From b1f54aa1550e71f31ae3c2e6d3504aee15220d67 Mon Sep 17 00:00:00 2001 From: Miraty Date: Sat, 23 Apr 2022 01:57:43 +0200 Subject: [PATCH] Better segmentation between services --- inc/auth.php => auth.php | 55 ++++++++++++++++----- {inc => common}/bottom.php | 0 {inc => common}/pages.php | 0 {inc => common}/top.php | 44 +++++++++++++---- inc/format.php => dns.php | 27 +++++----- inc/form/form.ns.php => form.ns.php | 0 inc/ht.php => ht.php | 33 +++++++++++++ inc/all.php | 47 ------------------ inc/const.php | 76 ----------------------------- inc/ns.php => ns.php | 5 ++ public/auth/index.php | 4 +- public/auth/login.php | 9 ++-- public/auth/logout.php | 4 +- public/auth/password.php | 4 +- public/auth/register.php | 4 +- public/ht/http-onion.php | 4 +- public/ht/https-domain.php | 4 +- public/ht/index.php | 4 +- public/ht/le.php | 4 +- public/ht/sftp.php | 4 +- public/index.php | 8 +-- public/ns/caa.php | 6 +-- public/ns/dnssec.php | 4 +- public/ns/index.php | 4 +- public/ns/ip.php | 9 ++-- public/ns/loc.php | 6 +-- public/ns/mx.php | 6 +-- public/ns/ns.php | 6 +-- public/ns/srv.php | 6 +-- public/ns/sshfp.php | 6 +-- public/ns/tlsa.php | 6 +-- public/ns/txt.php | 6 +-- public/ns/zone.php | 6 +-- public/reg/ds.php | 4 +- public/reg/glue.php | 4 +- public/reg/index.php | 4 +- public/reg/ns.php | 6 +-- public/reg/register.php | 4 +- inc/reg.php => reg.php | 10 ++++ 39 files changed, 211 insertions(+), 232 deletions(-) rename inc/auth.php => auth.php (53%) rename {inc => common}/bottom.php (100%) rename {inc => common}/pages.php (100%) rename {inc => common}/top.php (63%) rename inc/format.php => dns.php (54%) rename inc/form/form.ns.php => form.ns.php (100%) rename inc/ht.php => ht.php (72%) delete mode 100644 inc/all.php delete mode 100644 inc/const.php rename inc/ns.php => ns.php (94%) rename inc/reg.php => reg.php (91%) diff --git a/inc/auth.php b/auth.php similarity index 53% rename from inc/auth.php rename to auth.php index a631ebd..83ecae2 100644 --- a/inc/auth.php +++ b/auth.php @@ -1,9 +1,51 @@ 65536, + "time_cost" => 24, + "threads" => 64, +)); + +function checkPasswordFormat($password) { + return preg_match("/" . PASSWORD_REGEX . "/", $password); +} + +function checkUsernameFormat($username) { + return preg_match("/" . USERNAME_REGEX . "/", $username); +} + function hashPassword($password) { return password_hash($password, ALGO_PASSWORD, OPTIONS_PASSWORD); } +function userExist($username) { + $usernameArray[0] = $username; + + $db = new PDO('sqlite:' . DB_PATH); + + $op = $db->prepare('SELECT username FROM users WHERE username = ?'); + $op->execute($usernameArray); + + $data = $op->fetch(); + if (isset($data['username'])) + $dbUsername = $data['username']; + else + $dbUsername = NULL; + + if (isset($dbUsername)) { + return true; + } else { + return false; + } +} + function checkPassword($username, $password) { $username2[0] = $username; @@ -42,16 +84,3 @@ function changePassword($username, $password) { $stmt->execute(); } - -function antiCSRF() { - - if (!isset($_SERVER['HTTP_SEC_FETCH_SITE']) AND !isset($_SERVER['HTTP_ORIGIN'])) - exit("ERROR: Browser sent neither Sec-Fetch-Site nor Origin HTTP headers, so anti-CSRF verification can't be done."); - - if (isset($_SERVER['HTTP_ORIGIN']) AND $_SERVER['HTTP_ORIGIN'] !== ORIGIN) - exit("ERROR: Anti-CSRF verification failed"); - - if (isset($_SERVER['HTTP_SEC_FETCH_SITE']) AND $_SERVER['HTTP_SEC_FETCH_SITE'] !== "same-origin") - exit("ERROR: Anti-CSRF verification failed"); - -} diff --git a/inc/bottom.php b/common/bottom.php similarity index 100% rename from inc/bottom.php rename to common/bottom.php diff --git a/inc/pages.php b/common/pages.php similarity index 100% rename from inc/pages.php rename to common/pages.php diff --git a/inc/top.php b/common/top.php similarity index 63% rename from inc/top.php rename to common/top.php index 04964f4..8675e98 100644 --- a/inc/top.php +++ b/common/top.php @@ -1,17 +1,25 @@ 2. TLDs for Testing, & Documentation Examples +define("NIVER_TEMPLATE_PATH", "/usr/local/share/niver"); // Templates directory (nginx, knot...) +define("PREFIX", ""); // Prefix in URL, if any +define("ROOT_PATH", "/srv/php/niver" . PREFIX); // niver-php directory +define("SERVICE", substr(dirname($_SERVER['PHP_SELF']), strlen(PREFIX) + 1)); +define("PAGE", basename($_SERVER['PHP_SELF'], '.php')); +define("DB_PATH", ROOT_PATH . "/db/niver.db"); // Niver's SQLite database + +// Service-specific functions and constants +if (SERVICE !== "") + require ROOT_PATH . "/" . SERVICE . ".php"; + // Page titles definition require "pages.php"; +function antiCSRF() { + if (!isset($_SERVER['HTTP_SEC_FETCH_SITE']) OR $_SERVER['HTTP_SEC_FETCH_SITE'] !== "same-origin") + exit("ERROR: Anti-CSRF verification failed ! (Wrong or unset Sec-Fetch-Site HTTP header)"); +} + // Session initialisation (with cookies) if ( isset($_COOKIE['niver']) // Resume session @@ -38,6 +46,24 @@ if ( // Less > CSS compilation +// Color scheme +define("THEME", array( + // Displayed on light theme + 'darkRegColor' => "#D100D1", + 'darkNsColor' => "#006DFF", + 'darkHtColor' => "#008768", + 'darkAuthColor' => "#EE0000", + + // Displayed on dark theme + 'lightRegColor' => "#FF50FF", + 'lightNsColor' => "#00FFFF", + 'lightHtColor' => "#FFFF00", + 'lightAuthColor' => "#00FF00", + + 'lightColor' => '#FFFFFF', + 'darkColor' => '#000000', +)); + require_once ROOT_PATH . "/lessphp/lib/Less/Autoloader.php"; Less_Autoloader::register(); diff --git a/inc/format.php b/dns.php similarity index 54% rename from inc/format.php rename to dns.php index e6fe7df..f847507 100644 --- a/inc/format.php +++ b/dns.php @@ -1,5 +1,13 @@ prepare('SELECT username FROM users WHERE username = ?'); - $op->execute($usernameArray); - - $data = $op->fetch(); - if (isset($data['username'])) - $dbUsername = $data['username']; - else - $dbUsername = NULL; - - if (isset($dbUsername)) { - return true; - } else { - return false; - } -} diff --git a/inc/const.php b/inc/const.php deleted file mode 100644 index 122a317..0000000 --- a/inc/const.php +++ /dev/null @@ -1,76 +0,0 @@ - 2. TLDs for Testing, & Documentation Examples - -// Custom Niver paths -define("PREFIX", ""); // Prefix in URL, if any -define("ROOT_PATH", "/var/www/niver" . PREFIX); // Niver's directory -define("SERVICE", substr(dirname($_SERVER['PHP_SELF']), strlen(PREFIX) + 1)); -define("PAGE", basename($_SERVER['PHP_SELF'], '.php')); -define("DB_PATH", ROOT_PATH . "/db/niver.db"); // Niver's SQLite database -define("NIVER_TEMPLATE_PATH", "/usr/local/share/niver"); // Templates directory (nginx, knot...) -define("MANIVER_PATH", "/usr/local/bin/maniver"); // Executable file -define("HT_PATH", "/srv/ht"); // The mountpoint of the hypertext storage partition (that will be accessed over SFTP) -// Nginx -define("NGINX_CONFIG_PATH", "/etc/nginx/ht"); // Nginx configuration directory -// Tor -define("TOR_CONFIG_PATH", "/etc/tor/instances/niver/torrc"); // Tor configuration file -define("TOR_KEYS_PATH", "/var/lib/tor-instances/niver/keys"); // Tor keys directory -// Knot -define("KNOT_ZONES_PATH", "/srv/ns"); // Knot zones directory -// Executable files (you can get the full path of a command with $ which ) -define("KNOTC_PATH", "/usr/sbin/knotc"); -define("KEYMGR_PATH", "/usr/sbin/keymgr"); -define("SUDO_PATH", "/usr/bin/sudo"); -define("LS_PATH", "/usr/bin/ls"); - -// Both frontend and backend regexes -define("USERNAME_REGEX", "^[a-z]{4,32}$"); -define("PASSWORD_REGEX", "^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])[a-zA-Z0-9]{8,1024}|.{10,1024}$"); -define("SUBDOMAIN_REGEX", "^[a-z]{4,63}$"); - -// Password storage security -define("ALGO_PASSWORD", PASSWORD_ARGON2ID); -define("OPTIONS_PASSWORD", array( - "memory_cost" => 65536, - "time_cost" => 24, - "threads" => 64, -)); - -// Color scheme -define("THEME", array( - // Displayed on light theme - 'darkRegColor' => "#D100D1", - 'darkNsColor' => "#006DFF", - 'darkHtColor' => "#008768", - 'darkAuthColor' => "#EE0000", - - // Displayed on dark theme - 'lightRegColor' => "#FF50FF", - 'lightNsColor' => "#00FFFF", - 'lightHtColor' => "#FFFF00", - 'lightAuthColor' => "#00FF00", - - 'lightColor' => '#FFFFFF', - 'darkColor' => '#000000', -)); - -// Public suffixes -define("SUFFIXES", array( - REGISTRY, -)); diff --git a/inc/ns.php b/ns.php similarity index 94% rename from inc/ns.php rename to ns.php index 72f8e07..5f84bcb 100644 --- a/inc/ns.php +++ b/ns.php @@ -1,5 +1,10 @@ + @@ -14,4 +14,4 @@ Se connecter - + diff --git a/public/auth/login.php b/public/auth/login.php index 1dbfa00..7a42a43 100644 --- a/public/auth/login.php +++ b/public/auth/login.php @@ -1,4 +1,4 @@ - +

@@ -29,18 +29,17 @@ if (isset($_POST['username']) AND isset($_POST['password'])) { if (checkPassword($_POST['username'], $_POST['password'])) { $_SESSION['username'] = htmlspecialchars($_POST['username']); - $_SESSION['sftp_enabled'] = sftpStatus($_SESSION['username']); if (outdatedPasswordHash($_SESSION['username'])) changePassword($_SESSION['username'], $_POST['password']); if (isset($_GET['redir'])) { if (preg_match("/^[0-9a-z\/-]+$/", $_GET['redir'])) - header('Location: ' . PREFIX . "/" . $_GET['redir']); + header("Location: " . PREFIX . "/" . $_GET['redir']); else exit("ERROR : Wrong character in redir argument"); } else { - header('Location: ' . PREFIX); + header("Location: " . PREFIX . "/"); } exit; } else { @@ -51,4 +50,4 @@ if (isset($_POST['username']) AND isset($_POST['password'])) { ?> - + diff --git a/public/auth/logout.php b/public/auth/logout.php index ba7f702..d87999a 100644 --- a/public/auth/logout.php +++ b/public/auth/logout.php @@ -1,4 +1,4 @@ - + - + diff --git a/public/auth/password.php b/public/auth/password.php index 5f93e9b..c2a078e 100644 --- a/public/auth/password.php +++ b/public/auth/password.php @@ -1,4 +1,4 @@ - +

Vous pouvez ici changer le mot de passe permettant d'accéder à votre compte Niver. @@ -45,4 +45,4 @@ if (isset($_SESSION['username']) AND isset($_POST['newPassword']) AND isset($_PO ?> - + diff --git a/public/auth/register.php b/public/auth/register.php index 518faff..ebc0436 100644 --- a/public/auth/register.php +++ b/public/auth/register.php @@ -1,4 +1,4 @@ - + Se connecter - + diff --git a/public/ht/http-onion.php b/public/ht/http-onion.php index b96a63e..37e4cdd 100644 --- a/public/ht/http-onion.php +++ b/public/ht/http-onion.php @@ -1,4 +1,4 @@ - +

Ajouter un accès en .onion sur un dossier

@@ -96,4 +96,4 @@ if (isset($_POST['dir']) AND isset($_SESSION['username'])) { ?> - + diff --git a/public/ht/https-domain.php b/public/ht/https-domain.php index 611cac8..1a25386 100644 --- a/public/ht/https-domain.php +++ b/public/ht/https-domain.php @@ -1,4 +1,4 @@ - +

Ajouter un domaine sur un dossier de site
@@ -81,4 +81,4 @@ if (isset($_POST['domain']) AND isset($_POST['dir']) AND isset($_SESSION['userna ?> - + diff --git a/public/ht/index.php b/public/ht/index.php index 71831f6..006fc03 100644 --- a/public/ht/index.php +++ b/public/ht/index.php @@ -1,4 +1,4 @@ - +

Gérer l'accès SFTP
@@ -19,4 +19,4 @@
- + diff --git a/public/ht/le.php b/public/ht/le.php index 3f182da..55e149c 100644 --- a/public/ht/le.php +++ b/public/ht/le.php @@ -1,4 +1,4 @@ - +

Installer un certificat Let's Encrypt

@@ -52,4 +52,4 @@ if (isset($_POST['domain']) AND isset($_SESSION['username'])) { ?> - + diff --git a/public/ht/sftp.php b/public/ht/sftp.php index 7b6d541..2ab2711 100644 --- a/public/ht/sftp.php +++ b/public/ht/sftp.php @@ -1,4 +1,4 @@ - + @@ -166,4 +166,4 @@ if ($_SESSION['sftp_enabled'] == false) { ?> } ?> - + diff --git a/public/index.php b/public/index.php index c858116..7233576 100644 --- a/public/index.php +++ b/public/index.php @@ -1,9 +1,9 @@ - +
-
Registre
+
Registre
- Demander l'attribution d'un sous-domaine de + Demander l'attribution d'un sous-domaine
Serveurs de noms
@@ -19,4 +19,4 @@
- + diff --git a/public/ns/caa.php b/public/ns/caa.php index 4aeddde..d137aab 100644 --- a/public/ns/caa.php +++ b/public/ns/caa.php @@ -1,8 +1,8 @@ - + - +
@@ -49,4 +49,4 @@ if (nsCommonRequirements() ?> - + diff --git a/public/ns/dnssec.php b/public/ns/dnssec.php index 21cecfc..17b7ba7 100644 --- a/public/ns/dnssec.php +++ b/public/ns/dnssec.php @@ -1,4 +1,4 @@ - + Afin d'activer DNSSEC, vous devez indiquer un enregistrement DS à la zone parente. @@ -72,4 +72,4 @@ if (isset($_POST['zone']) AND isset($_SESSION['username'])) { - + diff --git a/public/ns/index.php b/public/ns/index.php index 2e6a09c..d9f1cbc 100644 --- a/public/ns/index.php +++ b/public/ns/index.php @@ -1,4 +1,4 @@ - +
Gérer ses zones
@@ -58,4 +58,4 @@ -->
- + diff --git a/public/ns/ip.php b/public/ns/ip.php index 2548e55..0e7a598 100644 --- a/public/ns/ip.php +++ b/public/ns/ip.php @@ -1,15 +1,12 @@ - +

Ici vous pouvez ajouter ou enlever des adresses IP dans une zone déjà enregistrée sur le serveur de noms de Niver
Le format IPv4 (A) ou IPv6 (AAAA) sera détecté automatiquement. -
Si vous souhaitez utiliser un service d'hébergement hypertexte de Niver, voici les adresses à renseigner : -
IPv4 : -
IPv6 :

- +

@@ -40,4 +37,4 @@ if (nsCommonRequirements() ?> - + diff --git a/public/ns/loc.php b/public/ns/loc.php index 4aeddde..d137aab 100644 --- a/public/ns/loc.php +++ b/public/ns/loc.php @@ -1,8 +1,8 @@ - + - +
@@ -49,4 +49,4 @@ if (nsCommonRequirements() ?> - + diff --git a/public/ns/mx.php b/public/ns/mx.php index 7138e19..c526825 100644 --- a/public/ns/mx.php +++ b/public/ns/mx.php @@ -1,8 +1,8 @@ - + - +
@@ -42,4 +42,4 @@ if (nsCommonRequirements() ?> - + diff --git a/public/ns/ns.php b/public/ns/ns.php index f4c49c0..d2fcaf3 100644 --- a/public/ns/ns.php +++ b/public/ns/ns.php @@ -1,7 +1,7 @@ - + - +

@@ -27,4 +27,4 @@ if (nsCommonRequirements() ?> - + diff --git a/public/ns/srv.php b/public/ns/srv.php index 5211919..b147e32 100644 --- a/public/ns/srv.php +++ b/public/ns/srv.php @@ -1,8 +1,8 @@ - + - +
@@ -62,4 +62,4 @@ if (nsCommonRequirements() ?> - + diff --git a/public/ns/sshfp.php b/public/ns/sshfp.php index c5b6814..1f0e644 100644 --- a/public/ns/sshfp.php +++ b/public/ns/sshfp.php @@ -1,8 +1,8 @@ - + - +
@@ -59,4 +59,4 @@ if (nsCommonRequirements() ?> - + diff --git a/public/ns/tlsa.php b/public/ns/tlsa.php index 463777e..bfcb348 100644 --- a/public/ns/tlsa.php +++ b/public/ns/tlsa.php @@ -1,8 +1,8 @@ - + - +
@@ -75,4 +75,4 @@ if (nsCommonRequirements() ?> - + diff --git a/public/ns/txt.php b/public/ns/txt.php index b55abb9..be303a3 100644 --- a/public/ns/txt.php +++ b/public/ns/txt.php @@ -1,7 +1,7 @@ - + - +

@@ -28,4 +28,4 @@ if (nsCommonRequirements() ?> - + diff --git a/public/ns/zone.php b/public/ns/zone.php index a2af66b..9ae64dc 100644 --- a/public/ns/zone.php +++ b/public/ns/zone.php @@ -1,4 +1,4 @@ - +

Ajouter une zone

@@ -71,7 +71,7 @@ if (isset($_POST['zone']) AND isset($_SESSION['username'])) { // Remove from Knot configuration exec(KNOTC_PATH . " conf-begin"); - exec(KNOTC_PATH . " conf-unset 'zone[" . $_POST['domain'] . "]'"); + exec(KNOTC_PATH . " conf-unset 'zone[" . $_POST['zone'] . "]'"); exec(KNOTC_PATH . " conf-commit"); // Remove from Niver's database @@ -88,4 +88,4 @@ if (isset($_POST['zone']) AND isset($_SESSION['username'])) { ?> - + diff --git a/public/reg/ds.php b/public/reg/ds.php index 3735fe0..fd8973b 100644 --- a/public/reg/ds.php +++ b/public/reg/ds.php @@ -1,4 +1,4 @@ - + @@ -104,4 +104,4 @@ if (isset($_POST['zone']) AND isset($_POST['keytag']) AND isset($_POST['algo']) ?> - + diff --git a/public/reg/glue.php b/public/reg/glue.php index a4e48f9..ada8b70 100644 --- a/public/reg/glue.php +++ b/public/reg/glue.php @@ -1,4 +1,4 @@ - + @@ -76,4 +76,4 @@ if (isset($_POST['action']) AND isset($_POST['subdomain']) AND isset($_POST['suf ?> - + diff --git a/public/reg/index.php b/public/reg/index.php index 48b0e2a..e173c47 100644 --- a/public/reg/index.php +++ b/public/reg/index.php @@ -1,4 +1,4 @@ - +
Enregistrer un nouveau domaine
@@ -19,4 +19,4 @@
- + diff --git a/public/reg/ns.php b/public/reg/ns.php index 180043c..2e61159 100644 --- a/public/reg/ns.php +++ b/public/reg/ns.php @@ -1,4 +1,4 @@ - + @@ -48,13 +48,13 @@ if (isset($_POST['domain']) AND isset($_POST['action']) AND isset($_POST['ns']) exec(KNOTC_PATH . " zone-begin " . $suffix, $output); exec(KNOTC_PATH . " zone-" . $action . "set " . $suffix . " " . $_POST['domain'] . " 86400 IN NS " . $_POST['ns'], $output); exec(KNOTC_PATH . " zone-commit " . $suffix, $output); + $error = false; foreach ($output as $line) { if ($line !== "OK") { $error = true; } } if ($error) { - appendLog($output); echo "An ERROR occured!"; } else { echo "Modification effectuée avec succès"; @@ -63,4 +63,4 @@ if (isset($_POST['domain']) AND isset($_POST['action']) AND isset($_POST['ns']) ?> - + diff --git a/public/reg/register.php b/public/reg/register.php index 9e0de09..d12cd3a 100644 --- a/public/reg/register.php +++ b/public/reg/register.php @@ -1,4 +1,4 @@ - + Enregistrer la possession d'un domaine sur son compte.
Ce domaine doit être composé uniquement d'au moins 4 lettres latines non accentuées. @@ -64,4 +64,4 @@ if (isset($_POST['subdomain']) AND isset($_POST['suffix']) AND isset($_SESSION[' ?> - + diff --git a/inc/reg.php b/reg.php similarity index 91% rename from inc/reg.php rename to reg.php index 090259b..1da154e 100644 --- a/inc/reg.php +++ b/reg.php @@ -1,5 +1,15 @@