116 lines
3.4 KiB
PHP
116 lines
3.4 KiB
PHP
<?php
|
|
|
|
/*
|
|
* smzint/Messages (c) schmamazon.com 2025
|
|
*/
|
|
|
|
include('../Auth/index.php');
|
|
include('ready.php');
|
|
|
|
$by = filter_var($_POST["by"], FILTER_SANITIZE_STRING);
|
|
$receiver = filter_var($_POST["receiver"], FILTER_SANITIZE_STRING);
|
|
$allowedTags = "<i><b><u><strong><em><p><div><h1><h2><h3><h4><h5><h6><a><sub><sup><mark>";
|
|
$body = strip_tags($_POST["body"], $allowedTags);
|
|
$color = filter_var($_POST["color"], FILTER_SANITIZE_STRING);
|
|
$messageId = uniqid();
|
|
|
|
receiverCheck($by);
|
|
pushMetadata($messageId, $receiver, $color);
|
|
|
|
|
|
function receiverCheck($by){
|
|
global $receiver;
|
|
include('search.php');
|
|
switch ($by) {
|
|
case '0':
|
|
if (uid($receiver) == false){
|
|
echo "FATAL: Empfänger ($receiver) nicht gefunden (searched by ID)";
|
|
die();
|
|
}
|
|
break;
|
|
|
|
case '1':
|
|
if (username($receiver) == false){
|
|
echo "FATAL: Empfänger ($receiver) nicht gefunden (searched by NAME)";
|
|
}else{
|
|
$receiver = username($receiver);
|
|
}
|
|
break;
|
|
}
|
|
}
|
|
|
|
function pushMetadata($messageId, $receiver, $color){
|
|
$sender_info = "".$_SERVER['REMOTE_ADDR'].", ". $_SERVER['HTTP_USER_AGENT']."";
|
|
|
|
global $dbservername;
|
|
global $dbusername;
|
|
global $dbpassword;
|
|
global $dbname;
|
|
global $uid;
|
|
|
|
$conn = new mysqli($dbservername, $dbusername, $dbpassword, $dbname);
|
|
if ($conn->connect_error) {
|
|
die("Server Error");
|
|
}
|
|
$sql = "INSERT INTO smz_messages_metadata (message, sender, receiver, sender_info, color) VALUES ('$messageId', '$uid', '$receiver', '$sender_info', '$color')";
|
|
|
|
if ($conn->query($sql) === TRUE) {
|
|
echo "Metadaten erfolgreich gespeichert";
|
|
} else {
|
|
echo "Error: " . $sql . "<br>" . $conn->error;
|
|
}
|
|
|
|
$conn->close();
|
|
|
|
}
|
|
|
|
|
|
function pushData($messageId, $body, $iv, $internal_key, $external_key){
|
|
global $dbservername;
|
|
global $dbusername;
|
|
global $dbpassword;
|
|
global $dbname;
|
|
|
|
$conn = new mysqli($dbservername, $dbusername, $dbpassword, $dbname);
|
|
if ($conn->connect_error) {
|
|
die("Server Error");
|
|
}
|
|
$sql = "INSERT INTO smz_messages_data (message_id, message_body, iv, internal_key, external_key) VALUES ('$messageId', '$body', '$iv', '$internal_key', '$external_key')";
|
|
|
|
if ($conn->query($sql) === TRUE) {
|
|
echo "DATA erfolgreich gespeichert";
|
|
} else {
|
|
echo "Error: " . $sql . "<br>" . $conn->error;
|
|
}
|
|
|
|
$conn->close();
|
|
}
|
|
|
|
include('keyGrab.php');
|
|
$sender_key = grabPublicKey($uid);
|
|
$receiver_key = grabPublicKey($receiver);
|
|
|
|
$aesKey = openssl_random_pseudo_bytes(32);
|
|
$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-128-cbc'));
|
|
$encryptedBody = openssl_encrypt($body, 'aes-128-cbc', $aesKey, 0, $iv);
|
|
|
|
|
|
$encryptedAesKey = '';
|
|
$encryptionOkEXT = openssl_public_encrypt($aesKey, $encryptedAesKeyEXTERNAL, $receiver_key, OPENSSL_PKCS1_PADDING);
|
|
$encryptionOkINT = openssl_public_encrypt($aesKey, $encryptedAesKeyINTERNAL, $sender_key, OPENSSL_PKCS1_PADDING);
|
|
|
|
if ($encryptionOkEXT === false) {
|
|
die("Fehler beim Verschlüsseln des AES-Schlüssels (EXTERNAL): " . openssl_error_string());
|
|
}
|
|
if ($encryptionOkINT === false) {
|
|
die("Fehler beim Verschlüsseln des AES-Schlüssels (INTERNAL): " . openssl_error_string());
|
|
}
|
|
|
|
$encryptedMessageBase64 = base64_encode($encryptedBody);
|
|
$encryptedAesKeyBase64EXT = base64_encode($encryptedAesKeyEXTERNAL);
|
|
$encryptedAesKeyBase64INT = base64_encode($encryptedAesKeyINTERNAL);
|
|
$ivBase64 = base64_encode($iv);
|
|
|
|
pushData($messageId, $encryptedMessageBase64, $ivBase64, $encryptedAesKeyBase64INT, $encryptedAesKeyBase64EXT);
|
|
echo "<h1>ERFOLG</1>";
|
|
?>
|