Source Code:ReadMessage.php
<!-- ReadMessage.php -->
<!-- This Page Is Ready .................. -->
<?php
/*
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
?>
<!DOCTYPE html>
<html>
<meta charset=utf-8>
<head>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<div align="center" id="headerCODE">
<a href="code/CodeOfReadMessage.php"></><font color="white"><b>(read) code of this page</b></font></></a>
</div>
<div align="center" id="headerUNO">
<a href="index.php"><h1>brengla.com</h1></a>
</div>
<div align="center" id="header1">
<h3>(@) read message</h3>
<!-- <h4>(go) source code</h4> -->
</div>
<div align="center" id="header2">
<a href="WriteMessage.php"><h3>(go) write message</h3></a>
</div>
<div align="center">
<!-- HTML form to get user name, i.e., name of public key -->
<form action="ReadMessageRead.php" method="post" maxlength="77">
<h2>Search For Your Key:</h2></p>
<textarea type="text" cols="30" rows="5" name="NameOfPubKey"
placeholder="What is the name of your public key?"></textarea></p>
<input type="submit" name="submit" value="Search For Public Key" style="height:25px; width:150px"></p>
</form>
</div>
</br>
</br>
<div align="center" id="footer3">
<a href="DeleteKeys.php#center"><h3>(go) delete keys</h3></a>
</div>
<div align="center" id="footer2">
<a href="DeleteMessage.php#center"><h3>(go) delete message</h3></a>
</div>
<div align="center" id="footer1">
<a href="ProduceEncryptionKeys.php#center"><h3>(go) produce encryption keys</h3></a>
</div>
<div align="center" id="footerUNO">
</br>
copyright, website designed by .......
</br>
</br>
</div>
</body>
</html>
<!-- ReadMessageRead.php -->
<!-- This Page Is Ready .................. -->
<?php
/*
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
?>
<!DOCTYPE html>
<html>
<meta charset=utf-8>
<head>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<div align="center" id="headerCODE">
<a href="code/CodeOfReadMessage.php#read"></><font color="white"><b>(read) code of this page</b></font></></a>
</div>
<div align="center" id="headerUNO">
<a href="index.php"><h1>brengla.com</h1></a>
</div>
<div align="center" id="header1">
<a href="ReadMessage.php"><h3>(go back) read message</h3></a>
</div>
<div align="center" id="header2">
<a href="WriteMessage.php"><h3>(go) write message</h3></a>
</div>
</br>
<div align="center">
<?php
ini_set ("display_errors", 1);
error_reporting (E_ALL | E_STRICT);
# trim($_POST["password"]) == '') not needed
#http://php.net/manual/en/function.ctype-alnum.php
if ( !isset($_POST["NameOfPubKey"]) || !ctype_alnum($_POST["NameOfPubKey"]) ) {
header("Location: ReadMessage.php");
# http://stackoverflow.com/questions/1795025/what-are-the-differences-in-die-and-exit-in-php
exit;
} else {
$NameOfPubKey = $_POST["NameOfPubKey"];
}
# check if public key exists or not
if ( !file_exists("/var/www/html/pubkey/" . $NameOfPubKey) ) {
echo "The requested key: <h3>>> $NameOfPubKey <<</h3> do not exist</br></br>";
?><form></br>
<button formaction="ReadMessage.php" style="height:25px; width:150px">Go Back</button>
</form><?php
# super else stament of this page begins
} else {
echo "The requested key: <h3>>> $NameOfPubKey <<</h3> is valid</br>";
# This result will be looped in the html checkbox form
$ScanDirResult = scandir("/var/www/html/message");
# krsort allows scandir values to be returned in chronological order, where newest is first and oldest last
# http://php.net/manual/en/function.krsort.php
krsort($ScanDirResult);
# check if user has any messages available #
foreach ($ScanDirResult as $key => $NameOfMessage) {
# http://php.net/manual/en/function.strrpos.php
$position = strrpos($NameOfMessage, "@");
# http://php.net/manual/en/function.substr.php
$WhoOwnsMessage = substr($NameOfMessage, ($position +1));
if ($WhoOwnsMessage == $NameOfPubKey) {
# variable to be used in future if statement
$MessageFound = true;
}
} // foreach ends
# if $MessageFound is set (isset(x)); i.e., messages were found
# otherwise the below HTML form wil not be published
if ( isset($MessageFound) ) {
?>
</br>
<form action="ReadMessageDecrypt.php" method="POST">
<h3>Password:</h3>
<!--type you password in a secure enviroment, rather than <input type="password"> -->
<!--if there is a malware that reads you password, does it matter if its type="password" or type="text". -->
<textarea type="password" cols="30" rows="10" name="password"
placeholder="Please enter your password here."></textarea></p>
<input type="submit" name="SelectMessages[]" value="Select Message(s)" style="height:25px; width:150px"></p>
<?php
# $ScanDirResult; // the variable is set from earlier
foreach ($ScanDirResult as $key => $NameOfMessage) {
# http://php.net/manual/en/function.strrpos.php
$position = strrpos($NameOfMessage, "@");
# http://php.net/manual/en/function.substr.php
$WhoOwnsMessage = substr($NameOfMessage, ($position +1));
if ($WhoOwnsMessage == $NameOfPubKey) {
echo $NameOfMessage; ?><input type="checkbox" name="message[]" value="<?php echo $NameOfMessage?>"><?php echo "</br>";
}
} // foreach ends
?>
</br><input type="submit" value="Select Message(s)" style="height:25px; width:150px"></p>
</form>
<?php # else (if) !$NoMessageFound = false, i.e., $NoMessage is false is false
} else {
echo "</br><b>But No Messages Found</b></br></br>";
}
} # end of, else for ( !file_exists("/var/www/html/pubkey/" . $NameOfPubKey) )
/* */
?>
</div>
</br>
</br>
</br>
<div align="center" id="footer3">
<a href="DeleteKeys.php#center"><h3>(go) delete keys</h3></a>
</div>
<div align="center" id="footer2">
<a href="DeleteMessage.php#center"><h3>(go) delete message</h3></a>
</div>
<div align="center" id="footer1">
<a href="ProduceEncryptionKeys.php#center"><h3>(go) produce encryption keys</h3></a>
</div>
<div align="center" id="footerUNO">
</br>
copyright, website designed by .......
</br>
</br>
</div>
</body>
</html>
<!-- ReadMessageDecrypt.php -->
<!-- This Page Is Ready .................. -->
<?php
/*
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
?>
<!DOCTYPE html>
<html>
<meta charset=utf-8>
<head>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<div align="center" id="headerCODE">
<a href="code/CodeOfReadMessage.php#decrypt"></><font color="white"><b>(read) code of this page</b></font></></a>
</div>
<div align="center" id="headerUNO">
<a href="index.php"><h1>brengla.com</h1></a>
</div>
<div align="center" id="header1">
<a href="ReadMessage.php"><h3>(go back) read message</h3></a>
</div>
<div align="center" id="header2">
<a href="WriteMessage.php"><h3>(go) write message</h3></a>
</div>
<div align="center">
</br>
</br>
<?php
ini_set ("display_errors", 1);
error_reporting (E_ALL | E_STRICT);
# DEFINE encryption cipher
define('AES_256_CBC', 'aes-256-cbc');
/**************************** AES256decryption *********************************/
function AES256decryption($encrypted, $UsPass)
{
// To decrypt, separate the encrypted data from the initialization vector ($iv)
# http://php.net/manual/en/function.explode.php
$parts = explode(':', $encrypted);
// $parts[0] = encrypted data
// $parts[1] = initialization vector
$decrypted = openssl_decrypt($parts[0], AES_256_CBC, $UsPass, 0, $parts[1]);
return $decrypted;
}
/* *********************** Produce Filename For seckey *************************** */
if (isset($_POST["message"])) {
# do note that $message is an array
$message = $_POST["message"];
} else {
$message = false;
?> <!-- Begin of HTML -->
<h3>No messages Selected!</h3>
<form method="get" action="ReadMessage.php">
<button type="submit" style="height:25px; width:150px">Go Back</button>
</form>
<?php } // end of else
if ( isset($_POST["password"]) ) {
$password = $_POST["password"];
} else {
$password = false;
header("Location: ReadMessage.php");
# http://stackoverflow.com/questions/1795025/what-are-the-differences-in-die-and-exit-in-php
exit;
}
# do note that $message is an array
# if message == true, we start the encryption process #
if ($message) { // if (+a1)
# again $message is an array, an now we retrive its first value
$FirstFile = $message[0];
# searching for the user name,
# http://php.net/manual/en/function.strpos.php
$position = strpos($FirstFile, "@");
# http://php.net/manual/en/function.substr.php
$NameOfPubKey = substr($FirstFile, ($position +1));
# http://php.net/manual/en/function.strlen.php
$QuarterPass = substr($password, 0, (strlen($password) / 4));
# NameOfPubKey is always alphanumber and QuarterPass can be any character, in this situation
# username "adam" + password "1234", would be the same as username "ada" + password "m1234"
# but if input char "#" inbetween, then username adam#1234 is not ada#m1234
$PasswordForHash = $NameOfPubKey . "#" . $QuarterPass;
# search keys in folder
$ScanDirSecKey = scandir("/var/www/html/seckey");
foreach ($ScanDirSecKey as $key => $NameOfSecKey) {
# we need to modifie the filename to its original form (i.e,, hash value)
$NameOfSecKey = str_replace("@", "/", $NameOfSecKey);
# http://php.net/manual/en/function.password-verify.php
if ( password_verify($PasswordForHash, $NameOfSecKey) ) {
# the user has the QuarterPass right
#echo "<b>We found your secret key</b></br>";
# we need to modifie the filename to its form that it has been saved as
$NameOfSecKey = str_replace("/", "@", $NameOfSecKey);
$SecKeyEncrypted = file_get_contents("/var/www/html/seckey/" . $NameOfSecKey);
# because of break $NameOfSecKey is now the right filename
break;
}
}
/* ************ begin of decryption ******************* */
# Retrive secret key
#$NameOfSecKey = ProduceFilenameForSeckey($NameOfPubKey, $QuarterPass);
$SecKeyEncrypted = file_get_contents("/var/www/html/seckey/" . $NameOfSecKey);
# we decrypt the secret key here
$SecKeyDecrypted = AES256decryption($SecKeyEncrypted, $password);
# now we loop through the array $message, and decrypt all its values (of course with the help of file_get_contents)
foreach ($message as $key => $NameOfMessage) { // foreach begin
$EncryptedMessage = file_get_contents("/var/www/html/message/" . $NameOfMessage);
#openssl_private_decrypt(input, ouput, key)
openssl_private_decrypt($EncryptedMessage, $DecMess, $SecKeyDecrypted);
echo "<b>" . $NameOfMessage . "</b></br>";
# if decryption was sucessefull, then do
if ($DecMess) {
echo $DecMess . "</br></br>";
$DecryptionSucesse = true;
} else {
echo "Decryption failed, we assume because of wrong password.</br></br>";
$DecryptionSucesse = false;
# break;
}
} // foreach ends
# if DecryptionSucesse == false (and) message == true
if (!$DecryptionSucesse && $message) {
?><form method="get" action="ReadMessage.php">
<button type="submit" style="height:25px; width:150px">Go Back</button>
</form><?php
}
} // if (-a1)
?>
</br>
</br>
<div align="center" id="footer3">
<a href="DeleteKeys.php#center"><h3>(go) delete keys</h3></a>
</div>
<div align="center" id="footer2">
<a href="DeleteMessage.php#center"><h3>(go) delete message</h3></a>
</div>
<div align="center" id="footer1">
<a href="ProduceEncryptionKeys.php#center"><h3>(go) produce encryption keys</h3></a>
</div>
<div align="center" id="footerUNO">
</br>
copyright, website designed by .......
</br>
</br>
</div>
</body>
</html>