87 lines
2.2 KiB
PHP
87 lines
2.2 KiB
PHP
<?php
|
|
|
|
/*
|
|
* smzint/Messages (c) schmamazon.com 2025
|
|
*/
|
|
|
|
include('../Auth/index.php');
|
|
|
|
$id = filter_var($_POST["id"], FILTER_SANITIZE_STRING);
|
|
$upassword = filter_var($_POST["upass"], FILTER_SANITIZE_STRING);
|
|
|
|
function getMessageType($id){
|
|
global $dbservername;
|
|
global $dbusername;
|
|
global $dbpassword;
|
|
global $dbname;
|
|
global $uid;
|
|
$conn = new mysqli($dbservername, $dbusername, $dbpassword, $dbname);
|
|
if ($conn->connect_error) {
|
|
die("Connection failed: " . $conn->connect_error);
|
|
}
|
|
|
|
$sql = "SELECT sender, receiver FROM smz_messages_metadata WHERE message='$id'";
|
|
$result = $conn->query($sql);
|
|
$conn->close();
|
|
if ($result->num_rows > 0) {
|
|
while($row = $result->fetch_assoc()) {
|
|
if ($row["sender"] == $uid){
|
|
return "internal";
|
|
}else if($row["receiver"] == $uid){
|
|
return "external";
|
|
}else{
|
|
return false;
|
|
}
|
|
}
|
|
} else {
|
|
return false;
|
|
}
|
|
}
|
|
|
|
function getData($id){
|
|
global $dbservername;
|
|
global $dbusername;
|
|
global $dbpassword;
|
|
global $dbname;
|
|
$conn = new mysqli($dbservername, $dbusername, $dbpassword, $dbname);
|
|
if ($conn->connect_error) {
|
|
die("Connection failed: " . $conn->connect_error);
|
|
}
|
|
$type = "".getMessageType($id)."_key";
|
|
|
|
$sql = "SELECT message_body, iv, $type FROM smz_messages_data WHERE message_id='$id'";
|
|
$result = $conn->query($sql);
|
|
$conn->close();
|
|
if ($result->num_rows > 0) {
|
|
while($row = $result->fetch_assoc()) {
|
|
decrypt($row["$type"], $row["message_body"], $row["iv"]);
|
|
}
|
|
} else {
|
|
return false;
|
|
}
|
|
}
|
|
|
|
function decrypt($aeskey, $body, $iv){
|
|
global $upassword;
|
|
include('keyGrab.php');
|
|
$key = grabPrivateKey($upassword);
|
|
|
|
$decryptedAesKey = '';
|
|
$decryptionOk = openssl_private_decrypt(base64_decode($aeskey), $decryptedAesKey, $key, OPENSSL_PKCS1_PADDING);
|
|
|
|
if ($decryptionOk === false) {
|
|
die("Fehler beim Entschlüsseln des AES-Schlüssels: " . openssl_error_string());
|
|
}
|
|
|
|
// Nachricht mit AES entschlüsseln
|
|
$decryptedMessage = openssl_decrypt(base64_decode($body), 'aes-256-cbc', $decryptedAesKey, 0, base64_decode($iv));
|
|
|
|
echo $decryptedMessage;
|
|
}
|
|
|
|
if(!password_verify($upassword, $upassword_hash)){
|
|
die("Passwortfehler");
|
|
}
|
|
getData($id);
|
|
|
|
?>
|