danwin1210/hosting
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
d3dea7493e03b2696e05a1d81aa38ed6c72b58b0
hosting/var/www/html/home.php
Daniel Winzen aca4e19980 Drop v2 onion support
2023-08-24 23:05:12 +02:00

305 lines
16 KiB
PHP
Raw Blame History

<?php
require('../common.php');
$db = get_db_instance();
$user=check_login();
header('Content-Type: text/html; charset=UTF-8');
if(isset($_POST['action']) && $_POST['action']==='add_db'){
if($error=check_csrf_error()){
die($error);
}
add_user_db($user['id']);
}
if(isset($_POST['action']) && $_POST['action']==='del_db' && !empty($_POST['db'])){
if($error=check_csrf_error()){
die($error);
}
print_header(_('Delete database'));
?>
<p><?php printf(_("This will delete your database %s and all data associated with it. It can't be un-done. Are you sure?"), htmlspecialchars($_POST['db'])); ?></p>
<form method="post" action="home.php"><input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>">
<input type="hidden" name="db" value="<?php echo htmlspecialchars($_POST['db']); ?>">
<button type="submit" name="action" value="del_db_2"><?php echo _('Yes, delete'); ?></button>
</form>
<p><a href="home.php"><?php echo _("No, don't delete"); ?></a></p>
</body></html><?php
exit;
}
if(isset($_POST['action']) && $_POST['action']==='del_db_2' && !empty($_POST['db'])){
if($error=check_csrf_error()){
die($error);
}
del_user_db($user['id'], $_POST['db']);
}
if(isset($_POST['action']) && $_POST['action']==='del_onion' && !empty($_POST['onion'])){
if($error=check_csrf_error()){
die($error);
}
print_header(_('Delete onion domain'));
?>
<p><?php printf(_("This will delete your onion domain %s and all data asociated with it. It can't be un-done. Are you sure?"), htmlspecialchars($_POST['onion']).'.onion'); ?></p>
<form method="post" action="home.php"><input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>">
<input type="hidden" name="onion" value="<?php echo htmlspecialchars($_POST['onion']); ?>">
<button type="submit" name="action" value="del_onion_2"><?php echo _('Yes, delete'); ?></button>
</form>
<p><a href="home.php"><?php echo _("No, don't delete"); ?></a></p>
</body></html><?php
exit;
}
if(isset($_POST['action']) && $_POST['action']==='add_onion'){
if($error=check_csrf_error()){
die($error);
}
$ok = true;
if(isset($_REQUEST['onion_type']) && $_REQUEST['onion_type']==='custom' && isset($_REQUEST['private_key']) && !empty(trim($_REQUEST['private_key']))){
$priv_key = trim($_REQUEST['private_key']);
$data = private_key_to_onion($priv_key);
$onion = $data['onion'];
$onion_version = $data['version'];
if(!$data['ok']){
$msg = '<p role="alert" style="color:red">'.$data['message'].'</p>';
$ok = false;
} else {
$check=$db->prepare('SELECT null FROM onions WHERE onion=?;');
$check->execute([$onion]);
if($check->fetch(PDO::FETCH_NUM)){
$msg = '<p role="alert" style="color:red">'._('Error onion already exists.').'</p>';
$ok = false;
}
}
}else{
$onion_version = 3;
if(isset($_REQUEST['onion_type']) && in_array($_REQUEST['onion_type'], [3])){
$onion_version = $_REQUEST['onion_type'];
}
$check=$db->prepare('SELECT null FROM onions WHERE onion=?;');
do{
$data = generate_new_onion($onion_version);
$priv_key = $data['priv_key'];
$onion = $data['onion'];
$onion_version = $data['version'];
$check->execute([$onion]);
}while($check->fetch(PDO::FETCH_NUM));
}
$priv_key=trim(str_replace("\r", '', $priv_key));
$stmt = $db->prepare('SELECT COUNT(*) FROM onions WHERE user_id = ?;');
$stmt->execute([$user['id']]);
$count = $stmt->fetch(PDO::FETCH_NUM);
if($count[0]>=MAX_NUM_USER_ONIONS) {
$ok = false;
}
if($ok){
add_user_onion($user['id'], $onion, $priv_key, $onion_version);
}
}
if(isset($_POST['action']) && $_POST['action']==='del_onion_2' && !empty($_POST['onion'])){
if($error=check_csrf_error()){
die($error);
}
del_user_onion($user['id'], $_POST['onion']);
}
if(isset($_POST['action']) && $_POST['action']==='add_domain' && !empty($_POST['domain'])){
if($error=check_csrf_error()){
die($error);
}
$error = add_user_domain($user['id'], $_POST['domain']);
if(!empty($error)){
$msg = '<p role="alert" style="color:red">'.$error.'</p>';
}
}
if(isset($_POST['action']) && $_POST['action']==='del_domain' && !empty($_POST['domain'])){
if($error=check_csrf_error()){
die($error);
}
print_header(_('Delete domain'));
?>
<p><?php printf(_("This will delete your domain %s and all data asociated with it. It can't be un-done. Are you sure?"), htmlspecialchars($_POST['domain'])); ?></p>
<form method="post" action="home.php"><input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>">
<input type="hidden" name="domain" value="<?php echo htmlspecialchars($_POST['domain']); ?>">
<button type="submit" name="action" value="del_domain_2"><?php echo _('Yes, delete'); ?></button>
</form>
<p><a href="home.php"><?php echo _("No, don't delete"); ?></a></p>
</body></html><?php
exit;
}
if(isset($_POST['action']) && $_POST['action']==='del_domain_2' && !empty($_POST['domain'])){
if($error=check_csrf_error()){
die($error);
}
del_user_domain($user['id'], $_POST['domain']);
}
if(isset($_REQUEST['action']) && isset($_REQUEST['onion']) && $_REQUEST['action']==='edit_onion'){
if($error=check_csrf_error()){
die($error);
}
$stmt=$db->prepare('SELECT onions.version, onions.instance FROM onions INNER JOIN users ON (users.id=onions.user_id) WHERE onions.onion = ? AND users.id = ? AND onions.enabled IN (0, 1);');
$stmt->execute([$_REQUEST['onion'], $user['id']]);
if($onion=$stmt->fetch(PDO::FETCH_ASSOC)){
$stmt=$db->prepare('UPDATE onions SET enabled = ?, enable_smtp = ?, num_intros = ?, max_streams = ? WHERE onion = ?;');
$enabled = isset($_REQUEST['enabled']) ? 1 : 0;
$enable_smtp = isset($_REQUEST['enable_smtp']) ? 1 : 0;
$num_intros = intval($_REQUEST['num_intros']);
if($num_intros<3){
$num_intros = 3;
}elseif($onion['version']==2 && $num_intros>10){
$num_intros = 10;
}elseif($num_intros>20){
$num_intros = 20;
}
$max_streams = intval($_REQUEST['max_streams']);
if($max_streams<0){
$max_streams = 0;
}elseif($max_streams>65535){
$max_streams = 65535;
}
$stmt->execute([$enabled, $enable_smtp, $num_intros, $max_streams, $_REQUEST['onion']]);
enqueue_instance_reload($onion['instance']);
}
}
if(isset($_REQUEST['action']) && isset($_POST['domain']) && $_POST['action']==='edit_domain'){
if($error=check_csrf_error()){
die($error);
}
$stmt=$db->prepare('SELECT null FROM domains WHERE domain = ? AND user_id = ? AND enabled IN (0, 1);');
$stmt->execute([$_POST['domain'], $user['id']]);
if($onion=$stmt->fetch(PDO::FETCH_NUM)){
$stmt=$db->prepare('UPDATE domains SET enabled = ? WHERE domain = ?;');
$enabled = isset($_POST['enabled']) ? 1 : 0;
$stmt->execute([$enabled, $_POST['domain']]);
enqueue_instance_reload();
}
}
print_header(_('Dashboard'), '#custom_onion:not(checked)+#private_key{display:none;}#custom_onion:checked+#private_key{display:block;}td{padding:5px}meter{width:200px}');
dashboard_menu($user, 'home.php');
if(!empty($msg)){
echo $msg;
}
echo '<p>'.sprintf(_('Enter system account password to check your %s mail:'), $user['system_account'].'@' . ADDRESS).'</td><td><form action="squirrelmail/src/redirect.php" method="post" target="_blank"><input type="hidden" name="login_username" value="'.$user['system_account'].'"><input type="password" name="secretkey"><button type="submit">'._('Login to webmail').'</button></form></p>';
echo '<h3>'._('Onion domains').'</h3>';
echo '<table border="1">';
echo '<tr><th>'._('Onion').'</th><th>'._('Private key').'</th><th>'._('Enabled').'</th><th>'._('SMTP enabled').'</th><th>'._('Nr. of intros').'</th><th>'._('Max streams per rend circuit').'</th><th>'._('Action').'</th></tr>';
$stmt=$db->prepare('SELECT onion, private_key, enabled, enable_smtp, num_intros, max_streams FROM onions WHERE user_id = ?;');
$stmt->execute([$user['id']]);
$count_onions = 0;
while($onion=$stmt->fetch(PDO::FETCH_ASSOC)){
++$count_onions;
echo "<form action=\"home.php\" method=\"post\"><input type=\"hidden\" name=\"csrf_token\" value=\"$_SESSION[csrf_token]\"><input type=\"hidden\" name=\"onion\" value=\"$onion[onion]\"><tr><td><a href=\"http://$onion[onion].onion\" target=\"_blank\">$onion[onion].onion</a></td><td>";
if(isset($_REQUEST['show_priv'])){
echo "<pre>$onion[private_key]</pre>";
}else{
echo '<a href="home.php?show_priv=1">'._('Show private key').'</a>';
}
echo '</td><td><label><input type="checkbox" name="enabled" value="1"';
echo $onion['enabled'] ? ' checked' : '';
echo '>'._('Enabled').'</label></td>';
echo '<td><label><input type="checkbox" name="enable_smtp" value="1"';
echo $onion['enable_smtp'] ? ' checked' : '';
echo '>'._('Enabled').'</label></td>';
echo '<td><input type="number" name="num_intros" min="3" max="20" value="'.$onion['num_intros'].'"></td>';
echo '<td><input type="number" name="max_streams" min="0" max="65535" value="'.$onion['max_streams'].'"></td>';
if(in_array($onion['enabled'], [0, 1])){
echo '<td><button type="submit" name="action" value="edit_onion">'._('Save').'</button>';
echo '<button type="submit" name="action" value="del_onion">'._('Delete').'</button></td>';
}else{
echo '<td>'._('Unavailable').'</td>';
}
echo '</tr></form>';
}
if($count_onions<MAX_NUM_USER_ONIONS){
echo "<form action=\"home.php\" method=\"post\"><input type=\"hidden\" name=\"csrf_token\" value=\"$_SESSION[csrf_token]\">";
echo '<tr><td colspan="6">'._('Add additional hidden service:').'<br>';
echo '<label><input type="radio" name="onion_type" value="3"';
echo (!isset($_POST['onion_type']) || $_POST['onion_type']==3) ? ' checked' : '';
echo '>'._('Random v3 Address').'</label>';
echo '<label><input id="custom_onion" type="radio" name="onion_type" value="custom"';
echo isset($_POST['onion_type']) && $_POST['onion_type']==='custom' ? ' checked' : '';
echo '>'._('Custom private key');
echo '<textarea id="private_key" name="private_key" rows="5" cols="28">';
echo isset($_REQUEST['private_key']) ? htmlspecialchars($_REQUEST['private_key']) : '';
echo '</textarea>';
echo '</label></td><td><button type="submit" name="action" value="add_onion">'._('Add onion').'</button></td></tr></form>';
}
echo '</table>';
if(MAX_NUM_USER_DOMAINS>0){
echo '<h3>'._('Clearnet domains').'</h3>';
echo '<table border="1">';
echo '<tr><th>'._('Domain').'</th><th>'._('Enabled').'</th><th>'._('Action').'</th></tr>';
$stmt=$db->prepare('SELECT domain, enabled FROM domains WHERE user_id = ?;');
$stmt->execute([$user['id']]);
$count_domains = 0;
while($domain=$stmt->fetch(PDO::FETCH_ASSOC)){
++$count_domains;
echo "<form action=\"home.php\" method=\"post\"><input type=\"hidden\" name=\"csrf_token\" value=\"$_SESSION[csrf_token]\"><input type=\"hidden\" name=\"domain\" value=\"$domain[domain]\"><tr><td><a href=\"https://$domain[domain]\" target=\"_blank\">$domain[domain]</a></td>";
echo '<td><label><input type="checkbox" name="enabled" value="1"';
echo $domain['enabled'] ? ' checked' : '';
echo '>'._('Enabled').'</label></td>';
if(in_array($domain['enabled'], [0, 1])){
echo '<td><button type="submit" name="action" value="edit_domain">'._('Save').'</button>';
echo '<button type="submit" name="action" value="del_domain">'._('Delete').'</button></td>';
}else{
echo '<td>'._('Unavailable').'</td>';
}
echo '</tr></form>';
}
if($count_domains<MAX_NUM_USER_DOMAINS){
echo "<form action=\"home.php\" method=\"post\"><input type=\"hidden\" name=\"csrf_token\" value=\"$_SESSION[csrf_token]\">";
echo '<tr><td colspan="2">'._('Add additional domain:').'<br>';
echo '<input type="text" name="domain" value="';
echo isset($_POST['domain']) ? htmlspecialchars($_POST['domain']) : '';
echo '">';
echo '</td><td><button type="submit" name="action" value="add_domain">'._('Add domain').'</button></td></tr></form>';
}
echo '</table>';
echo '<p>'.sprintf(_('To enable your clearnet domain, edit your DNS settings and enter %1$s as your A record and %2$s as your AAAA record. Once you have modified your DNS settings, <a href="%3$s" target="_blank">contact me</a> to configure the SSL certificate. You may also use any subdomain of %4$s'), CLEARNET_A, CLEARNET_AAAA, CONTACT_URL, CLEARNET_SUBDOMAINS).'</p>';
}
echo '<h3>'._('MySQL Database').'</h3>';
echo '<table border="1">';
echo '<tr><th>'._('Database').'</th><th>'._('Host').'</th><th>'._('User').'</th><th>'._('Action').'</th></tr>';
$stmt=$db->prepare('SELECT mysql_database FROM mysql_databases WHERE user_id = ?;');
$stmt->execute([$user['id']]);
$count_dbs = 0;
while($mysql=$stmt->fetch(PDO::FETCH_ASSOC)){
++$count_dbs;
echo '<form action="home.php" method="post">';
echo '<input type="hidden" name="csrf_token" value="'.$_SESSION['csrf_token'].'">';
echo '<input type="hidden" name="db" value="'.$mysql['mysql_database'].'">';
echo '<tr><td>'.htmlspecialchars($mysql['mysql_database']).'</td><td>localhost</td><td>'.htmlspecialchars($user['mysql_user']).'</td>';
echo '<td><button type="submit" name="action" value="del_db">'._('Delete').'</button></td></tr>';
echo '</form>';
}
echo '</table>';
if($count_dbs<MAX_NUM_USER_DBS){
echo '<p><form action="home.php" method="post"><input type="hidden" name="csrf_token" value="'.$_SESSION['csrf_token'].'"><button type="submit" name="action" value="add_db">'._('Add new database').'</button></form></p>';
}
?>
<p><a href="password.php?type=sql"><?php echo _('Change MySQL password'); ?></a></p>
<p><?php printf(_('You can use <a href="/phpmyadmin/" target="_blank">PHPMyAdmin</a> and <a href="/adminer/?username=%s" target="_blank">Adminer</a> for web based database administration.'), rawurlencode($user['mysql_user'])); ?></p>
<h3><?php echo _('System Account'); ?></h3>
<table border="1">
<tr><th><?php echo _('Username'); ?></th><th><?php echo _('Host'); ?></th><th><?php echo _('SFTP Port'); ?></th><th><?php echo _('POP3 Port'); ?></th><th><?php echo _('IMAP Port'); ?></th><th><?php echo _('SMTP port'); ?></th></tr>
<?php
foreach(SERVERS as $server=>$tmp){
echo "<tr><td>$user[system_account]</td><td>$server</td><td>$tmp[sftp]</td><td>$tmp[pop3]</td><td>$tmp[imap]</td><td>$tmp[smtp]</td></tr>";
}
?>
</table>
<p><a href="password.php?type=sys"><?php echo _('Change system account password'); ?></a></p>
<p><?php echo _('You can use the <a target="_blank" href="files.php">FileManager</a> for web based file management.'); ?></p>
<?php
$stmt = $db->prepare('SELECT quota_size, quota_size_used, quota_files, quota_files_used FROM disk_quota WHERE user_id = ?;');
$stmt->execute([$user['id']]);
$quota = $stmt->fetch(PDO::FETCH_ASSOC);
$quota_usage = $quota['quota_size_used'] / $quota['quota_size'];
$quota_files_usage = $quota['quota_files_used'] / $quota['quota_files'];
$usage_text = bytes_to_human_readable($quota['quota_size_used'] * 1024) . ' of ' . bytes_to_human_readable($quota['quota_size'] * 1024) . ' - ' . round($quota_usage * 100, 2).'%';
$usage_files_text = sprintf(_('%1$d of %2$d - %3$f%%'), $quota['quota_files_used'], $quota['quota_files'], round($quota_files_usage * 100, 2));
?>
<p><?php echo _('Your disk usage:'); ?> <meter value="<?php echo round($quota_usage, 2); ?>"><?php echo $usage_text; ?></meter> - <?php printf(_('%s (updated hourly)'), $usage_text); ?> <?php echo ENABLE_UPGRADES ? '<a href="upgrade.php?upgrade=1g_quota">'._('Upgrade').'</a>' : ''; ?></p>
<p><?php echo _('Your file number usage:'); ?> <meter value="<?php echo round($quota_files_usage, 2); ?>"><?php echo $usage_files_text; ?></meter> - <?php printf(_('%s (updated hourly)'), $usage_files_text); ?> <?php echo ENABLE_UPGRADES ? '<a href="upgrade.php?upgrade=100k_files_quota">'._('Upgrade').'</a>' : ''; ?></p>
<h3><?php echo _('Logs'); ?></h3>
<table border="1">
<tr><th><?php echo _('Date'); ?></th><th>access.log</th><th>error.log</th></tr>
<tr><td><?php echo _('Today'); ?></td><td><a href="log.php?type=access&amp;old=0" target="_blank">access.log</a></td><td><a href="log.php?type=error&amp;old=0" target="_blank">error.log</a></td></tr>
<tr><td><?php echo _('Yesterday'); ?></td><td><a href="log.php?type=access&amp;old=1" target="_blank">access.log</a></td><td><a href="log.php?type=error&amp;old=1" target="_blank">error.log</a></td></tr>
</table>
</body></html>
Reference in New Issue View Git Blame Copy Permalink