Add admin approval
This commit is contained in:
Daniel Winzen
205
www/admin.php
205
www/admin.php
@ -28,14 +28,34 @@ if(!isSet($_POST['pass']) || $_POST['pass']!==ADMINPASS){
|
||||
echo "<p class=\"red\">$I[wrongpass]</p>";
|
||||
}
|
||||
}else{
|
||||
$view_mode = isset($_POST['view_mode']) ? $_POST['view_mode'] : 'single';
|
||||
if(isset($_POST['switch_view_mode'])){
|
||||
$view_mode = $view_mode === 'single' ? 'multi' : 'single';
|
||||
}
|
||||
echo "<form action=\"$_SERVER[SCRIPT_NAME]\" method=\"POST\">";
|
||||
echo "<input type=\"hidden\" name=\"lang\" value=\"$language\">";
|
||||
echo "<input type=\"hidden\" name=\"pass\" value=\"$_POST[pass]\">";
|
||||
echo "<p>$I[link]: <input name=\"addr\" size=\"30\" value=\"";
|
||||
if(isSet($_REQUEST['addr'])){
|
||||
echo htmlspecialchars($_REQUEST['addr']);
|
||||
echo "<input type=\"hidden\" name=\"view_mode\" value=\"$view_mode\">";
|
||||
echo "<br><input type=\"submit\" name=\"switch_view_mode\" value=\"$I[switchviewmode]\"></form>";
|
||||
echo "<form action=\"$_SERVER[SCRIPT_NAME]\" method=\"POST\">";
|
||||
echo "<input type=\"hidden\" name=\"lang\" value=\"$language\">";
|
||||
echo "<input type=\"hidden\" name=\"pass\" value=\"$_POST[pass]\">";
|
||||
echo "<input type=\"hidden\" name=\"view_mode\" value=\"$view_mode\">";
|
||||
if($view_mode === 'single') {
|
||||
echo "<p>$I[link]: <input name=\"addr\" size=\"30\" value=\"";
|
||||
if ( isset( $_REQUEST[ 'addr' ] ) ) {
|
||||
echo htmlspecialchars( $_REQUEST[ 'addr' ] );
|
||||
}
|
||||
echo '" required autofocus></p>';
|
||||
} else {
|
||||
echo '<table border="1"><tr><th>Select</th><th>Address</th><th>Description</th><th>Category</th><th>Status</th></tr>';
|
||||
$stmt=$db->query('SELECT address, description, category, approved, locked FROM ' . PREFIX . "onions WHERE address!='';");
|
||||
while($onion = $stmt->fetch(PDO::FETCH_ASSOC)){
|
||||
echo '<tr><td><input type="checkbox" name="addr[]" value="'.$onion['address'].'"></td><td><a href="http://'.$onion['address'].'.onion" rel="noopener">'.$onion['address'].'.onion</a></td>';
|
||||
echo "<td>$onion[description]</td><td>{$categories[$onion['category']]}</td><td>Approved: $onion[approved]<br>Locked: $onion[locked]</td></tr>";
|
||||
}
|
||||
echo '</table>';
|
||||
}
|
||||
echo '" required autofocus></p>';
|
||||
echo "<p>$I[cloneof]: <input type=\"text\" name=\"original\" size=\"30\"";
|
||||
if(isSet($_REQUEST['original'])){
|
||||
echo ' value="'.htmlspecialchars($_REQUEST['original']).'"';
|
||||
@ -49,7 +69,7 @@ if(!isSet($_POST['pass']) || $_POST['pass']!==ADMINPASS){
|
||||
echo "<p>$I[adddesc]: <br><textarea name=\"desc\" rows=\"2\" cols=\"30\">";
|
||||
if(!empty($_REQUEST['desc'])){
|
||||
echo htmlspecialchars(trim($_REQUEST['desc']));
|
||||
}elseif(isSet($_REQUEST['addr'])){
|
||||
}elseif(isset($_REQUEST['addr']) && is_string($_REQUEST['addr'])){
|
||||
if(preg_match('~(^(https?://)?([a-z2-7]{16}|[a-z2-7]{56})(\.onion(/.*)?)?$)~i', trim($_REQUEST['addr']), $addr)){
|
||||
$addr=strtolower($addr[3]);
|
||||
$md5=md5($addr, true);
|
||||
@ -90,94 +110,107 @@ if(!isSet($_POST['pass']) || $_POST['pass']!==ADMINPASS){
|
||||
echo "<td><input type=\"submit\" name=\"action\" value=\"$I[unphishing]\"></td>";
|
||||
echo '</tr><tr>';
|
||||
echo "<td><input type=\"submit\" name=\"action\" value=\"$I[update]\"></td>";
|
||||
if(REQUIRE_APPROVAL) {
|
||||
echo "<td><input type=\"submit\" name=\"action\" value=\"$I[reject]\"></td>";
|
||||
echo "<td><input type=\"submit\" name=\"action\" value=\"$I[approve]\"></td>";
|
||||
}
|
||||
echo '</tr></table>';
|
||||
echo '</form><br>';
|
||||
|
||||
if(!empty($_POST['addr'])){
|
||||
if(!preg_match('~(^(https?://)?([a-z2-7]{16}|[a-z2-7]{56})(\.onion(/.*)?)?$)~i', trim($_POST['addr']), $addr)){
|
||||
echo "<p class=\"red\">$I[invalonion]</p>";
|
||||
}else{
|
||||
$addr=strtolower($addr[3]);
|
||||
$md5=md5($addr, true);
|
||||
if($_POST['action']===$I['remove']){ //remove address from public display
|
||||
$db->prepare('UPDATE ' . PREFIX . "onions SET address='', locked=1 WHERE md5sum=?;")->execute([$md5]);
|
||||
echo "<p class=\"green\">$I[succremove]</p>";
|
||||
}elseif($_POST['action']===$I['lock']){ //lock editing
|
||||
$db->prepare('UPDATE ' . PREFIX . 'onions SET locked=1 WHERE md5sum=?;')->execute([$md5]);
|
||||
echo "<p class=\"green\">$I[succlock]</p>";
|
||||
}elseif($_POST['action']===$I['readd']){ //add onion back, if previously removed
|
||||
$db->prepare('UPDATE ' . PREFIX . 'onions SET address=?, locked=1 WHERE md5sum=?;')->execute([$addr, $md5]);
|
||||
echo "<p class=\"green\">$I[succreadd]</p>";
|
||||
}elseif($_POST['action']===$I['unlock']){ //unlock editing
|
||||
$db->prepare('UPDATE ' . PREFIX . 'onions SET locked=0 WHERE md5sum=?;')->execute([$md5]);
|
||||
echo "<p class=\"green\">$I[succunlock]</p>";
|
||||
}elseif($_POST['action']===$I['promote']){ //promote link for payed time
|
||||
$stmt=$db->prepare('SELECT special FROM ' . PREFIX . 'onions WHERE md5sum=?;');
|
||||
$stmt->execute([$md5]);
|
||||
$specialtime=$stmt->fetch(PDO::FETCH_NUM);
|
||||
if($specialtime[0]<time()){
|
||||
$time=time()+(($_POST['btc']/PROMOTEPRICE)*PROMOTETIME);
|
||||
}else{
|
||||
$time=$specialtime[0]+(($_POST['btc']/PROMOTEPRICE)*PROMOTETIME);
|
||||
}
|
||||
$db->prepare('UPDATE ' . PREFIX . 'onions SET special=?, locked=1 WHERE md5sum=?;')->execute([$time, $md5]);
|
||||
printf("<p class=\"green\">$I[succpromote]</p>", date('Y-m-d H:i', $time));
|
||||
}elseif($_POST['action']===$I['unpromote']){ //remove promoted status
|
||||
$db->prepare('UPDATE ' . PREFIX . 'onions SET special=0 WHERE md5sum=?;')->execute([$md5]);
|
||||
echo "<p class=\"green\">$I[succunpromote]</p>";
|
||||
}elseif($_POST['action']===$I['update']){ //update description
|
||||
$stmt=$db->prepare('SELECT * FROM ' . PREFIX . 'onions WHERE md5sum=?;');
|
||||
$stmt->execute([$md5]);
|
||||
if($category===count($categories)){
|
||||
$category=0;
|
||||
}
|
||||
if(!isSet($_POST['desc'])){
|
||||
$desc='';
|
||||
}else{
|
||||
$desc=trim($_POST['desc']);
|
||||
$desc=htmlspecialchars($desc);
|
||||
$desc=preg_replace("/(\r?\n|\r\n?)/", '<br>', $desc);
|
||||
}
|
||||
if(!$stmt->fetch(PDO::FETCH_ASSOC)){ //not yet there, add it
|
||||
$stmt=$db->prepare('INSERT INTO ' . PREFIX . 'onions (address, description, md5sum, category, timeadded, locked) VALUES (?, ?, ?, ?, ?, 1);');
|
||||
$stmt->execute([$addr, $desc, $md5, $category, time()]);
|
||||
echo "<p class=\"green\">$I[succadd]</p>";
|
||||
}elseif($desc!=''){ //update description+category
|
||||
$stmt=$db->prepare('UPDATE ' . PREFIX . 'onions SET description=?, category=?, locked=1 WHERE md5sum=?;');
|
||||
$stmt->execute([$desc, $category, $md5]);
|
||||
echo "<p class=\"green\">$I[succupddesc]</p>";
|
||||
}elseif($category!=0){ //only update category
|
||||
$stmt=$db->prepare('UPDATE ' . PREFIX . 'onions SET category=?, locked=1 WHERE md5sum=?;');
|
||||
$stmt->execute([$category, $md5]);
|
||||
echo "<p class=\"green\">$I[succupdcat]!</p>";
|
||||
}else{ //no description or category change and already known
|
||||
echo "<p class=\"green\">$I[alreadyknown]</p>";
|
||||
}
|
||||
}elseif($_POST['action']===$I['phishing']){//mark as phishing clone
|
||||
if($_POST['original']!=='' && !preg_match('~(^(https?://)?([a-z2-7]{16}|[a-z2-7]{56})(\.onion(/.*)?)?$)~i', $_POST['original'], $orig)){
|
||||
echo "<p class=\"red\">$I[invalonion]</p>";
|
||||
}else{
|
||||
if(isset($orig[3])){
|
||||
$orig=strtolower($orig[3]);
|
||||
}else{
|
||||
$orig='';
|
||||
$addrs = is_array($_POST['addr']) ? $_POST['addr'] : [$_POST['addr']];
|
||||
foreach ($addrs as $addr_single) {
|
||||
if ( ! preg_match( '~(^(https?://)?([a-z2-7]{16}|[a-z2-7]{56})(\.onion(/.*)?)?$)~i', trim( $addr_single ), $addr ) ) {
|
||||
echo "<p class=\"red\">$I[invalonion]</p>";
|
||||
} else {
|
||||
$addr = strtolower( $addr[ 3 ] );
|
||||
$md5 = md5( $addr, true );
|
||||
if ( $_POST[ 'action' ] === $I[ 'remove' ] ) { //remove address from public display
|
||||
$db->prepare( 'UPDATE ' . PREFIX . "onions SET address='', locked=1, approved=-1 WHERE md5sum=?;" )->execute( [ $md5 ] );
|
||||
echo "<p class=\"green\">$I[succremove]</p>";
|
||||
} elseif ( $_POST[ 'action' ] === $I[ 'lock' ] ) { //lock editing
|
||||
$db->prepare( 'UPDATE ' . PREFIX . 'onions SET locked=1, approved=1 WHERE md5sum=?;' )->execute( [ $md5 ] );
|
||||
echo "<p class=\"green\">$I[succlock]</p>";
|
||||
} elseif ( $_POST[ 'action' ] === $I[ 'readd' ] ) { //add onion back, if previously removed
|
||||
$db->prepare( 'UPDATE ' . PREFIX . 'onions SET address=?, locked=1, approved=1 WHERE md5sum=?;' )->execute( [ $addr, $md5 ] );
|
||||
echo "<p class=\"green\">$I[succreadd]</p>";
|
||||
} elseif ( $_POST[ 'action' ] === $I[ 'unlock' ] ) { //unlock editing
|
||||
$db->prepare( 'UPDATE ' . PREFIX . 'onions SET locked=0, approved=1 WHERE md5sum=?;' )->execute( [ $md5 ] );
|
||||
echo "<p class=\"green\">$I[succunlock]</p>";
|
||||
} elseif ( $_POST[ 'action' ] === $I[ 'promote' ] ) { //promote link for payed time
|
||||
$stmt = $db->prepare( 'SELECT special FROM ' . PREFIX . 'onions WHERE md5sum=?;' );
|
||||
$stmt->execute( [ $md5 ] );
|
||||
$specialtime = $stmt->fetch( PDO::FETCH_NUM );
|
||||
if ( $specialtime[ 0 ] < time() ) {
|
||||
$time = time() + ( ( $_POST[ 'btc' ] / PROMOTEPRICE ) * PROMOTETIME );
|
||||
} else {
|
||||
$time = $specialtime[ 0 ] + ( ( $_POST[ 'btc' ] / PROMOTEPRICE ) * PROMOTETIME );
|
||||
}
|
||||
if($orig!==$addr){
|
||||
$stmt=$db->prepare('INSERT INTO ' . PREFIX . 'phishing (onion_id, original) VALUES ((SELECT id FROM ' . PREFIX . 'onions WHERE address=?), ?);');
|
||||
$stmt->execute([$addr, $orig]);
|
||||
$stmt=$db->prepare('UPDATE ' . PREFIX . 'onions SET locked=1 WHERE address=?;');
|
||||
$stmt->execute([$addr]);
|
||||
echo "<p class=\"green\">$I[succaddphish]</p>";
|
||||
}else{
|
||||
echo "<p class=\"red\">$I[samephish]</p>";
|
||||
$db->prepare( 'UPDATE ' . PREFIX . 'onions SET special=?, locked=1, approved=1 WHERE md5sum=?;' )->execute( [ $time, $md5 ] );
|
||||
printf( "<p class=\"green\">$I[succpromote]</p>", date( 'Y-m-d H:i', $time ) );
|
||||
} elseif ( $_POST[ 'action' ] === $I[ 'unpromote' ] ) { //remove promoted status
|
||||
$db->prepare( 'UPDATE ' . PREFIX . 'onions SET special=0 WHERE md5sum=?;' )->execute( [ $md5 ] );
|
||||
echo "<p class=\"green\">$I[succunpromote]</p>";
|
||||
} elseif ( $_POST[ 'action' ] === $I[ 'update' ] ) { //update description
|
||||
$stmt = $db->prepare( 'SELECT * FROM ' . PREFIX . 'onions WHERE md5sum=?;' );
|
||||
$stmt->execute( [ $md5 ] );
|
||||
if ( $category === count( $categories ) ) {
|
||||
$category = 0;
|
||||
}
|
||||
if ( ! isset( $_POST[ 'desc' ] ) ) {
|
||||
$desc = '';
|
||||
} else {
|
||||
$desc = trim( $_POST[ 'desc' ] );
|
||||
$desc = htmlspecialchars( $desc );
|
||||
$desc = preg_replace( "/(\r?\n|\r\n?)/", '<br>', $desc );
|
||||
}
|
||||
if ( ! $stmt->fetch( PDO::FETCH_ASSOC ) ) { //not yet there, add it
|
||||
$stmt = $db->prepare( 'INSERT INTO ' . PREFIX . 'onions (address, description, md5sum, category, timeadded, locked, approved) VALUES (?, ?, ?, ?, ?, 1, 1);' );
|
||||
$stmt->execute( [ $addr, $desc, $md5, $category, time() ] );
|
||||
echo "<p class=\"green\">$I[succadd]</p>";
|
||||
} elseif ( $desc != '' ) { //update description+category
|
||||
$stmt = $db->prepare( 'UPDATE ' . PREFIX . 'onions SET description=?, category=?, locked=1, approved=1 WHERE md5sum=?;' );
|
||||
$stmt->execute( [ $desc, $category, $md5 ] );
|
||||
echo "<p class=\"green\">$I[succupddesc]</p>";
|
||||
} elseif ( $category != 0 ) { //only update category
|
||||
$stmt = $db->prepare( 'UPDATE ' . PREFIX . 'onions SET category=?, locked=1, approved=1 WHERE md5sum=?;' );
|
||||
$stmt->execute( [ $category, $md5 ] );
|
||||
echo "<p class=\"green\">$I[succupdcat]!</p>";
|
||||
} else { //no description or category change and already known
|
||||
echo "<p class=\"green\">$I[alreadyknown]</p>";
|
||||
}
|
||||
} elseif ( $_POST[ 'action' ] === $I[ 'phishing' ] ) {//mark as phishing clone
|
||||
if ( $_POST[ 'original' ] !== '' && ! preg_match( '~(^(https?://)?([a-z2-7]{16}|[a-z2-7]{56})(\.onion(/.*)?)?$)~i', $_POST[ 'original' ], $orig ) ) {
|
||||
echo "<p class=\"red\">$I[invalonion]</p>";
|
||||
} else {
|
||||
if ( isset( $orig[ 3 ] ) ) {
|
||||
$orig = strtolower( $orig[ 3 ] );
|
||||
} else {
|
||||
$orig = '';
|
||||
}
|
||||
if ( $orig !== $addr ) {
|
||||
$stmt = $db->prepare( 'INSERT INTO ' . PREFIX . 'phishing (onion_id, original) VALUES ((SELECT id FROM ' . PREFIX . 'onions WHERE address=?), ?);' );
|
||||
$stmt->execute( [ $addr, $orig ] );
|
||||
$stmt = $db->prepare( 'UPDATE ' . PREFIX . 'onions SET locked=1, approved=1 WHERE address=?;' );
|
||||
$stmt->execute( [ $addr ] );
|
||||
echo "<p class=\"green\">$I[succaddphish]</p>";
|
||||
} else {
|
||||
echo "<p class=\"red\">$I[samephish]</p>";
|
||||
}
|
||||
}
|
||||
} elseif ( $_POST[ 'action' ] === $I[ 'unphishing' ] ) { //remove phishing clone status
|
||||
$stmt = $db->prepare( 'DELETE FROM ' . PREFIX . 'phishing WHERE onion_id=(SELECT id FROM ' . PREFIX . 'onions WHERE address=?);' );
|
||||
$stmt->execute( [ $addr ] );
|
||||
echo "<p class=\"green\">$I[succrmphish]</p>";
|
||||
} elseif ( $_POST[ 'action' ] === $I[ 'reject' ] ) { //lock editing
|
||||
$db->prepare( 'UPDATE ' . PREFIX . 'onions SET approved=-1 WHERE md5sum=?;' )->execute( [ $md5 ] );
|
||||
echo "<p class=\"green\">$I[succlock]</p>";
|
||||
} elseif ( $_POST[ 'action' ] === $I[ 'approve' ] ) { //lock editing
|
||||
$db->prepare( 'UPDATE ' . PREFIX . 'onions SET approved=1 WHERE md5sum=?;' )->execute( [ $md5 ] );
|
||||
echo "<p class=\"green\">$I[succlock]</p>";
|
||||
} else { //no specific button was pressed
|
||||
echo "<p class=\"red\">$I[noaction]</p>";
|
||||
}
|
||||
}elseif($_POST['action']===$I['unphishing']){ //remove phishing clone status
|
||||
$stmt=$db->prepare('DELETE FROM ' . PREFIX . 'phishing WHERE onion_id=(SELECT id FROM ' . PREFIX . 'onions WHERE address=?);');
|
||||
$stmt->execute([$addr]);
|
||||
echo "<p class=\"green\">$I[succrmphish]</p>";
|
||||
}else{ //no specific button was pressed
|
||||
echo "<p class=\"red\">$I[noaction]</p>";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user