some checks on server side

php
Marc Wäckerlin 10 years ago
parent 2951bc8b91
commit 829fb33818
  1. 20
      html/login.php
  2. 2
      html/pubkey.php
  3. 60
      html/safechat.js
  4. 26
      html/send.php

@ -1,18 +1,28 @@
<?php <?php
require_once("usertable.php");
try { try {
require_once("usertable.php");
$user = $db->real_escape_string($_REQUEST['user']); $user = $db->real_escape_string($_REQUEST['user']);
$pubkey = $db->real_escape_string($_REQUEST['pubkey']); $pubkey = $db->real_escape_string($_REQUEST['pubkey']);
$pgp = gnupg_init();
if (!$pgp) {
echo json_encode(array('success' => false, 'txt' => "pgp on server failed"));
} else {
$verify = gnupg_import($pgp, $_REQUEST['pubkey']);
if (!$verify) {
echo json_encode(array('success' => false, 'txt' => "wrong identity"));
} else {
$q = $db->query("select * from user where name='$user' and pubkey='$pubkey';"); $q = $db->query("select * from user where name='$user' and pubkey='$pubkey';");
if ($q->num_rows==1) { if ($q->num_rows==1) {
echo json_encode(true); echo json_encode(array('success' => true, 'txt' => "user verified"));
} elseif ($q->num_rows==0) { } elseif ($q->num_rows==0) {
$q = $db->query("insert into user (name, pubkey) values ('$user', '$pubkey');"); $q = $db->query("insert into user (name, pubkey) values ('$user', '$pubkey');");
echo json_encode(true); echo json_encode(array('success' => true, 'txt' => "user created"));
} else { } else {
echo json_encode(false); echo json_encode(array('success' => false, 'txt' => "server database defect"));
}
}
} }
} catch (Exception $e) { } catch (Exception $e) {
echo json_encode(false); echo json_encode(array('success' => false, 'txt' => "login failed"));
} }
?> ?>

@ -1,6 +1,6 @@
<?php <?php
require_once("usertable.php");
try { try {
require_once("usertable.php");
$user = $db->real_escape_string($_REQUEST['user']); $user = $db->real_escape_string($_REQUEST['user']);
$q = $db->query("select pubkey from user where name='$user';"); $q = $db->query("select pubkey from user where name='$user';");
if ($q->num_rows==1) { if ($q->num_rows==1) {

@ -82,7 +82,7 @@ function checkuser(user) {
}).fail(function(res) { }).fail(function(res) {
username=null; username=null;
$("#createuser").prop("disabled", !(username && password)); $("#createuser").prop("disabled", !(username && password));
error(res); error("offline");
}); });
} }
@ -114,7 +114,7 @@ function checkpartner(user) {
$("#send").prop("disabled", false); $("#send").prop("disabled", false);
success("receiver exists"); success("receiver exists");
}).fail(function(res) { }).fail(function(res) {
notice("cannot connect to server: "+res); error("offline", true);
$("#send").prop("disabled", true); $("#send").prop("disabled", true);
}); });
} }
@ -161,11 +161,11 @@ function clearmessage() {
function attachments(files, id) { function attachments(files, id) {
if (files) files.forEach(function(file) { if (files) files.forEach(function(file) {
//if (file.content.length<1000000) { if (file.content.length<1000000) {
var img = document.createElement('img'); var img = document.createElement('img');
img.src = 'data:'+file.type+';base64,' + file.content; img.src = 'data:'+file.type+';base64,' + file.content;
$(id).append(img); $(id).append(img);
//} }
}); });
} }
@ -203,12 +203,14 @@ function setreceiver(name) {
var startmsg = 0; // number of last downloaded message var startmsg = 0; // number of last downloaded message
function get() { function get() {
var beeped = false; var beeped = false;
$.post("get.php", {start: startmsg}).done(function(res) { $.post("get.php", {start: startmsg})
.done(function(res) {
var msgs = JSON.parse(res); var msgs = JSON.parse(res);
if (msgs) { if (msgs) {
msgs.forEach(function(e) { msgs.forEach(function(e) {
if (startmsg<Number(e.id)) startmsg = Number(e.id); if (startmsg<Number(e.id)) startmsg = Number(e.id);
$.post("pubkey.php", {user: e.user}).done(function(pk) { $.post("pubkey.php", {user: e.user})
.done(function(pk) {
var res=JSON.parse(pk); var res=JSON.parse(pk);
var key=openpgp.key.readArmored(res); var key=openpgp.key.readArmored(res);
if (!res||key.err) { if (!res||key.err) {
@ -228,7 +230,8 @@ function get() {
'<span class="date">'+ '<span class="date">'+
(new Date(1000*Number(e.time))).toLocaleString()+ (new Date(1000*Number(e.time))).toLocaleString()+
'</span><span class="sender">'+ '</span><span class="sender">'+
'<a href="javascript:void(0)" onclick="setreceiver(this.innerHTML)">'+ '<a href="javascript:void(0)" '+
'onclick="setreceiver(this.innerHTML)">'+
e.user+ e.user+
'</a></span></div>'+ '</a></span></div>'+
'<div class="text">'+ '<div class="text">'+
@ -245,12 +248,12 @@ function get() {
// not for me // not for me
}); });
}).fail(function(e) { }).fail(function(e) {
error("get sender's key from server failed", true); error("offline", true);
}); });
}); });
} }
}).fail(function(e) { }).fail(function(e) {
error("get messages failed") error("offline", true)
}); });
setTimeout(get, 10000); setTimeout(get, 10000);
} }
@ -258,7 +261,8 @@ function get() {
function sendmessage(recv, txt) { function sendmessage(recv, txt) {
notice("1/3 preparing message ..."); notice("1/3 preparing message ...");
$("#message").fadeOut("slow"); $("#message").fadeOut("slow");
$.post("pubkey.php", {user: recv}).done(function(pk) { $.post("pubkey.php", {user: recv})
.done(function(pk) {
var res=JSON.parse(pk); var res=JSON.parse(pk);
var key=openpgp.key.readArmored(res); var key=openpgp.key.readArmored(res);
if (!res||key.err) { if (!res||key.err) {
@ -275,24 +279,28 @@ function sendmessage(recv, txt) {
notice("3/3 sending message ..."); notice("3/3 sending message ...");
$.post("send.php", {user: userid(), msg: msg}) $.post("send.php", {user: userid(), msg: msg})
.done(function(res) { .done(function(res) {
if (JSON.parse(res)) { var st = JSON.parse(res);
if (st.success) {
$("#message").fadeIn("slow"); $("#message").fadeIn("slow");
clearmessage(); clearmessage();
success("message sent"); success(st.txt);
} else { } else {
$("#message").fadeIn("slow"); $("#message").fadeIn("slow");
error("error sending message", true); error(st.txt, true);
} }
}) })
.fail(error); .fail(function() {
error("offline", true);
});
}) })
.catch(function(e) { .catch(function(e) {
$("#message").fadeIn("slow"); $("#message").fadeIn("slow");
error("encryption of message failed", true); error("encryption of message failed", true);
}); });
}).fail(function(e) { })
.fail(function(e) {
$("#message").fadeIn("slow"); $("#message").fadeIn("slow");
error("get receiver's key from server failed", true); error("offline", true);
}); });
$("#message").fadeIn("slow"); $("#message").fadeIn("slow");
} }
@ -316,7 +324,9 @@ function chat() {
$.ajax({url: "chat.html", success: function(res) { $.ajax({url: "chat.html", success: function(res) {
status(res); status(res);
setTimeout(get, 2000); setTimeout(get, 2000);
}}).fail(error); }}).fail(function() {
error("offline")
});
} }
function login() { function login() {
@ -324,14 +334,16 @@ function login() {
$.post("login.php", {user: userid(), $.post("login.php", {user: userid(),
pubkey: localStorage.pubKey}, pubkey: localStorage.pubKey},
function(res) { function(res) {
if (JSON.parse(res)) { var st = JSON.parse(res);
status("logged in ...", "successfully logged in"); if (st.success) {
status("logged in ...", st.txt);
chat(); chat();
} else { } else {
error("login failed"); error(st.txt);
} }
}).fail(function(e) { })
error(e); .fail(function(e) {
error("offline");
}); });
} }
@ -339,7 +351,9 @@ function newuser() {
status("new user ..."); status("new user ...");
$.ajax({url: "newuser.html", success: function(res) { $.ajax({url: "newuser.html", success: function(res) {
status(res); status(res);
}}).fail(error); }}).fail(function() {
error("offline");
});
} }
function start() { function start() {

@ -1,16 +1,34 @@
<?php <?php
require_once("messagetable.php");
try { try {
require_once("usertable.php");
$user = $db->real_escape_string($_REQUEST['user']); $user = $db->real_escape_string($_REQUEST['user']);
$msg = $db->real_escape_string($_REQUEST['msg']); $msg = $db->real_escape_string($_REQUEST['msg']);
$pgp = gnupg_init();
if (!$pgp) {
echo json_encode(array('success' => false, 'txt' => "pgp on server failed"));
} else {
$q = $db->query("select pubkey from user where name='$user';");
if (!$q || $q->num_rows!=1) {
echo json_encode(array('success' => false, 'txt' => "user not found on server"));
} else {
$pubkey = gnupg_import($pgp, $q->fetch_row()[0]);
if (!$pubkey) {
echo json_encode(array('success' => false, 'txt' => "wrong identity"));
} else {
require_once("messagetable.php");
$q = $db->query("insert into message (user, msg) values ('$user', '$msg');"); $q = $db->query("insert into message (user, msg) values ('$user', '$msg');");
if ($q) { if ($q) {
echo json_encode(true); echo json_encode(array('success' => true, 'txt' => "message stored"));
} else { } else {
error_log("Error storing message: ".$db->error); error_log("Error storing message: ".$db->error);
echo json_encode(false); echo json_encode(array('success' => false, 'txt' => "storing message failed"));
}
}
}
} }
} catch (Exception $e) { } catch (Exception $e) {
echo json_encode(false); error_log("Error storing message: ".$e->message);
echo json_encode(array('success' => false, 'txt' => "storing message failed"));
} }
?> ?>
Loading…
Cancel
Save