danwin1210/onion-link-list
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Prefer single quotes to reduce amount of escaping necessary

Browse Source
This commit is contained in:
Daniel Winzen
2022-12-28 00:26:40 +01:00
parent aa5264cd3b
commit aae719d025
13 changed files with 341 additions and 150 deletions
Download Patch File Download Diff File Expand all files Collapse all files

102
www/admin.php
View File

@ -29,13 +29,13 @@ print_langs();
//check password
if(!isset($_POST['pass']) || $_POST['pass']!==ADMINPASS){
echo "<form action=\"$_SERVER[SCRIPT_NAME]\" method=\"POST\">";
echo "<input type=\"hidden\" name=\"lang\" value=\"$language\">";
echo "<p><label>"._('Password:')." <input type=\"password\" name=\"pass\" size=\"30\" required autocomplete=\"current-password\"></label></p>";
echo "<input type=\"submit\" name=\"action\" value=\""._('Login')."\">";
echo '<form action="'.$_SERVER['SCRIPT_NAME'].'" method="POST">';
echo '<input type="hidden" name="lang" value="'.$language.'">';
echo '<p><label>'._('Password:').' <input type="password" name="pass" size="30" required autocomplete="current-password"></label></p>';
echo '<input type="submit" name="action" value="'._('Login').'">';
echo '</form>';
if(isset($_POST['pass'])){
echo "<p class=\"red\" role=\"alert\">"._('Wrong Password!')."</p>";
echo '<p class="red" role="alert">'._('Wrong Password!').'</p>';
}
}else{
$msg = '';
@ -47,22 +47,22 @@ if(!isset($_POST['pass']) || $_POST['pass']!==ADMINPASS){
$addrs = is_array($_POST['addr']) ? $_POST['addr'] : [$_POST['addr']];
foreach ($addrs as $addr_single) {
if ( ! preg_match( '~(^(https?://)?([a-z2-7]{55}d)(\.onion(/.*)?)?$)~i', trim( $addr_single ), $addr ) ) {
$msg .= "<p class=\"red\" role=\"alert\">"._('Invalid onion address!')."</p>";
$msg .= '<p class="red" role="alert">'._('Invalid onion address!').'</p>';
} else {
$addr = strtolower( $addr[ 3 ] );
$md5 = md5( $addr, true );
if ( $_POST[ 'action' ] === _('Remove') ) { //remove address from public display
$db->prepare( 'UPDATE ' . PREFIX . "onions SET address='', locked=1, approved=-1, timechanged=? WHERE md5sum=?;" )->execute( [ time(), $md5 ] );
$msg .= "<p class=\"green\" role=\"alert\">"._('Successfully removed onion address!')."</p>";
$msg .= '<p class="green" role="alert">'._('Successfully removed onion address!').'</p>';
} elseif ( $_POST[ 'action' ] === _('Lock') ) { //lock editing
$db->prepare( 'UPDATE ' . PREFIX . 'onions SET locked=1, approved=1, timechanged=? WHERE md5sum=?;' )->execute( [ time(), $md5 ] );
$msg .= "<p class=\"green\"> role=\"alert\">"._('Successfully locked onion address!')."</p>";
$msg .= '<p class="green" role="alert">'._('Successfully locked onion address!').'</p>';
} elseif ( $_POST[ 'action' ] === _('Re-add') ) { //add onion back, if previously removed
$db->prepare( 'UPDATE ' . PREFIX . 'onions SET address=?, locked=1, approved=1, timechanged=? WHERE md5sum=?;' )->execute( [ $addr, time(), $md5 ] );
$msg .= "<p class=\"green\" role=\"alert\">"._('Successfully re-added onion address!')."</p>";
$msg .= '<p class="green" role="alert">'._('Successfully re-added onion address!').'</p>';
} elseif ( $_POST[ 'action' ] === _('Unlock') ) { //unlock editing
$db->prepare( 'UPDATE ' . PREFIX . 'onions SET locked=0, approved=1, timechanged=? WHERE md5sum=?;' )->execute( [ time(), $md5 ] );
$msg .= "<p class=\"green\" role=\"alert\">"._('Successfully unlocked onion address!')."</p>";
$msg .= '<p class="green" role="alert">'._('Successfully unlocked onion address!').'</p>';
} elseif ( $_POST[ 'action' ] === _('Promote') ) { //promote link for paid time
$stmt = $db->prepare( 'SELECT special FROM ' . PREFIX . 'onions WHERE md5sum=?;' );
$stmt->execute( [ $md5 ] );
@ -73,10 +73,10 @@ if(!isset($_POST['pass']) || $_POST['pass']!==ADMINPASS){
$time = $specialtime[ 0 ] + ( ( $_POST[ 'btc' ] / PROMOTEPRICE ) * PROMOTETIME );
}
$db->prepare( 'UPDATE ' . PREFIX . 'onions SET special=?, locked=1, approved=1, timechanged=? WHERE md5sum=?;' )->execute( [ $time, time(), $md5 ] );
$msg .= "<p class=\"green\" role=\"alert\">".sprintf(_('Successfully promoted onion address until %1$s!'), date( 'Y-m-d H:i', $time ))."</p>";
$msg .= '<p class="green" role="alert">'.sprintf(_('Successfully promoted onion address until %1$s!'), date( 'Y-m-d H:i', $time )).'</p>';
} elseif ( $_POST[ 'action' ] === _('Un-promote') ) { //remove promoted status
$db->prepare( 'UPDATE ' . PREFIX . 'onions SET special=0, timechanged=? WHERE md5sum=?;' )->execute( [ time(), $md5 ] );
$msg .= "<p class=\"green\" role=\"alert\">"._('Successfully un-promoted onion address!')."</p>";
$msg .= '<p class="green" role="alert">'._('Successfully un-promoted onion address!').'</p>';
} elseif ( $_POST[ 'action' ] === _('Update') ) { //update description
$stmt = $db->prepare( 'SELECT * FROM ' . PREFIX . 'onions WHERE md5sum=?;' );
$stmt->execute( [ $md5 ] );
@ -93,21 +93,21 @@ if(!isset($_POST['pass']) || $_POST['pass']!==ADMINPASS){
if ( ! $stmt->fetch( PDO::FETCH_ASSOC ) ) { //not yet there, add it
$stmt = $db->prepare( 'INSERT INTO ' . PREFIX . 'onions (address, description, md5sum, category, timeadded, locked, approved, timechanged) VALUES (?, ?, ?, ?, ?, 1, 1, ?);' );
$stmt->execute( [ $addr, $desc, $md5, $category, time(), time() ] );
$msg .= "<p class=\"green\" role=\"alert\">"._('Successfully added onion address!')."</p>";
$msg .= '<p class="green" role="alert">'._('Successfully added onion address!').'</p>';
} elseif ( $desc != '' ) { //update description+category
$stmt = $db->prepare( 'UPDATE ' . PREFIX . 'onions SET description=?, category=?, locked=1, approved=1, timechanged=? WHERE md5sum=?;' );
$stmt->execute( [ $desc, $category, time(), $md5 ] );
$msg .= "<p class=\"green\" role=\"alert\">"._('Successfully updated description!')."</p>";
$msg .= '<p class="green" role="alert">'._('Successfully updated description!').'</p>';
} elseif ( $category != 0 ) { //only update category
$stmt = $db->prepare( 'UPDATE ' . PREFIX . 'onions SET category=?, locked=1, approved=1, timechanged=? WHERE md5sum=?;' );
$stmt->execute( [ $category, time(), $md5 ] );
$msg .= "<p class=\"green\" role=\"alert\">"._('Successfully updated category!')."</p>";
$msg .= '<p class="green" role="alert">'._('Successfully updated category!').'</p>';
} else { //no description or category change and already known
$msg .= "<p class=\"green\" role=\"alert\">"._('Thanks, but I already knew this address!')."</p>";
$msg .= '<p class="green" role="alert">'._('Thanks, but I already knew this address!').'</p>';
}
} elseif ( $_POST[ 'action' ] === _('Phishing') ) {//mark as phishing clone
if ( $_POST[ 'original' ] !== '' && ! preg_match( '~(^(https?://)?([a-z2-7]{55}d)(\.onion(/.*)?)?$)~i', $_POST[ 'original' ], $orig ) ) {
$msg .= "<p class=\"red\" role=\"alert\">"._('Invalid onion address!')."</p>";
$msg .= '<p class="red" role="alert">'._('Invalid onion address!').'</p>';
} else {
if ( isset( $orig[ 3 ] ) ) {
$orig = strtolower( $orig[ 3 ] );
@ -119,9 +119,9 @@ if(!isset($_POST['pass']) || $_POST['pass']!==ADMINPASS){
$stmt->execute( [ $addr, $orig ] );
$stmt = $db->prepare( 'UPDATE ' . PREFIX . 'onions SET locked=1, approved=1, timechanged=? WHERE address=?;' );
$stmt->execute( [ time(), $addr ] );
$msg .= "<p class=\"green\" role=\"alert\">"._('Successfully added Phishing clone!')."</p>";
$msg .= '<p class="green" role="alert">'._('Successfully added Phishing clone!').'</p>';
} else {
$msg .= "<p class=\"red\" role=\"alert\">"._('Not added Phishing clone! Phishing and original have the same address.')."</p>";
$msg .= '<p class="red" role="alert">'._('Not added Phishing clone! Phishing and original have the same address.').'</p>';
}
}
} elseif ( $_POST[ 'action' ] === _('No phishing') ) { //remove phishing clone status
@ -129,15 +129,15 @@ if(!isset($_POST['pass']) || $_POST['pass']!==ADMINPASS){
$stmt->execute( [ $addr ] );
$stmt = $db->prepare( 'UPDATE ' . PREFIX . 'onions SET locked=1, approved=1, timechanged=? WHERE address=?;' );
$stmt->execute( [ time(), $addr ] );
$msg .= "<p class=\"green\" role=\"alert\">"._('Successfully removed Phishing clone!')."</p>";
$msg .= '<p class="green" role="alert">'._('Successfully removed Phishing clone!').'</p>';
} elseif ( $_POST[ 'action' ] === _('Reject') ) { //lock editing
$db->prepare( 'UPDATE ' . PREFIX . 'onions SET approved=-1, timechanged=? WHERE md5sum=?;' )->execute( [ time(), $md5 ] );
$msg .= "<p class=\"green\" role=\"alert\">"._('Successfully rejected onion address')."</p>";
$msg .= '<p class="green" role="alert">'._('Successfully rejected onion address').'</p>';
} elseif ( $_POST[ 'action' ] === _('Approve') ) { //lock editing
$db->prepare( 'UPDATE ' . PREFIX . 'onions SET approved=1, timechanged=? WHERE md5sum=?;' )->execute( [ time(), $md5 ] );
$msg .= "<p class=\"green\" role=\"alert\">"._('Successfully approved onion address')."</p>";
$msg .= '<p class="green" role="alert">'._('Successfully approved onion address').'</p>';
} else { //no specific button was pressed
$msg .= "<p class=\"red\" role=\"alert\">"._('No action taken!')."</p>";
$msg .= '<p class="green" role="alert">'._('No action taken!').'</p>';
}
}
}
@ -146,41 +146,41 @@ if(!isset($_POST['pass']) || $_POST['pass']!==ADMINPASS){
if(isset($_POST['switch_view_mode'])){
$view_mode = $view_mode === 'single' ? 'multi' : 'single';
}
echo "<form action=\"$_SERVER[SCRIPT_NAME]\" method=\"POST\">";
echo "<input type=\"hidden\" name=\"lang\" value=\"$language\">";
echo "<input type=\"hidden\" name=\"pass\" value=\"$_POST[pass]\">";
echo "<input type=\"hidden\" name=\"view_mode\" value=\"$view_mode\">";
echo "<br><input type=\"submit\" name=\"switch_view_mode\" value=\""._('Switch view mode')."\"></form>";
echo "<form action=\"$_SERVER[SCRIPT_NAME]\" method=\"POST\">";
echo "<input type=\"hidden\" name=\"lang\" value=\"$language\">";
echo "<input type=\"hidden\" name=\"pass\" value=\"$_POST[pass]\">";
echo "<input type=\"hidden\" name=\"view_mode\" value=\"$view_mode\">";
echo '<form action="'.$_SERVER['SCRIPT_NAME'].'" method="POST">';
echo '<input type="hidden" name="lang" value="'.$language.'">';
echo '<input type="hidden" name="pass" value="'.htmlspecialchars($_POST['pass']).'">';
echo '<input type="hidden" name="view_mode" value="'.$view_mode.'">';
echo '<br><input type="submit" name="switch_view_mode" value="'._('Switch view mode').'"></form>';
echo '<form action="'.$_SERVER['SCRIPT_NAME'].'" method="POST">';
echo '<input type="hidden" name="lang" value="'.$language.'">';
echo '<input type="hidden" name="pass" value="'.htmlspecialchars($_POST['pass']).'">';
echo '<input type="hidden" name="view_mode" value="'.$view_mode.'">';
if($view_mode === 'single') {
echo "<p><label>"._('Onion link:')." <input name=\"addr\" size=\"30\" value=\"";
echo '<p><label>'._('Onion link:').' <input name="addr" size="30" value="';
if ( isset( $_REQUEST[ 'addr' ] ) ) {
echo htmlspecialchars( $_REQUEST[ 'addr' ] );
}
echo '" required autofocus></label></p>';
} else {
echo '<br><div class="table" id="maintable"><div class="headerrow row"><div class="col">Select</div><div class="col">Address</div class="col"><div class="col">Description</div><div class="col">Category</div><div class="col">Status</div></div>';
echo '<br><div class="table" id="maintable"><div class="headerrow row"><div class="col">'._('Select').'</div><div class="col">'._('Address').'</div class="col"><div class="col">'._('Description').'</div><div class="col">'._('Category').'</div><div class="col">'._('Status').'</div></div>';
$stmt=$db->query('SELECT address, description, category, approved, locked FROM ' . PREFIX . "onions WHERE address!='';");
while($onion = $stmt->fetch(PDO::FETCH_ASSOC)){
echo '<div class="row"><div class="col"><input type="checkbox" name="addr[]" value="'.$onion['address'].'"></div><div class="col"><a href="http://'.$onion['address'].'.onion" rel="noopener">'.$onion['address'].'.onion</a></div>';
echo "<div class=\"col\">$onion[description]</div><div class=\"col\">{$categories[$onion['category']]}</div><div class=\"col\">Approved: $onion[approved]<br>Locked: $onion[locked]</div></div>";
echo '<div class="col">'.$onion['description'].'</div><div class="col">'.$categories[$onion['category']].'</div><div class="col">'.sprintf(_('Approved: %d'),$onion['approved']).'<br>'.sprintf(_('Locked: %d'), $onion['locked']).'</div></div>';
}
echo '</div>';
}
echo "<p><label>"._('Clone of:')." <input type=\"text\" name=\"original\" size=\"30\"";
echo '<p><label>'._('Clone of:').' <input type="text" name="original" size="30"';
if(isset($_REQUEST['original'])){
echo ' value="'.htmlspecialchars($_REQUEST['original']).'"';
}
echo '></label></p>';
echo "<p><label>"._('Bitcoins:')." <input type=\"text\" name=\"btc\" size=\"30\"";
echo '<p><label>'._('Bitcoins:').' <input type="text" name="btc" size="30"';
if(isset($_REQUEST['btc'])){
echo ' value="'.htmlspecialchars($_REQUEST['btc']).'"';
}
echo '></label></p>';
echo "<p><label for=\"desc\">"._('Description:')."</label> <br><textarea id=\"desc\" name=\"desc\" rows=\"2\" cols=\"30\">";
echo '<p><label for="desc">'._('Description:').'</label> <br><textarea id="desc" name="desc" rows="2" cols="30">';
if(!empty($_REQUEST['desc'])){
echo htmlspecialchars(trim($_REQUEST['desc']));
}elseif(isset($_REQUEST['addr']) && is_string($_REQUEST['addr'])){
@ -196,9 +196,9 @@ if(!isset($_POST['pass']) || $_POST['pass']!==ADMINPASS){
}
}
echo '</textarea></p>';
echo "<p><label>"._('Category:')." <select name=\"cat\">";
echo '<p><label>'._('Category:').' <select name="cat">';
foreach($categories as $cat=>$name){
echo "<option value=\"$cat\"";
echo '<option value="'.$cat.'"';
if($category==$cat || ($cat===0 && $category>=count($categories))){
echo ' selected';
}
@ -207,20 +207,20 @@ if(!isset($_POST['pass']) || $_POST['pass']!==ADMINPASS){
echo '</select></label></p>';
echo '<input type="submit" name="action" value="None" hidden>';
echo '<div class="table button_table"><div class="row">';
echo "<div class=\"col\"><input type=\"submit\" name=\"action\" value=\""._('Remove')."\"></div>";
echo "<div class=\"col\"><input type=\"submit\" name=\"action\" value=\""._('Lock')."\"></div>";
echo "<div class=\"col\"><input type=\"submit\" name=\"action\" value=\""._('Promote')."\"></div>";
echo "<div class=\"col\"><input type=\"submit\" name=\"action\" value=\""._('Phishing')."\"></div>";
echo '<div class="col"><input type="submit" name="action" value="'._('Remove').'"></div>';
echo '<div class="col"><input type="submit" name="action" value="'._('Lock').'"></div>';
echo '<div class="col"><input type="submit" name="action" value="'._('Promote').'"></div>';
echo '<div class="col"><input type="submit" name="action" value="'._('Phishing').'"></div>';
echo '</div><div class="row">';
echo "<div class=\"col\"><input type=\"submit\" name=\"action\" value=\""._('Re-add')."\"></div>";
echo "<div class=\"col\"><input type=\"submit\" name=\"action\" value=\""._('Unlock')."\"></div>";
echo "<div class=\"col\"><input type=\"submit\" name=\"action\" value=\""._('Un-promote')."\"></div>";
echo "<div class=\"col\"><input type=\"submit\" name=\"action\" value=\""._('No phishing')."\"></div>";
echo '<div class="col"><input type="submit" name="action" value="'._('Re-add').'"></div>';
echo '<div class="col"><input type="submit" name="action" value="'._('Unlock').'"></div>';
echo '<div class="col"><input type="submit" name="action" value="'._('Un-promote').'"></div>';
echo '<div class="col"><input type="submit" name="action" value="'._('No phishing').'"></div>';
echo '</div><div class="row">';
echo "<div class=\"col\"><input type=\"submit\" name=\"action\" value=\""._('Update')."\"></div>";
echo '<div class="col"><input type="submit" name="action" value="'._('Update').'"></div>';
if(REQUIRE_APPROVAL) {
echo "<div class=\"col\"><input type=\"submit\" name=\"action\" value=\""._('Reject')."\"></div class=\"col\">";
echo "<div class=\"col\"><input type=\"submit\" name=\"action\" value=\""._('Approve')."\"></div class=\"col\">";
echo '<div class="col"><input type="submit" name="action" value="'._('Reject').'"></div class="col">';
echo '<div class="col"><input type="submit" name="action" value="'._('Approve').'"></div class="col">';
}
echo '</div></div>';
echo '</form><br>';

108
www/onions.php
View File

@ -115,15 +115,15 @@ function send_html(): void
}
echo '<p>'._('I\'m not responsible for any content of websites linked here. 99% of darkweb sites selling anything are scams. Be careful and use your brain. I regularly receive E-Mails from people that were desperate to make money and fell for scammers, don\'t be one of them!').'</p>';
//update onions description form
echo "<div class=\"table\" id=\"edit-search\"><div class=\"row\"><div class=\"col\"><form action=\"$_SERVER[SCRIPT_NAME]\" target=\"_self\" method=\"POST\">";
echo "<input type=\"hidden\" name=\"pg\" value=\"$_REQUEST[newpg]\">";
echo "<input type=\"hidden\" name=\"lang\" value=\"$language\">";
echo "<p><label>"._('Onion address:')." <br><input name=\"addr\" size=\"30\" placeholder=\"http://$_SERVER[HTTP_HOST]\" value=\"";
echo '<div class="table" id="edit-search"><div class="row"><div class="col"><form action="'.$_SERVER['SCRIPT_NAME'].'" target="_self" method="POST">';
echo '<input type="hidden" name="pg" value="'.htmlspecialchars($_REQUEST['newpg']).'">';
echo '<input type="hidden" name="lang" value="'.$language.'">';
echo '<p><label>'._('Onion address:').'<br><input name="addr" size="30" placeholder="http://'.$_SERVER['HTTP_HOST'].'" value="';
if(isset($_REQUEST['addr'])){
echo htmlspecialchars($_REQUEST['addr']);
}
echo '" required></label></p>';
echo "<p><label>"._('Description:')." <br><textarea name=\"desc\" rows=\"2\" cols=\"30\">";
echo '<p><label>'._('Description:').'<br><textarea name="desc" rows="2" cols="30">';
if(!empty($_REQUEST['desc'])){//use posted description
echo htmlspecialchars(trim($_REQUEST['desc']));
}elseif(!empty($_REQUEST['addr'])){//fetch description from database
@ -138,9 +138,9 @@ function send_html(): void
}
}
echo '</textarea></label></p>';
echo "<p><label>"._('Category:')." <select name=\"cat\">";
echo '<p><label>'._('Category:').' <select name="cat">';
foreach($categories as $cat=>$name){
echo "<option value=\"$cat\"";
echo '<option value="'.$cat.'"';
if($category==$cat || ($cat===0 && $category>=count($categories))){
echo ' selected';
}
@ -148,12 +148,12 @@ function send_html(): void
}
echo '</select></label></p>';
send_captcha();
echo "<input type=\"submit\" name=\"action\" value=\""._('Update')."\"></form></div>";
echo '<input type="submit" name="action" value="'._('Update').'"></form></div>';
//search from
echo "<div class=\"col\"><form action=\"$_SERVER[SCRIPT_NAME]\" target=\"_self\" method=\"post\" role=\"search\">";
echo "<input type=\"hidden\" name=\"pg\" value=\"$_REQUEST[newpg]\">";
echo "<input type=\"hidden\" name=\"lang\" value=\"$language\">";
echo "<p><label>"._('Search:')." <br><input name=\"q\" size=\"30\" placeholder=\""._('Search term')."\" value=\"";
echo '<div class="col"><form action="'.$_SERVER['SCRIPT_NAME'].'" target="_self" method="post" role="search">';
echo '<input type="hidden" name="pg" value="'.htmlspecialchars($_REQUEST['newpg']).'">';
echo '<input type="hidden" name="lang" value="'.$language.'">';
echo '<p><label>'._('Search:').' <br><input name="q" size="30" placeholder="'._('Search term').'" value="';
if(isset($_REQUEST['q'])){
echo trim(str_replace(['http://', 'https://', '.onion', '/'], '', htmlspecialchars($_REQUEST['q'])));
}
@ -163,9 +163,9 @@ function send_html(): void
if($category>=count($categories)){
echo ' selected';
}
echo ">"._('All')."</option>";
echo '>'._('All').'</option>';
foreach($categories as $cat=>$name){
echo "<option value=\"$cat\"";
echo '<option value="'.$cat.'"';
if($category==$cat){
echo ' selected';
}
@ -176,47 +176,47 @@ function send_html(): void
if(isset($_REQUEST['hidelocked'])){
echo ' checked';
}
echo ">"._('Hide locked')."</label></p>";
echo "<input type=\"submit\" name=\"action\" value=\""._('Search')."\"></form></div>";
echo '>'._('Hide locked').'</label></p>';
echo '<input type="submit" name="action" value="'._('Search').'"></form></div>';
echo '</div></div>';
echo "<ul class=\"list\"><li>"._('Format:')."</li><li><a href=\"?format=text\" target=\"_self\">Text</a></li><li><a href=\"?format=json\" target=\"_self\">JSON</a></li></ul>";
echo '<ul class="list"><li>'._('Format:').'</li><li><a href="?format=text" target="_self">Text</a></li><li><a href="?format=json" target="_self">JSON</a></li></ul>';
print_langs();
//List special categories
echo "<ul class=\"list\"><li>"._('Special categories:')."</li>";
echo '<ul class="list"><li>'._('Special categories:').'</li>';
$cat=count($categories);
foreach($special as $name=>$query){
if($category==$cat){
echo " <li class=\"active\"><a href=\"?cat=$cat&amp;pg=$_REQUEST[newpg]&amp;lang=$language\" target=\"_self\">$name ($category_count[$cat])</a></li>";
echo ' <li class="active"><a href="?cat='.$cat.'&amp;pg='.rawurlencode($_REQUEST['newpg']).'&amp;lang='.$language.'" target="_self">'."$name ($category_count[$cat])</a></li>";
}else{
echo " <li><a href=\"?cat=$cat&amp;pg=$_REQUEST[newpg]&amp;lang=$language\" target=\"_self\">$name ($category_count[$cat])</a></li>";
echo ' <li><a href="?cat='.$cat.'&amp;pg='.rawurlencode($_REQUEST['newpg']).'&amp;lang='.$language.'" target="_self">'."$name ($category_count[$cat])</a></li>";
}
++$cat;
}
if($category==$cat){
echo " <li class=\"active\"><a href=\"?cat=$cat&amp;lang=$language\" target=\"_self\">"._('Phishing Clones')." ($category_count[$cat])</a></li>";
echo ' <li class="active"><a href="?cat='.$cat.'&amp;lang='.$language.'" target="_self">'._('Phishing Clones')." ($category_count[$cat])</a></li>";
}else{
echo " <li><a href=\"?cat=$cat&amp;lang=$language\" target=\"_self\">"._('Phishing Clones')." ($category_count[$cat])</a></li>";
echo ' <li><a href="?cat='.$cat.'&amp;lang='.$language.'" target="_self">'._('Phishing Clones')." ($category_count[$cat])</a></li>";
}
echo " <li>"._('Removed/Child porn')." ($category_count[removed])</li>";
echo ' <li>'._('Removed/Child porn')." ($category_count[removed])</li>";
if(REQUIRE_APPROVAL) {
echo " <li>"._('Pending approval')." ($category_count[pending])</li>";
echo " <li>"._('Rejected')." ($category_count[rejected])</li>";
echo ' <li>'._('Pending approval')." ($category_count[pending])</li>";
echo ' <li>'._('Rejected')." ($category_count[rejected])</li>";
}
echo '</ul>';
//List normal categories
echo "<ul class=\"list\"><li>"._('Categories:')."</li>";
echo '<ul class="list"><li>'._('Categories:').'</li>';
foreach($categories as $cat=>$name){
if($category==$cat){
echo " <li class=\"active\"><a href=\"?cat=$cat&amp;pg=$_REQUEST[newpg]&amp;lang=$language\" target=\"_self\">$name ($category_count[$cat])</a></li>";
echo ' <li class="active"><a href="?cat='.$cat.'&amp;pg='.rawurlencode($_REQUEST['newpg']).'&amp;lang='.$language.'" target="_self">'."$name ($category_count[$cat])</a></li>";
}else{
echo " <li><a href=\"?cat=$cat&amp;pg=$_REQUEST[newpg]&amp;lang=$language\" target=\"_self\">$name ($category_count[$cat])</a></li>";
echo ' <li><a href="?cat='.$cat.'&amp;pg='.rawurlencode($_REQUEST['newpg']).'&amp;lang='.$language.'" target="_self">'."$name ($category_count[$cat])</a></li>";
}
}
echo '</ul>';
if($_SERVER['REQUEST_METHOD']==='POST' && !empty($_REQUEST['addr'])){
if(!preg_match('~(^(https?://)?([a-z0-9]*\.)?([a-z2-7]{55}d)(\.onion(/.*)?)?$)~i', trim($_REQUEST['addr']), $addr)){
echo "<p class=\"red\" role=\"alert\">"._('Invalid onion address!')."</p>";
echo "<p>".sprintf(_('A valid address looks like this: %s'), 'http://danielas3rtn54uwmofdo3x2bsdifr47huasnmbgqzfrec5ubupvtpid.onion') ."</p>";
echo '<p class="red" role="alert">'._('Invalid onion address!').'</p>';
echo '<p>'.sprintf(_('A valid address looks like this: %s'), 'http://danielas3rtn54uwmofdo3x2bsdifr47huasnmbgqzfrec5ubupvtpid.onion') .'</p>';
}else{
if(!isset($_REQUEST['challenge'])){
send_error(_('Error: Wrong captcha'));
@ -253,19 +253,19 @@ function send_html(): void
if(!$stmt->fetch(PDO::FETCH_BOUND)){//new link, add to database
$stmt=$db->prepare('INSERT INTO ' . PREFIX . 'onions (address, description, md5sum, category, timeadded, timechanged) VALUES (?, ?, ?, ?, ?, ?);');
$stmt->execute([$addr, $desc, $md5, $category, time(), time()]);
echo "<p class=\"green\" role=\"alert\">"._('Successfully added onion address!')."</p>";
echo '<p class="green" role="alert">'._('Successfully added onion address!').'</p>';
}elseif($locked==1){//locked, not editable
echo "<p class=\"red\" role=\"alert\">"._('Sorry, editing this onion address has been locked!')."</p>";
echo '<p class="red" role="alert">'._('Sorry, editing this onion address has been locked!').'</p>';
}elseif($desc!==''){//update description
$stmt=$db->prepare('UPDATE ' . PREFIX . 'onions SET description=?, category=?, timechanged=? WHERE md5sum=?;');
$stmt->execute([$desc, $category, time(), $md5]);
echo "<p class=\"green\" role=\"alert\">"._('Successfully updated description!')."</p>";
echo '<p class="green" role="alert">'._('Successfully updated description!').'</p>';
}elseif($category!=0){//update category only
$stmt=$db->prepare('UPDATE ' . PREFIX . 'onions SET category=?, timechanged=? WHERE md5sum=?;');
$stmt->execute([$category, time(), $md5]);
echo "<p class=\"green\" role=\"alert\">"._('Successfully updated category!')."</p>";
echo '<p class="green" role="alert">'._('Successfully updated category!').'</p>';
}else{//nothing changed and already known
echo "<p class=\"green\" role=\"alert\">"._('Thanks, but I already knew this address!')."</p>";
echo '<p class="green" role="alert">'._('Thanks, but I already knew this address!').'</p>';
}
}
}
@ -291,14 +291,14 @@ function send_html(): void
$stmt->execute([$category, $query, $query]);
}
$table=get_table($stmt, $numrows);
printf("<p><b>"._('Searching for "%1$s", %2$d results found:')."</b></p>", trim(str_replace(['http://', 'https://', '.onion', '/'], '', htmlspecialchars($_REQUEST['q']))), $numrows);
printf('<p><b>'._('Searching for "%1$s", %2$d results found:').'</b></p>', trim(str_replace(['http://', 'https://', '.onion', '/'], '', htmlspecialchars($_REQUEST['q']))), $numrows);
echo $table;
}elseif($category>=count($categories)+count($special)){//show phishing clones
print_phishing_table();
}elseif($category>=count($categories)){//show special categories
$tmp=$category-count($categories);
$query = '';
foreach($special as $name=>$query){
foreach($special as $query){
if($tmp===0) break;
--$tmp;
}
@ -338,7 +338,7 @@ function get_table(PDOStatement $stmt, int &$numrows = 0, bool $promoted = false
$admin_approval = PREFIX . 'onions.approved = 1 AND';
}
ob_start();
echo "<div class=\"table\" id=\"maintable\"><div class=\"row headerrow\"><div class=\"col\">"._('Onion link')."</div><div class=\"col\">"._('Description')."</div><div class=\"col\">"._('Last tested')."</div><div class=\"col\">"._('Last seen')."</div><div class=\"col\">"._('Added at')."</div><div class=\"col\">"._('Actions')."</div></div>";
echo '<div class="table" id="maintable"><div class="row headerrow"><div class="col">'._('Onion link').'</div><div class="col">'._('Description').'</div><div class="col">'._('Last tested').'</div><div class="col">'._('Last seen').'</div><div class="col">'._('Added at').'</div><div class="col">'._('Actions').'</div></div>';
if($promoted){//print promoted links at the top
$time=time();
$promo=$db->prepare('SELECT address, lasttest, lastup, timeadded, description, locked, special FROM ' . PREFIX . "onions WHERE $admin_approval special>? AND address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . 'phishing) AND timediff<604800 ORDER BY address;');
@ -360,7 +360,7 @@ function get_table(PDOStatement $stmt, int &$numrows = 0, bool $promoted = false
$lasttest=date('Y-m-d H:i:s', $link['lasttest']);
}
$timeadded=date('Y-m-d H:i:s', $link['timeadded']);
echo "<div class=\"$class row promo\"><div class=\"col\"><a href=\"http://$link[address].onion\" rel=\"noopener\">$link[address].onion</a></div><div class=\"col\">$link[description]</div><div class=\"col\">$lasttest</div><div class=\"col\">$lastup</div><div class=\"col\">$timeadded</div><div class=\"col\"><form method=\"post\" action=\"test.php\"><input name=\"addr\" value=\"$link[address]\" type=\"hidden\"><input name=\"lang\" value=\"$language\" type=\"hidden\"><input value=\""._('Test')."\" type=\"submit\"></form></div></div>";
echo '<div class="'.$class.' row promo"><div class="col"><a href="http://'.$link['address'].'.onion" rel="noopener">'.$link['address'].'.onion</a></div><div class="col">'.$link['description'].'</div><div class="col">'.$lasttest.'</div><div class="col">'.$lastup.'</div><div class="col">'.$timeadded.'</div><div class="col"><form method="post" action="test.php"><input name="addr" value="'.$link['address'].'" type="hidden"><input name="lang" value="'.$language.'" type="hidden"><input value="'._('Test').'" type="submit"></form></div></div>';
}
}
while($link=$stmt->fetch(PDO::FETCH_ASSOC)){
@ -387,9 +387,9 @@ function get_table(PDOStatement $stmt, int &$numrows = 0, bool $promoted = false
if($link['locked']==1){
$edit='-';
}else{
$edit="<form><input name=\"addr\" value=\"$link[address]\" type=\"hidden\"><input type=\"hidden\" name=\"pg\" value=\"$_REQUEST[newpg]\"><input type=\"hidden\" name=\"lang\" value=\"$language\"><input value=\""._('Edit')."\" type=\"submit\"></form>";
$edit='<form><input name="addr" value="'.$link['address'].'" type="hidden"><input type="hidden" name="pg" value="'.$_REQUEST['newpg'].'"><input type="hidden" name="lang" value="'.$language.'"><input value="'._('Edit').'" type="submit"></form>';
}
echo "<div class=\"row $class\"><div class=\"col\"><a href=\"http://$link[address].onion\" rel=\"noopener\">$link[address].onion</a></div><div class=\"col\">$link[description]</div><div class=\"col\">$lasttest</div><div class=\"col\">$lastup</div><div class=\"col\">$timeadded</div><div class=\"col\">$edit <form method=\"post\" action=\"test.php\"><input name=\"addr\" value=\"$link[address]\" type=\"hidden\"><input type=\"hidden\" name=\"lang\" value=\"$language\"><input value=\""._('Test')."\" type=\"submit\"></form></div></div>";
echo '<div class="row '.$class.'"><div class="col"><a href="http://'.$link['address'].'.onion" rel="noopener">'.$link['address'].'.onion</a></div><div class="col">'.$link['description'].'</div><div class="col">'.$lasttest.'</div><div class="col">'.$lastup.'</div><div class="col">'.$timeadded.'</div><div class="col">'.$edit.' <form method="post" action="test.php"><input name="addr" value="'.$link['address'].'" type="hidden"><input type="hidden" name="lang" value="'.$language.'"><input value="'._('Test').'" type="submit"></form></div></div>';
++$numrows;
}
echo '</div>';
@ -403,7 +403,7 @@ function print_phishing_table(): void
if(REQUIRE_APPROVAL){
$admin_approval = 'approved = 1 AND';
}
echo "<div class=\"table\" id=\"maintable\"><div class=\"row headerrow\"><div class=\"col\">"._('Onion link')."</div><div class=\"col\">"._('Clone of')."</div><div class=\"col\">"._('Last seen')."</div></div>";
echo '<div class="table" id="maintable"><div class="row headerrow"><div class="col">'._('Onion link').'</div><div class="col">'._('Clone of').'</div><div class="col">'._('Last seen').'</div></div>';
$stmt=$db->query('SELECT address, original, lasttest, lastup FROM ' . PREFIX . 'onions, ' . PREFIX . 'phishing WHERE ' . "$admin_approval " . PREFIX . "onions.id=onion_id AND address!='' AND timediff<604800 ORDER BY address;");
while($link=$stmt->fetch(PDO::FETCH_ASSOC)){
if($link['lastup']===$link['lasttest']){
@ -417,11 +417,11 @@ function print_phishing_table(): void
$lastup=date('Y-m-d H:i:s', $link['lastup']);
}
if($link['original']!==''){
$orig="<a href=\"http://$link[original].onion\" rel=\"noopener\">$link[original].onion</a>";
$orig='<a href="http://'.$link['original'].'.onion" rel="noopener">'.$link['original'].'.onion</a>';
}else{
$orig=_('Unknown');
}
echo "<div class=\"row $class\"><div class=\"col\">$link[address].onion</div><div class=\"col\">$orig</div><div class=\"col\">$lastup</div></div>";
echo '<div class="row '.$class.'"><div class="col">'.$link['address'].'.onion</div><div class="col">'.$orig.'</div><div class="col">'.$lastup.'</div></div>';
}
echo '</div>';
}
@ -469,17 +469,17 @@ function send_json(): void
function get_pagination(int $category, int $pages) : string {
global $language;
ob_start();
echo "<ul class=\"list pagination\"><li>"._('Pages:')."</li>";
echo '<ul class="list pagination"><li>'._('Pages:').'</li>';
if($_REQUEST['pg']==0){
echo " <li class=\"active\"><a href=\"?cat=$category&amp;pg=0&amp;lang=$language\" target=\"_self\">"._('All')."</a></li>";
echo ' <li class="active"><a href="?cat='.$category.'&amp;pg=0&amp;lang='.$language.'" target="_self">'._('All').'</a></li>';
}else{
echo " <li><a href=\"?cat=$category&amp;pg=0&amp;lang=$language\" target=\"_self\">"._('All')."</a></li>";
echo ' <li><a href="?cat='.$category.'&amp;pg=0&amp;lang='.$language.'" target="_self">'._('All').'</a></li>';
}
for($i=1; $i<=$pages; ++$i){
if($_REQUEST['pg']==$i){
echo " <li class=\"active\"><a href=\"?cat=$category&amp;pg=$i&amp;lang=$language\" target=\"_self\">$i</a></li>";
echo ' <li class="active"><a href="?cat=$category&amp;pg='.$i.'&amp;lang='.$language.'" target="_self">'.$i.'</a></li>';
}else{
echo " <li><a href=\"?cat=$category&amp;pg=$i&amp;lang=$language\" target=\"_self\">$i</a></li>";
echo ' <li><a href="?cat='.$category.'&amp;pg='.$i.'&amp;lang='.$language.'" target="_self">'.$i.'</a></li>';
}
}
echo "</ul>";
@ -503,14 +503,14 @@ function send_captcha(): void
$time=time();
$stmt=$db->prepare('INSERT INTO ' . PREFIX . 'captcha (id, time, code) VALUES (?, ?, ?);');
$stmt->execute([$randid, $time, $code]);
echo "<p><label>Copy: ";
echo '<p><label>'._('Copy:');
if($difficulty===1){
$im=imagecreatetruecolor(55, 24);
$bg=imagecolorallocate($im, 0, 0, 0);
$fg=imagecolorallocate($im, 255, 255, 255);
imagefill($im, 0, 0, $bg);
imagestring($im, 5, 5, 5, $code, $fg);
echo '<img width="55" height="24" alt="captcha image" src="data:image/gif;base64,';
echo ' <img width="55" height="24" alt="captcha image" src="data:image/gif;base64,';
}else{
$im=imagecreatetruecolor(55, 24);
$bg=imagecolorallocate($im, 0, 0, 0);
@ -525,16 +525,16 @@ function send_captcha(): void
for($i=0;$i<100;++$i){
imagesetpixel($im, mt_rand(0, 55), mt_rand(0, 24), $dots);
}
echo '<img width="55" height="24" alt="captcha image" src="data:image/gif;base64,';
echo ' <img width="55" height="24" alt="captcha image" src="data:image/gif;base64,';
}
ob_start();
imagegif($im);
imagedestroy($im);
echo base64_encode(ob_get_clean()).'">';
echo "<input type=\"hidden\" name=\"challenge\" value=\"$randid\"><input type=\"text\" name=\"captcha\" size=\"15\" autocomplete=\"off\"></label></p>";
echo '<input type="hidden" name="challenge" value="'.$randid.'"><input type="text" name="captcha" size="15" autocomplete="off"></label></p>';
}
function send_error(string $msg): void
{
die("<p class=\"red\" role=\"alert\">$msg</p></main></body></html>");
die('<p class="red" role="alert">'.$msg.'</p></main></body></html>');
}

26
www/test.php
View File

@ -4,7 +4,7 @@ global $language, $dir;
$style = '.red{color:red}.green{color:green}.software-link{text-align:center;font-size:small}.list{padding:0;}.list li{display:inline-block;padding:0.35em}';
send_headers([$style]);
echo '<!DOCTYPE html><html lang="'.$language.'" dir="'.$dir.'"><head>';
echo "<title>"._('Online-Test')."</title>";
echo '<title>'._('Online-Test').'</title>';
echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8">';
echo '<meta name="author" content="Daniel Winzen">';
echo '<meta name="viewport" content="width=device-width, initial-scale=1">';
@ -14,19 +14,19 @@ echo '<link rel="alternate" href="' . CANONICAL_URL . $_SERVER['SCRIPT_NAME'] .
alt_links();
echo '<style>'.$style.'</style>';
echo '</head><body><main>';
echo "<h1>"._('Online-Test')."</h1>";
echo '<h1>'._('Online-Test').'</h1>';
print_langs();
echo "<p>"._('Test whether a Tor hidden service onion is online or offline')."</p>";
echo "<form action=\"$_SERVER[SCRIPT_NAME]\" method=\"POST\">";
echo "<input type=\"hidden\" name=\"lang\" value=\"$language\">";
echo "<p><label for=\"addr\">"._('Onion link:')."</label><br><input id=\"addr\" name=\"addr\" size=\"30\" value=\"";
echo '<p>'._('Test whether a Tor hidden service onion is online or offline')."</p>";
echo '<form action="'.$_SERVER['SCRIPT_NAME'].'" method="POST">';
echo '<input type="hidden" name="lang" value="'.$language.'">';
echo '<p><label for="addr">'._('Onion link:').'</label><br><input id="addr" name="addr" size="30" value="';
if(isset($_REQUEST['addr'])){
echo htmlspecialchars($_REQUEST['addr']);
}else{
echo "http://$_SERVER[HTTP_HOST]";
}
echo '" required></p>';
echo "<input type=\"submit\" name=\"action\" value=\""._('Test')."\"></form><br>";
echo '<input type="submit" name="action" value="'._('Test').'"></form><br>';
if(!empty($_REQUEST['addr'])){
if(ob_get_level()>0){
ob_end_flush();
@ -38,7 +38,7 @@ if(!empty($_REQUEST['addr'])){
die(_('No database connection!'));
}
if(!preg_match('~(^(https?://)?([a-z0-9]*\.)?([a-z2-7]{55}d)(\.onion(/.*)?)?$)~i', trim($_REQUEST['addr']), $addr)){
echo "<p class=\"red\" role=\"alert\">"._('Invalid onion address!')."</p>";
echo '<p class="red" role="alert">'._('Invalid onion address!').'</p>';
}else{
$ch=curl_init();
set_curl_options($ch);
@ -53,17 +53,17 @@ if(!empty($_REQUEST['addr'])){
$phishing=$db->prepare('SELECT original FROM ' . PREFIX . 'phishing, ' . PREFIX . 'onions WHERE address=? AND onion_id=' . PREFIX . 'onions.id;');
$phishing->execute([$addr]);
if($orig=$phishing->fetch(PDO::FETCH_NUM)){
printf("<p class=\"red\" role=\"alert\">"._('Warning, this is a known phishing clone. The original site is located at %s.')."</p>", "<a href=\"http://$orig[0].onion\">$orig[0].onion</a>");
printf('<p class="red" role="alert">'._('Warning, this is a known phishing clone. The original site is located at %s.').'</p>', '<a href="http://'.$orig[0].'.onion">'.$orig[0].'.onion</a>');
}
$scam=$db->prepare('SELECT null FROM ' . PREFIX . 'onions WHERE md5sum=? AND category=15 AND locked=1;');
$scam->execute([$md5]);
if($scam->fetch(PDO::FETCH_NUM)){
echo "<p class=\"red\" role=\"alert\">"._('Warning: This is a known scam!')."</p>";
echo '<p class="red" role="alert">'._('Warning: This is a known scam!').'</p>';
}
$stmt=$db->prepare('SELECT null FROM ' . PREFIX . 'onions WHERE md5sum=? AND timediff=0 AND lasttest>?;');
$stmt->execute([$md5, time()-60]);
if($stmt->fetch(PDO::FETCH_NUM)){
echo "<p class=\"green\" role=\"alert\">"._('Yes, the service is online!')."</p>";
echo '<p class="green" role="alert">'._('Yes, the service is online!').'</p>';
}elseif(($content=curl_exec($ch))!==false){
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
$header = substr($content, 0, $header_size);
@ -98,13 +98,13 @@ if(!empty($_REQUEST['addr'])){
}
blacklist_scams($addr, $content);
}
echo "<p class=\"green\" role=\"alert\">"._('Yes, the service is online!')."</p>";
echo '<p class="green" role="alert">'._('Yes, the service is online!').'</p>';
}else{
if(isset($db)){
$time=time();
$db->prepare('UPDATE ' . PREFIX . 'onions SET lasttest=?, timediff=lasttest-lastup WHERE md5sum=? AND lasttest<?;')->execute([$time, $md5, $time]);
}
echo "<p class=\"red\" role=\"alert\">"._('No, the service is offline!')."</p>";
echo '<p class="red" role="alert">'._('No, the service is offline!').'</p>';
}
curl_close($ch);
}