commit 3d9e0c771743e55e171dfb2dad93c7fc1b0b97e3 Author: Luke Ogburn Date: Sat Mar 30 23:03:43 2019 -0400 initial commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b701a72 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +conn.php +.* +!.gitignore diff --git a/enc.php b/enc.php new file mode 100644 index 0000000..60450ed --- /dev/null +++ b/enc.php @@ -0,0 +1,17 @@ + \ No newline at end of file diff --git a/error_log b/error_log new file mode 100644 index 0000000..00b8b0e --- /dev/null +++ b/error_log @@ -0,0 +1,6 @@ +[27-Mar-2019 11:52:42 America/New_York] PHP Notice: Undefined index: 500ID in /home/lukeuxao/public_html/500/global.php on line 12 +[27-Mar-2019 11:52:42 America/New_York] PHP Notice: Undefined index: 500KEY in /home/lukeuxao/public_html/500/global.php on line 13 +[27-Mar-2019 12:19:38 America/New_York] PHP Notice: Undefined index: 500ID in /home/lukeuxao/public_html/500/global.php on line 12 +[27-Mar-2019 12:19:38 America/New_York] PHP Notice: Undefined index: 500KEY in /home/lukeuxao/public_html/500/global.php on line 13 +[29-Mar-2019 13:02:35 America/New_York] PHP Notice: Undefined index: 500ID in /home/lukeuxao/public_html/500/global.php on line 12 +[29-Mar-2019 13:02:35 America/New_York] PHP Notice: Undefined index: 500KEY in /home/lukeuxao/public_html/500/global.php on line 13 diff --git a/global.php b/global.php new file mode 100644 index 0000000..127bc30 --- /dev/null +++ b/global.php @@ -0,0 +1,37 @@ +prepare("SELECT id FROM users WHERE username=:unm"); + $stmt->bindParam(":unm", $current_user); + $stmt->execute(); + $userID = $current_userID = $stmt->fetch(PDO::FETCH_ASSOC)['id']; + + $stmt = $conn->prepare("SELECT token FROM user_tokens WHERE user_id=:usr"); + $stmt->bindParam(":usr", $userID); + $stmt->execute(); + $dbToken = $stmt->fetchAll(PDO::FETCH_ASSOC); + + $userVerified = false; + foreach($dbToken as $token){ + if(password_verify($_COOKIE["500TOKEN"], $token['token'])){ + $userVerified = true; + break; + } + } + + if(!$userVerified){ + header("Location: /500/user/signin.php"); + } + } +?> \ No newline at end of file diff --git a/index.php b/index.php new file mode 100644 index 0000000..2a93cdd --- /dev/null +++ b/index.php @@ -0,0 +1,16 @@ + + + + + + + + + + \ No newline at end of file diff --git a/read/delete.php b/read/delete.php new file mode 100644 index 0000000..d63d1ae --- /dev/null +++ b/read/delete.php @@ -0,0 +1,12 @@ +prepare("DELETE FROM posts WHERE id = :id"); + $stmt->bindParam(":id", $postID); + $stmt->execute(); + + header("Location: /500/read"); + } + +?> \ No newline at end of file diff --git a/read/index.php b/read/index.php new file mode 100644 index 0000000..c1ad134 --- /dev/null +++ b/read/index.php @@ -0,0 +1,23 @@ + + + + + + + + + + \ No newline at end of file diff --git a/read/list.php b/read/list.php new file mode 100644 index 0000000..a3eeb2a --- /dev/null +++ b/read/list.php @@ -0,0 +1,12 @@ +prepare("SELECT * FROM posts WHERE user_id = :usr ORDER BY date DESC"); + $stmt->bindParam(":usr", $current_userID); + $stmt->execute(); + $posts = $stmt->fetchAll(PDO::FETCH_OBJ); + + foreach($posts as $post){ + $link = $post->id; + $date = date("F j, Y", strtotime($post->date)); + echo "

$date

"; + } +?> \ No newline at end of file diff --git a/read/open.php b/read/open.php new file mode 100644 index 0000000..d63603a --- /dev/null +++ b/read/open.php @@ -0,0 +1,31 @@ +
+prepare("SELECT * FROM posts WHERE id = :pid"); + $stmt->bindParam(":pid", $pid); + $stmt->execute(); + $post = $stmt->fetch(PDO::FETCH_OBJ); + + if($current_userID != $post->user_id){ + echo "Hey, that's not your post!"; + exit(); + } + + $text = $post->text; + $iv = $post->iv; + $tag = $post->tag; + $text = decrypt($text, $current_key, $iv, $tag); + + echo "

".date("F j, Y", strtotime($post->date))."

"; + echo "

".str_word_count($text)." words delete

"; + echo "
".$text."
"; +?> +
\ No newline at end of file diff --git a/read/read.css b/read/read.css new file mode 100644 index 0000000..ce47ef1 --- /dev/null +++ b/read/read.css @@ -0,0 +1,21 @@ +h3{ + text-align: center; +} +h3>a.postLink{ + color: var(--main-light-color) !important; + text-decoration: none !important; +} +#open{ + width: 60%; + margin-left: auto; + margin-right: auto; +} +pre{ + font-family: inherit; + font-size: 1em; + white-space: pre-wrap; /* css-3 */ + white-space: -moz-pre-wrap; /* Mozilla, since 1999 */ + white-space: -pre-wrap; /* Opera 4-6 */ + white-space: -o-pre-wrap; /* Opera 7 */ + word-wrap: break-word; /* Internet Explorer 5.5+ */ +} \ No newline at end of file diff --git a/res/global.css b/res/global.css new file mode 100644 index 0000000..3fd1df1 --- /dev/null +++ b/res/global.css @@ -0,0 +1,64 @@ +/* Defining vars */ +:root { + + /* ----------- COLORS ----------- */ + + /* The two dark colors, lighter one second */ + --main-dark-color: #151515; + --main-back-color: #3a3a3a; + + /*The orange-ish pink color*/ + --main-theme-color: #f66e50; + + /* Text color, etc */ + --main-light-color: #dfdfdf; + + + /* ----------- OTHERS ----------- */ + --border-radius: 0.2em; +} + +body{ + font-family: sans-serif; + margin: 0; + background-color: var(--main-dark-color); + color: var(--main-light-color); +} +a{ + color: var(--main-theme-color); +} +button{ + margin-top: 1em; + background-color: var(--main-theme-color); + color: white; + border: none; + border-radius: var(--border-radius); + padding: 0.5em 1em; + cursor: pointer; +} +button[disabled]{ + opacity: 0.6; + cursor: not-allowed; +} +.hoverColor{ + color: var(--main-back-color); + text-decoration: none; +} +.hoverColor:hover{ + color: var(--main-theme-color); +} + +/* Top bar */ +#top{ + display: grid; + grid-template-columns: 5fr repeat(3, 1fr); + background-color: var(--main-theme-color); +} +.topLink{ + text-align: center; + cursor: pointer; + color: white; + text-transform: uppercase; + text-decoration: none; + padding: 0.7em 0; +} \ No newline at end of file diff --git a/res/head.php b/res/head.php new file mode 100644 index 0000000..05dec8e --- /dev/null +++ b/res/head.php @@ -0,0 +1,11 @@ + +<?=$title?> | 500 Words + + + +\n"; + } +?> \ No newline at end of file diff --git a/res/read.php b/res/read.php new file mode 100644 index 0000000..5a756c2 --- /dev/null +++ b/res/read.php @@ -0,0 +1,28 @@ +prepare("SELECT * FROM posts WHERE id = :pid AND user_id = :uid"); + $stmt->bindParam(":pid", $pid); + $stmt->bindParam(":uid", $usr); + $stmt->execute(); + $post = $stmt->fetch(PDO::FETCH_OBJ); + + //make sure the post belongs to the current user + + $stmt = $conn->prepare("SELECT * FROM dec_info WHERE posts_id = :pid"); + $stmt->bindParam(":pid", $pid); + $stmt->execute(); + $dec_info = $stmt->fetch(PDO::FETCH_OBJ); + + $text = $post->text; + $key = $dec_info->enc_key; + $iv = $dec_info->iv; + $tag = $dec_info->tag; + + echo decrypt($text, $key, $iv, $tag); +?> \ No newline at end of file diff --git a/res/skelly.php b/res/skelly.php new file mode 100644 index 0000000..68127fa --- /dev/null +++ b/res/skelly.php @@ -0,0 +1,16 @@ + + + + + + + + + + \ No newline at end of file diff --git a/res/top.php b/res/top.php new file mode 100644 index 0000000..1d2bb4c --- /dev/null +++ b/res/top.php @@ -0,0 +1,6 @@ +
+
+
Write
 +
Read
 +
Settings
 +
\ No newline at end of file diff --git a/user/crtuser.php b/user/crtuser.php new file mode 100644 index 0000000..7c1d9cd --- /dev/null +++ b/user/crtuser.php @@ -0,0 +1,59 @@ +prepare("SELECT * FROM users WHERE username=:usr"); + $stmt->bindParam(":usr", $user); + $stmt->execute(); + $array = $stmt->fetch(PDO::FETCH_ASSOC); + if($array != ""){ + header('Location: signup.php?userexists=true'); + }else{ + //setting some vars + $user = $_POST['username']; + $plainTextPass = $_POST['password']; + $pass = password_hash($plainTextPass, PASSWORD_DEFAULT); + $key = bin2hex(openssl_random_pseudo_bytes(rand(100, 300))); + $plaintextKey = $key; + $enc = encrypt($key, $plainTextPass); + $key = $enc[0]; + $iv = $enc[1]; + $tag = $enc[2]; + + //inserting the new user + $stmt = $conn->prepare("INSERT INTO users (username, password, enc_key, enc_iv, enc_tag) VALUES (:unm, :psw, :key, :iv, :tag)"); + $stmt->bindParam(":unm", $user); + $stmt->bindParam(":psw", $pass); + $stmt->bindParam(":key", $key); + $stmt->bindParam(":iv", $iv); + $stmt->bindParam(":tag", $tag); + $stmt->execute(); + + $cstrong = true; + $unhashedToken = bin2hex(openssl_random_pseudo_bytes(64, $cstrong)); + $token = password_hash($unhashedToken, PASSWORD_DEFAULT); + $time = $cookietime = time() + (60*60*24*30); + + $stmt = $conn->prepare("SELECT id FROM users WHERE username = :usr"); + $stmt->bindParam(":usr", $user); + $stmt->execute(); + $res = $stmt->fetch(PDO::FETCH_ASSOC); + $userID = $res['id']; + + $time = date("Y-m-d G:i:s", $time); //for the sql + $stmt = $conn->prepare("INSERT INTO user_tokens (token, user_id, expires) VALUES (:tkn, :usr, :exp)"); + $stmt->bindParam(":tkn", $token); + $stmt->bindParam(":usr", $userID); + $stmt->bindParam(":exp", $time); + $stmt->execute(); + + setcookie("500TOKEN", $unhashedToken, $cookietime, "/500", NULL, true, true); + setcookie("500ID", $user, $cookietime, "/500", NULL, true, true); + setcookie("500KEY", $plaintextKey, $cookietime, "/500", NULL, true, true); + + header("Location: /500/write"); + } +?> \ No newline at end of file diff --git a/user/index.php b/user/index.php new file mode 100644 index 0000000..bdf3073 --- /dev/null +++ b/user/index.php @@ -0,0 +1,32 @@ + + + + + + + + +

+ prepare("SELECT COUNT(id) FROM posts WHERE user_id = :usr"); + $stmt->bindParam(":usr", $current_userID); + $stmt->execute(); + $res = $stmt->fetch(PDO::FETCH_ASSOC); + $times = $res["COUNT(id)"]; + if($times == 1){ + $times = "once"; + }else{ + $times = $times." times"; + } + ?> +

You have written so far.

+ Switch accounts
+ Log out + + \ No newline at end of file diff --git a/user/policy.php b/user/policy.php new file mode 100644 index 0000000..104b1bf --- /dev/null +++ b/user/policy.php @@ -0,0 +1,32 @@ + + + + + + + +

PRIVACY POLICY

+

By signing up, you agree that that data collected, outlined below, may be processed as stated below.

+ +

Data that may be collected:

+ + +

How your data is used

+

+ Your writings are encrypted with a two-way encryption method. This means that they can be decrypted, which allows you to view them whenever you want. Your password is used to encrypt a randomly-generated key, which in turn encrypts your data. Since your password is encrypted with a one-way encryption method, no-one can decrypt it. The only way to find your password is to guess it. By encrypting this way, all data is securely stored and only someone who knows your password can read your data.

+ Your IP address and time zone are only used to verify your login patterns in order to prevent hacking. If you login from the US and then from Russia within two seconds, something's up. However, no-one needs to know where your logging in from, only if it's near where you were before. Because of this, the information is encrypted so that it can be checked for similarity, but not understood. +

+ + \ No newline at end of file diff --git a/user/pwdchk.php b/user/pwdchk.php new file mode 100644 index 0000000..71d3739 --- /dev/null +++ b/user/pwdchk.php @@ -0,0 +1,42 @@ +prepare("SELECT * FROM users WHERE username=:unm"); + $stmt->bindParam(":unm", $user); + $stmt->execute(); + $array = $stmt->fetch(PDO::FETCH_ASSOC); + $hashedPass = $array['password']; + $userID = $array['id']; + + //checking password, starting session, redirecting + if(password_verify($formPass, $hashedPass)){ + $cstrong = true; + $unhashedToken = bin2hex(openssl_random_pseudo_bytes(64, $cstrong)); + $token = password_hash($unhashedToken, PASSWORD_DEFAULT); + $time = time() + (60*60*24*30); + $plaintextKey = decrypt($array["enc_key"], $formPass, $array["enc_iv"], $array["enc_tag"]); + + setcookie("500TOKEN", $unhashedToken, $time, "/500", NULL, true, true); + setcookie("500ID", $user, $time, "/500", NULL, true, true); + setcookie("500KEY", $plaintextKey, $time, "/500", NULL, true, true); + + $time = date("Y-m-d G:i:s", $time); //for the sql + $stmt = $conn->prepare("INSERT INTO user_tokens (token, user_id, expires) VALUES (:tkn, :usr, :exp)"); + $stmt->bindParam(":tkn", $token); + $stmt->bindParam(":usr", $userID); + $stmt->bindParam(":exp", $time); + $stmt->execute(); + + header("Location: /500/write"); + }else{ + header("Location: signin.php?usrpass=inc"); + } +?> \ No newline at end of file diff --git a/user/sign.css b/user/sign.css new file mode 100644 index 0000000..7b3f7a9 --- /dev/null +++ b/user/sign.css @@ -0,0 +1,66 @@ +body{ + margin: 0; +} + +#formWrapper{ + margin-top: 10vh; + align-content: center; + text-align: center; +} +form{ + display: inline-block; + padding: 2em 6em; + border: 1px solid #333; + border-radius: var(--border-radius); + margin-left: auto; + margin-right: auto; +} +input[type=text], input[type=password]{ + border: 0px; + border-radius: var(--border-radius); + margin-bottom: 2px; + padding: 3px 6px; + background-color: var(--main-back-color); + color: var(--main-light-color); +} +input[type=text]:hover, input[type=password]:hover{ + border-bottom: 1px solid var(--main-theme-color); + margin-bottom: 1px; +} +input[type=text]:focus, input[type=password]:focus{ + border-bottom: 2px solid var(--main-theme-color); + margin-bottom: 0; +} +button[type=submit]{ + margin-top: 1em; + background-color: var(--main-theme-color); + color: white; + border: none; + border-radius: var(--border-radius); + padding: 0.5em 1em; + cursor: pointer; +} + +/* Cookie banner */ +#cookie{ + display: none; +} +label[for=cookie]{ + cursor: pointer; + border-bottom: 1px solid var(--main-light-color); +} +#cookie:checked+#cookies{ + display: none; +} +#cookies{ + font-family: sans-serif; + font-size: 1em; + display: block; + background-color: var(--main-theme-color); + color: var(--main-light-color); + text-align: center; + position: absolute; + bottom: 0; + width: 100%; + padding-bottom: 1em; +} \ No newline at end of file diff --git a/user/signin.php b/user/signin.php new file mode 100644 index 0000000..1272d0c --- /dev/null +++ b/user/signin.php @@ -0,0 +1,40 @@ +Incorrect username or password
"; + }else{ + $note = ""; + } +?> + + + + + + +
+
+

SIGN IN

+

Username:

+ +

Password:

+
+ +
+

Need an account? Sign up.

+
+
+ +
+

This site uses cookies to keep you logged in and for encryption purposes.
+ By signing in to this website, you agree to the usage of these cookies.
+ Cookies are not used for any other reasons than stated above.

+ +
+ + \ No newline at end of file diff --git a/user/signout.php b/user/signout.php new file mode 100644 index 0000000..5adc0f7 --- /dev/null +++ b/user/signout.php @@ -0,0 +1,7 @@ + \ No newline at end of file diff --git a/user/signup.php b/user/signup.php new file mode 100644 index 0000000..e155cbf --- /dev/null +++ b/user/signup.php @@ -0,0 +1,40 @@ +That username is already in use.
Please choose another.
"; + }else{ + $note = ""; + } +?> + + + + + + +
+
+

SIGN UP

+

Username:

+ + +

Password:

+
+
+

Have an account? Sign in.

+
+
+ +
+

This site uses cookies to keep you logged in and for encryption purposes.
+ By signing up for this website, you agree to the usage of these cookies.
+ Cookies are not used for any other reasons than stated above.

+ +
+ + \ No newline at end of file diff --git a/write/error_log b/write/error_log new file mode 100644 index 0000000..8f3dfff --- /dev/null +++ b/write/error_log @@ -0,0 +1,2 @@ +[29-Mar-2019 13:05:44 America/New_York] PHP Notice: Undefined index: 500ID in /home/lukeuxao/public_html/500/global.php on line 12 +[29-Mar-2019 13:05:44 America/New_York] PHP Notice: Undefined index: 500KEY in /home/lukeuxao/public_html/500/global.php on line 13 diff --git a/write/fork.php b/write/fork.php new file mode 100644 index 0000000..164da79 --- /dev/null +++ b/write/fork.php @@ -0,0 +1,32 @@ +) + $place = $_POST["submit"]; + + //The functions of this page are at the bottom so that the HTML will show (no idea if that actually works, but I think it has in the past so) +?> + + + + + + +

Your secrets are safe here.

+ 
+      
+
+ + + \ No newline at end of file diff --git a/write/index.php b/write/index.php new file mode 100644 index 0000000..0bc31ee --- /dev/null +++ b/write/index.php @@ -0,0 +1,40 @@ + + + + + + + + + +
+

500

+ +
+ + +
+
+ + \ No newline at end of file diff --git a/write/save.php b/write/save.php new file mode 100644 index 0000000..7b1518e --- /dev/null +++ b/write/save.php @@ -0,0 +1 @@ +You are in save.php \ No newline at end of file diff --git a/write/submit.php b/write/submit.php new file mode 100644 index 0000000..604f345 --- /dev/null +++ b/write/submit.php @@ -0,0 +1,15 @@ +prepare("INSERT INTO posts (id, user_id, text, iv, tag) VALUES (:id, :uid, :txt, :iv, :tag)"); + $stmt->bindParam(":id", $postID); + $stmt->bindParam(":uid", $current_userID); + $stmt->bindParam(":txt", $enc[0]); + $stmt->bindParam(":iv", $enc[1]); + $stmt->bindParam(":tag", $enc[2]); + $stmt->execute(); + + header("Location: /500/read/?post=".$postID); +?> \ No newline at end of file diff --git a/write/write.css b/write/write.css new file mode 100644 index 0000000..5866784 --- /dev/null +++ b/write/write.css @@ -0,0 +1,29 @@ +textarea{ + display: block; + width: 60%; + height: calc(100vh - (1em + 1.4em + 4.5em + 2.5em) - 5em); + margin-left: auto; + margin-right: auto; + background-color: var(--main-back-color); + color: var(--main-light-color); + border: none; + resize: none; + font-family: inherit; + font-size: 1em; + padding: 1em 0.5em; + border-radius: var(--border-radius); +} +#writeButtons{ + display: grid; + grid-template-columns: 1fr 1fr; + grid-gap: 1em; + width: 20%; + margin-top: 0.7em; + margin-left: auto; + margin-right: auto; +} +#counter{ + text-align: center; + color: var(--main-light-color); + font-weight: 500; +} \ No newline at end of file