webservices
/
safechat
1
0
Fork 0
Code Issues Pull Requests Releases Activity

some checks on server side

Browse Source
php
Marc Wäckerlin 9 years ago
parent 2951bc8b91
commit 829fb33818
4 changed files with 150 additions and 108 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 28
      html/login.php
  2. 2
      html/pubkey.php
  3. 196
      html/safechat.js
  4. 32
      html/send.php

28
html/login.php
Unescape View File

@ -1,18 +1,28 @@
<?php
require_once("usertable.php");
try {
require_once("usertable.php");
$user = $db->real_escape_string($_REQUEST['user']);
$pubkey = $db->real_escape_string($_REQUEST['pubkey']);
$q = $db->query("select * from user where name='$user' and pubkey='$pubkey';");
if ($q->num_rows==1) {
echo json_encode(true);
} elseif ($q->num_rows==0) {
$q = $db->query("insert into user (name, pubkey) values ('$user', '$pubkey');");
echo json_encode(true);
$pgp = gnupg_init();
if (!$pgp) {
echo json_encode(array('success' => false, 'txt' => "pgp on server failed"));
} else {
echo json_encode(false);
$verify = gnupg_import($pgp, $_REQUEST['pubkey']);
if (!$verify) {
echo json_encode(array('success' => false, 'txt' => "wrong identity"));
} else {
$q = $db->query("select * from user where name='$user' and pubkey='$pubkey';");
if ($q->num_rows==1) {
echo json_encode(array('success' => true, 'txt' => "user verified"));
} elseif ($q->num_rows==0) {
$q = $db->query("insert into user (name, pubkey) values ('$user', '$pubkey');");
echo json_encode(array('success' => true, 'txt' => "user created"));
} else {
echo json_encode(array('success' => false, 'txt' => "server database defect"));
}
}
}
} catch (Exception $e) {
echo json_encode(false);
echo json_encode(array('success' => false, 'txt' => "login failed"));
}
?>

2
html/pubkey.php
Unescape View File

@ -1,6 +1,6 @@
<?php
require_once("usertable.php");
try {
require_once("usertable.php");
$user = $db->real_escape_string($_REQUEST['user']);
$q = $db->query("select pubkey from user where name='$user';");
if ($q->num_rows==1) {

196
html/safechat.js
Unescape View File

@ -82,7 +82,7 @@ function checkuser(user) {
}).fail(function(res) {
username=null;
$("#createuser").prop("disabled", !(username && password));
error(res);
error("offline");
});
}
@ -114,7 +114,7 @@ function checkpartner(user) {
$("#send").prop("disabled", false);
success("receiver exists");
}).fail(function(res) {
notice("cannot connect to server: "+res);
error("offline", true);
$("#send").prop("disabled", true);
});
}
@ -161,11 +161,11 @@ function clearmessage() {
function attachments(files, id) {
if (files) files.forEach(function(file) {
//if (file.content.length<1000000) {
if (file.content.length<1000000) {
var img = document.createElement('img');
img.src = 'data:'+file.type+';base64,' + file.content;
$(id).append(img);
//}
}
});
}
@ -203,97 +203,105 @@ function setreceiver(name) {
var startmsg = 0; // number of last downloaded message
function get() {
var beeped = false;
$.post("get.php", {start: startmsg}).done(function(res) {
var msgs = JSON.parse(res);
if (msgs) {
msgs.forEach(function(e) {
if (startmsg<Number(e.id)) startmsg = Number(e.id);
$.post("pubkey.php", {user: e.user}).done(function(pk) {
var res=JSON.parse(pk);
var key=openpgp.key.readArmored(res);
if (!res||key.err) {
setTimeout(get, 10000);
return error("key of receiver not found", true);
}
var message = openpgp.message.readArmored(e.msg);
var privkey = privateKey().keys[0];
if (privkey.decrypt(password))
openpgp.decryptAndVerifyMessage(privkey, key.keys, message)
.then(function(msg) {
var message = JSON.parse(msg.text);
$("#msgs") // todo: check msg.signatures[0].valid
.prepend('<div id="id'+(e.id)+'" class="msg '+
(e.user==userid()?"me":"other")+
'"><div class="header">'+
'<span class="date">'+
(new Date(1000*Number(e.time))).toLocaleString()+
'</span><span class="sender">'+
'<a href="javascript:void(0)" onclick="setreceiver(this.innerHTML)">'+
e.user+
'</a></span></div>'+
'<div class="text">'+
message.text+
'</div></div><div class="clear"/>');
attachments(message.files, '#id'+e.id+' .text');
$('#id'+e.id).emoticonize();
if (!beeped)
(new Audio("A-Tone-His_Self-1266414414.mp3"))
.play();
beeped = true;
})
.catch(function(e) {
// not for me
$.post("get.php", {start: startmsg})
.done(function(res) {
var msgs = JSON.parse(res);
if (msgs) {
msgs.forEach(function(e) {
if (startmsg<Number(e.id)) startmsg = Number(e.id);
$.post("pubkey.php", {user: e.user})
.done(function(pk) {
var res=JSON.parse(pk);
var key=openpgp.key.readArmored(res);
if (!res||key.err) {
setTimeout(get, 10000);
return error("key of receiver not found", true);
}
var message = openpgp.message.readArmored(e.msg);
var privkey = privateKey().keys[0];
if (privkey.decrypt(password))
openpgp.decryptAndVerifyMessage(privkey, key.keys, message)
.then(function(msg) {
var message = JSON.parse(msg.text);
$("#msgs") // todo: check msg.signatures[0].valid
.prepend('<div id="id'+(e.id)+'" class="msg '+
(e.user==userid()?"me":"other")+
'"><div class="header">'+
'<span class="date">'+
(new Date(1000*Number(e.time))).toLocaleString()+
'</span><span class="sender">'+
'<a href="javascript:void(0)" '+
'onclick="setreceiver(this.innerHTML)">'+
e.user+
'</a></span></div>'+
'<div class="text">'+
message.text+
'</div></div><div class="clear"/>');
attachments(message.files, '#id'+e.id+' .text');
$('#id'+e.id).emoticonize();
if (!beeped)
(new Audio("A-Tone-His_Self-1266414414.mp3"))
.play();
beeped = true;
})
.catch(function(e) {
// not for me
});
}).fail(function(e) {
error("offline", true);
});
}).fail(function(e) {
error("get sender's key from server failed", true);
});
});
}
}).fail(function(e) {
error("get messages failed")
});
}
}).fail(function(e) {
error("offline", true)
});
setTimeout(get, 10000);
}
function sendmessage(recv, txt) {
notice("1/3 preparing message ...");
$("#message").fadeOut("slow");
$.post("pubkey.php", {user: recv}).done(function(pk) {
var res=JSON.parse(pk);
var key=openpgp.key.readArmored(res);
if (!res||key.err) {
$("#message").fadeIn("slow");
error("key of receiver not found", true);
return;
}
var privkey = privateKey().keys[0];
privkey.decrypt(password);
var message = JSON.stringify({text: txt, files: filecontent});
notice("2/3 encrypting message ...");
openpgp.signAndEncryptMessage(key.keys.concat(publicKey().keys), privkey, message)
.then(function(msg) {
notice("3/3 sending message ...");
$.post("send.php", {user: userid(), msg: msg})
.done(function(res) {
if (JSON.parse(res)) {
$("#message").fadeIn("slow");
clearmessage();
success("message sent");
} else {
$("#message").fadeIn("slow");
error("error sending message", true);
}
$.post("pubkey.php", {user: recv})
.done(function(pk) {
var res=JSON.parse(pk);
var key=openpgp.key.readArmored(res);
if (!res||key.err) {
$("#message").fadeIn("slow");
error("key of receiver not found", true);
return;
}
var privkey = privateKey().keys[0];
privkey.decrypt(password);
var message = JSON.stringify({text: txt, files: filecontent});
notice("2/3 encrypting message ...");
openpgp.signAndEncryptMessage(key.keys.concat(publicKey().keys), privkey, message)
.then(function(msg) {
notice("3/3 sending message ...");
$.post("send.php", {user: userid(), msg: msg})
.done(function(res) {
var st = JSON.parse(res);
if (st.success) {
$("#message").fadeIn("slow");
clearmessage();
success(st.txt);
} else {
$("#message").fadeIn("slow");
error(st.txt, true);
}
})
.fail(function() {
error("offline", true);
});
})
.fail(error);
.catch(function(e) {
$("#message").fadeIn("slow");
error("encryption of message failed", true);
});
})
.catch(function(e) {
.fail(function(e) {
$("#message").fadeIn("slow");
error("encryption of message failed", true);
error("offline", true);
});
}).fail(function(e) {
$("#message").fadeIn("slow");
error("get receiver's key from server failed", true);
});
$("#message").fadeIn("slow");
}
@ -316,7 +324,9 @@ function chat() {
$.ajax({url: "chat.html", success: function(res) {
status(res);
setTimeout(get, 2000);
}}).fail(error);
}}).fail(function() {
error("offline")
});
}
function login() {
@ -324,22 +334,26 @@ function login() {
$.post("login.php", {user: userid(),
pubkey: localStorage.pubKey},
function(res) {
if (JSON.parse(res)) {
status("logged in ...", "successfully logged in");
var st = JSON.parse(res);
if (st.success) {
status("logged in ...", st.txt);
chat();
} else {
error("login failed");
error(st.txt);
}
}).fail(function(e) {
error(e);
});
})
.fail(function(e) {
error("offline");
});
}
function newuser() {
status("new user ...");
$.ajax({url: "newuser.html", success: function(res) {
status(res);
}}).fail(error);
}}).fail(function() {
error("offline");
});
}
function start() {

32
html/send.php
Unescape View File

@ -1,16 +1,34 @@
<?php
require_once("messagetable.php");
try {
require_once("usertable.php");
$user = $db->real_escape_string($_REQUEST['user']);
$msg = $db->real_escape_string($_REQUEST['msg']);
$q = $db->query("insert into message (user, msg) values ('$user', '$msg');");
if ($q) {
echo json_encode(true);
$pgp = gnupg_init();
if (!$pgp) {
echo json_encode(array('success' => false, 'txt' => "pgp on server failed"));
} else {
error_log("Error storing message: ".$db->error);
echo json_encode(false);
$q = $db->query("select pubkey from user where name='$user';");
if (!$q || $q->num_rows!=1) {
echo json_encode(array('success' => false, 'txt' => "user not found on server"));
} else {
$pubkey = gnupg_import($pgp, $q->fetch_row()[0]);
if (!$pubkey) {
echo json_encode(array('success' => false, 'txt' => "wrong identity"));
} else {
require_once("messagetable.php");
$q = $db->query("insert into message (user, msg) values ('$user', '$msg');");
if ($q) {
echo json_encode(array('success' => true, 'txt' => "message stored"));
} else {
error_log("Error storing message: ".$db->error);
echo json_encode(array('success' => false, 'txt' => "storing message failed"));
}
}
}
}
} catch (Exception $e) {
echo json_encode(false);
error_log("Error storing message: ".$e->message);
echo json_encode(array('success' => false, 'txt' => "storing message failed"));
}
?>
Write Preview
Loading…
Cancel
Save