summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--access-restriction.php62
-rw-r--r--genkey.html4
-rw-r--r--index.php58
3 files changed, 65 insertions, 59 deletions
diff --git a/access-restriction.php b/access-restriction.php
new file mode 100644
index 0000000..92049bc
--- /dev/null
+++ b/access-restriction.php
@@ -0,0 +1,62 @@
+<?php
+
+$keyFile = fopen("../key.ed25519", "r");
+if ($keyFile === false)
+ die();
+$privKey = trim(fgets($keyFile));
+$pubKey = trim(fgets($keyFile));
+fclose($keyFile);
+
+function client_identifier() {
+ return $_SERVER['SERVER_ADDR'] . " " . $_SERVER['REMOTE_ADDR'] . " " . $_SERVER['REMOTE_PORT'];
+}
+
+function zugriff_erlaubt() {
+ global $pubKey;
+ if (!(preg_match("/^192\.168\.[01]\.3$/", $_SERVER["REMOTE_ADDR"]) == 1))
+ return true;
+ if (array_key_exists('key',$_GET)) {
+ $pubKey = hex2bin($pubKey);
+ return sodium_crypto_sign_open(hex2bin($_GET["key"]), $pubKey) == client_identifier();
+ }
+ return false;
+}
+
+function attach_key($delimiter = '&') {
+ if (!array_key_exists('key', $_GET))
+ return;
+ print $delimiter . 'key=' . $_GET['key'];
+}
+
+if (!zugriff_erlaubt()) {
+?>
+<html>
+<head>
+ <script src="/encrypt_key.js"></script>
+ <script>
+ window.sodium = {
+ onload: function (sodium) {
+ var sodium = sodium;
+ }
+ };
+ function update_key(form) {
+ privateKey = "<?php echo $privKey; ?>";
+ privateKey = encrypt_private_key(form.password.value, privateKey);
+ privateKey = sodium.from_hex(privateKey);
+ let msg = sodium.crypto_sign("<?php print client_identifier(); ?>", privateKey);
+ form.key.value = sodium.to_hex(msg);
+ }
+ </script>
+ <script src="/sodium.js" async></script>
+</head>
+<body>
+<form action="" id="form" method="get">
+Passwort: <input type="password" id="password" onchange="update_key(this.form);">
+<input type="hidden" name="key" id="key">
+<input type="submit" value="weiter"">
+</form>
+</body>
+</html>
+<?php
+ die();
+}
diff --git a/genkey.html b/genkey.html
index b73f21a..914d550 100644
--- a/genkey.html
+++ b/genkey.html
@@ -13,8 +13,8 @@
let key = sodium.crypto_sign_keypair('hex');
encryptedPrivateKey = encrypt_private_key(password, key.privateKey);
document.getElementById("output").innerHTML =
- '$privKey = "' + encryptedPrivateKey + '";<br>' +
- '$pubKey = "' + key.publicKey + '";';
+ 'echo "' + encryptedPrivateKey + '<br>' +
+ key.publicKey + '" >key.ed25519;';
}
</script>
<script src="/sodium.js" async></script>
diff --git a/index.php b/index.php
index 0a93b05..e38414a 100644
--- a/index.php
+++ b/index.php
@@ -1,63 +1,7 @@
<?php
include "moc-commands.php";
-
-$privKey = "f1869e6cb93500215f5e1ef1fe552dbc76d036088b56c45b1bc32c54211f1c88f4429e138684b0c1a270fd71d3808d77771e0dbb90a0318eaf27d3747cd57f04";
-$pubKey = "f4429e138684b0c1a270fd71d3808d77771e0dbb90a0318eaf27d3747cd57f04";
-
-function client_identifier() {
- return $_SERVER['SERVER_ADDR'] . " " . $_SERVER['REMOTE_ADDR'] . " " . $_SERVER['REMOTE_PORT'];
-}
-
-function zugriff_erlaubt() {
- global $pubKey;
- if (!(preg_match("/^192\.168\.[01]\.3$/", $_SERVER["REMOTE_ADDR"]) == 1))
- return true;
- if (array_key_exists('key',$_GET)) {
- $pubKey = hex2bin($pubKey);
- return sodium_crypto_sign_open(hex2bin($_GET["key"]), $pubKey) == client_identifier();
- }
- return false;
-}
-
-function attach_key($delimiter = '&') {
- if (!array_key_exists('key', $_GET))
- return;
- print $delimiter . 'key=' . $_GET['key'];
-}
-
-if (!zugriff_erlaubt()) {
-?>
-<html>
-<head>
- <script src="/encrypt_key.js"></script>
- <script>
- window.sodium = {
- onload: function (sodium) {
- var sodium = sodium;
- }
- };
- function update_key(form) {
- privateKey = "<?php echo $privKey; ?>";
- privateKey = encrypt_private_key(form.password.value, privateKey);
- privateKey = sodium.from_hex(privateKey);
- let msg = sodium.crypto_sign("<?php print client_identifier(); ?>", privateKey);
- form.key.value = sodium.to_hex(msg);
- }
- </script>
- <script src="/sodium.js" async></script>
-</head>
-<body>
-<form action="" id="form" method="get">
-Passwort: <input type="password" id="password" onchange="update_key(this.form);">
-<input type="hidden" name="key" id="key">
-<input type="submit" value="weiter"">
-</form>
-</body>
-</html>
-<?php
- die();
-}
+include "access-restriction.php";
$max_line_len = 50;