smzint/Messages
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Messages/send.php
vincent 74b5420aa9 reorganized for hybrid encryption
2025-04-19 20:51:32 +02:00

125 lines
3.9 KiB
PHP
Raw Blame History

<?php
/*
* smzint/Messages (c) schmamazon.com 2025
*/
include('../Auth/index.php');
$by = filter_var($_POST["by"], FILTER_SANITIZE_STRING);
$receiver = filter_var($_POST["receiver"], FILTER_SANITIZE_STRING);
$body = filter_var($_POST["body"], FILTER_SANITIZE_STRING);
$color = filter_var($_POST["color"], FILTER_SANITIZE_STRING);
$body_hash = hash('sha256', $body);
$messageId = uniqid();
receiverCheck($by);
pushMetadata($messageId, $receiver, $color, $body_hash);
function receiverCheck($by){
global $receiver;
include('search.php');
switch ($by) {
case '0':
if (uid($receiver) == false){
echo "FATAL: Empfänger ($receiver) nicht gefunden (searched by ID)";
die();
}
break;
case '1':
if (username($receiver) == false){
echo "FATAL: Empfänger ($receiver) nicht gefunden (searched by NAME)";
}else{
$receiver = username($receiver);
}
break;
}
}
function pushMetadata($messageId, $receiver, $color, $body_hash){
$sender_info = "".$_SERVER['REMOTE_ADDR'].", ". $_SERVER['HTTP_USER_AGENT']."";
global $dbservername;
global $dbusername;
global $dbpassword;
global $dbname;
global $uid;
$conn = new mysqli($dbservername, $dbusername, $dbpassword, $dbname);
if ($conn->connect_error) {
die("Server Error");
}
$sql = "INSERT INTO smz_messages_metadata (message, sender, receiver, sender_info, color, body_hash) VALUES ('$messageId', '$uid', '$receiver', '$sender_info', '$color', '$body_hash')";
if ($conn->query($sql) === TRUE) {
echo "Metadaten erfolgreich gespeichert";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
}
function pushData($messageId, $body, $internal_key, $external_key){
global $dbservername;
global $dbusername;
global $dbpassword;
global $dbname;
$conn = new mysqli($dbservername, $dbusername, $dbpassword, $dbname);
if ($conn->connect_error) {
die("Server Error");
}
$sql = "INSERT INTO smz_messages_data (message_id, message_body, internal_key, external_key) VALUES ('$messageId', '$body', '$internal_key', '$external_key')";
if ($conn->query($sql) === TRUE) {
echo "DATA erfolgreich gespeichert";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
}
include('keyGrab.php');
$sender_key = grabPublicKey($uid);
$receiver_key = grabPublicKey($receiver);
$aesKey = openssl_random_pseudo_bytes(32);
$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc'));
$encryptedBody = openssl_encrypt($body, 'aes-256-cbc', $aesKey, 0, $iv);
$encryptedAesKey = '';
$encryptionOkEXT = openssl_public_encrypt($aesKey, $encryptedAesKeyEXTERNAL, $receiver_key, OPENSSL_PKCS1_PADDING);
$encryptionOkINT = openssl_public_encrypt($aesKey, $encryptedAesKeyINTERNAL, $sender_key, OPENSSL_PKCS1_PADDING);
if ($encryptionOkEXT === false) {
die("Fehler beim Verschlüsseln des AES-Schlüssels (EXTERNAL): " . openssl_error_string());
}
if ($encryptionOkINT === false) {
die("Fehler beim Verschlüsseln des AES-Schlüssels (INTERNAL): " . openssl_error_string());
}
$encryptedMessageBase64 = base64_encode($encryptedBody);
$encryptedAesKeyBase64EXT = base64_encode($encryptedAesKeyEXTERNAL);
$encryptedAesKeyBase64INT = base64_encode($encryptedAesKeyINTERNAL);
$ivBase64 = base64_encode($iv);
// $encryptedINTERNAL = openssl_public_encrypt($body, $encryptedBodyINTERNAL, $sender_key, OPENSSL_PKCS1_PADDING);
// $encryptedEXTERNAL = openssl_public_encrypt($body, $encryptedBodyEXTERNAL, $receiver_key, OPENSSL_PKCS1_PADDING);
// if ($encryptedINTERNAL === false) {
// die("Fehler beim Verschlüsseln (internal): " . openssl_error_string());
// }
// if ($encryptedEXTERNAL === false) {
// die("Fehler beim Verschlüsseln (external): " . openssl_error_string());
// }
pushData($messageId, $encryptedMessageBase64, $encryptedAesKeyBase64INT, $encryptedAesKeyBase64EXT);
echo "<h1>ERFOLG</1>";
?>
Reference in a new issue View git blame Copy permalink