From 2feb70c0e67cfa51427f5e95592572043c87aa6f Mon Sep 17 00:00:00 2001 From: Daniel Winzen Date: Sun, 8 Nov 2020 18:56:01 +0100 Subject: [PATCH] Keep track of change date closed #9 --- common_config.php | 22 +-- cron/phishing_tests.php | 9 +- cron/tests.php | 26 ++-- cron/update.php | 6 +- helpers/fill_unknown_phishing.php | 4 +- helpers/tmp.php | 101 +++++++------- helpers/tmp2.php | 80 +++++------ helpers/tmp3.php | 12 +- helpers/tmp4.php | 19 +-- helpers/tmp5.php | 14 +- helpers/tmp6.php | 14 +- helpers/tmp7.php | 17 ++- setup.php | 5 +- www/admin.php | 213 +++++++++++++++--------------- www/onions.php | 24 ++-- www/test.php | 4 +- 16 files changed, 290 insertions(+), 280 deletions(-) diff --git a/common_config.php b/common_config.php index 3263617..5ecf54b 100644 --- a/common_config.php +++ b/common_config.php @@ -33,7 +33,7 @@ const PROMOTEPRICE = 0.025; // Price to promote a site for PROMOTETIME long const PROMOTETIME = 2592000; // Time (in seconds) to promote a site payed with PROMOTEPRICE - 864000 equals 10 days const PER_PAGE = 50; // Sites listed per page const VERSION = '1.1'; // Script version -const DBVERSION = 6; // Database layout version +const DBVERSION = 7; // Database layout version const REQUIRE_APPROVAL = false; // require admin approval of new sites? true/false const CANONICAL_URL = 'https://onions.danwin1210.me'; // our preferred domain for search engines //Categories - new links will always be put into the first one, leave it to Unsorted @@ -86,27 +86,27 @@ function blacklist_scams(string $address, string $content){ $cp_scams = ['Wonderful shop', '~ DROP BY TARYAXX ~', 'Magic CP', 'Lolita Club', 'Daft Tadjikskiy Sex Video _ Inductively Fiberless Porno Qom Along With Post Porn Com Numb _ Porn Zdarma', 'xPlay - hosting service for porn videos', 'DARK PRIVATE PACK', 'Good Porn']; //xonions if(strpos($content, '

Asia Holiday

')){ - $move=$db->prepare("UPDATE onions SET address='', category=15, locked=1, description=CONCAT(description, ' - SCAM') WHERE address = ? AND locked=0;"); - $move->execute([$address]); + $move=$db->prepare("UPDATE onions SET address='', category=15, locked=1, description=CONCAT(description, ' - SCAM'), timechanged=? WHERE address = ? AND locked=0;"); + $move->execute([time(), $address]); } //raped bitch if(strpos($content, 'rape material uploaded on highspeed servers that don\'t require')){ - $move=$db->prepare("UPDATE onions SET address='', category=15, locked=1, description=CONCAT(description, ' - SCAM') WHERE address = ? AND locked=0;"); - $move->execute([$address]); + $move=$db->prepare("UPDATE onions SET address='', category=15, locked=1, description=CONCAT(description, ' - SCAM'), timechanged=? WHERE address = ? AND locked=0;"); + $move->execute([time(), $address]); } //underage cam girl if(strpos($content, 'also have some real underage prostitutes for you')){ - $move=$db->prepare("UPDATE onions SET address='', category=15, locked=1, description=CONCAT(description, ' - SCAM') WHERE address = ? AND locked=0;"); - $move->execute([$address]); + $move=$db->prepare("UPDATE onions SET address='', category=15, locked=1, description=CONCAT(description, ' - SCAM'), timechanged=? WHERE address = ? AND locked=0;"); + $move->execute([time(), $address]); } if(preg_match('~(.*?)~s', $content, $matches)){ if(in_array($matches[1], $scams, true) || preg_match('~(paypal|weed store|credit card|western union|Market Guns|weedstore|banknotes|porn hacker|hack facebook|hack twitter|hack insta|^amazin(\s|$)|Transfers?|btc generat|counterfeit|Cocaine|gift card|BITCOIN ADDRESS MARKET|mastercard|hidden\swiki|CCShop|bitcoin exploit|Bitcoin Generat|bitcoin x200|bitcoin x100|bitcoin x3|bitxoin x10|stolen bitcoin|galaxyshop|icloudremove|icloud activat|netflix|spotify|clone cc|clone card|cloned card|Preloaded|prepaid|moneygram|Financial Service|Delta Marketplace|apple product|apple shop|apple store|samsung product|apple market|samsung shop|hitman|hitmen|samsung store|samsung phone|Marijuana|deepmarket|drugs? store)~i', $matches[1])){ - $move=$db->prepare("UPDATE onions SET category=15, locked=1, description=CONCAT(description, ' - SCAM') WHERE address = ? AND locked=0;"); - $move->execute([$address]); + $move=$db->prepare("UPDATE onions SET category=15, locked=1, description=CONCAT(description, ' - SCAM'), timechanged=? WHERE address = ? AND locked=0;"); + $move->execute([time(), $address]); } if(in_array($matches[1], $cp_scams, true) || preg_match('~(PTHC|Family Porn|Animal Porno|Child Porn|^CP|^Pedo|Underage|^baby|Little Girls|porno child|porn child|loliporn|H.M.M.|preteen|illegal sex|kids? porn|love cp|dog sex|zoo porn|daddy i love you|family love|xonions|best onion porn|onion link porn|^rape|young cam| cp |yespedo|little daughter|OnionDir - Adult|destroyed daughter|Deep-Pedo|hurt boy|child forbidden)~i', $matches[1])){ - $move=$db->prepare("UPDATE onions SET address='', category=15, locked=1, description=CONCAT(description, ' - SCAM') WHERE address = ? AND locked=0;"); - $move->execute([$address]); + $move=$db->prepare("UPDATE onions SET address='', category=15, locked=1, description=CONCAT(description, ' - SCAM'), timechanged=? WHERE address = ? AND locked=0;"); + $move->execute([time(), $address]); } } } diff --git a/cron/phishing_tests.php b/cron/phishing_tests.php index 288d271..99d5e40 100644 --- a/cron/phishing_tests.php +++ b/cron/phishing_tests.php @@ -23,12 +23,13 @@ function check(string $link, string $phishing_link){ if(!empty($links) && !empty($phishing_links)){ $phishings=$db->prepare('INSERT IGNORE INTO ' . PREFIX . 'phishing (onion_id, original) VALUES ((SELECT id FROM onions WHERE md5sum=?), ?);'); $select=$db->prepare('SELECT id FROM ' . PREFIX . 'onions WHERE md5sum=?;'); - $insert=$db->prepare('INSERT INTO ' . PREFIX . 'onions (address, md5sum, timeadded) VALUES (?, ?, ?);'); - $update=$db->prepare('UPDATE ' . PREFIX . 'onions SET locked=1 WHERE md5sum=?;'); + $insert=$db->prepare('INSERT INTO ' . PREFIX . 'onions (address, md5sum, timeadded, timechanged) VALUES (?, ?, ?, ?);'); + $update=$db->prepare('UPDATE ' . PREFIX . 'onions SET locked=1, timechanged=? WHERE md5sum=?;'); preg_match_all('~(https?://)?([a-z0-9]*\.)?([a-z2-7]{16}|[a-z2-7]{56}).onion(/[^\s><"]*)?~i', $links, $addr); preg_match_all('~(https?://)?([a-z0-9]*\.)?([a-z2-7]{16}|[a-z2-7]{56}).onion(/[^\s><"]*)?~i', $phishing_links, $phishing_addr); $count=count($addr[3]); if($count===count($phishing_addr[3])){ //only run with same data set + $time = time(); for($i=0; $i<$count; ++$i){ if($addr[3][$i]!==$phishing_addr[3][$i]){ $address=strtolower($addr[3][$i]); @@ -36,10 +37,10 @@ function check(string $link, string $phishing_link){ $md5=md5($phishing_address, true); $select->execute([$md5]); if(!$select->fetch(PDO::FETCH_NUM)){ - $insert->execute([$phishing_address, $md5, time()]); + $insert->execute([$phishing_address, $md5, $time, $time]); } $phishings->execute([$md5, $address]); - $update->execute([$md5]); + $update->execute([$time, $md5]); } } } diff --git a/cron/tests.php b/cron/tests.php index cf38f45..7239b73 100644 --- a/cron/tests.php +++ b/cron/tests.php @@ -35,11 +35,13 @@ do { } while ($active && $status == CURLM_OK); $online_stmt=$db->prepare('UPDATE ' . PREFIX . 'onions SET lasttest=?, lastup=lasttest, timediff=0 WHERE md5sum=?'); $offline_stmt=$db->prepare('UPDATE ' . PREFIX . 'onions SET lasttest=?, timediff=lasttest-lastup WHERE md5sum=? AND lasttestprepare('UPDATE ' . PREFIX . 'onions SET description=?, category=0, locked=0 WHERE md5sum=?'); -$desc_empty_stmt=$db->prepare('UPDATE ' . PREFIX . 'onions SET description=?, category=13, locked=1 WHERE md5sum=?'); -$error_stmt=$db->prepare('UPDATE ' . PREFIX . 'onions SET category=13 WHERE md5sum=?'); //in case of error, move the address to an error category - edit the category id to fit yours! +$desc_online_stmt=$db->prepare('UPDATE ' . PREFIX . 'onions SET description=?, category=0, locked=0, timechanged=? WHERE md5sum=?'); +$desc_empty_stmt=$db->prepare('UPDATE ' . PREFIX . 'onions SET description=?, category=13, locked=1, timechanged=? WHERE md5sum=?'); +$error_stmt=$db->prepare('UPDATE ' . PREFIX . 'onions SET category=13, timechanged=? WHERE md5sum=?'); //in case of error, move the address to an error category - edit the category id to fit yours! $phishing_stmt=$db->prepare('INSERT INTO ' . PREFIX . 'phishing (onion_id, original) VALUES (?, ?);'); +$update_phishing_stmt=$db->prepare('UPDATE ' . PREFIX . 'onions SET locked=1, timechanged=? WHERE md5sum=?;'); $db->beginTransaction(); +$time = time(); foreach($curl_handles as $handle){ $content = curl_multi_getcontent($handle['handle']); curl_multi_remove_handle($mh, $handle['handle']); @@ -54,22 +56,24 @@ foreach($curl_handles as $handle){ if(($onion['description']==='' || $onion['description']==='Site hosted by Daniel\'s hosting service') && preg_match('~([^<]+)~i', $content, $match)){ $desc=preg_replace("/(\r?\n|\r\n?)/", '
', htmlspecialchars(html_entity_decode(trim($match[1])))); if($desc!=='Site hosted by Daniel\'s hosting service'){ - $desc_online_stmt->execute([$desc, $onion['md5sum']]); + $desc_online_stmt->execute([$desc, $onion['md5sum'], $time]); }else{ - $desc_empty_stmt->execute([$desc, $onion['md5sum']]); + $desc_empty_stmt->execute([$desc, $onion['md5sum'], $time]); } } - $online_stmt->execute([time(), $onion['md5sum']]); + $online_stmt->execute([$time, $onion['md5sum']]); // checks for server errors, to move the address to a dedicated error category if($onion['category']==0 && $http_code>=400){ - $error_stmt->execute([$onion['md5sum']]); + $error_stmt->execute([$onion['md5sum'], $time]); } $stmt->execute([$onion['id']]); if(!$stmt->fetch(PDO::FETCH_NUM)){ if(preg_match('~^HTTP/1\.[10] 504 Connect to ([a-z2-7]{16}|[a-z2-7]{56})\.onion(:80)? failed: SOCKS error: host unreachable~', $content, $match)){ $phishing_stmt->execute([$onion['id'], $match[2]]); + $update_phishing_stmt->execute([$time, $onion['md5sum']]); }elseif(strpos($content, "HttpReadDisconnect('Server disconnected',)")!==false){ $phishing_stmt->execute([$onion['id'], '']); + $update_phishing_stmt->execute([$time, $onion['md5sum']]); } } if(preg_match('~window\.location\.replace\("http://'.$onion['address'].'.onion/(.*?)"\)~', $content, $matches)){ @@ -93,11 +97,11 @@ foreach($curl_handles as $handle){ $content=curl_exec($ch); } if(preg_match_all('~]+http-equiv="refresh"[^>]+content="(\d+);[^>]*url=([^>"]+)">~', $content, $matches, PREG_SET_ORDER)){ - $time = null; + $wait_time = null; $link_to_check = ''; foreach($matches as $match){ - if($time === null || $time > $match[1]){ - $time = $match[1]; + if($wait_time === null || $wait_time > $match[1]){ + $wait_time = $match[1]; $link_to_check = $match[2]; } } @@ -112,7 +116,7 @@ foreach($curl_handles as $handle){ } blacklist_scams($onion['address'], $content); }else{ - $offline_stmt->execute([time(), $onion['md5sum'], time()]); + $offline_stmt->execute([$time, $onion['md5sum'], $time]); } } $db->commit(); diff --git a/cron/update.php b/cron/update.php index a3741d2..135cd18 100644 --- a/cron/update.php +++ b/cron/update.php @@ -83,19 +83,17 @@ function check_links(array &$onions, $ch, string $link_to_check, bool $scan_chil } function add_onions(&$onions, $db){ -// $update=$db->prepare('UPDATE ' . PREFIX . "onions SET address = '', locked=1, description=CONCAT(description, ' - SCAM'), category=15 WHERE md5sum=? AND address!='';"); $stmt=$db->query('SELECT md5sum FROM ' . PREFIX . 'onions;'); while($tmp=$stmt->fetch(PDO::FETCH_NUM)){ if(isset($onions[$tmp[0]])){ unset($onions[$tmp[0]]); -// $update->execute($tmp); } } $time=time(); - $insert=$db->prepare('INSERT INTO ' . PREFIX . 'onions (address, md5sum, timeadded) VALUES (?, ?, ?);'); + $insert=$db->prepare('INSERT INTO ' . PREFIX . 'onions (address, md5sum, timeadded, timechanged) VALUES (?, ?, ?, ?);'); $db->beginTransaction(); foreach($onions as $md5=>$addr){ - $insert->execute([$addr, $md5, $time]); + $insert->execute([$addr, $md5, $time, $time]); } $db->commit(); } diff --git a/helpers/fill_unknown_phishing.php b/helpers/fill_unknown_phishing.php index f91bf5a..16214d6 100644 --- a/helpers/fill_unknown_phishing.php +++ b/helpers/fill_unknown_phishing.php @@ -14,7 +14,7 @@ $stmt=$db->prepare("SELECT address FROM onions INNER JOIN phishing ON (phishing. $stmt->execute([time()]); $onions=$stmt->fetchAll(PDO::FETCH_ASSOC); -$stmt=$db->prepare('UPDATE phishing, onions SET phishing.original=? WHERE phishing.onion_id=onions.id AND onions.address=?;'); +$stmt=$db->prepare('UPDATE phishing, onions SET phishing.original=?, onions.timechanged=? WHERE phishing.onion_id=onions.id AND onions.address=?;'); //do tests foreach($onions as $onion){ @@ -23,7 +23,7 @@ foreach($onions as $onion){ preg_match('~(https?://)?([a-z0-9]*\.)?([a-z2-7]{16}|[a-z2-7]{56}).onion(/[^\s><"]*)?~i', $site, $addr); if($addr[3]!='' && $addr[3]!==$onion['address']){ echo "scam: $onion[address] - original: $addr[3]\n"; - $stmt->execute([$addr[3], $onion['address']]); + $stmt->execute([$addr[3], time(), $onion['address']]); } } } diff --git a/helpers/tmp.php b/helpers/tmp.php index 89e1a10..0494d31 100644 --- a/helpers/tmp.php +++ b/helpers/tmp.php @@ -1,61 +1,62 @@ PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>true]); + $db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME . ';charset=utf8mb4', DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>true]); }catch(PDOException $e){ - die('No Connection to MySQL database!'); + die('No Connection to MySQL database!'); } $stmt=$db->query("SELECT onions.address FROM onions LEFT JOIN phishing ON (phishing.onion_id=onions.id) WHERE onions.address!='' AND onions.category!=15 AND onions.category!=18 AND isnull(phishing.onion_id) LIMIT 2100,10000;"); -$move=$db->prepare("UPDATE onions SET category=18, locked=1 WHERE address=?;"); +$move=$db->prepare("UPDATE onions SET category=18, locked=1, timechanged=? WHERE address=?;"); $ch=curl_init(); set_curl_options($ch); curl_setopt($ch, CURLOPT_HEADER, true); -while($tmp=$stmt->fetch(PDO::FETCH_NUM)){ -curl_setopt($ch, CURLOPT_URL, "http://".gethostbyname("$tmp[0].onion")); -$response=curl_exec($ch); -$curl_info=curl_getinfo($ch); -$header_size = $curl_info['header_size']; -$header = substr($response, 0, $header_size); -$body = substr($response, $header_size); -curl_setopt($ch, CURLOPT_URL, "http://$tmp[0].onion"); -$response2=curl_exec($ch); -$curl_info2=curl_getinfo($ch); -$header_size2 = $curl_info2['header_size']; -$header2 = substr($response2, 0, $header_size2); -$body2 = substr($response2, $header_size2); -echo $tmp[0]; -if(preg_match('~Expires:\sThu,\s19\sNov\s1981\s08:52:00\sGMT\r\n~', $header)){ -$move->execute($tmp); -echo " - SCAM - moved"; -} -elseif(preg_match('~Expires: Sat, 17 Jun 2000 12:00:00 GMT\r\n~', $header)){ -$move->execute($tmp); -echo " - SCAM - moved"; -} -elseif(preg_match('~Last-Modified:\sWed,\s08\sJun\s1955\s12:00:00\sGMT\r\n~', $header)){ -$move->execute($tmp); -echo " - SCAM - moved"; -} -elseif(preg_match('~^HTTP/1\.1\s500\sInternal\sServer\sError\r\n~', $header) && $body==='' && preg_match('~^HTTP/1\.1\s500\sOK\r\n~', $header2)){ -$move->execute($tmp); -echo " - SCAM - moved"; -} -elseif(preg_match('~^HTTP/1\.1\s500\sInternal\sServer\sError\r\n~', $header) && $body==='' && preg_match('~Connection:\s\[object\sObject]\r\n~', $header2)){ -$move->execute($tmp); -echo " - SCAM - moved"; -} -elseif(preg_match('~^HTTP/1\.1\s200\sOK\r\nServer:\snginx/1\.6\.2~', $header) && $body==='404'){ -$move->execute($tmp); -echo " - SCAM - moved"; -} -elseif(preg_match('~^HTTP/1\.1\s302\sFound\r\nLocation:\s/\r\n~', $header) && $body==='Found. Redirecting to /'){ -$move->execute($tmp); -echo " - SCAM - moved"; -} -elseif(preg_match('~^HTTP/1\.1\s503\sForwarding\sfailure~', $header)){ -$move->execute($tmp); -echo " - SCAM - moved"; -} -echo "\n"; +while($onion=$stmt->fetch(PDO::FETCH_ASSOC)){ + curl_setopt($ch, CURLOPT_URL, "http://".gethostbyname("$onion[address].onion")); + $response=curl_exec($ch); + $curl_info=curl_getinfo($ch); + $header_size = $curl_info['header_size']; + $header = substr($response, 0, $header_size); + $body = substr($response, $header_size); + curl_setopt($ch, CURLOPT_URL, "http://$onion[address].onion"); + $response2=curl_exec($ch); + $curl_info2=curl_getinfo($ch); + $header_size2 = $curl_info2['header_size']; + $header2 = substr($response2, 0, $header_size2); + $body2 = substr($response2, $header_size2); + echo $onion['address']; + $time = time(); + if(preg_match('~Expires:\sThu,\s19\sNov\s1981\s08:52:00\sGMT\r\n~', $header)){ + $move->execute([$time, $onion['address']]); + echo " - SCAM - moved"; + } + elseif(preg_match('~Expires: Sat, 17 Jun 2000 12:00:00 GMT\r\n~', $header)){ + $move->execute([$time, $onion['address']]); + echo " - SCAM - moved"; + } + elseif(preg_match('~Last-Modified:\sWed,\s08\sJun\s1955\s12:00:00\sGMT\r\n~', $header)){ + $move->execute([$time, $onion['address']]); + echo " - SCAM - moved"; + } + elseif(preg_match('~^HTTP/1\.1\s500\sInternal\sServer\sError\r\n~', $header) && $body==='' && preg_match('~^HTTP/1\.1\s500\sOK\r\n~', $header2)){ + $move->execute([$time, $onion['address']]); + echo " - SCAM - moved"; + } + elseif(preg_match('~^HTTP/1\.1\s500\sInternal\sServer\sError\r\n~', $header) && $body==='' && preg_match('~Connection:\s\[object\sObject]\r\n~', $header2)){ + $move->execute([$time, $onion['address']]); + echo " - SCAM - moved"; + } + elseif(preg_match('~^HTTP/1\.1\s200\sOK\r\nServer:\snginx/1\.6\.2~', $header) && $body==='404'){ + $move->execute([$time, $onion['address']]); + echo " - SCAM - moved"; + } + elseif(preg_match('~^HTTP/1\.1\s302\sFound\r\nLocation:\s/\r\n~', $header) && $body==='Found. Redirecting to /'){ + $move->execute([$time, $onion['address']]); + echo " - SCAM - moved"; + } + elseif(preg_match('~^HTTP/1\.1\s503\sForwarding\sfailure~', $header)){ + $move->execute([$time, $onion['address']]); + echo " - SCAM - moved"; + } + echo "\n"; } curl_close($ch); diff --git a/helpers/tmp2.php b/helpers/tmp2.php index c2c5b47..7a57721 100644 --- a/helpers/tmp2.php +++ b/helpers/tmp2.php @@ -1,47 +1,47 @@ PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>true]); + $db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME . ';charset=utf8mb4', DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>true]); }catch(PDOException $e){ - die('No Connection to MySQL database!'); + die('No Connection to MySQL database!'); } $stmt=$db->query("SELECT onions.address FROM onions LEFT JOIN phishing ON (phishing.onion_id=onions.id) WHERE onions.address!='' AND onions.category!=15 AND isnull(phishing.onion_id) AND timeadded>1506800000;"); -$move=$db->prepare("UPDATE onions SET category=15, locked=1, description='WARNING - This site will crash your browser with infinite iframes.' WHERE address=?;"); -while($tmp=$stmt->fetch(PDO::FETCH_NUM)){ -$ch=curl_init(); -set_curl_options($ch); -curl_setopt($ch, CURLOPT_HEADER, true); -curl_setopt($ch, CURLOPT_NOBODY, true); -curl_setopt($ch, CURLOPT_URL, "http://".gethostbyname("$tmp[0].onion")); -$response=curl_exec($ch); -$curl_info=curl_getinfo($ch); -$header_size = $curl_info['header_size']; -$header = substr($response, 0, $header_size); -$body = substr($response, $header_size); -curl_close($ch); -//if(preg_match('~Location:\s/\r\n~', $header)){ -echo "$tmp[0].onion"; -if(preg_match("~HTTP/1\.1\s404\sNot\sFound\r\nContent-Type:\stext/plain;\scharset=utf-8\r\nX-Content-Type-Options:\snosniff\r\nDate: .* GMT\r\nContent-Length:\s19~", $header)){ -echo " - SCAM - moved"; -$move->execute($tmp); -} -if(preg_match('~Expires:\sThu,\s19\sNov\s1981\s08:52:00\sGMT\r\n~', $header) && $body==='HTTP error'){ -echo " - SCAM - moved"; -$move->execute($tmp); -} -if(preg_match('~Expires:\sThu,\s19\sNov\s1981\s08:52:00\sGMT\r\nCache-Control:\sno-store,\sno-cache,\smust-revalidate\r\nPragma: no-cache\r\nServer: anon\r\n~', $header)){ -echo " - SCAM - moved"; -$move->execute($tmp); -} -if(preg_match('~Expires:\sThu,\s19\sNov\s1981\s08:52:00\sGMT\r\nCache-Control:\sno-store,\sno-cache,\smust-revalidate\r\nPragma: no-cache\r\ncontent-length: 0\r\n~', $header) && $body!==''){ -echo " - SCAM - moved"; -$move->execute($tmp); -} -if(preg_match('~^HTTP/1\.1\s500\sInternal\sServer\sError\r\n~', $header) && $body===''){ -echo " - SCAM"; -} -if(preg_match('~^HTTP/1\.1\s200\sOK\r\n~', $header) && $body==='404'){ -echo " - SCAM"; -} -echo "\n"; +$move=$db->prepare("UPDATE onions SET category=15, locked=1, description='WARNING - This site will crash your browser with infinite iframes.', timechanged=? WHERE address=?;"); +while($onion=$stmt->fetch(PDO::FETCH_ASSOC)){ + $ch=curl_init(); + set_curl_options($ch); + curl_setopt($ch, CURLOPT_HEADER, true); + curl_setopt($ch, CURLOPT_NOBODY, true); + curl_setopt($ch, CURLOPT_URL, "http://".gethostbyname("$onion[address].onion")); + $response=curl_exec($ch); + $curl_info=curl_getinfo($ch); + $header_size = $curl_info['header_size']; + $header = substr($response, 0, $header_size); + $body = substr($response, $header_size); + curl_close($ch); + $time = time(); + echo "$onion[address].onion"; + if(preg_match("~HTTP/1\.1\s404\sNot\sFound\r\nContent-Type:\stext/plain;\scharset=utf-8\r\nX-Content-Type-Options:\snosniff\r\nDate: .* GMT\r\nContent-Length:\s19~", $header)){ + echo " - SCAM - moved"; + $move->execute([$time, $onion['address']]); + } + if(preg_match('~Expires:\sThu,\s19\sNov\s1981\s08:52:00\sGMT\r\n~', $header) && $body==='HTTP error'){ + echo " - SCAM - moved"; + $move->execute([$time, $onion['address']]); + } + if(preg_match('~Expires:\sThu,\s19\sNov\s1981\s08:52:00\sGMT\r\nCache-Control:\sno-store,\sno-cache,\smust-revalidate\r\nPragma: no-cache\r\nServer: anon\r\n~', $header)){ + echo " - SCAM - moved"; + $move->execute([$time, $onion['address']]); + } + if(preg_match('~Expires:\sThu,\s19\sNov\s1981\s08:52:00\sGMT\r\nCache-Control:\sno-store,\sno-cache,\smust-revalidate\r\nPragma: no-cache\r\ncontent-length: 0\r\n~', $header) && $body!==''){ + echo " - SCAM - moved"; + $move->execute([$time, $onion['address']]); + } + if(preg_match('~^HTTP/1\.1\s500\sInternal\sServer\sError\r\n~', $header) && $body===''){ + echo " - SCAM"; + } + if(preg_match('~^HTTP/1\.1\s200\sOK\r\n~', $header) && $body==='404'){ + echo " - SCAM"; + } + echo "\n"; } diff --git a/helpers/tmp3.php b/helpers/tmp3.php index 4cb2250..986a871 100644 --- a/helpers/tmp3.php +++ b/helpers/tmp3.php @@ -1,20 +1,20 @@ PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>true]); + $db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME . ';charset=utf8mb4', DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>true]); }catch(PDOException $e){ - die('No Connection to MySQL database!'); + die('No Connection to MySQL database!'); } $stmt=$db->query("SELECT onions.address FROM onions LEFT JOIN phishing ON (phishing.onion_id=onions.id) WHERE onions.address!='' AND isnull(phishing.onion_id) AND onions.id>22439;"); -$move=$db->prepare("UPDATE onions SET category=18, locked=1, description='Add injecting phishing clone of an existing site - SCAM' WHERE address=?;"); +$move=$db->prepare("UPDATE onions SET category=18, locked=1, description='Add injecting phishing clone of an existing site - SCAM', timechanged=? WHERE address=?;"); $ch=curl_init(); set_curl_options($ch); -while($tmp=$stmt->fetch(PDO::FETCH_NUM)){ - curl_setopt($ch, CURLOPT_URL, "http://".gethostbyname("$tmp[0].onion")); +while($onion=$stmt->fetch(PDO::FETCH_ASSOC)){ + curl_setopt($ch, CURLOPT_URL, "http://".gethostbyname("$onion[address].onion")); $response=curl_exec($ch); if($response===' '){ - $move->execute($tmp); + $move->execute([time(), $onion['address']]); echo " - SCAM - moved"; } } diff --git a/helpers/tmp4.php b/helpers/tmp4.php index 58cd25a..d819b8e 100644 --- a/helpers/tmp4.php +++ b/helpers/tmp4.php @@ -1,36 +1,37 @@ PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>true]); + $db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME . ';charset=utf8mb4', DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>true]); }catch(PDOException $e){ - die('No Connection to MySQL database!'); + die('No Connection to MySQL database!'); } $stmt=$db->query("SELECT onions.address FROM onions LEFT JOIN phishing ON (phishing.onion_id=onions.id) WHERE onions.address!='' AND onions.locked=0 AND isnull(phishing.onion_id);"); -$move=$db->prepare("UPDATE onions SET category=18, locked=1, description='CP - SCAM' WHERE address=?;"); -while($tmp=$stmt->fetch(PDO::FETCH_NUM)){ +$move=$db->prepare("UPDATE onions SET category=18, locked=1, description='CP - SCAM', timechanged=? WHERE address=?;"); +while($onion=$stmt->fetch(PDO::FETCH_ASSOC)){ $ch=curl_init(); set_curl_options($ch); curl_setopt($ch, CURLOPT_HEADER, true); curl_setopt($ch, CURLOPT_NOBODY, true); - curl_setopt($ch, CURLOPT_URL, "http://".gethostbyname("$tmp[0].onion")); + curl_setopt($ch, CURLOPT_URL, "http://".gethostbyname("$onion[address].onion")); $response=curl_exec($ch); $curl_info=curl_getinfo($ch); $header_size = $curl_info['header_size']; $header = substr($response, 0, $header_size); $body = substr($response, $header_size); curl_close($ch); - echo "$tmp[0].onion"; + $time = time(); + echo "$onion[address].onion"; if(preg_match('~Last-Modified:\sSat,\s03\sAug\s2019\s15:40:54\sGMT\r\n~', $header)){ echo " - SCAM - moved"; - $move->execute($tmp); + $move->execute([$time, $onion['address']]); } if(preg_match('~Last-Modified:\sWed,\s03\sJul\s2019\s19:53:24\sGMT\r\n~', $header)){ echo " - SCAM - moved"; - $move->execute($tmp); + $move->execute([$time, $onion['address']]); } if(preg_match('~Last-Modified:\sTue,\s30\sJul\s2019\s19:11:00\sGMT\r\n~', $header)){ echo " - SCAM - moved"; - $move->execute($tmp); + $move->execute([$time, $onion['address']]); } echo "\n"; } diff --git a/helpers/tmp5.php b/helpers/tmp5.php index b4b58ae..4321463 100644 --- a/helpers/tmp5.php +++ b/helpers/tmp5.php @@ -1,28 +1,28 @@ PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>true]); + $db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME . ';charset=utf8mb4', DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>true]); }catch(PDOException $e){ - die('No Connection to MySQL database!'); + die('No Connection to MySQL database!'); } $stmt=$db->query("SELECT onions.address FROM onions LEFT JOIN phishing ON (phishing.onion_id=onions.id) WHERE onions.address!='' AND onions.locked=0 AND isnull(phishing.onion_id);"); -$move=$db->prepare("UPDATE onions SET category=18, locked=1, description='Part of scam network - SCAM' WHERE address=?;"); -while($tmp=$stmt->fetch(PDO::FETCH_NUM)){ +$move=$db->prepare("UPDATE onions SET category=18, locked=1, description='Part of scam network - SCAM', timechanged=? WHERE address=?;"); +while($onion=$stmt->fetch(PDO::FETCH_ASSOC)){ $ch=curl_init(); set_curl_options($ch); curl_setopt($ch, CURLOPT_HEADER, true); curl_setopt($ch, CURLOPT_NOBODY, true); - curl_setopt($ch, CURLOPT_URL, "http://".gethostbyname("$tmp[0].onion")); + curl_setopt($ch, CURLOPT_URL, "http://".gethostbyname("$onion[address].onion")); $response=curl_exec($ch); $curl_info=curl_getinfo($ch); $header_size = $curl_info['header_size']; $header = substr($response, 0, $header_size); $body = substr($response, $header_size); curl_close($ch); - echo "$tmp[0].onion"; + echo "$onion[address].onion"; if(preg_match('~Last-Modified:\sFri,\s21\sDec\s2018\s17:30:54\sGMT\r\n~', $header)){ echo " - SCAM - moved"; - $move->execute($tmp); + $move->execute([time(), $onion['address']]); } echo "\n"; } diff --git a/helpers/tmp6.php b/helpers/tmp6.php index fee10ac..0429ed6 100644 --- a/helpers/tmp6.php +++ b/helpers/tmp6.php @@ -1,28 +1,28 @@ PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>true]); + $db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME . ';charset=utf8mb4', DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>true]); }catch(PDOException $e){ - die('No Connection to MySQL database!'); + die('No Connection to MySQL database!'); } $stmt=$db->query("SELECT onions.address FROM onions LEFT JOIN phishing ON (phishing.onion_id=onions.id) WHERE onions.address!='' AND onions.locked=0 AND isnull(phishing.onion_id);"); -$move=$db->prepare("UPDATE onions SET category=18, locked=1, description='Part of scam network - SCAM' WHERE address=?;"); -while($tmp=$stmt->fetch(PDO::FETCH_NUM)){ +$move=$db->prepare("UPDATE onions SET category=18, locked=1, description='Part of scam network - SCAM', timechanged=? WHERE address=?;"); +while($onion=$stmt->fetch(PDO::FETCH_ASSOC)){ $ch=curl_init(); set_curl_options($ch); curl_setopt($ch, CURLOPT_HEADER, true); curl_setopt($ch, CURLOPT_NOBODY, true); - curl_setopt($ch, CURLOPT_URL, "http://".gethostbyname("$tmp[0].onion")); + curl_setopt($ch, CURLOPT_URL, "http://".gethostbyname("$onion[address].onion")); $response=curl_exec($ch); $curl_info=curl_getinfo($ch); $header_size = $curl_info['header_size']; $header = substr($response, 0, $header_size); $body = substr($response, $header_size); curl_close($ch); - echo "$tmp[0].onion"; + echo "$onion[address].onion"; if(preg_match('~HTTP/1.1\s302\sFound\r\nLocation:.*\r\nContent-type:\stext/html;\scharset=UTF-8\r\nDate:.*\r\nServer:\slighttpd/1\.4\.45\sGMT\r\n~', $header)){ echo " - SCAM - moved"; - $move->execute($tmp); + $move->execute([time(), $onion['address']]); } echo "\n"; } diff --git a/helpers/tmp7.php b/helpers/tmp7.php index 8a3341f..8859e35 100644 --- a/helpers/tmp7.php +++ b/helpers/tmp7.php @@ -1,13 +1,13 @@ PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>true]); + $db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME . ';charset=utf8mb4', DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>true]); }catch(PDOException $e){ - die('No Connection to MySQL database!'); + die('No Connection to MySQL database!'); } -$stmt=$db->prepare("SELECT null FROM onions WHERE address = ?;"); -$move=$db->prepare("UPDATE onions SET category=18, locked=1, description=CONCAT(description, ' - Part of scam network - SCAM') WHERE address = ? AND locked=0;"); -$insert=$db->prepare('INSERT INTO onions (address, md5sum, timeadded, locked, description, category) VALUES (?, ?, ?, 1, "Part of scam network - SCAM", 18);'); +$stmt=$db->prepare("SELECT null FROM onions WHERE md5sum = ?;"); +$move=$db->prepare("UPDATE onions SET category=18, locked=1, description=CONCAT(description, ' - Part of scam network - SCAM'), timechanged=? WHERE md5sum = ? AND locked=0;"); +$insert=$db->prepare('INSERT INTO onions (address, md5sum, timeadded, locked, description, category, timechanged) VALUES (?, ?, ?, 1, "Part of scam network - SCAM", 18, ?);'); for($i = 1; $i < 213; ++$i){ $ch=curl_init(); set_curl_options($ch); @@ -21,12 +21,15 @@ for($i = 1; $i < 213; ++$i){ $body = substr($response, $header_size); curl_close($ch); if(preg_match('~(https?://)?([a-z0-9]*\.)?([a-z2-7]{16}|[a-z2-7]{56}).onion(/[^\s><"]*)?~i', $header, $addr)){ + $time = time(); + $onion_addr = strtolower($addr[3]); + $md5 = md5($onion_addr, true); $stmt->execute([$addr[3]]); if($stmt->fetch()){ - $move->execute([$addr[3]]); + $move->execute([$time, $md5]); echo "SCAM - moved - $addr[3] - "; }else{ - $insert->execute([$addr[3], md5($addr[3], true), time()]); + $insert->execute([$addr[3], $md5, $time, $time]); echo "SCAM - added - $addr[3] - "; } } diff --git a/setup.php b/setup.php index 5b337f5..45e58c4 100644 --- a/setup.php +++ b/setup.php @@ -51,7 +51,7 @@ try{ if(!@$db->query('SELECT * FROM ' . PREFIX . 'settings LIMIT 1;')){ //create tables $db->exec('CREATE TABLE ' . PREFIX . "captcha (id int(10) UNSIGNED NOT NULL PRIMARY KEY AUTO_INCREMENT, time int(10) UNSIGNED NOT NULL, code char(5) NOT NULL) ENGINE=MEMORY;"); - $db->exec('CREATE TABLE ' . PREFIX . "onions (id int(10) UNSIGNED NOT NULL PRIMARY KEY AUTO_INCREMENT, address varchar(56) CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL, md5sum binary(16) NOT NULL UNIQUE, lasttest int(10) UNSIGNED NOT NULL DEFAULT '0', lastup int(10) UNSIGNED NOT NULL DEFAULT '0', timediff int(10) UNSIGNED NOT NULL DEFAULT '0', timeadded int(10) UNSIGNED NOT NULL DEFAULT '0', description text CHARACTER SET utf8mb4 NOT NULL, category smallint(6) NOT NULL DEFAULT '0', locked smallint(6) NOT NULL DEFAULT '0', special int(10) UNSIGNED NOT NULL DEFAULT '0', approved smallint(6) NOT NULL DEFAULT '0', INDEX(address), INDEX(lasttest), INDEX(timediff), INDEX(category), INDEX(special));"); + $db->exec('CREATE TABLE ' . PREFIX . "onions (id int(10) UNSIGNED NOT NULL PRIMARY KEY AUTO_INCREMENT, address varchar(56) CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL, md5sum binary(16) NOT NULL UNIQUE, lasttest int(10) UNSIGNED NOT NULL DEFAULT '0', lastup int(10) UNSIGNED NOT NULL DEFAULT '0', timediff int(10) UNSIGNED NOT NULL DEFAULT '0', timeadded int(10) UNSIGNED NOT NULL DEFAULT '0', description text CHARACTER SET utf8mb4 NOT NULL, category smallint(6) NOT NULL DEFAULT '0', locked smallint(6) NOT NULL DEFAULT '0', special int(10) UNSIGNED NOT NULL DEFAULT '0', approved smallint(6) NOT NULL DEFAULT '0', timechanged int(10) UNSIGNED NOT NULL DEFAULT '0', INDEX(address), INDEX(lasttest), INDEX(timediff), INDEX(category), INDEX(special), INDEX(timechanged));"); $db->exec('CREATE TABLE ' . PREFIX . 'phishing (onion_id int(10) UNSIGNED NOT NULL PRIMARY KEY, original varchar(56) CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL, FOREIGN KEY (onion_id) REFERENCES onions(id) ON DELETE CASCADE ON UPDATE CASCADE);'); $db->exec('CREATE TABLE ' . PREFIX . 'settings (setting varchar(50) NOT NULL PRIMARY KEY, value varchar(20000) NOT NULL);'); $stmt=$db->prepare('INSERT INTO ' . PREFIX . "settings (setting, value) VALUES ('version', ?);"); @@ -92,6 +92,9 @@ if(!@$db->query('SELECT * FROM ' . PREFIX . 'settings LIMIT 1;')){ if($version < 6){ $db->exec('ALTER TABLE ' . PREFIX . "onions ADD approved smallint(6) NOT NULL DEFAULT '0';"); } + if($version < 7){ + $db->exec('ALTER TABLE ' . PREFIX . "onions ADD timechanged int(10) UNSIGNED NOT NULL DEFAULT '0';"); + } $stmt=$db->prepare('UPDATE ' . PREFIX . "settings SET value=? WHERE setting='version';"); $stmt->execute([DBVERSION]); echo "$I[statusok]\n"; diff --git a/www/admin.php b/www/admin.php index 3abfd74..fed532e 100644 --- a/www/admin.php +++ b/www/admin.php @@ -19,7 +19,7 @@ asort($categories); - +

$I[wrongpass]

"; } }else{ + $msg = ''; + $category=count($categories); + if(isset($_REQUEST['cat']) && $_REQUEST['cat']=0){ + $category=$_REQUEST['cat']; + } + if(!empty($_POST['addr'])){ + $addrs = is_array($_POST['addr']) ? $_POST['addr'] : [$_POST['addr']]; + foreach ($addrs as $addr_single) { + if ( ! preg_match( '~(^(https?://)?([a-z2-7]{16}|[a-z2-7]{56})(\.onion(/.*)?)?$)~i', trim( $addr_single ), $addr ) ) { + $msg .= "

$I[invalonion]

"; + } else { + $addr = strtolower( $addr[ 3 ] ); + $md5 = md5( $addr, true ); + if ( $_POST[ 'action' ] === $I[ 'remove' ] ) { //remove address from public display + $db->prepare( 'UPDATE ' . PREFIX . "onions SET address='', locked=1, approved=-1, timechanged=? WHERE md5sum=?;" )->execute( [ time(), $md5 ] ); + $msg .= "

$I[succremove]

"; + } elseif ( $_POST[ 'action' ] === $I[ 'lock' ] ) { //lock editing + $db->prepare( 'UPDATE ' . PREFIX . 'onions SET locked=1, approved=1, timechanged=? WHERE md5sum=?;' )->execute( [ time(), $md5 ] ); + $msg .= "

role=\"alert\"$I[succlock]

"; + } elseif ( $_POST[ 'action' ] === $I[ 'readd' ] ) { //add onion back, if previously removed + $db->prepare( 'UPDATE ' . PREFIX . 'onions SET address=?, locked=1, approved=1, timechanged=? WHERE md5sum=?;' )->execute( [ $addr, time(), $md5 ] ); + $msg .= "

$I[succreadd]

"; + } elseif ( $_POST[ 'action' ] === $I[ 'unlock' ] ) { //unlock editing + $db->prepare( 'UPDATE ' . PREFIX . 'onions SET locked=0, approved=1, timechanged=? WHERE md5sum=?;' )->execute( [ time(), $md5 ] ); + $msg .= "

$I[succunlock]

"; + } elseif ( $_POST[ 'action' ] === $I[ 'promote' ] ) { //promote link for payed time + $stmt = $db->prepare( 'SELECT special FROM ' . PREFIX . 'onions WHERE md5sum=?;' ); + $stmt->execute( [ $md5 ] ); + $specialtime = $stmt->fetch( PDO::FETCH_NUM ); + if ( $specialtime[ 0 ] < time() ) { + $time = time() + ( ( $_POST[ 'btc' ] / PROMOTEPRICE ) * PROMOTETIME ); + } else { + $time = $specialtime[ 0 ] + ( ( $_POST[ 'btc' ] / PROMOTEPRICE ) * PROMOTETIME ); + } + $db->prepare( 'UPDATE ' . PREFIX . 'onions SET special=?, locked=1, approved=1, timechanged=? WHERE md5sum=?;' )->execute( [ $time, time(), $md5 ] ); + $msg .= sprintf( "

$I[succpromote]

", date( 'Y-m-d H:i', $time ) ); + } elseif ( $_POST[ 'action' ] === $I[ 'unpromote' ] ) { //remove promoted status + $db->prepare( 'UPDATE ' . PREFIX . 'onions SET special=0, timechanged=? WHERE md5sum=?;' )->execute( [ time(), $md5 ] ); + $msg .= "

$I[succunpromote]

"; + } elseif ( $_POST[ 'action' ] === $I[ 'update' ] ) { //update description + $stmt = $db->prepare( 'SELECT * FROM ' . PREFIX . 'onions WHERE md5sum=?;' ); + $stmt->execute( [ $md5 ] ); + if ( $category === count( $categories ) ) { + $category = 0; + } + if ( ! isset( $_POST[ 'desc' ] ) ) { + $desc = ''; + } else { + $desc = trim( $_POST[ 'desc' ] ); + $desc = htmlspecialchars( $desc ); + $desc = preg_replace( "/(\r?\n|\r\n?)/", '
', $desc ); + } + if ( ! $stmt->fetch( PDO::FETCH_ASSOC ) ) { //not yet there, add it + $stmt = $db->prepare( 'INSERT INTO ' . PREFIX . 'onions (address, description, md5sum, category, timeadded, locked, approved, timechanged) VALUES (?, ?, ?, ?, ?, 1, 1, ?);' ); + $stmt->execute( [ $addr, $desc, $md5, $category, time(), time() ] ); + $msg .= "

$I[succadd]

"; + } elseif ( $desc != '' ) { //update description+category + $stmt = $db->prepare( 'UPDATE ' . PREFIX . 'onions SET description=?, category=?, locked=1, approved=1, timechanged=? WHERE md5sum=?;' ); + $stmt->execute( [ $desc, $category, time(), $md5 ] ); + $msg .= "

$I[succupddesc]

"; + } elseif ( $category != 0 ) { //only update category + $stmt = $db->prepare( 'UPDATE ' . PREFIX . 'onions SET category=?, locked=1, approved=1, timechanged=? WHERE md5sum=?;' ); + $stmt->execute( [ $category, time(), $md5 ] ); + $msg .= "

$I[succupdcat]!

"; + } else { //no description or category change and already known + $msg .= "

$I[alreadyknown]

"; + } + } elseif ( $_POST[ 'action' ] === $I[ 'phishing' ] ) {//mark as phishing clone + if ( $_POST[ 'original' ] !== '' && ! preg_match( '~(^(https?://)?([a-z2-7]{16}|[a-z2-7]{56})(\.onion(/.*)?)?$)~i', $_POST[ 'original' ], $orig ) ) { + $msg .= "

$I[invalonion]

"; + } else { + if ( isset( $orig[ 3 ] ) ) { + $orig = strtolower( $orig[ 3 ] ); + } else { + $orig = ''; + } + if ( $orig !== $addr ) { + $stmt = $db->prepare( 'INSERT INTO ' . PREFIX . 'phishing (onion_id, original) VALUES ((SELECT id FROM ' . PREFIX . 'onions WHERE address=?), ?);' ); + $stmt->execute( [ $addr, $orig ] ); + $stmt = $db->prepare( 'UPDATE ' . PREFIX . 'onions SET locked=1, approved=1, timechanged=? WHERE address=?;' ); + $stmt->execute( [ time(), $addr ] ); + $msg .= "

$I[succaddphish]

"; + } else { + $msg .= "

$I[samephish]

"; + } + } + } elseif ( $_POST[ 'action' ] === $I[ 'unphishing' ] ) { //remove phishing clone status + $stmt = $db->prepare( 'DELETE FROM ' . PREFIX . 'phishing WHERE onion_id=(SELECT id FROM ' . PREFIX . 'onions WHERE address=?);' ); + $stmt->execute( [ $addr ] ); + $stmt = $db->prepare( 'UPDATE ' . PREFIX . 'onions SET locked=1, approved=1, timechanged=? WHERE address=?;' ); + $stmt->execute( [ time(), $addr ] ); + $msg .= "

$I[succrmphish]

"; + } elseif ( $_POST[ 'action' ] === $I[ 'reject' ] ) { //lock editing + $db->prepare( 'UPDATE ' . PREFIX . 'onions SET approved=-1, timechanged=? WHERE md5sum=?;' )->execute( [ time(), $md5 ] ); + $msg .= "

$I[succreject]

"; + } elseif ( $_POST[ 'action' ] === $I[ 'approve' ] ) { //lock editing + $db->prepare( 'UPDATE ' . PREFIX . 'onions SET approved=1, timechanged=? WHERE md5sum=?;' )->execute( [ time(), $md5 ] ); + $msg .= "

$I[succapprove]

"; + } else { //no specific button was pressed + $msg .= "

$I[noaction]

"; + } + } + } + } $view_mode = isset($_POST['view_mode']) ? $_POST['view_mode'] : 'single'; if(isset($_POST['switch_view_mode'])){ $view_mode = $view_mode === 'single' ? 'multi' : 'single'; @@ -89,12 +193,6 @@ if(!isset($_POST['pass']) || $_POST['pass']!==ADMINPASS){ } } echo '

'; - if(isset($_REQUEST['cat']) && $_REQUEST['cat']=0){ - $category=$_REQUEST['cat']; - } - if(!isset($category)){ - $category=count($categories); - } echo "