beenull/servnest
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use single quotes instead of double quotes

Browse source
This commit is contained in:
Miraty 2022-11-20 15:11:54 +01:00
parent 109bc4134b
commit 18d976217b
39 changed files with 176 additions and 202 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -12,7 +12,7 @@ Niver is a set of 3 network services:
## Status
I plan to create and maintain a public stable instance of Niver, but I haven't done so yet. Thus Niver is not yet tested with real world and long-term usages, and **should be considered alpha software**.
I plan to create and maintain a public stable instance of Niver, but I haven't done so yet. Thus Niver is not yet tested with real world and long-term usages, and is **alpha software**.
## Detailed features

14
fn/auth.php
View file

@ -9,18 +9,18 @@ const PLACEHOLDER_PASSWORD = '••••••••••••••••
// Password storage security
const ALGO_PASSWORD = PASSWORD_ARGON2ID;
const OPTIONS_PASSWORD = [
"memory_cost" => 65536,
"time_cost" => 4,
"threads" => 64,
'memory_cost' => 65536,
'time_cost' => 4,
'threads' => 64,
];
function checkPasswordFormat($password) {
if (preg_match("/" . PASSWORD_REGEX . "/u", $password) !== 1)
if (preg_match('/' . PASSWORD_REGEX . '/u', $password) !== 1)
output(403, 'Password malformed.');
}
function checkUsernameFormat($username) {
if (preg_match("/" . USERNAME_REGEX . "/u", $username) !== 1)
if (preg_match('/' . USERNAME_REGEX . '/u', $username) !== 1)
output(403, 'Username malformed.');
}
@ -43,7 +43,7 @@ function outdatedPasswordHash($username) {
function changePassword($username, $password) {
$db = new PDO('sqlite:' . DB_PATH);
$stmt = $db->prepare("UPDATE users SET password = :password WHERE username = :username");
$stmt = $db->prepare('UPDATE users SET password = :password WHERE username = :username');
$stmt->bindValue(':username', $username);
$stmt->bindValue(':password', hashPassword($password));
@ -75,7 +75,7 @@ function rateLimitAccount($requestedTokens) {
// Update
$db = new PDO('sqlite:' . DB_PATH);
$stmt = $db->prepare("UPDATE users SET bucket_tokens = :bucket_tokens, bucket_last_update = :bucket_last_update WHERE username = :username");
$stmt = $db->prepare('UPDATE users SET bucket_tokens = :bucket_tokens, bucket_last_update = :bucket_last_update WHERE username = :username');
$stmt->bindValue(':username', $_SESSION['username']);
$stmt->bindValue(':bucket_tokens', $tokens);
$stmt->bindValue(':bucket_last_update', time());

14
fn/common.php
View file

@ -6,13 +6,13 @@ function output($code, $msg = '', $logs = ['']) {
global $final_message;
$shortCode = $code / 100 % 10;
$final_message = match ($shortCode) {
2 => ($msg === '') ? '' : "<p><output><strong>Succès</strong> : <em>" . $msg . "</em></output></p>\n",
4 => "<p><output><strong>Erreur utilisataire</strong> : <em>" . $msg . "</em></output></p>\n",
5 => "<p><output><strong>Server error</strong>: The server encountered an error: <em>" . $msg . "</em></output></p>\n",
2 => ($msg === '') ? '' : '<p><output><strong>Succès</strong> : <em>' . $msg . '</em></output></p>' . LF,
4 => '<p><output><strong>Erreur utilisataire</strong> : <em>' . $msg . '</em></output></p>' . LF,
5 => '<p><output><strong>Server error</strong>: The server encountered an error: <em>' . $msg . '</em></output></p>' . LF,
};
http_response_code($code);
if ($shortCode === 5)
error_log("Niver internal error: " . strip_tags($msg) . implode("\n", $logs));
error_log('Niver internal error: ' . strip_tags($msg) . implode(LF, $logs));
if ($code !== 200)
executePage();
}
@ -39,14 +39,14 @@ function insert($table, $values) {
$query .= "$key, ";
}
$query .= ") VALUES(";
$query .= ') VALUES(';
foreach ($values as $key => $val) {
if ($key === array_key_last($values))
$query .= ":$key";
else
$query .= ":$key, ";
}
$query .= ")";
$query .= ')';
$db = new PDO('sqlite:' . DB_PATH);
@ -65,7 +65,7 @@ function query($action, $table, $conditions = [], $column = NULL) {
'delete' => 'DELETE',
};
$query .= " FROM $table";
$query .= ' FROM ' . $table;
foreach ($conditions as $key => $val) {
if ($key === array_key_first($conditions))

26
fn/dns.php
View file

@ -1,21 +1,21 @@
<?php
function knotcConfExec($cmds) {
exec(CONF['dns']['knotc_path'] . " conf-begin", $output['begin'], $code['begin']);
exec(CONF['dns']['knotc_path'] . ' conf-begin', $output['begin'], $code['begin']);
if ($code['begin'] !== 0)
output(500, 'knotcConfExec: <code>knotc</code> failed with exit code <samp>' . $code['begin'] . '</samp>: <samp>' . $output['begin'][0] . '</samp>.');
foreach ($cmds as $cmd) {
exec(CONF['dns']['knotc_path'] . " conf-" . $cmd, $output['op'], $code['op']);
exec(CONF['dns']['knotc_path'] . ' conf-' . $cmd, $output['op'], $code['op']);
if ($code['op'] !== 0) {
exec(CONF['dns']['knotc_path'] . " conf-abort");
exec(CONF['dns']['knotc_path'] . ' conf-abort');
output(500, 'knotcConfExec: <code>knotc</code> failed with exit code <samp>' . $code['op'] . '</samp>: <samp>' . $output['op'][0] . '</samp>.');
}
}
exec(CONF['dns']['knotc_path'] . " conf-commit", $output['commit'], $code['commit']);
exec(CONF['dns']['knotc_path'] . ' conf-commit', $output['commit'], $code['commit']);
if ($code['commit'] !== 0) {
exec(CONF['dns']['knotc_path'] . " conf-abort");
exec(CONF['dns']['knotc_path'] . ' conf-abort');
output(500, 'knotcConfExec: <code>knotc</code> failed with exit code <samp>' . $code['commit'] . '</samp>: <samp>' . $output['commit'][0] . '</samp>.');
}
}
@ -23,34 +23,34 @@ function knotcConfExec($cmds) {
function knotcZoneExec($zone, $cmd) {
$action = checkAction($_POST['action']);
exec(CONF['dns']['knotc_path'] . " zone-begin " . $zone, $output['begin'], $code['begin']);
exec(CONF['dns']['knotc_path'] . ' zone-begin ' . $zone, $output['begin'], $code['begin']);
if ($code['begin'] !== 0)
output(500, 'knotcZoneExec: <code>knotc</code> failed with exit code <samp>' . $code['begin'] . '</samp>: <samp>' . $output['begin'][0] . '</samp>.');
exec(CONF['dns']['knotc_path'] . " zone-" . $action . "set " . $zone . " " . implode(" ", $cmd), $output['op'], $code['op']);
exec(CONF['dns']['knotc_path'] . ' zone-' . $action . 'set ' . $zone . ' ' . implode(' ', $cmd), $output['op'], $code['op']);
if ($code['op'] !== 0) {
exec(CONF['dns']['knotc_path'] . " zone-abort " . $zone);
exec(CONF['dns']['knotc_path'] . ' zone-abort ' . $zone);
output(500, 'knotcZoneExec: <code>knotc</code> failed with exit code <samp>' . $code['op'] . '</samp>: <samp>' . $output['op'][0] . '</samp>.');
}
exec(CONF['dns']['knotc_path'] . " zone-commit " . $zone, $output['commit'], $code['commit']);
exec(CONF['dns']['knotc_path'] . ' zone-commit ' . $zone, $output['commit'], $code['commit']);
if ($code['commit'] !== 0) {
exec(CONF['dns']['knotc_path'] . " zone-abort " . $zone);
exec(CONF['dns']['knotc_path'] . ' zone-abort ' . $zone);
output(500, 'knotcZoneExec: <code>knotc</code> failed with exit code <samp>' . $code['commit'] . '</samp>: <samp>' . $output['commit'][0] . '</samp>.');
}
}
function checkIpFormat($ip) {
if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4))
return "A";
return 'A';
if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6))
return "AAAA";
return 'AAAA';
output(403, 'IP address malformed.');
}
function checkAbsoluteDomainFormat($domain) {
// If the domain must end with a dot
if (!filter_var($domain, FILTER_VALIDATE_DOMAIN) OR !preg_match("/^([a-z0-9_-]{1,63}\.){2,127}$/", $domain))
if (!filter_var($domain, FILTER_VALIDATE_DOMAIN) OR !preg_match('/^([a-z0-9_-]{1,63}\.){2,127}$/', $domain))
output(403, 'Domain malformed.');
}

10
fn/ht.php
View file

@ -2,7 +2,7 @@
function checkDomainFormat($domain) {
// If the domain must end without a dot
if (!filter_var($domain, FILTER_VALIDATE_DOMAIN) OR !preg_match("/^([a-z0-9_-]{1,63}\.){1,126}[a-z0-9]{1,63}$/", $domain))
if (!filter_var($domain, FILTER_VALIDATE_DOMAIN) OR !preg_match('/^([a-z0-9_-]{1,63}\.){1,126}[a-z0-9]{1,63}$/', $domain))
output(403, 'Domain malformed.');
}
@ -13,7 +13,7 @@ function formatDomain($domain) {
}
function listFsDirs($username) {
$absoluteDirs = glob(CONF['ht']['ht_path'] . "/" . $username . "/*/", GLOB_ONLYDIR);
$absoluteDirs = glob(CONF['ht']['ht_path'] . '/' . $username . '/*/', GLOB_ONLYDIR);
$dirs = [];
foreach ($absoluteDirs as $absoluteDir)
if (preg_match('/^[\p{L}\p{N}_-]{1,64}$/u', basename($absoluteDir)))
@ -28,7 +28,7 @@ function addSite($username, $siteDir, $domain, $domainType, $protocol) {
'domain' => $domain,
'domain_type' => $domainType,
'protocol' => $protocol,
'creation_date' => date("Y-m-d H:i:s"),
'creation_date' => date('Y-m-d H:i:s'),
]);
}
@ -52,7 +52,7 @@ function htDeleteSite($dir, $domainType, $protocol) {
output(500, 'Failed to delete Tor configuration.');
// Reload Tor
exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['systemctl_path'] . " reload " . CONF['ht']['tor_service'], $output, $code);
exec(CONF['ht']['sudo_path'] . ' ' . CONF['ht']['systemctl_path'] . ' reload ' . CONF['ht']['tor_service'], $output, $code);
if ($code !== 0)
output(500, 'Failed to reload Tor.');
@ -79,7 +79,7 @@ function htDeleteSite($dir, $domainType, $protocol) {
if ($domainType === 'dns') {
// Delete Let's Encrypt certificate
exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['certbot_path'] . " delete --quiet --cert-name " . $domain, $output, $code);
exec(CONF['ht']['sudo_path'] . ' ' . CONF['ht']['certbot_path'] . ' delete --quiet --cert-name ' . $domain, $output, $code);
if ($code !== 0)
output(500, 'Certbot failed to delete the Let\'s Encrypt certificate.');
}

2
fn/ns.php
View file

@ -64,7 +64,7 @@ function nsDeleteZone($zone) {
output(500, 'Failed to remove Knot zone file.');
// Remove Knot related data
exec(CONF['dns']['knotc_path'] . " zone-purge " . $zone);
exec(CONF['dns']['knotc_path'] . ' zone-purge ' . $zone);
// Remove from database
query('delete', 'zones', [

2
fn/reg.php
View file

@ -14,7 +14,7 @@ function regDeleteDomain($domain) {
$regFile = file_get_contents(CONF['reg']['registry_file']);
if ($regFile === false)
output(500, 'Failed to read current registry File.');
$regFile = preg_replace("#[^\n]{0,1024}" . $domain . " {0,1024}[^\n]{0,1024}\n#", "", $regFile);
$regFile = preg_replace('/[^\n]{0,1024}' . $domain . ' {0,1024}[^\n]{0,1024}\n/', '', $regFile);
if (file_put_contents(CONF['reg']['registry_file'], $regFile) === false)
output(500, 'Failed to write new registry file.');

10
pages/auth/register.php
View file

@ -13,7 +13,7 @@ if (processForm(false)) {
insert('users', [
'username' => $_POST['username'],
'password' => hashPassword($_POST['password']),
'registration_date' => date("Y-m-d H:i:s"),
'registration_date' => date('Y-m-d H:i:s'),
'bucket_tokens' => 0,
'bucket_last_update' => 0,
'type' => 'testing',
@ -21,18 +21,18 @@ if (processForm(false)) {
// Setup SFTP directory
umask(0002);
if (mkdir(CONF['ht']['ht_path'] . "/" . $_POST['username'], 0775) !== true)
if (mkdir(CONF['ht']['ht_path'] . '/' . $_POST['username'], 0775) !== true)
output(500, 'Can\'t create user directory.');
exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['chgrp_path'] . " " . CONF['ht']['sftpgo_group'] . " " . CONF['ht']['ht_path'] . "/" . $_POST['username'] . " --no-dereference", result_code: $code);
exec(CONF['ht']['sudo_path'] . ' ' . CONF['ht']['chgrp_path'] . ' ' . CONF['ht']['sftpgo_group'] . ' ' . CONF['ht']['ht_path'] . '/' . $_POST['username'] . ' --no-dereference', result_code: $code);
if ($code !== 0)
output(500, 'Can\'t change user directory group.');
// Setup Tor config directory
if (mkdir(CONF['ht']['tor_config_path'] . "/" . $_POST['username'], 0755) !== true)
if (mkdir(CONF['ht']['tor_config_path'] . '/' . $_POST['username'], 0755) !== true)
output(500, 'Can\'t create Tor config directory.');
// Setup Tor keys directory
exec(CONF['ht']['sudo_path'] . " -u " . CONF['ht']['tor_user'] . " " . CONF['ht']['mkdir_path'] . " --mode=0700 " . CONF['ht']['tor_keys_path'] . "/" . $_POST['username'], result_code: $code);
exec(CONF['ht']['sudo_path'] . ' -u ' . CONF['ht']['tor_user'] . ' ' . CONF['ht']['mkdir_path'] . ' --mode=0700 ' . CONF['ht']['tor_keys_path'] . '/' . $_POST['username'], result_code: $code);
if ($code !== 0)
output(500, 'Can\'t create Tor keys directory.');

4
pages/auth/unregister.php
View file

@ -24,7 +24,7 @@ if (processForm()) {
], 'site_dir') as $dir)
htDeleteSite($dir, domainType: 'dns', protocol: 'http');
exec(CONF['ht']['sudo_path'] . " -u " . CONF['ht']['tor_user'] . " " . CONF['ht']['rm_path'] . " --recursive " . CONF['ht']['tor_keys_path'] . "/" . $_SESSION['username'], result_code: $code);
exec(CONF['ht']['sudo_path'] . ' -u ' . CONF['ht']['tor_user'] . ' ' . CONF['ht']['rm_path'] . ' --recursive ' . CONF['ht']['tor_keys_path'] . '/' . $_SESSION['username'], result_code: $code);
if ($code !== 0)
output(500, 'Can\'t remove Tor keys directory.');
@ -36,7 +36,7 @@ if (processForm()) {
query('delete', 'users', ['username' => $_SESSION['username']]);
require "logout.php";
require 'logout.php';
output(200, 'Compte supprimé.');
}

14
pages/ht/add-http-dns.php
View file

@ -1,7 +1,7 @@
<?php
if (isset($_SESSION['username']))
$dirsStatuses = dirsStatuses($_SESSION['username'], "dns", "http");
$dirsStatuses = dirsStatuses($_SESSION['username'], 'dns', 'http');
else
$dirsStatuses = [];
@ -29,14 +29,14 @@ if (processForm()) {
$remoteTXTRecords = dns_get_record($_POST['domain'], DNS_TXT);
if (is_array($remoteTXTRecords) !== true)
output(500, 'Erreur lors de la récupération de l\'enregistrement TXT.');
if (preg_match('/\nauth-owner=([0-9a-f]{8})-([0-9a-f]{32})\n/', "\n" . implode("\n", array_column($remoteTXTRecords, 'txt')) . "\n", $matches) !== 1)
if (preg_match('/^auth-owner=([0-9a-f]{8})-([0-9a-f]{32})$/m', implode(LF, array_column($remoteTXTRecords, 'txt')), $matches) !== 1)
output(403, 'Aucun enregistrement TXT au format correct trouvé.');
checkAuthToken($matches[1], $matches[2]);
rateLimit();
addSite($_SESSION['username'], $_POST['dir'], $_POST['domain'], "dns", "http");
addSite($_SESSION['username'], $_POST['dir'], $_POST['domain'], 'dns', 'http');
exec('2>&1 ' . CONF['ht']['sudo_path'] . ' ' . CONF['ht']['certbot_path'] . ' certonly' . (($_SESSION['type'] === 'trusted') ? '' : ' --test-cert') . ' --key-type rsa --rsa-key-size 3072 --webroot --webroot-path /srv/niver/acme --domain ' . $_POST['domain'], $output, $returnCode);
if ($returnCode !== 0)
@ -54,11 +54,11 @@ if (processForm()) {
include inc/ht-tls.conf;
}
';
if (file_put_contents(CONF['ht']['nginx_config_path'] . "/" . $_POST['domain'] . ".conf", $nginxConf) === false)
if (file_put_contents(CONF['ht']['nginx_config_path'] . '/' . $_POST['domain'] . '.conf', $nginxConf) === false)
output(500, 'Failed to write Nginx configuration.');
// Reload Nginx
exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['systemctl_path'] . " reload nginx", result_code: $code);
exec(CONF['ht']['sudo_path'] . ' ' . CONF['ht']['systemctl_path'] . ' reload nginx', result_code: $code);
if ($code !== 0)
output(500, 'Failed to reload Nginx.');
@ -99,10 +99,8 @@ $proof = getAuthToken();
<select required="" name="dir" id="dir">
<option value="" disabled="" selected="">---</option>
<?php
foreach ($dirsStatuses as $dir => $alreadyEnabled)
echo ' <option' . ($alreadyEnabled ? ' disabled=""' : '') . ' value="' . $dir . '">' . $dir . '</option>' . "\n";
echo ' <option' . ($alreadyEnabled ? ' disabled=""' : '') . ' value="' . $dir . '">' . $dir . '</option>' . LF;
?>
</select>
<br>

28
pages/ht/add-http-onion.php
View file

@ -1,7 +1,7 @@
<?php
if (isset($_SESSION['username']))
$dirsStatuses = dirsStatuses($_SESSION['username'], "onion", "http");
$dirsStatuses = dirsStatuses($_SESSION['username'], 'onion', 'http');
else
$dirsStatuses = [];
@ -12,25 +12,25 @@ if (processForm()) {
rateLimit();
// Add Tor config
$torConf = "HiddenServiceDir " . CONF['ht']['tor_keys_path'] . "/" . $_SESSION['username'] . "/" . $_POST['dir'] . "/
HiddenServicePort 80 [::1]:" . CONF['ht']['internal_onion_http_port'] . "
";
$torConf = 'HiddenServiceDir ' . CONF['ht']['tor_keys_path'] . '/' . $_SESSION['username'] . '/' . $_POST['dir'] . '/
HiddenServicePort 80 [::1]:' . CONF['ht']['internal_onion_http_port'] . '
';
if (file_put_contents(CONF['ht']['tor_config_path'] . '/' . $_SESSION['username'] . '/' . $_POST['dir'], $torConf) === false)
output(500, 'Failed to write new Tor configuration.');
// Reload Tor
exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['systemctl_path'] . " reload " . CONF['ht']['tor_service'], $output, $code);
exec(CONF['ht']['sudo_path'] . ' ' . CONF['ht']['systemctl_path'] . ' reload ' . CONF['ht']['tor_service'], $output, $code);
if ($code !== 0)
output(500, 'Failed to reload Tor.');
// Get the address generated by Tor
exec(CONF['ht']['sudo_path'] . ' -u ' . CONF['ht']['tor_user'] . ' ' . CONF['ht']['cat_path'] . ' ' . CONF['ht']['tor_keys_path'] . '/' . $_SESSION['username'] . '/' . $_POST['dir'] . '/hostname', $output);
$onion = $output[0];
if (preg_match("/[0-9a-z]{56}\.onion/", $onion) !== 1)
if (preg_match('/[0-9a-z]{56}\.onion/', $onion) !== 1)
output(500, 'No onion address found.');
// Store it in the database
addSite($_SESSION['username'], $_POST['dir'], $onion, "onion", "http");
addSite($_SESSION['username'], $_POST['dir'], $onion, 'onion', 'http');
// Add Nginx config
$nginxConf = 'server {
@ -41,11 +41,11 @@ if (processForm()) {
include inc/ht-onion.conf;
}
';
if (file_put_contents(CONF['ht']['nginx_config_path'] . "/" . $onion . ".conf", $nginxConf) === false)
if (file_put_contents(CONF['ht']['nginx_config_path'] . '/' . $onion . '.conf', $nginxConf) === false)
output(500, 'Failed to write Nginx configuration.');
// Reload Nginx
exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['systemctl_path'] . " reload nginx", result_code: $code);
exec(CONF['ht']['sudo_path'] . ' ' . CONF['ht']['systemctl_path'] . ' reload nginx', result_code: $code);
if ($code !== 0)
output(500, 'Failed to reload Nginx.');
@ -64,16 +64,10 @@ if (processForm()) {
<label for="dir">Dossier ciblé</label><br>
<select required="" name="dir" id="dir">
<option value="" disabled="" selected="">---</option>
<?php
foreach ($dirsStatuses as $dir => $alreadyEnabled) {
$disabled = $alreadyEnabled ? "disabled='' " : "";
echo " <option " . $disabled . "value='" . $dir . "'>" . $dir . "</option>";
}
foreach ($dirsStatuses as $dir => $alreadyEnabled)
echo ' <option' . ($alreadyEnabled ? ' disabled=""' : '') . ' value="' . $dir . '">' . $dir . '</option>' . LF;
?>
</select>
<br>
<input value="Valider" type="submit">

12
pages/ht/del-http-dns.php
View file

@ -1,7 +1,7 @@
<?php
if (isset($_SESSION['username']))
$dirsStatuses = dirsStatuses($_SESSION['username'], "dns", "http");
$dirsStatuses = dirsStatuses($_SESSION['username'], 'dns', 'http');
else
$dirsStatuses = [];
@ -24,16 +24,10 @@ if (processForm()) {
<label for="dir">Dossier ciblé</label><br>
<select required="" name="dir" id="dir">
<option value="" disabled="" selected="">---</option>
<?php
foreach ($dirsStatuses as $dir => $alreadyEnabled) {
$disabled = $alreadyEnabled ? "" : "disabled='' ";
echo " <option " . $disabled . "value='" . $dir . "'>" . $dir . "</option>\n";
}
foreach ($dirsStatuses as $dir => $alreadyEnabled)
echo ' <option' . ($alreadyEnabled ? '' : ' disabled=""') . ' value="' . $dir . '">' . $dir . '</option>' . LF;
?>
</select>
<br>
<input value="Valider" type="submit">

12
pages/ht/del-http-onion.php
View file

@ -1,7 +1,7 @@
<?php
if (isset($_SESSION['username']))
$dirsStatuses = dirsStatuses($_SESSION['username'], "onion", "http");
$dirsStatuses = dirsStatuses($_SESSION['username'], 'onion', 'http');
else
$dirsStatuses = [];
@ -24,16 +24,10 @@ if (processForm()) {
<label for="dir">Dossier ciblé</label><br>
<select required="" name="dir" id="dir">
<option value="" disabled="" selected="">---</option>
<?php
foreach ($dirsStatuses as $dir => $alreadyEnabled) {
$disabled = $alreadyEnabled ? "" : "disabled='' ";
echo " <option " . $disabled . "value='" . $dir . "'>" . $dir . "</option>\n";
}
foreach ($dirsStatuses as $dir => $alreadyEnabled)
echo ' <option' . ($alreadyEnabled ? '' : ' disabled=""') . ' value="' . $dir . '">' . $dir . '</option>' . LF;
?>
</select>
<br>
<input value="Valider" type="submit">

6
pages/ht/index.php
View file

@ -11,9 +11,9 @@
$sites = query('select', 'sites', ['username' => $_SESSION['username'] ?? '']);
if ($sites === [])
echo ' <p>Ce compte n\'héberge aucun site sur cette instance.<p>' . "\n";
echo ' <p>Ce compte n\'héberge aucun site sur cette instance.<p>' . LF;
else {
echo ' <dl>' . "\n";
echo ' <dl>' . LF;
foreach ($sites as $site) {
$url = 'http' . (($site['domain_type'] === 'onion') ? '' : 's') . '://' . $site['domain'] . '/';
?>
@ -23,7 +23,7 @@ else {
</dd>
<?php
}
echo ' </dl>' . "\n";
echo ' </dl>' . LF;
}
?>

8
pages/ns/caa.php
View file

@ -6,16 +6,16 @@ if (processForm()) {
if (!($_POST['flag'] >= 0 AND $_POST['flag'] <= 255))
output(403, 'Wrong value for <code>flag</code>.');
if (!(preg_match("/^[a-z]{1,127}$/", $_POST['tag'])))
if (!(preg_match('/^[a-z]{1,127}$/', $_POST['tag'])))
output(403, 'Wrong value for <code>tag</code>.');
if (!(preg_match("/^[a-z0-9.-]{1,255}$/", $_POST['value'])))
if (!(preg_match('/^[a-z0-9.-]{1,255}$/', $_POST['value'])))
output(403, 'Wrong value for <code>value</code>.');
knotcZoneExec($_POST['zone'], array(
$values['domain'],
$values['ttl'],
"CAA",
'CAA',
$_POST['flag'],
$_POST['tag'],
$_POST['value']
@ -32,7 +32,7 @@ if (processForm()) {
<form method="post">
<?php require "form.ns.php"; ?>
<?php require 'form.ns.php'; ?>
<br>
<label for="flag">Flag</label>

4
pages/ns/cname.php
View file

@ -8,7 +8,7 @@ if (processForm()) {
knotcZoneExec($_POST['zone'], array(
$values['domain'],
$values['ttl'],
"CNAME",
'CNAME',
$_POST['cname']
));
@ -22,7 +22,7 @@ if (processForm()) {
</p>
<form method="post">
<?php require "form.ns.php"; ?>
<?php require 'form.ns.php'; ?>
<br>
<label for="cname">Nom canonique</label>
<br>

4
pages/ns/dname.php
View file

@ -8,7 +8,7 @@ if (processForm()) {
knotcZoneExec($_POST['zone'], array(
$values['domain'],
$values['ttl'],
"DNAME",
'DNAME',
$_POST['dname']
));
@ -22,7 +22,7 @@ if (processForm()) {
</p>
<form method="post">
<?php require "form.ns.php"; ?>
<?php require 'form.ns.php'; ?>
<br>
<label for="dname">Nom délégué</label>
<br>

14
pages/ns/edit.php
View file

@ -11,7 +11,7 @@ if (processForm() AND isset($_POST['zone-content'])) { // Update zone
output(500, 'Unable to get current serial from zone file.');
// Generate new zone content
$new_zone_content = $matches['soa'] . "\n";
$new_zone_content = $matches['soa'] . LF;
if (strlen($_POST['zone-content']) > ZONE_MAX_CHARACTERS)
output(403, 'La zone n\'est pas autorisée à dépasser ' . ZONE_MAX_CHARACTERS . ' caractères.');
foreach (explode("\r\n", $_POST['zone-content']) as $line) {
@ -24,7 +24,7 @@ if (processForm() AND isset($_POST['zone-content'])) { // Update zone
output(403, 'Les TTLs inférieurs à ' . MIN_TTL . ' secondes ne sont pas autorisés.');
if ($matches['ttl'] !== '' AND $matches['ttl'] > MAX_TTL)
output(403, 'Les TTLs supérieurs à ' . MAX_TTL . ' secondes ne sont pas autorisés.');
$new_zone_content .= $matches['domain'] . ' ' . (($matches['ttl'] === '') ? DEFAULT_TTL : $matches['ttl']) . ' ' . $matches['type'] . ' ' . $matches['value'] . "\n";
$new_zone_content .= $matches['domain'] . ' ' . (($matches['ttl'] === '') ? DEFAULT_TTL : $matches['ttl']) . ' ' . $matches['type'] . ' ' . $matches['value'] . LF;
}
// Send the zone content to kzonecheck's stdin
@ -72,7 +72,7 @@ if (processForm() AND isset($_POST['zone-content'])) { // Update zone
<?php
if (isset($_SESSION['username']))
foreach (nsListUserZones($_SESSION['username']) as $zone)
echo ' <option value="' . $zone . '">' . $zone . '</option>' . "\n";
echo ' <option value="' . $zone . '">' . $zone . '</option>' . LF;
?>
</select>
<br>
@ -89,23 +89,23 @@ if (processForm()) { // Display zone
output(500, 'Unable to read zone file.');
$displayed_zone_content = '';
foreach(explode("\n", $zone_content) as $zone_line) {
foreach(explode(LF, $zone_content) as $zone_line) {
if (empty($zone_line) OR str_starts_with($zone_line, ';'))
continue;
if (preg_match('/^(?:(?:[a-z0-9_-]{1,63}\.){1,127})?' . preg_quote($_POST['zone'], '/') . '[\t ]+[0-9]{1,8}[\t ]+(?<type>[A-Z]{1,16})[\t ]+.+$/', $zone_line, $matches)) {
if (in_array($matches['type'], ALLOWED_TYPES, true) !== true)
continue;
$displayed_zone_content .= $zone_line . "\n";
$displayed_zone_content .= $zone_line . LF;
}
}
$displayed_zone_content .= "\n";
$displayed_zone_content .= LF;
?>
<form method="post">
<input type="hidden" name="zone" value="<?= $_POST['zone'] ?>">
<label for="zone-content">Nouveau contenu de la zone <code><strong><?= $_POST['zone'] ?></strong></code></label>
<textarea id="zone-content" name="zone-content" wrap="off" rows="<?= substr_count($displayed_zone_content, "\n") + 1 ?>"><?= htmlspecialchars($displayed_zone_content) ?></textarea>
<textarea id="zone-content" name="zone-content" wrap="off" rows="<?= substr_count($displayed_zone_content, LF) + 1 ?>"><?= htmlspecialchars($displayed_zone_content) ?></textarea>
<br>
<input type="submit" value="Remplacer">
</form>

8
pages/ns/index.php
View file

@ -10,10 +10,10 @@
$zones = query('select', 'zones', ['username' => $_SESSION['username'] ?? ''], 'zone');
if ($zones === [])
echo '<p>Ce compte n\'héberge aucune zone sur cette instance.<p>' . "\n";
echo '<p>Ce compte n\'héberge aucune zone sur cette instance.<p>' . LF;
else {
echo '<ul>' . "\n";
echo '<ul>' . LF;
foreach ($zones as $zone)
echo ' <code><li>' . $zone . '</li></code>' . "\n";
echo '</ul>' . "\n";
echo ' <code><li>' . $zone . '</li></code>' . LF;
echo '</ul>' . LF;
}

2
pages/ns/ip.php
View file

@ -22,7 +22,7 @@ if (processForm()) {
</p>
<form method="post">
<?php require "form.ns.php"; ?>
<?php require 'form.ns.php'; ?>
<label for="ip">Adresse IP</label><br>
<input required="" pattern="^[a-f0-9:.]+$" id="ip" name="ip" minlength="2" maxlength="39" size="40" type="text" placeholder="<?= PLACEHOLDER_IPV6 ?> ou <?= PLACEHOLDER_IPV4 ?>"><br>
<input value="Valider" type="submit">

8
pages/ns/loc.php
View file

@ -25,7 +25,7 @@ if (processForm()) {
if (!($_POST['lat-sec'] >= 0 AND $_POST['lat-sec'] <= 59.999))
output(403, 'Wrong value for <code>lat-sec</code>.');
if ($_POST['lat-dir'] !== "N" AND $_POST['lat-dir'] !== "S")
if ($_POST['lat-dir'] !== 'N' AND $_POST['lat-dir'] !== 'S')
output(403, 'Wrong value for <code>lat-dir</code>.');
if (!($_POST['lon-deg'] >= 0 AND $_POST['lon-deg'] <= 180))
@ -35,7 +35,7 @@ if (processForm()) {
if (!($_POST['lon-sec'] >= 0 AND $_POST['lon-sec'] <= 59.999))
output(403, 'Wrong value for <code>lon-sec</code>.');
if ($_POST['lon-dir'] !== "E" AND $_POST['lon-dir'] !== "W")
if ($_POST['lon-dir'] !== 'E' AND $_POST['lon-dir'] !== 'W')
output(403, 'Wrong value for <code>lon-dir</code>.');
if (!($_POST['alt'] >= -100000 AND $_POST['alt'] <= 42849672.95))
@ -53,7 +53,7 @@ if (processForm()) {
knotcZoneExec($_POST['zone'], array(
$values['domain'],
$values['ttl'],
"LOC",
'LOC',
$_POST['lat-deg'],
$_POST['lat-min'],
$_POST['lat-sec'],
@ -79,7 +79,7 @@ if (processForm()) {
<form method="post">
<?php require "form.ns.php"; ?>
<?php require 'form.ns.php'; ?>
<fieldset>
<legend>Latitude</legend>

4
pages/ns/mx.php
View file

@ -11,7 +11,7 @@ if (processForm()) {
knotcZoneExec($_POST['zone'], array(
$values['domain'],
$values['ttl'],
"MX",
'MX',
$_POST['priority'],
$_POST['host']
));
@ -27,7 +27,7 @@ if (processForm()) {
<form method="post">
<?php require "form.ns.php"; ?>
<?php require 'form.ns.php'; ?>
<br>

4
pages/ns/ns.php
View file

@ -8,7 +8,7 @@ if (processForm()) {
knotcZoneExec($_POST['zone'], array(
$values['domain'],
$values['ttl'],
"NS",
'NS',
$_POST['ns']
));
@ -22,7 +22,7 @@ if (processForm()) {
</p>
<form method="post">
<?php require "form.ns.php"; ?>
<?php require 'form.ns.php'; ?>
<br>
<label for="ns">Serveur de nom</label>
<br>

6
pages/ns/print.php
View file

@ -15,7 +15,7 @@
<?php
if (isset($_SESSION['username']))
foreach (nsListUserZones($_SESSION['username']) as $zone)
echo " <option value='" . $zone . "'>" . $zone . "</option>\n";
echo ' <option value="' . $zone . '">' . $zone . '</option>' . LF;
?>
</select>
<br>
@ -46,10 +46,10 @@ if (processForm()) {
<th>Contenu</th>
</tr>
<?php
foreach(explode("\n", $zoneContent) as $zoneLine) {
foreach(explode(LF, $zoneContent) as $zoneLine) {
if (str_starts_with($zoneLine, ';')) continue; // Ignore comments
if (empty($zoneLine)) continue;
$elements = preg_split("#[\t ]+#", $zoneLine, 4);
$elements = preg_split('/[\t ]+/', $zoneLine, 4);
if (!in_array($elements[2], ALLOWED_TYPES, true)) continue; // Ignore records generated by Knot
echo ' <tr>';
foreach ($elements as $element)

4
pages/ns/srv.php
View file

@ -17,7 +17,7 @@ if (processForm()) {
knotcZoneExec($_POST['zone'], array(
$values['domain'],
$values['ttl'],
"SRV",
'SRV',
$_POST['priority'],
$_POST['weight'],
$_POST['port'],
@ -35,7 +35,7 @@ if (processForm()) {
<form method="post">
<?php require "form.ns.php"; ?>
<?php require 'form.ns.php'; ?>
<br>

10
pages/ns/sshfp.php
View file

@ -3,19 +3,19 @@
if (processForm()) {
$values = nsParseCommonRequirements();
if (!($_POST['algo'] === "1" OR $_POST['algo'] === "3" OR $_POST['algo'] === "4"))
if (!($_POST['algo'] === '1' OR $_POST['algo'] === '3' OR $_POST['algo'] === '4'))
output(403, 'Wrong value for <code>algo</code>.');
if (!($_POST['type'] === "2"))
if (!($_POST['type'] === '2'))
output(403, 'Wrong value for <code>type</code>.');
if (!(preg_match("/^[a-z0-9]{64}$/", $_POST['fp'])))
if (!(preg_match('/^[a-z0-9]{64}$/', $_POST['fp'])))
output(403, 'Wrong value for <code>fp</code>.');
knotcZoneExec($_POST['zone'], array(
$values['domain'],
$values['ttl'],
"SSHFP",
'SSHFP',
$_POST['algo'],
$_POST['type'],
$_POST['fp']
@ -32,7 +32,7 @@ if (processForm()) {
<form method="post">
<?php require "form.ns.php"; ?>
<?php require 'form.ns.php'; ?>
<br>

8
pages/ns/tlsa.php
View file

@ -6,19 +6,19 @@ if (processForm()) {
if (!($_POST['use'] >= 0 AND $_POST['use'] <= 3))
output(403, 'Wrong value for <code>use</code>.');
if (!($_POST['selector'] === "0" OR $_POST['selector'] === "1"))
if (!($_POST['selector'] === '0' OR $_POST['selector'] === '1'))
output(403, 'Wrong value for <code>selector</code>.');
if (!($_POST['type'] >= 0 AND $_POST['type'] <= 2))
output(403, 'Wrong value for <code>type</code>.');
if (!(preg_match("/^[a-zA-Z0-9.-]{1,1024}$/", $_POST['content'])))
if (!(preg_match('/^[a-zA-Z0-9.-]{1,1024}$/', $_POST['content'])))
output(403, 'Wrong value for <code>content</code>.');
knotcZoneExec($_POST['zone'], array(
$values['domain'],
$values['ttl'],
"TLSA",
'TLSA',
$_POST['use'],
$_POST['selector'],
$_POST['type'],
@ -36,7 +36,7 @@ if (processForm()) {
<form method="post">
<?php require "form.ns.php"; ?>
<?php require 'form.ns.php'; ?>
<br>
<label for="use">Utilisation</label>

8
pages/ns/txt.php
View file

@ -3,14 +3,14 @@
if (processForm()) {
$values = nsParseCommonRequirements();
if (!(preg_match("/^[a-zA-Z0-9 =:!%$+\/\()[\]_-]{5,8192}$/", $_POST['txt'])))
if (!(preg_match('/^[a-zA-Z0-9 =:!%$+\/\()[\]_-]{5,8192}$/', $_POST['txt'])))
output(403, 'Wrong value for <code>txt</code>.');
knotcZoneExec($_POST['zone'], array(
$values['domain'],
$values['ttl'],
"TXT",
"\"" . $_POST['txt'] . "\""
'TXT',
'"' . $_POST['txt'] . '"'
));
output(200, 'Enregistrement ajouté/retiré.');
@ -23,7 +23,7 @@ if (processForm()) {
</p>
<form method="post">
<?php require "form.ns.php"; ?>
<?php require 'form.ns.php'; ?>
<br>
<label for="txt">Texte</label>
<br>

8
pages/ns/zone-add.php
View file

@ -13,7 +13,7 @@ if (processForm()) {
checkAbsoluteDomainFormat($parentAuthoritative);
exec(CONF['ns']['kdig_path'] . ' ' . $_POST['domain'] . ' NS @' . $parentAuthoritatives[0] . ' +noidn', $results);
if (preg_match('/^' . preg_quote($_POST['domain'], '/') . '[\t ]+[0-9]{1,8}[\t ]+IN[\t ]+NS[\t ]+(?<salt>[0-9a-f]{8})-(?<hash>[0-9a-f]{32})\.auth-owner.+$/m', implode("\n", $results), $matches) !== 1)
if (preg_match('/^' . preg_quote($_POST['domain'], '/') . '[\t ]+[0-9]{1,8}[\t ]+IN[\t ]+NS[\t ]+(?<salt>[0-9a-f]{8})-(?<hash>[0-9a-f]{32})\.auth-owner.+$/m', implode(LF, $results), $matches) !== 1)
output(403, 'Enregistrement d\'authentification introuvable');
checkAuthToken($matches['salt'], $matches['hash']);
@ -25,7 +25,7 @@ if (processForm()) {
'username' => $_SESSION['username'],
]);
$knotZonePath = CONF['ns']['knot_zones_path'] . "/" . $_POST['domain'] . "zone";
$knotZonePath = CONF['ns']['knot_zones_path'] . '/' . $_POST['domain'] . 'zone';
$knotZone = implode(' ', [
$_POST['domain'],
SOA_VALUES['ttl'],
@ -37,9 +37,9 @@ if (processForm()) {
SOA_VALUES['retry'],
SOA_VALUES['expire'],
SOA_VALUES['negative'],
]) . "\n";
]) . LF;
foreach (CONF['ns']['servers'] as $server)
$knotZone .= $_POST['domain'] . ' 86400 NS ' . $server . "\n";
$knotZone .= $_POST['domain'] . ' 86400 NS ' . $server . LF;
if (is_int(file_put_contents($knotZonePath, $knotZone)) !== true)
output(500, 'Failed to write new zone file.');
if (chmod($knotZonePath, 0660) !== true)

2
pages/ns/zone-del.php
View file

@ -17,7 +17,7 @@ if (processForm()) {
<?php
if (isset($_SESSION['username']))
foreach (nsListUserZones($_SESSION['username']) as $zone)
echo " <option value='" . $zone . "'>" . $zone . "</option>\n";
echo ' <option value="' . $zone . '">' . $zone . '</option>' . LF;
?>
</select>
<br>

23
pages/reg/ds.php
View file

@ -7,18 +7,18 @@ else
if (processForm()) {
if (
($_POST['algo'] !== "8")
AND ($_POST['algo'] !== "13")
AND ($_POST['algo'] !== "14")
AND ($_POST['algo'] !== "15")
AND ($_POST['algo'] !== "16")
($_POST['algo'] !== '8')
AND ($_POST['algo'] !== '13')
AND ($_POST['algo'] !== '14')
AND ($_POST['algo'] !== '15')
AND ($_POST['algo'] !== '16')
) output(403, 'Wrong value for <code>algo</code>.');
$_POST['keytag'] = intval($_POST['keytag']);
if ((!preg_match("/^[0-9]{1,6}$/", $_POST['keytag'])) OR !($_POST['keytag'] >= 1) OR !($_POST['keytag'] <= 65535))
if ((!preg_match('/^[0-9]{1,6}$/', $_POST['keytag'])) OR !($_POST['keytag'] >= 1) OR !($_POST['keytag'] <= 65535))
output(403, 'Wrong value for <code>keytag</code>.');
if ($_POST['dt'] !== "2" AND $_POST['dt'] !== "4")
if ($_POST['dt'] !== '2' AND $_POST['dt'] !== '4')
output(403, 'Wrong value for <code>dt</code>.');
regCheckDomainPossession($_POST['zone']);
@ -28,7 +28,7 @@ if (processForm()) {
knotcZoneExec(CONF['reg']['registry'], array(
$_POST['zone'],
CONF['reg']['ttl'],
"DS",
'DS',
$_POST['keytag'],
$_POST['algo'],
$_POST['dt'],
@ -56,12 +56,9 @@ if (processForm()) {
<select required="" name="zone" id="zone">
<option value="" disabled="" selected="">---</option>
<?php
foreach($domains as $domain)
echo " <option value='" . $domain . "'>" . $domain . "</option>";
foreach ($domains as $domain)
echo ' <option value="' . $domain . '">' . $domain . '</option>' . LF;
?>
</select>
<br>
<label for="keytag">Tag de la clé</label>

5
pages/reg/glue.php
View file

@ -41,13 +41,10 @@ if (processForm()) {
<br>
<select required="" name="suffix" id="suffix">
<option value="" disabled="" selected="">---</option>
<?php
if (isset($_SESSION['username']))
foreach(regListUserDomains($_SESSION['username']) as $suffix)
echo " <option value='" . $suffix . "'>." . $suffix . "</option>";
echo ' <option value="' . $suffix . '">' . $suffix . '</option>' . LF;
?>
</select>
</div>

8
pages/reg/index.php
View file

@ -10,10 +10,10 @@
$domains = query('select', 'registry', ['username' => $_SESSION['username'] ?? ''], 'domain');
if ($domains === [])
echo '<p>Ce compte n\'a aucun domaine enregistré sur <code>' . CONF['reg']['registry'] . '</code><p>' . "\n";
echo '<p>Ce compte n\'a aucun domaine enregistré sur <code>' . CONF['reg']['registry'] . '</code><p>' . LF;
else {
echo '<ul>' . "\n";
echo '<ul>' . LF;
foreach ($domains as $domain)
echo ' <code><li>' . $domain . '</li></code>' . "\n";
echo '</ul>' . "\n";
echo ' <code><li>' . $domain . '</li></code>' . LF;
echo '</ul>' . LF;
}

7
pages/reg/ns.php
View file

@ -7,7 +7,7 @@ if (processForm()) {
knotcZoneExec(CONF['reg']['registry'], array(
$_POST['domain'],
CONF['reg']['ttl'],
"NS",
'NS',
$_POST['ns']
));
@ -33,10 +33,9 @@ if (processForm()) {
<option value="" disabled="" selected="">---</option>
<?php
if (isset($_SESSION['username']))
foreach(regListUserDomains($_SESSION['username']) as $domain)
echo " <option value='" . $domain . "'>" . $domain . "</option>\n";
foreach (regListUserDomains($_SESSION['username']) as $domain)
echo ' <option value="' . $domain . '">' . $domain . '</option>' . LF;
?>
</select>
<br>
<label for="ns">Serveur de nom</label>

32
pages/reg/print.php
View file

@ -5,8 +5,8 @@
<?php
if (isset($_SESSION['username']))
foreach (regListUserDomains($_SESSION['username']) as $domain)
echo " <option value='" . $domain . "'>" . $domain . "</option>\n";
?>
echo ' <option value="' . $domain . '">' . $domain . '</option>' . LF;
?>
</select>
<br>
<input value="Afficher" type="submit">
@ -21,26 +21,26 @@ if (processForm()) {
if ($zoneContent === false)
output(500, 'Unable to read registry file.');
?>
<table>
<tr>
<th>Domaine</th>
<th>TTL</th>
<th>Type</th>
<th>Contenu</th>
</tr>
<?php
?>
<table>
<tr>
<th>Domaine</th>
<th>TTL</th>
<th>Type</th>
<th>Contenu</th>
</tr>
<?php
foreach(explode("\n", $zoneContent) as $zoneLine) {
foreach(explode(LF, $zoneContent) as $zoneLine) {
if (str_starts_with($zoneLine, ';')) continue; // Ignore comments
if (empty($zoneLine)) continue;
$elements = preg_split("#[\t ]+#", $zoneLine, 4);
$elements = preg_split('/[\t ]+/', $zoneLine, 4);
if (!str_ends_with($elements[0], $_POST['domain'])) continue; // Ignore records for other domains
if (!in_array($elements[2], ['A', 'AAAA', 'NS', 'DS'], true)) continue; // Ignore records generated by Knot
echo " <tr>\n";
echo ' <tr>' . LF;
foreach ($elements as $element)
echo " <td><code>" . htmlspecialchars($element) . "</code></td>\n";
echo " </tr>\n";
echo ' <td><code>' . htmlspecialchars($element) . '</code></td>' . LF;
echo ' </tr>' . LF;
}
echo '</table>';

4
pages/reg/register.php
View file

@ -9,7 +9,7 @@ if (processForm()) {
if (query('select', 'registry', ['domain' => $domain], 'domain') !== [])
output(403, 'Ce domaine n\'est pas disponible à l\'enregistrement. Il est déjà enregistré.');
if (in_array($_POST['subdomain'], explode("\n", file_get_contents(CONF['common']['root_path'] . '/pages/reg/reserved.txt'))))
if (in_array($_POST['subdomain'], explode(LF, file_get_contents(CONF['common']['root_path'] . '/pages/reg/reserved.txt'))))
output(403, 'Ce domaine n\'est pas disponible à l\'enregistrement. Il est réservé.');
rateLimit();
@ -17,7 +17,7 @@ if (processForm()) {
insert('registry', [
'domain' => $domain,
'username' => $_SESSION['username'],
'last_renewal' => date("Y-m-d H:i:s"),
'last_renewal' => date('Y-m-d H:i:s'),
]);
output(200, 'Domaine ajouté au registre.');

3
pages/reg/unregister.php
View file

@ -22,9 +22,8 @@ if (processForm()) {
<?php
if (isset($_SESSION['username']))
foreach(regListUserDomains($_SESSION['username']) as $domain)
echo " <option value='" . $domain . "'>" . $domain . "</option>\n";
echo ' <option value="' . $domain . '">' . $domain . '</option>' . LF;
?>
</select>
<br>
<input value="Effacer" type="submit">

34
router.php
View file

@ -1,11 +1,13 @@
<?php
define("CONF", parse_ini_file(__DIR__ . "/config.ini", true, INI_SCANNER_TYPED));
define('CONF', parse_ini_file(__DIR__ . '/config.ini', true, INI_SCANNER_TYPED));
foreach (array_diff(scandir(CONF['common']['root_path'] . "/fn"), array('..', '.')) as $file)
foreach (array_diff(scandir(CONF['common']['root_path'] . '/fn'), array('..', '.')) as $file)
require CONF['common']['root_path'] . '/fn/' . $file;
require "pages.php";
require 'pages.php';
define("DB_PATH", CONF['common']['root_path'] . "/db/niver.db");
define('DB_PATH', CONF['common']['root_path'] . '/db/niver.db');
const LF = "\n";
const PLACEHOLDER_DOMAIN = 'example'; // From RFC2606: Reserved Top Level DNS Names > 2. TLDs for Testing, & Documentation Examples
const PLACEHOLDER_IPV6 = '2001:db8::3'; // From RFC3849: IPv6 Address Prefix Reserved for Documentation
@ -15,15 +17,15 @@ if ($_SERVER['REQUEST_URI'] === '/sftpgo-auth.php')
return;
$pageAddress = substr($_SERVER['REQUEST_URI'], strlen(CONF['common']['prefix']) + 1);
if (strpos($pageAddress, "?") !== false) {
parse_str(substr($pageAddress, strpos($pageAddress, "?") + 1), $_GET);
$pageAddress = substr($pageAddress, 0, strpos($pageAddress, "?"));
if (strpos($pageAddress, '?') !== false) {
parse_str(substr($pageAddress, strpos($pageAddress, '?') + 1), $_GET);
$pageAddress = substr($pageAddress, 0, strpos($pageAddress, '?'));
}
define("PAGE_URL", $pageAddress);
define("PAGE_ADDRESS", $pageAddress . ((substr($pageAddress, -1) === '/' OR $pageAddress === '') ? 'index' : ''));
define("PAGE_LINEAGE", explode('/', PAGE_ADDRESS));
define("SERVICE", dirname(PAGE_ADDRESS));
define("PAGE", basename(PAGE_ADDRESS, '.php'));
define('PAGE_URL', $pageAddress);
define('PAGE_ADDRESS', $pageAddress . ((substr($pageAddress, -1) === '/' OR $pageAddress === '') ? 'index' : ''));
define('PAGE_LINEAGE', explode('/', PAGE_ADDRESS));
define('SERVICE', dirname(PAGE_ADDRESS));
define('PAGE', basename(PAGE_ADDRESS, '.php'));
$pageMetadata = [];
function getPageInformations($pages, $pageElements) {
@ -83,7 +85,7 @@ foreach(array_reverse(TITLES_LINEAGE) as $id => $title)
?></title>
<?php
foreach (glob('css/*.css') as $cssPath)
echo ' <link type="text/css" rel="stylesheet" media="screen" href="' . CONF['common']['prefix'] . '/' . $cssPath . '">' . "\n";
echo ' <link type="text/css" rel="stylesheet" media="screen" href="' . CONF['common']['prefix'] . '/' . $cssPath . '">' . LF;
?>
<meta name="viewport" content="width=device-width, initial-scale=1">
</head>
@ -100,7 +102,7 @@ foreach (glob('css/*.css') as $cssPath)
<?php
foreach (TITLES_LINEAGE as $id => $title) {
$lastTitle = (TITLES_LINEAGE[array_key_last(TITLES_LINEAGE)] === $title);
echo '<ul><li>' . ($lastTitle ? '<h1>' : '') . '<a' . (($id === 0) ? ' class="niver"' : '') . ' href="' . CONF['common']['prefix'] . ($lastTitle ? '/' . PAGE_URL : '/' . implode('/', array_slice(PAGE_LINEAGE, 0, $id)) . (($lastTitle OR $id === 0) ? '' : '/')) . '">' . $title . '</a>' . ($lastTitle ? '</h1>' : '') . "\n";
echo '<ul><li>' . ($lastTitle ? '<h1>' : '') . '<a' . (($id === 0) ? ' class="niver"' : '') . ' href="' . CONF['common']['prefix'] . ($lastTitle ? '/' . PAGE_URL : '/' . implode('/', array_slice(PAGE_LINEAGE, 0, $id)) . (($lastTitle OR $id === 0) ? '' : '/')) . '">' . $title . '</a>' . ($lastTitle ? '</h1>' : '') . LF;
}
echo str_repeat('</li></ul>', count(TITLES_LINEAGE));
?>
@ -114,7 +116,7 @@ if (in_array(SERVICE, ['reg', 'ns', 'ht']) AND CONF[SERVICE]['enabled'] !== true
output(403, 'Ce service est désactivé.');
// Protect against cross-site request forgery if a POST request is received
if (empty($_POST) === false AND (isset($_SERVER['HTTP_SEC_FETCH_SITE']) !== true OR $_SERVER['HTTP_SEC_FETCH_SITE'] !== "same-origin"))
if (empty($_POST) === false AND (isset($_SERVER['HTTP_SEC_FETCH_SITE']) !== true OR $_SERVER['HTTP_SEC_FETCH_SITE'] !== 'same-origin'))
output(403, 'Anti-<abbr title="Cross-Site Request Forgery">CSRF</abbr> verification failed ! (Wrong or unset <code>Sec-Fetch-Site</code> HTTP header)');
function displayFinalMessage() {
@ -124,7 +126,7 @@ function displayFinalMessage() {
}
function executePage() {
require "pages/" . PAGE_ADDRESS . ".php";
require 'pages/' . PAGE_ADDRESS . '.php';
displayFinalMessage();
?>

4
sftpgo-auth.php
View file

@ -1,8 +1,8 @@
<?php
require "router.php";
require 'router.php';
$authData = json_decode(file_get_contents("php://input"), true);
$authData = json_decode(file_get_contents('php://input'), true);
if (userExist($authData['username']) === true AND checkPassword($authData['username'], $authData['password']) === true) {
$quotaSize = (query('select', 'users', ['username' => $authData['username']], 'type')[0] === 'trusted') ? CONF['ht']['user_quota_trusted'] : CONF['ht']['user_quota_testing'];