danwin1210/onion-link-list
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add admin approval

Browse Source
This commit is contained in:
Daniel Winzen
2020-10-16 15:23:53 +02:00
parent 9f5c519652
commit 49623924c2
7 changed files with 176 additions and 107 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
common_config.php
View File

@ -33,7 +33,8 @@ define('PROMOTEPRICE', 0.025); // Price to promote a site for PROMOTETIME long
define('PROMOTETIME', 2592000); // Time (in seconds) to promote a site payed with PROMOTEPRICE - 864000 equals 10 days
define('PER_PAGE', 50); // Sites listed per page
define('VERSION', '1'); // Script version
define('DBVERSION', 5); // Database layout version
define('DBVERSION', 6); // Database layout version
define('REQUIRE_APPROVAL', false); // require admin approval of new sites? true/false
//Categories - new links will always be put into the first one, leave it to Unsorted
//once configured, only add new categories at the end or you have to manually adjust the database.
$categories=['Unsorted', 'Adult/Porn', 'Communication/Social', 'Forums', 'Hacking/Programming/Software', 'Hosting', 'Libraries/Wikis', 'Link Lists', 'Market/Shop/Store', 'Other', 'Personal Sites/Blogs', 'Security/Privacy/Encryption', 'Whistleblowing', 'Empty/Error/Unknown', 'Cryptocurrencies', 'Scams', 'Fun/Games/Joke', 'Search', 'Autodetected scam (unchecked)'];

5
lang_de.php
View File

@ -67,4 +67,9 @@ $T=[
'language' => 'Sprache',
'format' => 'Format',
'hidelocked' => 'Gesperrte nicht anzeigen',
'pendingapproval' => 'Genehmigung ausstehend',
'rejected' => 'Abgelehnt',
'reject' => 'Ablehnen',
'approve' => 'Akzeptieren',
'switchviewmode' => 'Ansichtsmodus wechseln',
];

5
lang_en.php
View File

@ -67,4 +67,9 @@ $I=[
'language' => 'Language',
'format' => 'Format',
'hidelocked' => 'Hide locked',
'pendingapproval' => 'Pending approval',
'rejected' => 'Rejected',
'reject' => 'Reject',
'approve' => 'Approve',
'switchviewmode' => 'Switch view mode',
];

2
lang_update.php
View File

@ -1,6 +1,6 @@
<?php
$native = 'Deutsch'; // Native lanugae name
$english = 'German'; // Enlish language name
$english = 'German'; // English language name
$code = 'de'; // Language code
ob_start();

5
setup.php
View File

@ -51,7 +51,7 @@ try{
if(!@$db->query('SELECT * FROM ' . PREFIX . 'settings LIMIT 1;')){
//create tables
$db->exec('CREATE TABLE ' . PREFIX . "captcha (id int(10) UNSIGNED NOT NULL PRIMARY KEY AUTO_INCREMENT, time int(10) UNSIGNED NOT NULL, code char(5) NOT NULL) ENGINE=MEMORY;");
$db->exec('CREATE TABLE ' . PREFIX . "onions (id int(10) UNSIGNED NOT NULL PRIMARY KEY AUTO_INCREMENT, address varchar(56) CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL, md5sum binary(16) NOT NULL UNIQUE, lasttest int(10) UNSIGNED NOT NULL DEFAULT '0', lastup int(10) UNSIGNED NOT NULL DEFAULT '0', timediff int(10) UNSIGNED NOT NULL DEFAULT '0', timeadded int(10) UNSIGNED NOT NULL DEFAULT '0', description text CHARACTER SET utf8mb4 NOT NULL, category smallint(6) NOT NULL DEFAULT '0', locked smallint(6) NOT NULL DEFAULT '0', special int(10) UNSIGNED NOT NULL DEFAULT '0', INDEX(address), INDEX(lasttest), INDEX(timediff), INDEX(category), INDEX(special));");
$db->exec('CREATE TABLE ' . PREFIX . "onions (id int(10) UNSIGNED NOT NULL PRIMARY KEY AUTO_INCREMENT, address varchar(56) CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL, md5sum binary(16) NOT NULL UNIQUE, lasttest int(10) UNSIGNED NOT NULL DEFAULT '0', lastup int(10) UNSIGNED NOT NULL DEFAULT '0', timediff int(10) UNSIGNED NOT NULL DEFAULT '0', timeadded int(10) UNSIGNED NOT NULL DEFAULT '0', description text CHARACTER SET utf8mb4 NOT NULL, category smallint(6) NOT NULL DEFAULT '0', locked smallint(6) NOT NULL DEFAULT '0', special int(10) UNSIGNED NOT NULL DEFAULT '0', approved smallint(6) NOT NULL DEFAULT '0', INDEX(address), INDEX(lasttest), INDEX(timediff), INDEX(category), INDEX(special));");
$db->exec('CREATE TABLE ' . PREFIX . 'phishing (onion_id int(10) UNSIGNED NOT NULL PRIMARY KEY, original varchar(56) CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL, FOREIGN KEY (onion_id) REFERENCES onions(id) ON DELETE CASCADE ON UPDATE CASCADE);');
$db->exec('CREATE TABLE ' . PREFIX . 'settings (setting varchar(50) NOT NULL PRIMARY KEY, value varchar(20000) NOT NULL);');
$stmt=$db->prepare('INSERT INTO ' . PREFIX . "settings (setting, value) VALUES ('version', ?);");
@ -89,6 +89,9 @@ if(!@$db->query('SELECT * FROM ' . PREFIX . 'settings LIMIT 1;')){
if($version<5){
$db->exec('CREATE TABLE ' . PREFIX . "captcha (id int(10) UNSIGNED NOT NULL PRIMARY KEY AUTO_INCREMENT, time int(10) UNSIGNED NOT NULL, code char(5) NOT NULL) ENGINE=MEMORY;");
}
if($version < 6){
$db->exec('ALTER TABLE ' . PREFIX . "onions ADD approved smallint(6) NOT NULL DEFAULT '0';");
}
$stmt=$db->prepare('UPDATE ' . PREFIX . "settings SET value=? WHERE setting='version';");
$stmt->execute([DBVERSION]);
echo "$I[statusok]\n";

205
www/admin.php
View File

@ -28,14 +28,34 @@ if(!isSet($_POST['pass']) || $_POST['pass']!==ADMINPASS){
echo "<p class=\"red\">$I[wrongpass]</p>";
}
}else{
$view_mode = isset($_POST['view_mode']) ? $_POST['view_mode'] : 'single';
if(isset($_POST['switch_view_mode'])){
$view_mode = $view_mode === 'single' ? 'multi' : 'single';
}
echo "<form action=\"$_SERVER[SCRIPT_NAME]\" method=\"POST\">";
echo "<input type=\"hidden\" name=\"lang\" value=\"$language\">";
echo "<input type=\"hidden\" name=\"pass\" value=\"$_POST[pass]\">";
echo "<p>$I[link]: <input name=\"addr\" size=\"30\" value=\"";
if(isSet($_REQUEST['addr'])){
echo htmlspecialchars($_REQUEST['addr']);
echo "<input type=\"hidden\" name=\"view_mode\" value=\"$view_mode\">";
echo "<br><input type=\"submit\" name=\"switch_view_mode\" value=\"$I[switchviewmode]\"></form>";
echo "<form action=\"$_SERVER[SCRIPT_NAME]\" method=\"POST\">";
echo "<input type=\"hidden\" name=\"lang\" value=\"$language\">";
echo "<input type=\"hidden\" name=\"pass\" value=\"$_POST[pass]\">";
echo "<input type=\"hidden\" name=\"view_mode\" value=\"$view_mode\">";
if($view_mode === 'single') {
echo "<p>$I[link]: <input name=\"addr\" size=\"30\" value=\"";
if ( isset( $_REQUEST[ 'addr' ] ) ) {
echo htmlspecialchars( $_REQUEST[ 'addr' ] );
}
echo '" required autofocus></p>';
} else {
echo '<table border="1"><tr><th>Select</th><th>Address</th><th>Description</th><th>Category</th><th>Status</th></tr>';
$stmt=$db->query('SELECT address, description, category, approved, locked FROM ' . PREFIX . "onions WHERE address!='';");
while($onion = $stmt->fetch(PDO::FETCH_ASSOC)){
echo '<tr><td><input type="checkbox" name="addr[]" value="'.$onion['address'].'"></td><td><a href="http://'.$onion['address'].'.onion" rel="noopener">'.$onion['address'].'.onion</a></td>';
echo "<td>$onion[description]</td><td>{$categories[$onion['category']]}</td><td>Approved: $onion[approved]<br>Locked: $onion[locked]</td></tr>";
}
echo '</table>';
}
echo '" required autofocus></p>';
echo "<p>$I[cloneof]: <input type=\"text\" name=\"original\" size=\"30\"";
if(isSet($_REQUEST['original'])){
echo ' value="'.htmlspecialchars($_REQUEST['original']).'"';
@ -49,7 +69,7 @@ if(!isSet($_POST['pass']) || $_POST['pass']!==ADMINPASS){
echo "<p>$I[adddesc]: <br><textarea name=\"desc\" rows=\"2\" cols=\"30\">";
if(!empty($_REQUEST['desc'])){
echo htmlspecialchars(trim($_REQUEST['desc']));
}elseif(isSet($_REQUEST['addr'])){
}elseif(isset($_REQUEST['addr']) && is_string($_REQUEST['addr'])){
if(preg_match('~(^(https?://)?([a-z2-7]{16}|[a-z2-7]{56})(\.onion(/.*)?)?$)~i', trim($_REQUEST['addr']), $addr)){
$addr=strtolower($addr[3]);
$md5=md5($addr, true);
@ -90,94 +110,107 @@ if(!isSet($_POST['pass']) || $_POST['pass']!==ADMINPASS){
echo "<td><input type=\"submit\" name=\"action\" value=\"$I[unphishing]\"></td>";
echo '</tr><tr>';
echo "<td><input type=\"submit\" name=\"action\" value=\"$I[update]\"></td>";
if(REQUIRE_APPROVAL) {
echo "<td><input type=\"submit\" name=\"action\" value=\"$I[reject]\"></td>";
echo "<td><input type=\"submit\" name=\"action\" value=\"$I[approve]\"></td>";
}
echo '</tr></table>';
echo '</form><br>';
if(!empty($_POST['addr'])){
if(!preg_match('~(^(https?://)?([a-z2-7]{16}|[a-z2-7]{56})(\.onion(/.*)?)?$)~i', trim($_POST['addr']), $addr)){
echo "<p class=\"red\">$I[invalonion]</p>";
}else{
$addr=strtolower($addr[3]);
$md5=md5($addr, true);
if($_POST['action']===$I['remove']){ //remove address from public display
$db->prepare('UPDATE ' . PREFIX . "onions SET address='', locked=1 WHERE md5sum=?;")->execute([$md5]);
echo "<p class=\"green\">$I[succremove]</p>";
}elseif($_POST['action']===$I['lock']){ //lock editing
$db->prepare('UPDATE ' . PREFIX . 'onions SET locked=1 WHERE md5sum=?;')->execute([$md5]);
echo "<p class=\"green\">$I[succlock]</p>";
}elseif($_POST['action']===$I['readd']){ //add onion back, if previously removed
$db->prepare('UPDATE ' . PREFIX . 'onions SET address=?, locked=1 WHERE md5sum=?;')->execute([$addr, $md5]);
echo "<p class=\"green\">$I[succreadd]</p>";
}elseif($_POST['action']===$I['unlock']){ //unlock editing
$db->prepare('UPDATE ' . PREFIX . 'onions SET locked=0 WHERE md5sum=?;')->execute([$md5]);
echo "<p class=\"green\">$I[succunlock]</p>";
}elseif($_POST['action']===$I['promote']){ //promote link for payed time
$stmt=$db->prepare('SELECT special FROM ' . PREFIX . 'onions WHERE md5sum=?;');
$stmt->execute([$md5]);
$specialtime=$stmt->fetch(PDO::FETCH_NUM);
if($specialtime[0]<time()){
$time=time()+(($_POST['btc']/PROMOTEPRICE)*PROMOTETIME);
}else{
$time=$specialtime[0]+(($_POST['btc']/PROMOTEPRICE)*PROMOTETIME);
}
$db->prepare('UPDATE ' . PREFIX . 'onions SET special=?, locked=1 WHERE md5sum=?;')->execute([$time, $md5]);
printf("<p class=\"green\">$I[succpromote]</p>", date('Y-m-d H:i', $time));
}elseif($_POST['action']===$I['unpromote']){ //remove promoted status
$db->prepare('UPDATE ' . PREFIX . 'onions SET special=0 WHERE md5sum=?;')->execute([$md5]);
echo "<p class=\"green\">$I[succunpromote]</p>";
}elseif($_POST['action']===$I['update']){ //update description
$stmt=$db->prepare('SELECT * FROM ' . PREFIX . 'onions WHERE md5sum=?;');
$stmt->execute([$md5]);
if($category===count($categories)){
$category=0;
}
if(!isSet($_POST['desc'])){
$desc='';
}else{
$desc=trim($_POST['desc']);
$desc=htmlspecialchars($desc);
$desc=preg_replace("/(\r?\n|\r\n?)/", '<br>', $desc);
}
if(!$stmt->fetch(PDO::FETCH_ASSOC)){ //not yet there, add it
$stmt=$db->prepare('INSERT INTO ' . PREFIX . 'onions (address, description, md5sum, category, timeadded, locked) VALUES (?, ?, ?, ?, ?, 1);');
$stmt->execute([$addr, $desc, $md5, $category, time()]);
echo "<p class=\"green\">$I[succadd]</p>";
}elseif($desc!=''){ //update description+category
$stmt=$db->prepare('UPDATE ' . PREFIX . 'onions SET description=?, category=?, locked=1 WHERE md5sum=?;');
$stmt->execute([$desc, $category, $md5]);
echo "<p class=\"green\">$I[succupddesc]</p>";
}elseif($category!=0){ //only update category
$stmt=$db->prepare('UPDATE ' . PREFIX . 'onions SET category=?, locked=1 WHERE md5sum=?;');
$stmt->execute([$category, $md5]);
echo "<p class=\"green\">$I[succupdcat]!</p>";
}else{ //no description or category change and already known
echo "<p class=\"green\">$I[alreadyknown]</p>";
}
}elseif($_POST['action']===$I['phishing']){//mark as phishing clone
if($_POST['original']!=='' && !preg_match('~(^(https?://)?([a-z2-7]{16}|[a-z2-7]{56})(\.onion(/.*)?)?$)~i', $_POST['original'], $orig)){
echo "<p class=\"red\">$I[invalonion]</p>";
}else{
if(isset($orig[3])){
$orig=strtolower($orig[3]);
}else{
$orig='';
$addrs = is_array($_POST['addr']) ? $_POST['addr'] : [$_POST['addr']];
foreach ($addrs as $addr_single) {
if ( ! preg_match( '~(^(https?://)?([a-z2-7]{16}|[a-z2-7]{56})(\.onion(/.*)?)?$)~i', trim( $addr_single ), $addr ) ) {
echo "<p class=\"red\">$I[invalonion]</p>";
} else {
$addr = strtolower( $addr[ 3 ] );
$md5 = md5( $addr, true );
if ( $_POST[ 'action' ] === $I[ 'remove' ] ) { //remove address from public display
$db->prepare( 'UPDATE ' . PREFIX . "onions SET address='', locked=1, approved=-1 WHERE md5sum=?;" )->execute( [ $md5 ] );
echo "<p class=\"green\">$I[succremove]</p>";
} elseif ( $_POST[ 'action' ] === $I[ 'lock' ] ) { //lock editing
$db->prepare( 'UPDATE ' . PREFIX . 'onions SET locked=1, approved=1 WHERE md5sum=?;' )->execute( [ $md5 ] );
echo "<p class=\"green\">$I[succlock]</p>";
} elseif ( $_POST[ 'action' ] === $I[ 'readd' ] ) { //add onion back, if previously removed
$db->prepare( 'UPDATE ' . PREFIX . 'onions SET address=?, locked=1, approved=1 WHERE md5sum=?;' )->execute( [ $addr, $md5 ] );
echo "<p class=\"green\">$I[succreadd]</p>";
} elseif ( $_POST[ 'action' ] === $I[ 'unlock' ] ) { //unlock editing
$db->prepare( 'UPDATE ' . PREFIX . 'onions SET locked=0, approved=1 WHERE md5sum=?;' )->execute( [ $md5 ] );
echo "<p class=\"green\">$I[succunlock]</p>";
} elseif ( $_POST[ 'action' ] === $I[ 'promote' ] ) { //promote link for payed time
$stmt = $db->prepare( 'SELECT special FROM ' . PREFIX . 'onions WHERE md5sum=?;' );
$stmt->execute( [ $md5 ] );
$specialtime = $stmt->fetch( PDO::FETCH_NUM );
if ( $specialtime[ 0 ] < time() ) {
$time = time() + ( ( $_POST[ 'btc' ] / PROMOTEPRICE ) * PROMOTETIME );
} else {
$time = $specialtime[ 0 ] + ( ( $_POST[ 'btc' ] / PROMOTEPRICE ) * PROMOTETIME );
}
if($orig!==$addr){
$stmt=$db->prepare('INSERT INTO ' . PREFIX . 'phishing (onion_id, original) VALUES ((SELECT id FROM ' . PREFIX . 'onions WHERE address=?), ?);');
$stmt->execute([$addr, $orig]);
$stmt=$db->prepare('UPDATE ' . PREFIX . 'onions SET locked=1 WHERE address=?;');
$stmt->execute([$addr]);
echo "<p class=\"green\">$I[succaddphish]</p>";
}else{
echo "<p class=\"red\">$I[samephish]</p>";
$db->prepare( 'UPDATE ' . PREFIX . 'onions SET special=?, locked=1, approved=1 WHERE md5sum=?;' )->execute( [ $time, $md5 ] );
printf( "<p class=\"green\">$I[succpromote]</p>", date( 'Y-m-d H:i', $time ) );
} elseif ( $_POST[ 'action' ] === $I[ 'unpromote' ] ) { //remove promoted status
$db->prepare( 'UPDATE ' . PREFIX . 'onions SET special=0 WHERE md5sum=?;' )->execute( [ $md5 ] );
echo "<p class=\"green\">$I[succunpromote]</p>";
} elseif ( $_POST[ 'action' ] === $I[ 'update' ] ) { //update description
$stmt = $db->prepare( 'SELECT * FROM ' . PREFIX . 'onions WHERE md5sum=?;' );
$stmt->execute( [ $md5 ] );
if ( $category === count( $categories ) ) {
$category = 0;
}
if ( ! isset( $_POST[ 'desc' ] ) ) {
$desc = '';
} else {
$desc = trim( $_POST[ 'desc' ] );
$desc = htmlspecialchars( $desc );
$desc = preg_replace( "/(\r?\n|\r\n?)/", '<br>', $desc );
}
if ( ! $stmt->fetch( PDO::FETCH_ASSOC ) ) { //not yet there, add it
$stmt = $db->prepare( 'INSERT INTO ' . PREFIX . 'onions (address, description, md5sum, category, timeadded, locked, approved) VALUES (?, ?, ?, ?, ?, 1, 1);' );
$stmt->execute( [ $addr, $desc, $md5, $category, time() ] );
echo "<p class=\"green\">$I[succadd]</p>";
} elseif ( $desc != '' ) { //update description+category
$stmt = $db->prepare( 'UPDATE ' . PREFIX . 'onions SET description=?, category=?, locked=1, approved=1 WHERE md5sum=?;' );
$stmt->execute( [ $desc, $category, $md5 ] );
echo "<p class=\"green\">$I[succupddesc]</p>";
} elseif ( $category != 0 ) { //only update category
$stmt = $db->prepare( 'UPDATE ' . PREFIX . 'onions SET category=?, locked=1, approved=1 WHERE md5sum=?;' );
$stmt->execute( [ $category, $md5 ] );
echo "<p class=\"green\">$I[succupdcat]!</p>";
} else { //no description or category change and already known
echo "<p class=\"green\">$I[alreadyknown]</p>";
}
} elseif ( $_POST[ 'action' ] === $I[ 'phishing' ] ) {//mark as phishing clone
if ( $_POST[ 'original' ] !== '' && ! preg_match( '~(^(https?://)?([a-z2-7]{16}|[a-z2-7]{56})(\.onion(/.*)?)?$)~i', $_POST[ 'original' ], $orig ) ) {
echo "<p class=\"red\">$I[invalonion]</p>";
} else {
if ( isset( $orig[ 3 ] ) ) {
$orig = strtolower( $orig[ 3 ] );
} else {
$orig = '';
}
if ( $orig !== $addr ) {
$stmt = $db->prepare( 'INSERT INTO ' . PREFIX . 'phishing (onion_id, original) VALUES ((SELECT id FROM ' . PREFIX . 'onions WHERE address=?), ?);' );
$stmt->execute( [ $addr, $orig ] );
$stmt = $db->prepare( 'UPDATE ' . PREFIX . 'onions SET locked=1, approved=1 WHERE address=?;' );
$stmt->execute( [ $addr ] );
echo "<p class=\"green\">$I[succaddphish]</p>";
} else {
echo "<p class=\"red\">$I[samephish]</p>";
}
}
} elseif ( $_POST[ 'action' ] === $I[ 'unphishing' ] ) { //remove phishing clone status
$stmt = $db->prepare( 'DELETE FROM ' . PREFIX . 'phishing WHERE onion_id=(SELECT id FROM ' . PREFIX . 'onions WHERE address=?);' );
$stmt->execute( [ $addr ] );
echo "<p class=\"green\">$I[succrmphish]</p>";
} elseif ( $_POST[ 'action' ] === $I[ 'reject' ] ) { //lock editing
$db->prepare( 'UPDATE ' . PREFIX . 'onions SET approved=-1 WHERE md5sum=?;' )->execute( [ $md5 ] );
echo "<p class=\"green\">$I[succlock]</p>";
} elseif ( $_POST[ 'action' ] === $I[ 'approve' ] ) { //lock editing
$db->prepare( 'UPDATE ' . PREFIX . 'onions SET approved=1 WHERE md5sum=?;' )->execute( [ $md5 ] );
echo "<p class=\"green\">$I[succlock]</p>";
} else { //no specific button was pressed
echo "<p class=\"red\">$I[noaction]</p>";
}
}elseif($_POST['action']===$I['unphishing']){ //remove phishing clone status
$stmt=$db->prepare('DELETE FROM ' . PREFIX . 'phishing WHERE onion_id=(SELECT id FROM ' . PREFIX . 'onions WHERE address=?);');
$stmt->execute([$addr]);
echo "<p class=\"green\">$I[succrmphish]</p>";
}else{ //no specific button was pressed
echo "<p class=\"red\">$I[noaction]</p>";
}
}
}

58
www/onions.php
View File

@ -18,8 +18,6 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
use JetBrains\PhpStorm\ExitPoint;
if($_SERVER['REQUEST_METHOD']==='HEAD'){
exit; // ignore headers, no further processing needed
}
@ -158,11 +156,15 @@ function send_html(){
echo "<ul class=\"list\"><li>$I[specialcat]:</li>";
$cat=count($categories);
$pages=1;
$admin_approval = '';
if(REQUIRE_APPROVAL){
$admin_approval = PREFIX . 'onions.approved = 1 AND';
}
foreach($special as $name=>$query){
if($cat===count($categories)+1){
$num[0]=PER_PAGE;
}else{
$num=$db->query('SELECT COUNT(*) FROM ' . PREFIX . "onions WHERE $query;")->fetch(PDO::FETCH_NUM);
$num=$db->query('SELECT COUNT(*) FROM ' . PREFIX . "onions WHERE $admin_approval $query;")->fetch(PDO::FETCH_NUM);
}
if($category==$cat){
echo " <li class=\"active\"><a href=\"?cat=$cat&amp;pg=$_REQUEST[newpg]&amp;lang=$language\" target=\"_self\">$name ($num[0])</a></li>";
@ -172,17 +174,24 @@ function send_html(){
}
++$cat;
}
$num=$db->query('SELECT COUNT(*) FROM ' . PREFIX . 'phishing, ' . PREFIX . 'onions WHERE ' . PREFIX . "onions.id=onion_id AND address!='' AND timediff<604800;")->fetch(PDO::FETCH_NUM);
$num=$db->query('SELECT COUNT(*) FROM ' . PREFIX . 'phishing, ' . PREFIX . 'onions WHERE ' . "$admin_approval " . PREFIX . "onions.id=onion_id AND address!='' AND timediff<604800;")->fetch(PDO::FETCH_NUM);
if($category==$cat){
echo " <li class=\"active\"><a href=\"?cat=$cat&amp;lang=$language\" target=\"_self\">$I[phishingclones] ($num[0])</a></li>";
}else{
echo " <li><a href=\"?cat=$cat&amp;lang=$language\" target=\"_self\">$I[phishingclones] ($num[0])</a></li>";
}
$num=$db->query('SELECT COUNT(*) FROM ' . PREFIX . "onions WHERE address='';")->fetch(PDO::FETCH_NUM);
echo " <li>$I[removed] ($num[0])</li></ul><br><br>";
echo " <li>$I[removed] ($num[0])</li>";
if(REQUIRE_APPROVAL) {
$num = $db->query( 'SELECT COUNT(*) FROM ' . PREFIX . "onions WHERE approved = 0 AND address!='';" )->fetch( PDO::FETCH_NUM );
echo " <li>$I[pendingapproval] ($num[0])</li>";
$num = $db->query( 'SELECT COUNT(*) FROM ' . PREFIX . "onions WHERE approved = -1 AND address!='';" )->fetch( PDO::FETCH_NUM );
echo " <li>$I[rejected] ($num[0])</li>";
}
echo '</ul><br><br>';
//List normal categories
echo "<ul class=\"list\"><li>$I[categories]:</li>";
$stmt=$db->prepare('SELECT COUNT(*) FROM ' . PREFIX . "onions WHERE category=? AND address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . 'phishing) AND timediff<604800;');
$stmt=$db->prepare('SELECT COUNT(*) FROM ' . PREFIX . "onions WHERE $admin_approval category=? AND address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . 'phishing) AND timediff<604800;');
foreach($categories as $cat=>$name){
$stmt->execute([$cat]);
$num=$stmt->fetch(PDO::FETCH_NUM);
@ -235,14 +244,12 @@ function send_html(){
$stmt=$db->prepare('INSERT INTO ' . PREFIX . 'onions (address, description, md5sum, category, timeadded) VALUES (?, ?, ?, ?, ?);');
$stmt->execute([$addr, $desc, $md5, $category, time()]);
echo "<p class=\"green\">$I[succadd]</p>";
// mail('daniel@tt3j2x4k5ycaa5zt.onion', 'New onion', "$addr.onion was added - $desc", "Content-Type: text/plain; charset=UTF-8\r\n");
}elseif($locked==1){//locked, not editable
echo "<p class=\"red\">$I[faillocked]</p>";
}elseif($desc!==''){//update description
$stmt=$db->prepare('UPDATE ' . PREFIX . 'onions SET description=?, category=? WHERE md5sum=?;');
$stmt->execute([$desc, $category, $md5]);
echo "<p class=\"green\">$I[succupddesc]</p>";
// mail('daniel@tt3j2x4k5ycaa5zt.onion', 'Updated onion', "$addr.onion was updated - $desc", "Content-Type: text/plain; charset=UTF-8\r\n");
}elseif($category!=0){//update category only
$stmt=$db->prepare('UPDATE ' . PREFIX . 'onions SET category=? WHERE md5sum=?;');
$stmt->execute([$category, $md5]);
@ -267,10 +274,10 @@ function send_html(){
$hidelocked='';
}
if($category>=count($categories)){
$stmt=$db->prepare('SELECT address, lasttest, lastup, timeadded, description, locked, special FROM ' . PREFIX . "onions WHERE address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . "phishing) AND timediff<604800 $hidelocked AND (description LIKE ? OR address LIKE ?) ORDER BY address;");
$stmt=$db->prepare('SELECT address, lasttest, lastup, timeadded, description, locked, special FROM ' . PREFIX . "onions WHERE $admin_approval address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . "phishing) AND timediff<604800 $hidelocked AND (description LIKE ? OR address LIKE ?) ORDER BY address;");
$stmt->execute([$query, $query]);
}else{
$stmt=$db->prepare('SELECT address, lasttest, lastup, timeadded, description, locked, special FROM ' . PREFIX . "onions WHERE address!='' AND category=? AND id NOT IN (SELECT onion_id FROM " . PREFIX . "phishing) AND timediff<604800 $hidelocked AND (description LIKE ? OR address LIKE ?) ORDER BY address;");
$stmt=$db->prepare('SELECT address, lasttest, lastup, timeadded, description, locked, special FROM ' . PREFIX . "onions WHERE $admin_approval address!='' AND category=? AND id NOT IN (SELECT onion_id FROM " . PREFIX . "phishing) AND timediff<604800 $hidelocked AND (description LIKE ? OR address LIKE ?) ORDER BY address;");
$stmt->execute([$category, $query, $query]);
}
$table=get_table($stmt, $numrows);
@ -293,7 +300,7 @@ function send_html(){
$query.=' LIMIT ' . PER_PAGE ." OFFSET $offset";
}
}
$stmt=$db->query('SELECT address, lasttest, lastup, timeadded, description, locked, special FROM ' . PREFIX . "onions WHERE $query;");
$stmt=$db->query('SELECT address, lasttest, lastup, timeadded, description, locked, special FROM ' . PREFIX . "onions WHERE $admin_approval $query;");
echo get_table($stmt, $numrows, true);
}else{//show normal categories
if($_REQUEST['pg']>0){
@ -302,7 +309,7 @@ function send_html(){
}else{
$offsetquery='';
}
$stmt=$db->prepare('SELECT address, lasttest, lastup, timeadded, description, locked, special FROM ' . PREFIX . "onions WHERE address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . "phishing) AND category=? AND timediff<604800 ORDER BY address$offsetquery;");
$stmt=$db->prepare('SELECT address, lasttest, lastup, timeadded, description, locked, special FROM ' . PREFIX . "onions WHERE $admin_approval address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . "phishing) AND category=? AND timediff<604800 ORDER BY address$offsetquery;");
$stmt->execute([$category]);
echo get_table($stmt, $numrows, true);
}
@ -315,11 +322,15 @@ function send_html(){
function get_table(PDOStatement $stmt, &$numrows=0, $promoted=false){
global $I, $db, $language;
$time=time();
$admin_approval = '';
if(REQUIRE_APPROVAL){
$admin_approval = PREFIX . 'onions.approved = 1 AND';
}
ob_start();
echo "<table id=\"maintable\" border=\"1\"><tr><th>$I[link]</th><th>$I[description]</th><th>$I[lasttested]</th><th>$I[lastup]</th><th>$I[timeadded]</th><th>$I[actions]</th></tr>";
if($promoted){//print promoted links at the top
$time=time();
$promo=$db->prepare('SELECT address, lasttest, lastup, timeadded, description, locked, special FROM ' . PREFIX . "onions WHERE special>? AND address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . 'phishing) AND timediff<604800 ORDER BY address;');
$promo=$db->prepare('SELECT address, lasttest, lastup, timeadded, description, locked, special FROM ' . PREFIX . "onions WHERE $admin_approval special>? AND address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . 'phishing) AND timediff<604800 ORDER BY address;');
$promo->execute([$time]);
while($link=$promo->fetch(PDO::FETCH_ASSOC)){
if($link['lastup']===$link['lasttest']){
@ -368,7 +379,6 @@ function get_table(PDOStatement $stmt, &$numrows=0, $promoted=false){
$edit="<form><input name=\"addr\" value=\"$link[address]\" type=\"hidden\"><input type=\"hidden\" name=\"pg\" value=\"$_REQUEST[newpg]\"><input type=\"hidden\" name=\"lang\" value=\"$language\"><input value=\"$I[edit]\" type=\"submit\"></form>";
}
echo "<tr class=\"$class\"><td><a href=\"http://$link[address].onion\">$link[address].onion</a></td><td>$link[description]</td><td>$lasttest</td><td>$lastup</td><td>$timeadded</td><td>$edit <form method=\"post\" action=\"test.php\"><input name=\"addr\" value=\"$link[address]\" type=\"hidden\"><input type=\"hidden\" name=\"lang\" value=\"$language\"><input value=\"$I[test]\" type=\"submit\"></form></td></tr>";
// echo "<tr class=\"$class\"><td><a href=\"http://$link[address].onion\">$link[address].onion</a></td><td>$link[description]</td><td>$edit</td><td>$lasttest</td><td>$lastup</td><td>$timeadded</td><td><form method=\"post\" action=\"test.php\"><input name=\"addr\" value=\"$link[address]\" type=\"hidden\"><input type=\"hidden\" name=\"lang\" value=\"$language\"><input value=\"$I[test]\" type=\"submit\"></form></td></tr>";
++$numrows;
}
echo '</table>';
@ -377,8 +387,12 @@ function get_table(PDOStatement $stmt, &$numrows=0, $promoted=false){
function print_phishing_table(){
global $I, $db;
$admin_approval = '';
if(REQUIRE_APPROVAL){
$admin_approval = 'approved = 1 AND';
}
echo "<table border=\"1\"><tr><th>$I[link]</th><th>$I[cloneof]</th><th>$I[lastup]</th></tr>";
$stmt=$db->query('SELECT address, original, lasttest, lastup FROM ' . PREFIX . 'onions, ' . PREFIX . 'phishing WHERE ' . PREFIX . "onions.id=onion_id AND address!='' AND timediff<604800 ORDER BY address;");
$stmt=$db->query('SELECT address, original, lasttest, lastup FROM ' . PREFIX . 'onions, ' . PREFIX . 'phishing WHERE ' . "$admin_approval " . PREFIX . "onions.id=onion_id AND address!='' AND timediff<604800 ORDER BY address;");
while($link=$stmt->fetch(PDO::FETCH_ASSOC)){
if($link['lastup']===$link['lasttest']){
$class='up';
@ -406,7 +420,11 @@ function send_text(){
die("$I[error]: $I[nodb]");
}
header('Content-Type: text/plain; charset=UTF-8');
$stmt=$db->query('SELECT address FROM ' . PREFIX . "onions WHERE address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . 'phishing) AND timediff<604800 ORDER BY address;');
$admin_approval = '';
if(REQUIRE_APPROVAL){
$admin_approval = 'approved = 1 AND';
}
$stmt=$db->query('SELECT address FROM ' . PREFIX . "onions WHERE $admin_approval address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . 'phishing) AND timediff<604800 ORDER BY address;');
while($tmp=$stmt->fetch(PDO::FETCH_NUM)){
echo "$tmp[0].onion\n";
}
@ -418,14 +436,18 @@ function send_json(){
die("$I[error]: $I[nodb]");
}
header('Content-Type: application/json;');
$admin_approval = '';
if(REQUIRE_APPROVAL){
$admin_approval = PREFIX . 'onions.approved = 1 AND';
}
$data=['categories'=>$categories];
$stmt=$db->query('SELECT address, category, description, locked, lastup, lasttest, timeadded FROM ' . PREFIX . "onions WHERE address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . 'phishing) AND timediff<604800 ORDER BY address;');
$stmt=$db->query('SELECT address, category, description, locked, lastup, lasttest, timeadded FROM ' . PREFIX . "onions WHERE $admin_approval address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . 'phishing) AND timediff<604800 ORDER BY address;');
$data['onions']=$stmt->fetchALL(PDO::FETCH_ASSOC);
$stmt=$db->query('SELECT md5sum FROM ' . PREFIX . "onions WHERE address='';");
while($tmp=$stmt->fetch(PDO::FETCH_ASSOC)){
$data['removed'][]=bin2hex($tmp['md5sum']);
}
$stmt=$db->query('SELECT address, original FROM ' . PREFIX . 'onions, ' . PREFIX . 'phishing WHERE onion_id=' . PREFIX . "onions.id AND address!='' AND timediff<604800 ORDER BY address;");
$stmt=$db->query('SELECT address, original FROM ' . PREFIX . 'onions, ' . PREFIX . 'phishing WHERE onion_id=' . PREFIX . "onions.id AND $admin_approval address!='' AND timediff<604800 ORDER BY address;");
$data['phishing']=$stmt->fetchALL(PDO::FETCH_ASSOC);
echo json_encode($data);
}