diff --git a/common/init.php b/common/init.php index 411a62d..2368761 100644 --- a/common/init.php +++ b/common/init.php @@ -15,15 +15,30 @@ if (SERVICE !== "") // Page titles definition require "pages.php"; +function success($msg) { + echo "

Succès : " . $msg . "

"; + closeHTML(); +} + +// When the user requests something unexpected function userError($msg) { http_response_code(403); echo "

Erreur utilisataire : " . $msg . "

"; closeHTML(); } +// When the system did something unexpected function serverError($msg) { http_response_code(500); error_log("Niver internal error: " . strip_tags($msg)); echo "

Server error: The server encountered an error: " . $msg . "

"; closeHTML(); } + +// For use in pages that first display a form and then process it +function switchToFormProcess($requireLogin = true) { + if (empty($_POST)) + closeHTML(); + if ($requireLogin AND !isset($_SESSION['username'])) + userError("Vous devez être connecté·e pour effectuer cette action."); +} diff --git a/public/ht/http-onion.php b/public/ht/http-onion.php index cb208a7..0135cd6 100644 --- a/public/ht/http-onion.php +++ b/public/ht/http-onion.php @@ -28,55 +28,49 @@ if (isset($_SESSION['username'])) { dir."); +if ($dirsStatuses[$_POST['dir']] !== false) + userError("Wrong value for dir."); - // Generate a .onion address - $torConf = file_get_contents(CONF['ht']['tor_config_path']); - $torConf = $torConf . "HiddenServiceDir " . CONF['ht']['tor_keys_path'] . "/" . $_POST['dir'] . "/ +// Generate a .onion address +$torConf = file_get_contents(CONF['ht']['tor_config_path']); +$torConf = $torConf . "HiddenServiceDir " . CONF['ht']['tor_keys_path'] . "/" . $_POST['dir'] . "/ HiddenServicePort 80 [::1]:" . CONF['ht']['internal_onion_http_port'] . " "; - file_put_contents(CONF['ht']['tor_config_path'], $torConf); +file_put_contents(CONF['ht']['tor_config_path'], $torConf); - exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['systemctl_path'] . " reload tor", $output); - addNiverLog("Tor reloaded by " . $_SESSION['username'], $output); +exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['systemctl_path'] . " reload tor", $output); +addNiverLog("Tor reloaded by " . $_SESSION['username'], $output); - // Copy generated address to a location readable by PHP - exec(CONF['ht']['sudo_path'] . " " . MANIVER_PATH . " export-tor " . $_SESSION['username'] . " " . $_POST['dir'], $output); - addNiverLog("Tor data exported by " . $_SESSION['username'], $output); +// Copy generated address to a location readable by PHP +exec(CONF['ht']['sudo_path'] . " " . MANIVER_PATH . " export-tor " . $_SESSION['username'] . " " . $_POST['dir'], $output); +addNiverLog("Tor data exported by " . $_SESSION['username'], $output); - // Wait - sleep(1); +// Wait +sleep(1); - // Get the address generated by Tor - $onion = file_get_contents(CONF['ht']['ht_path'] . "/" . $_SESSION['username'] . "/" . $_POST['dir'] . "/hostname"); - $onion = str_replace(array("\r", "\n"), "", $onion); - if (preg_match("/[0-9a-z]{56}\.onion/", $onion) !== 1) - serverError("No onion address found."); +// Get the address generated by Tor +$onion = file_get_contents(CONF['ht']['ht_path'] . "/" . $_SESSION['username'] . "/" . $_POST['dir'] . "/hostname"); +$onion = str_replace(array("\r", "\n"), "", $onion); +if (preg_match("/[0-9a-z]{56}\.onion/", $onion) !== 1) + serverError("No onion address found."); - // Store it in the database - addSite($_SESSION['username'], $_POST['dir'], $onion, "onion", "http"); +// Store it in the database +addSite($_SESSION['username'], $_POST['dir'], $onion, "onion", "http"); - // Add it to Nginx - $nginxConf = file_get_contents(NIVER_TEMPLATE_PATH . "/nginx/onion.template"); - $nginxConf = str_replace("{{CONF['ht']['internal_onion_http_port']}}", CONF['ht']['internal_onion_http_port'], $nginxConf); - $nginxConf = str_replace("{{DOMAIN}}", $onion, $nginxConf); - $nginxConf = str_replace("{{CONF['ht']['ht_path']}}", CONF['ht']['ht_path'], $nginxConf); - $nginxConf = str_replace("{{USERNAME}}", $_SESSION['username'], $nginxConf); - $nginxConf = str_replace("{{DIR}}", $_POST['dir'], $nginxConf); - file_put_contents(CONF['ht']['nginx_config_path'] . "/" . $_POST['dir'] . ".conf", $nginxConf); +// Add it to Nginx +$nginxConf = file_get_contents(NIVER_TEMPLATE_PATH . "/nginx/onion.template"); +$nginxConf = str_replace("{{CONF['ht']['internal_onion_http_port']}}", CONF['ht']['internal_onion_http_port'], $nginxConf); +$nginxConf = str_replace("{{DOMAIN}}", $onion, $nginxConf); +$nginxConf = str_replace("{{CONF['ht']['ht_path']}}", CONF['ht']['ht_path'], $nginxConf); +$nginxConf = str_replace("{{USERNAME}}", $_SESSION['username'], $nginxConf); +$nginxConf = str_replace("{{DIR}}", $_POST['dir'], $nginxConf); +file_put_contents(CONF['ht']['nginx_config_path'] . "/" . $_POST['dir'] . ".conf", $nginxConf); - // Reload Nginx - exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['systemctl_path'] . " reload nginx", $output); - addNiverLog("Nginx reloaded by " . $_SESSION['username'], $output); +// Reload Nginx +exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['systemctl_path'] . " reload nginx", $output); +addNiverLog("Nginx reloaded by " . $_SESSION['username'], $output); - // Tell the user their site address - echo "

L'adresse de votre site Onion HTTP est :
http://" . $onion . "

"; - -} - -?> - - +// Tell the user their site address +success("L'adresse de votre service Onion HTTP est : http://" . $onion . "/"); diff --git a/public/ht/https-domain.php b/public/ht/https-domain.php index 23caaf9..bf1fd40 100644 --- a/public/ht/https-domain.php +++ b/public/ht/https-domain.php @@ -34,16 +34,16 @@ if (isset($_SESSION['username'])) { dir."); +if ($dirsStatuses[$_POST['dir']] !== false) + userError("Wrong value for dir."); - addSite($_SESSION['username'], $_POST['dir'], $_POST['domain'], "dns", "http"); +addSite($_SESSION['username'], $_POST['dir'], $_POST['domain'], "dns", "http"); - $nginxConf = 'server { +$nginxConf = 'server { listen [::1]:' . CONF['ht']['https_port'] . ' ssl http2; listen 127.0.0.1:' . CONF['ht']['https_port'] . ' ssl http2; server_name ' . $_POST['domain'] . '; @@ -55,14 +55,9 @@ if (isset($_POST['domain']) AND isset($_POST['dir']) AND isset($_SESSION['userna include inc/ht-tls.conf; } '; - file_put_contents(CONF['ht']['nginx_config_path'] . "/" . $_POST['domain'] . ".conf", $nginxConf); +file_put_contents(CONF['ht']['nginx_config_path'] . "/" . $_POST['domain'] . ".conf", $nginxConf); - // Reload Nginx - exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['systemctl_path'] . " reload nginx"); +// Reload Nginx +exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['systemctl_path'] . " reload nginx"); - echo "Accès HTTP par domaine ajouté sur ce dossier !"; -} - -?> - - +success("Accès HTTP par domaine ajouté sur ce dossier !"); diff --git a/public/ht/le.php b/public/ht/le.php index 75784ec..4e1a92a 100644 --- a/public/ht/le.php +++ b/public/ht/le.php @@ -20,33 +20,28 @@ - - +success("La connexion avec votre site utilise désomais un certificat TLS émis par Let's Encrypt."); diff --git a/public/ns/caa.php b/public/ns/caa.php index 48c23b9..f4bd0bc 100644 --- a/public/ns/caa.php +++ b/public/ns/caa.php @@ -22,37 +22,27 @@ = 0 AND $_POST['flag'] <= 255)) - userError("Wrong value for flag."); - - if (!(preg_match("/^[a-z]{1,127}$/", $_POST['tag']))) - userError("Wrong value for tag."); - - if (!(preg_match("/^[a-z0-9.-]{1,255}$/", $_POST['value']))) - userError("Wrong value for value."); - - knotcExec($_POST['zone'], array( - $values['domain'], - $values['ttl'], - "CAA", - $_POST['flag'], - $_POST['tag'], - $_POST['value'] - )); - - echo "Enregistrement ajouté"; -} +switchToFormProcess(); +$values = nsParseCommonRequirements(); -?> +if (!($_POST['flag'] >= 0 AND $_POST['flag'] <= 255)) + userError("Wrong value for flag."); - +if (!(preg_match("/^[a-z]{1,127}$/", $_POST['tag']))) + userError("Wrong value for tag."); + +if (!(preg_match("/^[a-z0-9.-]{1,255}$/", $_POST['value']))) + userError("Wrong value for value."); + +knotcExec($_POST['zone'], array( + $values['domain'], + $values['ttl'], + "CAA", + $_POST['flag'], + $_POST['tag'], + $_POST['value'] +)); + +success("Enregistrement ajouté"); diff --git a/public/ns/ip.php b/public/ns/ip.php index 560cba7..8b097b3 100644 --- a/public/ns/ip.php +++ b/public/ns/ip.php @@ -13,24 +13,18 @@ - - +success("Enregistrement ajouté"); diff --git a/public/ns/mx.php b/public/ns/mx.php index fc7d1ab..eb0a590 100644 --- a/public/ns/mx.php +++ b/public/ns/mx.php @@ -22,29 +22,21 @@ = 0 AND $_POST['priority'] <= 255)) - userError("Wrong value for priority."); +if (!($_POST['priority'] >= 0 AND $_POST['priority'] <= 255)) + userError("Wrong value for priority."); - checkAbsoluteDomainFormat($_POST['host']); +checkAbsoluteDomainFormat($_POST['host']); - knotcExec($_POST['zone'], array( - $values['domain'], - $values['ttl'], - "MX", - $_POST['priority'], - $_POST['host'] - )); +knotcExec($_POST['zone'], array( + $values['domain'], + $values['ttl'], + "MX", + $_POST['priority'], + $_POST['host'] +)); - echo "Enregistrement ajouté"; -} - -?> - - +success("Enregistrement ajouté"); diff --git a/public/ns/ns.php b/public/ns/ns.php index 7da407f..0e5776f 100644 --- a/public/ns/ns.php +++ b/public/ns/ns.php @@ -11,24 +11,18 @@ - - +success("Enregistrement ajouté"); diff --git a/public/ns/srv.php b/public/ns/srv.php index 234c0ea..d414a23 100644 --- a/public/ns/srv.php +++ b/public/ns/srv.php @@ -34,39 +34,29 @@ = 0 AND $_POST['priority'] <= 65535)) - userError("Wrong value for priority."); +if (!($_POST['priority'] >= 0 AND $_POST['priority'] <= 65535)) + userError("Wrong value for priority."); - if (!($_POST['weight'] >= 0 AND $_POST['weight'] <= 65535)) - userError("Wrong value for weight."); +if (!($_POST['weight'] >= 0 AND $_POST['weight'] <= 65535)) + userError("Wrong value for weight."); - if (!($_POST['port'] >= 0 AND $_POST['port'] <= 65535)) - userError("Wrong value for port."); +if (!($_POST['port'] >= 0 AND $_POST['port'] <= 65535)) + userError("Wrong value for port."); - checkAbsoluteDomainFormat($_POST['target']); +checkAbsoluteDomainFormat($_POST['target']); - knotcExec($_POST['zone'], array( - $values['domain'], - $values['ttl'], - "SRV", - $_POST['priority'], - $_POST['weight'], - $_POST['port'], - $_POST['target'] - )); +knotcExec($_POST['zone'], array( + $values['domain'], + $values['ttl'], + "SRV", + $_POST['priority'], + $_POST['weight'], + $_POST['port'], + $_POST['target'] +)); - echo "Enregistrement ajouté"; -} - -?> - - +success("Enregistrement ajouté"); diff --git a/public/ns/sshfp.php b/public/ns/sshfp.php index e76987b..55232f6 100644 --- a/public/ns/sshfp.php +++ b/public/ns/sshfp.php @@ -35,34 +35,26 @@ algo."); +if (!($_POST['algo'] === "1" OR $_POST['algo'] === "3" OR $_POST['algo'] === "4")) + userError("Wrong value for algo."); - if (!($_POST['type'] === "2")) - userError("Wrong value for type."); +if (!($_POST['type'] === "2")) + userError("Wrong value for type."); - if (!(preg_match("/^[a-z0-9]{64}$/", $_POST['fp']))) - userError("Wrong value for fp."); +if (!(preg_match("/^[a-z0-9]{64}$/", $_POST['fp']))) + userError("Wrong value for fp."); - knotcExec($_POST['zone'], array( - $values['domain'], - $values['ttl'], - "SSHFP", - $_POST['algo'], - $_POST['type'], - $_POST['fp'] - )); +knotcExec($_POST['zone'], array( + $values['domain'], + $values['ttl'], + "SSHFP", + $_POST['algo'], + $_POST['type'], + $_POST['fp'] +)); - echo "Enregistrement ajouté"; -} - -?> - - +success("Enregistrement ajouté"); diff --git a/public/ns/tlsa.php b/public/ns/tlsa.php index 11544ab..e1fb755 100644 --- a/public/ns/tlsa.php +++ b/public/ns/tlsa.php @@ -44,42 +44,30 @@ = 0 AND $_POST['use'] <= 3)) - userError("Wrong value for use."); +if (!($_POST['use'] >= 0 AND $_POST['use'] <= 3)) + userError("Wrong value for use."); - if (!($_POST['selector'] === "0" OR $_POST['selector'] === "1")) - userError("Wrong value for selector."); +if (!($_POST['selector'] === "0" OR $_POST['selector'] === "1")) + userError("Wrong value for selector."); - if (!($_POST['type'] >= 0 AND $_POST['type'] <= 2)) - userError("Wrong value for type."); +if (!($_POST['type'] >= 0 AND $_POST['type'] <= 2)) + userError("Wrong value for type."); - if (!(preg_match("/^[a-zA-Z0-9.-]{1,1024}$/", $_POST['content']))) - userError("Wrong value for content."); +if (!(preg_match("/^[a-zA-Z0-9.-]{1,1024}$/", $_POST['content']))) + userError("Wrong value for content."); - knotcExec($_POST['zone'], array( - $values['domain'], - $values['ttl'], - "TLSA", - $_POST['use'], - $_POST['selector'], - $_POST['type'], - $_POST['content'] - )); +knotcExec($_POST['zone'], array( + $values['domain'], + $values['ttl'], + "TLSA", + $_POST['use'], + $_POST['selector'], + $_POST['type'], + $_POST['content'] +)); - echo "Enregistrement ajouté"; -} - - - -?> - - +success("Enregistrement ajouté"); diff --git a/public/ns/txt.php b/public/ns/txt.php index b265071..21c7cbb 100644 --- a/public/ns/txt.php +++ b/public/ns/txt.php @@ -11,25 +11,19 @@ txt."); +$values = nsParseCommonRequirements(); - knotcExec($_POST['zone'], array( - $values['domain'], - $values['ttl'], - "TXT", - "\"" . $_POST['txt'] . "\"" - )); +if (!(preg_match("/^[a-zA-Z0-9 =:!%$+\/\()[\]_-]{5,8192}$/", $_POST['txt']))) + userError("Wrong value for txt."); - echo "Enregistrement ajouté"; -} +knotcExec($_POST['zone'], array( + $values['domain'], + $values['ttl'], + "TXT", + "\"" . $_POST['txt'] . "\"" +)); -?> - - +success("Enregistrement ajouté"); diff --git a/public/reg/ds.php b/public/reg/ds.php index 4b66b81..944c78b 100644 --- a/public/reg/ds.php +++ b/public/reg/ds.php @@ -64,42 +64,37 @@ foreach($domains as $domain) algo."); +if ( + ($_POST['algo'] !== "8") + AND ($_POST['algo'] !== "13") + AND ($_POST['algo'] !== "14") + AND ($_POST['algo'] !== "15") + AND ($_POST['algo'] !== "16") +) userError("Wrong value for algo."); - $_POST['keytag'] = intval($_POST['keytag']); - if ((!preg_match("/^[0-9]{1,6}$/", $_POST['keytag'])) OR !($_POST['keytag'] >= 1) OR !($_POST['keytag'] <= 65535)) - userError("Wrong value for keytag."); +$_POST['keytag'] = intval($_POST['keytag']); +if ((!preg_match("/^[0-9]{1,6}$/", $_POST['keytag'])) OR !($_POST['keytag'] >= 1) OR !($_POST['keytag'] <= 65535)) + userError("Wrong value for keytag."); - if ($_POST['dt'] !== "2" AND $_POST['dt'] !== "4") - userError("Wrong value for dt."); +if ($_POST['dt'] !== "2" AND $_POST['dt'] !== "4") + userError("Wrong value for dt."); - regCheckDomainPossession($_POST['zone']); +regCheckDomainPossession($_POST['zone']); - $action = checkAction($_POST['action']); +$action = checkAction($_POST['action']); - $suffix = regGetUpperDomain($_POST['zone']); +$suffix = regGetUpperDomain($_POST['zone']); - knotcExec($suffix, array( - $_POST['zone'], - CONF['reg']['ttl'], - "DS", - $_POST['keytag'], - $_POST['algo'], - $_POST['dt'], - $_POST['key'] - )); +knotcExec($suffix, array( + $_POST['zone'], + CONF['reg']['ttl'], + "DS", + $_POST['keytag'], + $_POST['algo'], + $_POST['dt'], + $_POST['key'] +)); - echo "La requête a été envoyée à Knot"; -} - -?> - - +success("La requête a été envoyée à Knot"); diff --git a/public/reg/glue.php b/public/reg/glue.php index 32eb143..ce12a49 100644 --- a/public/reg/glue.php +++ b/public/reg/glue.php @@ -37,28 +37,23 @@ if (isset($_SESSION['username'])) - - +success("Glue record ajouté"); diff --git a/public/reg/ns.php b/public/reg/ns.php index a72075d..f3149fa 100644 --- a/public/reg/ns.php +++ b/public/reg/ns.php @@ -11,13 +11,11 @@

@@ -29,23 +27,18 @@ - - +success("Modification effectuée avec succès"); diff --git a/public/reg/register.php b/public/reg/register.php index 7d2fdaf..dd59c5b 100644 --- a/public/reg/register.php +++ b/public/reg/register.php @@ -15,32 +15,27 @@ Ce domaine doit être composé uniquement d'au moins 4 lettres latines non accen prepare("INSERT INTO registry(domain, username, last_renewal) VALUES(:domain, :username, :last_renewal)"); +$db = new PDO('sqlite:' . DB_PATH); +$stmt = $db->prepare("INSERT INTO registry(domain, username, last_renewal) VALUES(:domain, :username, :last_renewal)"); - $time = date("Y-m-d H:i:s"); +$time = date("Y-m-d H:i:s"); - $stmt->bindParam(':domain', $domain); - $stmt->bindParam(':username', $_SESSION['username']); - $stmt->bindParam(':last_renewal', $time); +$stmt->bindParam(':domain', $domain); +$stmt->bindParam(':username', $_SESSION['username']); +$stmt->bindParam(':last_renewal', $time); - $stmt->execute(); +$stmt->execute(); - echo "Nouveau domaine enregistré"; -} - -?> - - +success("Modification effectuée avec succès");