fn success/userError/serverError > output($code)

This commit is contained in:
Miraty 2022-09-15 19:17:48 +02:00
parent 3571c456fd
commit 763762f08b
36 changed files with 137 additions and 149 deletions

View file

@ -16,12 +16,12 @@ define("OPTIONS_PASSWORD", array(
function checkPasswordFormat($password) { function checkPasswordFormat($password) {
if (preg_match("/" . PASSWORD_REGEX . "/u", $password) !== 1) if (preg_match("/" . PASSWORD_REGEX . "/u", $password) !== 1)
userError("Password malformed."); output(403, 'Password malformed.');
} }
function checkUsernameFormat($username) { function checkUsernameFormat($username) {
if (preg_match("/" . USERNAME_REGEX . "/u", $username) !== 1) if (preg_match("/" . USERNAME_REGEX . "/u", $username) !== 1)
userError("Username malformed."); output(403, 'Username malformed.');
} }
function hashPassword($password) { function hashPassword($password) {

View file

@ -2,27 +2,19 @@
$final_message = null; $final_message = null;
function success($msg = '') { function output($code, $msg = '') {
global $final_message; global $final_message;
if ($msg !== '') $shortCode = $code / 100 % 10;
$final_message = "<p><output><strong>Succès</strong> : <em>" . $msg . "</em></output></p>\n"; $final_message = match ($shortCode) {
} 2 => ($msg === '') ? '' : "<p><output><strong>Succès</strong> : <em>" . $msg . "</em></output></p>\n",
4 => "<p><output><strong>Erreur utilisataire</strong> : <em>" . $msg . "</em></output></p>\n",
// When the user requests something unexpected 5 => "<p><output><strong>Server error</strong>: The server encountered an error: <em>" . $msg . "</em></output></p>\n",
function userError($msg) { };
global $final_message; http_response_code($code);
$final_message = "<p><output><strong>Erreur utilisataire</strong> : <em>" . $msg . "</em></output></p>\n"; if ($shortCode === 5)
http_response_code(403); error_log("Niver internal error: " . strip_tags($msg));
executePage(); if ($code !== 200)
} executePage();
// When the system did something unexpected
function serverError($msg) {
global $final_message;
$final_message = "<p><output><strong>Server error</strong>: The server encountered an error: <em>" . $msg . "</em></output></p>\n";
http_response_code(500);
error_log("Niver internal error: " . strip_tags($msg));
executePage();
} }
function processForm($requireLogin = true) { function processForm($requireLogin = true) {
@ -33,7 +25,7 @@ function processForm($requireLogin = true) {
if (empty($_POST)) if (empty($_POST))
return false; return false;
if ($requireLogin AND !isset($_SESSION['username'])) if ($requireLogin AND !isset($_SESSION['username']))
userError("Vous devez être connecté·e pour effectuer cette action."); output(403, 'Vous devez être connecté·e pour effectuer cette action.');
return true; return true;
} }
@ -119,11 +111,12 @@ function redirUrl($pageId) {
function redir() { function redir() {
if (isset($_GET['redir'])) { if (isset($_GET['redir'])) {
if (preg_match('/^[0-9a-z\/-]{0,128}$/', $_GET['redir']) !== 1) if (preg_match('/^[0-9a-z\/-]{0,128}$/', $_GET['redir']) !== 1)
userError("Wrong character in <code>redir</code>."); output(403, 'Wrong character in <code>redir</code>.');
header('Location: ' . CONF['common']['prefix'] . '/' . $_GET['redir']); header('Location: ' . CONF['common']['prefix'] . '/' . $_GET['redir']);
} else { } else {
header('Location: ' . CONF['common']['prefix'] . '/'); header('Location: ' . CONF['common']['prefix'] . '/');
} }
exit();
} }
// PHP rmdir() only works on empty directories // PHP rmdir() only works on empty directories
@ -133,7 +126,7 @@ function removeDirectory($dir) {
foreach ($files as $file) foreach ($files as $file)
$file->isDir() && !$file->isLink() ? rmdir($file->getPathname()) : unlink($file->getPathname()); $file->isDir() && !$file->isLink() ? rmdir($file->getPathname()) : unlink($file->getPathname());
if (rmdir($dir) !== true) if (rmdir($dir) !== true)
serverError("Unable to remove directory."); output(500, 'Unable to remove directory.');
} }
function equalArrays($a, $b) { function equalArrays($a, $b) {

View file

@ -3,20 +3,20 @@
function knotcConfExec($cmds) { function knotcConfExec($cmds) {
exec(CONF['dns']['knotc_path'] . " conf-begin", $output['begin'], $code['begin']); exec(CONF['dns']['knotc_path'] . " conf-begin", $output['begin'], $code['begin']);
if ($code['begin'] !== 0) if ($code['begin'] !== 0)
serverError("knotcConfExec: <code>knotc</code> failed with exit code <samp>" . $code['begin'] . "</samp>: <samp>" . $output['begin'][0] . "</samp>."); output(500, 'knotcConfExec: <code>knotc</code> failed with exit code <samp>' . $code['begin'] . '</samp>: <samp>' . $output['begin'][0] . '</samp>.');
foreach ($cmds as $cmd) { foreach ($cmds as $cmd) {
exec(CONF['dns']['knotc_path'] . " conf-" . $cmd, $output['op'], $code['op']); exec(CONF['dns']['knotc_path'] . " conf-" . $cmd, $output['op'], $code['op']);
if ($code['op'] !== 0) { if ($code['op'] !== 0) {
exec(CONF['dns']['knotc_path'] . " conf-abort"); exec(CONF['dns']['knotc_path'] . " conf-abort");
serverError("knotcConfExec: <code>knotc</code> failed with exit code <samp>" . $code['op'] . "</samp>: <samp>" . $output['op'][0] . "</samp>."); output(500, 'knotcConfExec: <code>knotc</code> failed with exit code <samp>' . $code['op'] . '</samp>: <samp>' . $output['op'][0] . '</samp>.');
} }
} }
exec(CONF['dns']['knotc_path'] . " conf-commit", $output['commit'], $code['commit']); exec(CONF['dns']['knotc_path'] . " conf-commit", $output['commit'], $code['commit']);
if ($code['commit'] !== 0) { if ($code['commit'] !== 0) {
exec(CONF['dns']['knotc_path'] . " conf-abort"); exec(CONF['dns']['knotc_path'] . " conf-abort");
serverError("knotcConfExec: <code>knotc</code> failed with exit code <samp>" . $code['commit'] . "</samp>: <samp>" . $output['commit'][0] . "</samp>."); output(500, 'knotcConfExec: <code>knotc</code> failed with exit code <samp>' . $code['commit'] . '</samp>: <samp>' . $output['commit'][0] . '</samp>.');
} }
} }
@ -25,18 +25,18 @@ function knotcZoneExec($zone, $cmd) {
exec(CONF['dns']['knotc_path'] . " zone-begin " . $zone, $output['begin'], $code['begin']); exec(CONF['dns']['knotc_path'] . " zone-begin " . $zone, $output['begin'], $code['begin']);
if ($code['begin'] !== 0) if ($code['begin'] !== 0)
serverError("knotcZoneExec: <code>knotc</code> failed with exit code <samp>" . $code['begin'] . "</samp>: <samp>" . $output['begin'][0] . "</samp>."); output(500, 'knotcZoneExec: <code>knotc</code> failed with exit code <samp>' . $code['begin'] . '</samp>: <samp>' . $output['begin'][0] . '</samp>.');
exec(CONF['dns']['knotc_path'] . " zone-" . $action . "set " . $zone . " " . implode(" ", $cmd), $output['op'], $code['op']); exec(CONF['dns']['knotc_path'] . " zone-" . $action . "set " . $zone . " " . implode(" ", $cmd), $output['op'], $code['op']);
if ($code['op'] !== 0) { if ($code['op'] !== 0) {
exec(CONF['dns']['knotc_path'] . " zone-abort " . $zone); exec(CONF['dns']['knotc_path'] . " zone-abort " . $zone);
serverError("knotcZoneExec: <code>knotc</code> failed with exit code <samp>" . $code['op'] . "</samp>: <samp>" . $output['op'][0] . "</samp>."); output(500, 'knotcZoneExec: <code>knotc</code> failed with exit code <samp>' . $code['op'] . '</samp>: <samp>' . $output['op'][0] . '</samp>.');
} }
exec(CONF['dns']['knotc_path'] . " zone-commit " . $zone, $output['commit'], $code['commit']); exec(CONF['dns']['knotc_path'] . " zone-commit " . $zone, $output['commit'], $code['commit']);
if ($code['commit'] !== 0) { if ($code['commit'] !== 0) {
exec(CONF['dns']['knotc_path'] . " zone-abort " . $zone); exec(CONF['dns']['knotc_path'] . " zone-abort " . $zone);
serverError("knotcZoneExec: <code>knotc</code> failed with exit code <samp>" . $code['commit'] . "</samp>: <samp>" . $output['commit'][0] . "</samp>."); output(500, 'knotcZoneExec: <code>knotc</code> failed with exit code <samp>' . $code['commit'] . '</samp>: <samp>' . $output['commit'][0] . '</samp>.');
} }
} }
@ -45,13 +45,13 @@ function checkIpFormat($ip) {
return "A"; return "A";
if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6))
return "AAAA"; return "AAAA";
userError("IP address malformed."); output(403, 'IP address malformed.');
} }
function checkAbsoluteDomainFormat($domain) { function checkAbsoluteDomainFormat($domain) {
// If the domain must end with a dot // If the domain must end with a dot
if (!filter_var($domain, FILTER_VALIDATE_DOMAIN) OR !preg_match("/^([a-z0-9_-]{1,63}\.){2,127}$/", $domain)) if (!filter_var($domain, FILTER_VALIDATE_DOMAIN) OR !preg_match("/^([a-z0-9_-]{1,63}\.){2,127}$/", $domain))
userError("Domain malformed."); output(403, 'Domain malformed.');
} }
function formatEndWithDot($str) { function formatEndWithDot($str) {
@ -70,6 +70,6 @@ function checkAction($action) {
return match ($action) { return match ($action) {
'add' => '', 'add' => '',
'delete' => 'un', 'delete' => 'un',
default => userError("Wrong value for action."), default => output(403, 'Wrong value for action.'),
}; };
} }

View file

@ -3,7 +3,7 @@
function checkDomainFormat($domain) { function checkDomainFormat($domain) {
// If the domain must end without a dot // If the domain must end without a dot
if (!filter_var($domain, FILTER_VALIDATE_DOMAIN) OR !preg_match("/^([a-z0-9_-]{1,63}\.){1,126}[a-z0-9]{1,63}$/", $domain)) if (!filter_var($domain, FILTER_VALIDATE_DOMAIN) OR !preg_match("/^([a-z0-9_-]{1,63}\.){1,126}[a-z0-9]{1,63}$/", $domain))
userError("Domain malformed."); output(403, 'Domain malformed.');
} }
function formatDomain($domain) { function formatDomain($domain) {
@ -49,17 +49,17 @@ function htDeleteSite($dir, $domainType, $protocol) {
if ($domainType === 'onion') { if ($domainType === 'onion') {
// Delete Tor config // Delete Tor config
if (unlink(CONF['ht']['tor_config_path'] . '/' . $_SESSION['username'] . '/' . $dir) !== true) if (unlink(CONF['ht']['tor_config_path'] . '/' . $_SESSION['username'] . '/' . $dir) !== true)
serverError("Failed to delete Tor configuration."); output(500, 'Failed to delete Tor configuration.');
// Reload Tor // Reload Tor
exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['systemctl_path'] . " reload " . CONF['ht']['tor_service'], $output, $code); exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['systemctl_path'] . " reload " . CONF['ht']['tor_service'], $output, $code);
if ($code !== 0) if ($code !== 0)
serverError("Failed to reload Tor."); output(500, 'Failed to reload Tor.');
// Delete Tor keys // Delete Tor keys
exec(CONF['ht']['sudo_path'] . ' -u ' . CONF['ht']['tor_user'] . ' ' . CONF['ht']['rm_path'] . ' --recursive ' . CONF['ht']['tor_keys_path'] . '/' . $_SESSION['username'] . '/' . $dir, $output, $code); exec(CONF['ht']['sudo_path'] . ' -u ' . CONF['ht']['tor_user'] . ' ' . CONF['ht']['rm_path'] . ' --recursive ' . CONF['ht']['tor_keys_path'] . '/' . $_SESSION['username'] . '/' . $dir, $output, $code);
if ($code !== 0) if ($code !== 0)
serverError("Failed to delete Tor keys."); output(500, 'Failed to delete Tor keys.');
} }
// Delete Nginx config // Delete Nginx config
@ -70,18 +70,18 @@ function htDeleteSite($dir, $domainType, $protocol) {
'site_dir' => $dir, 'site_dir' => $dir,
], 'domain')[0]; ], 'domain')[0];
if (unlink(CONF['ht']['nginx_config_path'] . '/' . $domain . '.conf') !== true) if (unlink(CONF['ht']['nginx_config_path'] . '/' . $domain . '.conf') !== true)
serverError("Failed to delete Nginx configuration."); output(500, 'Failed to delete Nginx configuration.');
// Reload Nginx // Reload Nginx
exec(CONF['ht']['sudo_path'] . ' ' . CONF['ht']['systemctl_path'] . ' reload nginx', result_code: $code); exec(CONF['ht']['sudo_path'] . ' ' . CONF['ht']['systemctl_path'] . ' reload nginx', result_code: $code);
if ($code !== 0) if ($code !== 0)
serverError("Failed to reload Nginx."); output(500, 'Failed to reload Nginx.');
if ($domainType === 'dns') { if ($domainType === 'dns') {
// Delete Let's Encrypt certificate // Delete Let's Encrypt certificate
exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['certbot_path'] . " delete --quiet --cert-name " . $domain, $output, $code); exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['certbot_path'] . " delete --quiet --cert-name " . $domain, $output, $code);
if ($code !== 0) if ($code !== 0)
serverError("Certbot failed to delete the Let's Encrypt certificate."); output(500, 'Certbot failed to delete the Let\'s Encrypt certificate.');
} }
// Delete from database // Delete from database

View file

@ -20,7 +20,7 @@ function nsParseCommonRequirements() {
$values['ttl'] = $_POST['ttl-value'] * $_POST['ttl-multiplier']; $values['ttl'] = $_POST['ttl-value'] * $_POST['ttl-multiplier'];
if (!($values['ttl'] >= 300 AND $values['ttl'] <= 432000)) if (!($values['ttl'] >= 300 AND $values['ttl'] <= 432000))
userError("Le TTL doit être compris entre 5 minutes et 5 jours (entre 300 et 432000 secondes)."); output(403, 'Le TTL doit être compris entre 5 minutes et 5 jours (entre 300 et 432000 secondes).');
return $values; return $values;
} }
@ -33,7 +33,7 @@ function nsCheckZonePossession($zone) {
checkAbsoluteDomainFormat($zone); checkAbsoluteDomainFormat($zone);
if (!in_array($zone, query('select', 'zones', ['username' => $_SESSION['username']], 'zone'), true)) if (!in_array($zone, query('select', 'zones', ['username' => $_SESSION['username']], 'zone'), true))
userError("You don't own this zone on the nameserver."); output(403, 'You don\'t own this zone on the nameserver.');
} }
function nsDeleteZone($zone) { function nsDeleteZone($zone) {
@ -42,7 +42,7 @@ function nsDeleteZone($zone) {
// Remove Knot zone file // Remove Knot zone file
if(unlink(CONF['ns']['knot_zones_path'] . '/' . $zone . 'zone') !== true) if(unlink(CONF['ns']['knot_zones_path'] . '/' . $zone . 'zone') !== true)
serverError("Failed to remove Knot zone file."); output(500, 'Failed to remove Knot zone file.');
// Remove Knot related data // Remove Knot related data
exec(CONF['dns']['knotc_path'] . " zone-purge " . $zone); exec(CONF['dns']['knotc_path'] . " zone-purge " . $zone);

View file

@ -6,17 +6,17 @@ function regListUserDomains($username) {
function regCheckDomainPossession($domain) { function regCheckDomainPossession($domain) {
if (in_array($domain, regListUserDomains($_SESSION['username']), true) !== true) if (in_array($domain, regListUserDomains($_SESSION['username']), true) !== true)
userError("You don't own this domain."); output(403, 'You don\'t own this domain.');
} }
function regDeleteDomain($domain) { function regDeleteDomain($domain) {
// Delete domain from registry file // Delete domain from registry file
$regFile = file_get_contents(CONF['reg']['registry_file']); $regFile = file_get_contents(CONF['reg']['registry_file']);
if ($regFile === false) if ($regFile === false)
serverError("Failed to read current registry File."); output(500, 'Failed to read current registry File.');
$regFile = preg_replace("#[^\n]{0,1024}" . $domain . " {0,1024}[^\n]{0,1024}\n#", "", $regFile); $regFile = preg_replace("#[^\n]{0,1024}" . $domain . " {0,1024}[^\n]{0,1024}\n#", "", $regFile);
if (file_put_contents(CONF['reg']['registry_file'], $regFile) === false) if (file_put_contents(CONF['reg']['registry_file'], $regFile) === false)
serverError("Failed to write new registry file."); output(500, 'Failed to write new registry file.');
// Delete from Niver's database // Delete from Niver's database
query('delete', 'registry', [ query('delete', 'registry', [

View file

@ -6,10 +6,10 @@ if (processForm(false)) {
checkUsernameFormat($_POST['username']); checkUsernameFormat($_POST['username']);
if (userExist($_POST['username']) !== true) if (userExist($_POST['username']) !== true)
userError("Connexion impossible : ce compte n'existe pas."); output(403, 'Connexion impossible : ce compte n\'existe pas.');
if (checkPassword($_POST['username'], $_POST['password']) !== true) if (checkPassword($_POST['username'], $_POST['password']) !== true)
userError("Connexion impossible : clé de passe invalide."); output(403, 'Connexion impossible : clé de passe invalide.');
$_SESSION['username'] = $_POST['username']; $_SESSION['username'] = $_POST['username'];
@ -17,8 +17,6 @@ if (processForm(false)) {
changePassword($_SESSION['username'], $_POST['password']); changePassword($_SESSION['username'], $_POST['password']);
redir(); redir();
success("Connecté·e.");
} }
?> ?>

View file

@ -5,4 +5,3 @@ if (session_status() === PHP_SESSION_ACTIVE)
header('Clear-Site-Data: "*"'); header('Clear-Site-Data: "*"');
redir(); redir();
success("Déconnecté·e.");

View file

@ -4,11 +4,11 @@ if (processForm()) {
checkPasswordFormat($_POST['newPassword']); checkPasswordFormat($_POST['newPassword']);
if (checkPassword($_SESSION['username'], $_POST['currentPassword']) !== true) if (checkPassword($_SESSION['username'], $_POST['currentPassword']) !== true)
userError("Changement impossible : clé de passe invalide."); output(403, 'Changement impossible : clé de passe invalide.');
changePassword($_SESSION['username'], $_POST['newPassword']); changePassword($_SESSION['username'], $_POST['newPassword']);
success("Clé de passe changée."); output(200, 'Clé de passe changée.');
} }
?> ?>

View file

@ -6,24 +6,24 @@ if (processForm(false)) {
checkUsernameFormat($_POST['username']); checkUsernameFormat($_POST['username']);
if (userExist($_POST['username']) !== false) if (userExist($_POST['username']) !== false)
userError("Ce nom de compte est déjà utilisé."); output(403, 'Ce nom de compte est déjà utilisé.');
// Setup SFTP directory // Setup SFTP directory
umask(0002); umask(0002);
if (mkdir(CONF['ht']['ht_path'] . "/" . $_POST['username'], 0775) !== true) if (mkdir(CONF['ht']['ht_path'] . "/" . $_POST['username'], 0775) !== true)
serverError("Can't create user directory."); output(500, 'Can\'t create user directory.');
exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['chgrp_path'] . " " . CONF['ht']['sftpgo_group'] . " " . CONF['ht']['ht_path'] . "/" . $_POST['username'] . " --no-dereference", result_code: $code); exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['chgrp_path'] . " " . CONF['ht']['sftpgo_group'] . " " . CONF['ht']['ht_path'] . "/" . $_POST['username'] . " --no-dereference", result_code: $code);
if ($code !== 0) if ($code !== 0)
serverError("Can't change user directory group."); output(500, 'Can\'t change user directory group.');
// Setup Tor config directory // Setup Tor config directory
if (mkdir(CONF['ht']['tor_config_path'] . "/" . $_POST['username'], 0755) !== true) if (mkdir(CONF['ht']['tor_config_path'] . "/" . $_POST['username'], 0755) !== true)
serverError("Can't create Tor config directory."); output(500, 'Can\'t create Tor config directory.');
// Setup Tor keys directory // Setup Tor keys directory
exec(CONF['ht']['sudo_path'] . " -u " . CONF['ht']['tor_user'] . " " . CONF['ht']['mkdir_path'] . " --mode=0700 " . CONF['ht']['tor_keys_path'] . "/" . $_POST['username'], result_code: $code); exec(CONF['ht']['sudo_path'] . " -u " . CONF['ht']['tor_user'] . " " . CONF['ht']['mkdir_path'] . " --mode=0700 " . CONF['ht']['tor_keys_path'] . "/" . $_POST['username'], result_code: $code);
if ($code !== 0) if ($code !== 0)
serverError("Can't create Tor keys directory."); output(500, 'Can\'t create Tor keys directory.');
insert('users', [ insert('users', [
'username' => $_POST['username'], 'username' => $_POST['username'],
@ -34,8 +34,6 @@ if (processForm(false)) {
$_SESSION['username'] = $_POST['username']; $_SESSION['username'] = $_POST['username'];
redir(); redir();
success("Compte créé.");
} }
?> ?>

View file

@ -2,7 +2,7 @@
if (processForm()) { if (processForm()) {
if (!isset($_POST['delete'])) if (!isset($_POST['delete']))
userError("Il faut confirmer la suppression du compte"); output(403, 'Il faut confirmer la suppression du compte');
foreach (query('select', 'registry', ['username' => $_SESSION['username']], 'domain') as $domain) foreach (query('select', 'registry', ['username' => $_SESSION['username']], 'domain') as $domain)
regDeleteDomain($domain); regDeleteDomain($domain);
@ -26,19 +26,19 @@ if (processForm()) {
exec(CONF['ht']['sudo_path'] . " -u " . CONF['ht']['tor_user'] . " " . CONF['ht']['rm_path'] . " --recursive " . CONF['ht']['tor_keys_path'] . "/" . $_SESSION['username'], result_code: $code); exec(CONF['ht']['sudo_path'] . " -u " . CONF['ht']['tor_user'] . " " . CONF['ht']['rm_path'] . " --recursive " . CONF['ht']['tor_keys_path'] . "/" . $_SESSION['username'], result_code: $code);
if ($code !== 0) if ($code !== 0)
serverError("Can't remove Tor keys directory."); output(500, 'Can\'t remove Tor keys directory.');
removeDirectory(CONF['ht']['tor_config_path'] . '/' . $_SESSION['username']); removeDirectory(CONF['ht']['tor_config_path'] . '/' . $_SESSION['username']);
exec(CONF['ht']['sudo_path'] . ' ' . CONF['ht']['rm_path'] . ' --recursive ' . CONF['ht']['ht_path'] . '/' . $_SESSION['username'], result_code: $code); exec(CONF['ht']['sudo_path'] . ' ' . CONF['ht']['rm_path'] . ' --recursive ' . CONF['ht']['ht_path'] . '/' . $_SESSION['username'], result_code: $code);
if ($code !== 0) if ($code !== 0)
serverError("Can't remove user's directory."); output(500, 'Can\'t remove user\'s directory.');
query('delete', 'users', ['username' => $_SESSION['username']]); query('delete', 'users', ['username' => $_SESSION['username']]);
require "logout.php"; require "logout.php";
success("Compte supprimé."); output(200, 'Compte supprimé.');
} }
?> ?>

View file

@ -9,28 +9,28 @@ if (processForm()) {
$_POST['domain'] = formatDomain($_POST['domain']); $_POST['domain'] = formatDomain($_POST['domain']);
if ($dirsStatuses[$_POST['dir']] !== false) if ($dirsStatuses[$_POST['dir']] !== false)
userError("Wrong value for <code>dir</code>."); output(403, 'Wrong value for <code>dir</code>.');
if (query('select', 'sites', ['domain' => $_POST['domain']], 'domain') !== []) if (query('select', 'sites', ['domain' => $_POST['domain']], 'domain') !== [])
userError("Ce domaine existe déjà sur ce service."); output(403, 'Ce domaine existe déjà sur ce service.');
$remoteAaaaRecords = dns_get_record($_POST['domain'], DNS_AAAA); $remoteAaaaRecords = dns_get_record($_POST['domain'], DNS_AAAA);
if (is_array($remoteAaaaRecords) !== true) if (is_array($remoteAaaaRecords) !== true)
userError("Ce domaine n'existe pas."); output(403, 'Ce domaine n\'existe pas.');
if (equalArrays([CONF['ht']['ipv6_address']], array_column($remoteAaaaRecords, 'ipv6')) !== true) if (equalArrays([CONF['ht']['ipv6_address']], array_column($remoteAaaaRecords, 'ipv6')) !== true)
userError("Ce domaine doit avoir pour unique enregistrement AAAA <code>" . CONF['ht']['ipv6_address'] . "</code>."); output(403, 'Ce domaine doit avoir pour unique enregistrement AAAA <code>' . CONF['ht']['ipv6_address'] . '</code>.');
$remoteARecords = dns_get_record($_POST['domain'], DNS_A); $remoteARecords = dns_get_record($_POST['domain'], DNS_A);
if (is_array($remoteARecords) !== true) if (is_array($remoteARecords) !== true)
userError("Ce domaine n'existe pas."); output(403, 'Ce domaine n\'existe pas.');
if (equalArrays([CONF['ht']['ipv4_address']], array_column($remoteARecords, 'ip')) !== true) if (equalArrays([CONF['ht']['ipv4_address']], array_column($remoteARecords, 'ip')) !== true)
userError("Ce domaine doit avoir pour unique enregistrement A <code>" . CONF['ht']['ipv4_address'] . "</code>."); output(403, 'Ce domaine doit avoir pour unique enregistrement A <code>' . CONF['ht']['ipv4_address'] . '</code>.');
addSite($_SESSION['username'], $_POST['dir'], $_POST['domain'], "dns", "http"); addSite($_SESSION['username'], $_POST['dir'], $_POST['domain'], "dns", "http");
exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['certbot_path'] . " certonly --quiet" . (CONF['ht']['letsencrypt_use_production'] ? '' : ' --test-cert') . " --key-type rsa --rsa-key-size 3072 --webroot --webroot-path /srv/niver/acme --domain " . $_POST['domain'], $output, $returnCode); exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['certbot_path'] . " certonly --quiet" . (CONF['ht']['letsencrypt_use_production'] ? '' : ' --test-cert') . " --key-type rsa --rsa-key-size 3072 --webroot --webroot-path /srv/niver/acme --domain " . $_POST['domain'], $output, $returnCode);
if ($returnCode !== 0) if ($returnCode !== 0)
serverError("Certbot failed to get a Let's Encrypt certificate."); output(500, 'Certbot failed to get a Let\'s Encrypt certificate.');
$nginxConf = 'server { $nginxConf = 'server {
listen [' . CONF['ht']['ipv6_listen_address'] . ']:' . CONF['ht']['https_port'] . ' ssl http2; listen [' . CONF['ht']['ipv6_listen_address'] . ']:' . CONF['ht']['https_port'] . ' ssl http2;
@ -45,14 +45,14 @@ if (processForm()) {
} }
'; ';
if (file_put_contents(CONF['ht']['nginx_config_path'] . "/" . $_POST['domain'] . ".conf", $nginxConf) === false) if (file_put_contents(CONF['ht']['nginx_config_path'] . "/" . $_POST['domain'] . ".conf", $nginxConf) === false)
serverError("Failed to write Nginx configuration."); output(500, 'Failed to write Nginx configuration.');
// Reload Nginx // Reload Nginx
exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['systemctl_path'] . " reload nginx", result_code: $code); exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['systemctl_path'] . " reload nginx", result_code: $code);
if ($code !== 0) if ($code !== 0)
serverError("Failed to reload Nginx."); output(500, 'Failed to reload Nginx.');
success("Accès HTTP par domaine ajouté sur ce dossier !"); output(200, 'Accès HTTP par domaine ajouté sur ce dossier !');
} }
?> ?>

View file

@ -7,25 +7,25 @@ else
if (processForm()) { if (processForm()) {
if ($dirsStatuses[$_POST['dir']] !== false) if ($dirsStatuses[$_POST['dir']] !== false)
userError("Wrong value for <code>dir</code>."); output(403, 'Wrong value for <code>dir</code>.');
// Add Tor config // Add Tor config
$torConf = "HiddenServiceDir " . CONF['ht']['tor_keys_path'] . "/" . $_SESSION['username'] . "/" . $_POST['dir'] . "/ $torConf = "HiddenServiceDir " . CONF['ht']['tor_keys_path'] . "/" . $_SESSION['username'] . "/" . $_POST['dir'] . "/
HiddenServicePort 80 [::1]:" . CONF['ht']['internal_onion_http_port'] . " HiddenServicePort 80 [::1]:" . CONF['ht']['internal_onion_http_port'] . "
"; ";
if (file_put_contents(CONF['ht']['tor_config_path'] . '/' . $_SESSION['username'] . '/' . $_POST['dir'], $torConf) === false) if (file_put_contents(CONF['ht']['tor_config_path'] . '/' . $_SESSION['username'] . '/' . $_POST['dir'], $torConf) === false)
serverError("Failed to write new Tor configuration."); output(500, 'Failed to write new Tor configuration.');
// Reload Tor // Reload Tor
exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['systemctl_path'] . " reload " . CONF['ht']['tor_service'], $output, $code); exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['systemctl_path'] . " reload " . CONF['ht']['tor_service'], $output, $code);
if ($code !== 0) if ($code !== 0)
serverError("Failed to reload Tor."); output(500, 'Failed to reload Tor.');
// Get the address generated by Tor // Get the address generated by Tor
exec(CONF['ht']['sudo_path'] . ' -u ' . CONF['ht']['tor_user'] . ' ' . CONF['ht']['cat_path'] . ' ' . CONF['ht']['tor_keys_path'] . '/' . $_SESSION['username'] . '/' . $_POST['dir'] . '/hostname', $output); exec(CONF['ht']['sudo_path'] . ' -u ' . CONF['ht']['tor_user'] . ' ' . CONF['ht']['cat_path'] . ' ' . CONF['ht']['tor_keys_path'] . '/' . $_SESSION['username'] . '/' . $_POST['dir'] . '/hostname', $output);
$onion = $output[0]; $onion = $output[0];
if (preg_match("/[0-9a-z]{56}\.onion/", $onion) !== 1) if (preg_match("/[0-9a-z]{56}\.onion/", $onion) !== 1)
serverError("No onion address found."); output(500, 'No onion address found.');
// Store it in the database // Store it in the database
addSite($_SESSION['username'], $_POST['dir'], $onion, "onion", "http"); addSite($_SESSION['username'], $_POST['dir'], $onion, "onion", "http");
@ -40,15 +40,15 @@ if (processForm()) {
} }
'; ';
if (file_put_contents(CONF['ht']['nginx_config_path'] . "/" . $onion . ".conf", $nginxConf) === false) if (file_put_contents(CONF['ht']['nginx_config_path'] . "/" . $onion . ".conf", $nginxConf) === false)
serverError("Failed to write Nginx configuration."); output(500, 'Failed to write Nginx configuration.');
// Reload Nginx // Reload Nginx
exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['systemctl_path'] . " reload nginx", result_code: $code); exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['systemctl_path'] . " reload nginx", result_code: $code);
if ($code !== 0) if ($code !== 0)
serverError("Failed to reload Nginx."); output(500, 'Failed to reload Nginx.');
// Tell the user their site address // Tell the user their site address
success("L'adresse de votre service Onion HTTP est : <a href='http://" . $onion . "/'<code>http://" . $onion . "/</code></a>"); output(200, 'L\'adresse de votre service Onion HTTP est : <a href="http://' . $onion . '/"><code>http://' . $onion . '/</code></a>');
} }
?> ?>

View file

@ -7,11 +7,11 @@ else
if (processForm()) { if (processForm()) {
if ($dirsStatuses[$_POST['dir']] !== true) if ($dirsStatuses[$_POST['dir']] !== true)
userError("Wrong value for <code>dir</code>."); output(403, 'Wrong value for <code>dir</code>.');
htDeleteSite($_POST['dir'], domainType: 'dns', protocol: 'http'); htDeleteSite($_POST['dir'], domainType: 'dns', protocol: 'http');
success("Accès retiré."); output(200, 'Accès retiré.');
} }
?> ?>

View file

@ -7,11 +7,11 @@ else
if (processForm()) { if (processForm()) {
if ($dirsStatuses[$_POST['dir']] !== true) if ($dirsStatuses[$_POST['dir']] !== true)
userError("Wrong value for <code>dir</code>."); output(403, 'Wrong value for <code>dir</code>.');
htDeleteSite($_POST['dir'], domainType: 'onion', protocol: 'http'); htDeleteSite($_POST['dir'], domainType: 'onion', protocol: 'http');
success("Accès retiré."); output(200, 'Accès retiré.');
} }
?> ?>

View file

@ -4,13 +4,13 @@ if (processForm()) {
$values = nsParseCommonRequirements(); $values = nsParseCommonRequirements();
if (!($_POST['flag'] >= 0 AND $_POST['flag'] <= 255)) if (!($_POST['flag'] >= 0 AND $_POST['flag'] <= 255))
userError("Wrong value for <code>flag</code>."); output(403, 'Wrong value for <code>flag</code>.');
if (!(preg_match("/^[a-z]{1,127}$/", $_POST['tag']))) if (!(preg_match("/^[a-z]{1,127}$/", $_POST['tag'])))
userError("Wrong value for <code>tag</code>."); output(403, 'Wrong value for <code>tag</code>.');
if (!(preg_match("/^[a-z0-9.-]{1,255}$/", $_POST['value']))) if (!(preg_match("/^[a-z0-9.-]{1,255}$/", $_POST['value'])))
userError("Wrong value for <code>value</code>."); output(403, 'Wrong value for <code>value</code>.');
knotcZoneExec($_POST['zone'], array( knotcZoneExec($_POST['zone'], array(
$values['domain'], $values['domain'],
@ -21,7 +21,7 @@ if (processForm()) {
$_POST['value'] $_POST['value']
)); ));
success("Enregistrement ajouté"); output(200, 'Enregistrement ajouté');
} }
?> ?>

View file

@ -12,7 +12,7 @@ if (processForm()) {
$_POST['cname'] $_POST['cname']
)); ));
success("Enregistrement ajouté"); output(200, 'Enregistrement ajouté');
} }
?> ?>

View file

@ -12,7 +12,7 @@ if (processForm()) {
$_POST['dname'] $_POST['dname']
)); ));
success("Enregistrement ajouté"); output(200, 'Enregistrement ajouté');
} }
?> ?>

View file

@ -12,7 +12,7 @@ if (processForm()) {
$_POST['ip'] $_POST['ip']
)); ));
success("Enregistrement ajouté"); output(200, 'Enregistrement ajouté');
} }
?> ?>

View file

@ -19,36 +19,36 @@ if (processForm()) {
$_POST['vp'] = 10; $_POST['vp'] = 10;
if (!($_POST['lat-deg'] >= 0 AND $_POST['lat-deg'] <= 90)) if (!($_POST['lat-deg'] >= 0 AND $_POST['lat-deg'] <= 90))
userError("Wrong value for <code>lat-deg</code>."); output(403, 'Wrong value for <code>lat-deg</code>.');
if (!($_POST['lat-min'] >= 0 AND $_POST['lat-min'] <= 59)) if (!($_POST['lat-min'] >= 0 AND $_POST['lat-min'] <= 59))
userError("Wrong value for <code>lat-min</code>."); output(403, 'Wrong value for <code>lat-min</code>.');
if (!($_POST['lat-sec'] >= 0 AND $_POST['lat-sec'] <= 59.999)) if (!($_POST['lat-sec'] >= 0 AND $_POST['lat-sec'] <= 59.999))
userError("Wrong value for <code>lat-sec</code>."); output(403, 'Wrong value for <code>lat-sec</code>.');
if ($_POST['lat-dir'] !== "N" AND $_POST['lat-dir'] !== "S") if ($_POST['lat-dir'] !== "N" AND $_POST['lat-dir'] !== "S")
userError("Wrong value for <code>lat-dir</code>."); output(403, 'Wrong value for <code>lat-dir</code>.');
if (!($_POST['lon-deg'] >= 0 AND $_POST['lon-deg'] <= 180)) if (!($_POST['lon-deg'] >= 0 AND $_POST['lon-deg'] <= 180))
userError("Wrong value for <code>lon-deg</code>."); output(403, 'Wrong value for <code>lon-deg</code>.');
if (!($_POST['lon-min'] >= 0 AND $_POST['lon-min'] <= 59)) if (!($_POST['lon-min'] >= 0 AND $_POST['lon-min'] <= 59))
userError("Wrong value for <code>lon-min</code>."); output(403, 'Wrong value for <code>lon-min</code>.');
if (!($_POST['lon-sec'] >= 0 AND $_POST['lon-sec'] <= 59.999)) if (!($_POST['lon-sec'] >= 0 AND $_POST['lon-sec'] <= 59.999))
userError("Wrong value for <code>lon-sec</code>."); output(403, 'Wrong value for <code>lon-sec</code>.');
if ($_POST['lon-dir'] !== "E" AND $_POST['lon-dir'] !== "W") if ($_POST['lon-dir'] !== "E" AND $_POST['lon-dir'] !== "W")
userError("Wrong value for <code>lon-dir</code>."); output(403, 'Wrong value for <code>lon-dir</code>.');
if (!($_POST['alt'] >= -100000 AND $_POST['alt'] <= 42849672.95)) if (!($_POST['alt'] >= -100000 AND $_POST['alt'] <= 42849672.95))
userError("Wrong value for <code>alt</code>."); output(403, 'Wrong value for <code>alt</code>.');
if (!($_POST['size'] >= 0 AND $_POST['size'] <= 90000000)) if (!($_POST['size'] >= 0 AND $_POST['size'] <= 90000000))
userError("Wrong value for <code>size</code>."); output(403, 'Wrong value for <code>size</code>.');
if (!($_POST['hp'] >= 0 AND $_POST['hp'] <= 90000000)) if (!($_POST['hp'] >= 0 AND $_POST['hp'] <= 90000000))
userError("Wrong value for <code>hp</code>."); output(403, 'Wrong value for <code>hp</code>.');
if (!($_POST['vp'] >= 0 AND $_POST['vp'] <= 90000000)) if (!($_POST['vp'] >= 0 AND $_POST['vp'] <= 90000000))
userError("Wrong value for <code>vp</code>."); output(403, 'Wrong value for <code>vp</code>.');
knotcZoneExec($_POST['zone'], array( knotcZoneExec($_POST['zone'], array(
$values['domain'], $values['domain'],
@ -68,7 +68,7 @@ if (processForm()) {
$_POST['vp'] . 'm', $_POST['vp'] . 'm',
)); ));
success("Enregistrement ajouté"); output(200, 'Enregistrement ajouté');
} }
?> ?>

View file

@ -4,7 +4,7 @@ if (processForm()) {
$values = nsParseCommonRequirements(); $values = nsParseCommonRequirements();
if (!($_POST['priority'] >= 0 AND $_POST['priority'] <= 255)) if (!($_POST['priority'] >= 0 AND $_POST['priority'] <= 255))
userError("Wrong value for <code>priority</code>."); output(403, 'Wrong value for <code>priority</code>.');
$_POST['host'] = formatAbsoluteDomain($_POST['host']); $_POST['host'] = formatAbsoluteDomain($_POST['host']);
@ -16,7 +16,7 @@ if (processForm()) {
$_POST['host'] $_POST['host']
)); ));
success("Enregistrement ajouté"); output(200, 'Enregistrement ajouté');
} }
?> ?>

View file

@ -12,7 +12,7 @@ if (processForm()) {
$_POST['ns'] $_POST['ns']
)); ));
success("Enregistrement ajouté"); output(200, 'Enregistrement ajouté');
} }
?> ?>

View file

@ -29,11 +29,11 @@ if (processForm()) {
$zoneContent = file_get_contents(CONF['ns']['knot_zones_path'] . '/' . $_POST['zone'] . 'zone'); $zoneContent = file_get_contents(CONF['ns']['knot_zones_path'] . '/' . $_POST['zone'] . 'zone');
if ($zoneContent === false) if ($zoneContent === false)
serverError("Unable to read zone file."); output(500, 'Unable to read zone file.');
if ($_POST['print'] === 'raw') { if ($_POST['print'] === 'raw') {
echo '<pre>' . htmlspecialchars($zoneContent) . '</pre>'; echo '<pre>' . htmlspecialchars($zoneContent) . '</pre>';
success(); output(200);
} }
if ($_POST['print'] === 'table') { ?> if ($_POST['print'] === 'table') { ?>
@ -63,7 +63,7 @@ if (processForm()) {
$found = preg_match("#\n" . preg_quote($_POST['zone']) . "\s+0\s+CDS\s+([0-9]{1,5})\s+([0-9]{1,2})\s+([0-9])\s+([0-9A-F]{64})\n#", $zoneContent, $matches); $found = preg_match("#\n" . preg_quote($_POST['zone']) . "\s+0\s+CDS\s+([0-9]{1,5})\s+([0-9]{1,2})\s+([0-9])\s+([0-9A-F]{64})\n#", $zoneContent, $matches);
if ($found !== 1) if ($found !== 1)
serverError("Unable to get public key record from zone file."); output(500, 'Unable to get public key record from zone file.');
$tag = $matches[1]; $tag = $matches[1];
$algo = $matches[2]; $algo = $matches[2];
@ -96,6 +96,6 @@ if (processForm()) {
</dl> </dl>
<?php <?php
success(); output(200);
} }
} }

View file

@ -4,13 +4,13 @@ if (processForm()) {
$values = nsParseCommonRequirements(); $values = nsParseCommonRequirements();
if (!($_POST['priority'] >= 0 AND $_POST['priority'] <= 65535)) if (!($_POST['priority'] >= 0 AND $_POST['priority'] <= 65535))
userError("Wrong value for <code>priority</code>."); output(403, 'Wrong value for <code>priority</code>.');
if (!($_POST['weight'] >= 0 AND $_POST['weight'] <= 65535)) if (!($_POST['weight'] >= 0 AND $_POST['weight'] <= 65535))
userError("Wrong value for <code>weight</code>."); output(403, 'Wrong value for <code>weight</code>.');
if (!($_POST['port'] >= 0 AND $_POST['port'] <= 65535)) if (!($_POST['port'] >= 0 AND $_POST['port'] <= 65535))
userError("Wrong value for <code>port</code>."); output(403, 'Wrong value for <code>port</code>.');
$_POST['target'] = formatAbsoluteDomain($_POST['target']); $_POST['target'] = formatAbsoluteDomain($_POST['target']);
@ -24,7 +24,7 @@ if (processForm()) {
$_POST['target'] $_POST['target']
)); ));
success("Enregistrement ajouté"); output(200, 'Enregistrement ajouté');
} }
?> ?>

View file

@ -4,13 +4,13 @@ if (processForm()) {
$values = nsParseCommonRequirements(); $values = nsParseCommonRequirements();
if (!($_POST['algo'] === "1" OR $_POST['algo'] === "3" OR $_POST['algo'] === "4")) if (!($_POST['algo'] === "1" OR $_POST['algo'] === "3" OR $_POST['algo'] === "4"))
userError("Wrong value for <code>algo</code>."); output(403, 'Wrong value for <code>algo</code>.');
if (!($_POST['type'] === "2")) if (!($_POST['type'] === "2"))
userError("Wrong value for <code>type</code>."); output(403, 'Wrong value for <code>type</code>.');
if (!(preg_match("/^[a-z0-9]{64}$/", $_POST['fp']))) if (!(preg_match("/^[a-z0-9]{64}$/", $_POST['fp'])))
userError("Wrong value for <code>fp</code>."); output(403, 'Wrong value for <code>fp</code>.');
knotcZoneExec($_POST['zone'], array( knotcZoneExec($_POST['zone'], array(
$values['domain'], $values['domain'],
@ -21,7 +21,7 @@ if (processForm()) {
$_POST['fp'] $_POST['fp']
)); ));
success("Enregistrement ajouté"); output(200, 'Enregistrement ajouté');
} }
?> ?>

View file

@ -4,16 +4,16 @@ if (processForm()) {
$values = nsParseCommonRequirements(); $values = nsParseCommonRequirements();
if (!($_POST['use'] >= 0 AND $_POST['use'] <= 3)) if (!($_POST['use'] >= 0 AND $_POST['use'] <= 3))
userError("Wrong value for <code>use</code>."); output(403, 'Wrong value for <code>use</code>.');
if (!($_POST['selector'] === "0" OR $_POST['selector'] === "1")) if (!($_POST['selector'] === "0" OR $_POST['selector'] === "1"))
userError("Wrong value for <code>selector</code>."); output(403, 'Wrong value for <code>selector</code>.');
if (!($_POST['type'] >= 0 AND $_POST['type'] <= 2)) if (!($_POST['type'] >= 0 AND $_POST['type'] <= 2))
userError("Wrong value for <code>type</code>."); output(403, 'Wrong value for <code>type</code>.');
if (!(preg_match("/^[a-zA-Z0-9.-]{1,1024}$/", $_POST['content']))) if (!(preg_match("/^[a-zA-Z0-9.-]{1,1024}$/", $_POST['content'])))
userError("Wrong value for <code>content</code>."); output(403, 'Wrong value for <code>content</code>.');
knotcZoneExec($_POST['zone'], array( knotcZoneExec($_POST['zone'], array(
$values['domain'], $values['domain'],
@ -25,7 +25,7 @@ if (processForm()) {
$_POST['content'] $_POST['content']
)); ));
success("Enregistrement ajouté"); output(200, 'Enregistrement ajouté');
} }
?> ?>

View file

@ -4,7 +4,7 @@ if (processForm()) {
$values = nsParseCommonRequirements(); $values = nsParseCommonRequirements();
if (!(preg_match("/^[a-zA-Z0-9 =:!%$+\/\()[\]_-]{5,8192}$/", $_POST['txt']))) if (!(preg_match("/^[a-zA-Z0-9 =:!%$+\/\()[\]_-]{5,8192}$/", $_POST['txt'])))
userError("Wrong value for <code>txt</code>."); output(403, 'Wrong value for <code>txt</code>.');
knotcZoneExec($_POST['zone'], array( knotcZoneExec($_POST['zone'], array(
$values['domain'], $values['domain'],
@ -13,7 +13,7 @@ if (processForm()) {
"\"" . $_POST['txt'] . "\"" "\"" . $_POST['txt'] . "\""
)); ));
success("Enregistrement ajouté"); output(200, 'Enregistrement ajouté');
} }
?> ?>

View file

@ -4,7 +4,7 @@ if (processForm()) {
$_POST['domain'] = formatAbsoluteDomain($_POST['domain']); $_POST['domain'] = formatAbsoluteDomain($_POST['domain']);
if (query('select', 'zones', ['zone' => $_POST['domain']], 'zone') !== []) if (query('select', 'zones', ['zone' => $_POST['domain']], 'zone') !== [])
userError("Cette zone existe déjà sur ce service."); output(403, 'Cette zone existe déjà sur ce service.');
exec(CONF['ns']['kdig_path'] . " " . ltrim(strstr($_POST['domain'], '.'), '.') . " NS +short", $parentAuthoritatives); exec(CONF['ns']['kdig_path'] . " " . ltrim(strstr($_POST['domain'], '.'), '.') . " NS +short", $parentAuthoritatives);
foreach ($parentAuthoritatives as $parentAuthoritative) foreach ($parentAuthoritatives as $parentAuthoritative)
@ -12,7 +12,7 @@ if (processForm()) {
exec(CONF['ns']['kdig_path'] . " " . $_POST['domain'] . " NS @" . $parentAuthoritatives[0], $results); exec(CONF['ns']['kdig_path'] . " " . $_POST['domain'] . " NS @" . $parentAuthoritatives[0], $results);
preg_match_all('/' . preg_quote($_POST['domain'], '/') . '[\t ]+[0-9]{1,8}[\t ]+IN[\t ]+NS[\t ]+(.+)\n/', implode("\n", $results), $matches); preg_match_all('/' . preg_quote($_POST['domain'], '/') . '[\t ]+[0-9]{1,8}[\t ]+IN[\t ]+NS[\t ]+(.+)\n/', implode("\n", $results), $matches);
if (equalArrays(CONF['ns']['servers'], $matches[1]) !== true) if (equalArrays(CONF['ns']['servers'], $matches[1]) !== true)
userError("Les serveurs ayant autorité dans cette zone indiqués par la zone parente ne sont pas ceux de Niver."); output(403, 'Les serveurs ayant autorité dans cette zone indiqués par la zone parente ne sont pas ceux de Niver.');
insert('zones', [ insert('zones', [
'zone' => $_POST['domain'], 'zone' => $_POST['domain'],
@ -24,16 +24,16 @@ if (processForm()) {
foreach (CONF['ns']['servers'] as $server) foreach (CONF['ns']['servers'] as $server)
$knotZone .= $_POST['domain'] . ' 86400 NS ' . $server . "\n"; $knotZone .= $_POST['domain'] . ' 86400 NS ' . $server . "\n";
if (is_int(file_put_contents($knotZonePath, $knotZone)) !== true) if (is_int(file_put_contents($knotZonePath, $knotZone)) !== true)
serverError("Failed to write new zone file."); output(500, 'Failed to write new zone file.');
if (chmod($knotZonePath, 0660) !== true) if (chmod($knotZonePath, 0660) !== true)
serverError("Failed to chmod new zone file."); output(500, 'Failed to chmod new zone file.');
knotcConfExec([ knotcConfExec([
"set 'zone[" . $_POST['domain'] . "]'", "set 'zone[" . $_POST['domain'] . "]'",
"set 'zone[" . $_POST['domain'] . "].template' 'niver-ns'", "set 'zone[" . $_POST['domain'] . "].template' 'niver-ns'",
]); ]);
success("La requête a été traitée."); output(200, 'La requête a été traitée.');
} }
?> ?>

View file

@ -5,7 +5,7 @@ if (processForm()) {
nsDeleteZone($_POST['zone']); nsDeleteZone($_POST['zone']);
success("Zone effacée."); output(200, 'Zone effacée.');
} }
?> ?>

View file

@ -12,14 +12,14 @@ if (processForm()) {
AND ($_POST['algo'] !== "14") AND ($_POST['algo'] !== "14")
AND ($_POST['algo'] !== "15") AND ($_POST['algo'] !== "15")
AND ($_POST['algo'] !== "16") AND ($_POST['algo'] !== "16")
) userError("Wrong value for <code>algo</code>."); ) output(403, 'Wrong value for <code>algo</code>.');
$_POST['keytag'] = intval($_POST['keytag']); $_POST['keytag'] = intval($_POST['keytag']);
if ((!preg_match("/^[0-9]{1,6}$/", $_POST['keytag'])) OR !($_POST['keytag'] >= 1) OR !($_POST['keytag'] <= 65535)) if ((!preg_match("/^[0-9]{1,6}$/", $_POST['keytag'])) OR !($_POST['keytag'] >= 1) OR !($_POST['keytag'] <= 65535))
userError("Wrong value for <code>keytag</code>."); output(403, 'Wrong value for <code>keytag</code>.');
if ($_POST['dt'] !== "2" AND $_POST['dt'] !== "4") if ($_POST['dt'] !== "2" AND $_POST['dt'] !== "4")
userError("Wrong value for <code>dt</code>."); output(403, 'Wrong value for <code>dt</code>.');
regCheckDomainPossession($_POST['zone']); regCheckDomainPossession($_POST['zone']);
@ -35,7 +35,7 @@ if (processForm()) {
$_POST['key'] $_POST['key']
)); ));
success("La requête a été envoyée à Knot"); output(200, 'La requête a été envoyée à Knot');
} }
?> ?>

View file

@ -14,7 +14,7 @@ if (processForm()) {
$_POST['ip'] $_POST['ip']
)); ));
success("Glue record ajouté"); output(200, 'Glue record ajouté');
} }
?> ?>

View file

@ -11,7 +11,7 @@ if (processForm()) {
$_POST['ns'] $_POST['ns']
)); ));
success("Modification effectuée avec succès"); output(200, 'Modification effectuée avec succès');
} }
?> ?>

View file

@ -19,7 +19,7 @@ if (processForm()) {
$zoneContent = file_get_contents(CONF['reg']['registry_file']); $zoneContent = file_get_contents(CONF['reg']['registry_file']);
if ($zoneContent === false) if ($zoneContent === false)
serverError("Unable to read registry file."); output(500, 'Unable to read registry file.');
?> ?>
<table> <table>
@ -45,5 +45,5 @@ if (processForm()) {
echo '</table>'; echo '</table>';
success(); output(200);
} }

View file

@ -2,15 +2,15 @@
if (processForm()) { if (processForm()) {
if (preg_match("/" . CONF['reg']['subdomain_regex'] . "/", $_POST['subdomain']) !== 1) if (preg_match("/" . CONF['reg']['subdomain_regex'] . "/", $_POST['subdomain']) !== 1)
userError("Erreur : Le nom de domaine doit être composé uniquement d'entre 4 et 63 lettres minuscules (a-z)"); output(403, 'Erreur : Le nom de domaine doit être composé uniquement d\'entre 4 et 63 lettres minuscules (a-z)');
$domain = formatAbsoluteDomain($_POST['subdomain'] . '.' . CONF['reg']['registry']); $domain = formatAbsoluteDomain($_POST['subdomain'] . '.' . CONF['reg']['registry']);
if (query('select', 'registry', ['domain' => $domain], 'domain') !== []) if (query('select', 'registry', ['domain' => $domain], 'domain') !== [])
userError("Ce domaine n'est pas disponible à l'enregistrement. Il est déjà enregistré."); output(403, 'Ce domaine n\'est pas disponible à l\'enregistrement. Il est déjà enregistré.');
if (in_array($_POST['subdomain'], explode("\n", file_get_contents(CONF['common']['root_path'] . '/pages/reg/reserved.txt')))) if (in_array($_POST['subdomain'], explode("\n", file_get_contents(CONF['common']['root_path'] . '/pages/reg/reserved.txt'))))
userError("Ce domaine n'est pas disponible à l'enregistrement. Il est réservé."); output(403, 'Ce domaine n\'est pas disponible à l\'enregistrement. Il est réservé.');
insert('registry', [ insert('registry', [
'domain' => $domain, 'domain' => $domain,
@ -18,7 +18,7 @@ if (processForm()) {
'last_renewal' => date("Y-m-d H:i:s"), 'last_renewal' => date("Y-m-d H:i:s"),
]); ]);
success("Domaine ajouté au registre."); output(200, 'Domaine ajouté au registre.');
} }
?> ?>

View file

@ -5,7 +5,7 @@ if (processForm()) {
regDeleteDomain($_POST['domain']); regDeleteDomain($_POST['domain']);
success("Domaine effacé du registre."); output(200, 'Domaine effacé du registre.');
} }
?> ?>

View file

@ -105,11 +105,11 @@ echo str_repeat('</li></ul>', count(TITLES_LINEAGE));
<?php <?php
if (in_array(SERVICE, ['reg', 'ns', 'ht']) AND CONF[SERVICE]['enabled'] !== true) if (in_array(SERVICE, ['reg', 'ns', 'ht']) AND CONF[SERVICE]['enabled'] !== true)
userError("Ce service est désactivé."); output(403, 'Ce service est désactivé.');
// Protect against cross-site request forgery if a POST request is received // Protect against cross-site request forgery if a POST request is received
if (empty($_POST) === false AND (isset($_SERVER['HTTP_SEC_FETCH_SITE']) !== true OR $_SERVER['HTTP_SEC_FETCH_SITE'] !== "same-origin")) if (empty($_POST) === false AND (isset($_SERVER['HTTP_SEC_FETCH_SITE']) !== true OR $_SERVER['HTTP_SEC_FETCH_SITE'] !== "same-origin"))
userError("Anti-<abbr title='Cross-Site Request Forgery'>CSRF</abbr> verification failed ! (Wrong or unset <code>Sec-Fetch-Site</code> HTTP header)"); output(403, 'Anti-<abbr title="Cross-Site Request Forgery">CSRF</abbr> verification failed ! (Wrong or unset <code>Sec-Fetch-Site</code> HTTP header)');
function executePage() { function executePage() {
require "pages/" . PAGE_ADDRESS . ".php"; require "pages/" . PAGE_ADDRESS . ".php";