add openssl function

621e34bc · Suriya Ravichandran · b1ad4035 · b1ad4035 · 621e34bc · 621e34bc
Commit 621e34bc authored 1 year ago by Suriya Ravichandran
--- a/assets/images/profile.jpg
+++ b/assets/images/profile.jpg
--- a/php/data.php
+++ b/php/data.php
-<?php 
-    while($row = mysqli_fetch_assoc($sql)){
-        $sql2 = "SELECT * FROM messages WHERE (incoming_msg_id = {$row['unique_id']}
-        OR outgoing_msg_id = {$row['unique_id']}) AND (outgoing_msg_id = {$outgoing_id}
-        OR incoming_msg_id = {$outgoing_id}) ORDER BY msg_id DESC LIMIT 1";
-        $query2 = mysqli_query($conn, $sql2);
-        $row2 = mysqli_fetch_assoc($query2);
-        
-        $you = "";
-        if ($row2 && isset($row2['outgoing_msg_id'])) {
-            $result = $row2['msg'];
-            // adding your text before msg if login id send msg
-            $you = ($outgoing_id == $row2['outgoing_msg_id']) ? "You: " : "";
-        } else {
-            $result = "No message available";
-        }
-        
-        (strlen($result) > 28) ? $msg = substr($result, 0, 28).'...' : $msg = $result;
-        #check user online or offline
-        ($row['status'] == "Offline now") ? $offline = "offline" : $offline = "";
-
-        
-        $output .= '<a href="chat.php?user_id='.$row['unique_id'].'">
-             <div class="content">
-             <img src="php/images/'. $row['img'] .'" alt="">
-             <div class="details">
-                 <span>'. $row['fname']." ".$row['lname'] .'</span>
-                 <p>'. $you . $msg .'</p>
-             </div>
-             </div>
-             <!--div class="status-dot '. $offline .'"><i class="fas fa-circle"></i></div-->
-             </a>';
+<?php
+
+include_once "key/key.php"; // Include the configuration file
+
+while ($row = mysqli_fetch_assoc($sql)) {
+    $sql2 = "SELECT * FROM messages WHERE (incoming_msg_id = {$row['unique_id']}
+    OR outgoing_msg_id = {$row['unique_id']}) AND (outgoing_msg_id = {$outgoing_id}
+    OR incoming_msg_id = {$outgoing_id}) ORDER BY msg_id DESC LIMIT 1";
+    $query2 = mysqli_query($conn, $sql2);
+    $row2 = mysqli_fetch_assoc($query2);
+
+    $you = "";
+    if ($row2 && isset($row2['outgoing_msg_id'])) {
+        // Decrypt the message before displaying it
+        $decrypted_message = decryptMessage($row2['msg'], $encryptionKey);
+
+        // Adding your text before msg if login id sent the msg
+        $you = ($outgoing_id == $row2['outgoing_msg_id']) ? "You: " : "";
+    } else {
+        $decrypted_message = "No message available";
    }
+
+    // Truncate the message for display
+    $msg = (strlen($decrypted_message) > 28) ? substr($decrypted_message, 0, 28).'...' : $decrypted_message;
+
+    // Check user online or offline
+    $offline = ($row['status'] == "Offline now") ? "offline" : "";
+
+    $output .= '<a href="chat.php?user_id='.$row['unique_id'].'">
+         <div class="content">
+         <img src="php/images/'. $row['img'] .'" alt="">
+         <div class="details">
+             <span>'. $row['fname']." ".$row['lname'] .'</span>
+             <p>'. $you . $msg .'</p>
+         </div>
+         </div>
+         <!--div class="status-dot '. $offline .'"><i class="fas fa-circle"></i></div-->
+         </a>';
+}
+
+// Function to decrypt a message using OpenSSL
+function decryptMessage($encrypted_message, $encryptionKey)
+{
+    // Split IV and encrypted message
+    $data = base64_decode($encrypted_message);
+    $iv = substr($data, 0, 16);
+    $encrypted_message = substr($data, 16);
+
+    return openssl_decrypt($encrypted_message, 'aes-256-cbc', $encryptionKey, 0, $iv);
+}
 ?>
--- a/php/get-chat.php
+++ b/php/get-chat.php
-<?php 
-    session_start();
-    if(isset($_SESSION['unique_id'])){
-        include_once "config.php";
-        $outgoing_id = mysqli_real_escape_string($conn, $_POST['outgoing_id']);
-        $incoming_id = mysqli_real_escape_string($conn, $_POST['incoming_id']);
-        $output = "";
+<?php
+// get-chat.php
+session_start();
+include_once "key/key.php"; // Include the configuration file

-        $sql = "SELECT * FROM messages
-        LEFT JOIN users ON users.unique_id = messages.outgoing_msg_id 
-        WHERE (outgoing_msg_id = {$outgoing_id} AND incoming_msg_id = {$incoming_id})
-        OR (outgoing_msg_id = {$incoming_id} AND incoming_msg_id = {$outgoing_id}) ORDER BY msg_id ";//ASC";
+if (isset($_SESSION['unique_id'])) {
+    include_once "config.php";
+    $outgoing_id = mysqli_real_escape_string($conn, $_POST['outgoing_id']);
+    $incoming_id = mysqli_real_escape_string($conn, $_POST['incoming_id']);
+    $output = "";

-        $query = mysqli_query($conn, $sql);
-        if(mysqli_num_rows($query) > 0){
-            while($row = mysqli_fetch_assoc($query)){
-                if($row['outgoing_msg_id'] === $outgoing_id){
-                    $output .='<div class="chat-outgoing">
+    $sql = "SELECT * FROM messages
+    LEFT JOIN users ON users.unique_id = messages.outgoing_msg_id 
+    WHERE (outgoing_msg_id = {$outgoing_id} AND incoming_msg_id = {$incoming_id})
+    OR (outgoing_msg_id = {$incoming_id} AND incoming_msg_id = {$outgoing_id}) ORDER BY msg_id ";//ASC";
+
+    $query = mysqli_query($conn, $sql);
+    if (mysqli_num_rows($query) > 0) {
+        while ($row = mysqli_fetch_assoc($query)) {
+            // Decrypt the message before displaying it
+            $decrypted_message = decryptMessage($row['msg'], $encryptionKey);
+            
+            if ($row['outgoing_msg_id'] === $outgoing_id) {
+                $output .= '<div class="chat-outgoing">
                               <div class="details">
-                                   <p>'. $row['msg'] .'</p>
+                                   <p>' . $decrypted_message . '</p>
                               </div>
-                               </div>';
-                }else{//he is a msg receiver
-                    $output .='<div class="chat-incoming">
-                               <img src="php/images/'. $row['img'] .'" alt="">
+                           </div>';
+            } else {
+                // he is a message receiver
+                $output .= '<div class="chat-incoming">
+                               <img src="php/images/' . $row['img'] . '" alt="">
                               <div class="details">
-                                   <p>'. $row['msg'] .'</p>
+                                   <p>' . $decrypted_message . '</p>
                               </div>
-                               </div>';
-
-                }
+                           </div>';
            }
-            echo $output;
        }
-    }else{
-        header("../login.php");
+        echo $output;
    }
-?>
\ No newline at end of file
+} else {
+    header("Location: ../login.php"); // Fix the header function call
+}
+
+// Function to decrypt a message using OpenSSL
+function decryptMessage($encrypted_message, $encryptionKey)
+{
+    // Split IV and encrypted message
+    $data = base64_decode($encrypted_message);
+    $iv = substr($data, 0, 16);
+    $encrypted_message = substr($data, 16);
+
+    return openssl_decrypt($encrypted_message, 'aes-256-cbc', $encryptionKey, 0, $iv);
+}
+?>
--- a/php/images/1705491226LINUX.jpg
+++ b/php/images/1705491226LINUX.jpg
--- a/php/insert-chat.php
+++ b/php/insert-chat.php
-<?php 
-    session_start();
-    if(isset($_SESSION['unique_id'])){
-        include_once "config.php";
-        $outgoing_id = mysqli_real_escape_string($conn, $_POST['outgoing_id']);
-        $incoming_id = mysqli_real_escape_string($conn, $_POST['incoming_id']);
-        $message = mysqli_real_escape_string($conn, $_POST['message']);
+<?php
+// insert-chat.php
+session_start();
+include_once "key/key.php"; // Include the configuration file

-        if(!empty($message)){
-            $sql = mysqli_query($conn, "INSERT INTO messages (incoming_msg_id, outgoing_msg_id, msg)
-                                VALUES ({$incoming_id}, {$outgoing_id}, '{$message}')") or die();
-        }
-    }else{
-        header("../login.php");
+if (isset($_SESSION['unique_id'])) {
+    include_once "config.php";
+    $outgoing_id = mysqli_real_escape_string($conn, $_POST['outgoing_id']);
+    $incoming_id = mysqli_real_escape_string($conn, $_POST['incoming_id']);
+    $message = mysqli_real_escape_string($conn, $_POST['message']);
+
+    // Encrypt the message before inserting it into the database
+    $encrypted_message = encryptMessage($message, $encryptionKey);
+
+    if (!empty($message)) {
+        $sql = mysqli_query($conn, "INSERT INTO messages (incoming_msg_id, outgoing_msg_id, msg)
+                            VALUES ({$incoming_id}, {$outgoing_id}, '{$encrypted_message}')") or die();
    }
-?>
\ No newline at end of file
+} else {
+    header("Location: ../login.php"); // Fix the header function call
+}
+
+// Function to encrypt a message using OpenSSL
+function encryptMessage($message, $encryptionKey)
+{
+    $iv = random_bytes(16); // Generate a random IV (Initialization Vector)
+
+    $encrypted_message = openssl_encrypt($message, 'aes-256-cbc', $encryptionKey, 0, $iv);
+
+    // Combine IV and encrypted message for storage
+    return base64_encode($iv . $encrypted_message);
+}
+?>
--- a/php/key/key.php
+++ b/php/key/key.php
@@ -2,5 +2,5 @@
 // config.php

 $encryptionKey = '9699681037eb5fae39b2262d1892bf7ce1497e9e5b1f4e5e4a122ae3d5d964a5';
-$encryptionIV = '9f6377ecc30273a8d';
+
 ?>
--- a/php/key/key_gen.py
+++ b/php/key/key_gen.py
@@ -18,15 +18,6 @@ def generate_secret_key():
    key = kdf.derive(b'gochatwebapplicationkey')  # Replace 'your_passphrase' with a strong passphrase

    return key
-
-def generate_iv():
-    # Generate a random IV (Initialization Vector)
-    iv = os.urandom(16)
-    return iv
-
 # Example of usage
 secret_key = generate_secret_key()
-iv = generate_iv()
-
 print("Secret Key:", secret_key.hex())
-print("IV:", iv.hex())