From 73c137aabaa53316ab2ccba04c934f18d9b36a75 Mon Sep 17 00:00:00 2001 From: Miraty Date: Tue, 20 Dec 2022 21:17:03 +0100 Subject: [PATCH] Split pages/ between pg-act/ and pg-view/ --- fn/auth.php | 6 +- fn/common.php | 29 +-- fn/dns.php | 14 ++ fn/ns.php | 6 +- fn/reg.php | 8 +- form.ns.php | 5 +- pages.php | 2 + pages/auth/approval.php | 36 ---- pages/auth/login.php | 42 ---- pages/auth/register.php | 69 ------- pages/auth/unregister.php | 62 ------ pages/auth/username.php | 30 --- pages/ht/add-http-dns.php | 105 ---------- pages/ht/add-http-onion.php | 70 ------- pages/ns/print.php | 96 --------- pages/ns/zone-add.php | 78 -------- pages/ns/zone-del.php | 25 --- pages/reg/print.php | 49 ----- pages/reg/register.php | 38 ---- pages/reg/transfer.php | 44 ----- pg-act/auth/approval.php | 18 ++ pg-act/auth/login.php | 28 +++ {pages => pg-act}/auth/logout.php | 0 pg-act/auth/password.php | 10 + pg-act/auth/register.php | 50 +++++ pg-act/auth/unregister.php | 40 ++++ pg-act/auth/username.php | 15 ++ pg-act/ht/add-http-dns.php | 59 ++++++ pg-act/ht/add-http-onion.php | 47 +++++ pg-act/ht/del-http-dns.php | 8 + pg-act/ht/del-http-onion.php | 8 + pg-act/ns/caa.php | 23 +++ pg-act/ns/cname.php | 14 ++ pg-act/ns/dname.php | 14 ++ {pages => pg-act}/ns/edit.php | 92 ++------- pg-act/ns/ip.php | 14 ++ pg-act/ns/loc.php | 70 +++++++ pg-act/ns/mx.php | 18 ++ pg-act/ns/ns.php | 14 ++ pg-act/ns/print.php | 25 +++ pg-act/ns/srv.php | 26 +++ pg-act/ns/sshfp.php | 23 +++ pg-act/ns/tlsa.php | 27 +++ pg-act/ns/txt.php | 15 ++ pg-act/ns/zone-add.php | 52 +++++ pg-act/ns/zone-del.php | 7 + pg-act/reg/ds.php | 30 +++ pg-act/reg/glue.php | 16 ++ pg-act/reg/ns.php | 13 ++ pg-act/reg/print.php | 11 ++ pg-act/reg/register.php | 22 +++ {pages => pg-act}/reg/reserved.txt | 0 pg-act/reg/transfer.php | 26 +++ pg-act/reg/unregister.php | 7 + pg-view/auth/approval.php | 10 + {pages => pg-view}/auth/index.php | 0 pg-view/auth/login.php | 13 ++ pg-view/auth/logout.php | 3 + {pages => pg-view}/auth/password.php | 15 -- pg-view/auth/register.php | 17 ++ pg-view/auth/unregister.php | 17 ++ pg-view/auth/username.php | 10 + pg-view/ht/add-http-dns.php | 45 +++++ pg-view/ht/add-http-onion.php | 22 +++ {pages => pg-view}/ht/del-http-dns.php | 11 +- {pages => pg-view}/ht/del-http-onion.php | 9 - {pages => pg-view}/ht/index.php | 0 {pages => pg-view}/index.php | 0 {pages => pg-view}/ns/caa.php | 28 --- {pages => pg-view}/ns/cname.php | 19 -- {pages => pg-view}/ns/dname.php | 19 -- pg-view/ns/edit.php | 58 ++++++ {pages => pg-view}/ns/index.php | 0 {pages => pg-view}/ns/ip.php | 19 -- {pages => pg-view}/ns/loc.php | 75 ------- {pages => pg-view}/ns/mx.php | 23 --- {pages => pg-view}/ns/ns.php | 19 -- pg-view/ns/print.php | 77 ++++++++ {pages => pg-view}/ns/srv.php | 31 --- {pages => pg-view}/ns/sshfp.php | 28 --- {pages => pg-view}/ns/tlsa.php | 32 --- {pages => pg-view}/ns/txt.php | 20 -- pg-view/ns/zone-add.php | 19 ++ pg-view/ns/zone-del.php | 12 ++ {pages => pg-view}/reg/ds.php | 44 +---- {pages => pg-view}/reg/glue.php | 26 +-- {pages => pg-view}/reg/index.php | 0 {pages => pg-view}/reg/ns.php | 23 +-- pg-view/reg/print.php | 34 ++++ pg-view/reg/register.php | 11 ++ pg-view/reg/reserved.txt | 242 +++++++++++++++++++++++ pg-view/reg/transfer.php | 11 ++ {pages => pg-view}/reg/unregister.php | 17 +- router.php | 85 +++----- view.php | 51 +++++ 95 files changed, 1486 insertions(+), 1365 deletions(-) delete mode 100644 pages/auth/approval.php delete mode 100644 pages/auth/login.php delete mode 100644 pages/auth/register.php delete mode 100644 pages/auth/unregister.php delete mode 100644 pages/auth/username.php delete mode 100644 pages/ht/add-http-dns.php delete mode 100644 pages/ht/add-http-onion.php delete mode 100644 pages/ns/print.php delete mode 100644 pages/ns/zone-add.php delete mode 100644 pages/ns/zone-del.php delete mode 100644 pages/reg/print.php delete mode 100644 pages/reg/register.php delete mode 100644 pages/reg/transfer.php create mode 100644 pg-act/auth/approval.php create mode 100644 pg-act/auth/login.php rename {pages => pg-act}/auth/logout.php (100%) create mode 100644 pg-act/auth/password.php create mode 100644 pg-act/auth/register.php create mode 100644 pg-act/auth/unregister.php create mode 100644 pg-act/auth/username.php create mode 100644 pg-act/ht/add-http-dns.php create mode 100644 pg-act/ht/add-http-onion.php create mode 100644 pg-act/ht/del-http-dns.php create mode 100644 pg-act/ht/del-http-onion.php create mode 100644 pg-act/ns/caa.php create mode 100644 pg-act/ns/cname.php create mode 100644 pg-act/ns/dname.php rename {pages => pg-act}/ns/edit.php (54%) create mode 100644 pg-act/ns/ip.php create mode 100644 pg-act/ns/loc.php create mode 100644 pg-act/ns/mx.php create mode 100644 pg-act/ns/ns.php create mode 100644 pg-act/ns/print.php create mode 100644 pg-act/ns/srv.php create mode 100644 pg-act/ns/sshfp.php create mode 100644 pg-act/ns/tlsa.php create mode 100644 pg-act/ns/txt.php create mode 100644 pg-act/ns/zone-add.php create mode 100644 pg-act/ns/zone-del.php create mode 100644 pg-act/reg/ds.php create mode 100644 pg-act/reg/glue.php create mode 100644 pg-act/reg/ns.php create mode 100644 pg-act/reg/print.php create mode 100644 pg-act/reg/register.php rename {pages => pg-act}/reg/reserved.txt (100%) create mode 100644 pg-act/reg/transfer.php create mode 100644 pg-act/reg/unregister.php create mode 100644 pg-view/auth/approval.php rename {pages => pg-view}/auth/index.php (100%) create mode 100644 pg-view/auth/login.php create mode 100644 pg-view/auth/logout.php rename {pages => pg-view}/auth/password.php (68%) create mode 100644 pg-view/auth/register.php create mode 100644 pg-view/auth/unregister.php create mode 100644 pg-view/auth/username.php create mode 100644 pg-view/ht/add-http-dns.php create mode 100644 pg-view/ht/add-http-onion.php rename {pages => pg-view}/ht/del-http-dns.php (62%) rename {pages => pg-view}/ht/del-http-onion.php (67%) rename {pages => pg-view}/ht/index.php (100%) rename {pages => pg-view}/index.php (100%) rename {pages => pg-view}/ns/caa.php (52%) rename {pages => pg-view}/ns/cname.php (53%) rename {pages => pg-view}/ns/dname.php (54%) create mode 100644 pg-view/ns/edit.php rename {pages => pg-view}/ns/index.php (100%) rename {pages => pg-view}/ns/ip.php (60%) rename {pages => pg-view}/ns/loc.php (51%) rename {pages => pg-view}/ns/mx.php (52%) rename {pages => pg-view}/ns/ns.php (53%) create mode 100644 pg-view/ns/print.php rename {pages => pg-view}/ns/srv.php (53%) rename {pages => pg-view}/ns/sshfp.php (60%) rename {pages => pg-view}/ns/tlsa.php (67%) rename {pages => pg-view}/ns/txt.php (50%) create mode 100644 pg-view/ns/zone-add.php create mode 100644 pg-view/ns/zone-del.php rename {pages => pg-view}/reg/ds.php (70%) rename {pages => pg-view}/reg/glue.php (64%) rename {pages => pg-view}/reg/index.php (100%) rename {pages => pg-view}/reg/ns.php (57%) create mode 100644 pg-view/reg/print.php create mode 100644 pg-view/reg/register.php create mode 100644 pg-view/reg/reserved.txt create mode 100644 pg-view/reg/transfer.php rename {pages => pg-view}/reg/unregister.php (53%) create mode 100644 view.php diff --git a/fn/auth.php b/fn/auth.php index a243c8a..f3e83de 100644 --- a/fn/auth.php +++ b/fn/auth.php @@ -49,9 +49,13 @@ function changePassword($id, $password) { ->execute([':password' => hashPassword($password), ':id' => $id]); } -function logout() { +function stopSession() { if (session_status() === PHP_SESSION_ACTIVE) session_destroy(); +} + +function logout() { + stopSession(); header('Clear-Site-Data: "*"'); diff --git a/fn/common.php b/fn/common.php index 64e9391..8f85a81 100644 --- a/fn/common.php +++ b/fn/common.php @@ -1,37 +1,16 @@ ($msg === '') ? '' : '

Succès : ' . $msg . '

' . LF, 4 => '

Erreur utilisataire : ' . $msg . '

' . LF, 5 => '

Server error: The server encountered an error: ' . $msg . '

' . LF, }; - http_response_code($code); - if ($shortCode === 5) - error_log('Niver internal error: ' . strip_tags($msg) . implode(LF, $logs)); - if ($code !== 200) - executePage(); -} - -function processForm($requireLogin = true) { - if (http_response_code() !== 200) - return false; - if ($_POST === []) { - if ($requireLogin AND !isset($_SESSION['id'])) - echo '

Ce formulaire ne sera pas accepté car il faut se connecter avant.

'; - return false; - } - if ($requireLogin) { - if (isset($_SESSION['id']) !== true) - output(403, 'Vous devez être connecté·e à un compte pour effectuer cette action.'); - if (isset(query('select', 'users', ['id' => $_SESSION['id']], 'id')[0]) !== true) - output(403, 'Ce compte n\'existe plus. Déconnectez-vous pour terminer cette session fantôme.'); - } - return true; + displayPage(['final_message' => $final_message]); } function insert($table, $values) { diff --git a/fn/dns.php b/fn/dns.php index 962961e..7006780 100644 --- a/fn/dns.php +++ b/fn/dns.php @@ -1,5 +1,19 @@ $username], 'zone'); +function nsListUserZones() { + if (isset($_SESSION['id'])) + return query('select', 'zones', ['username' => $_SESSION['id']], 'zone'); + return []; } function nsCheckZonePossession($zone) { diff --git a/fn/reg.php b/fn/reg.php index 18e368c..df4b111 100644 --- a/fn/reg.php +++ b/fn/reg.php @@ -2,12 +2,14 @@ const SUBDOMAIN_REGEX = '^[a-z0-9]{4,63}$'; -function regListUserDomains($username) { - return query('select', 'registry', ['username' => $username], 'domain'); +function regListUserDomains() { + if (isset($_SESSION['id'])) + return query('select', 'registry', ['username' => $_SESSION['id']], 'domain'); + return []; } function regCheckDomainPossession($domain) { - if (in_array($domain, regListUserDomains($_SESSION['id']), true) !== true) + if (in_array($domain, regListUserDomains(), true) !== true) output(403, 'You don\'t own this domain.'); } diff --git a/form.ns.php b/form.ns.php index 69a44e2..eab6040 100644 --- a/form.ns.php +++ b/form.ns.php @@ -18,9 +18,8 @@ diff --git a/pages.php b/pages.php index 60c8489..b433d01 100644 --- a/pages.php +++ b/pages.php @@ -12,10 +12,12 @@ define('PAGES', [ 'login' => [ 'title' => 'Se connecter', 'description' => 'Démarrer une nouvelle session avec un compte existant', + 'require-login' => false, ], 'register' => [ 'title' => 'Créer un compte', 'description' => 'Créer un nouveau compte Niver', + 'require-login' => false, 'tokens_instance_cost' => 7200, ], 'unregister' => [ diff --git a/pages/auth/approval.php b/pages/auth/approval.php deleted file mode 100644 index 35be7c0..0000000 --- a/pages/auth/approval.php +++ /dev/null @@ -1,36 +0,0 @@ - bin2hex(random_bytes(16))]); - -if (processForm()) { - - if ($_SESSION['type'] !== 'testing') - output(403, 'Approbation impossible : votre compte est déjà approuvé.'); - - if (isset(query('select', 'approval-keys', ['key' => $_POST['key']], 'key')[0]) !== true) - output(403, 'Approbation impossible : cette clé d\'approbation n\'est pas disponible. Elle a été mal saisie, a expiré ou a déjà été utilisée pour un autre compte.'); - - query('delete', 'approval-keys', ['key' => $_POST['key']]); - - DB->prepare('UPDATE users SET type = "approved" WHERE id = :id') - ->execute([':id' => $_SESSION['id']]); - - $_SESSION['type'] = 'approved'; - - insert('approval-keys', ['key' => bin2hex(random_bytes(16))]); - - output(200, 'Compte approuvé.'); -} - -?> - -

- Ce formulaire permet d'utiliser une clé d'approbation pour valider son compte. Une clé d'approbation est distribuée par l'administrataire sur demande. -

- -
-
- -
- -
diff --git a/pages/auth/login.php b/pages/auth/login.php deleted file mode 100644 index 6da76fe..0000000 --- a/pages/auth/login.php +++ /dev/null @@ -1,42 +0,0 @@ - $username], 'id')[0]; - - if (checkPassword($id, $_POST['password']) !== true) - output(403, 'Connexion impossible : clé de passe invalide.'); - - $_SESSION['id'] = $id; - $_SESSION['display-username'] = htmlspecialchars($_POST['username']); - $_SESSION['type'] = query('select', 'users', ['id' => $id], 'type')[0]; - - if (outdatedPasswordHash($id)) - changePassword($id, $_POST['password']); - - redir(); -} - -?> - -

Pas de compte ? En créer un

- -
-
- -
- -
- -
- - -
diff --git a/pages/auth/register.php b/pages/auth/register.php deleted file mode 100644 index be9063d..0000000 --- a/pages/auth/register.php +++ /dev/null @@ -1,69 +0,0 @@ - $id, - 'username' => $username, - 'password' => hashPassword($_POST['password']), - 'registration_date' => date('Y-m-d H:i:s'), - 'bucket_tokens' => 0, - 'bucket_last_update' => 0, - 'type' => 'testing', - ]); - - // Setup SFTP directory - umask(0002); - if (mkdir(CONF['ht']['ht_path'] . '/' . $id, 0775) !== true) - output(500, 'Can\'t create user directory.'); - exec(CONF['ht']['sudo_path'] . ' ' . CONF['ht']['chgrp_path'] . ' ' . CONF['ht']['sftpgo_group'] . ' ' . CONF['ht']['ht_path'] . '/' . $id . ' --no-dereference', result_code: $code); - if ($code !== 0) - output(500, 'Can\'t change user directory group.'); - - // Setup Tor config directory - if (mkdir(CONF['ht']['tor_config_path'] . '/' . $id, 0755) !== true) - output(500, 'Can\'t create Tor config directory.'); - - // Setup Tor keys directory - exec(CONF['ht']['sudo_path'] . ' -u ' . CONF['ht']['tor_user'] . ' ' . CONF['ht']['mkdir_path'] . ' --mode=0700 ' . CONF['ht']['tor_keys_path'] . '/' . $id, result_code: $code); - if ($code !== 0) - output(500, 'Can\'t create Tor keys directory.'); - - $_SESSION['id'] = $id; - $_SESSION['display-username'] = htmlspecialchars($_POST['username']); - $_SESSION['type'] = 'testing'; - - redir(); -} - -?> - -

Déjà un compte ? Se connecter

- -
- - -
-
- -
- -

Une clé de passe sécurisée est trop compliquée à deviner pour une attaque qui testerait automatiquement plein de clés de passe tout en connaissant d'autres informations et secrets sur vous.

-

Minimum 8 caractères si elle contient minuscule, majuscule et chiffre, ou minimum 10 caractères sinon.

-
- -
- -
diff --git a/pages/auth/unregister.php b/pages/auth/unregister.php deleted file mode 100644 index 40422b4..0000000 --- a/pages/auth/unregister.php +++ /dev/null @@ -1,62 +0,0 @@ - $_SESSION['id']], 'domain') as $domain) - regDeleteDomain($domain); - - foreach (query('select', 'zones', ['username' => $_SESSION['id']], 'zone') as $zone) - nsDeleteZone($zone); - - foreach (query('select', 'sites', [ - 'username' => $_SESSION['id'], - 'domain_type' => 'onion', - 'protocol' => 'http', - ], 'site_dir') as $dir) - htDeleteSite($dir, domainType: 'onion', protocol: 'http'); - - foreach (query('select', 'sites', [ - 'username' => $_SESSION['id'], - 'domain_type' => 'dns', - 'protocol' => 'http', - ], 'site_dir') as $dir) - htDeleteSite($dir, domainType: 'dns', protocol: 'http'); - - exec(CONF['ht']['sudo_path'] . ' -u ' . CONF['ht']['tor_user'] . ' ' . CONF['ht']['rm_path'] . ' --recursive ' . CONF['ht']['tor_keys_path'] . '/' . $_SESSION['id'], result_code: $code); - if ($code !== 0) - output(500, 'Can\'t remove Tor keys directory.'); - - removeDirectory(CONF['ht']['tor_config_path'] . '/' . $_SESSION['id']); - - exec(CONF['ht']['sudo_path'] . ' -u ' . CONF['ht']['sftpgo_user'] . ' ' . CONF['ht']['rm_path'] . ' --recursive ' . CONF['ht']['ht_path'] . '/' . $_SESSION['id'], result_code: $code); - if ($code !== 0) - output(500, 'Can\'t remove user\'s directory.'); - - query('delete', 'users', ['id' => $_SESSION['id']]); - - logout(); - - output(200, 'Compte supprimé.'); -} - -?> - -

- Cette action supprimera toutes les données appartenant à ce compte, y compris : -

- - - -
- - -
- -
diff --git a/pages/auth/username.php b/pages/auth/username.php deleted file mode 100644 index be7040c..0000000 --- a/pages/auth/username.php +++ /dev/null @@ -1,30 +0,0 @@ -prepare('UPDATE users SET username = :username WHERE id = :id') - ->execute([':username' => $username, ':id' => $_SESSION['id']]); - - $_SESSION['display-username'] = htmlspecialchars($_POST['new-username']); - - output(200, 'Identifiant changé.'); -} - -?> - -

- Vous pouvez ici changer l'identifiant permettant d'accéder à votre compte Niver. -

- -
-
-
- - -
diff --git a/pages/ht/add-http-dns.php b/pages/ht/add-http-dns.php deleted file mode 100644 index 9cdab2c..0000000 --- a/pages/ht/add-http-dns.php +++ /dev/null @@ -1,105 +0,0 @@ -dir.'); - - if (query('select', 'sites', ['domain' => $_POST['domain']], 'domain') !== []) - output(403, 'Ce domaine existe déjà sur ce service.'); - - $remoteAaaaRecords = dns_get_record($_POST['domain'], DNS_AAAA); - if (is_array($remoteAaaaRecords) !== true) - output(500, 'Erreur lors de la récupération de l\'enregistrement AAAA.'); - if (equalArrays([CONF['ht']['ipv6_address']], array_column($remoteAaaaRecords, 'ipv6')) !== true) - output(403, 'Ce domaine doit avoir pour unique enregistrement AAAA ' . CONF['ht']['ipv6_address'] . '.'); - - $remoteARecords = dns_get_record($_POST['domain'], DNS_A); - if (is_array($remoteARecords) !== true) - output(500, 'Erreur lors de la récupération de l\'enregistrement A.'); - if (equalArrays([CONF['ht']['ipv4_address']], array_column($remoteARecords, 'ip')) !== true) - output(403, 'Ce domaine doit avoir pour unique enregistrement A ' . CONF['ht']['ipv4_address'] . '.'); - - $remoteTXTRecords = dns_get_record($_POST['domain'], DNS_TXT); - if (is_array($remoteTXTRecords) !== true) - output(500, 'Erreur lors de la récupération de l\'enregistrement TXT.'); - if (preg_match('/^' . preg_quote(SERVER_NAME, '/') . '_domain-verification=([0-9a-f]{8})-([0-9a-f]{32})$/Dm', implode(LF, array_column($remoteTXTRecords, 'txt')), $matches) !== 1) - output(403, 'Aucun enregistrement TXT au format correct trouvé.'); - - checkAuthToken($matches[1], $matches[2]); - - rateLimit(); - - addSite($_SESSION['id'], $_POST['dir'], $_POST['domain'], 'dns', 'http'); - - exec('2>&1 ' . CONF['ht']['sudo_path'] . ' ' . CONF['ht']['certbot_path'] . ' certonly' . (($_SESSION['type'] === 'approved') ? '' : ' --test-cert') . ' --key-type rsa --rsa-key-size 3072 --webroot --webroot-path /srv/niver/acme --domain ' . $_POST['domain'], $output, $returnCode); - if ($returnCode !== 0) - output(500, 'Certbot failed to get a Let\'s Encrypt certificate.', $output); - - $nginxConf = 'server { - listen [' . CONF['ht']['ipv6_listen_address'] . ']:' . CONF['ht']['https_port'] . ' ssl http2; - listen ' . CONF['ht']['ipv4_listen_address'] . ':' . CONF['ht']['https_port'] . ' ssl http2; - server_name ' . $_POST['domain'] . '; - root ' . CONF['ht']['ht_path'] . '/' . $_SESSION['id'] . '/' . $_POST['dir'] . '; - - ssl_certificate /etc/letsencrypt/live/' . $_POST['domain'] . '/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/' . $_POST['domain'] . '/privkey.pem; - - include inc/ht-tls.conf; -} -'; - if (file_put_contents(CONF['ht']['nginx_config_path'] . '/' . $_POST['domain'] . '.conf', $nginxConf) === false) - output(500, 'Failed to write Nginx configuration.'); - - // Reload Nginx - exec(CONF['ht']['sudo_path'] . ' ' . CONF['ht']['nginx_reload_cmd'], result_code: $code); - if ($code !== 0) - output(500, 'Failed to reload Nginx.'); - - output(200, 'Accès HTTP par domaine ajouté sur ce dossier !'); -} - -$dirsStatuses = dirsStatuses('onion', 'http'); - -$proof = getAuthToken(); - -?> - -

- Ajouter sur un dossier de site un accès par et Let\'s Encrypt') ?>. -

- -

- La présence des enregistrements ci-après sera vérifiée lors du traitement de ce formulaire. -

- -
-
AAAA
-
- -
-
A
-
- -
-
TXT
-
- _domain-verification= -
-
- -
-
-
-
- -
- -
diff --git a/pages/ht/add-http-onion.php b/pages/ht/add-http-onion.php deleted file mode 100644 index ee14dbe..0000000 --- a/pages/ht/add-http-onion.php +++ /dev/null @@ -1,70 +0,0 @@ -dir.'); - - rateLimit(); - - // Add Tor config - $torConf = 'HiddenServiceDir ' . CONF['ht']['tor_keys_path'] . '/' . $_SESSION['id'] . '/' . $_POST['dir'] . '/ - HiddenServicePort 80 [::1]:' . CONF['ht']['internal_onion_http_port'] . ' - '; - if (file_put_contents(CONF['ht']['tor_config_path'] . '/' . $_SESSION['id'] . '/' . $_POST['dir'], $torConf) === false) - output(500, 'Failed to write new Tor configuration.'); - - // Reload Tor - exec(CONF['ht']['sudo_path'] . ' ' . CONF['ht']['tor_reload_cmd'], $output, $code); - if ($code !== 0) - output(500, 'Failed to reload Tor.'); - - // Get the address generated by Tor - exec(CONF['ht']['sudo_path'] . ' -u ' . CONF['ht']['tor_user'] . ' ' . CONF['ht']['cat_path'] . ' ' . CONF['ht']['tor_keys_path'] . '/' . $_SESSION['id'] . '/' . $_POST['dir'] . '/hostname', $output); - $onion = $output[0]; - if (preg_match('/^[0-9a-z]{56}\.onion$/D', $onion) !== 1) - output(500, 'No onion address found.'); - - // Store it in the database - addSite($_SESSION['id'], $_POST['dir'], $onion, 'onion', 'http'); - - // Add Nginx config - $nginxConf = 'server { - listen [::1]:' . CONF['ht']['internal_onion_http_port'] . '; - server_name ' . $onion . '; - root ' . CONF['ht']['ht_path'] . '/' . $_SESSION['id'] . '/' . $_POST['dir'] . '; - - include inc/ht-onion.conf; - } - '; - if (file_put_contents(CONF['ht']['nginx_config_path'] . '/' . $onion . '.conf', $nginxConf) === false) - output(500, 'Failed to write Nginx configuration.'); - - // Reload Nginx - exec(CONF['ht']['sudo_path'] . ' ' . CONF['ht']['nginx_reload_cmd'], result_code: $code); - if ($code !== 0) - output(500, 'Failed to reload Nginx.'); - - // Tell the user their site address - output(200, 'L\'adresse de votre service Onion HTTP est : http://' . $onion . '/'); -} - -$dirsStatuses = dirsStatuses('onion', 'http'); - -?> - -

- Ajouter un accès en .onion sur un dossier -

- -
-
- -
- -
diff --git a/pages/ns/print.php b/pages/ns/print.php deleted file mode 100644 index 33a8005..0000000 --- a/pages/ns/print.php +++ /dev/null @@ -1,96 +0,0 @@ - -
- - -
- - -
- - -
- - -
- -
- -' . htmlspecialchars($zoneContent) . ''; - output(200); - } - - if ($_POST['print'] === 'table') { ?> - - - - - - - - -'; - foreach ($elements as $element) - echo ' '; - echo ' '; - } - echo '
DomaineTTLTypeContenu
' . htmlspecialchars($element) . '
'; - } - - if ($_POST['print'] === 'ds') { - - $found = preg_match('/^' . preg_quote($_POST['zone'], '/') . '[\t ]+0[\t ]+CDS[\t ]+(?[0-9]{1,5})[\t ]+(?[0-9]{1,2})[\t ]+(?[0-9])[\t ]+(?[0-9A-F]{64})$/Dm', $zoneContent, $matches); - if ($found !== 1) - output(500, 'Unable to get public key record from zone file.'); - -?> - -
-
Zone
-
- -
-
Tag
-
- -
-
Algorithme
-
- -
-
Type de condensat
-
- -
-
Condensat
-
- -
-
- - $_POST['domain']], 'zone') !== []) - output(403, 'Cette zone existe déjà sur ce service.'); - - exec(CONF['dns']['kdig_path'] . ' ' . ltrim(strstr($_POST['domain'], '.'), '.') . ' NS +short', $parentAuthoritatives); - if ($parentAuthoritatives === []) - output(403, 'Serveurs de noms de la zone parente introuvables'); - foreach ($parentAuthoritatives as $parentAuthoritative) - checkAbsoluteDomainFormat($parentAuthoritative); - - exec(CONF['dns']['kdig_path'] . ' ' . $_POST['domain'] . ' NS @' . $parentAuthoritatives[0] . ' +noidn', $results); - if (preg_match('/^' . preg_quote($_POST['domain'], '/') . '[\t ]+[0-9]{1,8}[\t ]+IN[\t ]+NS[\t ]+(?[0-9a-f]{8})-(?[0-9a-f]{32})\._domain-verification\.' . preg_quote(SERVER_NAME, '/') . '\.$/Dm', implode(LF, $results), $matches) !== 1) - output(403, 'Enregistrement d\'authentification introuvable'); - - checkAuthToken($matches['salt'], $matches['hash']); - - rateLimit(); - - insert('zones', [ - 'zone' => $_POST['domain'], - 'username' => $_SESSION['id'], - ]); - - $knotZonePath = CONF['ns']['knot_zones_path'] . '/' . $_POST['domain'] . 'zone'; - $knotZone = implode(' ', [ - $_POST['domain'], - SOA_VALUES['ttl'], - 'SOA', - CONF['ns']['servers'][0], - SOA_VALUES['email'], - 1, - SOA_VALUES['refresh'], - SOA_VALUES['retry'], - SOA_VALUES['expire'], - SOA_VALUES['negative'], - ]) . LF; - foreach (CONF['ns']['servers'] as $server) - $knotZone .= $_POST['domain'] . ' 86400 NS ' . $server . LF; - if (is_int(file_put_contents($knotZonePath, $knotZone)) !== true) - output(500, 'Failed to write new zone file.'); - if (chmod($knotZonePath, 0660) !== true) - output(500, 'Failed to chmod new zone file.'); - - knotcConfExec([ - "set 'zone[" . $_POST['domain'] . "]'", - "set 'zone[" . $_POST['domain'] . "].template' 'niver'", - ]); - - output(200, 'La zone a été créée.'); -} - -$proof = getAuthToken(); - -?> - -

- Pour prouver que vous possédez bien ce domaine, il doit posséder un égal à ._domain-verification.. lors du traitement de ce formulaire. -

- -

- La zone sera servie par ces serveurs de noms : -

    -' . $server . ''; -?> -
-

- -
-
-
- -
diff --git a/pages/ns/zone-del.php b/pages/ns/zone-del.php deleted file mode 100644 index 6cac640..0000000 --- a/pages/ns/zone-del.php +++ /dev/null @@ -1,25 +0,0 @@ - - -
- - -
- -
diff --git a/pages/reg/print.php b/pages/reg/print.php deleted file mode 100644 index 7ea4f92..0000000 --- a/pages/reg/print.php +++ /dev/null @@ -1,49 +0,0 @@ -
- - -
- -
- - - - - - - - - -' . LF; - foreach ($elements as $element) - echo ' ' . LF; - echo ' ' . LF; - } - - echo '
DomaineTTLTypeContenu
' . htmlspecialchars($element) . '
'; - - output(200); -} diff --git a/pages/reg/register.php b/pages/reg/register.php deleted file mode 100644 index 12955ed..0000000 --- a/pages/reg/register.php +++ /dev/null @@ -1,38 +0,0 @@ - $domain], 'domain') !== []) - output(403, 'Ce domaine n\'est pas disponible à l\'enregistrement. Il est déjà enregistré.'); - - if (in_array($_POST['subdomain'], explode(LF, file_get_contents(CONF['common']['root_path'] . '/pages/reg/reserved.txt')))) - output(403, 'Ce domaine n\'est pas disponible à l\'enregistrement. Il est réservé.'); - - rateLimit(); - - insert('registry', [ - 'domain' => $domain, - 'username' => $_SESSION['id'], - 'last_renewal' => date('Y-m-d H:i:s'), - ]); - - output(200, 'Domaine ajouté au registre.'); -} - -?> - -

- Enregistrer un nouveau domaine sur son compte. Ce domaine doit être composé uniquement d'au moins 4 lettres latines non accentuées (a-z). -

- -
- -
- . -
- -
diff --git a/pages/reg/transfer.php b/pages/reg/transfer.php deleted file mode 100644 index be29fcf..0000000 --- a/pages/reg/transfer.php +++ /dev/null @@ -1,44 +0,0 @@ - $_SESSION['id'], 'domain' => $domain], 'domain') !== []) - output(403, 'Le compte présent possède déjà ce domaine.'); - - exec(CONF['dns']['kdig_path'] . ' ' . $domain . ' NS @' . CONF['reg']['address'] . ' +noidn', $results); - if (preg_match('/^' . preg_quote($domain, '/') . '[\t ]+[0-9]{1,8}[\t ]+IN[\t ]+NS[\t ]+(?[0-9a-f]{8})-(?[0-9a-f]{32})\._transfer-verification\.' . preg_quote(SERVER_NAME, '/') . '\.$/Dm', implode(LF, $results), $matches) !== 1) - output(403, 'Enregistrement d\'authentification introuvable'); - - checkAuthToken($matches['salt'], $matches['hash']); - - DB->prepare('UPDATE registry SET username = :username WHERE domain = :domain') - ->execute([':username' => $_SESSION['id'], ':domain' => $domain]); - - knotcZoneExec(CONF['reg']['registry'], [ - $domain, - 'NS', - $matches['salt'] . '-' . $matches['hash'] . '._transfer-verification.' . SERVER_NAME . '.' - ], 'delete'); - - output(200, 'Le domaine a été transféré vers le compte présent, l\'enregistrement d\'authentification a été automatiquement retiré.'); -} - -$proof = getAuthToken(); - -?> - -

- Pour prouver que vous êtes autorisé à recevoir le domaine par san possessaire actuele, ledit domaine doit posséder un égal à ._transfer-verification.. lors du traitement de ce formulaire. Cet enregistrement sera automatiquement retiré une fois validé. -

- -
- -
- . -
- -
diff --git a/pg-act/auth/approval.php b/pg-act/auth/approval.php new file mode 100644 index 0000000..96a91c0 --- /dev/null +++ b/pg-act/auth/approval.php @@ -0,0 +1,18 @@ + $_POST['key']], 'key')[0]) !== true) + output(403, 'Approbation impossible : cette clé d\'approbation n\'est pas disponible. Elle a été mal saisie, a expiré ou a déjà été utilisée pour un autre compte.'); + +query('delete', 'approval-keys', ['key' => $_POST['key']]); + +DB->prepare('UPDATE users SET type = "approved" WHERE id = :id') +->execute([':id' => $_SESSION['id']]); + +$_SESSION['type'] = 'approved'; + +insert('approval-keys', ['key' => bin2hex(random_bytes(16))]); + +output(200, 'Compte approuvé.'); diff --git a/pg-act/auth/login.php b/pg-act/auth/login.php new file mode 100644 index 0000000..4562c76 --- /dev/null +++ b/pg-act/auth/login.php @@ -0,0 +1,28 @@ + $username], 'id')[0]; + +if (checkPassword($id, $_POST['password']) !== true) + output(403, 'Connexion impossible : clé de passe invalide.'); + +if (outdatedPasswordHash($id)) + changePassword($id, $_POST['password']); + +stopSession(); +startSession(); + +$_SESSION['id'] = $id; +$_SESSION['display-username'] = htmlspecialchars($_POST['username']); +$_SESSION['type'] = query('select', 'users', ['id' => $id], 'type')[0]; + +redir(); + diff --git a/pages/auth/logout.php b/pg-act/auth/logout.php similarity index 100% rename from pages/auth/logout.php rename to pg-act/auth/logout.php diff --git a/pg-act/auth/password.php b/pg-act/auth/password.php new file mode 100644 index 0000000..781a882 --- /dev/null +++ b/pg-act/auth/password.php @@ -0,0 +1,10 @@ + $id, + 'username' => $username, + 'password' => hashPassword($_POST['password']), + 'registration_date' => date('Y-m-d H:i:s'), + 'bucket_tokens' => 0, + 'bucket_last_update' => 0, + 'type' => 'testing', +]); + +// Setup SFTP directory +umask(0002); +if (mkdir(CONF['ht']['ht_path'] . '/' . $id, 0775) !== true) + output(500, 'Can\'t create user directory.'); +exec(CONF['ht']['sudo_path'] . ' ' . CONF['ht']['chgrp_path'] . ' ' . CONF['ht']['sftpgo_group'] . ' ' . CONF['ht']['ht_path'] . '/' . $id . ' --no-dereference', result_code: $code); +if ($code !== 0) + output(500, 'Can\'t change user directory group.'); + +// Setup Tor config directory +if (mkdir(CONF['ht']['tor_config_path'] . '/' . $id, 0755) !== true) + output(500, 'Can\'t create Tor config directory.'); + +// Setup Tor keys directory +exec(CONF['ht']['sudo_path'] . ' -u ' . CONF['ht']['tor_user'] . ' ' . CONF['ht']['mkdir_path'] . ' --mode=0700 ' . CONF['ht']['tor_keys_path'] . '/' . $id, result_code: $code); +if ($code !== 0) + output(500, 'Can\'t create Tor keys directory.'); + +stopSession(); +startSession(); + +$_SESSION['id'] = $id; +$_SESSION['display-username'] = htmlspecialchars($_POST['username']); +$_SESSION['type'] = 'testing'; + +redir(); diff --git a/pg-act/auth/unregister.php b/pg-act/auth/unregister.php new file mode 100644 index 0000000..23ccdb1 --- /dev/null +++ b/pg-act/auth/unregister.php @@ -0,0 +1,40 @@ + $_SESSION['id']], 'domain') as $domain) + regDeleteDomain($domain); + +foreach (query('select', 'zones', ['username' => $_SESSION['id']], 'zone') as $zone) + nsDeleteZone($zone); + +foreach (query('select', 'sites', [ + 'username' => $_SESSION['id'], + 'domain_type' => 'onion', + 'protocol' => 'http', +], 'site_dir') as $dir) + htDeleteSite($dir, domainType: 'onion', protocol: 'http'); + +foreach (query('select', 'sites', [ + 'username' => $_SESSION['id'], + 'domain_type' => 'dns', + 'protocol' => 'http', +], 'site_dir') as $dir) + htDeleteSite($dir, domainType: 'dns', protocol: 'http'); + +exec(CONF['ht']['sudo_path'] . ' -u ' . CONF['ht']['tor_user'] . ' ' . CONF['ht']['rm_path'] . ' --recursive ' . CONF['ht']['tor_keys_path'] . '/' . $_SESSION['id'], result_code: $code); +if ($code !== 0) + output(500, 'Can\'t remove Tor keys directory.'); + +removeDirectory(CONF['ht']['tor_config_path'] . '/' . $_SESSION['id']); + +exec(CONF['ht']['sudo_path'] . ' -u ' . CONF['ht']['sftpgo_user'] . ' ' . CONF['ht']['rm_path'] . ' --recursive ' . CONF['ht']['ht_path'] . '/' . $_SESSION['id'], result_code: $code); +if ($code !== 0) + output(500, 'Can\'t remove user\'s directory.'); + +query('delete', 'users', ['id' => $_SESSION['id']]); + +logout(); + +output(200, 'Compte supprimé.'); diff --git a/pg-act/auth/username.php b/pg-act/auth/username.php new file mode 100644 index 0000000..10144d6 --- /dev/null +++ b/pg-act/auth/username.php @@ -0,0 +1,15 @@ +prepare('UPDATE users SET username = :username WHERE id = :id') +->execute([':username' => $username, ':id' => $_SESSION['id']]); + +$_SESSION['display-username'] = htmlspecialchars($_POST['new-username']); + +output(200, 'Identifiant changé.'); diff --git a/pg-act/ht/add-http-dns.php b/pg-act/ht/add-http-dns.php new file mode 100644 index 0000000..893dc48 --- /dev/null +++ b/pg-act/ht/add-http-dns.php @@ -0,0 +1,59 @@ +dir.'); + +if (query('select', 'sites', ['domain' => $_POST['domain']], 'domain') !== []) + output(403, 'Ce domaine existe déjà sur ce service.'); + +$remoteAaaaRecords = dns_get_record($_POST['domain'], DNS_AAAA); +if (is_array($remoteAaaaRecords) !== true) + output(500, 'Erreur lors de la récupération de l\'enregistrement AAAA.'); +if (equalArrays([CONF['ht']['ipv6_address']], array_column($remoteAaaaRecords, 'ipv6')) !== true) + output(403, 'Ce domaine doit avoir pour unique enregistrement AAAA ' . CONF['ht']['ipv6_address'] . '.'); + +$remoteARecords = dns_get_record($_POST['domain'], DNS_A); +if (is_array($remoteARecords) !== true) + output(500, 'Erreur lors de la récupération de l\'enregistrement A.'); +if (equalArrays([CONF['ht']['ipv4_address']], array_column($remoteARecords, 'ip')) !== true) + output(403, 'Ce domaine doit avoir pour unique enregistrement A ' . CONF['ht']['ipv4_address'] . '.'); + +$remoteTXTRecords = dns_get_record($_POST['domain'], DNS_TXT); +if (is_array($remoteTXTRecords) !== true) + output(500, 'Erreur lors de la récupération de l\'enregistrement TXT.'); +if (preg_match('/^' . preg_quote(SERVER_NAME, '/') . '_domain-verification=([0-9a-f]{8})-([0-9a-f]{32})$/Dm', implode(LF, array_column($remoteTXTRecords, 'txt')), $matches) !== 1) + output(403, 'Aucun enregistrement TXT au format correct trouvé.'); + +checkAuthToken($matches[1], $matches[2]); + +rateLimit(); + +addSite($_SESSION['id'], $_POST['dir'], $_POST['domain'], 'dns', 'http'); + +exec('2>&1 ' . CONF['ht']['sudo_path'] . ' ' . CONF['ht']['certbot_path'] . ' certonly' . (($_SESSION['type'] === 'approved') ? '' : ' --test-cert') . ' --key-type rsa --rsa-key-size 3072 --webroot --webroot-path /srv/niver/acme --domain ' . $_POST['domain'], $output, $returnCode); +if ($returnCode !== 0) + output(500, 'Certbot failed to get a Let\'s Encrypt certificate.', $output); + +$nginxConf = 'server { + listen [' . CONF['ht']['ipv6_listen_address'] . ']:' . CONF['ht']['https_port'] . ' ssl http2; + listen ' . CONF['ht']['ipv4_listen_address'] . ':' . CONF['ht']['https_port'] . ' ssl http2; + server_name ' . $_POST['domain'] . '; + root ' . CONF['ht']['ht_path'] . '/' . $_SESSION['id'] . '/' . $_POST['dir'] . '; + + ssl_certificate /etc/letsencrypt/live/' . $_POST['domain'] . '/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/' . $_POST['domain'] . '/privkey.pem; + + include inc/ht-tls.conf; +} +'; +if (file_put_contents(CONF['ht']['nginx_config_path'] . '/' . $_POST['domain'] . '.conf', $nginxConf) === false) + output(500, 'Failed to write Nginx configuration.'); + +// Reload Nginx +exec(CONF['ht']['sudo_path'] . ' ' . CONF['ht']['nginx_reload_cmd'], result_code: $code); +if ($code !== 0) + output(500, 'Failed to reload Nginx.'); + +output(200, 'Accès HTTP par domaine ajouté sur ce dossier !'); diff --git a/pg-act/ht/add-http-onion.php b/pg-act/ht/add-http-onion.php new file mode 100644 index 0000000..679458d --- /dev/null +++ b/pg-act/ht/add-http-onion.php @@ -0,0 +1,47 @@ +dir.'); + +rateLimit(); + +// Add Tor config +$torConf = 'HiddenServiceDir ' . CONF['ht']['tor_keys_path'] . '/' . $_SESSION['id'] . '/' . $_POST['dir'] . '/ +HiddenServicePort 80 [::1]:' . CONF['ht']['internal_onion_http_port'] . ' +'; +if (file_put_contents(CONF['ht']['tor_config_path'] . '/' . $_SESSION['id'] . '/' . $_POST['dir'], $torConf) === false) + output(500, 'Failed to write new Tor configuration.'); + +// Reload Tor +exec(CONF['ht']['sudo_path'] . ' ' . CONF['ht']['tor_reload_cmd'], $output, $code); +if ($code !== 0) + output(500, 'Failed to reload Tor.'); + +// Get the address generated by Tor +exec(CONF['ht']['sudo_path'] . ' -u ' . CONF['ht']['tor_user'] . ' ' . CONF['ht']['cat_path'] . ' ' . CONF['ht']['tor_keys_path'] . '/' . $_SESSION['id'] . '/' . $_POST['dir'] . '/hostname', $output); +$onion = $output[0]; +if (preg_match('/^[0-9a-z]{56}\.onion$/D', $onion) !== 1) + output(500, 'No onion address found.'); + +// Store it in the database +addSite($_SESSION['id'], $_POST['dir'], $onion, 'onion', 'http'); + +// Add Nginx config +$nginxConf = 'server { + listen [::1]:' . CONF['ht']['internal_onion_http_port'] . '; + server_name ' . $onion . '; + root ' . CONF['ht']['ht_path'] . '/' . $_SESSION['id'] . '/' . $_POST['dir'] . '; + + include inc/ht-onion.conf; +} +'; +if (file_put_contents(CONF['ht']['nginx_config_path'] . '/' . $onion . '.conf', $nginxConf) === false) + output(500, 'Failed to write Nginx configuration.'); + +// Reload Nginx +exec(CONF['ht']['sudo_path'] . ' ' . CONF['ht']['nginx_reload_cmd'], result_code: $code); +if ($code !== 0) + output(500, 'Failed to reload Nginx.'); + +// Tell the user their site address +output(200, 'L\'adresse de votre service Onion HTTP est : http://' . $onion . '/'); diff --git a/pg-act/ht/del-http-dns.php b/pg-act/ht/del-http-dns.php new file mode 100644 index 0000000..9664888 --- /dev/null +++ b/pg-act/ht/del-http-dns.php @@ -0,0 +1,8 @@ +dir.'); + +htDeleteSite($_POST['dir'], domainType: 'dns', protocol: 'http'); + +output(200, 'Accès retiré.'); diff --git a/pg-act/ht/del-http-onion.php b/pg-act/ht/del-http-onion.php new file mode 100644 index 0000000..fe46a41 --- /dev/null +++ b/pg-act/ht/del-http-onion.php @@ -0,0 +1,8 @@ +dir.'); + +htDeleteSite($_POST['dir'], domainType: 'onion', protocol: 'http'); + +output(200, 'Accès retiré.'); diff --git a/pg-act/ns/caa.php b/pg-act/ns/caa.php new file mode 100644 index 0000000..92308bc --- /dev/null +++ b/pg-act/ns/caa.php @@ -0,0 +1,23 @@ += 0 AND $_POST['flag'] <= 255)) + output(403, 'Wrong value for flag.'); + +if (!(preg_match('/^[a-z]{1,127}$/D', $_POST['tag']))) + output(403, 'Wrong value for tag.'); + +if (!(preg_match('/^[a-z0-9.-]{1,255}$/D', $_POST['value']))) + output(403, 'Wrong value for value.'); + +knotcZoneExec($_POST['zone'], [ + $values['domain'], + $values['ttl'], + 'CAA', + $_POST['flag'], + $_POST['tag'], + $_POST['value'] +]); + +output(200, 'Enregistrement ajouté/retiré.'); diff --git a/pg-act/ns/cname.php b/pg-act/ns/cname.php new file mode 100644 index 0000000..b324839 --- /dev/null +++ b/pg-act/ns/cname.php @@ -0,0 +1,14 @@ + +// Display zone -
- -
- -
- -
+$zone_content = file_get_contents(CONF['ns']['knot_zones_path'] . '/' . $_POST['zone'] . 'zone'); +if ($zone_content === false) + output(500, 'Unable to read zone file.'); -[A-Z]{1,16})[\t ]+.+$/D', $zone_line, $matches)) { + if (in_array($matches['type'], ALLOWED_TYPES, true) !== true) continue; - if (preg_match('/^(?:(?:[a-z0-9_-]{1,63}\.){1,127})?' . preg_quote($_POST['zone'], '/') . '[\t ]+[0-9]{1,8}[\t ]+(?[A-Z]{1,16})[\t ]+.+$/D', $zone_line, $matches)) { - if (in_array($matches['type'], ALLOWED_TYPES, true) !== true) - continue; - $displayed_zone_content .= $zone_line . LF; - } + $data['zone_content'] .= $zone_line . LF; } - $displayed_zone_content .= LF; - -?> -
- - - - -
- -
- - - -

Valeurs par défaut

- -

Si le TTL est omis, il sera définit à secondes.

- -

La précision de la classe (IN) est facultative.

- -

Valeurs autorisées

- -

La zone n'est pas autorisée à dépasser caractères.

- -

Les TTLs ne sont autorisés qu'entre et secondes.

- -

Les seuls types dont l'édition est autorisée sont :

- -
    -' . $allowed_type . ''; - -?> -
+$data['zone_content'] .= LF; diff --git a/pg-act/ns/ip.php b/pg-act/ns/ip.php new file mode 100644 index 0000000..0c466c4 --- /dev/null +++ b/pg-act/ns/ip.php @@ -0,0 +1,14 @@ += 0 AND $_POST['lat-deg'] <= 90)) + output(403, 'Wrong value for lat-deg.'); +if (!($_POST['lat-min'] >= 0 AND $_POST['lat-min'] <= 59)) + output(403, 'Wrong value for lat-min.'); +if (!($_POST['lat-sec'] >= 0 AND $_POST['lat-sec'] <= 59.999)) + output(403, 'Wrong value for lat-sec.'); + +if ($_POST['lat-dir'] !== 'N' AND $_POST['lat-dir'] !== 'S') + output(403, 'Wrong value for lat-dir.'); + +if (!($_POST['lon-deg'] >= 0 AND $_POST['lon-deg'] <= 180)) + output(403, 'Wrong value for lon-deg.'); +if (!($_POST['lon-min'] >= 0 AND $_POST['lon-min'] <= 59)) + output(403, 'Wrong value for lon-min.'); +if (!($_POST['lon-sec'] >= 0 AND $_POST['lon-sec'] <= 59.999)) + output(403, 'Wrong value for lon-sec.'); + +if ($_POST['lon-dir'] !== 'E' AND $_POST['lon-dir'] !== 'W') + output(403, 'Wrong value for lon-dir.'); + +if (!($_POST['alt'] >= -100000 AND $_POST['alt'] <= 42849672.95)) + output(403, 'Wrong value for alt.'); + +if (!($_POST['size'] >= 0 AND $_POST['size'] <= 90000000)) + output(403, 'Wrong value for size.'); + +if (!($_POST['hp'] >= 0 AND $_POST['hp'] <= 90000000)) + output(403, 'Wrong value for hp.'); + +if (!($_POST['vp'] >= 0 AND $_POST['vp'] <= 90000000)) + output(403, 'Wrong value for vp.'); + +knotcZoneExec($_POST['zone'], [ + $values['domain'], + $values['ttl'], + 'LOC', + $_POST['lat-deg'], + $_POST['lat-min'], + $_POST['lat-sec'], + $_POST['lat-dir'], + $_POST['lon-deg'], + $_POST['lon-min'], + $_POST['lon-sec'], + $_POST['lon-dir'], + $_POST['alt'] . 'm', + $_POST['size'] . 'm', + $_POST['hp'] . 'm', + $_POST['vp'] . 'm', +]); + +output(200, 'Enregistrement ajouté/retiré.'); diff --git a/pg-act/ns/mx.php b/pg-act/ns/mx.php new file mode 100644 index 0000000..5e194e3 --- /dev/null +++ b/pg-act/ns/mx.php @@ -0,0 +1,18 @@ += 0 AND $_POST['priority'] <= 255)) + output(403, 'Wrong value for priority.'); + +$_POST['host'] = formatAbsoluteDomain($_POST['host']); + +knotcZoneExec($_POST['zone'], [ + $values['domain'], + $values['ttl'], + 'MX', + $_POST['priority'], + $_POST['host'] +]); + +output(200, 'Enregistrement ajouté/retiré.'); diff --git a/pg-act/ns/ns.php b/pg-act/ns/ns.php new file mode 100644 index 0000000..dc1c78b --- /dev/null +++ b/pg-act/ns/ns.php @@ -0,0 +1,14 @@ +[0-9]{1,5})[\t ]+(?[0-9]{1,2})[\t ]+(?[0-9])[\t ]+(?[0-9A-F]{64})$/Dm', $zone_content, $data['zone-ds']); + if ($found !== 1) + output(500, 'Unable to get public key record from zone file.'); +} + +else + output(403, 'Wrong print method.'); + diff --git a/pg-act/ns/srv.php b/pg-act/ns/srv.php new file mode 100644 index 0000000..33382ea --- /dev/null +++ b/pg-act/ns/srv.php @@ -0,0 +1,26 @@ += 0 AND $_POST['priority'] <= 65535)) + output(403, 'Wrong value for priority.'); + +if (!($_POST['weight'] >= 0 AND $_POST['weight'] <= 65535)) + output(403, 'Wrong value for weight.'); + +if (!($_POST['port'] >= 0 AND $_POST['port'] <= 65535)) + output(403, 'Wrong value for port.'); + +$_POST['target'] = formatAbsoluteDomain($_POST['target']); + +knotcZoneExec($_POST['zone'], [ + $values['domain'], + $values['ttl'], + 'SRV', + $_POST['priority'], + $_POST['weight'], + $_POST['port'], + $_POST['target'] +]); + +output(200, 'Enregistrement ajouté/retiré.'); diff --git a/pg-act/ns/sshfp.php b/pg-act/ns/sshfp.php new file mode 100644 index 0000000..cab87f1 --- /dev/null +++ b/pg-act/ns/sshfp.php @@ -0,0 +1,23 @@ +algo.'); + +if (!($_POST['type'] === '2')) + output(403, 'Wrong value for type.'); + +if (!(preg_match('/^[a-z0-9]{64}$/D', $_POST['fp']))) + output(403, 'Wrong value for fp.'); + +knotcZoneExec($_POST['zone'], [ + $values['domain'], + $values['ttl'], + 'SSHFP', + $_POST['algo'], + $_POST['type'], + $_POST['fp'] +]); + +output(200, 'Enregistrement ajouté/retiré.'); diff --git a/pg-act/ns/tlsa.php b/pg-act/ns/tlsa.php new file mode 100644 index 0000000..3db5e06 --- /dev/null +++ b/pg-act/ns/tlsa.php @@ -0,0 +1,27 @@ += 0 AND $_POST['use'] <= 3)) + output(403, 'Wrong value for use.'); + +if (!($_POST['selector'] === '0' OR $_POST['selector'] === '1')) + output(403, 'Wrong value for selector.'); + +if (!($_POST['type'] >= 0 AND $_POST['type'] <= 2)) + output(403, 'Wrong value for type.'); + +if (!(preg_match('/^[a-zA-Z0-9.-]{1,1024}$/D', $_POST['content']))) + output(403, 'Wrong value for content.'); + +knotcZoneExec($_POST['zone'], [ + $values['domain'], + $values['ttl'], + 'TLSA', + $_POST['use'], + $_POST['selector'], + $_POST['type'], + $_POST['content'] +]); + +output(200, 'Enregistrement ajouté/retiré.'); diff --git a/pg-act/ns/txt.php b/pg-act/ns/txt.php new file mode 100644 index 0000000..c35ea8a --- /dev/null +++ b/pg-act/ns/txt.php @@ -0,0 +1,15 @@ +txt.'); + +knotcZoneExec($_POST['zone'], [ + $values['domain'], + $values['ttl'], + 'TXT', + '"' . $_POST['txt'] . '"' +]); + +output(200, 'Enregistrement ajouté/retiré.'); diff --git a/pg-act/ns/zone-add.php b/pg-act/ns/zone-add.php new file mode 100644 index 0000000..377d9ce --- /dev/null +++ b/pg-act/ns/zone-add.php @@ -0,0 +1,52 @@ + $_POST['domain']], 'zone') !== []) + output(403, 'Cette zone existe déjà sur ce service.'); + +exec(CONF['dns']['kdig_path'] . ' ' . ltrim(strstr($_POST['domain'], '.'), '.') . ' NS +short', $parentAuthoritatives); +if ($parentAuthoritatives === []) + output(403, 'Serveurs de noms de la zone parente introuvables'); +foreach ($parentAuthoritatives as $parentAuthoritative) + checkAbsoluteDomainFormat($parentAuthoritative); + +exec(CONF['dns']['kdig_path'] . ' ' . $_POST['domain'] . ' NS @' . $parentAuthoritatives[0] . ' +noidn', $results); +if (preg_match('/^' . preg_quote($_POST['domain'], '/') . '[\t ]+[0-9]{1,8}[\t ]+IN[\t ]+NS[\t ]+(?[0-9a-f]{8})-(?[0-9a-f]{32})\._domain-verification\.' . preg_quote(SERVER_NAME, '/') . '\.$/Dm', implode(LF, $results), $matches) !== 1) + output(403, 'Enregistrement d\'authentification introuvable'); + +checkAuthToken($matches['salt'], $matches['hash']); + +rateLimit(); + +insert('zones', [ + 'zone' => $_POST['domain'], + 'username' => $_SESSION['id'], +]); + +$knotZonePath = CONF['ns']['knot_zones_path'] . '/' . $_POST['domain'] . 'zone'; +$knotZone = implode(' ', [ + $_POST['domain'], + SOA_VALUES['ttl'], + 'SOA', + CONF['ns']['servers'][0], + SOA_VALUES['email'], + 1, + SOA_VALUES['refresh'], + SOA_VALUES['retry'], + SOA_VALUES['expire'], + SOA_VALUES['negative'], +]) . LF; +foreach (CONF['ns']['servers'] as $server) + $knotZone .= $_POST['domain'] . ' 86400 NS ' . $server . LF; +if (is_int(file_put_contents($knotZonePath, $knotZone)) !== true) + output(500, 'Failed to write new zone file.'); +if (chmod($knotZonePath, 0660) !== true) + output(500, 'Failed to chmod new zone file.'); + +knotcConfExec([ + "set 'zone[" . $_POST['domain'] . "]'", + "set 'zone[" . $_POST['domain'] . "].template' 'niver'", +]); + +output(200, 'La zone a été créée.'); diff --git a/pg-act/ns/zone-del.php b/pg-act/ns/zone-del.php new file mode 100644 index 0000000..f67f46d --- /dev/null +++ b/pg-act/ns/zone-del.php @@ -0,0 +1,7 @@ +algo.'); + +$_POST['keytag'] = intval($_POST['keytag']); +if ((!preg_match('/^[0-9]{1,6}$/D', $_POST['keytag'])) OR !($_POST['keytag'] >= 1) OR !($_POST['keytag'] <= 65535)) + output(403, 'Wrong value for keytag.'); + +if ($_POST['dt'] !== '2' AND $_POST['dt'] !== '4') + output(403, 'Wrong value for dt.'); + +regCheckDomainPossession($_POST['zone']); + +knotcZoneExec(CONF['reg']['registry'], [ + $_POST['zone'], + CONF['reg']['ttl'], + 'DS', + $_POST['keytag'], + $_POST['algo'], + $_POST['dt'], + $_POST['key'] +]); + +output(200, 'Enregistrement ajouté/retiré.'); diff --git a/pg-act/reg/glue.php b/pg-act/reg/glue.php new file mode 100644 index 0000000..90bf8e9 --- /dev/null +++ b/pg-act/reg/glue.php @@ -0,0 +1,16 @@ + $domain], 'domain') !== []) + output(403, 'Ce domaine n\'est pas disponible à l\'enregistrement. Il est déjà enregistré.'); + +if (in_array($_POST['subdomain'], explode(LF, file_get_contents(CONF['common']['root_path'] . '/pg-act/reg/reserved.txt')))) + output(403, 'Ce domaine n\'est pas disponible à l\'enregistrement. Il est réservé.'); + +rateLimit(); + +insert('registry', [ + 'domain' => $domain, + 'username' => $_SESSION['id'], + 'last_renewal' => date('Y-m-d H:i:s'), +]); + +output(200, 'Domaine ajouté au registre.'); diff --git a/pages/reg/reserved.txt b/pg-act/reg/reserved.txt similarity index 100% rename from pages/reg/reserved.txt rename to pg-act/reg/reserved.txt diff --git a/pg-act/reg/transfer.php b/pg-act/reg/transfer.php new file mode 100644 index 0000000..6fca77f --- /dev/null +++ b/pg-act/reg/transfer.php @@ -0,0 +1,26 @@ + $_SESSION['id'], 'domain' => $domain], 'domain') !== []) + output(403, 'Le compte présent possède déjà ce domaine.'); + +exec(CONF['dns']['kdig_path'] . ' ' . $domain . ' NS @' . CONF['reg']['address'] . ' +noidn', $results); +if (preg_match('/^' . preg_quote($domain, '/') . '[\t ]+[0-9]{1,8}[\t ]+IN[\t ]+NS[\t ]+(?[0-9a-f]{8})-(?[0-9a-f]{32})\._transfer-verification\.' . preg_quote(SERVER_NAME, '/') . '\.$/Dm', implode(LF, $results), $matches) !== 1) + output(403, 'Enregistrement d\'authentification introuvable'); + +checkAuthToken($matches['salt'], $matches['hash']); + +DB->prepare('UPDATE registry SET username = :username WHERE domain = :domain') +->execute([':username' => $_SESSION['id'], ':domain' => $domain]); + +knotcZoneExec(CONF['reg']['registry'], [ + $domain, + 'NS', + $matches['salt'] . '-' . $matches['hash'] . '._transfer-verification.' . SERVER_NAME . '.' +], 'delete'); + +output(200, 'Le domaine a été transféré vers le compte présent, l\'enregistrement d\'authentification a été automatiquement retiré.'); diff --git a/pg-act/reg/unregister.php b/pg-act/reg/unregister.php new file mode 100644 index 0000000..375bc3f --- /dev/null +++ b/pg-act/reg/unregister.php @@ -0,0 +1,7 @@ + + Ce formulaire permet d'utiliser une clé d'approbation pour valider son compte. Une clé d'approbation est distribuée par l'administrataire sur demande. +

+ +
+
+ +
+ +
diff --git a/pages/auth/index.php b/pg-view/auth/index.php similarity index 100% rename from pages/auth/index.php rename to pg-view/auth/index.php diff --git a/pg-view/auth/login.php b/pg-view/auth/login.php new file mode 100644 index 0000000..da9a190 --- /dev/null +++ b/pg-view/auth/login.php @@ -0,0 +1,13 @@ +

Pas de compte ? En créer un

+ +
+
+ +
+ +
+ +
+ + +
diff --git a/pg-view/auth/logout.php b/pg-view/auth/logout.php new file mode 100644 index 0000000..bf11e4b --- /dev/null +++ b/pg-view/auth/logout.php @@ -0,0 +1,3 @@ + -

Vous pouvez ici changer la clé de passe permettant d'accéder à votre compte Niver.

diff --git a/pg-view/auth/register.php b/pg-view/auth/register.php new file mode 100644 index 0000000..99e8882 --- /dev/null +++ b/pg-view/auth/register.php @@ -0,0 +1,17 @@ +

Déjà un compte ? Se connecter

+ +
+ + +
+
+ +
+ +

Une clé de passe sécurisée est trop compliquée à deviner pour une attaque qui testerait automatiquement plein de clés de passe tout en connaissant d'autres informations et secrets sur vous.

+

Minimum 8 caractères si elle contient minuscule, majuscule et chiffre, ou minimum 10 caractères sinon.

+
+ +
+ +
diff --git a/pg-view/auth/unregister.php b/pg-view/auth/unregister.php new file mode 100644 index 0000000..3bfe7be --- /dev/null +++ b/pg-view/auth/unregister.php @@ -0,0 +1,17 @@ +

+ Cette action supprimera toutes les données appartenant à ce compte, y compris : +

+ +
    +
  • la possession et la réservation des domaines dans le registre
    • +
  • les enregistrements DNS des zones hébergées sur le serveur de noms
    • +
  • le contenu des sites
    • +
  • les paires de clés des services Onion
    • +
+ +
+ + +
+ +
diff --git a/pg-view/auth/username.php b/pg-view/auth/username.php new file mode 100644 index 0000000..3149df7 --- /dev/null +++ b/pg-view/auth/username.php @@ -0,0 +1,10 @@ +

+ Vous pouvez ici changer l'identifiant permettant d'accéder à votre compte Niver. +

+ +
+
+
+ + +
diff --git a/pg-view/ht/add-http-dns.php b/pg-view/ht/add-http-dns.php new file mode 100644 index 0000000..43c3fcb --- /dev/null +++ b/pg-view/ht/add-http-dns.php @@ -0,0 +1,45 @@ + + +

+ Ajouter sur un dossier de site un accès par et Let\'s Encrypt') ?>. +

+ +

+ La présence des enregistrements ci-après sera vérifiée lors du traitement de ce formulaire. +

+ +
+
AAAA
+
+ +
+
A
+
+ +
+
TXT
+
+ _domain-verification= +
+
+ +
+
+
+
+ +
+ +
diff --git a/pg-view/ht/add-http-onion.php b/pg-view/ht/add-http-onion.php new file mode 100644 index 0000000..ec7d32b --- /dev/null +++ b/pg-view/ht/add-http-onion.php @@ -0,0 +1,22 @@ + + +

+ Ajouter un accès en .onion sur un dossier +

+ +
+
+ +
+ +
diff --git a/pages/ht/del-http-dns.php b/pg-view/ht/del-http-dns.php similarity index 62% rename from pages/ht/del-http-dns.php rename to pg-view/ht/del-http-dns.php index 0daa33d..ea45e49 100644 --- a/pages/ht/del-http-dns.php +++ b/pg-view/ht/del-http-dns.php @@ -1,15 +1,6 @@ dir.'); - - htDeleteSite($_POST['dir'], domainType: 'dns', protocol: 'http'); - - output(200, 'Accès retiré.'); -} - -$dirsStatuses = dirsStatuses('onion', 'http'); +$dirsStatuses = dirsStatuses('dns', 'http'); ?> diff --git a/pages/ht/del-http-onion.php b/pg-view/ht/del-http-onion.php similarity index 67% rename from pages/ht/del-http-onion.php rename to pg-view/ht/del-http-onion.php index 3f1b9a6..031bfd3 100644 --- a/pages/ht/del-http-onion.php +++ b/pg-view/ht/del-http-onion.php @@ -1,14 +1,5 @@ dir.'); - - htDeleteSite($_POST['dir'], domainType: 'onion', protocol: 'http'); - - output(200, 'Accès retiré.'); -} - $dirsStatuses = dirsStatuses('onion', 'http'); ?> diff --git a/pages/ht/index.php b/pg-view/ht/index.php similarity index 100% rename from pages/ht/index.php rename to pg-view/ht/index.php diff --git a/pages/index.php b/pg-view/index.php similarity index 100% rename from pages/index.php rename to pg-view/index.php diff --git a/pages/ns/caa.php b/pg-view/ns/caa.php similarity index 52% rename from pages/ns/caa.php rename to pg-view/ns/caa.php index b78fa8b..ba1be35 100644 --- a/pages/ns/caa.php +++ b/pg-view/ns/caa.php @@ -1,31 +1,3 @@ -= 0 AND $_POST['flag'] <= 255)) - output(403, 'Wrong value for flag.'); - - if (!(preg_match('/^[a-z]{1,127}$/D', $_POST['tag']))) - output(403, 'Wrong value for tag.'); - - if (!(preg_match('/^[a-z0-9.-]{1,255}$/D', $_POST['value']))) - output(403, 'Wrong value for value.'); - - knotcZoneExec($_POST['zone'], array( - $values['domain'], - $values['ttl'], - 'CAA', - $_POST['flag'], - $_POST['tag'], - $_POST['value'] - )); - - output(200, 'Enregistrement ajouté/retiré.'); -} - -?> -

diff --git a/pages/ns/cname.php b/pg-view/ns/cname.php similarity index 53% rename from pages/ns/cname.php rename to pg-view/ns/cname.php index 8a7963b..38b9708 100644 --- a/pages/ns/cname.php +++ b/pg-view/ns/cname.php @@ -1,22 +1,3 @@ - -

diff --git a/pages/ns/dname.php b/pg-view/ns/dname.php similarity index 54% rename from pages/ns/dname.php rename to pg-view/ns/dname.php index 680224e..e12a075 100644 --- a/pages/ns/dname.php +++ b/pg-view/ns/dname.php @@ -1,22 +1,3 @@ - -

diff --git a/pg-view/ns/edit.php b/pg-view/ns/edit.php new file mode 100644 index 0000000..44d72a4 --- /dev/null +++ b/pg-view/ns/edit.php @@ -0,0 +1,58 @@ +
+ +
+ +
+ +
+ + +
+ + + +
+ +
+ +
+ + + +

Valeurs par défaut

+ +

Si le TTL est omis, il sera définit à secondes.

+ +

La précision de la classe (IN) est facultative.

+ +

Valeurs autorisées

+ +

La zone n'est pas autorisée à dépasser caractères.

+ +

Les TTLs ne sont autorisés qu'entre et secondes.

+ +

Les seuls types dont l'édition est autorisée sont :

+ +
    +' . $allowed_type . ''; + +?> +
diff --git a/pages/ns/index.php b/pg-view/ns/index.php similarity index 100% rename from pages/ns/index.php rename to pg-view/ns/index.php diff --git a/pages/ns/ip.php b/pg-view/ns/ip.php similarity index 60% rename from pages/ns/ip.php rename to pg-view/ns/ip.php index 9699591..97883ff 100644 --- a/pages/ns/ip.php +++ b/pg-view/ns/ip.php @@ -1,22 +1,3 @@ - -

diff --git a/pages/ns/loc.php b/pg-view/ns/loc.php similarity index 51% rename from pages/ns/loc.php rename to pg-view/ns/loc.php index d5913d2..bb22951 100644 --- a/pages/ns/loc.php +++ b/pg-view/ns/loc.php @@ -1,78 +1,3 @@ -= 0 AND $_POST['lat-deg'] <= 90)) - output(403, 'Wrong value for lat-deg.'); - if (!($_POST['lat-min'] >= 0 AND $_POST['lat-min'] <= 59)) - output(403, 'Wrong value for lat-min.'); - if (!($_POST['lat-sec'] >= 0 AND $_POST['lat-sec'] <= 59.999)) - output(403, 'Wrong value for lat-sec.'); - - if ($_POST['lat-dir'] !== 'N' AND $_POST['lat-dir'] !== 'S') - output(403, 'Wrong value for lat-dir.'); - - if (!($_POST['lon-deg'] >= 0 AND $_POST['lon-deg'] <= 180)) - output(403, 'Wrong value for lon-deg.'); - if (!($_POST['lon-min'] >= 0 AND $_POST['lon-min'] <= 59)) - output(403, 'Wrong value for lon-min.'); - if (!($_POST['lon-sec'] >= 0 AND $_POST['lon-sec'] <= 59.999)) - output(403, 'Wrong value for lon-sec.'); - - if ($_POST['lon-dir'] !== 'E' AND $_POST['lon-dir'] !== 'W') - output(403, 'Wrong value for lon-dir.'); - - if (!($_POST['alt'] >= -100000 AND $_POST['alt'] <= 42849672.95)) - output(403, 'Wrong value for alt.'); - - if (!($_POST['size'] >= 0 AND $_POST['size'] <= 90000000)) - output(403, 'Wrong value for size.'); - - if (!($_POST['hp'] >= 0 AND $_POST['hp'] <= 90000000)) - output(403, 'Wrong value for hp.'); - - if (!($_POST['vp'] >= 0 AND $_POST['vp'] <= 90000000)) - output(403, 'Wrong value for vp.'); - - knotcZoneExec($_POST['zone'], array( - $values['domain'], - $values['ttl'], - 'LOC', - $_POST['lat-deg'], - $_POST['lat-min'], - $_POST['lat-sec'], - $_POST['lat-dir'], - $_POST['lon-deg'], - $_POST['lon-min'], - $_POST['lon-sec'], - $_POST['lon-dir'], - $_POST['alt'] . 'm', - $_POST['size'] . 'm', - $_POST['hp'] . 'm', - $_POST['vp'] . 'm', - )); - - output(200, 'Enregistrement ajouté/retiré.'); -} - -?> -

diff --git a/pages/ns/mx.php b/pg-view/ns/mx.php similarity index 52% rename from pages/ns/mx.php rename to pg-view/ns/mx.php index 139fbba..66c0d2b 100644 --- a/pages/ns/mx.php +++ b/pg-view/ns/mx.php @@ -1,26 +1,3 @@ -= 0 AND $_POST['priority'] <= 255)) - output(403, 'Wrong value for priority.'); - - $_POST['host'] = formatAbsoluteDomain($_POST['host']); - - knotcZoneExec($_POST['zone'], array( - $values['domain'], - $values['ttl'], - 'MX', - $_POST['priority'], - $_POST['host'] - )); - - output(200, 'Enregistrement ajouté/retiré.'); -} - -?> -

diff --git a/pages/ns/ns.php b/pg-view/ns/ns.php similarity index 53% rename from pages/ns/ns.php rename to pg-view/ns/ns.php index c8ffe3f..26ab0aa 100644 --- a/pages/ns/ns.php +++ b/pg-view/ns/ns.php @@ -1,22 +1,3 @@ - -

diff --git a/pg-view/ns/print.php b/pg-view/ns/print.php new file mode 100644 index 0000000..05b8857 --- /dev/null +++ b/pg-view/ns/print.php @@ -0,0 +1,77 @@ + +
+ + +
+ + +
+ + +
+ + +
+ +
+ +' . htmlspecialchars($data['zone-raw']) . ''; + +if (isset($data['zone-table'])) { ?> + + + + + + + + +' . LF; + foreach ($zone_line as $element) + echo ' ' . LF; + echo ' ' . LF; + } +} +?> +
DomaineTTLTypeContenu
' . htmlspecialchars($element) . '
+ + +
+
Zone
+
+ +
+
Tag
+
+ +
+
Algorithme
+
+ +
+
Type de condensat
+
+ +
+
Condensat
+
+ +
+
+ += 0 AND $_POST['priority'] <= 65535)) - output(403, 'Wrong value for priority.'); - - if (!($_POST['weight'] >= 0 AND $_POST['weight'] <= 65535)) - output(403, 'Wrong value for weight.'); - - if (!($_POST['port'] >= 0 AND $_POST['port'] <= 65535)) - output(403, 'Wrong value for port.'); - - $_POST['target'] = formatAbsoluteDomain($_POST['target']); - - knotcZoneExec($_POST['zone'], array( - $values['domain'], - $values['ttl'], - 'SRV', - $_POST['priority'], - $_POST['weight'], - $_POST['port'], - $_POST['target'] - )); - - output(200, 'Enregistrement ajouté/retiré.'); -} - -?> -

diff --git a/pages/ns/sshfp.php b/pg-view/ns/sshfp.php similarity index 60% rename from pages/ns/sshfp.php rename to pg-view/ns/sshfp.php index 9eb48b0..4045651 100644 --- a/pages/ns/sshfp.php +++ b/pg-view/ns/sshfp.php @@ -1,31 +1,3 @@ -algo.'); - - if (!($_POST['type'] === '2')) - output(403, 'Wrong value for type.'); - - if (!(preg_match('/^[a-z0-9]{64}$/D', $_POST['fp']))) - output(403, 'Wrong value for fp.'); - - knotcZoneExec($_POST['zone'], array( - $values['domain'], - $values['ttl'], - 'SSHFP', - $_POST['algo'], - $_POST['type'], - $_POST['fp'] - )); - - output(200, 'Enregistrement ajouté/retiré.'); -} - -?> -

diff --git a/pages/ns/tlsa.php b/pg-view/ns/tlsa.php similarity index 67% rename from pages/ns/tlsa.php rename to pg-view/ns/tlsa.php index eed1630..dc591bd 100644 --- a/pages/ns/tlsa.php +++ b/pg-view/ns/tlsa.php @@ -1,35 +1,3 @@ -= 0 AND $_POST['use'] <= 3)) - output(403, 'Wrong value for use.'); - - if (!($_POST['selector'] === '0' OR $_POST['selector'] === '1')) - output(403, 'Wrong value for selector.'); - - if (!($_POST['type'] >= 0 AND $_POST['type'] <= 2)) - output(403, 'Wrong value for type.'); - - if (!(preg_match('/^[a-zA-Z0-9.-]{1,1024}$/D', $_POST['content']))) - output(403, 'Wrong value for content.'); - - knotcZoneExec($_POST['zone'], array( - $values['domain'], - $values['ttl'], - 'TLSA', - $_POST['use'], - $_POST['selector'], - $_POST['type'], - $_POST['content'] - )); - - output(200, 'Enregistrement ajouté/retiré.'); -} - -?> -

diff --git a/pages/ns/txt.php b/pg-view/ns/txt.php similarity index 50% rename from pages/ns/txt.php rename to pg-view/ns/txt.php index b33ba6c..a023d57 100644 --- a/pages/ns/txt.php +++ b/pg-view/ns/txt.php @@ -1,23 +1,3 @@ -txt.'); - - knotcZoneExec($_POST['zone'], array( - $values['domain'], - $values['ttl'], - 'TXT', - '"' . $_POST['txt'] . '"' - )); - - output(200, 'Enregistrement ajouté/retiré.'); -} - -?> -

diff --git a/pg-view/ns/zone-add.php b/pg-view/ns/zone-add.php new file mode 100644 index 0000000..d764748 --- /dev/null +++ b/pg-view/ns/zone-add.php @@ -0,0 +1,19 @@ +

+ Pour prouver que vous possédez bien ce domaine, il doit posséder un égal à ._domain-verification.. lors du traitement de ce formulaire. +

+ +

+ La zone sera servie par ces serveurs de noms : +

    +' . $server . ''; +?> +
+

+ +
+
+
+ +
diff --git a/pg-view/ns/zone-del.php b/pg-view/ns/zone-del.php new file mode 100644 index 0000000..7c745d1 --- /dev/null +++ b/pg-view/ns/zone-del.php @@ -0,0 +1,12 @@ +
+ + +
+ +
diff --git a/pages/reg/ds.php b/pg-view/reg/ds.php similarity index 70% rename from pages/reg/ds.php rename to pg-view/reg/ds.php index d069f09..ff33b12 100644 --- a/pages/reg/ds.php +++ b/pg-view/reg/ds.php @@ -1,45 +1,3 @@ -algo.'); - - $_POST['keytag'] = intval($_POST['keytag']); - if ((!preg_match('/^[0-9]{1,6}$/D', $_POST['keytag'])) OR !($_POST['keytag'] >= 1) OR !($_POST['keytag'] <= 65535)) - output(403, 'Wrong value for keytag.'); - - if ($_POST['dt'] !== '2' AND $_POST['dt'] !== '4') - output(403, 'Wrong value for dt.'); - - regCheckDomainPossession($_POST['zone']); - - $action = checkAction($_POST['action']); - - knotcZoneExec(CONF['reg']['registry'], array( - $_POST['zone'], - CONF['reg']['ttl'], - 'DS', - $_POST['keytag'], - $_POST['algo'], - $_POST['dt'], - $_POST['key'] - )); - - output(200, 'Enregistrement ajouté/retiré.'); -} - -?> -

Ici vous pouvez indiquer au registre l'enregistrement DS d'une zone afin de permettre de déléguer la confiance .

@@ -56,7 +14,7 @@ if (processForm()) { diff --git a/pages/reg/glue.php b/pg-view/reg/glue.php similarity index 64% rename from pages/reg/glue.php rename to pg-view/reg/glue.php index 32bd72e..26affe5 100644 --- a/pages/reg/glue.php +++ b/pg-view/reg/glue.php @@ -1,24 +1,3 @@ - -

@@ -42,9 +21,8 @@ if (processForm()) { diff --git a/pages/reg/index.php b/pg-view/reg/index.php similarity index 100% rename from pages/reg/index.php rename to pg-view/reg/index.php diff --git a/pages/reg/ns.php b/pg-view/reg/ns.php similarity index 57% rename from pages/reg/ns.php rename to pg-view/reg/ns.php index d19fe94..708a2a9 100644 --- a/pages/reg/ns.php +++ b/pg-view/reg/ns.php @@ -1,21 +1,3 @@ - -

@@ -32,9 +14,8 @@ if (processForm()) {
diff --git a/pg-view/reg/print.php b/pg-view/reg/print.php new file mode 100644 index 0000000..4f0c79c --- /dev/null +++ b/pg-view/reg/print.php @@ -0,0 +1,34 @@ +
+ + +
+ +
+ + + + + + + + + +' . LF; + foreach ($zone_line as $element) + echo ' ' . LF; + echo ' ' . LF; + } +} + +?> +
DomaineTTLTypeContenu
' . htmlspecialchars($element) . '
diff --git a/pg-view/reg/register.php b/pg-view/reg/register.php new file mode 100644 index 0000000..73d2e12 --- /dev/null +++ b/pg-view/reg/register.php @@ -0,0 +1,11 @@ +

+ Enregistrer un nouveau domaine sur son compte. Ce domaine doit être composé uniquement d'au moins 4 lettres latines non accentuées (a-z). +

+ +
+ +
+ . +
+ +
diff --git a/pg-view/reg/reserved.txt b/pg-view/reg/reserved.txt new file mode 100644 index 0000000..bfbb72f --- /dev/null +++ b/pg-view/reg/reserved.txt @@ -0,0 +1,242 @@ +# List of subdomains not available to register +# +# They may be forbidden because: +# - they may be privileged for impersonating Niver, spamming or fishing +# - they are reserved for a project asking for it and deserving such a well-known name + +niver + +# Registry-related +nic +domain +domains +reg +registry + +# Special subdomains +autoconfig +autodiscover + +# Special TLDs +example +invalid +test +local +localhost +onion + +# Standard-related +ns0 +ns1 +ns2 +ns3 +ns4 +ns5 +ns6 +ns7 +ns8 +ns9 +dns +dns0 +dns1 +dns2 +dns3 +dns4 +dns5 +dns6 +dns7 +dns8 +dns9 +www +wwww +www0 +www1 +www2 +www3 +www4 +www5 +www6 +www7 +www8 +www9 +srv +srv0 +srv1 +srv2 +srv3 +srv4 +srv5 +srv6 +srv7 +srv8 +srv9 +ssh +sftp +http +https +ssl +tls +mtx +matrix +gmi +gemini +ftp +ftps +mx +imap +imaps +smtp +smtps +pop +xmpp +fedi +html +rss +ipv4 +ipv6 + +# Prevent account fishing +account +accounts +register +profile +signup +login +auth +authenticate +connect + +# Commercial +com +free +trial +ads +bank +banks +business +customer +customers +store +stores +shop +shops +job +jobs +marketing +sales + +# Miscellaneous +org +net +com +gov +gouv +edu +api +cdn +support +admin +web +dev +host +portal +beta +alpha +demo +vpn +temp +root +data +stats +chat +about +remote +portal +boost +core +learn +community +meta +news +public +online +join +mobile +tech +space +zone +name +access +search +static +secure +security +bbs +help +info +code +doc +docs +server +servers +client +clients +mail +mails +email +emails +webmail +site +sites +website +websites +blog +blogs +gemlog +gemlogs +capsule +capsules +source +sources +update +updates +forum +forums +service +services +ressource +ressources +image +images +video +videos +radio +radios +music +map +maps +app +apps +dev +devs +developer +developers +social +cloud +clouds +network +networks +survey +surveys +build +builds +upload +uploads +download +downloads +content +contents +drive +drives +home +homes diff --git a/pg-view/reg/transfer.php b/pg-view/reg/transfer.php new file mode 100644 index 0000000..38edb15 --- /dev/null +++ b/pg-view/reg/transfer.php @@ -0,0 +1,11 @@ +

+ Pour prouver que vous êtes autorisé à recevoir le domaine par san possessaire actuele, ledit domaine doit posséder un égal à ._transfer-verification.. lors du traitement de ce formulaire. Cet enregistrement sera automatiquement retiré une fois validé. +

+ +
+ +
+ . +
+ +
diff --git a/pages/reg/unregister.php b/pg-view/reg/unregister.php similarity index 53% rename from pages/reg/unregister.php rename to pg-view/reg/unregister.php index 5840606..74ed837 100644 --- a/pages/reg/unregister.php +++ b/pg-view/reg/unregister.php @@ -1,15 +1,3 @@ - -

Ceci désenregistrera le domaine, et le rendra ainsi à nouveau disponible à l'enregistrement par n'importe qui.

@@ -20,9 +8,8 @@ if (processForm()) {
diff --git a/router.php b/router.php index f3dcb63..5fc1b67 100644 --- a/router.php +++ b/router.php @@ -1,4 +1,5 @@ [$pages[$pageElements[0]]['title'] ?? false], - 'page_metadata' => $pages[$pageElements[0]] ?? NULL + 'page_metadata' => $pages[$pageElements[0]] ?? NULL, + 'terminal' => $pageElements[0] !== 'index' ]; $result = $pages['index']['title']; if (!isset($pageElements[1])) @@ -45,6 +47,7 @@ function getPageInformations($pages, $pageElements) { $pageInformations = getPageInformations(PAGES, PAGE_LINEAGE); define('TITLES_LINEAGE', array_reverse($pageInformations['titles_lineage'])); define('PAGE_METADATA', $pageInformations['page_metadata']); +define('PAGE_TERMINAL', $pageInformations['terminal']); if (!TITLES_LINEAGE[array_key_last(TITLES_LINEAGE)]) { http_response_code(404); @@ -52,11 +55,7 @@ if (!TITLES_LINEAGE[array_key_last(TITLES_LINEAGE)]) { } const SESSION_COOKIE_NAME = 'niver-session-key'; -if ( - isset($_COOKIE[SESSION_COOKIE_NAME]) // Resume session - OR - (isset($_POST['username']) AND in_array(PAGE_URL, ['auth/login', 'auth/register'])) // Start new session - ) { +function startSession() { session_start([ 'name' => SESSION_COOKIE_NAME, 'sid_length' => 64, @@ -72,44 +71,8 @@ if ( 'use_only_cookies' => true, ]); } - -?> - -> - - - <?php -foreach(array_reverse(TITLES_LINEAGE) as $id => $title) - echo strip_tags($title) . (array_key_last(TITLES_LINEAGE) === $id ? '' : ' < '); -?> -' . LF; -?> - - - -
-

- - 👤 ' : '' ?> Se déconnecter - - Anonyme Se connecter - -

- -
-
- $_SESSION['id']], 'id')[0]) !== true) + output(403, 'Ce compte n\'existe plus. Déconnectez-vous pour terminer cette session fantôme.'); + } + if (file_exists('pg-act/' . PAGE_ADDRESS . '.php')) + require 'pg-act/' . PAGE_ADDRESS . '.php'; +} - displayFinalMessage(); -?> -
- - - - +> + + + <?php + foreach(array_reverse(TITLES_LINEAGE) as $id => $title) + echo strip_tags($title) . (array_key_last(TITLES_LINEAGE) === $id ? '' : ' < '); +?> +' . LF; +?> + + + +
+

+ + 👤 ' : '' ?> Se déconnecter + + Anonyme Se connecter + +

+ +
+
+Ce formulaire ne sera pas accepté car il faut se connecter avant.

'; + + displayFinalMessage($data); + +?> +
+ + +