Merge pull request #17 from DanWin/admin-approval

Add admin approval
2020-10-16 15:25:21 +02:00
parent 9f5c519652 49623924c2
commit f7721ba66b
7 changed files with 176 additions and 107 deletions
--- a/common_config.php
+++ b/common_config.php
@ -33,7 +33,8 @@ define('PROMOTEPRICE', 0.025); // Price to promote a site for PROMOTETIME long
 define('PROMOTETIME', 2592000); // Time (in seconds) to promote a site payed with PROMOTEPRICE - 864000 equals 10 days
 define('PER_PAGE', 50); // Sites listed per page
 define('VERSION', '1'); // Script version
-define('DBVERSION', 5); // Database layout version
+define('DBVERSION', 6); // Database layout version
 define('REQUIRE_APPROVAL', false); // require admin approval of new sites? true/false
 //Categories - new links will always be put into the first one, leave it to Unsorted
 //once configured, only add new categories at the end or you have to manually adjust the database.
 $categories=['Unsorted', 'Adult/Porn', 'Communication/Social', 'Forums', 'Hacking/Programming/Software', 'Hosting', 'Libraries/Wikis', 'Link Lists', 'Market/Shop/Store', 'Other', 'Personal Sites/Blogs', 'Security/Privacy/Encryption', 'Whistleblowing', 'Empty/Error/Unknown', 'Cryptocurrencies', 'Scams', 'Fun/Games/Joke', 'Search', 'Autodetected scam (unchecked)'];
--- a/lang_de.php
+++ b/lang_de.php
@ -67,4 +67,9 @@ $T=[
 	'language'	=>	'Sprache',
 	'format'	=>	'Format',
 	'hidelocked'	=>	'Gesperrte nicht anzeigen',
 	'pendingapproval'   =>    'Genehmigung ausstehend',
 	'rejected'  =>  'Abgelehnt',
 	'reject'    =>  'Ablehnen',
 	'approve'   =>  'Akzeptieren',
 	'switchviewmode' => 'Ansichtsmodus wechseln',
 ];
--- a/lang_en.php
+++ b/lang_en.php
@ -67,4 +67,9 @@ $I=[
 	'language'	=>	'Language',
 	'format'	=>	'Format',
 	'hidelocked'	=>	'Hide locked',
 	'pendingapproval'    => 'Pending approval',
 	'rejected'  =>  'Rejected',
 	'reject'    =>  'Reject',
 	'approve'   =>  'Approve',
 	'switchviewmode' => 'Switch view mode',
 ];
--- a/lang_update.php
+++ b/lang_update.php
@ -1,6 +1,6 @@
 <?php
 $native = 'Deutsch'; // Native lanugae name
-$english = 'German'; // Enlish language name
+$english = 'German'; // English language name
 $code = 'de'; // Language code
 ob_start();
--- a/setup.php
+++ b/setup.php
@ -51,7 +51,7 @@ try{
 if(!@$db->query('SELECT * FROM ' . PREFIX . 'settings LIMIT 1;')){
 	//create tables
 	$db->exec('CREATE TABLE ' . PREFIX . "captcha (id int(10) UNSIGNED NOT NULL PRIMARY KEY AUTO_INCREMENT, time int(10) UNSIGNED NOT NULL, code char(5) NOT NULL) ENGINE=MEMORY;");
-	$db->exec('CREATE TABLE ' . PREFIX . "onions (id int(10) UNSIGNED NOT NULL PRIMARY KEY AUTO_INCREMENT, address varchar(56) CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL, md5sum binary(16) NOT NULL UNIQUE, lasttest int(10) UNSIGNED NOT NULL DEFAULT '0', lastup int(10) UNSIGNED NOT NULL DEFAULT '0', timediff int(10) UNSIGNED NOT NULL DEFAULT '0', timeadded int(10) UNSIGNED NOT NULL DEFAULT '0', description text CHARACTER SET utf8mb4 NOT NULL, category smallint(6) NOT NULL DEFAULT '0', locked smallint(6) NOT NULL DEFAULT '0', special int(10) UNSIGNED NOT NULL DEFAULT '0', INDEX(address), INDEX(lasttest), INDEX(timediff), INDEX(category), INDEX(special));");
+	$db->exec('CREATE TABLE ' . PREFIX . "onions (id int(10) UNSIGNED NOT NULL PRIMARY KEY AUTO_INCREMENT, address varchar(56) CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL, md5sum binary(16) NOT NULL UNIQUE, lasttest int(10) UNSIGNED NOT NULL DEFAULT '0', lastup int(10) UNSIGNED NOT NULL DEFAULT '0', timediff int(10) UNSIGNED NOT NULL DEFAULT '0', timeadded int(10) UNSIGNED NOT NULL DEFAULT '0', description text CHARACTER SET utf8mb4 NOT NULL, category smallint(6) NOT NULL DEFAULT '0', locked smallint(6) NOT NULL DEFAULT '0', special int(10) UNSIGNED NOT NULL DEFAULT '0', approved smallint(6) NOT NULL DEFAULT '0', INDEX(address), INDEX(lasttest), INDEX(timediff), INDEX(category), INDEX(special));");
 	$db->exec('CREATE TABLE ' . PREFIX . 'phishing (onion_id int(10) UNSIGNED NOT NULL PRIMARY KEY, original varchar(56) CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL, FOREIGN KEY (onion_id) REFERENCES onions(id) ON DELETE CASCADE ON UPDATE CASCADE);');
 	$db->exec('CREATE TABLE ' . PREFIX . 'settings (setting varchar(50) NOT NULL PRIMARY KEY, value varchar(20000) NOT NULL);');
 	$stmt=$db->prepare('INSERT INTO ' . PREFIX . "settings (setting, value) VALUES ('version', ?);");
@ -89,6 +89,9 @@ if(!@$db->query('SELECT * FROM ' . PREFIX . 'settings LIMIT 1;')){
 	if($version<5){
 		$db->exec('CREATE TABLE ' . PREFIX . "captcha (id int(10) UNSIGNED NOT NULL PRIMARY KEY AUTO_INCREMENT, time int(10) UNSIGNED NOT NULL, code char(5) NOT NULL) ENGINE=MEMORY;");
 	}
 	if($version < 6){
 		$db->exec('ALTER TABLE ' . PREFIX . "onions ADD approved smallint(6) NOT NULL DEFAULT '0';");
 	}
 	$stmt=$db->prepare('UPDATE ' . PREFIX . "settings SET value=? WHERE setting='version';");
 	$stmt->execute([DBVERSION]);
 	echo "$I[statusok]\n";
--- a/www/admin.php
+++ b/www/admin.php
@ -28,14 +28,34 @@ if(!isSet($_POST['pass']) || $_POST['pass']!==ADMINPASS){
 		echo "<p class=\"red\">$I[wrongpass]</p>";
 	}
 }else{
 	$view_mode = isset($_POST['view_mode']) ? $_POST['view_mode'] : 'single';
 	if(isset($_POST['switch_view_mode'])){
 		$view_mode = $view_mode === 'single' ? 'multi' : 'single';
 	}
 	echo "<form action=\"$_SERVER[SCRIPT_NAME]\" method=\"POST\">";
 	echo "<input type=\"hidden\" name=\"lang\" value=\"$language\">";
 	echo "<input type=\"hidden\" name=\"pass\" value=\"$_POST[pass]\">";
 	echo "<input type=\"hidden\" name=\"view_mode\" value=\"$view_mode\">";
 	echo "<br><input type=\"submit\" name=\"switch_view_mode\" value=\"$I[switchviewmode]\"></form>";
 	echo "<form action=\"$_SERVER[SCRIPT_NAME]\" method=\"POST\">";
 	echo "<input type=\"hidden\" name=\"lang\" value=\"$language\">";
 	echo "<input type=\"hidden\" name=\"pass\" value=\"$_POST[pass]\">";
 	echo "<input type=\"hidden\" name=\"view_mode\" value=\"$view_mode\">";
 	if($view_mode === 'single') {
 		echo "<p>$I[link]: <input name=\"addr\" size=\"30\" value=\"";
-	if(isSet($_REQUEST['addr'])){
+		if ( isset( $_REQUEST[ 'addr' ] ) ) {
-		echo htmlspecialchars($_REQUEST['addr']);
+			echo htmlspecialchars( $_REQUEST[ 'addr' ] );
 		}
 		echo '" required autofocus></p>';
 	} else {
 		echo '<table border="1"><tr><th>Select</th><th>Address</th><th>Description</th><th>Category</th><th>Status</th></tr>';
 		$stmt=$db->query('SELECT address, description, category, approved, locked FROM ' . PREFIX . "onions WHERE address!='';");
 		while($onion = $stmt->fetch(PDO::FETCH_ASSOC)){
 			echo '<tr><td><input type="checkbox" name="addr[]" value="'.$onion['address'].'"></td><td><a href="http://'.$onion['address'].'.onion" rel="noopener">'.$onion['address'].'.onion</a></td>';
 			echo "<td>$onion[description]</td><td>{$categories[$onion['category']]}</td><td>Approved: $onion[approved]<br>Locked: $onion[locked]</td></tr>";
 		}
 		echo '</table>';
 	}
 	echo "<p>$I[cloneof]: <input type=\"text\" name=\"original\" size=\"30\"";
 	if(isSet($_REQUEST['original'])){
 		echo ' value="'.htmlspecialchars($_REQUEST['original']).'"';
@ -49,7 +69,7 @@ if(!isSet($_POST['pass']) || $_POST['pass']!==ADMINPASS){
 	echo "<p>$I[adddesc]: <br><textarea name=\"desc\" rows=\"2\" cols=\"30\">";
 	if(!empty($_REQUEST['desc'])){
 		echo htmlspecialchars(trim($_REQUEST['desc']));
-	}elseif(isSet($_REQUEST['addr'])){
+	}elseif(isset($_REQUEST['addr']) && is_string($_REQUEST['addr'])){
 		if(preg_match('~(^(https?://)?([a-z2-7]{16}|[a-z2-7]{56})(\.onion(/.*)?)?$)~i', trim($_REQUEST['addr']), $addr)){
 			$addr=strtolower($addr[3]);
 			$md5=md5($addr, true);
@ -90,97 +110,110 @@ if(!isSet($_POST['pass']) || $_POST['pass']!==ADMINPASS){
 	echo "<td><input type=\"submit\" name=\"action\" value=\"$I[unphishing]\"></td>";
 	echo '</tr><tr>';
 	echo "<td><input type=\"submit\" name=\"action\" value=\"$I[update]\"></td>";
 	if(REQUIRE_APPROVAL) {
 		echo "<td><input type=\"submit\" name=\"action\" value=\"$I[reject]\"></td>";
 		echo "<td><input type=\"submit\" name=\"action\" value=\"$I[approve]\"></td>";
 	}
 	echo '</tr></table>';
 	echo '</form><br>';
 	if(!empty($_POST['addr'])){
-		if(!preg_match('~(^(https?://)?([a-z2-7]{16}|[a-z2-7]{56})(\.onion(/.*)?)?$)~i', trim($_POST['addr']), $addr)){
+		$addrs = is_array($_POST['addr']) ? $_POST['addr'] : [$_POST['addr']];
 		foreach ($addrs as $addr_single) {
 			if ( ! preg_match( '~(^(https?://)?([a-z2-7]{16}|[a-z2-7]{56})(\.onion(/.*)?)?$)~i', trim( $addr_single ), $addr ) ) {
 				echo "<p class=\"red\">$I[invalonion]</p>";
-		}else{
+			} else {
-			$addr=strtolower($addr[3]);
+				$addr = strtolower( $addr[ 3 ] );
-			$md5=md5($addr, true);
+				$md5 = md5( $addr, true );
-			if($_POST['action']===$I['remove']){ //remove address from public display
+				if ( $_POST[ 'action' ] === $I[ 'remove' ] ) { //remove address from public display
-				$db->prepare('UPDATE ' . PREFIX . "onions SET address='', locked=1 WHERE md5sum=?;")->execute([$md5]);
+					$db->prepare( 'UPDATE ' . PREFIX . "onions SET address='', locked=1, approved=-1 WHERE md5sum=?;" )->execute( [ $md5 ] );
 					echo "<p class=\"green\">$I[succremove]</p>";
-			}elseif($_POST['action']===$I['lock']){ //lock editing
+				} elseif ( $_POST[ 'action' ] === $I[ 'lock' ] ) { //lock editing
-				$db->prepare('UPDATE ' . PREFIX . 'onions SET locked=1 WHERE md5sum=?;')->execute([$md5]);
+					$db->prepare( 'UPDATE ' . PREFIX . 'onions SET locked=1, approved=1 WHERE md5sum=?;' )->execute( [ $md5 ] );
 					echo "<p class=\"green\">$I[succlock]</p>";
-			}elseif($_POST['action']===$I['readd']){ //add onion back, if previously removed
+				} elseif ( $_POST[ 'action' ] === $I[ 'readd' ] ) { //add onion back, if previously removed
-				$db->prepare('UPDATE ' . PREFIX . 'onions SET address=?, locked=1 WHERE md5sum=?;')->execute([$addr, $md5]);
+					$db->prepare( 'UPDATE ' . PREFIX . 'onions SET address=?, locked=1, approved=1 WHERE md5sum=?;' )->execute( [ $addr, $md5 ] );
 					echo "<p class=\"green\">$I[succreadd]</p>";
-			}elseif($_POST['action']===$I['unlock']){ //unlock editing
+				} elseif ( $_POST[ 'action' ] === $I[ 'unlock' ] ) { //unlock editing
-				$db->prepare('UPDATE ' . PREFIX . 'onions SET locked=0 WHERE md5sum=?;')->execute([$md5]);
+					$db->prepare( 'UPDATE ' . PREFIX . 'onions SET locked=0, approved=1 WHERE md5sum=?;' )->execute( [ $md5 ] );
 					echo "<p class=\"green\">$I[succunlock]</p>";
-			}elseif($_POST['action']===$I['promote']){ //promote link for payed time
+				} elseif ( $_POST[ 'action' ] === $I[ 'promote' ] ) { //promote link for payed time
-				$stmt=$db->prepare('SELECT special FROM ' . PREFIX . 'onions WHERE md5sum=?;');
+					$stmt = $db->prepare( 'SELECT special FROM ' . PREFIX . 'onions WHERE md5sum=?;' );
-				$stmt->execute([$md5]);
+					$stmt->execute( [ $md5 ] );
-				$specialtime=$stmt->fetch(PDO::FETCH_NUM);
+					$specialtime = $stmt->fetch( PDO::FETCH_NUM );
-				if($specialtime[0]<time()){
+					if ( $specialtime[ 0 ] < time() ) {
-					$time=time()+(($_POST['btc']/PROMOTEPRICE)*PROMOTETIME);
+						$time = time() + ( ( $_POST[ 'btc' ] / PROMOTEPRICE ) * PROMOTETIME );
-				}else{
+					} else {
-					$time=$specialtime[0]+(($_POST['btc']/PROMOTEPRICE)*PROMOTETIME);
+						$time = $specialtime[ 0 ] + ( ( $_POST[ 'btc' ] / PROMOTEPRICE ) * PROMOTETIME );
 					}
-				$db->prepare('UPDATE ' . PREFIX . 'onions SET special=?, locked=1 WHERE md5sum=?;')->execute([$time, $md5]);
+					$db->prepare( 'UPDATE ' . PREFIX . 'onions SET special=?, locked=1, approved=1 WHERE md5sum=?;' )->execute( [ $time, $md5 ] );
-				printf("<p class=\"green\">$I[succpromote]</p>", date('Y-m-d H:i', $time));
+					printf( "<p class=\"green\">$I[succpromote]</p>", date( 'Y-m-d H:i', $time ) );
-			}elseif($_POST['action']===$I['unpromote']){ //remove promoted status
+				} elseif ( $_POST[ 'action' ] === $I[ 'unpromote' ] ) { //remove promoted status
-				$db->prepare('UPDATE ' . PREFIX . 'onions SET special=0 WHERE md5sum=?;')->execute([$md5]);
+					$db->prepare( 'UPDATE ' . PREFIX . 'onions SET special=0 WHERE md5sum=?;' )->execute( [ $md5 ] );
 					echo "<p class=\"green\">$I[succunpromote]</p>";
-			}elseif($_POST['action']===$I['update']){ //update description
+				} elseif ( $_POST[ 'action' ] === $I[ 'update' ] ) { //update description
-				$stmt=$db->prepare('SELECT * FROM ' . PREFIX . 'onions WHERE md5sum=?;');
+					$stmt = $db->prepare( 'SELECT * FROM ' . PREFIX . 'onions WHERE md5sum=?;' );
-				$stmt->execute([$md5]);
+					$stmt->execute( [ $md5 ] );
-				if($category===count($categories)){
+					if ( $category === count( $categories ) ) {
-					$category=0;
+						$category = 0;
 					}
-				if(!isSet($_POST['desc'])){
+					if ( ! isset( $_POST[ 'desc' ] ) ) {
-					$desc='';
+						$desc = '';
-				}else{
+					} else {
-						$desc=trim($_POST['desc']);
+						$desc = trim( $_POST[ 'desc' ] );
-					$desc=htmlspecialchars($desc);
+						$desc = htmlspecialchars( $desc );
-					$desc=preg_replace("/(\r?\n|\r\n?)/", '<br>', $desc);
+						$desc = preg_replace( "/(\r?\n|\r\n?)/", '<br>', $desc );
 					}
-				if(!$stmt->fetch(PDO::FETCH_ASSOC)){ //not yet there, add it
+					if ( ! $stmt->fetch( PDO::FETCH_ASSOC ) ) { //not yet there, add it
-					$stmt=$db->prepare('INSERT INTO ' . PREFIX . 'onions (address, description, md5sum, category, timeadded, locked) VALUES (?, ?, ?, ?, ?, 1);');
+						$stmt = $db->prepare( 'INSERT INTO ' . PREFIX . 'onions (address, description, md5sum, category, timeadded, locked, approved) VALUES (?, ?, ?, ?, ?, 1, 1);' );
-					$stmt->execute([$addr, $desc, $md5, $category, time()]);
+						$stmt->execute( [ $addr, $desc, $md5, $category, time() ] );
 						echo "<p class=\"green\">$I[succadd]</p>";
-				}elseif($desc!=''){ //update description+category
+					} elseif ( $desc != '' ) { //update description+category
-					$stmt=$db->prepare('UPDATE ' . PREFIX . 'onions SET description=?, category=?, locked=1 WHERE md5sum=?;');
+						$stmt = $db->prepare( 'UPDATE ' . PREFIX . 'onions SET description=?, category=?, locked=1, approved=1 WHERE md5sum=?;' );
-					$stmt->execute([$desc, $category, $md5]);
+						$stmt->execute( [ $desc, $category, $md5 ] );
 						echo "<p class=\"green\">$I[succupddesc]</p>";
-				}elseif($category!=0){ //only update category
+					} elseif ( $category != 0 ) { //only update category
-					$stmt=$db->prepare('UPDATE ' . PREFIX . 'onions SET category=?, locked=1 WHERE md5sum=?;');
+						$stmt = $db->prepare( 'UPDATE ' . PREFIX . 'onions SET category=?, locked=1, approved=1 WHERE md5sum=?;' );
-					$stmt->execute([$category, $md5]);
+						$stmt->execute( [ $category, $md5 ] );
 						echo "<p class=\"green\">$I[succupdcat]!</p>";
-				}else{ //no description or category change and already known
+					} else { //no description or category change and already known
 						echo "<p class=\"green\">$I[alreadyknown]</p>";
 					}
-			}elseif($_POST['action']===$I['phishing']){//mark as phishing clone
+				} elseif ( $_POST[ 'action' ] === $I[ 'phishing' ] ) {//mark as phishing clone
-				if($_POST['original']!=='' && !preg_match('~(^(https?://)?([a-z2-7]{16}|[a-z2-7]{56})(\.onion(/.*)?)?$)~i', $_POST['original'], $orig)){
+					if ( $_POST[ 'original' ] !== '' && ! preg_match( '~(^(https?://)?([a-z2-7]{16}|[a-z2-7]{56})(\.onion(/.*)?)?$)~i', $_POST[ 'original' ], $orig ) ) {
 						echo "<p class=\"red\">$I[invalonion]</p>";
-				}else{
+					} else {
-					if(isset($orig[3])){
+						if ( isset( $orig[ 3 ] ) ) {
-						$orig=strtolower($orig[3]);
+							$orig = strtolower( $orig[ 3 ] );
-					}else{
+						} else {
-						$orig='';
+							$orig = '';
 						}
-					if($orig!==$addr){
+						if ( $orig !== $addr ) {
-						$stmt=$db->prepare('INSERT INTO ' . PREFIX . 'phishing (onion_id, original) VALUES ((SELECT id FROM ' . PREFIX . 'onions WHERE address=?), ?);');
+							$stmt = $db->prepare( 'INSERT INTO ' . PREFIX . 'phishing (onion_id, original) VALUES ((SELECT id FROM ' . PREFIX . 'onions WHERE address=?), ?);' );
-						$stmt->execute([$addr, $orig]);
+							$stmt->execute( [ $addr, $orig ] );
-						$stmt=$db->prepare('UPDATE ' . PREFIX . 'onions SET locked=1 WHERE address=?;');
+							$stmt = $db->prepare( 'UPDATE ' . PREFIX . 'onions SET locked=1, approved=1 WHERE address=?;' );
-						$stmt->execute([$addr]);
+							$stmt->execute( [ $addr ] );
 							echo "<p class=\"green\">$I[succaddphish]</p>";
-					}else{
+						} else {
 							echo "<p class=\"red\">$I[samephish]</p>";
 						}
 					}
-			}elseif($_POST['action']===$I['unphishing']){ //remove phishing clone status
+				} elseif ( $_POST[ 'action' ] === $I[ 'unphishing' ] ) { //remove phishing clone status
-				$stmt=$db->prepare('DELETE FROM ' . PREFIX . 'phishing WHERE onion_id=(SELECT id FROM ' . PREFIX . 'onions WHERE address=?);');
+					$stmt = $db->prepare( 'DELETE FROM ' . PREFIX . 'phishing WHERE onion_id=(SELECT id FROM ' . PREFIX . 'onions WHERE address=?);' );
-				$stmt->execute([$addr]);
+					$stmt->execute( [ $addr ] );
 					echo "<p class=\"green\">$I[succrmphish]</p>";
-			}else{ //no specific button was pressed
+				} elseif ( $_POST[ 'action' ] === $I[ 'reject' ] ) { //lock editing
 					$db->prepare( 'UPDATE ' . PREFIX . 'onions SET approved=-1 WHERE md5sum=?;' )->execute( [ $md5 ] );
 					echo "<p class=\"green\">$I[succlock]</p>";
 				} elseif ( $_POST[ 'action' ] === $I[ 'approve' ] ) { //lock editing
 					$db->prepare( 'UPDATE ' . PREFIX . 'onions SET approved=1 WHERE md5sum=?;' )->execute( [ $md5 ] );
 					echo "<p class=\"green\">$I[succlock]</p>";
 				} else { //no specific button was pressed
 					echo "<p class=\"red\">$I[noaction]</p>";
 				}
 			}
 		}
 	}
 }
 echo '<br><p class="software-link"><a target="_blank" href="https://github.com/DanWin/onion-link-list">Onion Link List - ' . VERSION . '</a></p>';
 echo '</body></html>';
--- a/www/onions.php
+++ b/www/onions.php
@ -18,8 +18,6 @@
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 use JetBrains\PhpStorm\ExitPoint;
 if($_SERVER['REQUEST_METHOD']==='HEAD'){
 	exit; // ignore headers, no further processing needed
 }
@ -158,11 +156,15 @@ function send_html(){
 	echo "<ul class=\"list\"><li>$I[specialcat]:</li>";
 	$cat=count($categories);
 	$pages=1;
 	$admin_approval = '';
 	if(REQUIRE_APPROVAL){
 		$admin_approval = PREFIX . 'onions.approved = 1 AND';
 	}
 	foreach($special as $name=>$query){
 		if($cat===count($categories)+1){
 			$num[0]=PER_PAGE;
 		}else{
-			$num=$db->query('SELECT COUNT(*) FROM ' . PREFIX . "onions WHERE $query;")->fetch(PDO::FETCH_NUM);
+			$num=$db->query('SELECT COUNT(*) FROM ' . PREFIX . "onions WHERE $admin_approval $query;")->fetch(PDO::FETCH_NUM);
 		}
 		if($category==$cat){
 			echo " <li class=\"active\"><a href=\"?cat=$cat&amp;pg=$_REQUEST[newpg]&amp;lang=$language\" target=\"_self\">$name ($num[0])</a></li>";
@ -172,17 +174,24 @@ function send_html(){
 		}
 		++$cat;
 	}
-	$num=$db->query('SELECT COUNT(*) FROM ' . PREFIX . 'phishing, ' . PREFIX . 'onions WHERE ' . PREFIX . "onions.id=onion_id AND address!='' AND timediff<604800;")->fetch(PDO::FETCH_NUM);
+	$num=$db->query('SELECT COUNT(*) FROM ' . PREFIX . 'phishing, ' . PREFIX . 'onions WHERE ' . "$admin_approval " . PREFIX . "onions.id=onion_id AND address!='' AND timediff<604800;")->fetch(PDO::FETCH_NUM);
 	if($category==$cat){
 		echo " <li class=\"active\"><a href=\"?cat=$cat&amp;lang=$language\" target=\"_self\">$I[phishingclones] ($num[0])</a></li>";
 	}else{
 		echo " <li><a href=\"?cat=$cat&amp;lang=$language\" target=\"_self\">$I[phishingclones] ($num[0])</a></li>";
 	}
 	$num=$db->query('SELECT COUNT(*) FROM ' . PREFIX . "onions WHERE address='';")->fetch(PDO::FETCH_NUM);
-	echo " <li>$I[removed] ($num[0])</li></ul><br><br>";
+	echo " <li>$I[removed] ($num[0])</li>";
 	if(REQUIRE_APPROVAL) {
 		$num = $db->query( 'SELECT COUNT(*) FROM ' . PREFIX . "onions WHERE approved = 0 AND address!='';" )->fetch( PDO::FETCH_NUM );
 		echo " <li>$I[pendingapproval] ($num[0])</li>";
 		$num = $db->query( 'SELECT COUNT(*) FROM ' . PREFIX . "onions WHERE approved = -1 AND address!='';" )->fetch( PDO::FETCH_NUM );
 		echo " <li>$I[rejected] ($num[0])</li>";
 	}
 	echo '</ul><br><br>';
 	//List normal categories
 	echo "<ul class=\"list\"><li>$I[categories]:</li>";
-	$stmt=$db->prepare('SELECT COUNT(*) FROM ' . PREFIX . "onions WHERE category=? AND address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . 'phishing) AND timediff<604800;');
+	$stmt=$db->prepare('SELECT COUNT(*) FROM ' . PREFIX . "onions WHERE $admin_approval category=? AND address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . 'phishing) AND timediff<604800;');
 	foreach($categories as $cat=>$name){
 		$stmt->execute([$cat]);
 		$num=$stmt->fetch(PDO::FETCH_NUM);
@ -235,14 +244,12 @@ function send_html(){
 				$stmt=$db->prepare('INSERT INTO ' . PREFIX . 'onions (address, description, md5sum, category, timeadded) VALUES (?, ?, ?, ?, ?);');
 				$stmt->execute([$addr, $desc, $md5, $category, time()]);
 				echo "<p class=\"green\">$I[succadd]</p>";
 //	mail('daniel@tt3j2x4k5ycaa5zt.onion', 'New onion', "$addr.onion was added - $desc", "Content-Type: text/plain; charset=UTF-8\r\n");
 			}elseif($locked==1){//locked, not editable
 				echo "<p class=\"red\">$I[faillocked]</p>";
 			}elseif($desc!==''){//update description
 				$stmt=$db->prepare('UPDATE ' . PREFIX . 'onions SET description=?, category=? WHERE md5sum=?;');
 				$stmt->execute([$desc, $category, $md5]);
 				echo "<p class=\"green\">$I[succupddesc]</p>";
 //	mail('daniel@tt3j2x4k5ycaa5zt.onion', 'Updated onion', "$addr.onion was updated - $desc", "Content-Type: text/plain; charset=UTF-8\r\n");
 			}elseif($category!=0){//update category only
 				$stmt=$db->prepare('UPDATE ' . PREFIX . 'onions SET category=? WHERE md5sum=?;');
 				$stmt->execute([$category, $md5]);
@ -267,10 +274,10 @@ function send_html(){
 			$hidelocked='';
 		}
 		if($category>=count($categories)){
-			$stmt=$db->prepare('SELECT address, lasttest, lastup, timeadded, description, locked, special FROM ' . PREFIX . "onions WHERE address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . "phishing) AND timediff<604800 $hidelocked AND (description LIKE ? OR address LIKE ?) ORDER BY address;");
+			$stmt=$db->prepare('SELECT address, lasttest, lastup, timeadded, description, locked, special FROM ' . PREFIX . "onions WHERE $admin_approval address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . "phishing) AND timediff<604800 $hidelocked AND (description LIKE ? OR address LIKE ?) ORDER BY address;");
 			$stmt->execute([$query, $query]);
 		}else{
-			$stmt=$db->prepare('SELECT address, lasttest, lastup, timeadded, description, locked, special FROM ' . PREFIX . "onions WHERE address!='' AND category=? AND id NOT IN (SELECT onion_id FROM " . PREFIX . "phishing) AND timediff<604800 $hidelocked AND (description LIKE ? OR address LIKE ?) ORDER BY address;");
+			$stmt=$db->prepare('SELECT address, lasttest, lastup, timeadded, description, locked, special FROM ' . PREFIX . "onions WHERE $admin_approval address!='' AND category=? AND id NOT IN (SELECT onion_id FROM " . PREFIX . "phishing) AND timediff<604800 $hidelocked AND (description LIKE ? OR address LIKE ?) ORDER BY address;");
 			$stmt->execute([$category, $query, $query]);
 		}
 		$table=get_table($stmt, $numrows);
@ -293,7 +300,7 @@ function send_html(){
 				$query.=' LIMIT ' . PER_PAGE ." OFFSET $offset";
 			}
 		}
-		$stmt=$db->query('SELECT address, lasttest, lastup, timeadded, description, locked, special FROM ' . PREFIX . "onions WHERE $query;");
+		$stmt=$db->query('SELECT address, lasttest, lastup, timeadded, description, locked, special FROM ' . PREFIX . "onions WHERE $admin_approval $query;");
 		echo get_table($stmt, $numrows, true);
 	}else{//show normal categories
 		if($_REQUEST['pg']>0){
@ -302,7 +309,7 @@ function send_html(){
 		}else{
 			$offsetquery='';
 		}
-		$stmt=$db->prepare('SELECT address, lasttest, lastup, timeadded, description, locked, special FROM ' . PREFIX . "onions WHERE address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . "phishing) AND category=? AND timediff<604800 ORDER BY address$offsetquery;");
+		$stmt=$db->prepare('SELECT address, lasttest, lastup, timeadded, description, locked, special FROM ' . PREFIX . "onions WHERE $admin_approval address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . "phishing) AND category=? AND timediff<604800 ORDER BY address$offsetquery;");
 		$stmt->execute([$category]);
 		echo get_table($stmt, $numrows, true);
 	}
@ -315,11 +322,15 @@ function send_html(){
 function get_table(PDOStatement $stmt, &$numrows=0, $promoted=false){
 	global $I, $db, $language;
 	$time=time();
 	$admin_approval = '';
 	if(REQUIRE_APPROVAL){
 		$admin_approval = PREFIX . 'onions.approved = 1 AND';
 	}
 	ob_start();
 	echo "<table id=\"maintable\" border=\"1\"><tr><th>$I[link]</th><th>$I[description]</th><th>$I[lasttested]</th><th>$I[lastup]</th><th>$I[timeadded]</th><th>$I[actions]</th></tr>";
 	if($promoted){//print promoted links at the top
 		$time=time();
-		$promo=$db->prepare('SELECT address, lasttest, lastup, timeadded, description, locked, special FROM ' . PREFIX . "onions WHERE special>? AND address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . 'phishing) AND timediff<604800 ORDER BY address;');
+		$promo=$db->prepare('SELECT address, lasttest, lastup, timeadded, description, locked, special FROM ' . PREFIX . "onions WHERE $admin_approval special>? AND address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . 'phishing) AND timediff<604800 ORDER BY address;');
 		$promo->execute([$time]);
 		while($link=$promo->fetch(PDO::FETCH_ASSOC)){
 			if($link['lastup']===$link['lasttest']){
@ -368,7 +379,6 @@ function get_table(PDOStatement $stmt, &$numrows=0, $promoted=false){
 			$edit="<form><input name=\"addr\" value=\"$link[address]\" type=\"hidden\"><input type=\"hidden\" name=\"pg\" value=\"$_REQUEST[newpg]\"><input type=\"hidden\" name=\"lang\" value=\"$language\"><input value=\"$I[edit]\" type=\"submit\"></form>";
 		}
 		echo "<tr class=\"$class\"><td><a href=\"http://$link[address].onion\">$link[address].onion</a></td><td>$link[description]</td><td>$lasttest</td><td>$lastup</td><td>$timeadded</td><td>$edit <form method=\"post\" action=\"test.php\"><input name=\"addr\" value=\"$link[address]\" type=\"hidden\"><input type=\"hidden\" name=\"lang\" value=\"$language\"><input value=\"$I[test]\" type=\"submit\"></form></td></tr>";
 //		echo "<tr class=\"$class\"><td><a href=\"http://$link[address].onion\">$link[address].onion</a></td><td>$link[description]</td><td>$edit</td><td>$lasttest</td><td>$lastup</td><td>$timeadded</td><td><form method=\"post\" action=\"test.php\"><input name=\"addr\" value=\"$link[address]\" type=\"hidden\"><input type=\"hidden\" name=\"lang\" value=\"$language\"><input value=\"$I[test]\" type=\"submit\"></form></td></tr>";
 		++$numrows;
 	}
 	echo '</table>';
@ -377,8 +387,12 @@ function get_table(PDOStatement $stmt, &$numrows=0, $promoted=false){
 function print_phishing_table(){
 	global $I, $db;
 	$admin_approval = '';
 	if(REQUIRE_APPROVAL){
 		$admin_approval = 'approved = 1 AND';
 	}
 	echo "<table border=\"1\"><tr><th>$I[link]</th><th>$I[cloneof]</th><th>$I[lastup]</th></tr>";
-	$stmt=$db->query('SELECT address, original, lasttest, lastup FROM ' . PREFIX . 'onions, ' . PREFIX . 'phishing WHERE ' . PREFIX . "onions.id=onion_id AND address!='' AND timediff<604800 ORDER BY address;");
+	$stmt=$db->query('SELECT address, original, lasttest, lastup FROM ' . PREFIX . 'onions, ' . PREFIX . 'phishing WHERE ' . "$admin_approval " . PREFIX . "onions.id=onion_id AND address!='' AND timediff<604800 ORDER BY address;");
 	while($link=$stmt->fetch(PDO::FETCH_ASSOC)){
 		if($link['lastup']===$link['lasttest']){
 			$class='up';
@ -406,7 +420,11 @@ function send_text(){
 		die("$I[error]: $I[nodb]");
 	}
 	header('Content-Type: text/plain; charset=UTF-8');
-	$stmt=$db->query('SELECT address FROM ' . PREFIX . "onions WHERE address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . 'phishing) AND timediff<604800 ORDER BY address;');
+	$admin_approval = '';
 	if(REQUIRE_APPROVAL){
 		$admin_approval = 'approved = 1 AND';
 	}
 	$stmt=$db->query('SELECT address FROM ' . PREFIX . "onions WHERE $admin_approval address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . 'phishing) AND timediff<604800 ORDER BY address;');
 	while($tmp=$stmt->fetch(PDO::FETCH_NUM)){
 		echo "$tmp[0].onion\n";
 	}
@ -418,14 +436,18 @@ function send_json(){
 		die("$I[error]: $I[nodb]");
 	}
 	header('Content-Type: application/json;');
 	$admin_approval = '';
 	if(REQUIRE_APPROVAL){
 		$admin_approval = PREFIX . 'onions.approved = 1 AND';
 	}
 	$data=['categories'=>$categories];
-	$stmt=$db->query('SELECT address, category, description, locked, lastup, lasttest, timeadded FROM ' . PREFIX . "onions WHERE address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . 'phishing) AND timediff<604800 ORDER BY address;');
+	$stmt=$db->query('SELECT address, category, description, locked, lastup, lasttest, timeadded FROM ' . PREFIX . "onions WHERE $admin_approval address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . 'phishing) AND timediff<604800 ORDER BY address;');
 	$data['onions']=$stmt->fetchALL(PDO::FETCH_ASSOC);
 	$stmt=$db->query('SELECT md5sum FROM ' . PREFIX . "onions WHERE address='';");
 	while($tmp=$stmt->fetch(PDO::FETCH_ASSOC)){
 		$data['removed'][]=bin2hex($tmp['md5sum']);
 	}
-	$stmt=$db->query('SELECT address, original FROM ' . PREFIX . 'onions, ' . PREFIX . 'phishing WHERE onion_id=' . PREFIX . "onions.id AND address!='' AND timediff<604800 ORDER BY address;");
+	$stmt=$db->query('SELECT address, original FROM ' . PREFIX . 'onions, ' . PREFIX . 'phishing WHERE onion_id=' . PREFIX . "onions.id AND $admin_approval address!='' AND timediff<604800 ORDER BY address;");
 	$data['phishing']=$stmt->fetchALL(PDO::FETCH_ASSOC);
 	echo json_encode($data);
 }