danwin1210/onion-link-list
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Keep track of change date closed #9

Browse Source
This commit is contained in:
Daniel Winzen
2020-11-08 18:56:01 +01:00
parent b543320e1f
commit 2feb70c0e6
16 changed files with 290 additions and 280 deletions
Download Patch File Download Diff File Expand all files Collapse all files

213
www/admin.php
View File

@ -19,7 +19,7 @@ asort($categories);
<meta name="robots" content="noindex">
<link rel="canonical" href="<?php echo CANONICAL_URL . $_SERVER['SCRIPT_NAME']; ?>">
<style type="text/css"><?php echo $style; ?></style>
</head><body>
</head><body><main>
<h1><?php echo $I['admintitle']; ?></h1>
<?php
print_langs();
@ -35,6 +35,110 @@ if(!isset($_POST['pass']) || $_POST['pass']!==ADMINPASS){
echo "<p class=\"red\" role=\"alert\">$I[wrongpass]</p>";
}
}else{
$msg = '';
$category=count($categories);
if(isset($_REQUEST['cat']) && $_REQUEST['cat']<count($categories) && $_REQUEST['cat']>=0){
$category=$_REQUEST['cat'];
}
if(!empty($_POST['addr'])){
$addrs = is_array($_POST['addr']) ? $_POST['addr'] : [$_POST['addr']];
foreach ($addrs as $addr_single) {
if ( ! preg_match( '~(^(https?://)?([a-z2-7]{16}|[a-z2-7]{56})(\.onion(/.*)?)?$)~i', trim( $addr_single ), $addr ) ) {
$msg .= "<p class=\"red\" role=\"alert\">$I[invalonion]</p>";
} else {
$addr = strtolower( $addr[ 3 ] );
$md5 = md5( $addr, true );
if ( $_POST[ 'action' ] === $I[ 'remove' ] ) { //remove address from public display
$db->prepare( 'UPDATE ' . PREFIX . "onions SET address='', locked=1, approved=-1, timechanged=? WHERE md5sum=?;" )->execute( [ time(), $md5 ] );
$msg .= "<p class=\"green\" role=\"alert\">$I[succremove]</p>";
} elseif ( $_POST[ 'action' ] === $I[ 'lock' ] ) { //lock editing
$db->prepare( 'UPDATE ' . PREFIX . 'onions SET locked=1, approved=1, timechanged=? WHERE md5sum=?;' )->execute( [ time(), $md5 ] );
$msg .= "<p class=\"green\"> role=\"alert\"$I[succlock]</p>";
} elseif ( $_POST[ 'action' ] === $I[ 'readd' ] ) { //add onion back, if previously removed
$db->prepare( 'UPDATE ' . PREFIX . 'onions SET address=?, locked=1, approved=1, timechanged=? WHERE md5sum=?;' )->execute( [ $addr, time(), $md5 ] );
$msg .= "<p class=\"green\" role=\"alert\">$I[succreadd]</p>";
} elseif ( $_POST[ 'action' ] === $I[ 'unlock' ] ) { //unlock editing
$db->prepare( 'UPDATE ' . PREFIX . 'onions SET locked=0, approved=1, timechanged=? WHERE md5sum=?;' )->execute( [ time(), $md5 ] );
$msg .= "<p class=\"green\" role=\"alert\">$I[succunlock]</p>";
} elseif ( $_POST[ 'action' ] === $I[ 'promote' ] ) { //promote link for payed time
$stmt = $db->prepare( 'SELECT special FROM ' . PREFIX . 'onions WHERE md5sum=?;' );
$stmt->execute( [ $md5 ] );
$specialtime = $stmt->fetch( PDO::FETCH_NUM );
if ( $specialtime[ 0 ] < time() ) {
$time = time() + ( ( $_POST[ 'btc' ] / PROMOTEPRICE ) * PROMOTETIME );
} else {
$time = $specialtime[ 0 ] + ( ( $_POST[ 'btc' ] / PROMOTEPRICE ) * PROMOTETIME );
}
$db->prepare( 'UPDATE ' . PREFIX . 'onions SET special=?, locked=1, approved=1, timechanged=? WHERE md5sum=?;' )->execute( [ $time, time(), $md5 ] );
$msg .= sprintf( "<p class=\"green\" role=\"alert\">$I[succpromote]</p>", date( 'Y-m-d H:i', $time ) );
} elseif ( $_POST[ 'action' ] === $I[ 'unpromote' ] ) { //remove promoted status
$db->prepare( 'UPDATE ' . PREFIX . 'onions SET special=0, timechanged=? WHERE md5sum=?;' )->execute( [ time(), $md5 ] );
$msg .= "<p class=\"green\" role=\"alert\">$I[succunpromote]</p>";
} elseif ( $_POST[ 'action' ] === $I[ 'update' ] ) { //update description
$stmt = $db->prepare( 'SELECT * FROM ' . PREFIX . 'onions WHERE md5sum=?;' );
$stmt->execute( [ $md5 ] );
if ( $category === count( $categories ) ) {
$category = 0;
}
if ( ! isset( $_POST[ 'desc' ] ) ) {
$desc = '';
} else {
$desc = trim( $_POST[ 'desc' ] );
$desc = htmlspecialchars( $desc );
$desc = preg_replace( "/(\r?\n|\r\n?)/", '<br>', $desc );
}
if ( ! $stmt->fetch( PDO::FETCH_ASSOC ) ) { //not yet there, add it
$stmt = $db->prepare( 'INSERT INTO ' . PREFIX . 'onions (address, description, md5sum, category, timeadded, locked, approved, timechanged) VALUES (?, ?, ?, ?, ?, 1, 1, ?);' );
$stmt->execute( [ $addr, $desc, $md5, $category, time(), time() ] );
$msg .= "<p class=\"green\" role=\"alert\">$I[succadd]</p>";
} elseif ( $desc != '' ) { //update description+category
$stmt = $db->prepare( 'UPDATE ' . PREFIX . 'onions SET description=?, category=?, locked=1, approved=1, timechanged=? WHERE md5sum=?;' );
$stmt->execute( [ $desc, $category, time(), $md5 ] );
$msg .= "<p class=\"green\" role=\"alert\">$I[succupddesc]</p>";
} elseif ( $category != 0 ) { //only update category
$stmt = $db->prepare( 'UPDATE ' . PREFIX . 'onions SET category=?, locked=1, approved=1, timechanged=? WHERE md5sum=?;' );
$stmt->execute( [ $category, time(), $md5 ] );
$msg .= "<p class=\"green\" role=\"alert\">$I[succupdcat]!</p>";
} else { //no description or category change and already known
$msg .= "<p class=\"green\" role=\"alert\">$I[alreadyknown]</p>";
}
} elseif ( $_POST[ 'action' ] === $I[ 'phishing' ] ) {//mark as phishing clone
if ( $_POST[ 'original' ] !== '' && ! preg_match( '~(^(https?://)?([a-z2-7]{16}|[a-z2-7]{56})(\.onion(/.*)?)?$)~i', $_POST[ 'original' ], $orig ) ) {
$msg .= "<p class=\"red\" role=\"alert\">$I[invalonion]</p>";
} else {
if ( isset( $orig[ 3 ] ) ) {
$orig = strtolower( $orig[ 3 ] );
} else {
$orig = '';
}
if ( $orig !== $addr ) {
$stmt = $db->prepare( 'INSERT INTO ' . PREFIX . 'phishing (onion_id, original) VALUES ((SELECT id FROM ' . PREFIX . 'onions WHERE address=?), ?);' );
$stmt->execute( [ $addr, $orig ] );
$stmt = $db->prepare( 'UPDATE ' . PREFIX . 'onions SET locked=1, approved=1, timechanged=? WHERE address=?;' );
$stmt->execute( [ time(), $addr ] );
$msg .= "<p class=\"green\" role=\"alert\">$I[succaddphish]</p>";
} else {
$msg .= "<p class=\"red\" role=\"alert\">$I[samephish]</p>";
}
}
} elseif ( $_POST[ 'action' ] === $I[ 'unphishing' ] ) { //remove phishing clone status
$stmt = $db->prepare( 'DELETE FROM ' . PREFIX . 'phishing WHERE onion_id=(SELECT id FROM ' . PREFIX . 'onions WHERE address=?);' );
$stmt->execute( [ $addr ] );
$stmt = $db->prepare( 'UPDATE ' . PREFIX . 'onions SET locked=1, approved=1, timechanged=? WHERE address=?;' );
$stmt->execute( [ time(), $addr ] );
$msg .= "<p class=\"green\" role=\"alert\">$I[succrmphish]</p>";
} elseif ( $_POST[ 'action' ] === $I[ 'reject' ] ) { //lock editing
$db->prepare( 'UPDATE ' . PREFIX . 'onions SET approved=-1, timechanged=? WHERE md5sum=?;' )->execute( [ time(), $md5 ] );
$msg .= "<p class=\"green\" role=\"alert\">$I[succreject]</p>";
} elseif ( $_POST[ 'action' ] === $I[ 'approve' ] ) { //lock editing
$db->prepare( 'UPDATE ' . PREFIX . 'onions SET approved=1, timechanged=? WHERE md5sum=?;' )->execute( [ time(), $md5 ] );
$msg .= "<p class=\"green\" role=\"alert\">$I[succapprove]</p>";
} else { //no specific button was pressed
$msg .= "<p class=\"red\" role=\"alert\">$I[noaction]</p>";
}
}
}
}
$view_mode = isset($_POST['view_mode']) ? $_POST['view_mode'] : 'single';
if(isset($_POST['switch_view_mode'])){
$view_mode = $view_mode === 'single' ? 'multi' : 'single';
@ -89,12 +193,6 @@ if(!isset($_POST['pass']) || $_POST['pass']!==ADMINPASS){
}
}
echo '</textarea></p>';
if(isset($_REQUEST['cat']) && $_REQUEST['cat']<count($categories) && $_REQUEST['cat']>=0){
$category=$_REQUEST['cat'];
}
if(!isset($category)){
$category=count($categories);
}
echo "<p><label>$I[category]: <select name=\"cat\">";
foreach($categories as $cat=>$name){
echo "<option value=\"$cat\"";
@ -123,105 +221,8 @@ if(!isset($_POST['pass']) || $_POST['pass']!==ADMINPASS){
}
echo '</div></div>';
echo '</form><br>';
if(!empty($_POST['addr'])){
$addrs = is_array($_POST['addr']) ? $_POST['addr'] : [$_POST['addr']];
foreach ($addrs as $addr_single) {
if ( ! preg_match( '~(^(https?://)?([a-z2-7]{16}|[a-z2-7]{56})(\.onion(/.*)?)?$)~i', trim( $addr_single ), $addr ) ) {
echo "<p class=\"red\" role=\"alert\">$I[invalonion]</p>";
} else {
$addr = strtolower( $addr[ 3 ] );
$md5 = md5( $addr, true );
if ( $_POST[ 'action' ] === $I[ 'remove' ] ) { //remove address from public display
$db->prepare( 'UPDATE ' . PREFIX . "onions SET address='', locked=1, approved=-1 WHERE md5sum=?;" )->execute( [ $md5 ] );
echo "<p class=\"green\" role=\"alert\">$I[succremove]</p>";
} elseif ( $_POST[ 'action' ] === $I[ 'lock' ] ) { //lock editing
$db->prepare( 'UPDATE ' . PREFIX . 'onions SET locked=1, approved=1 WHERE md5sum=?;' )->execute( [ $md5 ] );
echo "<p class=\"green\"> role=\"alert\"$I[succlock]</p>";
} elseif ( $_POST[ 'action' ] === $I[ 'readd' ] ) { //add onion back, if previously removed
$db->prepare( 'UPDATE ' . PREFIX . 'onions SET address=?, locked=1, approved=1 WHERE md5sum=?;' )->execute( [ $addr, $md5 ] );
echo "<p class=\"green\" role=\"alert\">$I[succreadd]</p>";
} elseif ( $_POST[ 'action' ] === $I[ 'unlock' ] ) { //unlock editing
$db->prepare( 'UPDATE ' . PREFIX . 'onions SET locked=0, approved=1 WHERE md5sum=?;' )->execute( [ $md5 ] );
echo "<p class=\"green\" role=\"alert\">$I[succunlock]</p>";
} elseif ( $_POST[ 'action' ] === $I[ 'promote' ] ) { //promote link for payed time
$stmt = $db->prepare( 'SELECT special FROM ' . PREFIX . 'onions WHERE md5sum=?;' );
$stmt->execute( [ $md5 ] );
$specialtime = $stmt->fetch( PDO::FETCH_NUM );
if ( $specialtime[ 0 ] < time() ) {
$time = time() + ( ( $_POST[ 'btc' ] / PROMOTEPRICE ) * PROMOTETIME );
} else {
$time = $specialtime[ 0 ] + ( ( $_POST[ 'btc' ] / PROMOTEPRICE ) * PROMOTETIME );
}
$db->prepare( 'UPDATE ' . PREFIX . 'onions SET special=?, locked=1, approved=1 WHERE md5sum=?;' )->execute( [ $time, $md5 ] );
printf( "<p class=\"green\" role=\"alert\">$I[succpromote]</p>", date( 'Y-m-d H:i', $time ) );
} elseif ( $_POST[ 'action' ] === $I[ 'unpromote' ] ) { //remove promoted status
$db->prepare( 'UPDATE ' . PREFIX . 'onions SET special=0 WHERE md5sum=?;' )->execute( [ $md5 ] );
echo "<p class=\"green\" role=\"alert\">$I[succunpromote]</p>";
} elseif ( $_POST[ 'action' ] === $I[ 'update' ] ) { //update description
$stmt = $db->prepare( 'SELECT * FROM ' . PREFIX . 'onions WHERE md5sum=?;' );
$stmt->execute( [ $md5 ] );
if ( $category === count( $categories ) ) {
$category = 0;
}
if ( ! isset( $_POST[ 'desc' ] ) ) {
$desc = '';
} else {
$desc = trim( $_POST[ 'desc' ] );
$desc = htmlspecialchars( $desc );
$desc = preg_replace( "/(\r?\n|\r\n?)/", '<br>', $desc );
}
if ( ! $stmt->fetch( PDO::FETCH_ASSOC ) ) { //not yet there, add it
$stmt = $db->prepare( 'INSERT INTO ' . PREFIX . 'onions (address, description, md5sum, category, timeadded, locked, approved) VALUES (?, ?, ?, ?, ?, 1, 1);' );
$stmt->execute( [ $addr, $desc, $md5, $category, time() ] );
echo "<p class=\"green\" role=\"alert\">$I[succadd]</p>";
} elseif ( $desc != '' ) { //update description+category
$stmt = $db->prepare( 'UPDATE ' . PREFIX . 'onions SET description=?, category=?, locked=1, approved=1 WHERE md5sum=?;' );
$stmt->execute( [ $desc, $category, $md5 ] );
echo "<p class=\"green\" role=\"alert\">$I[succupddesc]</p>";
} elseif ( $category != 0 ) { //only update category
$stmt = $db->prepare( 'UPDATE ' . PREFIX . 'onions SET category=?, locked=1, approved=1 WHERE md5sum=?;' );
$stmt->execute( [ $category, $md5 ] );
echo "<p class=\"green\" role=\"alert\">$I[succupdcat]!</p>";
} else { //no description or category change and already known
echo "<p class=\"green\" role=\"alert\">$I[alreadyknown]</p>";
}
} elseif ( $_POST[ 'action' ] === $I[ 'phishing' ] ) {//mark as phishing clone
if ( $_POST[ 'original' ] !== '' && ! preg_match( '~(^(https?://)?([a-z2-7]{16}|[a-z2-7]{56})(\.onion(/.*)?)?$)~i', $_POST[ 'original' ], $orig ) ) {
echo "<p class=\"red\" role=\"alert\">$I[invalonion]</p>";
} else {
if ( isset( $orig[ 3 ] ) ) {
$orig = strtolower( $orig[ 3 ] );
} else {
$orig = '';
}
if ( $orig !== $addr ) {
$stmt = $db->prepare( 'INSERT INTO ' . PREFIX . 'phishing (onion_id, original) VALUES ((SELECT id FROM ' . PREFIX . 'onions WHERE address=?), ?);' );
$stmt->execute( [ $addr, $orig ] );
$stmt = $db->prepare( 'UPDATE ' . PREFIX . 'onions SET locked=1, approved=1 WHERE address=?;' );
$stmt->execute( [ $addr ] );
echo "<p class=\"green\" role=\"alert\">$I[succaddphish]</p>";
} else {
echo "<p class=\"red\" role=\"alert\">$I[samephish]</p>";
}
}
} elseif ( $_POST[ 'action' ] === $I[ 'unphishing' ] ) { //remove phishing clone status
$stmt = $db->prepare( 'DELETE FROM ' . PREFIX . 'phishing WHERE onion_id=(SELECT id FROM ' . PREFIX . 'onions WHERE address=?);' );
$stmt->execute( [ $addr ] );
echo "<p class=\"green\" role=\"alert\">$I[succrmphish]</p>";
} elseif ( $_POST[ 'action' ] === $I[ 'reject' ] ) { //lock editing
$db->prepare( 'UPDATE ' . PREFIX . 'onions SET approved=-1 WHERE md5sum=?;' )->execute( [ $md5 ] );
echo "<p class=\"green\" role=\"alert\">$I[succreject]</p>";
} elseif ( $_POST[ 'action' ] === $I[ 'approve' ] ) { //lock editing
$db->prepare( 'UPDATE ' . PREFIX . 'onions SET approved=1 WHERE md5sum=?;' )->execute( [ $md5 ] );
echo "<p class=\"green\" role=\"alert\">$I[succapprove]</p>";
} else { //no specific button was pressed
echo "<p class=\"red\" role=\"alert\">$I[noaction]</p>";
}
}
}
}
echo $msg;
}
?>
<br><p class="software-link"><a target="_blank" href="https://github.com/DanWin/onion-link-list" rel="noopener">Onion Link List - <?php echo VERSION; ?></a></p>
</body></html>
</main></body></html>

24
www/onions.php
View File

@ -74,12 +74,10 @@ function send_html(){
echo '<link rel="canonical" href="' . CANONICAL_URL . $_SERVER['SCRIPT_NAME'] . (empty($_SERVER['QUERY_STRING']) ? '' : '?' . $_SERVER['QUERY_STRING']) . '">';
echo '<style type="text/css">'.$style.'</style>';
echo '<base rel="noopener" target="_blank">';
echo '</head><body>';
echo '</head><body><main>';
echo "<h1>$I[title]</h1>";
if(!isset($db)){
echo "<p><b class=\"red\">$I[error]:</b> $I[nodb]</p>";
echo '</body></html>';
exit;
send_error("<b>$I[error]:</b> $I[nodb]");
}
echo '<p>I\'m not responsible for any content of websites linked here. 99% of darkweb sites selling anything are scams. Be careful and use your brain. Every week I get 2-5 E-Mails from people that were desperate to make money and fell for scammers, don\'t be one of them!</p>';
//update onions description form
@ -246,18 +244,18 @@ function send_html(){
$desc=preg_replace("/(\r?\n|\r\n?)/", '<br>', $desc);
}
if(!$stmt->fetch(PDO::FETCH_BOUND)){//new link, add to database
$stmt=$db->prepare('INSERT INTO ' . PREFIX . 'onions (address, description, md5sum, category, timeadded) VALUES (?, ?, ?, ?, ?);');
$stmt->execute([$addr, $desc, $md5, $category, time()]);
$stmt=$db->prepare('INSERT INTO ' . PREFIX . 'onions (address, description, md5sum, category, timeadded, timechanged) VALUES (?, ?, ?, ?, ?, ?);');
$stmt->execute([$addr, $desc, $md5, $category, time(), time()]);
echo "<p class=\"green\" role=\"alert\">$I[succadd]</p>";
}elseif($locked==1){//locked, not editable
echo "<p class=\"red\" role=\"alert\">$I[faillocked]</p>";
}elseif($desc!==''){//update description
$stmt=$db->prepare('UPDATE ' . PREFIX . 'onions SET description=?, category=? WHERE md5sum=?;');
$stmt->execute([$desc, $category, $md5]);
$stmt=$db->prepare('UPDATE ' . PREFIX . 'onions SET description=?, category=?, timechanged=? WHERE md5sum=?;');
$stmt->execute([$desc, $category, time(), $md5]);
echo "<p class=\"green\" role=\"alert\">$I[succupddesc]</p>";
}elseif($category!=0){//update category only
$stmt=$db->prepare('UPDATE ' . PREFIX . 'onions SET category=? WHERE md5sum=?;');
$stmt->execute([$category, $md5]);
$stmt=$db->prepare('UPDATE ' . PREFIX . 'onions SET category=?, timechanged=? WHERE md5sum=?;');
$stmt->execute([$category, time(), $md5]);
echo "<p class=\"green\" role=\"alert\">$I[succupdcat]</p>";
}else{//nothing changed and already known
echo "<p class=\"green\" role=\"alert\">$I[alreadyknown]</p>";
@ -322,7 +320,7 @@ function send_html(){
echo '<br>';
echo $pagination;
echo '<br><p class="software-link"><a href="https://github.com/DanWin/onion-link-list" target="_blank" rel="noopener">Onion Link List - ' . VERSION . '</a></p>';
echo '</body></html>';
echo '</main></body></html>';
}
function get_table(PDOStatement $stmt, int &$numrows = 0, bool $promoted = false) : string {
@ -447,7 +445,7 @@ function send_json(){
$admin_approval = PREFIX . 'onions.approved = 1 AND';
}
$data=['categories'=>$categories];
$stmt=$db->query('SELECT address, category, description, locked, lastup, lasttest, timeadded FROM ' . PREFIX . "onions WHERE $admin_approval address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . 'phishing) AND timediff<604800 ORDER BY address;');
$stmt=$db->query('SELECT address, category, description, locked, lastup, lasttest, timeadded, timechanged FROM ' . PREFIX . "onions WHERE $admin_approval address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . 'phishing) AND timediff<604800 ORDER BY address;');
$data['onions']=$stmt->fetchALL(PDO::FETCH_ASSOC);
$stmt=$db->query('SELECT md5sum FROM ' . PREFIX . "onions WHERE address='';");
while($tmp=$stmt->fetch(PDO::FETCH_ASSOC)){
@ -526,5 +524,5 @@ function send_captcha(){
}
function send_error(string $msg){
die("<p class=\"red\" role=\"alert\">$msg</p></div></body></html>");
die("<p class=\"red\" role=\"alert\">$msg</p></div></main></body></html>");
}

4
www/test.php
View File

@ -10,7 +10,7 @@ echo '<meta name="viewport" content="width=device-width, initial-scale=1">';
echo '<meta name="description" content="Test whether a Tor hidden service onion is online or offline">';
echo '<link rel="canonical" href="' . CANONICAL_URL . $_SERVER['SCRIPT_NAME'] . '">';
echo '<style type="text/css">'.$style.'</style>';
echo '</head><body>';
echo '</head><body><main>';
echo "<h1>$I[testtitle]</h1>";
print_langs();
echo "<p>$I[testdesc]</p>";
@ -108,4 +108,4 @@ if(!empty($_REQUEST['addr'])){
}
?>
<br><p class="software-link"><a target="_blank" href="https://github.com/DanWin/onion-link-list" rel="noopener">Onion Link List - <?php echo VERSION; ?></a></p>
</body></html>
</main></body></html>