some checks on server side

php
Marc Wäckerlin 10 years ago
parent 2951bc8b91
commit 829fb33818
  1. 28
      html/login.php
  2. 2
      html/pubkey.php
  3. 196
      html/safechat.js
  4. 32
      html/send.php

@ -1,18 +1,28 @@
<?php <?php
require_once("usertable.php");
try { try {
require_once("usertable.php");
$user = $db->real_escape_string($_REQUEST['user']); $user = $db->real_escape_string($_REQUEST['user']);
$pubkey = $db->real_escape_string($_REQUEST['pubkey']); $pubkey = $db->real_escape_string($_REQUEST['pubkey']);
$q = $db->query("select * from user where name='$user' and pubkey='$pubkey';"); $pgp = gnupg_init();
if ($q->num_rows==1) { if (!$pgp) {
echo json_encode(true); echo json_encode(array('success' => false, 'txt' => "pgp on server failed"));
} elseif ($q->num_rows==0) {
$q = $db->query("insert into user (name, pubkey) values ('$user', '$pubkey');");
echo json_encode(true);
} else { } else {
echo json_encode(false); $verify = gnupg_import($pgp, $_REQUEST['pubkey']);
if (!$verify) {
echo json_encode(array('success' => false, 'txt' => "wrong identity"));
} else {
$q = $db->query("select * from user where name='$user' and pubkey='$pubkey';");
if ($q->num_rows==1) {
echo json_encode(array('success' => true, 'txt' => "user verified"));
} elseif ($q->num_rows==0) {
$q = $db->query("insert into user (name, pubkey) values ('$user', '$pubkey');");
echo json_encode(array('success' => true, 'txt' => "user created"));
} else {
echo json_encode(array('success' => false, 'txt' => "server database defect"));
}
}
} }
} catch (Exception $e) { } catch (Exception $e) {
echo json_encode(false); echo json_encode(array('success' => false, 'txt' => "login failed"));
} }
?> ?>

@ -1,6 +1,6 @@
<?php <?php
require_once("usertable.php");
try { try {
require_once("usertable.php");
$user = $db->real_escape_string($_REQUEST['user']); $user = $db->real_escape_string($_REQUEST['user']);
$q = $db->query("select pubkey from user where name='$user';"); $q = $db->query("select pubkey from user where name='$user';");
if ($q->num_rows==1) { if ($q->num_rows==1) {

@ -82,7 +82,7 @@ function checkuser(user) {
}).fail(function(res) { }).fail(function(res) {
username=null; username=null;
$("#createuser").prop("disabled", !(username && password)); $("#createuser").prop("disabled", !(username && password));
error(res); error("offline");
}); });
} }
@ -114,7 +114,7 @@ function checkpartner(user) {
$("#send").prop("disabled", false); $("#send").prop("disabled", false);
success("receiver exists"); success("receiver exists");
}).fail(function(res) { }).fail(function(res) {
notice("cannot connect to server: "+res); error("offline", true);
$("#send").prop("disabled", true); $("#send").prop("disabled", true);
}); });
} }
@ -161,11 +161,11 @@ function clearmessage() {
function attachments(files, id) { function attachments(files, id) {
if (files) files.forEach(function(file) { if (files) files.forEach(function(file) {
//if (file.content.length<1000000) { if (file.content.length<1000000) {
var img = document.createElement('img'); var img = document.createElement('img');
img.src = 'data:'+file.type+';base64,' + file.content; img.src = 'data:'+file.type+';base64,' + file.content;
$(id).append(img); $(id).append(img);
//} }
}); });
} }
@ -203,97 +203,105 @@ function setreceiver(name) {
var startmsg = 0; // number of last downloaded message var startmsg = 0; // number of last downloaded message
function get() { function get() {
var beeped = false; var beeped = false;
$.post("get.php", {start: startmsg}).done(function(res) { $.post("get.php", {start: startmsg})
var msgs = JSON.parse(res); .done(function(res) {
if (msgs) { var msgs = JSON.parse(res);
msgs.forEach(function(e) { if (msgs) {
if (startmsg<Number(e.id)) startmsg = Number(e.id); msgs.forEach(function(e) {
$.post("pubkey.php", {user: e.user}).done(function(pk) { if (startmsg<Number(e.id)) startmsg = Number(e.id);
var res=JSON.parse(pk); $.post("pubkey.php", {user: e.user})
var key=openpgp.key.readArmored(res); .done(function(pk) {
if (!res||key.err) { var res=JSON.parse(pk);
setTimeout(get, 10000); var key=openpgp.key.readArmored(res);
return error("key of receiver not found", true); if (!res||key.err) {
} setTimeout(get, 10000);
var message = openpgp.message.readArmored(e.msg); return error("key of receiver not found", true);
var privkey = privateKey().keys[0]; }
if (privkey.decrypt(password)) var message = openpgp.message.readArmored(e.msg);
openpgp.decryptAndVerifyMessage(privkey, key.keys, message) var privkey = privateKey().keys[0];
.then(function(msg) { if (privkey.decrypt(password))
var message = JSON.parse(msg.text); openpgp.decryptAndVerifyMessage(privkey, key.keys, message)
$("#msgs") // todo: check msg.signatures[0].valid .then(function(msg) {
.prepend('<div id="id'+(e.id)+'" class="msg '+ var message = JSON.parse(msg.text);
(e.user==userid()?"me":"other")+ $("#msgs") // todo: check msg.signatures[0].valid
'"><div class="header">'+ .prepend('<div id="id'+(e.id)+'" class="msg '+
'<span class="date">'+ (e.user==userid()?"me":"other")+
(new Date(1000*Number(e.time))).toLocaleString()+ '"><div class="header">'+
'</span><span class="sender">'+ '<span class="date">'+
'<a href="javascript:void(0)" onclick="setreceiver(this.innerHTML)">'+ (new Date(1000*Number(e.time))).toLocaleString()+
e.user+ '</span><span class="sender">'+
'</a></span></div>'+ '<a href="javascript:void(0)" '+
'<div class="text">'+ 'onclick="setreceiver(this.innerHTML)">'+
message.text+ e.user+
'</div></div><div class="clear"/>'); '</a></span></div>'+
attachments(message.files, '#id'+e.id+' .text'); '<div class="text">'+
$('#id'+e.id).emoticonize(); message.text+
if (!beeped) '</div></div><div class="clear"/>');
(new Audio("A-Tone-His_Self-1266414414.mp3")) attachments(message.files, '#id'+e.id+' .text');
.play(); $('#id'+e.id).emoticonize();
beeped = true; if (!beeped)
}) (new Audio("A-Tone-His_Self-1266414414.mp3"))
.catch(function(e) { .play();
// not for me beeped = true;
})
.catch(function(e) {
// not for me
});
}).fail(function(e) {
error("offline", true);
}); });
}).fail(function(e) {
error("get sender's key from server failed", true);
}); });
}); }
} }).fail(function(e) {
}).fail(function(e) { error("offline", true)
error("get messages failed") });
});
setTimeout(get, 10000); setTimeout(get, 10000);
} }
function sendmessage(recv, txt) { function sendmessage(recv, txt) {
notice("1/3 preparing message ..."); notice("1/3 preparing message ...");
$("#message").fadeOut("slow"); $("#message").fadeOut("slow");
$.post("pubkey.php", {user: recv}).done(function(pk) { $.post("pubkey.php", {user: recv})
var res=JSON.parse(pk); .done(function(pk) {
var key=openpgp.key.readArmored(res); var res=JSON.parse(pk);
if (!res||key.err) { var key=openpgp.key.readArmored(res);
$("#message").fadeIn("slow"); if (!res||key.err) {
error("key of receiver not found", true); $("#message").fadeIn("slow");
return; error("key of receiver not found", true);
} return;
var privkey = privateKey().keys[0]; }
privkey.decrypt(password); var privkey = privateKey().keys[0];
var message = JSON.stringify({text: txt, files: filecontent}); privkey.decrypt(password);
notice("2/3 encrypting message ..."); var message = JSON.stringify({text: txt, files: filecontent});
openpgp.signAndEncryptMessage(key.keys.concat(publicKey().keys), privkey, message) notice("2/3 encrypting message ...");
.then(function(msg) { openpgp.signAndEncryptMessage(key.keys.concat(publicKey().keys), privkey, message)
notice("3/3 sending message ..."); .then(function(msg) {
$.post("send.php", {user: userid(), msg: msg}) notice("3/3 sending message ...");
.done(function(res) { $.post("send.php", {user: userid(), msg: msg})
if (JSON.parse(res)) { .done(function(res) {
$("#message").fadeIn("slow"); var st = JSON.parse(res);
clearmessage(); if (st.success) {
success("message sent"); $("#message").fadeIn("slow");
} else { clearmessage();
$("#message").fadeIn("slow"); success(st.txt);
error("error sending message", true); } else {
} $("#message").fadeIn("slow");
error(st.txt, true);
}
})
.fail(function() {
error("offline", true);
});
}) })
.fail(error); .catch(function(e) {
$("#message").fadeIn("slow");
error("encryption of message failed", true);
});
}) })
.catch(function(e) { .fail(function(e) {
$("#message").fadeIn("slow"); $("#message").fadeIn("slow");
error("encryption of message failed", true); error("offline", true);
}); });
}).fail(function(e) {
$("#message").fadeIn("slow");
error("get receiver's key from server failed", true);
});
$("#message").fadeIn("slow"); $("#message").fadeIn("slow");
} }
@ -316,7 +324,9 @@ function chat() {
$.ajax({url: "chat.html", success: function(res) { $.ajax({url: "chat.html", success: function(res) {
status(res); status(res);
setTimeout(get, 2000); setTimeout(get, 2000);
}}).fail(error); }}).fail(function() {
error("offline")
});
} }
function login() { function login() {
@ -324,22 +334,26 @@ function login() {
$.post("login.php", {user: userid(), $.post("login.php", {user: userid(),
pubkey: localStorage.pubKey}, pubkey: localStorage.pubKey},
function(res) { function(res) {
if (JSON.parse(res)) { var st = JSON.parse(res);
status("logged in ...", "successfully logged in"); if (st.success) {
status("logged in ...", st.txt);
chat(); chat();
} else { } else {
error("login failed"); error(st.txt);
} }
}).fail(function(e) { })
error(e); .fail(function(e) {
}); error("offline");
});
} }
function newuser() { function newuser() {
status("new user ..."); status("new user ...");
$.ajax({url: "newuser.html", success: function(res) { $.ajax({url: "newuser.html", success: function(res) {
status(res); status(res);
}}).fail(error); }}).fail(function() {
error("offline");
});
} }
function start() { function start() {

@ -1,16 +1,34 @@
<?php <?php
require_once("messagetable.php");
try { try {
require_once("usertable.php");
$user = $db->real_escape_string($_REQUEST['user']); $user = $db->real_escape_string($_REQUEST['user']);
$msg = $db->real_escape_string($_REQUEST['msg']); $msg = $db->real_escape_string($_REQUEST['msg']);
$q = $db->query("insert into message (user, msg) values ('$user', '$msg');"); $pgp = gnupg_init();
if ($q) { if (!$pgp) {
echo json_encode(true); echo json_encode(array('success' => false, 'txt' => "pgp on server failed"));
} else { } else {
error_log("Error storing message: ".$db->error); $q = $db->query("select pubkey from user where name='$user';");
echo json_encode(false); if (!$q || $q->num_rows!=1) {
echo json_encode(array('success' => false, 'txt' => "user not found on server"));
} else {
$pubkey = gnupg_import($pgp, $q->fetch_row()[0]);
if (!$pubkey) {
echo json_encode(array('success' => false, 'txt' => "wrong identity"));
} else {
require_once("messagetable.php");
$q = $db->query("insert into message (user, msg) values ('$user', '$msg');");
if ($q) {
echo json_encode(array('success' => true, 'txt' => "message stored"));
} else {
error_log("Error storing message: ".$db->error);
echo json_encode(array('success' => false, 'txt' => "storing message failed"));
}
}
}
} }
} catch (Exception $e) { } catch (Exception $e) {
echo json_encode(false); error_log("Error storing message: ".$e->message);
echo json_encode(array('success' => false, 'txt' => "storing message failed"));
} }
?> ?>
Loading…
Cancel
Save