fn success/userError/serverError > output($code)
This commit is contained in:
parent
3571c456fd
commit
763762f08b
36 changed files with 137 additions and 149 deletions
|
@ -16,12 +16,12 @@ define("OPTIONS_PASSWORD", array(
|
|||
|
||||
function checkPasswordFormat($password) {
|
||||
if (preg_match("/" . PASSWORD_REGEX . "/u", $password) !== 1)
|
||||
userError("Password malformed.");
|
||||
output(403, 'Password malformed.');
|
||||
}
|
||||
|
||||
function checkUsernameFormat($username) {
|
||||
if (preg_match("/" . USERNAME_REGEX . "/u", $username) !== 1)
|
||||
userError("Username malformed.");
|
||||
output(403, 'Username malformed.');
|
||||
}
|
||||
|
||||
function hashPassword($password) {
|
||||
|
|
|
@ -2,26 +2,18 @@
|
|||
|
||||
$final_message = null;
|
||||
|
||||
function success($msg = '') {
|
||||
function output($code, $msg = '') {
|
||||
global $final_message;
|
||||
if ($msg !== '')
|
||||
$final_message = "<p><output><strong>Succès</strong> : <em>" . $msg . "</em></output></p>\n";
|
||||
}
|
||||
|
||||
// When the user requests something unexpected
|
||||
function userError($msg) {
|
||||
global $final_message;
|
||||
$final_message = "<p><output><strong>Erreur utilisataire</strong> : <em>" . $msg . "</em></output></p>\n";
|
||||
http_response_code(403);
|
||||
executePage();
|
||||
}
|
||||
|
||||
// When the system did something unexpected
|
||||
function serverError($msg) {
|
||||
global $final_message;
|
||||
$final_message = "<p><output><strong>Server error</strong>: The server encountered an error: <em>" . $msg . "</em></output></p>\n";
|
||||
http_response_code(500);
|
||||
$shortCode = $code / 100 % 10;
|
||||
$final_message = match ($shortCode) {
|
||||
2 => ($msg === '') ? '' : "<p><output><strong>Succès</strong> : <em>" . $msg . "</em></output></p>\n",
|
||||
4 => "<p><output><strong>Erreur utilisataire</strong> : <em>" . $msg . "</em></output></p>\n",
|
||||
5 => "<p><output><strong>Server error</strong>: The server encountered an error: <em>" . $msg . "</em></output></p>\n",
|
||||
};
|
||||
http_response_code($code);
|
||||
if ($shortCode === 5)
|
||||
error_log("Niver internal error: " . strip_tags($msg));
|
||||
if ($code !== 200)
|
||||
executePage();
|
||||
}
|
||||
|
||||
|
@ -33,7 +25,7 @@ function processForm($requireLogin = true) {
|
|||
if (empty($_POST))
|
||||
return false;
|
||||
if ($requireLogin AND !isset($_SESSION['username']))
|
||||
userError("Vous devez être connecté·e pour effectuer cette action.");
|
||||
output(403, 'Vous devez être connecté·e pour effectuer cette action.');
|
||||
return true;
|
||||
}
|
||||
|
||||
|
@ -119,11 +111,12 @@ function redirUrl($pageId) {
|
|||
function redir() {
|
||||
if (isset($_GET['redir'])) {
|
||||
if (preg_match('/^[0-9a-z\/-]{0,128}$/', $_GET['redir']) !== 1)
|
||||
userError("Wrong character in <code>redir</code>.");
|
||||
output(403, 'Wrong character in <code>redir</code>.');
|
||||
header('Location: ' . CONF['common']['prefix'] . '/' . $_GET['redir']);
|
||||
} else {
|
||||
header('Location: ' . CONF['common']['prefix'] . '/');
|
||||
}
|
||||
exit();
|
||||
}
|
||||
|
||||
// PHP rmdir() only works on empty directories
|
||||
|
@ -133,7 +126,7 @@ function removeDirectory($dir) {
|
|||
foreach ($files as $file)
|
||||
$file->isDir() && !$file->isLink() ? rmdir($file->getPathname()) : unlink($file->getPathname());
|
||||
if (rmdir($dir) !== true)
|
||||
serverError("Unable to remove directory.");
|
||||
output(500, 'Unable to remove directory.');
|
||||
}
|
||||
|
||||
function equalArrays($a, $b) {
|
||||
|
|
18
fn/dns.php
18
fn/dns.php
|
@ -3,20 +3,20 @@
|
|||
function knotcConfExec($cmds) {
|
||||
exec(CONF['dns']['knotc_path'] . " conf-begin", $output['begin'], $code['begin']);
|
||||
if ($code['begin'] !== 0)
|
||||
serverError("knotcConfExec: <code>knotc</code> failed with exit code <samp>" . $code['begin'] . "</samp>: <samp>" . $output['begin'][0] . "</samp>.");
|
||||
output(500, 'knotcConfExec: <code>knotc</code> failed with exit code <samp>' . $code['begin'] . '</samp>: <samp>' . $output['begin'][0] . '</samp>.');
|
||||
|
||||
foreach ($cmds as $cmd) {
|
||||
exec(CONF['dns']['knotc_path'] . " conf-" . $cmd, $output['op'], $code['op']);
|
||||
if ($code['op'] !== 0) {
|
||||
exec(CONF['dns']['knotc_path'] . " conf-abort");
|
||||
serverError("knotcConfExec: <code>knotc</code> failed with exit code <samp>" . $code['op'] . "</samp>: <samp>" . $output['op'][0] . "</samp>.");
|
||||
output(500, 'knotcConfExec: <code>knotc</code> failed with exit code <samp>' . $code['op'] . '</samp>: <samp>' . $output['op'][0] . '</samp>.');
|
||||
}
|
||||
}
|
||||
|
||||
exec(CONF['dns']['knotc_path'] . " conf-commit", $output['commit'], $code['commit']);
|
||||
if ($code['commit'] !== 0) {
|
||||
exec(CONF['dns']['knotc_path'] . " conf-abort");
|
||||
serverError("knotcConfExec: <code>knotc</code> failed with exit code <samp>" . $code['commit'] . "</samp>: <samp>" . $output['commit'][0] . "</samp>.");
|
||||
output(500, 'knotcConfExec: <code>knotc</code> failed with exit code <samp>' . $code['commit'] . '</samp>: <samp>' . $output['commit'][0] . '</samp>.');
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -25,18 +25,18 @@ function knotcZoneExec($zone, $cmd) {
|
|||
|
||||
exec(CONF['dns']['knotc_path'] . " zone-begin " . $zone, $output['begin'], $code['begin']);
|
||||
if ($code['begin'] !== 0)
|
||||
serverError("knotcZoneExec: <code>knotc</code> failed with exit code <samp>" . $code['begin'] . "</samp>: <samp>" . $output['begin'][0] . "</samp>.");
|
||||
output(500, 'knotcZoneExec: <code>knotc</code> failed with exit code <samp>' . $code['begin'] . '</samp>: <samp>' . $output['begin'][0] . '</samp>.');
|
||||
|
||||
exec(CONF['dns']['knotc_path'] . " zone-" . $action . "set " . $zone . " " . implode(" ", $cmd), $output['op'], $code['op']);
|
||||
if ($code['op'] !== 0) {
|
||||
exec(CONF['dns']['knotc_path'] . " zone-abort " . $zone);
|
||||
serverError("knotcZoneExec: <code>knotc</code> failed with exit code <samp>" . $code['op'] . "</samp>: <samp>" . $output['op'][0] . "</samp>.");
|
||||
output(500, 'knotcZoneExec: <code>knotc</code> failed with exit code <samp>' . $code['op'] . '</samp>: <samp>' . $output['op'][0] . '</samp>.');
|
||||
}
|
||||
|
||||
exec(CONF['dns']['knotc_path'] . " zone-commit " . $zone, $output['commit'], $code['commit']);
|
||||
if ($code['commit'] !== 0) {
|
||||
exec(CONF['dns']['knotc_path'] . " zone-abort " . $zone);
|
||||
serverError("knotcZoneExec: <code>knotc</code> failed with exit code <samp>" . $code['commit'] . "</samp>: <samp>" . $output['commit'][0] . "</samp>.");
|
||||
output(500, 'knotcZoneExec: <code>knotc</code> failed with exit code <samp>' . $code['commit'] . '</samp>: <samp>' . $output['commit'][0] . '</samp>.');
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -45,13 +45,13 @@ function checkIpFormat($ip) {
|
|||
return "A";
|
||||
if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6))
|
||||
return "AAAA";
|
||||
userError("IP address malformed.");
|
||||
output(403, 'IP address malformed.');
|
||||
}
|
||||
|
||||
function checkAbsoluteDomainFormat($domain) {
|
||||
// If the domain must end with a dot
|
||||
if (!filter_var($domain, FILTER_VALIDATE_DOMAIN) OR !preg_match("/^([a-z0-9_-]{1,63}\.){2,127}$/", $domain))
|
||||
userError("Domain malformed.");
|
||||
output(403, 'Domain malformed.');
|
||||
}
|
||||
|
||||
function formatEndWithDot($str) {
|
||||
|
@ -70,6 +70,6 @@ function checkAction($action) {
|
|||
return match ($action) {
|
||||
'add' => '',
|
||||
'delete' => 'un',
|
||||
default => userError("Wrong value for action."),
|
||||
default => output(403, 'Wrong value for action.'),
|
||||
};
|
||||
}
|
||||
|
|
14
fn/ht.php
14
fn/ht.php
|
@ -3,7 +3,7 @@
|
|||
function checkDomainFormat($domain) {
|
||||
// If the domain must end without a dot
|
||||
if (!filter_var($domain, FILTER_VALIDATE_DOMAIN) OR !preg_match("/^([a-z0-9_-]{1,63}\.){1,126}[a-z0-9]{1,63}$/", $domain))
|
||||
userError("Domain malformed.");
|
||||
output(403, 'Domain malformed.');
|
||||
}
|
||||
|
||||
function formatDomain($domain) {
|
||||
|
@ -49,17 +49,17 @@ function htDeleteSite($dir, $domainType, $protocol) {
|
|||
if ($domainType === 'onion') {
|
||||
// Delete Tor config
|
||||
if (unlink(CONF['ht']['tor_config_path'] . '/' . $_SESSION['username'] . '/' . $dir) !== true)
|
||||
serverError("Failed to delete Tor configuration.");
|
||||
output(500, 'Failed to delete Tor configuration.');
|
||||
|
||||
// Reload Tor
|
||||
exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['systemctl_path'] . " reload " . CONF['ht']['tor_service'], $output, $code);
|
||||
if ($code !== 0)
|
||||
serverError("Failed to reload Tor.");
|
||||
output(500, 'Failed to reload Tor.');
|
||||
|
||||
// Delete Tor keys
|
||||
exec(CONF['ht']['sudo_path'] . ' -u ' . CONF['ht']['tor_user'] . ' ' . CONF['ht']['rm_path'] . ' --recursive ' . CONF['ht']['tor_keys_path'] . '/' . $_SESSION['username'] . '/' . $dir, $output, $code);
|
||||
if ($code !== 0)
|
||||
serverError("Failed to delete Tor keys.");
|
||||
output(500, 'Failed to delete Tor keys.');
|
||||
}
|
||||
|
||||
// Delete Nginx config
|
||||
|
@ -70,18 +70,18 @@ function htDeleteSite($dir, $domainType, $protocol) {
|
|||
'site_dir' => $dir,
|
||||
], 'domain')[0];
|
||||
if (unlink(CONF['ht']['nginx_config_path'] . '/' . $domain . '.conf') !== true)
|
||||
serverError("Failed to delete Nginx configuration.");
|
||||
output(500, 'Failed to delete Nginx configuration.');
|
||||
|
||||
// Reload Nginx
|
||||
exec(CONF['ht']['sudo_path'] . ' ' . CONF['ht']['systemctl_path'] . ' reload nginx', result_code: $code);
|
||||
if ($code !== 0)
|
||||
serverError("Failed to reload Nginx.");
|
||||
output(500, 'Failed to reload Nginx.');
|
||||
|
||||
if ($domainType === 'dns') {
|
||||
// Delete Let's Encrypt certificate
|
||||
exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['certbot_path'] . " delete --quiet --cert-name " . $domain, $output, $code);
|
||||
if ($code !== 0)
|
||||
serverError("Certbot failed to delete the Let's Encrypt certificate.");
|
||||
output(500, 'Certbot failed to delete the Let\'s Encrypt certificate.');
|
||||
}
|
||||
|
||||
// Delete from database
|
||||
|
|
|
@ -20,7 +20,7 @@ function nsParseCommonRequirements() {
|
|||
$values['ttl'] = $_POST['ttl-value'] * $_POST['ttl-multiplier'];
|
||||
|
||||
if (!($values['ttl'] >= 300 AND $values['ttl'] <= 432000))
|
||||
userError("Le TTL doit être compris entre 5 minutes et 5 jours (entre 300 et 432000 secondes).");
|
||||
output(403, 'Le TTL doit être compris entre 5 minutes et 5 jours (entre 300 et 432000 secondes).');
|
||||
|
||||
return $values;
|
||||
}
|
||||
|
@ -33,7 +33,7 @@ function nsCheckZonePossession($zone) {
|
|||
checkAbsoluteDomainFormat($zone);
|
||||
|
||||
if (!in_array($zone, query('select', 'zones', ['username' => $_SESSION['username']], 'zone'), true))
|
||||
userError("You don't own this zone on the nameserver.");
|
||||
output(403, 'You don\'t own this zone on the nameserver.');
|
||||
}
|
||||
|
||||
function nsDeleteZone($zone) {
|
||||
|
@ -42,7 +42,7 @@ function nsDeleteZone($zone) {
|
|||
|
||||
// Remove Knot zone file
|
||||
if(unlink(CONF['ns']['knot_zones_path'] . '/' . $zone . 'zone') !== true)
|
||||
serverError("Failed to remove Knot zone file.");
|
||||
output(500, 'Failed to remove Knot zone file.');
|
||||
|
||||
// Remove Knot related data
|
||||
exec(CONF['dns']['knotc_path'] . " zone-purge " . $zone);
|
||||
|
|
|
@ -6,17 +6,17 @@ function regListUserDomains($username) {
|
|||
|
||||
function regCheckDomainPossession($domain) {
|
||||
if (in_array($domain, regListUserDomains($_SESSION['username']), true) !== true)
|
||||
userError("You don't own this domain.");
|
||||
output(403, 'You don\'t own this domain.');
|
||||
}
|
||||
|
||||
function regDeleteDomain($domain) {
|
||||
// Delete domain from registry file
|
||||
$regFile = file_get_contents(CONF['reg']['registry_file']);
|
||||
if ($regFile === false)
|
||||
serverError("Failed to read current registry File.");
|
||||
output(500, 'Failed to read current registry File.');
|
||||
$regFile = preg_replace("#[^\n]{0,1024}" . $domain . " {0,1024}[^\n]{0,1024}\n#", "", $regFile);
|
||||
if (file_put_contents(CONF['reg']['registry_file'], $regFile) === false)
|
||||
serverError("Failed to write new registry file.");
|
||||
output(500, 'Failed to write new registry file.');
|
||||
|
||||
// Delete from Niver's database
|
||||
query('delete', 'registry', [
|
||||
|
|
|
@ -6,10 +6,10 @@ if (processForm(false)) {
|
|||
checkUsernameFormat($_POST['username']);
|
||||
|
||||
if (userExist($_POST['username']) !== true)
|
||||
userError("Connexion impossible : ce compte n'existe pas.");
|
||||
output(403, 'Connexion impossible : ce compte n\'existe pas.');
|
||||
|
||||
if (checkPassword($_POST['username'], $_POST['password']) !== true)
|
||||
userError("Connexion impossible : clé de passe invalide.");
|
||||
output(403, 'Connexion impossible : clé de passe invalide.');
|
||||
|
||||
$_SESSION['username'] = $_POST['username'];
|
||||
|
||||
|
@ -17,8 +17,6 @@ if (processForm(false)) {
|
|||
changePassword($_SESSION['username'], $_POST['password']);
|
||||
|
||||
redir();
|
||||
|
||||
success("Connecté·e.");
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
@ -5,4 +5,3 @@ if (session_status() === PHP_SESSION_ACTIVE)
|
|||
|
||||
header('Clear-Site-Data: "*"');
|
||||
redir();
|
||||
success("Déconnecté·e.");
|
||||
|
|
|
@ -4,11 +4,11 @@ if (processForm()) {
|
|||
checkPasswordFormat($_POST['newPassword']);
|
||||
|
||||
if (checkPassword($_SESSION['username'], $_POST['currentPassword']) !== true)
|
||||
userError("Changement impossible : clé de passe invalide.");
|
||||
output(403, 'Changement impossible : clé de passe invalide.');
|
||||
|
||||
changePassword($_SESSION['username'], $_POST['newPassword']);
|
||||
|
||||
success("Clé de passe changée.");
|
||||
output(200, 'Clé de passe changée.');
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
@ -6,24 +6,24 @@ if (processForm(false)) {
|
|||
checkUsernameFormat($_POST['username']);
|
||||
|
||||
if (userExist($_POST['username']) !== false)
|
||||
userError("Ce nom de compte est déjà utilisé.");
|
||||
output(403, 'Ce nom de compte est déjà utilisé.');
|
||||
|
||||
// Setup SFTP directory
|
||||
umask(0002);
|
||||
if (mkdir(CONF['ht']['ht_path'] . "/" . $_POST['username'], 0775) !== true)
|
||||
serverError("Can't create user directory.");
|
||||
output(500, 'Can\'t create user directory.');
|
||||
exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['chgrp_path'] . " " . CONF['ht']['sftpgo_group'] . " " . CONF['ht']['ht_path'] . "/" . $_POST['username'] . " --no-dereference", result_code: $code);
|
||||
if ($code !== 0)
|
||||
serverError("Can't change user directory group.");
|
||||
output(500, 'Can\'t change user directory group.');
|
||||
|
||||
// Setup Tor config directory
|
||||
if (mkdir(CONF['ht']['tor_config_path'] . "/" . $_POST['username'], 0755) !== true)
|
||||
serverError("Can't create Tor config directory.");
|
||||
output(500, 'Can\'t create Tor config directory.');
|
||||
|
||||
// Setup Tor keys directory
|
||||
exec(CONF['ht']['sudo_path'] . " -u " . CONF['ht']['tor_user'] . " " . CONF['ht']['mkdir_path'] . " --mode=0700 " . CONF['ht']['tor_keys_path'] . "/" . $_POST['username'], result_code: $code);
|
||||
if ($code !== 0)
|
||||
serverError("Can't create Tor keys directory.");
|
||||
output(500, 'Can\'t create Tor keys directory.');
|
||||
|
||||
insert('users', [
|
||||
'username' => $_POST['username'],
|
||||
|
@ -34,8 +34,6 @@ if (processForm(false)) {
|
|||
$_SESSION['username'] = $_POST['username'];
|
||||
|
||||
redir();
|
||||
|
||||
success("Compte créé.");
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
if (processForm()) {
|
||||
if (!isset($_POST['delete']))
|
||||
userError("Il faut confirmer la suppression du compte");
|
||||
output(403, 'Il faut confirmer la suppression du compte');
|
||||
|
||||
foreach (query('select', 'registry', ['username' => $_SESSION['username']], 'domain') as $domain)
|
||||
regDeleteDomain($domain);
|
||||
|
@ -26,19 +26,19 @@ if (processForm()) {
|
|||
|
||||
exec(CONF['ht']['sudo_path'] . " -u " . CONF['ht']['tor_user'] . " " . CONF['ht']['rm_path'] . " --recursive " . CONF['ht']['tor_keys_path'] . "/" . $_SESSION['username'], result_code: $code);
|
||||
if ($code !== 0)
|
||||
serverError("Can't remove Tor keys directory.");
|
||||
output(500, 'Can\'t remove Tor keys directory.');
|
||||
|
||||
removeDirectory(CONF['ht']['tor_config_path'] . '/' . $_SESSION['username']);
|
||||
|
||||
exec(CONF['ht']['sudo_path'] . ' ' . CONF['ht']['rm_path'] . ' --recursive ' . CONF['ht']['ht_path'] . '/' . $_SESSION['username'], result_code: $code);
|
||||
if ($code !== 0)
|
||||
serverError("Can't remove user's directory.");
|
||||
output(500, 'Can\'t remove user\'s directory.');
|
||||
|
||||
query('delete', 'users', ['username' => $_SESSION['username']]);
|
||||
|
||||
require "logout.php";
|
||||
|
||||
success("Compte supprimé.");
|
||||
output(200, 'Compte supprimé.');
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
@ -9,28 +9,28 @@ if (processForm()) {
|
|||
$_POST['domain'] = formatDomain($_POST['domain']);
|
||||
|
||||
if ($dirsStatuses[$_POST['dir']] !== false)
|
||||
userError("Wrong value for <code>dir</code>.");
|
||||
output(403, 'Wrong value for <code>dir</code>.');
|
||||
|
||||
if (query('select', 'sites', ['domain' => $_POST['domain']], 'domain') !== [])
|
||||
userError("Ce domaine existe déjà sur ce service.");
|
||||
output(403, 'Ce domaine existe déjà sur ce service.');
|
||||
|
||||
$remoteAaaaRecords = dns_get_record($_POST['domain'], DNS_AAAA);
|
||||
if (is_array($remoteAaaaRecords) !== true)
|
||||
userError("Ce domaine n'existe pas.");
|
||||
output(403, 'Ce domaine n\'existe pas.');
|
||||
if (equalArrays([CONF['ht']['ipv6_address']], array_column($remoteAaaaRecords, 'ipv6')) !== true)
|
||||
userError("Ce domaine doit avoir pour unique enregistrement AAAA <code>" . CONF['ht']['ipv6_address'] . "</code>.");
|
||||
output(403, 'Ce domaine doit avoir pour unique enregistrement AAAA <code>' . CONF['ht']['ipv6_address'] . '</code>.');
|
||||
|
||||
$remoteARecords = dns_get_record($_POST['domain'], DNS_A);
|
||||
if (is_array($remoteARecords) !== true)
|
||||
userError("Ce domaine n'existe pas.");
|
||||
output(403, 'Ce domaine n\'existe pas.');
|
||||
if (equalArrays([CONF['ht']['ipv4_address']], array_column($remoteARecords, 'ip')) !== true)
|
||||
userError("Ce domaine doit avoir pour unique enregistrement A <code>" . CONF['ht']['ipv4_address'] . "</code>.");
|
||||
output(403, 'Ce domaine doit avoir pour unique enregistrement A <code>' . CONF['ht']['ipv4_address'] . '</code>.');
|
||||
|
||||
addSite($_SESSION['username'], $_POST['dir'], $_POST['domain'], "dns", "http");
|
||||
|
||||
exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['certbot_path'] . " certonly --quiet" . (CONF['ht']['letsencrypt_use_production'] ? '' : ' --test-cert') . " --key-type rsa --rsa-key-size 3072 --webroot --webroot-path /srv/niver/acme --domain " . $_POST['domain'], $output, $returnCode);
|
||||
if ($returnCode !== 0)
|
||||
serverError("Certbot failed to get a Let's Encrypt certificate.");
|
||||
output(500, 'Certbot failed to get a Let\'s Encrypt certificate.');
|
||||
|
||||
$nginxConf = 'server {
|
||||
listen [' . CONF['ht']['ipv6_listen_address'] . ']:' . CONF['ht']['https_port'] . ' ssl http2;
|
||||
|
@ -45,14 +45,14 @@ if (processForm()) {
|
|||
}
|
||||
';
|
||||
if (file_put_contents(CONF['ht']['nginx_config_path'] . "/" . $_POST['domain'] . ".conf", $nginxConf) === false)
|
||||
serverError("Failed to write Nginx configuration.");
|
||||
output(500, 'Failed to write Nginx configuration.');
|
||||
|
||||
// Reload Nginx
|
||||
exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['systemctl_path'] . " reload nginx", result_code: $code);
|
||||
if ($code !== 0)
|
||||
serverError("Failed to reload Nginx.");
|
||||
output(500, 'Failed to reload Nginx.');
|
||||
|
||||
success("Accès HTTP par domaine ajouté sur ce dossier !");
|
||||
output(200, 'Accès HTTP par domaine ajouté sur ce dossier !');
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
@ -7,25 +7,25 @@ else
|
|||
|
||||
if (processForm()) {
|
||||
if ($dirsStatuses[$_POST['dir']] !== false)
|
||||
userError("Wrong value for <code>dir</code>.");
|
||||
output(403, 'Wrong value for <code>dir</code>.');
|
||||
|
||||
// Add Tor config
|
||||
$torConf = "HiddenServiceDir " . CONF['ht']['tor_keys_path'] . "/" . $_SESSION['username'] . "/" . $_POST['dir'] . "/
|
||||
HiddenServicePort 80 [::1]:" . CONF['ht']['internal_onion_http_port'] . "
|
||||
";
|
||||
if (file_put_contents(CONF['ht']['tor_config_path'] . '/' . $_SESSION['username'] . '/' . $_POST['dir'], $torConf) === false)
|
||||
serverError("Failed to write new Tor configuration.");
|
||||
output(500, 'Failed to write new Tor configuration.');
|
||||
|
||||
// Reload Tor
|
||||
exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['systemctl_path'] . " reload " . CONF['ht']['tor_service'], $output, $code);
|
||||
if ($code !== 0)
|
||||
serverError("Failed to reload Tor.");
|
||||
output(500, 'Failed to reload Tor.');
|
||||
|
||||
// Get the address generated by Tor
|
||||
exec(CONF['ht']['sudo_path'] . ' -u ' . CONF['ht']['tor_user'] . ' ' . CONF['ht']['cat_path'] . ' ' . CONF['ht']['tor_keys_path'] . '/' . $_SESSION['username'] . '/' . $_POST['dir'] . '/hostname', $output);
|
||||
$onion = $output[0];
|
||||
if (preg_match("/[0-9a-z]{56}\.onion/", $onion) !== 1)
|
||||
serverError("No onion address found.");
|
||||
output(500, 'No onion address found.');
|
||||
|
||||
// Store it in the database
|
||||
addSite($_SESSION['username'], $_POST['dir'], $onion, "onion", "http");
|
||||
|
@ -40,15 +40,15 @@ if (processForm()) {
|
|||
}
|
||||
';
|
||||
if (file_put_contents(CONF['ht']['nginx_config_path'] . "/" . $onion . ".conf", $nginxConf) === false)
|
||||
serverError("Failed to write Nginx configuration.");
|
||||
output(500, 'Failed to write Nginx configuration.');
|
||||
|
||||
// Reload Nginx
|
||||
exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['systemctl_path'] . " reload nginx", result_code: $code);
|
||||
if ($code !== 0)
|
||||
serverError("Failed to reload Nginx.");
|
||||
output(500, 'Failed to reload Nginx.');
|
||||
|
||||
// Tell the user their site address
|
||||
success("L'adresse de votre service Onion HTTP est : <a href='http://" . $onion . "/'<code>http://" . $onion . "/</code></a>");
|
||||
output(200, 'L\'adresse de votre service Onion HTTP est : <a href="http://' . $onion . '/"><code>http://' . $onion . '/</code></a>');
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
@ -7,11 +7,11 @@ else
|
|||
|
||||
if (processForm()) {
|
||||
if ($dirsStatuses[$_POST['dir']] !== true)
|
||||
userError("Wrong value for <code>dir</code>.");
|
||||
output(403, 'Wrong value for <code>dir</code>.');
|
||||
|
||||
htDeleteSite($_POST['dir'], domainType: 'dns', protocol: 'http');
|
||||
|
||||
success("Accès retiré.");
|
||||
output(200, 'Accès retiré.');
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
@ -7,11 +7,11 @@ else
|
|||
|
||||
if (processForm()) {
|
||||
if ($dirsStatuses[$_POST['dir']] !== true)
|
||||
userError("Wrong value for <code>dir</code>.");
|
||||
output(403, 'Wrong value for <code>dir</code>.');
|
||||
|
||||
htDeleteSite($_POST['dir'], domainType: 'onion', protocol: 'http');
|
||||
|
||||
success("Accès retiré.");
|
||||
output(200, 'Accès retiré.');
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
@ -4,13 +4,13 @@ if (processForm()) {
|
|||
$values = nsParseCommonRequirements();
|
||||
|
||||
if (!($_POST['flag'] >= 0 AND $_POST['flag'] <= 255))
|
||||
userError("Wrong value for <code>flag</code>.");
|
||||
output(403, 'Wrong value for <code>flag</code>.');
|
||||
|
||||
if (!(preg_match("/^[a-z]{1,127}$/", $_POST['tag'])))
|
||||
userError("Wrong value for <code>tag</code>.");
|
||||
output(403, 'Wrong value for <code>tag</code>.');
|
||||
|
||||
if (!(preg_match("/^[a-z0-9.-]{1,255}$/", $_POST['value'])))
|
||||
userError("Wrong value for <code>value</code>.");
|
||||
output(403, 'Wrong value for <code>value</code>.');
|
||||
|
||||
knotcZoneExec($_POST['zone'], array(
|
||||
$values['domain'],
|
||||
|
@ -21,7 +21,7 @@ if (processForm()) {
|
|||
$_POST['value']
|
||||
));
|
||||
|
||||
success("Enregistrement ajouté");
|
||||
output(200, 'Enregistrement ajouté');
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
@ -12,7 +12,7 @@ if (processForm()) {
|
|||
$_POST['cname']
|
||||
));
|
||||
|
||||
success("Enregistrement ajouté");
|
||||
output(200, 'Enregistrement ajouté');
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
@ -12,7 +12,7 @@ if (processForm()) {
|
|||
$_POST['dname']
|
||||
));
|
||||
|
||||
success("Enregistrement ajouté");
|
||||
output(200, 'Enregistrement ajouté');
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
@ -12,7 +12,7 @@ if (processForm()) {
|
|||
$_POST['ip']
|
||||
));
|
||||
|
||||
success("Enregistrement ajouté");
|
||||
output(200, 'Enregistrement ajouté');
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
@ -19,36 +19,36 @@ if (processForm()) {
|
|||
$_POST['vp'] = 10;
|
||||
|
||||
if (!($_POST['lat-deg'] >= 0 AND $_POST['lat-deg'] <= 90))
|
||||
userError("Wrong value for <code>lat-deg</code>.");
|
||||
output(403, 'Wrong value for <code>lat-deg</code>.');
|
||||
if (!($_POST['lat-min'] >= 0 AND $_POST['lat-min'] <= 59))
|
||||
userError("Wrong value for <code>lat-min</code>.");
|
||||
output(403, 'Wrong value for <code>lat-min</code>.');
|
||||
if (!($_POST['lat-sec'] >= 0 AND $_POST['lat-sec'] <= 59.999))
|
||||
userError("Wrong value for <code>lat-sec</code>.");
|
||||
output(403, 'Wrong value for <code>lat-sec</code>.');
|
||||
|
||||
if ($_POST['lat-dir'] !== "N" AND $_POST['lat-dir'] !== "S")
|
||||
userError("Wrong value for <code>lat-dir</code>.");
|
||||
output(403, 'Wrong value for <code>lat-dir</code>.');
|
||||
|
||||
if (!($_POST['lon-deg'] >= 0 AND $_POST['lon-deg'] <= 180))
|
||||
userError("Wrong value for <code>lon-deg</code>.");
|
||||
output(403, 'Wrong value for <code>lon-deg</code>.');
|
||||
if (!($_POST['lon-min'] >= 0 AND $_POST['lon-min'] <= 59))
|
||||
userError("Wrong value for <code>lon-min</code>.");
|
||||
output(403, 'Wrong value for <code>lon-min</code>.');
|
||||
if (!($_POST['lon-sec'] >= 0 AND $_POST['lon-sec'] <= 59.999))
|
||||
userError("Wrong value for <code>lon-sec</code>.");
|
||||
output(403, 'Wrong value for <code>lon-sec</code>.');
|
||||
|
||||
if ($_POST['lon-dir'] !== "E" AND $_POST['lon-dir'] !== "W")
|
||||
userError("Wrong value for <code>lon-dir</code>.");
|
||||
output(403, 'Wrong value for <code>lon-dir</code>.');
|
||||
|
||||
if (!($_POST['alt'] >= -100000 AND $_POST['alt'] <= 42849672.95))
|
||||
userError("Wrong value for <code>alt</code>.");
|
||||
output(403, 'Wrong value for <code>alt</code>.');
|
||||
|
||||
if (!($_POST['size'] >= 0 AND $_POST['size'] <= 90000000))
|
||||
userError("Wrong value for <code>size</code>.");
|
||||
output(403, 'Wrong value for <code>size</code>.');
|
||||
|
||||
if (!($_POST['hp'] >= 0 AND $_POST['hp'] <= 90000000))
|
||||
userError("Wrong value for <code>hp</code>.");
|
||||
output(403, 'Wrong value for <code>hp</code>.');
|
||||
|
||||
if (!($_POST['vp'] >= 0 AND $_POST['vp'] <= 90000000))
|
||||
userError("Wrong value for <code>vp</code>.");
|
||||
output(403, 'Wrong value for <code>vp</code>.');
|
||||
|
||||
knotcZoneExec($_POST['zone'], array(
|
||||
$values['domain'],
|
||||
|
@ -68,7 +68,7 @@ if (processForm()) {
|
|||
$_POST['vp'] . 'm',
|
||||
));
|
||||
|
||||
success("Enregistrement ajouté");
|
||||
output(200, 'Enregistrement ajouté');
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
@ -4,7 +4,7 @@ if (processForm()) {
|
|||
$values = nsParseCommonRequirements();
|
||||
|
||||
if (!($_POST['priority'] >= 0 AND $_POST['priority'] <= 255))
|
||||
userError("Wrong value for <code>priority</code>.");
|
||||
output(403, 'Wrong value for <code>priority</code>.');
|
||||
|
||||
$_POST['host'] = formatAbsoluteDomain($_POST['host']);
|
||||
|
||||
|
@ -16,7 +16,7 @@ if (processForm()) {
|
|||
$_POST['host']
|
||||
));
|
||||
|
||||
success("Enregistrement ajouté");
|
||||
output(200, 'Enregistrement ajouté');
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
@ -12,7 +12,7 @@ if (processForm()) {
|
|||
$_POST['ns']
|
||||
));
|
||||
|
||||
success("Enregistrement ajouté");
|
||||
output(200, 'Enregistrement ajouté');
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
@ -29,11 +29,11 @@ if (processForm()) {
|
|||
|
||||
$zoneContent = file_get_contents(CONF['ns']['knot_zones_path'] . '/' . $_POST['zone'] . 'zone');
|
||||
if ($zoneContent === false)
|
||||
serverError("Unable to read zone file.");
|
||||
output(500, 'Unable to read zone file.');
|
||||
|
||||
if ($_POST['print'] === 'raw') {
|
||||
echo '<pre>' . htmlspecialchars($zoneContent) . '</pre>';
|
||||
success();
|
||||
output(200);
|
||||
}
|
||||
|
||||
if ($_POST['print'] === 'table') { ?>
|
||||
|
@ -63,7 +63,7 @@ if (processForm()) {
|
|||
|
||||
$found = preg_match("#\n" . preg_quote($_POST['zone']) . "\s+0\s+CDS\s+([0-9]{1,5})\s+([0-9]{1,2})\s+([0-9])\s+([0-9A-F]{64})\n#", $zoneContent, $matches);
|
||||
if ($found !== 1)
|
||||
serverError("Unable to get public key record from zone file.");
|
||||
output(500, 'Unable to get public key record from zone file.');
|
||||
|
||||
$tag = $matches[1];
|
||||
$algo = $matches[2];
|
||||
|
@ -96,6 +96,6 @@ if (processForm()) {
|
|||
</dl>
|
||||
|
||||
<?php
|
||||
success();
|
||||
output(200);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -4,13 +4,13 @@ if (processForm()) {
|
|||
$values = nsParseCommonRequirements();
|
||||
|
||||
if (!($_POST['priority'] >= 0 AND $_POST['priority'] <= 65535))
|
||||
userError("Wrong value for <code>priority</code>.");
|
||||
output(403, 'Wrong value for <code>priority</code>.');
|
||||
|
||||
if (!($_POST['weight'] >= 0 AND $_POST['weight'] <= 65535))
|
||||
userError("Wrong value for <code>weight</code>.");
|
||||
output(403, 'Wrong value for <code>weight</code>.');
|
||||
|
||||
if (!($_POST['port'] >= 0 AND $_POST['port'] <= 65535))
|
||||
userError("Wrong value for <code>port</code>.");
|
||||
output(403, 'Wrong value for <code>port</code>.');
|
||||
|
||||
$_POST['target'] = formatAbsoluteDomain($_POST['target']);
|
||||
|
||||
|
@ -24,7 +24,7 @@ if (processForm()) {
|
|||
$_POST['target']
|
||||
));
|
||||
|
||||
success("Enregistrement ajouté");
|
||||
output(200, 'Enregistrement ajouté');
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
@ -4,13 +4,13 @@ if (processForm()) {
|
|||
$values = nsParseCommonRequirements();
|
||||
|
||||
if (!($_POST['algo'] === "1" OR $_POST['algo'] === "3" OR $_POST['algo'] === "4"))
|
||||
userError("Wrong value for <code>algo</code>.");
|
||||
output(403, 'Wrong value for <code>algo</code>.');
|
||||
|
||||
if (!($_POST['type'] === "2"))
|
||||
userError("Wrong value for <code>type</code>.");
|
||||
output(403, 'Wrong value for <code>type</code>.');
|
||||
|
||||
if (!(preg_match("/^[a-z0-9]{64}$/", $_POST['fp'])))
|
||||
userError("Wrong value for <code>fp</code>.");
|
||||
output(403, 'Wrong value for <code>fp</code>.');
|
||||
|
||||
knotcZoneExec($_POST['zone'], array(
|
||||
$values['domain'],
|
||||
|
@ -21,7 +21,7 @@ if (processForm()) {
|
|||
$_POST['fp']
|
||||
));
|
||||
|
||||
success("Enregistrement ajouté");
|
||||
output(200, 'Enregistrement ajouté');
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
@ -4,16 +4,16 @@ if (processForm()) {
|
|||
$values = nsParseCommonRequirements();
|
||||
|
||||
if (!($_POST['use'] >= 0 AND $_POST['use'] <= 3))
|
||||
userError("Wrong value for <code>use</code>.");
|
||||
output(403, 'Wrong value for <code>use</code>.');
|
||||
|
||||
if (!($_POST['selector'] === "0" OR $_POST['selector'] === "1"))
|
||||
userError("Wrong value for <code>selector</code>.");
|
||||
output(403, 'Wrong value for <code>selector</code>.');
|
||||
|
||||
if (!($_POST['type'] >= 0 AND $_POST['type'] <= 2))
|
||||
userError("Wrong value for <code>type</code>.");
|
||||
output(403, 'Wrong value for <code>type</code>.');
|
||||
|
||||
if (!(preg_match("/^[a-zA-Z0-9.-]{1,1024}$/", $_POST['content'])))
|
||||
userError("Wrong value for <code>content</code>.");
|
||||
output(403, 'Wrong value for <code>content</code>.');
|
||||
|
||||
knotcZoneExec($_POST['zone'], array(
|
||||
$values['domain'],
|
||||
|
@ -25,7 +25,7 @@ if (processForm()) {
|
|||
$_POST['content']
|
||||
));
|
||||
|
||||
success("Enregistrement ajouté");
|
||||
output(200, 'Enregistrement ajouté');
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
@ -4,7 +4,7 @@ if (processForm()) {
|
|||
$values = nsParseCommonRequirements();
|
||||
|
||||
if (!(preg_match("/^[a-zA-Z0-9 =:!%$+\/\()[\]_-]{5,8192}$/", $_POST['txt'])))
|
||||
userError("Wrong value for <code>txt</code>.");
|
||||
output(403, 'Wrong value for <code>txt</code>.');
|
||||
|
||||
knotcZoneExec($_POST['zone'], array(
|
||||
$values['domain'],
|
||||
|
@ -13,7 +13,7 @@ if (processForm()) {
|
|||
"\"" . $_POST['txt'] . "\""
|
||||
));
|
||||
|
||||
success("Enregistrement ajouté");
|
||||
output(200, 'Enregistrement ajouté');
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
@ -4,7 +4,7 @@ if (processForm()) {
|
|||
$_POST['domain'] = formatAbsoluteDomain($_POST['domain']);
|
||||
|
||||
if (query('select', 'zones', ['zone' => $_POST['domain']], 'zone') !== [])
|
||||
userError("Cette zone existe déjà sur ce service.");
|
||||
output(403, 'Cette zone existe déjà sur ce service.');
|
||||
|
||||
exec(CONF['ns']['kdig_path'] . " " . ltrim(strstr($_POST['domain'], '.'), '.') . " NS +short", $parentAuthoritatives);
|
||||
foreach ($parentAuthoritatives as $parentAuthoritative)
|
||||
|
@ -12,7 +12,7 @@ if (processForm()) {
|
|||
exec(CONF['ns']['kdig_path'] . " " . $_POST['domain'] . " NS @" . $parentAuthoritatives[0], $results);
|
||||
preg_match_all('/' . preg_quote($_POST['domain'], '/') . '[\t ]+[0-9]{1,8}[\t ]+IN[\t ]+NS[\t ]+(.+)\n/', implode("\n", $results), $matches);
|
||||
if (equalArrays(CONF['ns']['servers'], $matches[1]) !== true)
|
||||
userError("Les serveurs ayant autorité dans cette zone indiqués par la zone parente ne sont pas ceux de Niver.");
|
||||
output(403, 'Les serveurs ayant autorité dans cette zone indiqués par la zone parente ne sont pas ceux de Niver.');
|
||||
|
||||
insert('zones', [
|
||||
'zone' => $_POST['domain'],
|
||||
|
@ -24,16 +24,16 @@ if (processForm()) {
|
|||
foreach (CONF['ns']['servers'] as $server)
|
||||
$knotZone .= $_POST['domain'] . ' 86400 NS ' . $server . "\n";
|
||||
if (is_int(file_put_contents($knotZonePath, $knotZone)) !== true)
|
||||
serverError("Failed to write new zone file.");
|
||||
output(500, 'Failed to write new zone file.');
|
||||
if (chmod($knotZonePath, 0660) !== true)
|
||||
serverError("Failed to chmod new zone file.");
|
||||
output(500, 'Failed to chmod new zone file.');
|
||||
|
||||
knotcConfExec([
|
||||
"set 'zone[" . $_POST['domain'] . "]'",
|
||||
"set 'zone[" . $_POST['domain'] . "].template' 'niver-ns'",
|
||||
]);
|
||||
|
||||
success("La requête a été traitée.");
|
||||
output(200, 'La requête a été traitée.');
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
@ -5,7 +5,7 @@ if (processForm()) {
|
|||
|
||||
nsDeleteZone($_POST['zone']);
|
||||
|
||||
success("Zone effacée.");
|
||||
output(200, 'Zone effacée.');
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
@ -12,14 +12,14 @@ if (processForm()) {
|
|||
AND ($_POST['algo'] !== "14")
|
||||
AND ($_POST['algo'] !== "15")
|
||||
AND ($_POST['algo'] !== "16")
|
||||
) userError("Wrong value for <code>algo</code>.");
|
||||
) output(403, 'Wrong value for <code>algo</code>.');
|
||||
|
||||
$_POST['keytag'] = intval($_POST['keytag']);
|
||||
if ((!preg_match("/^[0-9]{1,6}$/", $_POST['keytag'])) OR !($_POST['keytag'] >= 1) OR !($_POST['keytag'] <= 65535))
|
||||
userError("Wrong value for <code>keytag</code>.");
|
||||
output(403, 'Wrong value for <code>keytag</code>.');
|
||||
|
||||
if ($_POST['dt'] !== "2" AND $_POST['dt'] !== "4")
|
||||
userError("Wrong value for <code>dt</code>.");
|
||||
output(403, 'Wrong value for <code>dt</code>.');
|
||||
|
||||
regCheckDomainPossession($_POST['zone']);
|
||||
|
||||
|
@ -35,7 +35,7 @@ if (processForm()) {
|
|||
$_POST['key']
|
||||
));
|
||||
|
||||
success("La requête a été envoyée à Knot");
|
||||
output(200, 'La requête a été envoyée à Knot');
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
@ -14,7 +14,7 @@ if (processForm()) {
|
|||
$_POST['ip']
|
||||
));
|
||||
|
||||
success("Glue record ajouté");
|
||||
output(200, 'Glue record ajouté');
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
@ -11,7 +11,7 @@ if (processForm()) {
|
|||
$_POST['ns']
|
||||
));
|
||||
|
||||
success("Modification effectuée avec succès");
|
||||
output(200, 'Modification effectuée avec succès');
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
@ -19,7 +19,7 @@ if (processForm()) {
|
|||
|
||||
$zoneContent = file_get_contents(CONF['reg']['registry_file']);
|
||||
if ($zoneContent === false)
|
||||
serverError("Unable to read registry file.");
|
||||
output(500, 'Unable to read registry file.');
|
||||
|
||||
?>
|
||||
<table>
|
||||
|
@ -45,5 +45,5 @@ if (processForm()) {
|
|||
|
||||
echo '</table>';
|
||||
|
||||
success();
|
||||
output(200);
|
||||
}
|
||||
|
|
|
@ -2,15 +2,15 @@
|
|||
|
||||
if (processForm()) {
|
||||
if (preg_match("/" . CONF['reg']['subdomain_regex'] . "/", $_POST['subdomain']) !== 1)
|
||||
userError("Erreur : Le nom de domaine doit être composé uniquement d'entre 4 et 63 lettres minuscules (a-z)");
|
||||
output(403, 'Erreur : Le nom de domaine doit être composé uniquement d\'entre 4 et 63 lettres minuscules (a-z)');
|
||||
|
||||
$domain = formatAbsoluteDomain($_POST['subdomain'] . '.' . CONF['reg']['registry']);
|
||||
|
||||
if (query('select', 'registry', ['domain' => $domain], 'domain') !== [])
|
||||
userError("Ce domaine n'est pas disponible à l'enregistrement. Il est déjà enregistré.");
|
||||
output(403, 'Ce domaine n\'est pas disponible à l\'enregistrement. Il est déjà enregistré.');
|
||||
|
||||
if (in_array($_POST['subdomain'], explode("\n", file_get_contents(CONF['common']['root_path'] . '/pages/reg/reserved.txt'))))
|
||||
userError("Ce domaine n'est pas disponible à l'enregistrement. Il est réservé.");
|
||||
output(403, 'Ce domaine n\'est pas disponible à l\'enregistrement. Il est réservé.');
|
||||
|
||||
insert('registry', [
|
||||
'domain' => $domain,
|
||||
|
@ -18,7 +18,7 @@ if (processForm()) {
|
|||
'last_renewal' => date("Y-m-d H:i:s"),
|
||||
]);
|
||||
|
||||
success("Domaine ajouté au registre.");
|
||||
output(200, 'Domaine ajouté au registre.');
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
@ -5,7 +5,7 @@ if (processForm()) {
|
|||
|
||||
regDeleteDomain($_POST['domain']);
|
||||
|
||||
success("Domaine effacé du registre.");
|
||||
output(200, 'Domaine effacé du registre.');
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
@ -105,11 +105,11 @@ echo str_repeat('</li></ul>', count(TITLES_LINEAGE));
|
|||
<?php
|
||||
|
||||
if (in_array(SERVICE, ['reg', 'ns', 'ht']) AND CONF[SERVICE]['enabled'] !== true)
|
||||
userError("Ce service est désactivé.");
|
||||
output(403, 'Ce service est désactivé.');
|
||||
|
||||
// Protect against cross-site request forgery if a POST request is received
|
||||
if (empty($_POST) === false AND (isset($_SERVER['HTTP_SEC_FETCH_SITE']) !== true OR $_SERVER['HTTP_SEC_FETCH_SITE'] !== "same-origin"))
|
||||
userError("Anti-<abbr title='Cross-Site Request Forgery'>CSRF</abbr> verification failed ! (Wrong or unset <code>Sec-Fetch-Site</code> HTTP header)");
|
||||
output(403, 'Anti-<abbr title="Cross-Site Request Forgery">CSRF</abbr> verification failed ! (Wrong or unset <code>Sec-Fetch-Site</code> HTTP header)');
|
||||
|
||||
function executePage() {
|
||||
require "pages/" . PAGE_ADDRESS . ".php";
|
||||
|
|
Loading…
Reference in a new issue