smzint/Messages
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

working state

Browse source
This commit is contained in:
vincent 2025-04-20 10:27:35 +02:00
parent 74b5420aa9
commit 1d970f869c
3 changed files with 93 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
compose.php
View file

@ -9,9 +9,9 @@
<div>
<form method="POST" action="send.php">
<div><p><abbr title="Dies wird verwendet, um die Nachricht an die richtige Person zuzustellen. Nutzen Sie die Option, die für Sie angenehmer ist - Es hat keine Auswirkung auf das Ergebniss. Der Benutzername ist ein vom Nutzer selbst festgelegter Name bestehend aus Kleinbuchstaben und Zahlen. Die ID ist eine automatisch generierte Zeichenfolge, welche fest mit dem Account verknüpft ist.">Welche der folgenden Methoden möchten Sie verwenden, um den Empfänger festzulegen?</abbr></p>
<input type="radio" id="user_by_name" name="by" value="username">
<input type="radio" id="user_by_name" name="by" value="1">
<label for="user_by_id">Benutzername</label>
<input type="radio" id="user_by_id" name="by" value="id">
<input type="radio" id="user_by_id" name="by" value="0">
<label for="user_by_id">ID</label><br>
<input type="text" id="receiver" name="receiver">
</div>

83
read.php Normal file
View file

@ -0,0 +1,83 @@
<?php
/*
* smzint/Messages (c) schmamazon.com 2025
*/
include('../Auth/index.php');
$id = filter_var($_GET["id"], FILTER_SANITIZE_STRING);
function getMessageType($id){
global $dbservername;
global $dbusername;
global $dbpassword;
global $dbname;
global $uid;
$conn = new mysqli($dbservername, $dbusername, $dbpassword, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT sender, receiver FROM smz_messages_metadata WHERE message='$id'";
$result = $conn->query($sql);
$conn->close();
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
if ($row["sender"] == $uid){
return "internal";
}else if($row["receiver"] == $uid){
return "external";
}else{
return false;
}
}
} else {
return false;
}
}
function getData($id){
global $dbservername;
global $dbusername;
global $dbpassword;
global $dbname;
$conn = new mysqli($dbservername, $dbusername, $dbpassword, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$type = "".getMessageType($id)."_key";
$sql = "SELECT message_body, iv, $type FROM smz_messages_data WHERE message_id='$id'";
$result = $conn->query($sql);
$conn->close();
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
decrypt($row["$type"], $row["message_body"], $row["iv"]);
}
} else {
return false;
}
}
function decrypt($aeskey, $body, $iv){
include('keyGrab.php');
$key = grabPrivateKey();
$decryptedAesKey = '';
$decryptionOk = openssl_private_decrypt(base64_decode($aeskey), $decryptedAesKey, $key, OPENSSL_PKCS1_PADDING);
if ($decryptionOk === false) {
die("Fehler beim Entschlüsseln des AES-Schlüssels: " . openssl_error_string());
}
// Nachricht mit AES entschlüsseln
$decryptedMessage = openssl_decrypt(base64_decode($body), 'aes-256-cbc', $decryptedAesKey, 0, base64_decode($iv));
echo $decryptedMessage;
}
getData($id);
?>

16
send.php
View file

@ -8,13 +8,13 @@ include('../Auth/index.php');
$by = filter_var($_POST["by"], FILTER_SANITIZE_STRING);
$receiver = filter_var($_POST["receiver"], FILTER_SANITIZE_STRING);
$body = filter_var($_POST["body"], FILTER_SANITIZE_STRING);
$allowedTags = "<i><b><u><strong><em><p><div><h1><h2><h3><h4><h5><h6><a><sub><sup><mark>";
$body = strip_tags($_POST["body"], $allowedTags);
$color = filter_var($_POST["color"], FILTER_SANITIZE_STRING);
$body_hash = hash('sha256', $body);
$messageId = uniqid();
receiverCheck($by);
pushMetadata($messageId, $receiver, $color, $body_hash);
pushMetadata($messageId, $receiver, $color);
function receiverCheck($by){
@ -38,7 +38,7 @@ function receiverCheck($by){
}
}
function pushMetadata($messageId, $receiver, $color, $body_hash){
function pushMetadata($messageId, $receiver, $color){
$sender_info = "".$_SERVER['REMOTE_ADDR'].", ". $_SERVER['HTTP_USER_AGENT']."";
global $dbservername;
@ -51,7 +51,7 @@ function pushMetadata($messageId, $receiver, $color, $body_hash){
if ($conn->connect_error) {
die("Server Error");
}
$sql = "INSERT INTO smz_messages_metadata (message, sender, receiver, sender_info, color, body_hash) VALUES ('$messageId', '$uid', '$receiver', '$sender_info', '$color', '$body_hash')";
$sql = "INSERT INTO smz_messages_metadata (message, sender, receiver, sender_info, color) VALUES ('$messageId', '$uid', '$receiver', '$sender_info', '$color')";
if ($conn->query($sql) === TRUE) {
echo "Metadaten erfolgreich gespeichert";
@ -64,7 +64,7 @@ function pushMetadata($messageId, $receiver, $color, $body_hash){
}
function pushData($messageId, $body, $internal_key, $external_key){
function pushData($messageId, $body, $iv, $internal_key, $external_key){
global $dbservername;
global $dbusername;
global $dbpassword;
@ -74,7 +74,7 @@ function pushData($messageId, $body, $internal_key, $external_key){
if ($conn->connect_error) {
die("Server Error");
}
$sql = "INSERT INTO smz_messages_data (message_id, message_body, internal_key, external_key) VALUES ('$messageId', '$body', '$internal_key', '$external_key')";
$sql = "INSERT INTO smz_messages_data (message_id, message_body, iv, internal_key, external_key) VALUES ('$messageId', '$body', '$iv', '$internal_key', '$external_key')";
if ($conn->query($sql) === TRUE) {
echo "DATA erfolgreich gespeichert";
@ -120,6 +120,6 @@ $ivBase64 = base64_encode($iv);
// die("Fehler beim Verschlüsseln (external): " . openssl_error_string());
// }
pushData($messageId, $encryptedMessageBase64, $encryptedAesKeyBase64INT, $encryptedAesKeyBase64EXT);
pushData($messageId, $encryptedMessageBase64, $ivBase64, $encryptedAesKeyBase64INT, $encryptedAesKeyBase64EXT);
echo "<h1>ERFOLG</1>";
?>