fn success/userError/serverError > output($code)

2022-09-15 19:17:48 +02:00 · 2022-09-15 19:17:48 +02:00 · 763762f08b
parent 3571c456fd
commit 763762f08b
36 changed files with 137 additions and 149 deletions
--- a/fn/auth.php
+++ b/fn/auth.php
@ -16,12 +16,12 @@ define("OPTIONS_PASSWORD", array(

 function checkPasswordFormat($password) {
 	if (preg_match("/" . PASSWORD_REGEX . "/u", $password) !== 1)
-		userError("Password malformed.");
+		output(403, 'Password malformed.');
 }

 function checkUsernameFormat($username) {
 	if (preg_match("/" . USERNAME_REGEX . "/u", $username) !== 1)
-		userError("Username malformed.");
+		output(403, 'Username malformed.');
 }

 function hashPassword($password) {
--- a/fn/common.php
+++ b/fn/common.php
@ -2,27 +2,19 @@

 $final_message = null;

-function success($msg = '') {
+function output($code, $msg = '') {
 	global $final_message;
-	if ($msg !== '')
-		$final_message = "<p><output><strong>Succès</strong> : <em>" . $msg . "</em></output></p>\n";
-}
-
-// When the user requests something unexpected
-function userError($msg) {
-	global $final_message;
-	$final_message = "<p><output><strong>Erreur utilisataire</strong> : <em>" . $msg . "</em></output></p>\n";
-	http_response_code(403);
-	executePage();
-}
-
-// When the system did something unexpected
-function serverError($msg) {
-	global $final_message;
-	$final_message = "<p><output><strong>Server error</strong>: The server encountered an error: <em>" . $msg . "</em></output></p>\n";
-	http_response_code(500);
-	error_log("Niver internal error: " . strip_tags($msg));
-	executePage();
+	$shortCode = $code / 100 % 10;
+	$final_message = match ($shortCode) {
+		2 => ($msg === '') ? '' : "<p><output><strong>Succès</strong> : <em>" . $msg . "</em></output></p>\n",
+		4 => "<p><output><strong>Erreur utilisataire</strong> : <em>" . $msg . "</em></output></p>\n",
+		5 => "<p><output><strong>Server error</strong>: The server encountered an error: <em>" . $msg . "</em></output></p>\n",
+	};
+	http_response_code($code);
+	if ($shortCode === 5)
+		error_log("Niver internal error: " . strip_tags($msg));
+	if ($code !== 200)
+		executePage();
 }

 function processForm($requireLogin = true) {
@ -33,7 +25,7 @@ function processForm($requireLogin = true) {
 	if (empty($_POST))
 		return false;
 	if ($requireLogin AND !isset($_SESSION['username']))
-		userError("Vous devez être connecté·e pour effectuer cette action.");
+		output(403, 'Vous devez être connecté·e pour effectuer cette action.');
 	return true;
 }

@ -119,11 +111,12 @@ function redirUrl($pageId) {
 function redir() {
 	if (isset($_GET['redir'])) {
 		if (preg_match('/^[0-9a-z\/-]{0,128}$/', $_GET['redir']) !== 1)
-			userError("Wrong character in <code>redir</code>.");
+			output(403, 'Wrong character in <code>redir</code>.');
 		header('Location: ' . CONF['common']['prefix'] . '/' . $_GET['redir']);
 	} else {
 		header('Location: ' . CONF['common']['prefix'] . '/');
 	}
+	exit();
 }

 // PHP rmdir() only works on empty directories
@ -133,7 +126,7 @@ function removeDirectory($dir) {
 	foreach ($files as $file)
 		$file->isDir() && !$file->isLink() ? rmdir($file->getPathname()) : unlink($file->getPathname());
 	if (rmdir($dir) !== true)
-		serverError("Unable to remove directory.");
+		output(500, 'Unable to remove directory.');
 }

 function equalArrays($a, $b) {
--- a/fn/dns.php
+++ b/fn/dns.php
@ -3,20 +3,20 @@
 function knotcConfExec($cmds) {
 	exec(CONF['dns']['knotc_path'] . " conf-begin", $output['begin'], $code['begin']);
 	if ($code['begin'] !== 0)
-		serverError("knotcConfExec: <code>knotc</code> failed with exit code <samp>" . $code['begin'] . "</samp>: <samp>" . $output['begin'][0] . "</samp>.");
+		output(500, 'knotcConfExec: <code>knotc</code> failed with exit code <samp>' . $code['begin'] . '</samp>: <samp>' . $output['begin'][0] . '</samp>.');

 	foreach ($cmds as $cmd) {
 		exec(CONF['dns']['knotc_path'] . " conf-" . $cmd, $output['op'], $code['op']);
 		if ($code['op'] !== 0) {
 			exec(CONF['dns']['knotc_path'] . " conf-abort");
-			serverError("knotcConfExec: <code>knotc</code> failed with exit code <samp>" . $code['op'] . "</samp>: <samp>" . $output['op'][0] . "</samp>.");
+			output(500, 'knotcConfExec: <code>knotc</code> failed with exit code <samp>' . $code['op'] . '</samp>: <samp>' . $output['op'][0] . '</samp>.');
 		}
 	}

 	exec(CONF['dns']['knotc_path'] . " conf-commit", $output['commit'], $code['commit']);
 	if ($code['commit'] !== 0) {
 		exec(CONF['dns']['knotc_path'] . " conf-abort");
-		serverError("knotcConfExec: <code>knotc</code> failed with exit code <samp>" . $code['commit'] . "</samp>: <samp>" . $output['commit'][0] . "</samp>.");
+		output(500, 'knotcConfExec: <code>knotc</code> failed with exit code <samp>' . $code['commit'] . '</samp>: <samp>' . $output['commit'][0] . '</samp>.');
 	}
 }

@ -25,18 +25,18 @@ function knotcZoneExec($zone, $cmd) {

 	exec(CONF['dns']['knotc_path'] . " zone-begin " . $zone, $output['begin'], $code['begin']);
 	if ($code['begin'] !== 0)
-		serverError("knotcZoneExec: <code>knotc</code> failed with exit code <samp>" . $code['begin'] . "</samp>: <samp>" . $output['begin'][0] . "</samp>.");
+		output(500, 'knotcZoneExec: <code>knotc</code> failed with exit code <samp>' . $code['begin'] . '</samp>: <samp>' . $output['begin'][0] . '</samp>.');

 	exec(CONF['dns']['knotc_path'] . " zone-" . $action . "set " . $zone . " " . implode(" ", $cmd), $output['op'], $code['op']);
 	if ($code['op'] !== 0) {
 		exec(CONF['dns']['knotc_path'] . " zone-abort " . $zone);
-		serverError("knotcZoneExec: <code>knotc</code> failed with exit code <samp>" . $code['op'] . "</samp>: <samp>" . $output['op'][0] . "</samp>.");
+		output(500, 'knotcZoneExec: <code>knotc</code> failed with exit code <samp>' . $code['op'] . '</samp>: <samp>' . $output['op'][0] . '</samp>.');
 	}

 	exec(CONF['dns']['knotc_path'] . " zone-commit " . $zone, $output['commit'], $code['commit']);
 	if ($code['commit'] !== 0) {
 		exec(CONF['dns']['knotc_path'] . " zone-abort " . $zone);
-		serverError("knotcZoneExec: <code>knotc</code> failed with exit code <samp>" . $code['commit'] . "</samp>: <samp>" . $output['commit'][0] . "</samp>.");
+		output(500, 'knotcZoneExec: <code>knotc</code> failed with exit code <samp>' . $code['commit'] . '</samp>: <samp>' . $output['commit'][0] . '</samp>.');
 	}
 }

@ -45,13 +45,13 @@ function checkIpFormat($ip) {
 		return "A";
 	if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6))
 		return "AAAA";
-	userError("IP address malformed.");
+	output(403, 'IP address malformed.');
 }

 function checkAbsoluteDomainFormat($domain) {
 	// If the domain must end with a dot
 	if (!filter_var($domain, FILTER_VALIDATE_DOMAIN) OR !preg_match("/^([a-z0-9_-]{1,63}\.){2,127}$/", $domain))
-		userError("Domain malformed.");
+		output(403, 'Domain malformed.');
 }

 function formatEndWithDot($str) {
@ -70,6 +70,6 @@ function checkAction($action) {
 	return match ($action) {
 		'add' => '',
 		'delete' => 'un',
-		default => userError("Wrong value for action."),
+		default => output(403, 'Wrong value for action.'),
 	};
 }
--- a/fn/ht.php
+++ b/fn/ht.php
@ -3,7 +3,7 @@
 function checkDomainFormat($domain) {
 	// If the domain must end without a dot
 	if (!filter_var($domain, FILTER_VALIDATE_DOMAIN) OR !preg_match("/^([a-z0-9_-]{1,63}\.){1,126}[a-z0-9]{1,63}$/", $domain))
-		userError("Domain malformed.");
+		output(403, 'Domain malformed.');
 }

 function formatDomain($domain) {
@ -49,17 +49,17 @@ function htDeleteSite($dir, $domainType, $protocol) {
 	if ($domainType === 'onion') {
 		// Delete Tor config
 		if (unlink(CONF['ht']['tor_config_path'] . '/' . $_SESSION['username'] . '/' . $dir) !== true)
-			serverError("Failed to delete Tor configuration.");
+			output(500, 'Failed to delete Tor configuration.');

 		// Reload Tor
 		exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['systemctl_path'] . " reload " . CONF['ht']['tor_service'], $output, $code);
 		if ($code !== 0)
-			serverError("Failed to reload Tor.");
+			output(500, 'Failed to reload Tor.');

 		// Delete Tor keys
 		exec(CONF['ht']['sudo_path'] . ' -u ' . CONF['ht']['tor_user'] . ' ' . CONF['ht']['rm_path'] . ' --recursive ' . CONF['ht']['tor_keys_path'] . '/' . $_SESSION['username'] . '/' . $dir, $output, $code);
 		if ($code !== 0)
-			serverError("Failed to delete Tor keys.");
+			output(500, 'Failed to delete Tor keys.');
 	}

 	// Delete Nginx config
@ -70,18 +70,18 @@ function htDeleteSite($dir, $domainType, $protocol) {
 		'site_dir' => $dir,
 	], 'domain')[0];
 	if (unlink(CONF['ht']['nginx_config_path'] . '/' . $domain . '.conf') !== true)
-		serverError("Failed to delete Nginx configuration.");
+		output(500, 'Failed to delete Nginx configuration.');

 	// Reload Nginx
 	exec(CONF['ht']['sudo_path'] . ' ' . CONF['ht']['systemctl_path'] . ' reload nginx', result_code: $code);
 	if ($code !== 0)
-		serverError("Failed to reload Nginx.");
+		output(500, 'Failed to reload Nginx.');

 	if ($domainType === 'dns') {
 		// Delete Let's Encrypt certificate
 		exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['certbot_path'] . " delete --quiet --cert-name " . $domain, $output, $code);
 		if ($code !== 0)
-			serverError("Certbot failed to delete the Let's Encrypt certificate.");
+			output(500, 'Certbot failed to delete the Let\'s Encrypt certificate.');
 	}

 	// Delete from database
--- a/fn/ns.php
+++ b/fn/ns.php
@ -20,7 +20,7 @@ function nsParseCommonRequirements() {
 	$values['ttl'] = $_POST['ttl-value'] * $_POST['ttl-multiplier'];

 	if (!($values['ttl'] >= 300 AND $values['ttl'] <= 432000))
-		userError("Le TTL doit être compris entre 5 minutes et 5 jours (entre 300 et 432000 secondes).");
+		output(403, 'Le TTL doit être compris entre 5 minutes et 5 jours (entre 300 et 432000 secondes).');

 	return $values;
 }
@ -33,7 +33,7 @@ function nsCheckZonePossession($zone) {
 	checkAbsoluteDomainFormat($zone);

 	if (!in_array($zone, query('select', 'zones', ['username' => $_SESSION['username']], 'zone'), true))
-		userError("You don't own this zone on the nameserver.");
+		output(403, 'You don\'t own this zone on the nameserver.');
 }

 function nsDeleteZone($zone) {
@ -42,7 +42,7 @@ function nsDeleteZone($zone) {

 	// Remove Knot zone file
 	if(unlink(CONF['ns']['knot_zones_path'] . '/' . $zone . 'zone') !== true)
-		serverError("Failed to remove Knot zone file.");
+		output(500, 'Failed to remove Knot zone file.');

 	// Remove Knot related data
 	exec(CONF['dns']['knotc_path'] . " zone-purge " . $zone);
--- a/fn/reg.php
+++ b/fn/reg.php
@ -6,17 +6,17 @@ function regListUserDomains($username) {

 function regCheckDomainPossession($domain) {
 	if (in_array($domain, regListUserDomains($_SESSION['username']), true) !== true)
-		userError("You don't own this domain.");
+		output(403, 'You don\'t own this domain.');
 }

 function regDeleteDomain($domain) {
 	// Delete domain from registry file
 	$regFile = file_get_contents(CONF['reg']['registry_file']);
 	if ($regFile === false)
-		serverError("Failed to read current registry File.");
+		output(500, 'Failed to read current registry File.');
 	$regFile = preg_replace("#[^\n]{0,1024}" . $domain . " {0,1024}[^\n]{0,1024}\n#", "", $regFile);
 	if (file_put_contents(CONF['reg']['registry_file'], $regFile) === false)
-		serverError("Failed to write new registry file.");
+		output(500, 'Failed to write new registry file.');

 	// Delete from Niver's database
 	query('delete', 'registry', [
--- a/pages/auth/login.php
+++ b/pages/auth/login.php
@ -6,10 +6,10 @@ if (processForm(false)) {
 	checkUsernameFormat($_POST['username']);

 	if (userExist($_POST['username']) !== true)
-		userError("Connexion impossible : ce compte n'existe pas.");
+		output(403, 'Connexion impossible : ce compte n\'existe pas.');

 	if (checkPassword($_POST['username'], $_POST['password']) !== true)
-		userError("Connexion impossible : clé de passe invalide.");
+		output(403, 'Connexion impossible : clé de passe invalide.');

 	$_SESSION['username'] = $_POST['username'];

@ -17,8 +17,6 @@ if (processForm(false)) {
 		changePassword($_SESSION['username'], $_POST['password']);

 	redir();
-
-	success("Connecté·e.");
 }

 ?>
--- a/pages/auth/logout.php
+++ b/pages/auth/logout.php
@ -5,4 +5,3 @@ if (session_status() === PHP_SESSION_ACTIVE)

 header('Clear-Site-Data: "*"');
 redir();
-success("Déconnecté·e.");
--- a/pages/auth/password.php
+++ b/pages/auth/password.php
@ -4,11 +4,11 @@ if (processForm()) {
 	checkPasswordFormat($_POST['newPassword']);

 	if (checkPassword($_SESSION['username'], $_POST['currentPassword']) !== true)
-		userError("Changement impossible : clé de passe invalide.");
+		output(403, 'Changement impossible : clé de passe invalide.');

 	changePassword($_SESSION['username'], $_POST['newPassword']);

-	success("Clé de passe changée.");
+	output(200, 'Clé de passe changée.');
 }

 ?>
--- a/pages/auth/register.php
+++ b/pages/auth/register.php
@ -6,24 +6,24 @@ if (processForm(false)) {
 	checkUsernameFormat($_POST['username']);

 	if (userExist($_POST['username']) !== false)
-		userError("Ce nom de compte est déjà utilisé.");
+		output(403, 'Ce nom de compte est déjà utilisé.');

 	// Setup SFTP directory
 	umask(0002);
 	if (mkdir(CONF['ht']['ht_path'] . "/" . $_POST['username'], 0775) !== true)
-		serverError("Can't create user directory.");
+		output(500, 'Can\'t create user directory.');
 	exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['chgrp_path'] . " " . CONF['ht']['sftpgo_group'] . " " . CONF['ht']['ht_path'] . "/" . $_POST['username'] . " --no-dereference", result_code: $code);
 	if ($code !== 0)
-		serverError("Can't change user directory group.");
+		output(500, 'Can\'t change user directory group.');

 	// Setup Tor config directory
 	if (mkdir(CONF['ht']['tor_config_path'] . "/" . $_POST['username'], 0755) !== true)
-		serverError("Can't create Tor config directory.");
+		output(500, 'Can\'t create Tor config directory.');

 	// Setup Tor keys directory
 	exec(CONF['ht']['sudo_path'] . " -u " . CONF['ht']['tor_user'] . " " . CONF['ht']['mkdir_path'] . " --mode=0700 " . CONF['ht']['tor_keys_path'] . "/" . $_POST['username'], result_code: $code);
 	if ($code !== 0)
-		serverError("Can't create Tor keys directory.");
+		output(500, 'Can\'t create Tor keys directory.');

 	insert('users', [
 		'username' => $_POST['username'],
@ -34,8 +34,6 @@ if (processForm(false)) {
 	$_SESSION['username'] = $_POST['username'];

 	redir();
-
-	success("Compte créé.");
 }

 ?>
--- a/pages/auth/unregister.php
+++ b/pages/auth/unregister.php
@ -2,7 +2,7 @@

 if (processForm()) {
 	if (!isset($_POST['delete']))
-		userError("Il faut confirmer la suppression du compte");
+		output(403, 'Il faut confirmer la suppression du compte');

 	foreach (query('select', 'registry', ['username' => $_SESSION['username']], 'domain') as $domain)
 		regDeleteDomain($domain);
@ -26,19 +26,19 @@ if (processForm()) {

 	exec(CONF['ht']['sudo_path'] . " -u " . CONF['ht']['tor_user'] . " " . CONF['ht']['rm_path'] . " --recursive " . CONF['ht']['tor_keys_path'] . "/" . $_SESSION['username'], result_code: $code);
 	if ($code !== 0)
-		serverError("Can't remove Tor keys directory.");
+		output(500, 'Can\'t remove Tor keys directory.');

 	removeDirectory(CONF['ht']['tor_config_path'] . '/' . $_SESSION['username']);

 	exec(CONF['ht']['sudo_path'] . ' ' . CONF['ht']['rm_path'] . ' --recursive ' . CONF['ht']['ht_path'] . '/' . $_SESSION['username'], result_code: $code);
 	if ($code !== 0)
-		serverError("Can't remove user's directory.");
+		output(500, 'Can\'t remove user\'s directory.');

 	query('delete', 'users', ['username' => $_SESSION['username']]);

 	require "logout.php";

-	success("Compte supprimé.");
+	output(200, 'Compte supprimé.');
 }

 ?>
--- a/pages/ht/add-http-dns.php
+++ b/pages/ht/add-http-dns.php
@ -9,28 +9,28 @@ if (processForm()) {
 	$_POST['domain'] = formatDomain($_POST['domain']);

 	if ($dirsStatuses[$_POST['dir']] !== false)
-		userError("Wrong value for <code>dir</code>.");
+		output(403, 'Wrong value for <code>dir</code>.');

 	if (query('select', 'sites', ['domain' => $_POST['domain']], 'domain') !== [])
-		userError("Ce domaine existe déjà sur ce service.");
+		output(403, 'Ce domaine existe déjà sur ce service.');

 	$remoteAaaaRecords = dns_get_record($_POST['domain'], DNS_AAAA);
 	if (is_array($remoteAaaaRecords) !== true)
-		userError("Ce domaine n'existe pas.");
+		output(403, 'Ce domaine n\'existe pas.');
 	if (equalArrays([CONF['ht']['ipv6_address']], array_column($remoteAaaaRecords, 'ipv6')) !== true)
-		userError("Ce domaine doit avoir pour unique enregistrement AAAA <code>" . CONF['ht']['ipv6_address'] . "</code>.");
+		output(403, 'Ce domaine doit avoir pour unique enregistrement AAAA <code>' . CONF['ht']['ipv6_address'] . '</code>.');

 	$remoteARecords = dns_get_record($_POST['domain'], DNS_A);
 	if (is_array($remoteARecords) !== true)
-		userError("Ce domaine n'existe pas.");
+		output(403, 'Ce domaine n\'existe pas.');
 	if (equalArrays([CONF['ht']['ipv4_address']], array_column($remoteARecords, 'ip')) !== true)
-		userError("Ce domaine doit avoir pour unique enregistrement A <code>" . CONF['ht']['ipv4_address'] . "</code>.");
+		output(403, 'Ce domaine doit avoir pour unique enregistrement A <code>' . CONF['ht']['ipv4_address'] . '</code>.');

 	addSite($_SESSION['username'], $_POST['dir'], $_POST['domain'], "dns", "http");

 	exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['certbot_path'] . " certonly --quiet" . (CONF['ht']['letsencrypt_use_production'] ? '' : ' --test-cert') . " --key-type rsa --rsa-key-size 3072 --webroot --webroot-path /srv/niver/acme --domain " . $_POST['domain'], $output, $returnCode);
 	if ($returnCode !== 0)
-		serverError("Certbot failed to get a Let's Encrypt certificate.");
+		output(500, 'Certbot failed to get a Let\'s Encrypt certificate.');

 	$nginxConf = 'server {
 	listen [' . CONF['ht']['ipv6_listen_address'] . ']:' . CONF['ht']['https_port'] . ' ssl http2;
@ -45,14 +45,14 @@ if (processForm()) {
 }
 ';
 	if (file_put_contents(CONF['ht']['nginx_config_path'] . "/" . $_POST['domain'] . ".conf", $nginxConf) === false)
-		serverError("Failed to write Nginx configuration.");
+		output(500, 'Failed to write Nginx configuration.');

 	// Reload Nginx
 	exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['systemctl_path'] . " reload nginx", result_code: $code);
 	if ($code !== 0)
-		serverError("Failed to reload Nginx.");
+		output(500, 'Failed to reload Nginx.');

-	success("Accès HTTP par domaine ajouté sur ce dossier !");
+	output(200, 'Accès HTTP par domaine ajouté sur ce dossier !');
 }

 ?>
--- a/pages/ht/add-http-onion.php
+++ b/pages/ht/add-http-onion.php
@ -7,25 +7,25 @@ else

 if (processForm()) {
 	if ($dirsStatuses[$_POST['dir']] !== false)
-		userError("Wrong value for <code>dir</code>.");
+		output(403, 'Wrong value for <code>dir</code>.');

 	// Add Tor config
 	$torConf = "HiddenServiceDir " . CONF['ht']['tor_keys_path'] . "/" . $_SESSION['username'] . "/" . $_POST['dir'] . "/
 	HiddenServicePort 80 [::1]:" . CONF['ht']['internal_onion_http_port'] . "
 	";
 	if (file_put_contents(CONF['ht']['tor_config_path'] . '/' . $_SESSION['username'] . '/' . $_POST['dir'], $torConf) === false)
-		serverError("Failed to write new Tor configuration.");
+		output(500, 'Failed to write new Tor configuration.');

 	// Reload Tor
 	exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['systemctl_path'] . " reload " . CONF['ht']['tor_service'], $output, $code);
 	if ($code !== 0)
-		serverError("Failed to reload Tor.");
+		output(500, 'Failed to reload Tor.');

 	// Get the address generated by Tor
 	exec(CONF['ht']['sudo_path'] . ' -u ' . CONF['ht']['tor_user'] . ' ' . CONF['ht']['cat_path'] . ' ' . CONF['ht']['tor_keys_path'] . '/' . $_SESSION['username'] . '/' . $_POST['dir'] . '/hostname', $output);
 	$onion = $output[0];
 	if (preg_match("/[0-9a-z]{56}\.onion/", $onion) !== 1)
-		serverError("No onion address found.");
+		output(500, 'No onion address found.');

 	// Store it in the database
 	addSite($_SESSION['username'], $_POST['dir'], $onion, "onion", "http");
@ -40,15 +40,15 @@ if (processForm()) {
 	}
 	';
 	if (file_put_contents(CONF['ht']['nginx_config_path'] . "/" . $onion . ".conf", $nginxConf) === false)
-		serverError("Failed to write Nginx configuration.");
+		output(500, 'Failed to write Nginx configuration.');

 	// Reload Nginx
 	exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['systemctl_path'] . " reload nginx", result_code: $code);
 	if ($code !== 0)
-		serverError("Failed to reload Nginx.");
+		output(500, 'Failed to reload Nginx.');

 	// Tell the user their site address
-	success("L'adresse de votre service Onion HTTP est : <a href='http://" . $onion . "/'<code>http://" . $onion . "/</code></a>");
+	output(200, 'L\'adresse de votre service Onion HTTP est : <a href="http://' . $onion . '/"><code>http://' . $onion . '/</code></a>');
 }

 ?>
--- a/pages/ht/del-http-dns.php
+++ b/pages/ht/del-http-dns.php
@ -7,11 +7,11 @@ else

 if (processForm()) {
 	if ($dirsStatuses[$_POST['dir']] !== true)
-		userError("Wrong value for <code>dir</code>.");
+		output(403, 'Wrong value for <code>dir</code>.');

 	htDeleteSite($_POST['dir'], domainType: 'dns', protocol: 'http');

-	success("Accès retiré.");
+	output(200, 'Accès retiré.');
 }

 ?>
--- a/pages/ht/del-http-onion.php
+++ b/pages/ht/del-http-onion.php
@ -7,11 +7,11 @@ else

 if (processForm()) {
 	if ($dirsStatuses[$_POST['dir']] !== true)
-		userError("Wrong value for <code>dir</code>.");
+		output(403, 'Wrong value for <code>dir</code>.');

 	htDeleteSite($_POST['dir'], domainType: 'onion', protocol: 'http');

-	success("Accès retiré.");
+	output(200, 'Accès retiré.');
 }

 ?>
--- a/pages/ns/caa.php
+++ b/pages/ns/caa.php
@ -4,13 +4,13 @@ if (processForm()) {
 	$values = nsParseCommonRequirements();

 	if (!($_POST['flag'] >= 0 AND $_POST['flag'] <= 255))
-		userError("Wrong value for <code>flag</code>.");
+		output(403, 'Wrong value for <code>flag</code>.');

 	if (!(preg_match("/^[a-z]{1,127}$/", $_POST['tag'])))
-		userError("Wrong value for <code>tag</code>.");
+		output(403, 'Wrong value for <code>tag</code>.');

 	if (!(preg_match("/^[a-z0-9.-]{1,255}$/", $_POST['value'])))
-		userError("Wrong value for <code>value</code>.");
+		output(403, 'Wrong value for <code>value</code>.');

 	knotcZoneExec($_POST['zone'], array(
 		$values['domain'],
@ -21,7 +21,7 @@ if (processForm()) {
 		$_POST['value']
 	));

-	success("Enregistrement ajouté");
+	output(200, 'Enregistrement ajouté');
 }

 ?>
--- a/pages/ns/cname.php
+++ b/pages/ns/cname.php
@ -12,7 +12,7 @@ if (processForm()) {
 		$_POST['cname']
 	));

-	success("Enregistrement ajouté");
+	output(200, 'Enregistrement ajouté');
 }

 ?>
--- a/pages/ns/dname.php
+++ b/pages/ns/dname.php
@ -12,7 +12,7 @@ if (processForm()) {
 		$_POST['dname']
 	));

-	success("Enregistrement ajouté");
+	output(200, 'Enregistrement ajouté');
 }

 ?>
--- a/pages/ns/ip.php
+++ b/pages/ns/ip.php
@ -12,7 +12,7 @@ if (processForm()) {
 		$_POST['ip']
 	));

-	success("Enregistrement ajouté");
+	output(200, 'Enregistrement ajouté');
 }

 ?>
--- a/pages/ns/loc.php
+++ b/pages/ns/loc.php
@ -19,36 +19,36 @@ if (processForm()) {
 		$_POST['vp'] = 10;

 	if (!($_POST['lat-deg'] >= 0 AND $_POST['lat-deg'] <= 90))
-		userError("Wrong value for <code>lat-deg</code>.");
+		output(403, 'Wrong value for <code>lat-deg</code>.');
 	if (!($_POST['lat-min'] >= 0 AND $_POST['lat-min'] <= 59))
-		userError("Wrong value for <code>lat-min</code>.");
+		output(403, 'Wrong value for <code>lat-min</code>.');
 	if (!($_POST['lat-sec'] >= 0 AND $_POST['lat-sec'] <= 59.999))
-		userError("Wrong value for <code>lat-sec</code>.");
+		output(403, 'Wrong value for <code>lat-sec</code>.');

 	if ($_POST['lat-dir'] !== "N" AND $_POST['lat-dir'] !== "S")
-		userError("Wrong value for <code>lat-dir</code>.");
+		output(403, 'Wrong value for <code>lat-dir</code>.');

 	if (!($_POST['lon-deg'] >= 0 AND $_POST['lon-deg'] <= 180))
-		userError("Wrong value for <code>lon-deg</code>.");
+		output(403, 'Wrong value for <code>lon-deg</code>.');
 	if (!($_POST['lon-min'] >= 0 AND $_POST['lon-min'] <= 59))
-		userError("Wrong value for <code>lon-min</code>.");
+		output(403, 'Wrong value for <code>lon-min</code>.');
 	if (!($_POST['lon-sec'] >= 0 AND $_POST['lon-sec'] <= 59.999))
-		userError("Wrong value for <code>lon-sec</code>.");
+		output(403, 'Wrong value for <code>lon-sec</code>.');

 	if ($_POST['lon-dir'] !== "E" AND $_POST['lon-dir'] !== "W")
-		userError("Wrong value for <code>lon-dir</code>.");
+		output(403, 'Wrong value for <code>lon-dir</code>.');

 	if (!($_POST['alt'] >= -100000 AND $_POST['alt'] <= 42849672.95))
-		userError("Wrong value for <code>alt</code>.");
+		output(403, 'Wrong value for <code>alt</code>.');

 	if (!($_POST['size'] >= 0 AND $_POST['size'] <= 90000000))
-		userError("Wrong value for <code>size</code>.");
+		output(403, 'Wrong value for <code>size</code>.');

 	if (!($_POST['hp'] >= 0 AND $_POST['hp'] <= 90000000))
-		userError("Wrong value for <code>hp</code>.");
+		output(403, 'Wrong value for <code>hp</code>.');

 	if (!($_POST['vp'] >= 0 AND $_POST['vp'] <= 90000000))
-		userError("Wrong value for <code>vp</code>.");
+		output(403, 'Wrong value for <code>vp</code>.');

 	knotcZoneExec($_POST['zone'], array(
 		$values['domain'],
@ -68,7 +68,7 @@ if (processForm()) {
 		$_POST['vp'] . 'm',
 	));

-	success("Enregistrement ajouté");
+	output(200, 'Enregistrement ajouté');
 }

 ?>
--- a/pages/ns/mx.php
+++ b/pages/ns/mx.php
@ -4,7 +4,7 @@ if (processForm()) {
 	$values = nsParseCommonRequirements();

 	if (!($_POST['priority'] >= 0 AND $_POST['priority'] <= 255))
-		userError("Wrong value for <code>priority</code>.");
+		output(403, 'Wrong value for <code>priority</code>.');

 	$_POST['host'] = formatAbsoluteDomain($_POST['host']);

@ -16,7 +16,7 @@ if (processForm()) {
 		$_POST['host']
 	));

-	success("Enregistrement ajouté");
+	output(200, 'Enregistrement ajouté');
 }

 ?>
--- a/pages/ns/ns.php
+++ b/pages/ns/ns.php
@ -12,7 +12,7 @@ if (processForm()) {
 		$_POST['ns']
 	));

-	success("Enregistrement ajouté");
+	output(200, 'Enregistrement ajouté');
 }

 ?>
--- a/pages/ns/print.php
+++ b/pages/ns/print.php
@ -29,11 +29,11 @@ if (processForm()) {

 	$zoneContent = file_get_contents(CONF['ns']['knot_zones_path'] . '/' . $_POST['zone'] . 'zone');
 	if ($zoneContent === false)
-		serverError("Unable to read zone file.");
+		output(500, 'Unable to read zone file.');

 	if ($_POST['print'] === 'raw') {
 		echo '<pre>' . htmlspecialchars($zoneContent) . '</pre>';
-		success();
+		output(200);
 	}

 	if ($_POST['print'] === 'table') { ?>
@ -63,7 +63,7 @@ if (processForm()) {

 		$found = preg_match("#\n" . preg_quote($_POST['zone']) . "\s+0\s+CDS\s+([0-9]{1,5})\s+([0-9]{1,2})\s+([0-9])\s+([0-9A-F]{64})\n#", $zoneContent, $matches);
 		if ($found !== 1)
-			serverError("Unable to get public key record from zone file.");
+			output(500, 'Unable to get public key record from zone file.');

 		$tag = $matches[1];
 		$algo = $matches[2];
@ -96,6 +96,6 @@ if (processForm()) {
 </dl>

 <?php
-		success();
+		output(200);
 	}
 }
--- a/pages/ns/srv.php
+++ b/pages/ns/srv.php
@ -4,13 +4,13 @@ if (processForm()) {
 	$values = nsParseCommonRequirements();

 	if (!($_POST['priority'] >= 0 AND $_POST['priority'] <= 65535))
-		userError("Wrong value for <code>priority</code>.");
+		output(403, 'Wrong value for <code>priority</code>.');

 	if (!($_POST['weight'] >= 0 AND $_POST['weight'] <= 65535))
-		userError("Wrong value for <code>weight</code>.");
+		output(403, 'Wrong value for <code>weight</code>.');

 	if (!($_POST['port'] >= 0 AND $_POST['port'] <= 65535))
-		userError("Wrong value for <code>port</code>.");
+		output(403, 'Wrong value for <code>port</code>.');

 	$_POST['target'] = formatAbsoluteDomain($_POST['target']);

@ -24,7 +24,7 @@ if (processForm()) {
 		$_POST['target']
 	));

-	success("Enregistrement ajouté");
+	output(200, 'Enregistrement ajouté');
 }

 ?>
--- a/pages/ns/sshfp.php
+++ b/pages/ns/sshfp.php
@ -4,13 +4,13 @@ if (processForm()) {
 	$values = nsParseCommonRequirements();

 	if (!($_POST['algo'] === "1" OR $_POST['algo'] === "3" OR $_POST['algo'] === "4"))
-		userError("Wrong value for <code>algo</code>.");
+		output(403, 'Wrong value for <code>algo</code>.');

 	if (!($_POST['type'] === "2"))
-		userError("Wrong value for <code>type</code>.");
+		output(403, 'Wrong value for <code>type</code>.');

 	if (!(preg_match("/^[a-z0-9]{64}$/", $_POST['fp'])))
-		userError("Wrong value for <code>fp</code>.");
+		output(403, 'Wrong value for <code>fp</code>.');

 	knotcZoneExec($_POST['zone'], array(
 		$values['domain'],
@ -21,7 +21,7 @@ if (processForm()) {
 		$_POST['fp']
 	));

-	success("Enregistrement ajouté");
+	output(200, 'Enregistrement ajouté');
 }

 ?>
--- a/pages/ns/tlsa.php
+++ b/pages/ns/tlsa.php
@ -4,16 +4,16 @@ if (processForm()) {
 	$values = nsParseCommonRequirements();

 	if (!($_POST['use'] >= 0 AND $_POST['use'] <= 3))
-		userError("Wrong value for <code>use</code>.");
+		output(403, 'Wrong value for <code>use</code>.');

 	if (!($_POST['selector'] === "0" OR $_POST['selector'] === "1"))
-		userError("Wrong value for <code>selector</code>.");
+		output(403, 'Wrong value for <code>selector</code>.');

 	if (!($_POST['type'] >= 0 AND $_POST['type'] <= 2))
-		userError("Wrong value for <code>type</code>.");
+		output(403, 'Wrong value for <code>type</code>.');

 	if (!(preg_match("/^[a-zA-Z0-9.-]{1,1024}$/", $_POST['content'])))
-		userError("Wrong value for <code>content</code>.");
+		output(403, 'Wrong value for <code>content</code>.');

 	knotcZoneExec($_POST['zone'], array(
 		$values['domain'],
@ -25,7 +25,7 @@ if (processForm()) {
 		$_POST['content']
 	));

-	success("Enregistrement ajouté");
+	output(200, 'Enregistrement ajouté');
 }

 ?>
--- a/pages/ns/txt.php
+++ b/pages/ns/txt.php
@ -4,7 +4,7 @@ if (processForm()) {
 	$values = nsParseCommonRequirements();

 	if (!(preg_match("/^[a-zA-Z0-9 =:!%$+\/\()[\]_-]{5,8192}$/", $_POST['txt'])))
-		userError("Wrong value for <code>txt</code>.");
+		output(403, 'Wrong value for <code>txt</code>.');

 	knotcZoneExec($_POST['zone'], array(
 		$values['domain'],
@ -13,7 +13,7 @@ if (processForm()) {
 		"\"" . $_POST['txt'] . "\""
 	));

-	success("Enregistrement ajouté");
+	output(200, 'Enregistrement ajouté');
 }

 ?>
--- a/pages/ns/zone-add.php
+++ b/pages/ns/zone-add.php
@ -4,7 +4,7 @@ if (processForm()) {
 	$_POST['domain'] = formatAbsoluteDomain($_POST['domain']);

 	if (query('select', 'zones', ['zone' => $_POST['domain']], 'zone') !== [])
-		userError("Cette zone existe déjà sur ce service.");
+		output(403, 'Cette zone existe déjà sur ce service.');

 	exec(CONF['ns']['kdig_path'] . " " . ltrim(strstr($_POST['domain'], '.'), '.') . " NS +short", $parentAuthoritatives);
 	foreach ($parentAuthoritatives as $parentAuthoritative)
@ -12,7 +12,7 @@ if (processForm()) {
 	exec(CONF['ns']['kdig_path'] . " " . $_POST['domain'] . " NS @" . $parentAuthoritatives[0], $results);
 	preg_match_all('/' . preg_quote($_POST['domain'], '/') . '[\t ]+[0-9]{1,8}[\t ]+IN[\t ]+NS[\t ]+(.+)\n/', implode("\n", $results), $matches);
 	if (equalArrays(CONF['ns']['servers'], $matches[1]) !== true)
-		userError("Les serveurs ayant autorité dans cette zone indiqués par la zone parente ne sont pas ceux de Niver.");
+		output(403, 'Les serveurs ayant autorité dans cette zone indiqués par la zone parente ne sont pas ceux de Niver.');

 	insert('zones', [
 		'zone' => $_POST['domain'],
@ -24,16 +24,16 @@ if (processForm()) {
 	foreach (CONF['ns']['servers'] as $server)
 		$knotZone .= $_POST['domain'] . ' 86400 NS ' . $server . "\n";
 	if (is_int(file_put_contents($knotZonePath, $knotZone)) !== true)
-		serverError("Failed to write new zone file.");
+		output(500, 'Failed to write new zone file.');
 	if (chmod($knotZonePath, 0660) !== true)
-		serverError("Failed to chmod new zone file.");
+		output(500, 'Failed to chmod new zone file.');

 	knotcConfExec([
 		"set 'zone[" . $_POST['domain'] . "]'",
 		"set 'zone[" . $_POST['domain'] . "].template' 'niver-ns'",
 	]);

-	success("La requête a été traitée.");
+	output(200, 'La requête a été traitée.');
 }

 ?>
--- a/pages/ns/zone-del.php
+++ b/pages/ns/zone-del.php
@ -5,7 +5,7 @@ if (processForm()) {

 	nsDeleteZone($_POST['zone']);

-	success("Zone effacée.");
+	output(200, 'Zone effacée.');
 }

 ?>
--- a/pages/reg/ds.php
+++ b/pages/reg/ds.php
@ -12,14 +12,14 @@ if (processForm()) {
 		AND ($_POST['algo'] !== "14")
 		AND ($_POST['algo'] !== "15")
 		AND ($_POST['algo'] !== "16")
-	) userError("Wrong value for <code>algo</code>.");
+	) output(403, 'Wrong value for <code>algo</code>.');

 	$_POST['keytag'] = intval($_POST['keytag']);
 	if ((!preg_match("/^[0-9]{1,6}$/", $_POST['keytag'])) OR !($_POST['keytag'] >= 1) OR !($_POST['keytag'] <= 65535))
-		userError("Wrong value for <code>keytag</code>.");
+		output(403, 'Wrong value for <code>keytag</code>.');

 	if ($_POST['dt'] !== "2" AND $_POST['dt'] !== "4")
-		userError("Wrong value for <code>dt</code>.");
+		output(403, 'Wrong value for <code>dt</code>.');

 	regCheckDomainPossession($_POST['zone']);

@ -35,7 +35,7 @@ if (processForm()) {
 		$_POST['key']
 	));

-	success("La requête a été envoyée à Knot");
+	output(200, 'La requête a été envoyée à Knot');
 }

 ?>
--- a/pages/reg/glue.php
+++ b/pages/reg/glue.php
@ -14,7 +14,7 @@ if (processForm()) {
 		$_POST['ip']
 	));

-	success("Glue record ajouté");
+	output(200, 'Glue record ajouté');
 }

 ?>
--- a/pages/reg/ns.php
+++ b/pages/reg/ns.php
@ -11,7 +11,7 @@ if (processForm()) {
 		$_POST['ns']
 	));

-	success("Modification effectuée avec succès");
+	output(200, 'Modification effectuée avec succès');
 }

 ?>
--- a/pages/reg/print.php
+++ b/pages/reg/print.php
@ -19,7 +19,7 @@ if (processForm()) {

 	$zoneContent = file_get_contents(CONF['reg']['registry_file']);
 	if ($zoneContent === false)
-		serverError("Unable to read registry file.");
+		output(500, 'Unable to read registry file.');

 	?>
 	<table>
@ -45,5 +45,5 @@ if (processForm()) {

 	echo '</table>';

-	success();
+	output(200);
 }
--- a/pages/reg/register.php
+++ b/pages/reg/register.php
@ -2,15 +2,15 @@

 if (processForm()) {
 	if (preg_match("/" . CONF['reg']['subdomain_regex'] . "/", $_POST['subdomain']) !== 1)
-	userError("Erreur : Le nom de domaine doit être composé uniquement d'entre 4 et 63 lettres minuscules (a-z)");
+	output(403, 'Erreur : Le nom de domaine doit être composé uniquement d\'entre 4 et 63 lettres minuscules (a-z)');

 	$domain = formatAbsoluteDomain($_POST['subdomain'] . '.' . CONF['reg']['registry']);

 	if (query('select', 'registry', ['domain' => $domain], 'domain') !== [])
-		userError("Ce domaine n'est pas disponible à l'enregistrement. Il est déjà enregistré.");
+		output(403, 'Ce domaine n\'est pas disponible à l\'enregistrement. Il est déjà enregistré.');

 	if (in_array($_POST['subdomain'], explode("\n", file_get_contents(CONF['common']['root_path'] . '/pages/reg/reserved.txt'))))
-		userError("Ce domaine n'est pas disponible à l'enregistrement. Il est réservé.");
+		output(403, 'Ce domaine n\'est pas disponible à l\'enregistrement. Il est réservé.');

 	insert('registry', [
 		'domain' => $domain,
@ -18,7 +18,7 @@ if (processForm()) {
 		'last_renewal' => date("Y-m-d H:i:s"),
 	]);

-	success("Domaine ajouté au registre.");
+	output(200, 'Domaine ajouté au registre.');
 }

 ?>
--- a/pages/reg/unregister.php
+++ b/pages/reg/unregister.php
@ -5,7 +5,7 @@ if (processForm()) {

 	regDeleteDomain($_POST['domain']);

-	success("Domaine effacé du registre.");
+	output(200, 'Domaine effacé du registre.');
 }

 ?>
--- a/router.php
+++ b/router.php
@ -105,11 +105,11 @@ echo str_repeat('</li></ul>', count(TITLES_LINEAGE));
 <?php

 if (in_array(SERVICE, ['reg', 'ns', 'ht']) AND CONF[SERVICE]['enabled'] !== true)
-	userError("Ce service est désactivé.");
+	output(403, 'Ce service est désactivé.');

 // Protect against cross-site request forgery if a POST request is received
 if (empty($_POST) === false AND (isset($_SERVER['HTTP_SEC_FETCH_SITE']) !== true OR $_SERVER['HTTP_SEC_FETCH_SITE'] !== "same-origin"))
-	userError("Anti-<abbr title='Cross-Site Request Forgery'>CSRF</abbr> verification failed ! (Wrong or unset <code>Sec-Fetch-Site</code> HTTP header)");
+	output(403, 'Anti-<abbr title="Cross-Site Request Forgery">CSRF</abbr> verification failed ! (Wrong or unset <code>Sec-Fetch-Site</code> HTTP header)');

 function executePage() {
 	require "pages/" . PAGE_ADDRESS . ".php";