, onions.onion FROM users INNER JOIN new_account ON (users.id=new_account.user_id) INNER JOIN onions ON (onions.user_id=users.id) WHERE new_account.approved=0 ORDER BY users.username;'); while($tmp=$stmt->fetch(PDO::FETCH_NUM)){ echo ""; } echo '

Username	Onion address	Action
$tmp[0]	$tmp[1].onion

'; }elseif($_REQUEST['action']==='delete'){ echo '

Delete accouts:

'; echo "
'; if(!empty($_POST['onion'])){ if($error=check_csrf_error()){ echo '

'.$error.'

'; }elseif(preg_match('~^([a-z2-7]{16}|[a-z2-7]{56})(\.onion)?$~', $_POST['onion'], $match)){ $stmt=$db->prepare('SELECT user_id FROM onions WHERE onion=?;'); $stmt->execute([$match[1]]); if($user_id=$stmt->fetch(PDO::FETCH_NUM)){ $stmt=$db->prepare('UPDATE users SET todelete=1 WHERE id=?;'); $stmt->execute($user_id); echo "

Successfully queued for deletion!

"; }else{ echo "

Onion address not hosted by us!

"; } }else{ echo "

Invalid onion address!

"; } } }elseif($_REQUEST['action']==='suspend'){ echo '

Suspend hidden service:

'; echo "
'; if(!empty($_POST['onion'])){ if($error=check_csrf_error()){ echo '

'.$error.'

'; }elseif(preg_match('~^([a-z2-7]{16}|[a-z2-7]{56})(\.onion)?$~', $_POST['onion'], $match)){ $stmt=$db->prepare('SELECT null FROM onions WHERE onion=?;'); $stmt->execute([$match[1]]); if($stmt->fetch(PDO::FETCH_NUM)){ $stmt=$db->prepare('UPDATE onions SET enabled=-2 WHERE onion=?;'); $stmt->execute([$match[1]]); echo "

Successfully queued for suspension!

"; $stmt=$db->prepare('UPDATE service_instances SET reload = 1 WHERE id=?'); $stmt->execute([substr($match[1], 0, 1)]); }else{ echo "

Onion address not hosted by us!

"; } }else{ echo "

Invalid onion address!

"; } } }elseif(in_array($_REQUEST['action'], ['edit', 'edit_2'], true)){ echo '

Edit hidden service:

'; echo "
'; if(!empty($_POST['onion'])){ if($error=check_csrf_error()){ echo '

'.$error.'

'; }elseif(preg_match('~^([a-z2-7]{16}|[a-z2-7]{56})(\.onion)?$~', $_POST['onion'], $match)){ if($_REQUEST['action']==='edit_2'){ $stmt=$db->prepare('SELECT version FROM onions WHERE onion=?;'); $stmt->execute([$match[1]]); if($onion=$stmt->fetch(PDO::FETCH_NUM)){ $stmt=$db->prepare('UPDATE onions SET enabled = ?, enable_smtp = ?, num_intros = ?, max_streams = ? WHERE onion=?;'); $enabled = isset($_REQUEST['enabled']) ? 1 : 0; $enable_smtp = isset($_REQUEST['enable_smtp']) ? 1 : 0; $num_intros = intval($_REQUEST['num_intros']); if($num_intros<3){ $num_intros = 3; }elseif($onion[0]==2 && $num_intros>10){ $num_intros = 10; }elseif($num_intros>20){ $num_intros = 20; } $max_streams = intval($_REQUEST['max_streams']); if($max_streams<0){ $max_streams = 0; }elseif($max_streams>65535){ $max_streams = 65535; } $stmt->execute([$enabled, $enable_smtp, $num_intros, $max_streams, $match[1]]); $stmt=$db->prepare('UPDATE service_instances SET reload = 1 WHERE id=?'); $stmt->execute([substr($match[1], 0, 1)]); echo "

Changes successfully saved!

"; } } $stmt=$db->prepare('SELECT onion, enabled, enable_smtp, num_intros, max_streams, version FROM onions WHERE onion=?;'); $stmt->execute([$match[1]]); if($onion=$stmt->fetch(PDO::FETCH_NUM)){ echo "

"; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; }else{ echo "

Onion address not hosted by us!

"; } }else{ echo "

Invalid onion address!

"; } } } } echo '';

Onion	Enabled	SMTP enabled	Nr. of intros	Max streams per rend circuit	Save
	Enabled	Enabled

Password