diff --git a/compose.php b/compose.php index 181d8fa..f57df1f 100644 --- a/compose.php +++ b/compose.php @@ -9,9 +9,9 @@

Welche der folgenden Methoden möchten Sie verwenden, um den Empfänger festzulegen?

- + - +
diff --git a/read.php b/read.php new file mode 100644 index 0000000..2c54ef5 --- /dev/null +++ b/read.php @@ -0,0 +1,83 @@ +connect_error) { + die("Connection failed: " . $conn->connect_error); + } + + $sql = "SELECT sender, receiver FROM smz_messages_metadata WHERE message='$id'"; + $result = $conn->query($sql); + $conn->close(); + if ($result->num_rows > 0) { + while($row = $result->fetch_assoc()) { + if ($row["sender"] == $uid){ + return "internal"; + }else if($row["receiver"] == $uid){ + return "external"; + }else{ + return false; + } + } + } else { + return false; + } +} + +function getData($id){ + global $dbservername; + global $dbusername; + global $dbpassword; + global $dbname; + $conn = new mysqli($dbservername, $dbusername, $dbpassword, $dbname); + if ($conn->connect_error) { + die("Connection failed: " . $conn->connect_error); + } + $type = "".getMessageType($id)."_key"; + + $sql = "SELECT message_body, iv, $type FROM smz_messages_data WHERE message_id='$id'"; + $result = $conn->query($sql); + $conn->close(); + if ($result->num_rows > 0) { + while($row = $result->fetch_assoc()) { + decrypt($row["$type"], $row["message_body"], $row["iv"]); + } + } else { + return false; + } +} + +function decrypt($aeskey, $body, $iv){ + include('keyGrab.php'); + $key = grabPrivateKey(); + + $decryptedAesKey = ''; + $decryptionOk = openssl_private_decrypt(base64_decode($aeskey), $decryptedAesKey, $key, OPENSSL_PKCS1_PADDING); + + if ($decryptionOk === false) { + die("Fehler beim Entschlüsseln des AES-Schlüssels: " . openssl_error_string()); + } + + // Nachricht mit AES entschlüsseln + $decryptedMessage = openssl_decrypt(base64_decode($body), 'aes-256-cbc', $decryptedAesKey, 0, base64_decode($iv)); + + echo $decryptedMessage; +} + + +getData($id); + + ?> diff --git a/send.php b/send.php index a895af3..ff03abe 100644 --- a/send.php +++ b/send.php @@ -8,13 +8,13 @@ include('../Auth/index.php'); $by = filter_var($_POST["by"], FILTER_SANITIZE_STRING); $receiver = filter_var($_POST["receiver"], FILTER_SANITIZE_STRING); -$body = filter_var($_POST["body"], FILTER_SANITIZE_STRING); +$allowedTags = "

"; +$body = strip_tags($_POST["body"], $allowedTags); $color = filter_var($_POST["color"], FILTER_SANITIZE_STRING); -$body_hash = hash('sha256', $body); $messageId = uniqid(); receiverCheck($by); -pushMetadata($messageId, $receiver, $color, $body_hash); +pushMetadata($messageId, $receiver, $color); function receiverCheck($by){ @@ -38,7 +38,7 @@ function receiverCheck($by){ } } -function pushMetadata($messageId, $receiver, $color, $body_hash){ +function pushMetadata($messageId, $receiver, $color){ $sender_info = "".$_SERVER['REMOTE_ADDR'].", ". $_SERVER['HTTP_USER_AGENT'].""; global $dbservername; @@ -51,7 +51,7 @@ function pushMetadata($messageId, $receiver, $color, $body_hash){ if ($conn->connect_error) { die("Server Error"); } - $sql = "INSERT INTO smz_messages_metadata (message, sender, receiver, sender_info, color, body_hash) VALUES ('$messageId', '$uid', '$receiver', '$sender_info', '$color', '$body_hash')"; + $sql = "INSERT INTO smz_messages_metadata (message, sender, receiver, sender_info, color) VALUES ('$messageId', '$uid', '$receiver', '$sender_info', '$color')"; if ($conn->query($sql) === TRUE) { echo "Metadaten erfolgreich gespeichert"; @@ -64,7 +64,7 @@ function pushMetadata($messageId, $receiver, $color, $body_hash){ } -function pushData($messageId, $body, $internal_key, $external_key){ +function pushData($messageId, $body, $iv, $internal_key, $external_key){ global $dbservername; global $dbusername; global $dbpassword; @@ -74,7 +74,7 @@ function pushData($messageId, $body, $internal_key, $external_key){ if ($conn->connect_error) { die("Server Error"); } - $sql = "INSERT INTO smz_messages_data (message_id, message_body, internal_key, external_key) VALUES ('$messageId', '$body', '$internal_key', '$external_key')"; + $sql = "INSERT INTO smz_messages_data (message_id, message_body, iv, internal_key, external_key) VALUES ('$messageId', '$body', '$iv', '$internal_key', '$external_key')"; if ($conn->query($sql) === TRUE) { echo "DATA erfolgreich gespeichert"; @@ -120,6 +120,6 @@ $ivBase64 = base64_encode($iv); // die("Fehler beim Verschlüsseln (external): " . openssl_error_string()); // } -pushData($messageId, $encryptedMessageBase64, $encryptedAesKeyBase64INT, $encryptedAesKeyBase64EXT); +pushData($messageId, $encryptedMessageBase64, $ivBase64, $encryptedAesKeyBase64INT, $encryptedAesKeyBase64EXT); echo "

ERFOLG"; ?>