From 829fb3381807a3f2e179d6e0721033bf202491e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20W=C3=A4ckerlin?= Date: Thu, 2 Jul 2015 07:08:13 +0000 Subject: [PATCH] some checks on server side --- html/login.php | 28 ++++--- html/pubkey.php | 2 +- html/safechat.js | 196 +++++++++++++++++++++++++---------------------- html/send.php | 32 ++++++-- 4 files changed, 150 insertions(+), 108 deletions(-) diff --git a/html/login.php b/html/login.php index b55196e..7c48444 100644 --- a/html/login.php +++ b/html/login.php @@ -1,18 +1,28 @@ real_escape_string($_REQUEST['user']); $pubkey = $db->real_escape_string($_REQUEST['pubkey']); - $q = $db->query("select * from user where name='$user' and pubkey='$pubkey';"); - if ($q->num_rows==1) { - echo json_encode(true); - } elseif ($q->num_rows==0) { - $q = $db->query("insert into user (name, pubkey) values ('$user', '$pubkey');"); - echo json_encode(true); + $pgp = gnupg_init(); + if (!$pgp) { + echo json_encode(array('success' => false, 'txt' => "pgp on server failed")); } else { - echo json_encode(false); + $verify = gnupg_import($pgp, $_REQUEST['pubkey']); + if (!$verify) { + echo json_encode(array('success' => false, 'txt' => "wrong identity")); + } else { + $q = $db->query("select * from user where name='$user' and pubkey='$pubkey';"); + if ($q->num_rows==1) { + echo json_encode(array('success' => true, 'txt' => "user verified")); + } elseif ($q->num_rows==0) { + $q = $db->query("insert into user (name, pubkey) values ('$user', '$pubkey');"); + echo json_encode(array('success' => true, 'txt' => "user created")); + } else { + echo json_encode(array('success' => false, 'txt' => "server database defect")); + } + } } } catch (Exception $e) { - echo json_encode(false); + echo json_encode(array('success' => false, 'txt' => "login failed")); } ?> diff --git a/html/pubkey.php b/html/pubkey.php index 872fa31..1b54a21 100644 --- a/html/pubkey.php +++ b/html/pubkey.php @@ -1,6 +1,6 @@ real_escape_string($_REQUEST['user']); $q = $db->query("select pubkey from user where name='$user';"); if ($q->num_rows==1) { diff --git a/html/safechat.js b/html/safechat.js index 3d8e77d..b2157dc 100644 --- a/html/safechat.js +++ b/html/safechat.js @@ -82,7 +82,7 @@ function checkuser(user) { }).fail(function(res) { username=null; $("#createuser").prop("disabled", !(username && password)); - error(res); + error("offline"); }); } @@ -114,7 +114,7 @@ function checkpartner(user) { $("#send").prop("disabled", false); success("receiver exists"); }).fail(function(res) { - notice("cannot connect to server: "+res); + error("offline", true); $("#send").prop("disabled", true); }); } @@ -161,11 +161,11 @@ function clearmessage() { function attachments(files, id) { if (files) files.forEach(function(file) { - //if (file.content.length<1000000) { + if (file.content.length<1000000) { var img = document.createElement('img'); img.src = 'data:'+file.type+';base64,' + file.content; $(id).append(img); - //} + } }); } @@ -203,97 +203,105 @@ function setreceiver(name) { var startmsg = 0; // number of last downloaded message function get() { var beeped = false; - $.post("get.php", {start: startmsg}).done(function(res) { - var msgs = JSON.parse(res); - if (msgs) { - msgs.forEach(function(e) { - if (startmsg
'+ - ''+ - (new Date(1000*Number(e.time))).toLocaleString()+ - ''+ - ''+ - e.user+ - '
'+ - '
'+ - message.text+ - '
'); - attachments(message.files, '#id'+e.id+' .text'); - $('#id'+e.id).emoticonize(); - if (!beeped) - (new Audio("A-Tone-His_Self-1266414414.mp3")) - .play(); - beeped = true; - }) - .catch(function(e) { - // not for me + $.post("get.php", {start: startmsg}) + .done(function(res) { + var msgs = JSON.parse(res); + if (msgs) { + msgs.forEach(function(e) { + if (startmsg
'+ + ''+ + (new Date(1000*Number(e.time))).toLocaleString()+ + ''+ + ''+ + e.user+ + '
'+ + '
'+ + message.text+ + '
'); + attachments(message.files, '#id'+e.id+' .text'); + $('#id'+e.id).emoticonize(); + if (!beeped) + (new Audio("A-Tone-His_Self-1266414414.mp3")) + .play(); + beeped = true; + }) + .catch(function(e) { + // not for me + }); + }).fail(function(e) { + error("offline", true); }); - }).fail(function(e) { - error("get sender's key from server failed", true); }); - }); - } - }).fail(function(e) { - error("get messages failed") - }); + } + }).fail(function(e) { + error("offline", true) + }); setTimeout(get, 10000); } function sendmessage(recv, txt) { notice("1/3 preparing message ..."); $("#message").fadeOut("slow"); - $.post("pubkey.php", {user: recv}).done(function(pk) { - var res=JSON.parse(pk); - var key=openpgp.key.readArmored(res); - if (!res||key.err) { - $("#message").fadeIn("slow"); - error("key of receiver not found", true); - return; - } - var privkey = privateKey().keys[0]; - privkey.decrypt(password); - var message = JSON.stringify({text: txt, files: filecontent}); - notice("2/3 encrypting message ..."); - openpgp.signAndEncryptMessage(key.keys.concat(publicKey().keys), privkey, message) - .then(function(msg) { - notice("3/3 sending message ..."); - $.post("send.php", {user: userid(), msg: msg}) - .done(function(res) { - if (JSON.parse(res)) { - $("#message").fadeIn("slow"); - clearmessage(); - success("message sent"); - } else { - $("#message").fadeIn("slow"); - error("error sending message", true); - } + $.post("pubkey.php", {user: recv}) + .done(function(pk) { + var res=JSON.parse(pk); + var key=openpgp.key.readArmored(res); + if (!res||key.err) { + $("#message").fadeIn("slow"); + error("key of receiver not found", true); + return; + } + var privkey = privateKey().keys[0]; + privkey.decrypt(password); + var message = JSON.stringify({text: txt, files: filecontent}); + notice("2/3 encrypting message ..."); + openpgp.signAndEncryptMessage(key.keys.concat(publicKey().keys), privkey, message) + .then(function(msg) { + notice("3/3 sending message ..."); + $.post("send.php", {user: userid(), msg: msg}) + .done(function(res) { + var st = JSON.parse(res); + if (st.success) { + $("#message").fadeIn("slow"); + clearmessage(); + success(st.txt); + } else { + $("#message").fadeIn("slow"); + error(st.txt, true); + } + }) + .fail(function() { + error("offline", true); + }); }) - .fail(error); + .catch(function(e) { + $("#message").fadeIn("slow"); + error("encryption of message failed", true); + }); }) - .catch(function(e) { + .fail(function(e) { $("#message").fadeIn("slow"); - error("encryption of message failed", true); + error("offline", true); }); - }).fail(function(e) { - $("#message").fadeIn("slow"); - error("get receiver's key from server failed", true); - }); $("#message").fadeIn("slow"); } @@ -316,7 +324,9 @@ function chat() { $.ajax({url: "chat.html", success: function(res) { status(res); setTimeout(get, 2000); - }}).fail(error); + }}).fail(function() { + error("offline") + }); } function login() { @@ -324,22 +334,26 @@ function login() { $.post("login.php", {user: userid(), pubkey: localStorage.pubKey}, function(res) { - if (JSON.parse(res)) { - status("logged in ...", "successfully logged in"); + var st = JSON.parse(res); + if (st.success) { + status("logged in ...", st.txt); chat(); } else { - error("login failed"); + error(st.txt); } - }).fail(function(e) { - error(e); - }); + }) + .fail(function(e) { + error("offline"); + }); } function newuser() { status("new user ..."); $.ajax({url: "newuser.html", success: function(res) { status(res); - }}).fail(error); + }}).fail(function() { + error("offline"); + }); } function start() { diff --git a/html/send.php b/html/send.php index 84aca1f..f1837aa 100644 --- a/html/send.php +++ b/html/send.php @@ -1,16 +1,34 @@ real_escape_string($_REQUEST['user']); $msg = $db->real_escape_string($_REQUEST['msg']); - $q = $db->query("insert into message (user, msg) values ('$user', '$msg');"); - if ($q) { - echo json_encode(true); + $pgp = gnupg_init(); + if (!$pgp) { + echo json_encode(array('success' => false, 'txt' => "pgp on server failed")); } else { - error_log("Error storing message: ".$db->error); - echo json_encode(false); + $q = $db->query("select pubkey from user where name='$user';"); + if (!$q || $q->num_rows!=1) { + echo json_encode(array('success' => false, 'txt' => "user not found on server")); + } else { + $pubkey = gnupg_import($pgp, $q->fetch_row()[0]); + if (!$pubkey) { + echo json_encode(array('success' => false, 'txt' => "wrong identity")); + } else { + require_once("messagetable.php"); + $q = $db->query("insert into message (user, msg) values ('$user', '$msg');"); + if ($q) { + echo json_encode(array('success' => true, 'txt' => "message stored")); + } else { + error_log("Error storing message: ".$db->error); + echo json_encode(array('success' => false, 'txt' => "storing message failed")); + } + } + } } } catch (Exception $e) { - echo json_encode(false); + error_log("Error storing message: ".$e->message); + echo json_encode(array('success' => false, 'txt' => "storing message failed")); } + ?> \ No newline at end of file