?, more checks on ht/

.gitignore

@@ -1 +1,2 @@
-css/ 
+css/
+niver.log

auth/login.php

@@ -25,7 +25,14 @@
       if (checkPassword($_POST['username'], $_POST['password'])) {
         $_SESSION['username'] = htmlspecialchars($_POST['username']);
         $_SESSION['sftp_enabled'] = sftpStatus($_SESSION['username']);
-        header('Location: ' . $prefixURL . '/');
+        if (isset($_GET['redir'])) {
+          if (preg_match("/^[0-9a-z\/-]+$/", $_GET['redir']))
+            header('Location: ' . PREFIX . "/" . $_GET['redir']);
+          else
+            exit("ERROR : Wrong caracter in redir argument");
+        } else {
+          header('Location: ' . PREFIX);
+        }
         exit;
       } else {
         echo "<br>Connexion impossible : mot de passe invalide";

auth/logout.php

@@ -2,7 +2,8 @@
 
 <?php
 session_destroy();
-header('Location: ' . $prefixURL . '/auth/');
+header('Location: ' . PREFIX . '/auth/');
 exit;
 ?>
+
 <?php require "../bottom.inc.php"; ?>

auth/password.php

@@ -6,10 +6,10 @@
 
     <form method="post">
       <label for="currentPassword">Mot de passe actuel</label><br>
-      <input required="" minlength="8" maxlength="1024" pattern="<?= $passwordPattern ?>" id="currentPassword" name="currentPassword" type="password" placeholder="************"><br>
+      <input required="" minlength="8" maxlength="1024" pattern="<?= PASSWORD_REGEX ?>" id="currentPassword" name="currentPassword" type="password" placeholder="************"><br>
 
       <label for="newPassword">Nouveau mot de passe</label><br>
-      <input required="" minlength="8" maxlength="1024" pattern="<?= $passwordPattern ?>" id="newPassword" name="newPassword" type="password" placeholder="************"><br>
+      <input required="" minlength="8" maxlength="1024" pattern="<?= PASSWORD_REGEX ?>" id="newPassword" name="newPassword" type="password" placeholder="************"><br>
 
       <input type="submit">
     </form>

auth/register.php

@@ -20,7 +20,7 @@ if (isset($_POST['username']) AND isset($_POST['password'])) {
 
     $stmt = $db->prepare("INSERT INTO users(username, password, sftp_enabled, registration_date) VALUES(:username, :password, 0, :registration_date)");
 
-    $time = time();
+    $time = date("Y-m-d H:i:s");
 
     $stmt->bindParam(':username', $username);
     $stmt->bindParam(':password', $password);
@@ -30,7 +30,7 @@ if (isset($_POST['username']) AND isset($_POST['password'])) {
 
     $_SESSION['username'] = $username;
     $_SESSION['sftp_enabled'] = false;
-    header('Location: ' . $prefixURL . '/');
+    header('Location: ' . PREFIX . '/');
     exit;
   }
 

bottom.inc.php

@@ -7,7 +7,7 @@ if (strpos($_SERVER['PHP_SELF'], "inc.php") !== false)
     <footer>
       <small>
       <?php if (isset($_SESSION['username'])) {
-        echo "Connecté·e en tant que " . $_SESSION['username'] . "<br><a class='authButton' href='" . $prefixURL . "/auth/logout.php'>Se déconnecter</a>";
+        echo "Connecté·e en tant que " . $_SESSION['username'] . "<br><a class='authButton' href='" . PREFIX . "/auth/logout'>Se déconnecter</a>";
       } else { ?>
         Vous n'êtes pas connecté·e à un compte Niver
       <?php } ?>

fn.inc.php

@@ -2,14 +2,22 @@
 if (strpos($_SERVER['PHP_SELF'], "inc.php") !== false)
   exit("This file is meant to be included.");
 
+function addNiverLog($message, $outputLines) {
+  $logs = "\n" . date("Y-m-d H:i:s") . " " . $message . "\n";
+  foreach ($outputLines as $outputLine) {
+    $logs = $logs . " " .  $outputLine . "\n";
+  }
+  file_put_contents(ROOT_PATH . "/niver.log", $logs, FILE_APPEND);
+}
+
 function sftpStatus($username) {
   $db = new PDO('sqlite:' . DB_PATH);
   $usernameArr[0] = $username;
 
-  $req = $db->prepare('SELECT sftp_enabled FROM users WHERE username = ?');
-  $req->execute($usernameArr);
+  $op = $db->prepare('SELECT sftp_enabled FROM users WHERE username = ?');
+  $op->execute($usernameArr);
 
-  $status = $req->fetch()['sftp_enabled'];
+  $status = $op->fetch()['sftp_enabled'];
 
   if ($status == "0") {
     return false;
@@ -23,35 +31,42 @@ function sftpStatus($username) {
 function enableSftp($username) {
   $db = new PDO('sqlite:' . DB_PATH);
 
-  $stmt = $db->prepare("UPDATE users SET sftp_enabled = 1 WHERE username = :username");
+  $op = $db->prepare("UPDATE users SET sftp_enabled = 1 WHERE username = :username");
 
-  $stmt->bindParam(':username', $username);
+  $op->bindParam(':username', $username);
 
-  $stmt->execute();
+  $op->execute();
 }
 
 function listUserZones($username) {
   $db = new PDO('sqlite:' . DB_PATH);
-  $usernameArr[0] = $username;
+  $usernameArray[0] = $username;
 
-  $req = $db->prepare('SELECT zone FROM zones WHERE username = ?');
-  $req->execute($usernameArr);
+  $op = $db->prepare('SELECT zone FROM zones WHERE username = ?');
+  $op->execute($usernameArray);
 
-  $zone = $req->fetch()['zone'];
+  $zone = $op->fetch()['zone'];
 
   $i = 0;
 
   while ($zone != NULL) {
     $zones[$i] = $zone;
     $i++;
-    $zone = $req->fetch()['zone'];
+    $zone = $op->fetch()['zone'];
   }
 
   return $zones;
 }
 
-function checkDomainValidity($domain) {
-  if (!filter_var($domain, FILTER_VALIDATE_DOMAIN))
+function checkAbsoluteDomainFormat($domain) {
+  // If the domain must end with a dot
+  if (!filter_var($domain, FILTER_VALIDATE_DOMAIN) OR !preg_match("/^([a-z]{1,63}\.){2,127}$/", $domain))
+    exit("Erreur : ce domaine n'est pas valide !");
+}
+
+function checkDomainFormat($domain) {
+  // If the domain must end without a dot
+  if (!filter_var($domain, FILTER_VALIDATE_DOMAIN) OR !preg_match("/^([a-z]{1,63}\.){1,126}[a-z]{1,63}$/", $domain))
     exit("Erreur : ce domaine n'est pas valide !");
 }
 
@@ -61,17 +76,17 @@ function nsCheckZonePossession($zone) {
   $db = new PDO('sqlite:' . DB_PATH);
   $username[0] = $_SESSION['username'];
 
-  $req = $db->prepare('SELECT zone FROM zones WHERE username = ?');
-  $req->execute($username);
+  $op = $db->prepare('SELECT zone FROM zones WHERE username = ?');
+  $op->execute($username);
 
-  $domain = $req->fetch()['zone'];
+  $domain = $op->fetch()['zone'];
 
   while ($domain != NULL) {
     if ($domain == $zone) {
       $owned = true;
       break;
     }
-    $domain = $req->fetch()['zone'];
+    $domain = $op->fetch()['zone'];
   }
 
   if (!$owned)
@@ -85,10 +100,10 @@ function nicCheckDomainPossession($submittedDomain) {
   $db = new PDO('sqlite:' . DB_PATH);
   $username[0] = $_SESSION['username'];
 
-  $req = $db->prepare('SELECT domain FROM registry WHERE username = ?');
-  $req->execute($username);
+  $op = $db->prepare('SELECT domain FROM registry WHERE username = ?');
+  $op->execute($username);
 
-  $dbDomain = $req->fetch()['domain'];
+  $dbDomain = $op->fetch()['domain'];
 
   $owned = false;
   while ($dbDomain != NULL) {
@@ -96,7 +111,7 @@ function nicCheckDomainPossession($submittedDomain) {
       $owned = true;
       break;
     }
-    $dbDomain = $req->fetch()['domain'];
+    $dbDomain = $op->fetch()['domain'];
   }
 
   if (!$owned)
@@ -109,10 +124,10 @@ function checkPassword($username, $password) {
 
   $db = new PDO('sqlite:' . DB_PATH);
 
-  $req = $db->prepare('SELECT username, password FROM users WHERE username = ?');
-  $req->execute($username2);
+  $op = $db->prepare('SELECT username, password FROM users WHERE username = ?');
+  $op->execute($username2);
 
-  $dbPassword = $req->fetch()['password'];
+  $dbPassword = $op->fetch()['password'];
 
   return password_verify($password, $dbPassword);
 }
@@ -122,10 +137,10 @@ function userExist($username) {
 
   $db = new PDO('sqlite:' . DB_PATH);
 
-  $req = $db->prepare('SELECT username FROM users WHERE username = ?');
-  $req->execute($username2);
+  $op = $db->prepare('SELECT username FROM users WHERE username = ?');
+  $op->execute($username2);
 
-  $dbUsername = $req->fetch()['username'];
+  $dbUsername = $op->fetch()['username'];
 
   if (isset($dbUsername) AND !is_null($dbUsername)) {
     return true;

ht/domain.php

@@ -1,36 +0,0 @@
-<?php require "../top.inc.php"; ?>
-    <p>
-      Ajouter un domaine sur un dossier de site<br>
-      Le domaine doit pointer vers ces adresses IP :<br>
-      IPv4 : 45.13.104.169<br>
-      IPv6 : 2a0b:cbc0:1103:2::106f
-    </p>
-
-    <form method="post">
-      <label for="domain">Domaine sur lequel répondre</label><br>
-      <input required="" placeholder="site.atope.art" id="domain" name="domain" type="text"><br>
-      <label for="dir">Dossier ciblé</label><br>
-      <input required="" placeholder="monsite" id="dir" name="dir" type="text"><br>
-
-      <input value="Valider" type="submit">
-    </form>
-
-    <?php
-
-    if (isset($_POST['domain']) AND isset($_POST['dir']) AND isset($_SESSION['username'])) {
-
-      $conf = file_get_contents("/etc/nginx/hyper.d/dns.template");
-      $conf = preg_replace("#DOMAIN#", $_POST['domain'], $conf);
-      $conf = preg_replace("#DIR#", $_POST['dir'], $conf);
-      $conf = preg_replace("#USER#", $_SESSION['username'], $conf);
-      file_put_contents("/etc/nginx/hyper.d/" . $_POST['domain'] . ".conf", $conf);
-      exec("sudo /root/maniver/target/debug/maniver reload-nginx");
-      //certbot certonly --nginx -d testcrabe.atope.art
-      echo "Formulaire traité !!";
-    } else {
-      echo "Rien n'a été reçu lors du dernier chargement";
-    }
-
-    ?>
-
-<?php require "../bottom.inc.php"; ?>

ht/ht.fn.inc.php

@@ -0,0 +1,54 @@
+<?php
+if (strpos($_SERVER['PHP_SELF'], "inc.php") !== false)
+  exit("This file is meant to be included.");
+
+function listFsDirs($username) {
+  exec("/usr/bin/ls ls --format=single-column -d /srv/hyper/" . $username . "/hyper/*/", $absoluteDirs);
+  foreach ($absoluteDirs as $i => $absoluteDir) {
+    $tree = explode("/", $absoluteDir); // The last key is NULL
+    end($tree);
+    $relativeDirs[$i] = prev($tree); // The name of the site dir is the before last key
+  }
+  return $relativeDirs;
+}
+
+function addSite($username, $siteDir, $domain, $domainType, $protocol) {
+  $db = new PDO('sqlite:' . DB_PATH);
+
+  $op = $db->prepare("INSERT INTO sites(username, site_dir, domain, domain_type, protocol, creation_date) VALUES(:username, :site_dir, :domain, :domain_type, :protocol, :creation_date)");
+
+  $time = date("Y-m-d H:i:s");
+
+  $op->bindParam(':username', $username);
+  $op->bindParam(':site_dir', $siteDir);
+  $op->bindParam(':domain', $domain);
+  $op->bindParam(':domain_type', $domainType);
+  $op->bindParam(':protocol', $protocol);
+  $op->bindParam(':creation_date', $time);
+
+  $op->execute();
+}
+
+function listDbDirs($username, $domainType, $protocol) {
+  $db = new PDO('sqlite:' . DB_PATH);
+  $usernameArray[0] = $username;
+
+  $op = $db->prepare('SELECT site_dir FROM sites WHERE username = :username AND domain_type = :domain_type AND protocol = :protocol');
+  $op->bindParam(':username', $username);
+  $op->bindParam(':domain_type', $domainType);
+  $op->bindParam(':protocol', $protocol);
+  $op->execute();
+
+  $i = 0;
+  $siteDir = $op->fetch()['site_dir'];
+
+  while ($siteDir != NULL) {
+    $siteDirs[$i] = $siteDir;
+    $i++;
+    $siteDir = $op->fetch()['site_dir'];
+  }
+  if (isset($siteDirs))
+    return $siteDirs;
+  else
+    return false;
+}

ht/http-onion.php

@@ -0,0 +1,89 @@
+<?php require "../top.inc.php"; ?>
+<p>
+  Ajouter un accès en .onion sur un dossier
+</p>
+
+<form method="post">
+  <label for="dir">Dossier ciblé</label><br>
+  <select required="" name="dir" id="dir">
+    <option value="" disabled="" selected="">---</option>
+
+    <?php
+
+    $fsDirs = listFsDirs($_SESSION['username']);
+    $dbUsedDirs = listDbDirs($_SESSION['username'], "onion", "http");
+    $i = 0;
+    $j = 0;
+    $alreadyEnabledDirs = NULL;
+    $notYetEnabledDirs = NULL;
+    foreach ($fsDirs as $fsDir) {
+      if ($dbUsedDirs AND in_array($fsDir, $dbUsedDirs)) {
+        $alreadyEnabledDirs[$i] = $fsDir;
+        $i++;
+      } else {
+        $notYetEnabledDirs[$j] = $fsDir;
+        $j++;
+      }
+    }
+
+    if (!is_null($notYetEnabledDirs)) {
+      foreach ($notYetEnabledDirs as $dir) {
+        echo "<option value='" . $dir . "'>" . $dir . "</option>";
+      }
+    }
+
+    if (!is_null($alreadyEnabledDirs)) {
+      foreach ($alreadyEnabledDirs as $dir) {
+        echo "<option disabled='' value='" . $dir . "'>" . $dir . "</option>";
+      }
+    }
+    ?>
+  </select>
+  <br>
+  <input value="Valider" type="submit">
+</form>
+
+<?php
+
+if (isset($_POST['dir']) AND isset($_SESSION['username'])) {
+
+  if (!in_array($_POST['dir'], $notYetEnabledDirs))
+    exit("ERROR : Wrong value for dir");
+
+  // Generate a .onion address
+  $torConf = file_get_contents("/etc/tor/torrc");
+  $torConf = $torConf . "\nHiddenServiceDir /var/lib/tor/niver/" . $_POST['dir'] . "/\nHiddenServicePort 80 [::1]:80";
+  file_put_contents("/etc/tor/torrc", $torConf);
+
+  exec("sudo -u root /root/maniver/target/debug/maniver reload-tor", $output);
+  addNiverLog("Tor reloaded by " . $_SESSION['username'], $output);
+
+  // Copy generated address to a location readable by PHP
+  exec("sudo -u root /root/maniver/target/debug/maniver export-tor " . $_SESSION['username'] . " " . $_POST['dir'], $output);
+  addNiverLog("Tor data exported by " . $_SESSION['username'], $output);
+
+  // Get the address generated by Tor
+  $onion = file_get_contents("/srv/hyper/" . $_SESSION['username'] . "/hyper/" . $_POST['dir'] . "/hostname");
+  $onion = str_replace(array("\r","\n"), "", $onion);
+
+  // Store it in the database
+  addSite($_SESSION['username'], $_POST['dir'], $onion, "onion", "http");
+
+  // Add it to Nginx
+  $nginxConf = file_get_contents("/etc/nginx/hyper.d/onion.template");
+  $nginxConf = preg_replace("#DOMAIN#", $onion, $nginxConf);
+  $nginxConf = preg_replace("#DIR#", $_POST['dir'], $nginxConf);
+  $nginxConf = preg_replace("#USER#", $_SESSION['username'], $nginxConf);
+  file_put_contents("/etc/nginx/hyper.d/" . $_POST['dir'] . ".conf", $nginxConf);
+
+  // Reload Nginx
+  exec("sudo /root/maniver/target/debug/maniver reload-nginx");
+
+  // Tell the user their site address
+  echo "<p>L'adresse de votre site Onion est :<br><a href='http://" . $onion . "'<code>http://" . $onion . "</code></a></p>";
+
+}
+
+?>
+
+<?php require "../bottom.inc.php"; ?>

ht/https-domain.php

@@ -0,0 +1,76 @@
+<?php require "../top.inc.php"; ?>
+<p>
+  Ajouter un domaine sur un dossier de site<br>
+  Le domaine doit pointer vers ces adresses IP :<br>
+  IPv4 : 45.13.104.169<br>
+  IPv6 : 2a0b:cbc0:1103:2::106f
+</p>
+
+<form method="post">
+  <label for="domain">Domaine sur lequel répondre</label><br>
+  <input required="" placeholder="site.atope.art" id="domain" name="domain" type="text"><br>
+  <label for="dir">Dossier ciblé</label><br>
+  <select required="" name="dir" id="dir">
+    <option value="" disabled="" selected="">---</option>
+
+    <?php
+
+    $fsDirs = listFsDirs($_SESSION['username']);
+    $dbUsedDirs = listDbDirs($_SESSION['username'], "dns", "http");
+    $i = 0;
+    $j = 0;
+    $alreadyEnabledDirs = NULL;
+    $notYetEnabledDirs = NULL;
+    foreach ($fsDirs as $fsDir) {
+      if ($dbUsedDirs AND in_array($fsDir, $dbUsedDirs)) {
+        $alreadyEnabledDirs[$i] = $fsDir;
+        $i++;
+      } else {
+        $notYetEnabledDirs[$j] = $fsDir;
+        $j++;
+      }
+    }
+
+    if (!is_null($notYetEnabledDirs)) {
+      foreach ($notYetEnabledDirs as $dir) {
+        echo "<option value='" . $dir . "'>" . $dir . "</option>";
+      }
+    }
+
+    if (!is_null($alreadyEnabledDirs)) {
+      foreach ($alreadyEnabledDirs as $dir) {
+        echo "<option disabled='' value='" . $dir . "'>" . $dir . "</option>";
+      }
+    }
+    ?>
+  </select>
+  <br>
+  <input value="Valider" type="submit">
+</form>
+
+<?php
+
+if (isset($_POST['domain']) AND isset($_POST['dir']) AND isset($_SESSION['username'])) {
+
+  checkDomainFormat($_POST['domain']);
+
+  if (!in_array($_POST['dir'], $notYetEnabledDirs))
+    exit("ERROR : Wrong value for dir");
+
+  addSite($_SESSION['username'], $_POST['dir'], $_POST['domain'], "dns", "http");
+
+  $conf = file_get_contents("/etc/nginx/hyper.d/dns.template");
+  $conf = preg_replace("#DOMAIN#", $_POST['domain'], $conf);
+  $conf = preg_replace("#DIR#", $_POST['dir'], $conf);
+  $conf = preg_replace("#USER#", $_SESSION['username'], $conf);
+  file_put_contents("/etc/nginx/hyper.d/" . $_POST['domain'] . ".conf", $conf);
+  exec("sudo /root/maniver/target/debug/maniver reload-nginx");
+  //certbot certonly --nginx -d testcrabe.atope.art
+  echo "Formulaire traité !!";
+} else {
+  echo "Rien n'a été reçu lors du dernier chargement";
+}
+
+?>
+
+<?php require "../bottom.inc.php"; ?>

ht/index.php

@@ -1,10 +1,14 @@
 <?php require "../top.inc.php"; ?>
-    <a class="htButton" href="sftp">Créer l'accès SSH</a>
-    <br>
-    <a class="htButton" href="onion">Ajouter un accès en .onion sur un dossier</a>
-    <br>
-    <a class="htButton" href="domain">Ajouter un accès par domaine sur un dossier</a>
-    <br>
-    <a class="htButton" href="le">Installer un certificat Let's Encrypt sur un domaine</a>
+
+<h2><a class="htButton" href="sftp">Gérer l'accès SFTP</a></h2>
+Accéder à son espace SFTP, pour publier et mettre à jour ses sites
+<br>
+<h2><a class="htButton" href="http-onion">Accès HTTP en Onion</a></h2>
+Un site HTML, accessible par Tor, avec une adresse en .onion
+<br>
+<h2><a class="htButton" href="https-domain">Accès HTTPS par DNS</a></h2>
+Des pages HTML, accessible directement, par un nom de domaine
+<br>
+<h2><a class="htButton" href="le">Installer un certificat Let's Encrypt sur un domaine</a></h2>
 
 <?php require "../bottom.inc.php"; ?>

ht/onion.php

@@ -1,52 +0,0 @@
-<?php require "../top.inc.php"; ?>
-    <p>
-      Ajouter un accès en .onion sur un dossier
-    </p>
-
-    <form method="post">
-      <label for="dir">Dossier ciblé</label><br>
-      <input required="" id="dir" name="dir" type="text"><br>
-      <input value="Valider" type="submit">
-    </form>
-
-    <?php
-
-    if (isset($_POST['dir']) AND isset($_SESSION['username'])) {
-
-      // Generate a .onion address
-      $torConf = file_get_contents("/etc/tor/torrc");
-      $torConf = $torConf . "\nHiddenServiceDir /var/lib/tor/niver/" . $_POST['dir'] . "/\nHiddenServicePort 80 [::1]:80";
-      file_put_contents("/etc/tor/torrc", $torConf);
-
-      exec("sudo -u root /root/maniver/target/debug/maniver reload-tor", $output1);
-      echo "<pre>";
-      print_r($output1);
-      echo "</pre>";
-      sleep(3);
-
-      exec("sudo -u root /root/maniver/target/debug/maniver export-tor " . $_SESSION['username'] . " " . $_POST['dir'], $output2);
-      echo "<pre>";
-      print_r($output2);
-      echo "</pre>";
-      sleep(3);
-
-      // Add this address to Nginx
-      $onion = file_get_contents("/srv/hyper/" . $_SESSION['username'] . "/hyper/" . $_POST['dir'] . "/hostname");
-      $onion = str_replace(array("\r","\n"), "", $onion);
-      echo "START" . $onion . "STOP";
-      $nginxConf = file_get_contents("/etc/nginx/hyper.d/onion.template");
-      $nginxConf = preg_replace("#DOMAIN#", $onion, $nginxConf);
-      $nginxConf = preg_replace("#DIR#", $_POST['dir'], $nginxConf);
-      $nginxConf = preg_replace("#USER#", $_SESSION['username'], $nginxConf);
-      file_put_contents("/etc/nginx/hyper.d/" . $_POST['dir'] . ".conf", $nginxConf);
-
-      exec("sudo /root/maniver/target/debug/maniver reload-nginx");
-
-      echo "Formulaire traité !!";
-    } else {
-      echo "Rien n'a été reçu lors du dernier chargement";
-    }
-
-    ?>
-
-<?php require "../bottom.inc.php"; ?>

ht/sftp.php

@@ -26,28 +26,25 @@ if ($_SESSION['sftp_enabled'] == false) { ?>
 } else if ($_SESSION['sftp_enabled'] == true) { ?>
 
     <br>
-    Voici les différentes données que vous devrez indiquer à votre client SFTP pour vous connecter :
-    <br>
+    Indiquez les données ci-dessous à votre client SFPT pour accéder à vos sites.
+    <br><br>
     Utilisateurice : <code><?= $_SESSION['username'] ?></code>
     <br>
     Mot de passe : celui que vous avez définit lors de l'activation de l'accès SFTP
     <br>
-    Serveur : <code>45.13.104.169</code>
+    Serveur : <code>sftp.niver.atope.art</code>
     <br>
     Port : <code>22</code>
     <br>
     Dossier : <code>/</code>
     <br><br>
+    <a href="sftp://<?= $_SESSION['username'] ?>@sftp.niver.atope.art/">sftp://<?= $_SESSION['username'] ?>@sftp.niver.atope.art/</a>
+    <br><br>
     SHA-256 des clés du serveur :
     <br>Ed25519 : <code>MHwU49oafgq4jY6whUy2INWHMrs+uz4A0j+gsQEgho8</code>
     <br>RSA : <code>6wWSPLxqns4ZKtnqzv7ch3k/R2ztPgDiCr4c0B/I/mw</code>
     <br>ECDSA : <code>XMwGgdngT+MZPlndX7rB9CchjPRiJD3SPHKj18qYcPA</code>
-    <br>N'acceptez pas la connexion si elles ne correspondent pas !
-
-    <br><br>
-    <a href="sftp://<?= $_SESSION['username'] ?>;fingerprint=SHA256-MHwU49oafgq4jY6whUy2INWHMrs+uz4A0j+gsQEgho8@45.13.104.169:22/">Lien</a>
-    <!-- sftp://[<user>[;fingerprint=<host-key fingerprint>]@]<host>[:<port>]/<path>/<file> -->
-
+    <br>N'acceptez la connexion que si votre client vous montre les mêmes !
 
     <br>
 <?php

less/main.less

@@ -8,8 +8,13 @@ html {
   line-height: @fontSize + 6%;
 }
 
+h1 {
+  font-size: @fontSize + 25px;
+  line-height: @fontSize + 30px
+}
+
 body {
-  font-family: system-ui;
+  font-family: system-ui, sans-serif;
   font-size: @fontSize;
   margin-left: 20%;
   margin-right: 20%;

nic/index.php

@@ -1,13 +1,15 @@
 <?php include "../top.inc.php"; ?>
-    <p>
-      Ce site a pour but de permettre la création de sous-domaines d'atope.art par n'importe qui.
-      <br>
-      <a class="nicButton" href="register">Enregitrer un nouveau nom de domaine</a>
-      <br>
-      <a class="nicButton" href="ns">NS (Name Server)</a>
-      <br>
-      <a class="nicButton" href="glue">Glue Record</a>
-      <br>
-      <a class="nicButton" href="ds">DS (Delegation Signer)</a>
-    </p>
+
+<h2><a class="nicButton" href="register">Enregitrer un nouveau nom de domaine</a></h2>
+Prendre possession d'un sous-domaine d'atope.art
+<br>
+<h2><a class="nicButton" href="ns">NS (Name Server)</a></h2>
+Indiquer les serveurs de noms de son sous-domaine d'atope.art
+<br>
+<h2><a class="nicButton" href="glue">Glue Record</a></h2>
+Indiquer les IP de ses serveurs de noms de son sous-domaine d'atope.art dont les adresses se trouvent sur ce même sous-domaine
+<br>
+<h2><a class="nicButton" href="ds">DS (Delegation Signer)</a></h2>
+Déléguer la confiance DNSSEC
+
 <?php include "../bottom.inc.php"; ?>

nic/register.php

@@ -17,12 +17,14 @@
         <optgroup label="Personnels">
           <option value=".perso.atope.art.">.perso.atope.art.</option>
           <option value=".blog.atope.art.">.blog.atope.art.</option>
+          <option value=".gemlog.atope.art.">.gemlog.atope.art.</option>
           <option value=".me.atope.art.">.me.atope.art.</option>
         </optgroup>
         <optgroup label="Connaissance">
           <option value=".edu.atope.art.">.edu.atope.art.</option>
           <option value=".info.atope.art.">.info.atope.art.</option>
           <option value=".wiki.atope.art.">.wiki.atope.art.</option>
+          <option value=".sci.atope.art.">.sci.atope.art.</option>
         </optgroup>
         <optgroup label="Politique">
           <option value=".pol.atope.art.">.pol.atope.art.</option>
@@ -30,6 +32,7 @@
           <option value=".fem.atope.art.">.fem.atope.art.</option>
           <option value=".eco.atope.art.">.eco.atope.art.</option>
           <option value=".veg.atope.art.">.veg.atope.art.</option>
+          <option value=".bio.atope.art.">.bio.atope.art.</option>
           <option value=".anar.atope.art.">.anar.atope.art.</option>
           <option value=".ancom.atope.art.">.ancom.atope.art.</option>
           <option value=".acab.atope.art.">.acab.atope.art.</option>
@@ -72,19 +75,13 @@
           <option value=".pix.atope.art.">.pix.atope.art.</option>
           <option value=".mobi.atope.art.">.mobi.atope.art.</option>
         </optgroup>
-        <optgroup label="Sciences">
-          <option value=".sci.atope.art.">.sci.atope.art.</option>
-          <option value=".bio.atope.art.">.bio.atope.art.</option>
-          <option value=".draw.atope.art.">.draw.atope.art.</option>
-          <option value=".ink.atope.art.">.ink.atope.art.</option>
-          <option value=".audio.atope.art.">.audio.atope.art.</option>
-        </optgroup>
         <optgroup label="Arts">
           <option value=".art.atope.art.">.art.atope.art.</option>
           <option value=".music.atope.art.">.music.atope.art.</option>
           <option value=".video.atope.art.">.video.atope.art.</option>
           <option value=".draw.atope.art.">.draw.atope.art.</option>
           <option value=".audio.atope.art.">.audio.atope.art.</option>
+          <option value=".ink.atope.art.">.ink.atope.art.</option>
         </optgroup>
         <optgroup label="Neurodiversité">
           <option value=".na.atope.art.">.na.atope.art.</option>
@@ -119,6 +116,9 @@
           <option value=".soft.atope.art.">.soft.atope.art.</option>
           <option value=".cute.atope.art.">.cute.atope.art.</option>
           <option value=".cutie.atope.art.">.cutie.atope.art.</option>
+          <option value=".fun.atope.art.">.fun.atope.art.</option>
+          <option value=".play.atope.art.">.play.atope.art.</option>
+          <option value=".game.atope.art.">.game.atope.art.</option>
         </optgroup>
 
       </select>

niver.log

@@ -1,21 +1,14 @@
-2021-01-20 19:46:52
-  status: exit code: 9
-  stdout:
-  stderr: useradd: user 'coute' already exists
-  2021-01-20 20:23:11
-  2021-01-20 20:23:14
-  2021-01-20 20:23:50
-  status: exit code: 0
-  stdout:
-  stderr:
-  sent username:password to chpasswd
-  chpasswd responded with:
-  status: exit code: 0
-  stdout:
-  stderr:
-  status: exit code: 0
-  stdout:
-  stderr:
-  status: exit code: 0
-  stdout:
-  stderr:
+
+1613496551 Tor reloaded by carafe
+
+1613496551 Tor data exported by carafe
+ status: exit code: 0
+ stdout:
+ stderr:
+
+2021-02-16 18:31:23 Tor reloaded by carafe
+
+2021-02-16 18:31:23 Tor data exported by carafe
+ status: exit code: 0
+ stdout:
+ stderr:

pages.inc.php

@@ -2,11 +2,11 @@
 if (strpos($_SERVER['PHP_SELF'], "inc.php") !== false)
   exit("This file is meant to be included.");
 
-switch ($service) {
+switch (SERVICE) {
 
-  case $prefixURL . "/ns":
+  case "ns":
     $page['service'] = "Serveur de noms";
-    switch ($address) {
+    switch (PAGE) {
       case "index":
         $page['title'] = "Accueil";
       break;
@@ -31,9 +31,9 @@ switch ($service) {
     }
   break;
 
-  case $prefixURL . "/nic":
+  case "nic":
     $page['service'] = "Registre";
-    switch ($address) {
+    switch (PAGE) {
       case "index":
         $page['title'] = "Accueil";
       break;
@@ -52,9 +52,9 @@ switch ($service) {
     }
   break;
 
-  case $prefixURL . "/auth":
+  case "auth":
     $page['service'] = "Authentification";
-    switch ($address) {
+    switch (PAGE) {
       case "index":
         $page['title'] = "Accueil";
       break;
@@ -70,17 +70,17 @@ switch ($service) {
     }
   break;
 
-  case $prefixURL . "/ht":
+  case "ht":
     $page['service'] = "Hypertexte";
-    switch ($address) {
+    switch (PAGE) {
       case "mkdir":
         $page['title'] = "Créer un dossier de site";
       break;
-      case "onion":
-        $page['title'] = "Créer un accès en .onion";
+      case "http-onion":
+        $page['title'] = "Accès HTTP en .onion";
       break;
-      case "domain":
-        $page['title'] = "Ajouter un accès par domaine";
+      case "https-domain":
+        $page['title'] = "Accès HTTPS par domaine";
       break;
       case "le":
         $page['title'] = "Installer un certificat Let's Encrypt";
@@ -94,8 +94,8 @@ switch ($service) {
     }
   break;
 
-  case $prefixURL . "":
-    switch ($address) {
+  case "":
+    switch (PAGE) {
       case "index":
         $page['title'] = "Accueil";
       break;

top.inc.php

@@ -8,24 +8,27 @@ session_start([
   'cookie_secure' => true,
   'cookie_httponly' => true,
   'cookie_samesite' => 'Strict',
+  'cookie_lifetime' => 604800,
   'gc_maxlifetime' => 604800,
+  'use_strict_mode' => true,
+  'use_cookies' => true,
+  'use_only_cookies' => true,
 ]);
 
-define("USERNAME_REGEX", "[a-z]{4,32}");
+define("USERNAME_REGEX", "^[a-z]{4,32}$");
 define("PASSWORD_REGEX", "^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])[a-zA-Z0-9]{8,1024}|.{10,1024}$");
 
-$prefixURL = "/capuche";
-$rootPath = "/var/www/niver" . $prefixURL;
+define("PREFIX", "/malaxe");
+define("SERVICE", substr(dirname($_SERVER['PHP_SELF']), strlen(PREFIX) + 1));
+define("ROOT_PATH", "/var/www/niver" . PREFIX);
+define("PAGE", basename($_SERVER['PHP_SELF'], '.php'));
 
-$address = basename($_SERVER['PHP_SELF'], '.php');
-$service = dirname($_SERVER['PHP_SELF']);
-
-if ($service != $prefixURL . "/auth" AND !isset($_SESSION['username'])) {
-  header('Location: ' . $prefixURL . '/auth/');
+if (SERVICE != "auth" AND !isset($_SESSION['username'])) {
+  header('Location: ' . PREFIX . '/auth/login?redir=' . SERVICE . "/" . PAGE);
   exit;
 }
 
-define("DB_PATH", $rootPath . "/db/auth.db");
+define("DB_PATH", ROOT_PATH . "/db/auth.db");
 $dbPath = DB_PATH;
 
 $theme = array(
@@ -37,20 +40,21 @@ $theme = array(
   'darkColor' => '#2a2a2a',
 );
 
-switch ($service) {
-  case $prefixURL . "/ht":
+switch (SERVICE) {
+  case "ht":
+    require "ht/ht.fn.inc.php";
     $theme = array('mainColor' => $theme['htColor']) + $theme;
   break;
-  case $prefixURL . "/nic":
+  case "nic":
     $theme = array('mainColor' => $theme['nicColor']) + $theme;
   break;
-  case $prefixURL . "/auth":
+  case "auth":
     $theme = array('mainColor' => $theme['authColor']) + $theme;
   break;
-  case $prefixURL . "":
+  case "":
     $theme = array('mainColor' => $theme['authColor']) + $theme;
   break;
-  case $prefixURL . "/ns":
+  case "ns":
     $theme = array('mainColor' => $theme['nsColor']) + $theme;
   break;
 }
@@ -61,14 +65,14 @@ require "fn.inc.php";
 require_once 'lessphp/lib/Less/Autoloader.php';
 Less_Autoloader::register();
 
-$relativeLessFiles = array_diff(scandir($rootPath . "/less"), array('..', '.'));
+$relativeLessFiles = array_diff(scandir(ROOT_PATH . "/less"), array('..', '.'));
 $relativeLessFiles = array_flip($relativeLessFiles);
 
 foreach ($relativeLessFiles as $relativeLessFile => $nothing) {
-  $absoluteLessFiles[$rootPath . "/less/" . $relativeLessFile] = "";
+  $absoluteLessFiles[ROOT_PATH . "/less/" . $relativeLessFile] = "";
 }
 
-$options = array('cache_dir' => $rootPath . '/css/'); //, 'compress' => true
+$options = array('cache_dir' => ROOT_PATH . '/css/'); //, 'compress' => true
 $cssFileName = Less_Cache::Get($absoluteLessFiles, $options, $theme);
 
 ?>
@@ -76,7 +80,7 @@ $cssFileName = Less_Cache::Get($absoluteLessFiles, $options, $theme);
 <html lang="fr">
   <head>
     <title><?php if ($page['title'] != "Accueil") echo $page['title'] . " · "; ?><?php if (isset($page['service'])) { echo $page['service'] . " · "; } ?>Atope</title>
-    <link type="text/css" rel="stylesheet" href="<?= $prefixURL ?>/css/<?= $cssFileName ?>">
+    <link type="text/css" rel="stylesheet" href="<?= PREFIX ?>/css/<?= $cssFileName ?>">
     <meta name="viewport" content="width=device-width, initial-scale=1">
   </head>
 
@@ -87,7 +91,7 @@ $cssFileName = Less_Cache::Get($absoluteLessFiles, $options, $theme);
         $page['service'] = "Atope";
       } ?>
       <nav>
-        <a href="<?= $prefixURL ?>">Niver</a> > <a href="./"><?= $page['service'] ?></a> > <?= $page['title'] ?>
+        <a href="<?= PREFIX ?>">Niver</a> > <a href="./"><?= $page['service'] ?></a> > <?= $page['title'] ?>
       </nav>
 
       <h1><?= $page['title'] ?></h1>