webservices/safechat
1
0
Fork 0
Code Issues Pull Requests Releases Activity

some checks on server side

Browse Source
This commit is contained in:
Marc Wäckerlin
2015-07-02 07:08:13 +00:00
parent 2951bc8b91
commit 829fb33818
4 changed files with 150 additions and 108 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
html/login.php
View File

@@ -1,18 +1,28 @@
<?php
require_once("usertable.php");
try {
require_once("usertable.php");
$user = $db->real_escape_string($_REQUEST['user']);
$pubkey = $db->real_escape_string($_REQUEST['pubkey']);
$q = $db->query("select * from user where name='$user' and pubkey='$pubkey';");
if ($q->num_rows==1) {
echo json_encode(true);
} elseif ($q->num_rows==0) {
$q = $db->query("insert into user (name, pubkey) values ('$user', '$pubkey');");
echo json_encode(true);
$pgp = gnupg_init();
if (!$pgp) {
echo json_encode(array('success' => false, 'txt' => "pgp on server failed"));
} else {
echo json_encode(false);
$verify = gnupg_import($pgp, $_REQUEST['pubkey']);
if (!$verify) {
echo json_encode(array('success' => false, 'txt' => "wrong identity"));
} else {
$q = $db->query("select * from user where name='$user' and pubkey='$pubkey';");
if ($q->num_rows==1) {
echo json_encode(array('success' => true, 'txt' => "user verified"));
} elseif ($q->num_rows==0) {
$q = $db->query("insert into user (name, pubkey) values ('$user', '$pubkey');");
echo json_encode(array('success' => true, 'txt' => "user created"));
} else {
echo json_encode(array('success' => false, 'txt' => "server database defect"));
}
}
}
} catch (Exception $e) {
echo json_encode(false);
echo json_encode(array('success' => false, 'txt' => "login failed"));
}
?>

2
html/pubkey.php
View File

@@ -1,6 +1,6 @@
<?php
require_once("usertable.php");
try {
require_once("usertable.php");
$user = $db->real_escape_string($_REQUEST['user']);
$q = $db->query("select pubkey from user where name='$user';");
if ($q->num_rows==1) {

196
html/safechat.js
View File

@@ -82,7 +82,7 @@ function checkuser(user) {
}).fail(function(res) {
username=null;
$("#createuser").prop("disabled", !(username && password));
error(res);
error("offline");
});
}
@@ -114,7 +114,7 @@ function checkpartner(user) {
$("#send").prop("disabled", false);
success("receiver exists");
}).fail(function(res) {
notice("cannot connect to server: "+res);
error("offline", true);
$("#send").prop("disabled", true);
});
}
@@ -161,11 +161,11 @@ function clearmessage() {
function attachments(files, id) {
if (files) files.forEach(function(file) {
//if (file.content.length<1000000) {
if (file.content.length<1000000) {
var img = document.createElement('img');
img.src = 'data:'+file.type+';base64,' + file.content;
$(id).append(img);
//}
}
});
}
@@ -203,97 +203,105 @@ function setreceiver(name) {
var startmsg = 0; // number of last downloaded message
function get() {
var beeped = false;
$.post("get.php", {start: startmsg}).done(function(res) {
var msgs = JSON.parse(res);
if (msgs) {
msgs.forEach(function(e) {
if (startmsg<Number(e.id)) startmsg = Number(e.id);
$.post("pubkey.php", {user: e.user}).done(function(pk) {
var res=JSON.parse(pk);
var key=openpgp.key.readArmored(res);
if (!res||key.err) {
setTimeout(get, 10000);
return error("key of receiver not found", true);
}
var message = openpgp.message.readArmored(e.msg);
var privkey = privateKey().keys[0];
if (privkey.decrypt(password))
openpgp.decryptAndVerifyMessage(privkey, key.keys, message)
.then(function(msg) {
var message = JSON.parse(msg.text);
$("#msgs") // todo: check msg.signatures[0].valid
.prepend('<div id="id'+(e.id)+'" class="msg '+
(e.user==userid()?"me":"other")+
'"><div class="header">'+
'<span class="date">'+
(new Date(1000*Number(e.time))).toLocaleString()+
'</span><span class="sender">'+
'<a href="javascript:void(0)" onclick="setreceiver(this.innerHTML)">'+
e.user+
'</a></span></div>'+
'<div class="text">'+
message.text+
'</div></div><div class="clear"/>');
attachments(message.files, '#id'+e.id+' .text');
$('#id'+e.id).emoticonize();
if (!beeped)
(new Audio("A-Tone-His_Self-1266414414.mp3"))
.play();
beeped = true;
})
.catch(function(e) {
// not for me
$.post("get.php", {start: startmsg})
.done(function(res) {
var msgs = JSON.parse(res);
if (msgs) {
msgs.forEach(function(e) {
if (startmsg<Number(e.id)) startmsg = Number(e.id);
$.post("pubkey.php", {user: e.user})
.done(function(pk) {
var res=JSON.parse(pk);
var key=openpgp.key.readArmored(res);
if (!res||key.err) {
setTimeout(get, 10000);
return error("key of receiver not found", true);
}
var message = openpgp.message.readArmored(e.msg);
var privkey = privateKey().keys[0];
if (privkey.decrypt(password))
openpgp.decryptAndVerifyMessage(privkey, key.keys, message)
.then(function(msg) {
var message = JSON.parse(msg.text);
$("#msgs") // todo: check msg.signatures[0].valid
.prepend('<div id="id'+(e.id)+'" class="msg '+
(e.user==userid()?"me":"other")+
'"><div class="header">'+
'<span class="date">'+
(new Date(1000*Number(e.time))).toLocaleString()+
'</span><span class="sender">'+
'<a href="javascript:void(0)" '+
'onclick="setreceiver(this.innerHTML)">'+
e.user+
'</a></span></div>'+
'<div class="text">'+
message.text+
'</div></div><div class="clear"/>');
attachments(message.files, '#id'+e.id+' .text');
$('#id'+e.id).emoticonize();
if (!beeped)
(new Audio("A-Tone-His_Self-1266414414.mp3"))
.play();
beeped = true;
})
.catch(function(e) {
// not for me
});
}).fail(function(e) {
error("offline", true);
});
}).fail(function(e) {
error("get sender's key from server failed", true);
});
});
}
}).fail(function(e) {
error("get messages failed")
});
}
}).fail(function(e) {
error("offline", true)
});
setTimeout(get, 10000);
}
function sendmessage(recv, txt) {
notice("1/3 preparing message ...");
$("#message").fadeOut("slow");
$.post("pubkey.php", {user: recv}).done(function(pk) {
var res=JSON.parse(pk);
var key=openpgp.key.readArmored(res);
if (!res||key.err) {
$("#message").fadeIn("slow");
error("key of receiver not found", true);
return;
}
var privkey = privateKey().keys[0];
privkey.decrypt(password);
var message = JSON.stringify({text: txt, files: filecontent});
notice("2/3 encrypting message ...");
openpgp.signAndEncryptMessage(key.keys.concat(publicKey().keys), privkey, message)
.then(function(msg) {
notice("3/3 sending message ...");
$.post("send.php", {user: userid(), msg: msg})
.done(function(res) {
if (JSON.parse(res)) {
$("#message").fadeIn("slow");
clearmessage();
success("message sent");
} else {
$("#message").fadeIn("slow");
error("error sending message", true);
}
$.post("pubkey.php", {user: recv})
.done(function(pk) {
var res=JSON.parse(pk);
var key=openpgp.key.readArmored(res);
if (!res||key.err) {
$("#message").fadeIn("slow");
error("key of receiver not found", true);
return;
}
var privkey = privateKey().keys[0];
privkey.decrypt(password);
var message = JSON.stringify({text: txt, files: filecontent});
notice("2/3 encrypting message ...");
openpgp.signAndEncryptMessage(key.keys.concat(publicKey().keys), privkey, message)
.then(function(msg) {
notice("3/3 sending message ...");
$.post("send.php", {user: userid(), msg: msg})
.done(function(res) {
var st = JSON.parse(res);
if (st.success) {
$("#message").fadeIn("slow");
clearmessage();
success(st.txt);
} else {
$("#message").fadeIn("slow");
error(st.txt, true);
}
})
.fail(function() {
error("offline", true);
});
})
.fail(error);
.catch(function(e) {
$("#message").fadeIn("slow");
error("encryption of message failed", true);
});
})
.catch(function(e) {
.fail(function(e) {
$("#message").fadeIn("slow");
error("encryption of message failed", true);
error("offline", true);
});
}).fail(function(e) {
$("#message").fadeIn("slow");
error("get receiver's key from server failed", true);
});
$("#message").fadeIn("slow");
}
@@ -316,7 +324,9 @@ function chat() {
$.ajax({url: "chat.html", success: function(res) {
status(res);
setTimeout(get, 2000);
}}).fail(error);
}}).fail(function() {
error("offline")
});
}
function login() {
@@ -324,22 +334,26 @@ function login() {
$.post("login.php", {user: userid(),
pubkey: localStorage.pubKey},
function(res) {
if (JSON.parse(res)) {
status("logged in ...", "successfully logged in");
var st = JSON.parse(res);
if (st.success) {
status("logged in ...", st.txt);
chat();
} else {
error("login failed");
error(st.txt);
}
}).fail(function(e) {
error(e);
});
})
.fail(function(e) {
error("offline");
});
}
function newuser() {
status("new user ...");
$.ajax({url: "newuser.html", success: function(res) {
status(res);
}}).fail(error);
}}).fail(function() {
error("offline");
});
}
function start() {

32
html/send.php
View File

@@ -1,16 +1,34 @@
<?php
require_once("messagetable.php");
try {
require_once("usertable.php");
$user = $db->real_escape_string($_REQUEST['user']);
$msg = $db->real_escape_string($_REQUEST['msg']);
$q = $db->query("insert into message (user, msg) values ('$user', '$msg');");
if ($q) {
echo json_encode(true);
$pgp = gnupg_init();
if (!$pgp) {
echo json_encode(array('success' => false, 'txt' => "pgp on server failed"));
} else {
error_log("Error storing message: ".$db->error);
echo json_encode(false);
$q = $db->query("select pubkey from user where name='$user';");
if (!$q || $q->num_rows!=1) {
echo json_encode(array('success' => false, 'txt' => "user not found on server"));
} else {
$pubkey = gnupg_import($pgp, $q->fetch_row()[0]);
if (!$pubkey) {
echo json_encode(array('success' => false, 'txt' => "wrong identity"));
} else {
require_once("messagetable.php");
$q = $db->query("insert into message (user, msg) values ('$user', '$msg');");
if ($q) {
echo json_encode(array('success' => true, 'txt' => "message stored"));
} else {
error_log("Error storing message: ".$db->error);
echo json_encode(array('success' => false, 'txt' => "storing message failed"));
}
}
}
}
} catch (Exception $e) {
echo json_encode(false);
error_log("Error storing message: ".$e->message);
echo json_encode(array('success' => false, 'txt' => "storing message failed"));
}
?>