some checks on server side

php
Marc Wäckerlin 10 years ago
parent 2951bc8b91
commit 829fb33818
  1. 20
      html/login.php
  2. 2
      html/pubkey.php
  3. 60
      html/safechat.js
  4. 26
      html/send.php

@ -1,18 +1,28 @@
<?php
require_once("usertable.php");
try {
require_once("usertable.php");
$user = $db->real_escape_string($_REQUEST['user']);
$pubkey = $db->real_escape_string($_REQUEST['pubkey']);
$pgp = gnupg_init();
if (!$pgp) {
echo json_encode(array('success' => false, 'txt' => "pgp on server failed"));
} else {
$verify = gnupg_import($pgp, $_REQUEST['pubkey']);
if (!$verify) {
echo json_encode(array('success' => false, 'txt' => "wrong identity"));
} else {
$q = $db->query("select * from user where name='$user' and pubkey='$pubkey';");
if ($q->num_rows==1) {
echo json_encode(true);
echo json_encode(array('success' => true, 'txt' => "user verified"));
} elseif ($q->num_rows==0) {
$q = $db->query("insert into user (name, pubkey) values ('$user', '$pubkey');");
echo json_encode(true);
echo json_encode(array('success' => true, 'txt' => "user created"));
} else {
echo json_encode(false);
echo json_encode(array('success' => false, 'txt' => "server database defect"));
}
}
}
} catch (Exception $e) {
echo json_encode(false);
echo json_encode(array('success' => false, 'txt' => "login failed"));
}
?>

@ -1,6 +1,6 @@
<?php
require_once("usertable.php");
try {
require_once("usertable.php");
$user = $db->real_escape_string($_REQUEST['user']);
$q = $db->query("select pubkey from user where name='$user';");
if ($q->num_rows==1) {

@ -82,7 +82,7 @@ function checkuser(user) {
}).fail(function(res) {
username=null;
$("#createuser").prop("disabled", !(username && password));
error(res);
error("offline");
});
}
@ -114,7 +114,7 @@ function checkpartner(user) {
$("#send").prop("disabled", false);
success("receiver exists");
}).fail(function(res) {
notice("cannot connect to server: "+res);
error("offline", true);
$("#send").prop("disabled", true);
});
}
@ -161,11 +161,11 @@ function clearmessage() {
function attachments(files, id) {
if (files) files.forEach(function(file) {
//if (file.content.length<1000000) {
if (file.content.length<1000000) {
var img = document.createElement('img');
img.src = 'data:'+file.type+';base64,' + file.content;
$(id).append(img);
//}
}
});
}
@ -203,12 +203,14 @@ function setreceiver(name) {
var startmsg = 0; // number of last downloaded message
function get() {
var beeped = false;
$.post("get.php", {start: startmsg}).done(function(res) {
$.post("get.php", {start: startmsg})
.done(function(res) {
var msgs = JSON.parse(res);
if (msgs) {
msgs.forEach(function(e) {
if (startmsg<Number(e.id)) startmsg = Number(e.id);
$.post("pubkey.php", {user: e.user}).done(function(pk) {
$.post("pubkey.php", {user: e.user})
.done(function(pk) {
var res=JSON.parse(pk);
var key=openpgp.key.readArmored(res);
if (!res||key.err) {
@ -228,7 +230,8 @@ function get() {
'<span class="date">'+
(new Date(1000*Number(e.time))).toLocaleString()+
'</span><span class="sender">'+
'<a href="javascript:void(0)" onclick="setreceiver(this.innerHTML)">'+
'<a href="javascript:void(0)" '+
'onclick="setreceiver(this.innerHTML)">'+
e.user+
'</a></span></div>'+
'<div class="text">'+
@ -245,12 +248,12 @@ function get() {
// not for me
});
}).fail(function(e) {
error("get sender's key from server failed", true);
error("offline", true);
});
});
}
}).fail(function(e) {
error("get messages failed")
error("offline", true)
});
setTimeout(get, 10000);
}
@ -258,7 +261,8 @@ function get() {
function sendmessage(recv, txt) {
notice("1/3 preparing message ...");
$("#message").fadeOut("slow");
$.post("pubkey.php", {user: recv}).done(function(pk) {
$.post("pubkey.php", {user: recv})
.done(function(pk) {
var res=JSON.parse(pk);
var key=openpgp.key.readArmored(res);
if (!res||key.err) {
@ -275,24 +279,28 @@ function sendmessage(recv, txt) {
notice("3/3 sending message ...");
$.post("send.php", {user: userid(), msg: msg})
.done(function(res) {
if (JSON.parse(res)) {
var st = JSON.parse(res);
if (st.success) {
$("#message").fadeIn("slow");
clearmessage();
success("message sent");
success(st.txt);
} else {
$("#message").fadeIn("slow");
error("error sending message", true);
error(st.txt, true);
}
})
.fail(error);
.fail(function() {
error("offline", true);
});
})
.catch(function(e) {
$("#message").fadeIn("slow");
error("encryption of message failed", true);
});
}).fail(function(e) {
})
.fail(function(e) {
$("#message").fadeIn("slow");
error("get receiver's key from server failed", true);
error("offline", true);
});
$("#message").fadeIn("slow");
}
@ -316,7 +324,9 @@ function chat() {
$.ajax({url: "chat.html", success: function(res) {
status(res);
setTimeout(get, 2000);
}}).fail(error);
}}).fail(function() {
error("offline")
});
}
function login() {
@ -324,14 +334,16 @@ function login() {
$.post("login.php", {user: userid(),
pubkey: localStorage.pubKey},
function(res) {
if (JSON.parse(res)) {
status("logged in ...", "successfully logged in");
var st = JSON.parse(res);
if (st.success) {
status("logged in ...", st.txt);
chat();
} else {
error("login failed");
error(st.txt);
}
}).fail(function(e) {
error(e);
})
.fail(function(e) {
error("offline");
});
}
@ -339,7 +351,9 @@ function newuser() {
status("new user ...");
$.ajax({url: "newuser.html", success: function(res) {
status(res);
}}).fail(error);
}}).fail(function() {
error("offline");
});
}
function start() {

@ -1,16 +1,34 @@
<?php
require_once("messagetable.php");
try {
require_once("usertable.php");
$user = $db->real_escape_string($_REQUEST['user']);
$msg = $db->real_escape_string($_REQUEST['msg']);
$pgp = gnupg_init();
if (!$pgp) {
echo json_encode(array('success' => false, 'txt' => "pgp on server failed"));
} else {
$q = $db->query("select pubkey from user where name='$user';");
if (!$q || $q->num_rows!=1) {
echo json_encode(array('success' => false, 'txt' => "user not found on server"));
} else {
$pubkey = gnupg_import($pgp, $q->fetch_row()[0]);
if (!$pubkey) {
echo json_encode(array('success' => false, 'txt' => "wrong identity"));
} else {
require_once("messagetable.php");
$q = $db->query("insert into message (user, msg) values ('$user', '$msg');");
if ($q) {
echo json_encode(true);
echo json_encode(array('success' => true, 'txt' => "message stored"));
} else {
error_log("Error storing message: ".$db->error);
echo json_encode(false);
echo json_encode(array('success' => false, 'txt' => "storing message failed"));
}
}
}
}
} catch (Exception $e) {
echo json_encode(false);
error_log("Error storing message: ".$e->message);
echo json_encode(array('success' => false, 'txt' => "storing message failed"));
}
?>
Loading…
Cancel
Save