diff options
| author | Erich Eckner <git@eckner.net> | 2023-05-16 20:22:36 +0200 |
|---|---|---|
| committer | Erich Eckner <git@eckner.net> | 2023-05-16 20:27:32 +0200 |
| commit | 9590502b7368ad39335032114210db861ba4017d (patch) | |
| tree | 4a4d451b806a74e8f5ef8c34e2961c68219d89b4 | |
| parent | 712a4aa946180f1e3a4c1fe1b7e7954ffa4d89df (diff) | |
| download | mocp-web-9590502b7368ad39335032114210db861ba4017d.tar.xz | |
access-restriction.php new, do not commit keys
| -rw-r--r-- | access-restriction.php | 62 | ||||
| -rw-r--r-- | genkey.html | 4 | ||||
| -rw-r--r-- | index.php | 58 |
3 files changed, 65 insertions, 59 deletions
diff --git a/access-restriction.php b/access-restriction.php new file mode 100644 index 0000000..92049bc --- /dev/null +++ b/access-restriction.php @@ -0,0 +1,62 @@ +<?php + +$keyFile = fopen("../key.ed25519", "r"); +if ($keyFile === false) + die(); +$privKey = trim(fgets($keyFile)); +$pubKey = trim(fgets($keyFile)); +fclose($keyFile); + +function client_identifier() { + return $_SERVER['SERVER_ADDR'] . " " . $_SERVER['REMOTE_ADDR'] . " " . $_SERVER['REMOTE_PORT']; +} + +function zugriff_erlaubt() { + global $pubKey; + if (!(preg_match("/^192\.168\.[01]\.3$/", $_SERVER["REMOTE_ADDR"]) == 1)) + return true; + if (array_key_exists('key',$_GET)) { + $pubKey = hex2bin($pubKey); + return sodium_crypto_sign_open(hex2bin($_GET["key"]), $pubKey) == client_identifier(); + } + return false; +} + +function attach_key($delimiter = '&') { + if (!array_key_exists('key', $_GET)) + return; + print $delimiter . 'key=' . $_GET['key']; +} + +if (!zugriff_erlaubt()) { +?> +<html> +<head> + <script src="/encrypt_key.js"></script> + <script> + window.sodium = { + onload: function (sodium) { + var sodium = sodium; + } + }; + function update_key(form) { + privateKey = "<?php echo $privKey; ?>"; + privateKey = encrypt_private_key(form.password.value, privateKey); + privateKey = sodium.from_hex(privateKey); + let msg = sodium.crypto_sign("<?php print client_identifier(); ?>", privateKey); + form.key.value = sodium.to_hex(msg); + } + </script> + <script src="/sodium.js" async></script> +</head> +<body> +<form action="" id="form" method="get"> +Passwort: <input type="password" id="password" onchange="update_key(this.form);"> +<input type="hidden" name="key" id="key"> +<input type="submit" value="weiter""> +</form> +</body> +</html> +<?php + die(); +} diff --git a/genkey.html b/genkey.html index b73f21a..914d550 100644 --- a/genkey.html +++ b/genkey.html @@ -13,8 +13,8 @@ let key = sodium.crypto_sign_keypair('hex'); encryptedPrivateKey = encrypt_private_key(password, key.privateKey); document.getElementById("output").innerHTML = - '$privKey = "' + encryptedPrivateKey + '";<br>' + - '$pubKey = "' + key.publicKey + '";'; + 'echo "' + encryptedPrivateKey + '<br>' + + key.publicKey + '" >key.ed25519;'; } </script> <script src="/sodium.js" async></script> @@ -1,63 +1,7 @@ <?php include "moc-commands.php"; - -$privKey = "f1869e6cb93500215f5e1ef1fe552dbc76d036088b56c45b1bc32c54211f1c88f4429e138684b0c1a270fd71d3808d77771e0dbb90a0318eaf27d3747cd57f04"; -$pubKey = "f4429e138684b0c1a270fd71d3808d77771e0dbb90a0318eaf27d3747cd57f04"; - -function client_identifier() { - return $_SERVER['SERVER_ADDR'] . " " . $_SERVER['REMOTE_ADDR'] . " " . $_SERVER['REMOTE_PORT']; -} - -function zugriff_erlaubt() { - global $pubKey; - if (!(preg_match("/^192\.168\.[01]\.3$/", $_SERVER["REMOTE_ADDR"]) == 1)) - return true; - if (array_key_exists('key',$_GET)) { - $pubKey = hex2bin($pubKey); - return sodium_crypto_sign_open(hex2bin($_GET["key"]), $pubKey) == client_identifier(); - } - return false; -} - -function attach_key($delimiter = '&') { - if (!array_key_exists('key', $_GET)) - return; - print $delimiter . 'key=' . $_GET['key']; -} - -if (!zugriff_erlaubt()) { -?> -<html> -<head> - <script src="/encrypt_key.js"></script> - <script> - window.sodium = { - onload: function (sodium) { - var sodium = sodium; - } - }; - function update_key(form) { - privateKey = "<?php echo $privKey; ?>"; - privateKey = encrypt_private_key(form.password.value, privateKey); - privateKey = sodium.from_hex(privateKey); - let msg = sodium.crypto_sign("<?php print client_identifier(); ?>", privateKey); - form.key.value = sodium.to_hex(msg); - } - </script> - <script src="/sodium.js" async></script> -</head> -<body> -<form action="" id="form" method="get"> -Passwort: <input type="password" id="password" onchange="update_key(this.form);"> -<input type="hidden" name="key" id="key"> -<input type="submit" value="weiter""> -</form> -</body> -</html> -<?php - die(); -} +include "access-restriction.php"; $max_line_len = 50; |