* * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ if($_SERVER['REQUEST_METHOD']==='HEAD'){ exit; // ignore headers, no further processing needed } include('../common_config.php'); try{ $db=new PDO('mysql:host=' . DBHOST . ';dbname=' . DBNAME . ';charset=utf8mb4', DBUSER, DBPASS, [PDO::ATTR_ERRMODE=>PDO::ERRMODE_WARNING, PDO::ATTR_PERSISTENT=>PERSISTENT]); }catch(PDOException $e){ } date_default_timezone_set('UTC'); //select output format if(!isset($_REQUEST['format'])){ send_html(); }elseif($_REQUEST['format']==='text'){ send_text(); }elseif($_REQUEST['format']==='json'){ send_json(); }else{ send_html(); } function send_html(){ global $I, $categories, $db, $language; header('Content-Type: text/html; charset=UTF-8'); asort($categories); //sql for special categories $special=[ $I['all']=>"address!='' AND category!=15 AND id NOT IN (SELECT onion_id FROM " . PREFIX . 'phishing) AND timediff<604800', $I['lastadded']=>"address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . 'phishing)', $I['offline']=>"address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . 'phishing) AND timediff>604800' ]; if(!isSet($_REQUEST['pg'])){ $_REQUEST['pg']=1; }else{ settype($_REQUEST['pg'], 'int'); } if($_REQUEST['pg']>0){ $_REQUEST['newpg']=1; }else{ $_REQUEST['newpg']=0; } echo ''; echo "$I[title]"; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo "

$I[title]

"; print_langs(); echo "
$I[format]: Text JSON"; if(!isSet($db)){ echo "

$I[error]: $I[nodb]

"; echo ''; exit; } echo '

I\'m not responsible for any content of websites linked here. 99% of darkweb sites selling anything are scams. Be careful and use your brain. Every week I get 2-5 E-Mails from people that were desperate to make money and fell for scammers, don\'t be one of them!

'; //update onions description form echo ""; //search from echo ""; echo '

"; echo ""; echo ""; echo "

$I[addonion]:

'; echo "

$I[adddesc]:
"; if(!empty($_REQUEST['desc'])){//use posted description echo htmlspecialchars(trim($_REQUEST['desc'])); }elseif(!empty($_REQUEST['addr'])){//fetch description from database if(preg_match('~(^(https?://)?([a-z0-9]*\.)?([a-z2-7]{16}|[a-z2-7]{56})(\.onion(/.*)?)?$)~i', trim($_REQUEST['addr']), $addr)){ $addr=strtolower($addr[4]); $md5=md5($addr, true); $stmt=$db->prepare('SELECT description, category FROM ' . PREFIX . 'onions WHERE md5sum=?;'); $stmt->execute([$md5]); if($desc=$stmt->fetch(PDO::FETCH_ASSOC)){ $category=$desc['category']; echo str_replace('<br>', "\n", $desc['description']); } } } echo '

'; if(isSet($_REQUEST['cat']) && $_REQUEST['cat']<(count($categories)+count($special)+1) && $_REQUEST['cat']>=0){ settype($_REQUEST['cat'], 'int'); $category=$_REQUEST['cat']; } if(!isSet($category)){ $category=count($categories); } echo "

$I[category]:

'; send_captcha(); echo "

'; //List special categories echo "

$I[specialcat]:
$name ($num[0])
$name ($num[0])
$I[phishingclones] ($num[0])
$I[phishingclones] ($num[0])
$I[removed] ($num[0])

"; //List normal categories echo "

$I[categories]:
$name ($num[0])
$name ($num[0])

'; if($_SERVER['REQUEST_METHOD']==='POST' && !empty($_REQUEST['addr'])){ if(!preg_match('~(^(https?://)?([a-z0-9]*\.)?([a-z2-7]{16}|[a-z2-7]{56})(\.onion(/.*)?)?$)~i', trim($_REQUEST['addr']), $addr)){ echo "

$I[invalonion]

"; echo "

$I[valid]: http://tt3j2x4k5ycaa5zt.onion

"; }else{ if(!isset($_REQUEST['challenge'])){ send_error('Error: Wrong Captcha'); } $stmt=$db->prepare('SELECT code FROM ' . PREFIX . 'captcha WHERE id=?;'); $stmt->execute([$_REQUEST['challenge']]); $stmt->bindColumn(1, $code); if(!$stmt->fetch(PDO::FETCH_BOUND)){ send_error('Error: Captcha expired'); } $time=time(); $stmt=$db->prepare('DELETE FROM ' . PREFIX . 'captcha WHERE id=? OR timeexecute([$_REQUEST['challenge'], $time-3600]); if($_REQUEST['captcha']!==$code){ if(strrev($_REQUEST['captcha'])!==$code){ send_error('Error: Wrong captcha'); } } $addr=strtolower($addr[4]); $md5=md5($addr, true); $stmt=$db->prepare('SELECT locked FROM ' . PREFIX . 'onions WHERE md5sum=?;'); $stmt->execute([$md5]); $stmt->bindColumn(1, $locked); if($category==count($categories)){ $category=0; } if(!isSet($_POST['desc'])){ $desc=''; }else{ $desc=trim($_POST['desc']); $desc=htmlspecialchars($desc); $desc=preg_replace("/(\r?\n|\r\n?)/", '
', $desc); } if(!$stmt->fetch(PDO::FETCH_BOUND)){//new link, add to database $stmt=$db->prepare('INSERT INTO ' . PREFIX . 'onions (address, description, md5sum, category, timeadded) VALUES (?, ?, ?, ?, ?);'); $stmt->execute([$addr, $desc, $md5, $category, time()]); echo "

$I[succadd]

"; // mail('daniel@tt3j2x4k5ycaa5zt.onion', 'New onion', "$addr.onion was added - $desc", "Content-Type: text/plain; charset=UTF-8\r\n"); }elseif($locked==1){//locked, not editable echo "

$I[faillocked]

"; }elseif($desc!==''){//update description $stmt=$db->prepare('UPDATE ' . PREFIX . 'onions SET description=?, category=? WHERE md5sum=?;'); $stmt->execute([$desc, $category, $md5]); echo "

$I[succupddesc]

"; // mail('daniel@tt3j2x4k5ycaa5zt.onion', 'Updated onion', "$addr.onion was updated - $desc", "Content-Type: text/plain; charset=UTF-8\r\n"); }elseif($category!=0){//update category only $stmt=$db->prepare('UPDATE ' . PREFIX . 'onions SET category=? WHERE md5sum=?;'); $stmt->execute([$category, $md5]); echo "

$I[succupdcat]

"; }else{//nothing changed and already known echo "

$I[alreadyknown]

"; } } } if($pages>1 && !isset($_REQUEST['q'])){ $pagination=get_pagination($category, $pages); echo $pagination; }else{ $pagination=''; } if(isset($_REQUEST['q'])){//run search query $query=htmlspecialchars($_REQUEST['q']); $query="%$query%"; if(isset($_REQUEST['hidelocked'])){ $hidelocked='AND locked=0'; }else{ $hidelocked=''; } if($category>=count($categories)){ $stmt=$db->prepare('SELECT address, lasttest, lastup, timeadded, description, locked, special FROM ' . PREFIX . "onions WHERE address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . "phishing) AND timediff<604800 $hidelocked AND (description LIKE ? OR address LIKE ?) ORDER BY address;"); $stmt->execute([$query, $query]); }else{ $stmt=$db->prepare('SELECT address, lasttest, lastup, timeadded, description, locked, special FROM ' . PREFIX . "onions WHERE address!='' AND category=? AND id NOT IN (SELECT onion_id FROM " . PREFIX . "phishing) AND timediff<604800 $hidelocked AND (description LIKE ? OR address LIKE ?) ORDER BY address;"); $stmt->execute([$category, $query, $query]); } $table=get_table($stmt, $numrows); printf("

$I[searchresult]

", $_REQUEST['q'], $numrows); echo $table; }elseif($category>=count($categories)+count($special)){//show phishing clones print_phishing_table(); }elseif($category>=count($categories)){//show special categories $tmp=$category-count($categories); foreach($special as $name=>$query){ if($tmp===0) break; --$tmp; } if($category-count($categories)===1){ $query.=' ORDER BY id DESC LIMIT ' . PER_PAGE; }else{ $query.=' ORDER BY address'; if($_REQUEST['pg']>0){ $offset=PER_PAGE*($_REQUEST['pg']-1); $query.=' LIMIT ' . PER_PAGE ." OFFSET $offset"; } } $stmt=$db->query('SELECT address, lasttest, lastup, timeadded, description, locked, special FROM ' . PREFIX . "onions WHERE $query;"); echo get_table($stmt, $numrows, true); }else{//show normal categories if($_REQUEST['pg']>0){ $offset=PER_PAGE*($_REQUEST['pg']-1); $offsetquery=' LIMIT ' . PER_PAGE . " OFFSET $offset"; }else{ $offsetquery=''; } $stmt=$db->prepare('SELECT address, lasttest, lastup, timeadded, description, locked, special FROM ' . PREFIX . "onions WHERE address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . "phishing) AND category=? AND timediff<604800 ORDER BY address$offsetquery;"); $stmt->execute([$category]); echo get_table($stmt, $numrows, true); } echo '
'; echo $pagination; echo '

Onion Link List - ' . VERSION . '

'; echo ''; } function get_table(PDOStatement $stmt, &$numrows=0, $promoted=false){ global $I, $db, $language; $time=time(); ob_start(); echo ""; if($promoted){//print promoted links at the top $time=time(); $promo=$db->prepare('SELECT address, lasttest, lastup, timeadded, description, locked, special FROM ' . PREFIX . "onions WHERE special>? AND address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . 'phishing) AND timediff<604800 ORDER BY address;'); $promo->execute([$time]); while($link=$promo->fetch(PDO::FETCH_ASSOC)){ if($link['lastup']===$link['lasttest']){ $class='up'; }else{ $class='down'; } if($link['lastup']==0){ $lastup=$I['never']; }else{ $lastup=date('Y-m-d H:i:s', $link['lastup']); } if($link['lasttest']==0){ $lasttest=$I['never']; }else{ $lasttest=date('Y-m-d H:i:s', $link['lasttest']); } $timeadded=date('Y-m-d H:i:s', $link['timeadded']); echo ""; } } while($link=$stmt->fetch(PDO::FETCH_ASSOC)){ if($link['lastup']===$link['lasttest']){ $class='up'; }else{ $class='down'; } if($link['lastup']==0){ $lastup=$I['never']; }else{ $lastup=date('Y-m-d H:i:s', $link['lastup']); } if($link['lasttest']==0){ $lasttest=$I['never']; $class=''; }else{ $lasttest=date('Y-m-d H:i:s', $link['lasttest']); } $timeadded=date('Y-m-d H:i:s', $link['timeadded']); if($link['special']>$time){ $class.=' promo'; } if($link['locked']==1){ $edit='-'; }else{ $edit=""; } echo ""; // echo ""; ++$numrows; } echo '

$I[link]	$I[description]	$I[lasttested]	$I[lastup]	$I[timeadded]	$I[actions]
$link[address].onion	$link[description]	$lasttest	$lastup	$timeadded
$link[address].onion	$link[description]	$lasttest	$lastup	$timeadded	$edit
$link[address].onion	$link[description]	$edit	$lasttest	$lastup	$timeadded

'; return ob_get_clean(); } function print_phishing_table(){ global $I, $db; echo ""; $stmt=$db->query('SELECT address, original, lasttest, lastup FROM ' . PREFIX . 'onions, ' . PREFIX . 'phishing WHERE ' . PREFIX . "onions.id=onion_id AND address!='' AND timediff<604800 ORDER BY address;"); while($link=$stmt->fetch(PDO::FETCH_ASSOC)){ if($link['lastup']===$link['lasttest']){ $class='up'; }else{ $class='down'; } if($link['lastup']==0){ $lastup=$I['never']; }else{ $lastup=date('Y-m-d H:i:s', $link['lastup']); } if($link['original']!==''){ $orig="$link[original].onion"; }else{ $orig=$I['unknown']; } echo ""; } echo '

$I[link]	$I[cloneof]	$I[lastup]
$link[address].onion	$orig	$lastup

'; } function send_text(){ global $I, $db; if(!isSet($db)){ die("$I[error]: $I[nodb]"); } header('Content-Type: text/plain; charset=UTF-8'); $stmt=$db->query('SELECT address FROM ' . PREFIX . "onions WHERE address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . 'phishing) AND timediff<604800 ORDER BY address;'); while($tmp=$stmt->fetch(PDO::FETCH_NUM)){ echo "$tmp[0].onion\n"; } } function send_json(){ global $I, $db, $categories; if(!isSet($db)){ die("$I[error]: $I[nodb]"); } header('Content-Type: application/json;'); $data=['categories'=>$categories]; $stmt=$db->query('SELECT address, category, description, locked, lastup, lasttest, timeadded FROM ' . PREFIX . "onions WHERE address!='' AND id NOT IN (SELECT onion_id FROM " . PREFIX . 'phishing) AND timediff<604800 ORDER BY address;'); $data['onions']=$stmt->fetchALL(PDO::FETCH_ASSOC); $stmt=$db->query('SELECT md5sum FROM ' . PREFIX . "onions WHERE address='';"); while($tmp=$stmt->fetch(PDO::FETCH_ASSOC)){ $data['removed'][]=bin2hex($tmp['md5sum']); } $stmt=$db->query('SELECT address, original FROM ' . PREFIX . 'onions, ' . PREFIX . 'phishing WHERE onion_id=' . PREFIX . "onions.id AND address!='' AND timediff<604800 ORDER BY address;"); $data['phishing']=$stmt->fetchALL(PDO::FETCH_ASSOC); echo json_encode($data); } function get_pagination($category, $pages){ global $I, $language; ob_start(); echo "

$I[pages]:
$I[all]
$I[all]
$i
$i

"; return ob_get_clean(); } function send_captcha(){ global $I, $db, $memcached; $difficulty=1; if($difficulty===0 || !extension_loaded('gd')){ return; } $captchachars='ABCDEFGHJKMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz23456789'; $length=strlen($captchachars)-1; $code=''; for($i=0;$i<5;++$i){ $code.=$captchachars[mt_rand(0, $length)]; } $randid=mt_rand(); $time=time(); $stmt=$db->prepare('INSERT INTO ' . PREFIX . 'captcha (id, time, code) VALUES (?, ?, ?);'); $stmt->execute([$randid, $time, $code]); echo "

Copy: "; if($difficulty===1){ $im=imagecreatetruecolor(55, 24); $bg=imagecolorallocate($im, 0, 0, 0); $fg=imagecolorallocate($im, 255, 255, 255); imagefill($im, 0, 0, $bg); imagestring($im, 5, 5, 5, $code, $fg); echo ''; echo "

"; } function send_error($msg){ die("

$msg

"); }