servnest
/
servnest
1
1
Fork 0
Code Issues 4 Pull Requests Releases Wiki Activity
318 Commits 2 Branches 0 Tags 907 KiB
Commit Graph

32 Commits

Author SHA1 Message Date
Miraty e96d61703b ns/sync.php: instant sync when adding new sync 2023-10-08 00:50:48 +02:00
Miraty bb937526a7 check.php: use null coalescing operator ("??") more 2023-08-14 18:20:47 +02:00
Miraty 40e67b0c0c declare(strict_types=1); 2023-07-17 21:15:18 +02:00
Miraty 1d856e1e2e ns/sync: translations and bugfixes 2023-06-26 04:13:52 +02:00
Miraty 858d6e8d02 Add ns/sync and jobs/ns-syncs 2023-06-24 16:54:36 +02:00
Miraty ccd17b7ffa Clear entries in ssh-keys when deleting account 2023-06-21 22:08:57 +02:00
Miraty 973a129079 Add type in functions signatures 2023-06-20 00:36:58 +02:00
Miraty 7f7bcadb58 Fix important vulnerability in reg/ds.php + exescape 
In page reg/ds.php, POST parameter 'key' was directly sent to shell, allowing for remote arbitrary commands execution.

This commit fixes this vulnerability, and uses a new function to automatically escape every shell command arguments as an additional generic protection.
 2023-06-19 02:15:43 +02:00
Miraty e4ae765486 init.php + jobs + job to delete old testing accounts 2023-06-08 17:36:44 +02:00
Miraty 864f868890 Split accounts capabilities; Info about rate limit 2023-05-02 19:30:53 +02:00
Miraty ad98060f9e Fix deprecation notices 2023-02-07 22:25:16 +01:00
Miraty 3b97b3cc2f Describe config.ini in DOCS/configuration.md 2023-01-26 16:22:03 +01:00
Miraty 6b1b3547c3 OpenSSL > libsodium, authenticate username, PHP 8.2+ 2023-01-18 16:00:17 +01:00
Miraty 4f84025baf Encrypt display username, with key in cookie 2023-01-07 23:11:44 +01:00
Miraty 73c137aaba Split pages/ between pg-act/ and pg-view/ 2022-12-20 21:17:03 +01:00
Miraty ffd7e283a1 Simplify PDO use 2022-12-13 17:38:54 +01:00
Miraty 7a018e5a88 Trusted > approved, add approval.php, DB_PATH > DB 2022-12-10 18:19:37 +01:00
Miraty 9173336714 Check that account still exists when doing something 2022-11-30 23:38:02 +01:00
Miraty f15681999b Internal ID, Argon2 for usernames, username changes 2022-11-30 23:12:42 +01:00
Miraty 922f649a08 Use a hash as internal username 2022-11-26 21:45:48 +01:00
Miraty 567034b8fe Fix regDeleteDomain security flaw + D regex modifier 
regDeleteDomain() in fn/reg.php used too loose pattern matching for data deletion, that also deleted other domains that included the deleted domain
 2022-11-20 18:17:03 +01:00
Miraty 18d976217b Use single quotes instead of double quotes 2022-11-20 15:11:54 +01:00
Miraty 14506ab9e2 Lower time_cost Argon2 param 2022-11-01 00:28:50 +01:00
Miraty 54c4f8ab68 Minor changes 2022-10-09 23:36:35 +02:00
Miraty 77f6dfaada Token bucket rate limiting 2022-09-17 00:49:07 +02:00
Miraty 763762f08b fn success/userError/serverError > output($code) 2022-09-15 19:18:48 +02:00
Miraty 17f6f486fc Allow any unicode letter and number in user's values 2022-06-25 16:43:58 +02:00
Miraty 6dbc63a36a Add form to delete account 
Move service-specific deletion code to functions
 2022-06-18 04:22:05 +02:00
Miraty 265097aa85 Use the query() function more 2022-06-12 01:31:16 +02:00
Miraty d9440231ac del-http-onion.php + query() 2022-06-11 23:42:48 +02:00
Miraty 6b602eb43f Update auth forms 2022-06-10 21:14:47 +02:00
Miraty fac61531dd Create fn/ directory 2022-05-31 19:12:14 +02:00