diff --git a/cron/phishing_tests.php b/cron/phishing_tests.php
index 2a70549..96303eb 100644
--- a/cron/phishing_tests.php
+++ b/cron/phishing_tests.php
@@ -25,8 +25,8 @@ function check(string $link, string $phishing_link){
$select=$db->prepare('SELECT id FROM ' . PREFIX . 'onions WHERE md5sum=?;');
$insert=$db->prepare('INSERT INTO ' . PREFIX . 'onions (address, md5sum, timeadded, timechanged) VALUES (?, ?, ?, ?);');
$update=$db->prepare('UPDATE ' . PREFIX . 'onions SET locked=1, timechanged=? WHERE md5sum=?;');
- preg_match_all('~(https?://)?([a-z0-9]*\.)?([a-z2-7]{16}|[a-z2-7]{56}).onion(/[^\s><"]*)?~i', $links, $addr);
- preg_match_all('~(https?://)?([a-z0-9]*\.)?([a-z2-7]{16}|[a-z2-7]{56}).onion(/[^\s><"]*)?~i', $phishing_links, $phishing_addr);
+ preg_match_all('~(https?://)?([a-z0-9]*\.)?([a-z2-7]{55}d).onion(/[^\s><"]*)?~i', $links, $addr);
+ preg_match_all('~(https?://)?([a-z0-9]*\.)?([a-z2-7]{55}d).onion(/[^\s><"]*)?~i', $phishing_links, $phishing_addr);
$count=count($addr[3]);
if($count===count($phishing_addr[3])){ //only run with same data set
$time = time();
diff --git a/cron/tests.php b/cron/tests.php
index f5d6a51..29ed8e8 100644
--- a/cron/tests.php
+++ b/cron/tests.php
@@ -68,7 +68,7 @@ foreach($curl_handles as $handle){
}
$stmt->execute([$onion['id']]);
if(!$stmt->fetch(PDO::FETCH_NUM)){
- if(preg_match('~^HTTP/1\.[10] 504 Connect to ([a-z2-7]{16}|[a-z2-7]{56})\.onion(:80)? failed: SOCKS error: host unreachable~', $content, $match)){
+ if(preg_match('~^HTTP/1\.[10] 504 Connect to ([a-z2-7]{55}d)\.onion(:80)? failed: SOCKS error: host unreachable~', $content, $match)){
$phishing_stmt->execute([$onion['id'], $match[2]]);
$update_phishing_stmt->execute([$time, $onion['md5sum']]);
}elseif(strpos($content, "HttpReadDisconnect('Server disconnected',)")!==false){
diff --git a/cron/update.php b/cron/update.php
index f5e3176..c9b2f7e 100644
--- a/cron/update.php
+++ b/cron/update.php
@@ -15,7 +15,6 @@ $scanned_onions=[];
//sources to get links from
check_links($onions, $ch, 'https://tt3j2x4k5ycaa5zt.onion.link/antanistaticmap/stats/yesterday');
check_links($onions, $ch, 'https://tt3j2x4k5ycaa5zt.tor2web.io/antanistaticmap/stats/yesterday');
-check_links($onions, $ch, 'http://visitorfi5kl7q7i.onion/address/');
check_links($onions, $ch, 'http://3bbad7fauom4d6sgppalyqddsqbf5u5p56b5k5uk2zxsy3d6ey2jobad.onion/discover');
check_links($onions, $ch, 'http://tor66sewebgixwhcqfnp5inzp5x5uohhdy3kvtnyfxc2e5mxiuh34iid.onion/fresh');
check_links($onions, $ch, 'https://crt.sh/?q=.onion&exclude=expired&deduplicate=Y');
@@ -34,7 +33,7 @@ $db->exec('DELETE FROM ' . PREFIX . "onions WHERE address!='' AND timediff>24192
function check_links(array &$onions, $ch, string $link_to_check, bool $scan_children = false, array &$scanned_onoins = []){
curl_setopt($ch, CURLOPT_URL, $link_to_check);
$links=curl_exec($ch);
- if(preg_match_all('~(https?://)?([a-z0-9]*\.)?([a-z2-7]{16}|[a-z2-7]{56}).onion(/[^\s><"]*)?~i', $links, $addr)){
+ if(preg_match_all('~(https?://)?([a-z0-9]*\.)?([a-z2-7]{55}d).onion(/[^\s><"]*)?~i', $links, $addr)){
$mh = null;
$curl_handles = [];
if($scan_children){
@@ -65,7 +64,7 @@ function check_links(array &$onions, $ch, string $link_to_check, bool $scan_chil
} while ($active && $status == CURLM_OK);
foreach($curl_handles as $handle){
$content = curl_multi_getcontent($handle);
- if(preg_match_all('~(https?://)?([a-z0-9]*\.)?([a-z2-7]{16}|[a-z2-7]{56}).onion(/[^\s><"]*)?~i', $content, $addr)){
+ if(preg_match_all('~(https?://)?([a-z0-9]*\.)?([a-z2-7]{55}d).onion(/[^\s><"]*)?~i', $content, $addr)){
foreach($addr[3] as $link){
$link=strtolower($link);
$md5=md5($link, true);
diff --git a/helpers/fill_unknown_phishing.php b/helpers/fill_unknown_phishing.php
index 16214d6..64e8250 100644
--- a/helpers/fill_unknown_phishing.php
+++ b/helpers/fill_unknown_phishing.php
@@ -20,7 +20,7 @@ $stmt=$db->prepare('UPDATE phishing, onions SET phishing.original=?, onions.time
foreach($onions as $onion){
curl_setopt($ch, CURLOPT_URL, "http://$onion[address].onion/");
if(($site=curl_exec($ch))!==false){
- preg_match('~(https?://)?([a-z0-9]*\.)?([a-z2-7]{16}|[a-z2-7]{56}).onion(/[^\s><"]*)?~i', $site, $addr);
+ preg_match('~(https?://)?([a-z0-9]*\.)?([a-z2-7]{55}d).onion(/[^\s><"]*)?~i', $site, $addr);
if($addr[3]!='' && $addr[3]!==$onion['address']){
echo "scam: $onion[address] - original: $addr[3]\n";
$stmt->execute([$addr[3], time(), $onion['address']]);
diff --git a/helpers/tmp7.php b/helpers/tmp7.php
index 8859e35..5cb6e59 100644
--- a/helpers/tmp7.php
+++ b/helpers/tmp7.php
@@ -20,7 +20,7 @@ for($i = 1; $i < 213; ++$i){
$header = substr($response, 0, $header_size);
$body = substr($response, $header_size);
curl_close($ch);
- if(preg_match('~(https?://)?([a-z0-9]*\.)?([a-z2-7]{16}|[a-z2-7]{56}).onion(/[^\s><"]*)?~i', $header, $addr)){
+ if(preg_match('~(https?://)?([a-z0-9]*\.)?([a-z2-7]{55}d).onion(/[^\s><"]*)?~i', $header, $addr)){
$time = time();
$onion_addr = strtolower($addr[3]);
$md5 = md5($onion_addr, true);
diff --git a/www/admin.php b/www/admin.php
index d6fc6c0..1da906d 100644
--- a/www/admin.php
+++ b/www/admin.php
@@ -43,7 +43,7 @@ if(!isset($_POST['pass']) || $_POST['pass']!==ADMINPASS){
if(!empty($_POST['addr'])){
$addrs = is_array($_POST['addr']) ? $_POST['addr'] : [$_POST['addr']];
foreach ($addrs as $addr_single) {
- if ( ! preg_match( '~(^(https?://)?([a-z2-7]{16}|[a-z2-7]{56})(\.onion(/.*)?)?$)~i', trim( $addr_single ), $addr ) ) {
+ if ( ! preg_match( '~(^(https?://)?([a-z2-7]{55}d)(\.onion(/.*)?)?$)~i', trim( $addr_single ), $addr ) ) {
$msg .= "$I[invalonion]
";
} else {
$addr = strtolower( $addr[ 3 ] );
@@ -103,7 +103,7 @@ if(!isset($_POST['pass']) || $_POST['pass']!==ADMINPASS){
$msg .= "$I[alreadyknown]
";
}
} elseif ( $_POST[ 'action' ] === $I[ 'phishing' ] ) {//mark as phishing clone
- if ( $_POST[ 'original' ] !== '' && ! preg_match( '~(^(https?://)?([a-z2-7]{16}|[a-z2-7]{56})(\.onion(/.*)?)?$)~i', $_POST[ 'original' ], $orig ) ) {
+ if ( $_POST[ 'original' ] !== '' && ! preg_match( '~(^(https?://)?([a-z2-7]{55}d)(\.onion(/.*)?)?$)~i', $_POST[ 'original' ], $orig ) ) {
$msg .= "$I[invalonion]
";
} else {
if ( isset( $orig[ 3 ] ) ) {
@@ -181,7 +181,7 @@ if(!isset($_POST['pass']) || $_POST['pass']!==ADMINPASS){
if(!empty($_REQUEST['desc'])){
echo htmlspecialchars(trim($_REQUEST['desc']));
}elseif(isset($_REQUEST['addr']) && is_string($_REQUEST['addr'])){
- if(preg_match('~(^(https?://)?([a-z2-7]{16}|[a-z2-7]{56})(\.onion(/.*)?)?$)~i', trim($_REQUEST['addr']), $addr)){
+ if(preg_match('~(^(https?://)?([a-z2-7]{55}d)(\.onion(/.*)?)?$)~i', trim($_REQUEST['addr']), $addr)){
$addr=strtolower($addr[3]);
$md5=md5($addr, true);
$stmt=$db->prepare('SELECT description, category FROM ' . PREFIX . 'onions WHERE md5sum=?;');
diff --git a/www/onions.php b/www/onions.php
index 529ff70..d5f843e 100644
--- a/www/onions.php
+++ b/www/onions.php
@@ -145,7 +145,7 @@ function send_html(){
if(!empty($_REQUEST['desc'])){//use posted description
echo htmlspecialchars(trim($_REQUEST['desc']));
}elseif(!empty($_REQUEST['addr'])){//fetch description from database
- if(preg_match('~(^(https?://)?([a-z0-9]*\.)?([a-z2-7]{16}|[a-z2-7]{56})(\.onion(/.*)?)?$)~i', trim($_REQUEST['addr']), $addr)){
+ if(preg_match('~(^(https?://)?([a-z0-9]*\.)?([a-z2-7]{55}d)(\.onion(/.*)?)?$)~i', trim($_REQUEST['addr']), $addr)){
$addr=strtolower($addr[4]);
$md5=md5($addr, true);
$stmt=$db->prepare('SELECT description, category FROM ' . PREFIX . 'onions WHERE md5sum=?;');
@@ -232,7 +232,7 @@ function send_html(){
}
echo '';
if($_SERVER['REQUEST_METHOD']==='POST' && !empty($_REQUEST['addr'])){
- if(!preg_match('~(^(https?://)?([a-z0-9]*\.)?([a-z2-7]{16}|[a-z2-7]{56})(\.onion(/.*)?)?$)~i', trim($_REQUEST['addr']), $addr)){
+ if(!preg_match('~(^(https?://)?([a-z0-9]*\.)?([a-z2-7]{55}d)(\.onion(/.*)?)?$)~i', trim($_REQUEST['addr']), $addr)){
echo "$I[invalonion]
";
echo "$I[valid]: http://tt3j2x4k5ycaa5zt.onion
";
}else{
diff --git a/www/test.php b/www/test.php
index e8ccbf7..f528d9f 100644
--- a/www/test.php
+++ b/www/test.php
@@ -38,7 +38,7 @@ if(!empty($_REQUEST['addr'])){
http_response_code(500);
die($I['nodb']);
}
- if(!preg_match('~(^(https?://)?([a-z0-9]*\.)?([a-z2-7]{16}|[a-z2-7]{56})(\.onion(/.*)?)?$)~i', trim($_REQUEST['addr']), $addr)){
+ if(!preg_match('~(^(https?://)?([a-z0-9]*\.)?([a-z2-7]{55}d)(\.onion(/.*)?)?$)~i', trim($_REQUEST['addr']), $addr)){
echo "$I[invalonion]
";
}else{
$ch=curl_init();