diff --git a/html/login.php b/html/login.php
index b55196e..7c48444 100644
--- a/html/login.php
+++ b/html/login.php
@@ -1,18 +1,28 @@
real_escape_string($_REQUEST['user']);
$pubkey = $db->real_escape_string($_REQUEST['pubkey']);
- $q = $db->query("select * from user where name='$user' and pubkey='$pubkey';");
- if ($q->num_rows==1) {
- echo json_encode(true);
- } elseif ($q->num_rows==0) {
- $q = $db->query("insert into user (name, pubkey) values ('$user', '$pubkey');");
- echo json_encode(true);
+ $pgp = gnupg_init();
+ if (!$pgp) {
+ echo json_encode(array('success' => false, 'txt' => "pgp on server failed"));
} else {
- echo json_encode(false);
+ $verify = gnupg_import($pgp, $_REQUEST['pubkey']);
+ if (!$verify) {
+ echo json_encode(array('success' => false, 'txt' => "wrong identity"));
+ } else {
+ $q = $db->query("select * from user where name='$user' and pubkey='$pubkey';");
+ if ($q->num_rows==1) {
+ echo json_encode(array('success' => true, 'txt' => "user verified"));
+ } elseif ($q->num_rows==0) {
+ $q = $db->query("insert into user (name, pubkey) values ('$user', '$pubkey');");
+ echo json_encode(array('success' => true, 'txt' => "user created"));
+ } else {
+ echo json_encode(array('success' => false, 'txt' => "server database defect"));
+ }
+ }
}
} catch (Exception $e) {
- echo json_encode(false);
+ echo json_encode(array('success' => false, 'txt' => "login failed"));
}
?>
diff --git a/html/pubkey.php b/html/pubkey.php
index 872fa31..1b54a21 100644
--- a/html/pubkey.php
+++ b/html/pubkey.php
@@ -1,6 +1,6 @@
real_escape_string($_REQUEST['user']);
$q = $db->query("select pubkey from user where name='$user';");
if ($q->num_rows==1) {
diff --git a/html/safechat.js b/html/safechat.js
index 3d8e77d..b2157dc 100644
--- a/html/safechat.js
+++ b/html/safechat.js
@@ -82,7 +82,7 @@ function checkuser(user) {
}).fail(function(res) {
username=null;
$("#createuser").prop("disabled", !(username && password));
- error(res);
+ error("offline");
});
}
@@ -114,7 +114,7 @@ function checkpartner(user) {
$("#send").prop("disabled", false);
success("receiver exists");
}).fail(function(res) {
- notice("cannot connect to server: "+res);
+ error("offline", true);
$("#send").prop("disabled", true);
});
}
@@ -161,11 +161,11 @@ function clearmessage() {
function attachments(files, id) {
if (files) files.forEach(function(file) {
- //if (file.content.length<1000000) {
+ if (file.content.length<1000000) {
var img = document.createElement('img');
img.src = 'data:'+file.type+';base64,' + file.content;
$(id).append(img);
- //}
+ }
});
}
@@ -203,97 +203,105 @@ function setreceiver(name) {
var startmsg = 0; // number of last downloaded message
function get() {
var beeped = false;
- $.post("get.php", {start: startmsg}).done(function(res) {
- var msgs = JSON.parse(res);
- if (msgs) {
- msgs.forEach(function(e) {
- if (startmsg'+
- ''+
- message.text+
- '
');
- attachments(message.files, '#id'+e.id+' .text');
- $('#id'+e.id).emoticonize();
- if (!beeped)
- (new Audio("A-Tone-His_Self-1266414414.mp3"))
- .play();
- beeped = true;
- })
- .catch(function(e) {
- // not for me
+ $.post("get.php", {start: startmsg})
+ .done(function(res) {
+ var msgs = JSON.parse(res);
+ if (msgs) {
+ msgs.forEach(function(e) {
+ if (startmsg'+
+ ''+
+ message.text+
+ '
');
+ attachments(message.files, '#id'+e.id+' .text');
+ $('#id'+e.id).emoticonize();
+ if (!beeped)
+ (new Audio("A-Tone-His_Self-1266414414.mp3"))
+ .play();
+ beeped = true;
+ })
+ .catch(function(e) {
+ // not for me
+ });
+ }).fail(function(e) {
+ error("offline", true);
});
- }).fail(function(e) {
- error("get sender's key from server failed", true);
});
- });
- }
- }).fail(function(e) {
- error("get messages failed")
- });
+ }
+ }).fail(function(e) {
+ error("offline", true)
+ });
setTimeout(get, 10000);
}
function sendmessage(recv, txt) {
notice("1/3 preparing message ...");
$("#message").fadeOut("slow");
- $.post("pubkey.php", {user: recv}).done(function(pk) {
- var res=JSON.parse(pk);
- var key=openpgp.key.readArmored(res);
- if (!res||key.err) {
- $("#message").fadeIn("slow");
- error("key of receiver not found", true);
- return;
- }
- var privkey = privateKey().keys[0];
- privkey.decrypt(password);
- var message = JSON.stringify({text: txt, files: filecontent});
- notice("2/3 encrypting message ...");
- openpgp.signAndEncryptMessage(key.keys.concat(publicKey().keys), privkey, message)
- .then(function(msg) {
- notice("3/3 sending message ...");
- $.post("send.php", {user: userid(), msg: msg})
- .done(function(res) {
- if (JSON.parse(res)) {
- $("#message").fadeIn("slow");
- clearmessage();
- success("message sent");
- } else {
- $("#message").fadeIn("slow");
- error("error sending message", true);
- }
+ $.post("pubkey.php", {user: recv})
+ .done(function(pk) {
+ var res=JSON.parse(pk);
+ var key=openpgp.key.readArmored(res);
+ if (!res||key.err) {
+ $("#message").fadeIn("slow");
+ error("key of receiver not found", true);
+ return;
+ }
+ var privkey = privateKey().keys[0];
+ privkey.decrypt(password);
+ var message = JSON.stringify({text: txt, files: filecontent});
+ notice("2/3 encrypting message ...");
+ openpgp.signAndEncryptMessage(key.keys.concat(publicKey().keys), privkey, message)
+ .then(function(msg) {
+ notice("3/3 sending message ...");
+ $.post("send.php", {user: userid(), msg: msg})
+ .done(function(res) {
+ var st = JSON.parse(res);
+ if (st.success) {
+ $("#message").fadeIn("slow");
+ clearmessage();
+ success(st.txt);
+ } else {
+ $("#message").fadeIn("slow");
+ error(st.txt, true);
+ }
+ })
+ .fail(function() {
+ error("offline", true);
+ });
})
- .fail(error);
+ .catch(function(e) {
+ $("#message").fadeIn("slow");
+ error("encryption of message failed", true);
+ });
})
- .catch(function(e) {
+ .fail(function(e) {
$("#message").fadeIn("slow");
- error("encryption of message failed", true);
+ error("offline", true);
});
- }).fail(function(e) {
- $("#message").fadeIn("slow");
- error("get receiver's key from server failed", true);
- });
$("#message").fadeIn("slow");
}
@@ -316,7 +324,9 @@ function chat() {
$.ajax({url: "chat.html", success: function(res) {
status(res);
setTimeout(get, 2000);
- }}).fail(error);
+ }}).fail(function() {
+ error("offline")
+ });
}
function login() {
@@ -324,22 +334,26 @@ function login() {
$.post("login.php", {user: userid(),
pubkey: localStorage.pubKey},
function(res) {
- if (JSON.parse(res)) {
- status("logged in ...", "successfully logged in");
+ var st = JSON.parse(res);
+ if (st.success) {
+ status("logged in ...", st.txt);
chat();
} else {
- error("login failed");
+ error(st.txt);
}
- }).fail(function(e) {
- error(e);
- });
+ })
+ .fail(function(e) {
+ error("offline");
+ });
}
function newuser() {
status("new user ...");
$.ajax({url: "newuser.html", success: function(res) {
status(res);
- }}).fail(error);
+ }}).fail(function() {
+ error("offline");
+ });
}
function start() {
diff --git a/html/send.php b/html/send.php
index 84aca1f..f1837aa 100644
--- a/html/send.php
+++ b/html/send.php
@@ -1,16 +1,34 @@
real_escape_string($_REQUEST['user']);
$msg = $db->real_escape_string($_REQUEST['msg']);
- $q = $db->query("insert into message (user, msg) values ('$user', '$msg');");
- if ($q) {
- echo json_encode(true);
+ $pgp = gnupg_init();
+ if (!$pgp) {
+ echo json_encode(array('success' => false, 'txt' => "pgp on server failed"));
} else {
- error_log("Error storing message: ".$db->error);
- echo json_encode(false);
+ $q = $db->query("select pubkey from user where name='$user';");
+ if (!$q || $q->num_rows!=1) {
+ echo json_encode(array('success' => false, 'txt' => "user not found on server"));
+ } else {
+ $pubkey = gnupg_import($pgp, $q->fetch_row()[0]);
+ if (!$pubkey) {
+ echo json_encode(array('success' => false, 'txt' => "wrong identity"));
+ } else {
+ require_once("messagetable.php");
+ $q = $db->query("insert into message (user, msg) values ('$user', '$msg');");
+ if ($q) {
+ echo json_encode(array('success' => true, 'txt' => "message stored"));
+ } else {
+ error_log("Error storing message: ".$db->error);
+ echo json_encode(array('success' => false, 'txt' => "storing message failed"));
+ }
+ }
+ }
}
} catch (Exception $e) {
- echo json_encode(false);
+ error_log("Error storing message: ".$e->message);
+ echo json_encode(array('success' => false, 'txt' => "storing message failed"));
}
+
?>
\ No newline at end of file