diff --git a/compose.php b/compose.php index f57df1f..f1ddbb2 100644 --- a/compose.php +++ b/compose.php @@ -4,6 +4,8 @@

Messages Composer

diff --git a/inbox.php b/inbox.php index 0bfeb8e..12dd7bd 100644 --- a/inbox.php +++ b/inbox.php @@ -6,6 +6,7 @@ */ include('../Auth/index.php'); +include('ready.php'); $conn = new mysqli($dbservername, $dbusername, $dbpassword, $dbname); if ($conn->connect_error) { @@ -19,7 +20,7 @@ $conn = new mysqli($dbservername, $dbusername, $dbpassword, $dbname); include ('search.php'); echo ""; while($row = $result->fetch_assoc()) { - echo ""; + echo ""; } echo "
Absender:
".uid($row["sender"])."		Zeit:
".$row["datetime"]."
Absender:
".uid($row["sender"])."		Zeit:
".$row["datetime"]."
"; } else { diff --git a/index.php b/index.php index 23b031f..a3989b7 100644 --- a/index.php +++ b/index.php @@ -18,11 +18,7 @@ include('../Auth/index.php');

diff --git a/init.php b/init.php index 5f90a3a..19410da 100644 --- a/init.php +++ b/init.php @@ -4,11 +4,7 @@ * smzint/Messages (c) schmamazon.com 2025 */ -if(include('ready.php')){ - echo "FEHLER: Ihr Account scheint bereits inizialisiert worden zu sein."; - die(); -} - +include('../Auth/index.php'); if ($_SERVER["REQUEST_METHOD"] == "POST") { $username = filter_var($_POST["username"], FILTER_SANITIZE_STRING); @@ -33,8 +29,6 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") { if(password_verify($password, $upassword_hash)){ //Alle Schritte erfolgreich. Nun müssen die Schlüssel generiert werden. Der private key muss außerdem mit $password verschlüsselt werden. Dann müssen der $username, $publicKey und der verschlüsselte $privateKey in die Datenbank gespeichert werden. - // Hinweis: Die Erstellung mit openssl scheint missbilligt zu werden -> Investigieren - // Erstellung durch sodium ist zuvor jedoch fehlgeschlagen (Extension problems) $privateKeyobject = openssl_pkey_new(['private_key_bits' => 2048, 'private_key_type' => OPENSSL_KEYTYPE_RSA]); openssl_pkey_export($privateKeyobject, $privateKey); $keyDetails = openssl_pkey_get_details($privateKeyobject); @@ -63,6 +57,9 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") { if ($conn->query($sql) === TRUE) { echo "

ACCOUNT ERFOLGREICH EINGERICHTET\nSCHLIEẞEN SIE DIESEN TAB UMGEHEND!

"; + include 'welcomeSend.php'; + start($uid, $uname, $username); + header("Location: /smzint/Messages/"); } else { echo "Error: " . $sql . "
" . $conn->error; } @@ -86,10 +83,10 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {

- *
+ *

- *
+ *
diff --git a/keyGrab.php b/keyGrab.php index f23fd64..f299193 100644 --- a/keyGrab.php +++ b/keyGrab.php @@ -5,6 +5,7 @@ */ include('../Auth/index.php'); +include('ready.php'); function grabPublicKey($uid){ global $dbservername; diff --git a/read.php b/read.php index 025ac17..30f4251 100644 --- a/read.php +++ b/read.php @@ -5,6 +5,7 @@ */ include('../Auth/index.php'); +include('ready.php'); $id = filter_var($_POST["id"], FILTER_SANITIZE_STRING); $upassword = filter_var($_POST["upass"], FILTER_SANITIZE_STRING); @@ -74,7 +75,7 @@ function decrypt($aeskey, $body, $iv){ } // Nachricht mit AES entschlüsseln - $decryptedMessage = openssl_decrypt(base64_decode($body), 'aes-256-cbc', $decryptedAesKey, 0, base64_decode($iv)); + $decryptedMessage = openssl_decrypt(base64_decode($body), 'aes-128-cbc', $decryptedAesKey, 0, base64_decode($iv)); echo $decryptedMessage; } diff --git a/ready.php b/ready.php index 9c04867..2636bb6 100644 --- a/ready.php +++ b/ready.php @@ -6,8 +6,6 @@ include('../Auth/index.php'); -include('../Auth/db.ini.php'); - $conn = new mysqli($dbservername, $dbusername, $dbpassword, $dbname); if ($conn->connect_error) { die("Connection failed: " . $conn->connect_error); @@ -17,15 +15,13 @@ $sql = "SELECT * FROM smz_messages_users WHERE uid='$uid'"; $result = $conn->query($sql); if ($result->num_rows > 0) { while($row = $result->fetch_assoc()) { - $unique_name = $row["unique_name"]; - $f_name = $row["f_name"]; - $l_name = $row["l_name"]; - $phone = $row["phone"]; + $unique_name = $row["username"]; $init_date = $row["init_date"]; return true; } } else { - return false; + echo("Ihr Account wurde noch nicht für Messages eingerichtet."); + header("Location: /smzint/Messages/init.php"); } $conn->close(); diff --git a/send.php b/send.php index ff03abe..7e208e4 100644 --- a/send.php +++ b/send.php @@ -5,6 +5,7 @@ */ include('../Auth/index.php'); +include('ready.php'); $by = filter_var($_POST["by"], FILTER_SANITIZE_STRING); $receiver = filter_var($_POST["receiver"], FILTER_SANITIZE_STRING); @@ -90,8 +91,8 @@ $sender_key = grabPublicKey($uid); $receiver_key = grabPublicKey($receiver); $aesKey = openssl_random_pseudo_bytes(32); -$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc')); -$encryptedBody = openssl_encrypt($body, 'aes-256-cbc', $aesKey, 0, $iv); +$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-128-cbc')); +$encryptedBody = openssl_encrypt($body, 'aes-128-cbc', $aesKey, 0, $iv); $encryptedAesKey = ''; @@ -110,16 +111,6 @@ $encryptedAesKeyBase64EXT = base64_encode($encryptedAesKeyEXTERNAL); $encryptedAesKeyBase64INT = base64_encode($encryptedAesKeyINTERNAL); $ivBase64 = base64_encode($iv); -// $encryptedINTERNAL = openssl_public_encrypt($body, $encryptedBodyINTERNAL, $sender_key, OPENSSL_PKCS1_PADDING); -// $encryptedEXTERNAL = openssl_public_encrypt($body, $encryptedBodyEXTERNAL, $receiver_key, OPENSSL_PKCS1_PADDING); - -// if ($encryptedINTERNAL === false) { -// die("Fehler beim Verschlüsseln (internal): " . openssl_error_string()); -// } -// if ($encryptedEXTERNAL === false) { -// die("Fehler beim Verschlüsseln (external): " . openssl_error_string()); -// } - pushData($messageId, $encryptedMessageBase64, $ivBase64, $encryptedAesKeyBase64INT, $encryptedAesKeyBase64EXT); echo "

ERFOLG"; ?>