danwin1210/onion-link-list
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add admin approval

Browse Source
This commit is contained in:
Daniel Winzen
2020-10-16 15:23:53 +02:00
parent 9f5c519652
commit 49623924c2
7 changed files with 176 additions and 107 deletions
Download Patch File Download Diff File Expand all files Collapse all files

205
www/admin.php
View File

@ -28,14 +28,34 @@ if(!isSet($_POST['pass']) || $_POST['pass']!==ADMINPASS){
echo "<p class=\"red\">$I[wrongpass]</p>";
}
}else{
$view_mode = isset($_POST['view_mode']) ? $_POST['view_mode'] : 'single';
if(isset($_POST['switch_view_mode'])){
$view_mode = $view_mode === 'single' ? 'multi' : 'single';
}
echo "<form action=\"$_SERVER[SCRIPT_NAME]\" method=\"POST\">";
echo "<input type=\"hidden\" name=\"lang\" value=\"$language\">";
echo "<input type=\"hidden\" name=\"pass\" value=\"$_POST[pass]\">";
echo "<p>$I[link]: <input name=\"addr\" size=\"30\" value=\"";
if(isSet($_REQUEST['addr'])){
echo htmlspecialchars($_REQUEST['addr']);
echo "<input type=\"hidden\" name=\"view_mode\" value=\"$view_mode\">";
echo "<br><input type=\"submit\" name=\"switch_view_mode\" value=\"$I[switchviewmode]\"></form>";
echo "<form action=\"$_SERVER[SCRIPT_NAME]\" method=\"POST\">";
echo "<input type=\"hidden\" name=\"lang\" value=\"$language\">";
echo "<input type=\"hidden\" name=\"pass\" value=\"$_POST[pass]\">";
echo "<input type=\"hidden\" name=\"view_mode\" value=\"$view_mode\">";
if($view_mode === 'single') {
echo "<p>$I[link]: <input name=\"addr\" size=\"30\" value=\"";
if ( isset( $_REQUEST[ 'addr' ] ) ) {
echo htmlspecialchars( $_REQUEST[ 'addr' ] );
}
echo '" required autofocus></p>';
} else {
echo '<table border="1"><tr><th>Select</th><th>Address</th><th>Description</th><th>Category</th><th>Status</th></tr>';
$stmt=$db->query('SELECT address, description, category, approved, locked FROM ' . PREFIX . "onions WHERE address!='';");
while($onion = $stmt->fetch(PDO::FETCH_ASSOC)){
echo '<tr><td><input type="checkbox" name="addr[]" value="'.$onion['address'].'"></td><td><a href="http://'.$onion['address'].'.onion" rel="noopener">'.$onion['address'].'.onion</a></td>';
echo "<td>$onion[description]</td><td>{$categories[$onion['category']]}</td><td>Approved: $onion[approved]<br>Locked: $onion[locked]</td></tr>";
}
echo '</table>';
}
echo '" required autofocus></p>';
echo "<p>$I[cloneof]: <input type=\"text\" name=\"original\" size=\"30\"";
if(isSet($_REQUEST['original'])){
echo ' value="'.htmlspecialchars($_REQUEST['original']).'"';
@ -49,7 +69,7 @@ if(!isSet($_POST['pass']) || $_POST['pass']!==ADMINPASS){
echo "<p>$I[adddesc]: <br><textarea name=\"desc\" rows=\"2\" cols=\"30\">";
if(!empty($_REQUEST['desc'])){
echo htmlspecialchars(trim($_REQUEST['desc']));
}elseif(isSet($_REQUEST['addr'])){
}elseif(isset($_REQUEST['addr']) && is_string($_REQUEST['addr'])){
if(preg_match('~(^(https?://)?([a-z2-7]{16}|[a-z2-7]{56})(\.onion(/.*)?)?$)~i', trim($_REQUEST['addr']), $addr)){
$addr=strtolower($addr[3]);
$md5=md5($addr, true);
@ -90,94 +110,107 @@ if(!isSet($_POST['pass']) || $_POST['pass']!==ADMINPASS){
echo "<td><input type=\"submit\" name=\"action\" value=\"$I[unphishing]\"></td>";
echo '</tr><tr>';
echo "<td><input type=\"submit\" name=\"action\" value=\"$I[update]\"></td>";
if(REQUIRE_APPROVAL) {
echo "<td><input type=\"submit\" name=\"action\" value=\"$I[reject]\"></td>";
echo "<td><input type=\"submit\" name=\"action\" value=\"$I[approve]\"></td>";
}
echo '</tr></table>';
echo '</form><br>';
if(!empty($_POST['addr'])){
if(!preg_match('~(^(https?://)?([a-z2-7]{16}|[a-z2-7]{56})(\.onion(/.*)?)?$)~i', trim($_POST['addr']), $addr)){
echo "<p class=\"red\">$I[invalonion]</p>";
}else{
$addr=strtolower($addr[3]);
$md5=md5($addr, true);
if($_POST['action']===$I['remove']){ //remove address from public display
$db->prepare('UPDATE ' . PREFIX . "onions SET address='', locked=1 WHERE md5sum=?;")->execute([$md5]);
echo "<p class=\"green\">$I[succremove]</p>";
}elseif($_POST['action']===$I['lock']){ //lock editing
$db->prepare('UPDATE ' . PREFIX . 'onions SET locked=1 WHERE md5sum=?;')->execute([$md5]);
echo "<p class=\"green\">$I[succlock]</p>";
}elseif($_POST['action']===$I['readd']){ //add onion back, if previously removed
$db->prepare('UPDATE ' . PREFIX . 'onions SET address=?, locked=1 WHERE md5sum=?;')->execute([$addr, $md5]);
echo "<p class=\"green\">$I[succreadd]</p>";
}elseif($_POST['action']===$I['unlock']){ //unlock editing
$db->prepare('UPDATE ' . PREFIX . 'onions SET locked=0 WHERE md5sum=?;')->execute([$md5]);
echo "<p class=\"green\">$I[succunlock]</p>";
}elseif($_POST['action']===$I['promote']){ //promote link for payed time
$stmt=$db->prepare('SELECT special FROM ' . PREFIX . 'onions WHERE md5sum=?;');
$stmt->execute([$md5]);
$specialtime=$stmt->fetch(PDO::FETCH_NUM);
if($specialtime[0]<time()){
$time=time()+(($_POST['btc']/PROMOTEPRICE)*PROMOTETIME);
}else{
$time=$specialtime[0]+(($_POST['btc']/PROMOTEPRICE)*PROMOTETIME);
}
$db->prepare('UPDATE ' . PREFIX . 'onions SET special=?, locked=1 WHERE md5sum=?;')->execute([$time, $md5]);
printf("<p class=\"green\">$I[succpromote]</p>", date('Y-m-d H:i', $time));
}elseif($_POST['action']===$I['unpromote']){ //remove promoted status
$db->prepare('UPDATE ' . PREFIX . 'onions SET special=0 WHERE md5sum=?;')->execute([$md5]);
echo "<p class=\"green\">$I[succunpromote]</p>";
}elseif($_POST['action']===$I['update']){ //update description
$stmt=$db->prepare('SELECT * FROM ' . PREFIX . 'onions WHERE md5sum=?;');
$stmt->execute([$md5]);
if($category===count($categories)){
$category=0;
}
if(!isSet($_POST['desc'])){
$desc='';
}else{
$desc=trim($_POST['desc']);
$desc=htmlspecialchars($desc);
$desc=preg_replace("/(\r?\n|\r\n?)/", '<br>', $desc);
}
if(!$stmt->fetch(PDO::FETCH_ASSOC)){ //not yet there, add it
$stmt=$db->prepare('INSERT INTO ' . PREFIX . 'onions (address, description, md5sum, category, timeadded, locked) VALUES (?, ?, ?, ?, ?, 1);');
$stmt->execute([$addr, $desc, $md5, $category, time()]);
echo "<p class=\"green\">$I[succadd]</p>";
}elseif($desc!=''){ //update description+category
$stmt=$db->prepare('UPDATE ' . PREFIX . 'onions SET description=?, category=?, locked=1 WHERE md5sum=?;');
$stmt->execute([$desc, $category, $md5]);
echo "<p class=\"green\">$I[succupddesc]</p>";
}elseif($category!=0){ //only update category
$stmt=$db->prepare('UPDATE ' . PREFIX . 'onions SET category=?, locked=1 WHERE md5sum=?;');
$stmt->execute([$category, $md5]);
echo "<p class=\"green\">$I[succupdcat]!</p>";
}else{ //no description or category change and already known
echo "<p class=\"green\">$I[alreadyknown]</p>";
}
}elseif($_POST['action']===$I['phishing']){//mark as phishing clone
if($_POST['original']!=='' && !preg_match('~(^(https?://)?([a-z2-7]{16}|[a-z2-7]{56})(\.onion(/.*)?)?$)~i', $_POST['original'], $orig)){
echo "<p class=\"red\">$I[invalonion]</p>";
}else{
if(isset($orig[3])){
$orig=strtolower($orig[3]);
}else{
$orig='';
$addrs = is_array($_POST['addr']) ? $_POST['addr'] : [$_POST['addr']];
foreach ($addrs as $addr_single) {
if ( ! preg_match( '~(^(https?://)?([a-z2-7]{16}|[a-z2-7]{56})(\.onion(/.*)?)?$)~i', trim( $addr_single ), $addr ) ) {
echo "<p class=\"red\">$I[invalonion]</p>";
} else {
$addr = strtolower( $addr[ 3 ] );
$md5 = md5( $addr, true );
if ( $_POST[ 'action' ] === $I[ 'remove' ] ) { //remove address from public display
$db->prepare( 'UPDATE ' . PREFIX . "onions SET address='', locked=1, approved=-1 WHERE md5sum=?;" )->execute( [ $md5 ] );
echo "<p class=\"green\">$I[succremove]</p>";
} elseif ( $_POST[ 'action' ] === $I[ 'lock' ] ) { //lock editing
$db->prepare( 'UPDATE ' . PREFIX . 'onions SET locked=1, approved=1 WHERE md5sum=?;' )->execute( [ $md5 ] );
echo "<p class=\"green\">$I[succlock]</p>";
} elseif ( $_POST[ 'action' ] === $I[ 'readd' ] ) { //add onion back, if previously removed
$db->prepare( 'UPDATE ' . PREFIX . 'onions SET address=?, locked=1, approved=1 WHERE md5sum=?;' )->execute( [ $addr, $md5 ] );
echo "<p class=\"green\">$I[succreadd]</p>";
} elseif ( $_POST[ 'action' ] === $I[ 'unlock' ] ) { //unlock editing
$db->prepare( 'UPDATE ' . PREFIX . 'onions SET locked=0, approved=1 WHERE md5sum=?;' )->execute( [ $md5 ] );
echo "<p class=\"green\">$I[succunlock]</p>";
} elseif ( $_POST[ 'action' ] === $I[ 'promote' ] ) { //promote link for payed time
$stmt = $db->prepare( 'SELECT special FROM ' . PREFIX . 'onions WHERE md5sum=?;' );
$stmt->execute( [ $md5 ] );
$specialtime = $stmt->fetch( PDO::FETCH_NUM );
if ( $specialtime[ 0 ] < time() ) {
$time = time() + ( ( $_POST[ 'btc' ] / PROMOTEPRICE ) * PROMOTETIME );
} else {
$time = $specialtime[ 0 ] + ( ( $_POST[ 'btc' ] / PROMOTEPRICE ) * PROMOTETIME );
}
if($orig!==$addr){
$stmt=$db->prepare('INSERT INTO ' . PREFIX . 'phishing (onion_id, original) VALUES ((SELECT id FROM ' . PREFIX . 'onions WHERE address=?), ?);');
$stmt->execute([$addr, $orig]);
$stmt=$db->prepare('UPDATE ' . PREFIX . 'onions SET locked=1 WHERE address=?;');
$stmt->execute([$addr]);
echo "<p class=\"green\">$I[succaddphish]</p>";
}else{
echo "<p class=\"red\">$I[samephish]</p>";
$db->prepare( 'UPDATE ' . PREFIX . 'onions SET special=?, locked=1, approved=1 WHERE md5sum=?;' )->execute( [ $time, $md5 ] );
printf( "<p class=\"green\">$I[succpromote]</p>", date( 'Y-m-d H:i', $time ) );
} elseif ( $_POST[ 'action' ] === $I[ 'unpromote' ] ) { //remove promoted status
$db->prepare( 'UPDATE ' . PREFIX . 'onions SET special=0 WHERE md5sum=?;' )->execute( [ $md5 ] );
echo "<p class=\"green\">$I[succunpromote]</p>";
} elseif ( $_POST[ 'action' ] === $I[ 'update' ] ) { //update description
$stmt = $db->prepare( 'SELECT * FROM ' . PREFIX . 'onions WHERE md5sum=?;' );
$stmt->execute( [ $md5 ] );
if ( $category === count( $categories ) ) {
$category = 0;
}
if ( ! isset( $_POST[ 'desc' ] ) ) {
$desc = '';
} else {
$desc = trim( $_POST[ 'desc' ] );
$desc = htmlspecialchars( $desc );
$desc = preg_replace( "/(\r?\n|\r\n?)/", '<br>', $desc );
}
if ( ! $stmt->fetch( PDO::FETCH_ASSOC ) ) { //not yet there, add it
$stmt = $db->prepare( 'INSERT INTO ' . PREFIX . 'onions (address, description, md5sum, category, timeadded, locked, approved) VALUES (?, ?, ?, ?, ?, 1, 1);' );
$stmt->execute( [ $addr, $desc, $md5, $category, time() ] );
echo "<p class=\"green\">$I[succadd]</p>";
} elseif ( $desc != '' ) { //update description+category
$stmt = $db->prepare( 'UPDATE ' . PREFIX . 'onions SET description=?, category=?, locked=1, approved=1 WHERE md5sum=?;' );
$stmt->execute( [ $desc, $category, $md5 ] );
echo "<p class=\"green\">$I[succupddesc]</p>";
} elseif ( $category != 0 ) { //only update category
$stmt = $db->prepare( 'UPDATE ' . PREFIX . 'onions SET category=?, locked=1, approved=1 WHERE md5sum=?;' );
$stmt->execute( [ $category, $md5 ] );
echo "<p class=\"green\">$I[succupdcat]!</p>";
} else { //no description or category change and already known
echo "<p class=\"green\">$I[alreadyknown]</p>";
}
} elseif ( $_POST[ 'action' ] === $I[ 'phishing' ] ) {//mark as phishing clone
if ( $_POST[ 'original' ] !== '' && ! preg_match( '~(^(https?://)?([a-z2-7]{16}|[a-z2-7]{56})(\.onion(/.*)?)?$)~i', $_POST[ 'original' ], $orig ) ) {
echo "<p class=\"red\">$I[invalonion]</p>";
} else {
if ( isset( $orig[ 3 ] ) ) {
$orig = strtolower( $orig[ 3 ] );
} else {
$orig = '';
}
if ( $orig !== $addr ) {
$stmt = $db->prepare( 'INSERT INTO ' . PREFIX . 'phishing (onion_id, original) VALUES ((SELECT id FROM ' . PREFIX . 'onions WHERE address=?), ?);' );
$stmt->execute( [ $addr, $orig ] );
$stmt = $db->prepare( 'UPDATE ' . PREFIX . 'onions SET locked=1, approved=1 WHERE address=?;' );
$stmt->execute( [ $addr ] );
echo "<p class=\"green\">$I[succaddphish]</p>";
} else {
echo "<p class=\"red\">$I[samephish]</p>";
}
}
} elseif ( $_POST[ 'action' ] === $I[ 'unphishing' ] ) { //remove phishing clone status
$stmt = $db->prepare( 'DELETE FROM ' . PREFIX . 'phishing WHERE onion_id=(SELECT id FROM ' . PREFIX . 'onions WHERE address=?);' );
$stmt->execute( [ $addr ] );
echo "<p class=\"green\">$I[succrmphish]</p>";
} elseif ( $_POST[ 'action' ] === $I[ 'reject' ] ) { //lock editing
$db->prepare( 'UPDATE ' . PREFIX . 'onions SET approved=-1 WHERE md5sum=?;' )->execute( [ $md5 ] );
echo "<p class=\"green\">$I[succlock]</p>";
} elseif ( $_POST[ 'action' ] === $I[ 'approve' ] ) { //lock editing
$db->prepare( 'UPDATE ' . PREFIX . 'onions SET approved=1 WHERE md5sum=?;' )->execute( [ $md5 ] );
echo "<p class=\"green\">$I[succlock]</p>";
} else { //no specific button was pressed
echo "<p class=\"red\">$I[noaction]</p>";
}
}elseif($_POST['action']===$I['unphishing']){ //remove phishing clone status
$stmt=$db->prepare('DELETE FROM ' . PREFIX . 'phishing WHERE onion_id=(SELECT id FROM ' . PREFIX . 'onions WHERE address=?);');
$stmt->execute([$addr]);
echo "<p class=\"green\">$I[succrmphish]</p>";
}else{ //no specific button was pressed
echo "<p class=\"red\">$I[noaction]</p>";
}
}
}

58
www/onions.php
View File

@ -18,8 +18,6 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
use JetBrains\PhpStorm\ExitPoint;
if($_SERVER['REQUEST_METHOD']==='HEAD'){
exit; // ignore headers, no further processing needed
}
@ -158,11 +156,15 @@ function send_html(){
echo "<ul class=\"list\"><li>$I[specialcat]:</li>";
$cat=count($categories);
$pages=1;
$admin_approval = '';
if(REQUIRE_APPROVAL){
$admin_approval = PREFIX . 'onions.approved = 1 AND';
}
foreach($special as $name=>$query){
if($cat===count($categories)+1){
$num[0]=PER_PAGE;
}else{
$num=$db->query('SELECT COUNT(*) FROM ' . PREFIX . "onions WHERE $query;")->fetch(PDO::FETCH_NUM);
$num=$db->query('SELECT COUNT(*) FROM ' . PREFIX . "onions WHERE $admin_approval $query;")->fetch(PDO::FETCH_NUM);
}
if($category==$cat){
echo " <li class=\"active\"><a href=\"?cat=$cat&amp;pg=$_REQUEST[newpg]&amp;lang=$language\" target=\"_self\">$name ($num[0])</a></li>";
@ -172,17 +174,24 @@ function send_html(){
}
++$cat;
}
$num=$db->query('SELECT COUNT(*) FROM ' . PREFIX . 'phishing, ' . PREFIX . 'onions WHERE ' . PREFIX . "onions.id=onion_id AND address!='' AND timediff<604800;")->fetch(PDO::FETCH_NUM);
$num=$db->query('SELECT COUNT(*) FROM ' . PREFIX . 'phishing, ' . PREFIX . 'onions WHERE ' . "$admin_approval " . PREFIX . "onions.id=onion_id AND address!='' AND timediff<604800;")->fetch(PDO::FETCH_NUM);
if($category==$cat){
echo " <li class=\"active\"><a href=\"?cat=$cat&amp;lang=$language\" target=\"_self\">$I[phishingclones] ($num[0])</a></li>";
}else{
echo " <li><a href=\"?cat=$cat&amp;lang=$language\" target=\"_self\">$I[phishingclones] ($num[0])</a></li>";
}
$num=$db->query('SELECT COUNT(*) FROM ' . PREFIX . "onions WHERE address='';")->fetch(PDO::FETCH_NUM);
echo " <li>$I[removed] ($num[0])</li></ul><br><br>";
echo " <li>$I[removed] ($num[0])</li>";
if(REQUIRE_APPROVAL) {
$num = $db->query( 'SELECT COUNT(*) FROM ' . PREFIX . "onions WHERE approved = 0 AND address!='';" )->fetch( PDO::FETCH_NUM );
echo " <li>$I[pendingapproval] ($num[0])</li>";
$num = $db->query( 'SELECT COUNT(*) FROM ' . PREFIX . "onions WHERE approved = -1 AND address!='';" )->fetch( PDO::FETCH_NUM );
echo " <li>$I[rejected] ($num[0])</li>";
}
echo '</ul><br><br>';
//List normal categories
echo "<ul class=\"list\"><li>$I[categories]:</li>";
$stmt=$db->prepare('SELECT COUNT(*) FROM ' . PREFIX . "onions WHERE category=? AND address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . 'phishing) AND timediff<604800;');
$stmt=$db->prepare('SELECT COUNT(*) FROM ' . PREFIX . "onions WHERE $admin_approval category=? AND address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . 'phishing) AND timediff<604800;');
foreach($categories as $cat=>$name){
$stmt->execute([$cat]);
$num=$stmt->fetch(PDO::FETCH_NUM);
@ -235,14 +244,12 @@ function send_html(){
$stmt=$db->prepare('INSERT INTO ' . PREFIX . 'onions (address, description, md5sum, category, timeadded) VALUES (?, ?, ?, ?, ?);');
$stmt->execute([$addr, $desc, $md5, $category, time()]);
echo "<p class=\"green\">$I[succadd]</p>";
// mail('daniel@tt3j2x4k5ycaa5zt.onion', 'New onion', "$addr.onion was added - $desc", "Content-Type: text/plain; charset=UTF-8\r\n");
}elseif($locked==1){//locked, not editable
echo "<p class=\"red\">$I[faillocked]</p>";
}elseif($desc!==''){//update description
$stmt=$db->prepare('UPDATE ' . PREFIX . 'onions SET description=?, category=? WHERE md5sum=?;');
$stmt->execute([$desc, $category, $md5]);
echo "<p class=\"green\">$I[succupddesc]</p>";
// mail('daniel@tt3j2x4k5ycaa5zt.onion', 'Updated onion', "$addr.onion was updated - $desc", "Content-Type: text/plain; charset=UTF-8\r\n");
}elseif($category!=0){//update category only
$stmt=$db->prepare('UPDATE ' . PREFIX . 'onions SET category=? WHERE md5sum=?;');
$stmt->execute([$category, $md5]);
@ -267,10 +274,10 @@ function send_html(){
$hidelocked='';
}
if($category>=count($categories)){
$stmt=$db->prepare('SELECT address, lasttest, lastup, timeadded, description, locked, special FROM ' . PREFIX . "onions WHERE address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . "phishing) AND timediff<604800 $hidelocked AND (description LIKE ? OR address LIKE ?) ORDER BY address;");
$stmt=$db->prepare('SELECT address, lasttest, lastup, timeadded, description, locked, special FROM ' . PREFIX . "onions WHERE $admin_approval address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . "phishing) AND timediff<604800 $hidelocked AND (description LIKE ? OR address LIKE ?) ORDER BY address;");
$stmt->execute([$query, $query]);
}else{
$stmt=$db->prepare('SELECT address, lasttest, lastup, timeadded, description, locked, special FROM ' . PREFIX . "onions WHERE address!='' AND category=? AND id NOT IN (SELECT onion_id FROM " . PREFIX . "phishing) AND timediff<604800 $hidelocked AND (description LIKE ? OR address LIKE ?) ORDER BY address;");
$stmt=$db->prepare('SELECT address, lasttest, lastup, timeadded, description, locked, special FROM ' . PREFIX . "onions WHERE $admin_approval address!='' AND category=? AND id NOT IN (SELECT onion_id FROM " . PREFIX . "phishing) AND timediff<604800 $hidelocked AND (description LIKE ? OR address LIKE ?) ORDER BY address;");
$stmt->execute([$category, $query, $query]);
}
$table=get_table($stmt, $numrows);
@ -293,7 +300,7 @@ function send_html(){
$query.=' LIMIT ' . PER_PAGE ." OFFSET $offset";
}
}
$stmt=$db->query('SELECT address, lasttest, lastup, timeadded, description, locked, special FROM ' . PREFIX . "onions WHERE $query;");
$stmt=$db->query('SELECT address, lasttest, lastup, timeadded, description, locked, special FROM ' . PREFIX . "onions WHERE $admin_approval $query;");
echo get_table($stmt, $numrows, true);
}else{//show normal categories
if($_REQUEST['pg']>0){
@ -302,7 +309,7 @@ function send_html(){
}else{
$offsetquery='';
}
$stmt=$db->prepare('SELECT address, lasttest, lastup, timeadded, description, locked, special FROM ' . PREFIX . "onions WHERE address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . "phishing) AND category=? AND timediff<604800 ORDER BY address$offsetquery;");
$stmt=$db->prepare('SELECT address, lasttest, lastup, timeadded, description, locked, special FROM ' . PREFIX . "onions WHERE $admin_approval address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . "phishing) AND category=? AND timediff<604800 ORDER BY address$offsetquery;");
$stmt->execute([$category]);
echo get_table($stmt, $numrows, true);
}
@ -315,11 +322,15 @@ function send_html(){
function get_table(PDOStatement $stmt, &$numrows=0, $promoted=false){
global $I, $db, $language;
$time=time();
$admin_approval = '';
if(REQUIRE_APPROVAL){
$admin_approval = PREFIX . 'onions.approved = 1 AND';
}
ob_start();
echo "<table id=\"maintable\" border=\"1\"><tr><th>$I[link]</th><th>$I[description]</th><th>$I[lasttested]</th><th>$I[lastup]</th><th>$I[timeadded]</th><th>$I[actions]</th></tr>";
if($promoted){//print promoted links at the top
$time=time();
$promo=$db->prepare('SELECT address, lasttest, lastup, timeadded, description, locked, special FROM ' . PREFIX . "onions WHERE special>? AND address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . 'phishing) AND timediff<604800 ORDER BY address;');
$promo=$db->prepare('SELECT address, lasttest, lastup, timeadded, description, locked, special FROM ' . PREFIX . "onions WHERE $admin_approval special>? AND address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . 'phishing) AND timediff<604800 ORDER BY address;');
$promo->execute([$time]);
while($link=$promo->fetch(PDO::FETCH_ASSOC)){
if($link['lastup']===$link['lasttest']){
@ -368,7 +379,6 @@ function get_table(PDOStatement $stmt, &$numrows=0, $promoted=false){
$edit="<form><input name=\"addr\" value=\"$link[address]\" type=\"hidden\"><input type=\"hidden\" name=\"pg\" value=\"$_REQUEST[newpg]\"><input type=\"hidden\" name=\"lang\" value=\"$language\"><input value=\"$I[edit]\" type=\"submit\"></form>";
}
echo "<tr class=\"$class\"><td><a href=\"http://$link[address].onion\">$link[address].onion</a></td><td>$link[description]</td><td>$lasttest</td><td>$lastup</td><td>$timeadded</td><td>$edit <form method=\"post\" action=\"test.php\"><input name=\"addr\" value=\"$link[address]\" type=\"hidden\"><input type=\"hidden\" name=\"lang\" value=\"$language\"><input value=\"$I[test]\" type=\"submit\"></form></td></tr>";
// echo "<tr class=\"$class\"><td><a href=\"http://$link[address].onion\">$link[address].onion</a></td><td>$link[description]</td><td>$edit</td><td>$lasttest</td><td>$lastup</td><td>$timeadded</td><td><form method=\"post\" action=\"test.php\"><input name=\"addr\" value=\"$link[address]\" type=\"hidden\"><input type=\"hidden\" name=\"lang\" value=\"$language\"><input value=\"$I[test]\" type=\"submit\"></form></td></tr>";
++$numrows;
}
echo '</table>';
@ -377,8 +387,12 @@ function get_table(PDOStatement $stmt, &$numrows=0, $promoted=false){
function print_phishing_table(){
global $I, $db;
$admin_approval = '';
if(REQUIRE_APPROVAL){
$admin_approval = 'approved = 1 AND';
}
echo "<table border=\"1\"><tr><th>$I[link]</th><th>$I[cloneof]</th><th>$I[lastup]</th></tr>";
$stmt=$db->query('SELECT address, original, lasttest, lastup FROM ' . PREFIX . 'onions, ' . PREFIX . 'phishing WHERE ' . PREFIX . "onions.id=onion_id AND address!='' AND timediff<604800 ORDER BY address;");
$stmt=$db->query('SELECT address, original, lasttest, lastup FROM ' . PREFIX . 'onions, ' . PREFIX . 'phishing WHERE ' . "$admin_approval " . PREFIX . "onions.id=onion_id AND address!='' AND timediff<604800 ORDER BY address;");
while($link=$stmt->fetch(PDO::FETCH_ASSOC)){
if($link['lastup']===$link['lasttest']){
$class='up';
@ -406,7 +420,11 @@ function send_text(){
die("$I[error]: $I[nodb]");
}
header('Content-Type: text/plain; charset=UTF-8');
$stmt=$db->query('SELECT address FROM ' . PREFIX . "onions WHERE address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . 'phishing) AND timediff<604800 ORDER BY address;');
$admin_approval = '';
if(REQUIRE_APPROVAL){
$admin_approval = 'approved = 1 AND';
}
$stmt=$db->query('SELECT address FROM ' . PREFIX . "onions WHERE $admin_approval address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . 'phishing) AND timediff<604800 ORDER BY address;');
while($tmp=$stmt->fetch(PDO::FETCH_NUM)){
echo "$tmp[0].onion\n";
}
@ -418,14 +436,18 @@ function send_json(){
die("$I[error]: $I[nodb]");
}
header('Content-Type: application/json;');
$admin_approval = '';
if(REQUIRE_APPROVAL){
$admin_approval = PREFIX . 'onions.approved = 1 AND';
}
$data=['categories'=>$categories];
$stmt=$db->query('SELECT address, category, description, locked, lastup, lasttest, timeadded FROM ' . PREFIX . "onions WHERE address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . 'phishing) AND timediff<604800 ORDER BY address;');
$stmt=$db->query('SELECT address, category, description, locked, lastup, lasttest, timeadded FROM ' . PREFIX . "onions WHERE $admin_approval address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . 'phishing) AND timediff<604800 ORDER BY address;');
$data['onions']=$stmt->fetchALL(PDO::FETCH_ASSOC);
$stmt=$db->query('SELECT md5sum FROM ' . PREFIX . "onions WHERE address='';");
while($tmp=$stmt->fetch(PDO::FETCH_ASSOC)){
$data['removed'][]=bin2hex($tmp['md5sum']);
}
$stmt=$db->query('SELECT address, original FROM ' . PREFIX . 'onions, ' . PREFIX . 'phishing WHERE onion_id=' . PREFIX . "onions.id AND address!='' AND timediff<604800 ORDER BY address;");
$stmt=$db->query('SELECT address, original FROM ' . PREFIX . 'onions, ' . PREFIX . 'phishing WHERE onion_id=' . PREFIX . "onions.id AND $admin_approval address!='' AND timediff<604800 ORDER BY address;");
$data['phishing']=$stmt->fetchALL(PDO::FETCH_ASSOC);
echo json_encode($data);
}