Source Code:DeleteMessage.php
<!-- DeleteMessage.php -->
<!-- This Page Is Ready .................. -->
<?php
/*
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
?>
<!DOCTYPE html>
<html>
<meta charset=utf-8>
<head>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<div align="center" id="headerCODE">
<a href="code/CodeOfDeleteMessage.php"></><font color="white"><b>(read) code of this page</b></font></></a>
</div>
<div align="center" id="headerUNO">
<a href="index.php"><h1>brengla.com</h1></a>
</div>
<div align="center" id="header1">
<a href="ReadMessage.php"><h3>(go) read message</h3></a>
</div>
<div align="center" id="header2">
<a href="WriteMessage.php"><h3>(go) write message</h3></a>
</div>
<div align="center">
<h5>Please do note, that after you have delete your message(s),</br>
they cannot be retrived, this because there is no backup server!</h5>
<form action="DeleteMessageContinue.php" method="POST">
<textarea type="text" cols="30" rows="5" name="NameOfPubKey"
placeholder="Please give the name of the key, of the messages you whish to delete."></textarea></p>
<input type="submit" value="Search Key" style="height:25px; width:150px"></p>
</form>
</div>
</br>
</br>
<div align="center" id="footer3">
<a href="DeleteKeys.php#center"><h3>(go) delete keys</h3></a>
</div>
<div align="center" id="footer2">
<h3>(@) delete message</h3></a>
</div>
<div align="center" id="footer1">
<a href="ProduceEncryptionKeys.php#center"><h3>(go) produce encryption keys</h3></a>
</div>
<div align="center" id="footerUNO">
</br>
copyright, website designed by .......
</br>
</br>
</div>
</body>
</html>
<!-- DeleteMessageContinue.php -->
<!-- This Page Is Ready .................. -->
<?php
/*
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
?>
<!DOCTYPE html>
<html>
<meta charset=utf-8>
<head>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<div align="center" id="headerCODE">
<a href="code/CodeOfDeleteMessage.php#continue"></><font color="white"><b>(read) code of this page</b></font></></a>
</div>
<div align="center" id="headerUNO">
<a href="index.php"><h1>brengla.com</h1></a>
</div>
<div align="center" id="header1">
<a href="ReadMessage.php"><h3>(go) read message</h3></a>
</div>
<div align="center" id="header2">
<a href="WriteMessage.php"><h3>(go) write message</h3></a>
</div>
<div align="center">
</br>
</br>
<?php
ini_set ("display_errors", 1);
error_reporting (E_ALL | E_STRICT);
# Name of public key (i.e., user name) is "set" and verified
# http://php.net/manual/en/function.ctype-alnum.php
if ( !isset($_POST["NameOfPubKey"]) || !ctype_alnum($_POST["NameOfPubKey"]) ) {
header("Location: ProduceEncryptionKeys.php");
# http://stackoverflow.com/questions/1795025/what-are-the-differences-in-die-and-exit-in-php
exit;
} else {
$NameOfPubKey = $_POST["NameOfPubKey"];
$ProceedWithEncryption = true;
}
if ( !file_exists("/var/www/html/pubkey/" . $NameOfPubKey) ) {
echo "The requested key: <h3>>> $NameOfPubKey <<</h3> do not exist</br></br>";
?></br><form>
<button formaction="GoWriteMessage.php" style="height:25px; width:150px">Go Back</button>
</form><?php
$ProceedWithEncryption = false;
} else {
echo "The requested key: <h3>>> $NameOfPubKey <<</h3> is valid</br></br>";
}
?>
<?php if ($ProceedWithEncryption == true) { ?>
<?php $ScanDirResult = scandir("/var/www/html/message");
##############################################
# check if user has any messages available #
foreach ($ScanDirResult as $key => $NameOfMessage) {
# http://php.net/manual/en/function.strrpos.php
$position = strrpos($NameOfMessage, "@");
# http://php.net/manual/en/function.substr.php
$WhoOwnsMessage = substr($NameOfMessage, ($position +1));
if ($WhoOwnsMessage == $NameOfPubKey) {
# a message was found
$MessageFound = true;
}
} // foreach ends
# if $MessageFound = isset; i.e., messages were found
# otherwise the below HTML form will not be published
if ( isset($MessageFound) ) {
?><form action="DeleteMessageDelete.php" method="post">
<b>Please Enter The Appropiet Password</b></p>
<!--
type you password in a secure enviroment, rather than <input type="password">
if there is a malware that reads you password, does it matter if its type="password" or type="text".
-->
<textarea type="password" cols="30" rows="10" name="password"
placeholder="Please give the password for the mentioned key, which after the key and all related messages to it will be deleted."></textarea></p>
<input type="submit" name="Delete" value="Delete Message" style="height:25px; width:150px"></p>
<?php # list messages in html checkbox if $WhoOwnsMessage == $NameOfPubKey
# $ScanDirResult; // the variable is set from earlier
foreach ($ScanDirResult as $key => $NameOfMessage) {
# http://php.net/manual/en/function.strrpos.php
$position = strrpos($NameOfMessage, "@");
# http://php.net/manual/en/function.substr.php
$WhoOwnsMessage = substr($NameOfMessage, ($position +1));
if ($WhoOwnsMessage == $NameOfPubKey) {
echo $NameOfMessage; ?><input type="checkbox" name="MessageToDelete[]" value="<?php echo $NameOfMessage?>"><?php echo "</br>";
}
} // foreach ends
?>
</br>
<input type="hidden" name="NameOfPubKey" value=<?php echo $NameOfPubKey; ?>>
<input type="submit" name="Delete" value="Delete Message" style="height:25px; width:150px"></p>
</form>
<?php
} else { // end of -- isset($MessageFound)
echo "</br><b>But Owns No Messages</b></br></br>";
}
} /* end of -- if ($ProceedWithEncryption == true) */ ?>
</div>
</br>
</br>
<div align="center" id="footer3">
<a href="DeleteKeys.php#center"><h3>(go) delete keys</h3></a>
</div>
<div align="center" id="footer2">
<a href="DeleteMessage.php#center"><h3>(go back) delete message</h3></a>
</div>
<div align="center" id="footer1">
<a href="ProduceEncryptionKeys.php#center"><h3>(go) produce encryption keys</h3></a>
</div>
<div align="center" id="footerUNO">
</br>
copyright, website designed by .......
</br>
</br>
</div>
</body>
</html>
<!-- DeleteMessageDelete.php -->
<!-- This Page Is Ready .................. -->
<?php
/*
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
?>
<!DOCTYPE html>
<html>
<meta charset=utf-8>
<head>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<div align="center" id="headerCODE">
<a href="code/CodeOfDeleteMessage.php#delete"></><font color="white"><b>(read) code of this page</b></font></></a>
</div>
<div align="center" id="headerUNO">
<a href="index.php"><h1>brengla.com</h1></a>
</div>
<div align="center" id="header1">
<a href="ReadMessage.php"><h3>(go) read message</h3></a>
</div>
<div align="center" id="header2">
<a href="WriteMessage.php"><h3>(go) write message</h3></a>
</div>
<div align="center">
</br>
</br>
<?php
ini_set ("display_errors", 1);
error_reporting (E_ALL | E_STRICT);
# DEFINE encryption cipher
define('AES_256_CBC', 'aes-256-cbc');
/* *************************** AES256decryption ******************************** */
function AES256decryption($encrypted, $UserPass)
{
// To decrypt, separate the encrypted data from the initialization vector ($iv)
# http://php.net/manual/en/function.explode.php
$parts = explode(':', $encrypted);
// $parts[0] = encrypted data
// $parts[1] = initialization vector
$decrypted = openssl_decrypt($parts[0], AES_256_CBC, $UserPass, 0, $parts[1]);
return $decrypted;
}
/* ******************************************************************************** */
if ( !isset($_POST["password"]) ) {
header("Location: DeleteMessage.php");
# http://stackoverflow.com/questions/1795025/what-are-the-differences-in-die-and-exit-in-php
exit;
} else {
$password = $_POST["password"];
}
# http://php.net/manual/en/function.ctype-alnum.php
if ( !isset($_POST["NameOfPubKey"]) || !ctype_alnum($_POST["NameOfPubKey"]) ) {
# if ( !isset($_POST["NameOfPubKey"]) ) {
header("Location: DeleteMessage.php");
# http://stackoverflow.com/questions/1795025/what-are-the-differences-in-die-and-exit-in-php
exit;
} else {
$NameOfPubKey = $_POST["NameOfPubKey"];
}
if ( !isset($_POST["MessageToDelete"]) ) {
header("Location: DeleteMessage.php");
# http://stackoverflow.com/questions/1795025/what-are-the-differences-in-die-and-exit-in-php
exit;
} else {
$MessageToDelete = $_POST["MessageToDelete"];
}
# calculate the first quarter of user password
# http://php.net/manual/en/function.substr.php
# http://php.net/manual/en/function.strlen.php
$QuarterPass = substr($password, 0, (strlen($password) / 4));
# NameOfPubKey is always alphanumber and QuarterPass can be any character, in this situation
# username "adam" + password "1234", would be the same as username "ada" + password "m1234"
# but if we put char "#" inbetween, then username adam#1234 is not ada#m1234
$PasswordForHash = $NameOfPubKey . "#" . $QuarterPass;
# search keys in folder
$ScanDirSecKey = scandir("/var/www/html/seckey");
foreach ($ScanDirSecKey as $key => $NameOfSecKey) {
# we need to modifie the filename to its original form (i.e,, hash value)
$NameOfSecKey = str_replace("@", "/", $NameOfSecKey);
# http://php.net/manual/en/function.password-verify.php
if ( password_verify($PasswordForHash, $NameOfSecKey) ) {
# the user has the QuarterPass right
echo "<b>We found your secret key</b></br></br>";
# we need to modifie the filename to its form that it has been saved as
$NameOfSecKey = str_replace("/", "@", $NameOfSecKey);
$SecKeyEncrypted = file_get_contents("/var/www/html/seckey/" . $NameOfSecKey);
# because of break $NameOfSecKey is now the right filename
break;
}
}
# is a if file exists statement needed?
if (file_exists("/var/www/html/seckey/" . $NameOfSecKey)) {
# the user has the QuarterPass right
$SecKeyEncrypted = file_get_contents("/var/www/html/seckey/" . $NameOfSecKey);
}
# decrypt seckey, if decryption fails the return will be false
$SecKeyDecrypted = AES256decryption($SecKeyEncrypted, $password);
# i.e., if $SecKeyDecrypted == true
if ($SecKeyDecrypted) {
# now we can be sure that the user has full password, therefore we have to proceed with deletion
# echo "The following message(s)</br></br>";
foreach ($MessageToDelete as $key => $NameOfMessage) {
if ( file_exists("/var/www/html/message/" . $NameOfMessage) ) {
echo "<b>" . $NameOfMessage . "</b></br>";
unlink("/var/www/html/message/" . $NameOfMessage);
echo "Has been deleted</br></br>";
} else {
echo "We did not find any message(s), no deletation was done.</br>";
echo "(Do not, this message also appears if you have refreshed your browser afer a succefull deletation)";
}
} // foreach ends
# i.e., else (if) $SecKeyDecrypted == false
} else {
echo "<b>Message deletion failed, we assume you gave us a wrong password.</b></br></br>";
}
/* */
?>
</div>
</br>
</br>
<div align="center" id="footer3">
<a href="DeleteKeys.php#center"><h3>(go) delete keys</h3></a>
</div>
<div align="center" id="footer2">
<a href="DeleteMessage.php#center"><h3>(go back) delete message</h3></a>
</div>
<div align="center" id="footer1">
<a href="ProduceEncryptionKeys.php#center"><h3>(go) produce encryption keys</h3></a>
</div>
<div align="center" id="footerUNO">
</br>
copyright, website designed by .......
</br>
</br>
</div>
</body>
</html>