pi-hole/advanced/index.php

<?php
/* Detailed Pi-hole Block Page: Show "Website Blocked" if user browses to site, but not to image/file requests based on the work of WaLLy3K for DietPi & Pi-Hole */

function validIP($address){
	if (preg_match('/[.:0]/', $address) && !preg_match('/[1-9a-f]/', $address)) {
		// Test if address contains either `:` or `0` but not 1-9 or a-f
		return false;
	}
	return !filter_var($address, FILTER_VALIDATE_IP) === false;
}

$uri = escapeshellcmd($_SERVER['REQUEST_URI']);
$serverName = escapeshellcmd($_SERVER['SERVER_NAME']);

// If the server name is 'pi.hole', it's likely a user trying to get to the admin panel.
// Let's be nice and redirect them.
if ($serverName === 'pi.hole')
{
    header('HTTP/1.1 301 Moved Permanently');
    header("Location: /admin/");
}

// Retrieve server URI extension (EG: jpg, exe, php)
ini_set('pcre.recursion_limit',100);
$uriExt = pathinfo($uri, PATHINFO_EXTENSION);

// Define which URL extensions get rendered as "Website Blocked"
$webExt = array('asp', 'htm', 'html', 'php', 'rss', 'xml');

// Get IPv4 and IPv6 addresses from setupVars.conf (if available)
$setupVars = parse_ini_file("/etc/pihole/setupVars.conf");
$ipv4 = isset($setupVars["IPV4_ADDRESS"]) ? explode("/", $setupVars["IPV4_ADDRESS"])[0] : $_SERVER['SERVER_ADDR'];
$ipv6 = isset($setupVars["IPV6_ADDRESS"]) ? explode("/", $setupVars["IPV6_ADDRESS"])[0] : $_SERVER['SERVER_ADDR'];

$AUTHORIZED_HOSTNAMES = array(
	$ipv4,
	$ipv6,
	str_replace(array("[","]"), array("",""), $_SERVER["SERVER_ADDR"]),
	"pi.hole",
	"localhost");
// Allow user set virtual hostnames
$virtual_host = getenv('VIRTUAL_HOST');
if (!empty($virtual_host))
	array_push($AUTHORIZED_HOSTNAMES, $virtual_host);

// Immediately quit since we didn't block this page (the IP address or pi.hole is explicitly requested)
if(validIP($serverName) || in_array($serverName,$AUTHORIZED_HOSTNAMES))
{
	http_response_code(404);
	die();
}

if(in_array($uriExt, $webExt) || empty($uriExt))
{
	// Requested resource has an extension listed in $webExt
	// or no extension (index access to some folder incl. the root dir)
	$showPage = true;
}
else
{
	// Something else
	$showPage = false;
}

// Handle incoming URI types
if (!$showPage)
{
?>
<html>
<head>
<script>window.close();</script></head>
<body>
<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7">
</body>
</html>
<?php
	die();
}

// Get Pi-hole version
$piHoleVersion = exec('cd /etc/.pihole/ && git describe --tags --abbrev=0');

// Don't show the URI if it is the root directory
if($uri == "/")
{
	$uri = "";
}

?>
<!DOCTYPE html>
<html>
<head>
	<meta charset='UTF-8'/>
	<title>Website Blocked</title>
	<link rel='stylesheet' href='http://pi.hole/pihole/blockingpage.css'/>
	<link rel='shortcut icon' href='http://pi.hole/admin/img/favicon.png' type='image/png'/>
	<meta name='viewport' content='width=device-width,initial-scale=1.0,maximum-scale=1.0, user-scalable=no'/>
	<meta name='robots' content='noindex,nofollow'/>
</head>
<body id="body">
<header>
	<h1><a href='/'>Website Blocked</a></h1>
</header>
<main>
	<div>Access to the following site has been blocked:<br/>
	<span class='pre msg'><?php echo $serverName.$uri; ?></span></div>
	<div>If you have an ongoing use for this website, please ask the owner of the Pi-hole in your network to have it whitelisted.</div>
	<input id="domain" type="hidden" value="<?php echo $serverName; ?>">
	<input id="quiet" type="hidden" value="yes">
	<button id="btnSearch" class="buttons blocked" type="button" style="visibility: hidden;"></button>
	This page is blocked because it is explicitly contained within the following block list(s):
	<pre id="output" style="width: 100%; height: 100%;" hidden="true"></pre><br/>
	<div class='buttons blocked'>
		<a class='safe33' href='javascript:history.back()'>Go back</a>
		<a class='safe33' id="whitelisting">Whitelist this page</a>
		<a class='safe33' href='javascript:window.close()'>Close window</a>
	</div>
		<div style="width: 98%; text-align: center; padding: 10px;" hidden="true" id="whitelistingform">
			<p>Note that whitelisting domains which are blocked using the wildcard method won't work.</p>
			<p>Password required!</p><br/>
		<form>
			<input name="list" type="hidden" value="white"><br/>
			Domain:<br/>
			<input name="domain" value="<?php echo $serverName ?>" disabled><br/><br/>
			Password:<br/>
			<input type="password" id="pw" name="pw"><br/><br/>
			<button class="buttons33 safe" id="btnAdd" type="button">Whitelist</button>
		</form><br/>
		<pre id="whitelistingoutput" style="width: 100%; height: 100%; padding: 5px;" hidden="true"></pre><br/>
		</div>
</main>
<footer>Generated <?php echo date('D g:i A, M d'); ?> by Pi-hole <?php echo $piHoleVersion; ?></footer>
<script src="http://pi.hole/admin/scripts/vendor/jquery.min.js"></script>
<script>
// Create event for when the output is appended to
(function($) {
    var origAppend = $.fn.append;

    $.fn.append = function () {
        return origAppend.apply(this, arguments).trigger("append");
    };
})(jQuery);
</script>
<script src="http://pi.hole/admin/scripts/pi-hole/js/queryads.js"></script>
<script>
function inIframe () {
    try {
        return window.self !== window.top;
    } catch (e) {
        return true;
    }
}

// Try to detect if page is loaded within iframe
if(inIframe())
{
    // Within iframe
    // hide content of page
    $('#body').hide();
    // remove background
    document.body.style.backgroundImage = "none";
}
else
{
    // Query adlists
    $( "#btnSearch" ).click();
}

$( "#whitelisting" ).on( "click", function(){ $( "#whitelistingform" ).removeAttr( "hidden" ); });

// Remove whitelist functionality if the domain was blocked because of a wildcard
$( "#output" ).bind("append", function(){
	if($( "#output" ).contents()[0].data.indexOf("Wildcard blocking") !== -1)
	{
		$( "#whitelisting" ).hide();
		$( "#whitelistingform" ).hide();
	}
});

function add() {
	var domain = $("#domain");
	var pw = $("#pw");
	if(domain.val().length === 0){
		return;
	}

	$.ajax({
		url: "admin/scripts/pi-hole/php/add.php",
		method: "post",
		data: {"domain":domain.val(), "list":"white", "pw":pw.val()},
		success: function(response) {
			$( "#whitelistingoutput" ).removeAttr( "hidden" );
			if(response.indexOf("Pi-hole blocking") !== -1)
			{
				// Reload page after 5 seconds
				setTimeout(function(){window.location.reload(1);}, 5000);
				$( "#whitelistingoutput" ).html("---> Success <---<br/>You may have to flush your DNS cache");
			}
			else
			{
				$( "#whitelistingoutput" ).html("---> "+response+" <---");
			}

		},
		error: function(jqXHR, exception) {
			$( "#whitelistingoutput" ).removeAttr( "hidden" );
			$( "#whitelistingoutput" ).html("---> Unknown Error <---");
		}
	});
}
// Handle enter button for adding domains
$(document).keypress(function(e) {
    if(e.which === 13 && $("#pw").is(":focus")) {
        add();
    }
});

// Handle buttons
$("#btnAdd").on("click", function() {
    add();
});
</script>
</body>
</html>
Updated index.php 2016-12-04 21:17:08 +00:00			`<?php`
Match the Pi-hole brand (#1358) * Update README.md * Update index.php * Update basic-install.sh * Update piholeCheckout.sh * Update update.sh * Update CONTRIBUTING.md * Update the Pi-hole brand tip in CONTRIBUTING.md Use a better formulation. * Update README.md 2 2017-04-03 15:29:57 +00:00			`/* Detailed Pi-hole Block Page: Show "Website Blocked" if user browses to site, but not to image/file requests based on the work of WaLLy3K for DietPi & Pi-Hole */`
Updated index.php 2016-12-04 21:17:08 +00:00
Improve Error 404 page behavior 2017-03-28 22:02:00 +00:00			`function validIP($address){`
			`if (preg_match('/[.:0]/', $address) && !preg_match('/[1-9a-f]/', $address)) {`
			// Test if address contains either `:` or `0` but not 1-9 or a-f
			`return false;`
			`}`
			`return !filter_var($address, FILTER_VALIDATE_IP) === false;`
			`}`

Updated index.php 2016-12-04 21:17:08 +00:00			`$uri = escapeshellcmd($_SERVER['REQUEST_URI']);`
			`$serverName = escapeshellcmd($_SERVER['SERVER_NAME']);`

Redirect to admin panel when accessing 'http://pi.hole/' If someone tries to access 'http://pi.hole/', it will take them to the "Website blocked" page. Very confusing if you don't know to go to 'http://pi.hole/admin/'. This just redirects them to the admin panel. 2017-03-05 05:58:21 +00:00			`// If the server name is 'pi.hole', it's likely a user trying to get to the admin panel.`
			`// Let's be nice and redirect them.`
			`if ($serverName === 'pi.hole')`
			`{`
Change 302 redirect to 301 Change "302 Found" response to "301 Moved Permanently", as "302 Found" is meant for temporary redirects. Was asked to do so in this comment: https://github.com/pi-hole/pi-hole/pull/1297#issuecomment-284335421 2017-03-09 06:38:56 +00:00			`header('HTTP/1.1 301 Moved Permanently');`
Redirect to admin panel when accessing 'http://pi.hole/' If someone tries to access 'http://pi.hole/', it will take them to the "Website blocked" page. Very confusing if you don't know to go to 'http://pi.hole/admin/'. This just redirects them to the admin panel. 2017-03-05 05:58:21 +00:00			`header("Location: /admin/");`
			`}`

Updated index.php 2016-12-04 21:17:08 +00:00			`// Retrieve server URI extension (EG: jpg, exe, php)`
Improve Error 404 page behavior 2017-03-28 22:02:00 +00:00			`ini_set('pcre.recursion_limit',100);`
Updated index.php 2016-12-04 21:17:08 +00:00			`$uriExt = pathinfo($uri, PATHINFO_EXTENSION);`

			`// Define which URL extensions get rendered as "Website Blocked"`
			`$webExt = array('asp', 'htm', 'html', 'php', 'rss', 'xml');`

Populate $ipv4 and $ipv6 + fix small error that prevented blocking page from coming up at all. Fixes #1396 2017-04-20 11:52:54 +00:00			`// Get IPv4 and IPv6 addresses from setupVars.conf (if available)`
			`$setupVars = parse_ini_file("/etc/pihole/setupVars.conf");`
			`$ipv4 = isset($setupVars["IPV4_ADDRESS"]) ? explode("/", $setupVars["IPV4_ADDRESS"])[0] : $_SERVER['SERVER_ADDR'];`
			`$ipv6 = isset($setupVars["IPV6_ADDRESS"]) ? explode("/", $setupVars["IPV6_ADDRESS"])[0] : $_SERVER['SERVER_ADDR'];`

Recognize more host names 2017-04-03 14:28:18 +00:00			`$AUTHORIZED_HOSTNAMES = array(`
			`$ipv4,`
			`$ipv6,`
Populate $ipv4 and $ipv6 + fix small error that prevented blocking page from coming up at all. Fixes #1396 2017-04-20 11:52:54 +00:00			`str_replace(array("[","]"), array("",""), $_SERVER["SERVER_ADDR"]),`
Recognize more host names 2017-04-03 14:28:18 +00:00			`"pi.hole",`
			`"localhost");`
			`// Allow user set virtual hostnames`
			`$virtual_host = getenv('VIRTUAL_HOST');`
Populate $ipv4 and $ipv6 + fix small error that prevented blocking page from coming up at all. Fixes #1396 2017-04-20 11:52:54 +00:00			`if (!empty($virtual_host))`
Recognize more host names 2017-04-03 14:28:18 +00:00			`array_push($AUTHORIZED_HOSTNAMES, $virtual_host);`

Improve Error 404 page behavior 2017-03-28 22:02:00 +00:00			`// Immediately quit since we didn't block this page (the IP address or pi.hole is explicitly requested)`
Recognize more host names 2017-04-03 14:28:18 +00:00			`if(validIP($serverName) \|\| in_array($serverName,$AUTHORIZED_HOSTNAMES))`
Improve Error 404 page behavior 2017-03-28 22:02:00 +00:00			`{`
			`http_response_code(404);`
			`die();`
			`}`

Updated index.php 2016-12-04 21:17:08 +00:00			`if(in_array($uriExt, $webExt) \|\| empty($uriExt))`
			`{`
			`// Requested resource has an extension listed in $webExt`
			`// or no extension (index access to some folder incl. the root dir)`
			`$showPage = true;`
			`}`
			`else`
			`{`
			`// Something else`
			`$showPage = false;`
			`}`

			`// Handle incoming URI types`
			`if (!$showPage)`
			`{`
			`?>`
new index to display tiny gif The GIF is only 25 Bytes. Thanks to http://probablyprogramming.com/2009/03/15/the-tiniest-gif-ever 2015-06-07 04:28:41 +00:00			`<html>`
Added window.close() to index.html Adding window.close() will automatically close any pop-ups that might get loaded with a blocked ad. 2016-08-20 00:45:17 +00:00			`<head>`
Updated index.php 2016-12-04 21:17:08 +00:00			`<script>window.close();</script></head>`
			`<body>`
Add 1x1 pixel GIF image. Can apparently be used to trick some of the please-don't-use-adblocker pages as many of them contain code like `if ($('Ad').height() == 0) { prevent access to this page; }` 2016-12-05 11:34:30 +00:00			`<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7">`
Updated index.php 2016-12-04 21:17:08 +00:00			`</body>`
			`</html>`
			`<?php`
			`die();`
			`}`

Match the Pi-hole brand (#1358) * Update README.md * Update index.php * Update basic-install.sh * Update piholeCheckout.sh * Update update.sh * Update CONTRIBUTING.md * Update the Pi-hole brand tip in CONTRIBUTING.md Use a better formulation. * Update README.md 2 2017-04-03 15:29:57 +00:00			`// Get Pi-hole version`
Updated index.php 2016-12-04 21:17:08 +00:00			`$piHoleVersion = exec('cd /etc/.pihole/ && git describe --tags --abbrev=0');`

Update index.php to include more detailed output 2016-12-05 11:12:01 +00:00			`// Don't show the URI if it is the root directory`
			`if($uri == "/")`
			`{`
			`$uri = "";`
			`}`

Updated index.php 2016-12-04 21:17:08 +00:00			`?>`
			`<!DOCTYPE html>`
Complete site The start <html>-tag was missing. 2017-03-25 15:11:37 +00:00			`<html>`
Updated index.php 2016-12-04 21:17:08 +00:00			`<head>`
			`<meta charset='UTF-8'/>`
			`<title>Website Blocked</title>`
Save blocking page CSS to pihole directory instead of admin 2016-12-30 19:42:15 +00:00			`<link rel='stylesheet' href='http://pi.hole/pihole/blockingpage.css'/>`
Use pi.hole when getting js and css If a user is able to get to this page, they must be using Pi-hole 2016-12-30 18:43:29 +00:00			`<link rel='shortcut icon' href='http://pi.hole/admin/img/favicon.png' type='image/png'/>`
Updated index.php 2016-12-04 21:17:08 +00:00			`<meta name='viewport' content='width=device-width,initial-scale=1.0,maximum-scale=1.0, user-scalable=no'/>`
			`<meta name='robots' content='noindex,nofollow'/>`
Added window.close() to index.html Adding window.close() will automatically close any pop-ups that might get loaded with a blocked ad. 2016-08-20 00:45:17 +00:00			`</head>`
Detect if blocking page is loaded within frame or iframe. If so, hide everything 2016-12-06 13:05:02 +00:00			`<body id="body">`
Updated index.php 2016-12-04 21:17:08 +00:00			`<header>`
			`<h1><a href='/'>Website Blocked</a></h1>`
			`</header>`
			`<main>`
			`<div>Access to the following site has been blocked:<br/>`
			`<span class='pre msg'><?php echo $serverName.$uri; ?></span></div>`
Minor change 2016-12-15 09:38:24 +00:00			`<div>If you have an ongoing use for this website, please ask the owner of the Pi-hole in your network to have it whitelisted.</div>`
Update index.php to include more detailed output 2016-12-05 11:12:01 +00:00			`<input id="domain" type="hidden" value="<?php echo $serverName; ?>">`
			`<input id="quiet" type="hidden" value="yes">`
			`<button id="btnSearch" class="buttons blocked" type="button" style="visibility: hidden;"></button>`
			`This page is blocked because it is explicitly contained within the following block list(s):`
Simplified CSS, removed external contents 2016-12-05 13:39:07 +00:00			`<pre id="output" style="width: 100%; height: 100%;" hidden="true"></pre><br/>`
Add whitelisting on blocking page feature 2016-12-30 12:03:45 +00:00			`<div class='buttons blocked'>`
			`<a class='safe33' href='javascript:history.back()'>Go back</a>`
			`<a class='safe33' id="whitelisting">Whitelist this page</a>`
			`<a class='safe33' href='javascript:window.close()'>Close window</a>`
			`</div>`
Add info that whitelisting blocked pages does not work 2017-01-09 14:02:31 +00:00			`<div style="width: 98%; text-align: center; padding: 10px;" hidden="true" id="whitelistingform">`
			`<p>Note that whitelisting domains which are blocked using the wildcard method won't work.</p>`
			`<p>Password required!</p><br/>`
Fix password Enter handling Also remove extranious form information, since JS handles that 2016-12-30 19:13:15 +00:00			`<form>`
Add whitelisting on blocking page feature 2016-12-30 12:03:45 +00:00			`<input name="list" type="hidden" value="white"><br/>`
			`Domain:<br/>`
			`<input name="domain" value="<?php echo $serverName ?>" disabled><br/><br/>`
			`Password:<br/>`
			`<input type="password" id="pw" name="pw"><br/><br/>`
			`<button class="buttons33 safe" id="btnAdd" type="button">Whitelist</button>`
			`</form><br/>`
			`<pre id="whitelistingoutput" style="width: 100%; height: 100%; padding: 5px;" hidden="true"></pre><br/>`
			`</div>`
Updated index.php 2016-12-04 21:17:08 +00:00			`</main>`
			`<footer>Generated <?php echo date('D g:i A, M d'); ?> by Pi-hole <?php echo $piHoleVersion; ?></footer>`
Adjust blocking page paths from admin restructure 2016-12-30 20:36:53 +00:00			`<script src="http://pi.hole/admin/scripts/vendor/jquery.min.js"></script>`
Hide whitelist option if we detected that the domain as blocked due to wildcard blocking 2017-01-11 16:07:08 +00:00			`<script>`
Add a few comments and remove debug output 2017-01-11 23:01:27 +00:00			`// Create event for when the output is appended to`
Hide whitelist option if we detected that the domain as blocked due to wildcard blocking 2017-01-11 16:07:08 +00:00			`(function($) {`
			`var origAppend = $.fn.append;`

			`$.fn.append = function () {`
			`return origAppend.apply(this, arguments).trigger("append");`
			`};`
			`})(jQuery);`
			`</script>`
Adjust blocking page paths from admin restructure 2016-12-30 20:36:53 +00:00			`<script src="http://pi.hole/admin/scripts/pi-hole/js/queryads.js"></script>`
Update index.php to include more detailed output 2016-12-05 11:12:01 +00:00			`<script>`
Fix formatting 2016-12-30 17:59:05 +00:00			`function inIframe () {`
			`try {`
			`return window.self !== window.top;`
			`} catch (e) {`
			`return true;`
			`}`
			`}`
Detect if blocking page is loaded within frame or iframe. If so, hide everything 2016-12-06 13:05:02 +00:00
Fix formatting 2016-12-30 17:59:05 +00:00			`// Try to detect if page is loaded within iframe`
			`if(inIframe())`
			`{`
			`// Within iframe`
			`// hide content of page`
			`$('#body').hide();`
			`// remove background`
			`document.body.style.backgroundImage = "none";`
			`}`
			`else`
			`{`
			`// Query adlists`
			`$( "#btnSearch" ).click();`
			`}`
Add whitelisting on blocking page feature 2016-12-30 12:03:45 +00:00
Fix formatting 2016-12-30 17:59:05 +00:00			`$( "#whitelisting" ).on( "click", function(){ $( "#whitelistingform" ).removeAttr( "hidden" ); });`
Add whitelisting on blocking page feature 2016-12-30 12:03:45 +00:00
Add a few comments and remove debug output 2017-01-11 23:01:27 +00:00			`// Remove whitelist functionality if the domain was blocked because of a wildcard`
Hide whitelist option if we detected that the domain as blocked due to wildcard blocking 2017-01-11 16:07:08 +00:00			`$( "#output" ).bind("append", function(){`
			`if($( "#output" ).contents()[0].data.indexOf("Wildcard blocking") !== -1)`
			`{`
			`$( "#whitelisting" ).hide();`
			`$( "#whitelistingform" ).hide();`
			`}`
			`});`

Fix formatting 2016-12-30 17:59:05 +00:00			`function add() {`
Add whitelisting on blocking page feature 2016-12-30 12:03:45 +00:00			`var domain = $("#domain");`
			`var pw = $("#pw");`
			`if(domain.val().length === 0){`
			`return;`
			`}`

			`$.ajax({`
Adjust blocking page paths from admin restructure 2016-12-30 20:36:53 +00:00			`url: "admin/scripts/pi-hole/php/add.php",`
Add whitelisting on blocking page feature 2016-12-30 12:03:45 +00:00			`method: "post",`
			`data: {"domain":domain.val(), "list":"white", "pw":pw.val()},`
			`success: function(response) {`
			`$( "#whitelistingoutput" ).removeAttr( "hidden" );`
			`if(response.indexOf("Pi-hole blocking") !== -1)`
			`{`
			`// Reload page after 5 seconds`
			`setTimeout(function(){window.location.reload(1);}, 5000);`
Add notice that the user might have to flush his DNS cache 2016-12-30 12:27:33 +00:00			`$( "#whitelistingoutput" ).html("---> Success <---<br/>You may have to flush your DNS cache");`
Add whitelisting on blocking page feature 2016-12-30 12:03:45 +00:00			`}`
			`else`
			`{`
			`$( "#whitelistingoutput" ).html("---> "+response+" <---");`
			`}`

			`},`
			`error: function(jqXHR, exception) {`
			`$( "#whitelistingoutput" ).removeAttr( "hidden" );`
Use pi.hole when getting js and css If a user is able to get to this page, they must be using Pi-hole 2016-12-30 18:43:29 +00:00			`$( "#whitelistingoutput" ).html("---> Unknown Error <---");`
Add whitelisting on blocking page feature 2016-12-30 12:03:45 +00:00			`}`
			`});`
			`}`
			`// Handle enter button for adding domains`
			`$(document).keypress(function(e) {`
Fix password Enter handling Also remove extranious form information, since JS handles that 2016-12-30 19:13:15 +00:00			`if(e.which === 13 && $("#pw").is(":focus")) {`
Add whitelisting on blocking page feature 2016-12-30 12:03:45 +00:00			`add();`
			`}`
			`});`

			`// Handle buttons`
			`$("#btnAdd").on("click", function() {`
			`add();`
			`});`
Update index.php to include more detailed output 2016-12-05 11:12:01 +00:00			`</script>`
new index to display tiny gif The GIF is only 25 Bytes. Thanks to http://probablyprogramming.com/2009/03/15/the-tiniest-gif-ever 2015-06-07 04:28:41 +00:00			`</body>`
Added window.close() to index.html Adding window.close() will automatically close any pop-ups that might get loaded with a blocked ad. 2016-08-20 00:45:17 +00:00			`</html>`