soutade/gPass
1
0
Fork 0
Code Issues Pull Requests Packages Releases 2 Activity

Server side :

Browse Source 
* Trim password and login before instertion
	* Can use empty master key to see user passwords
	* Fix a bug : can't decode multiple queries from client

Client side :
	* Don't send empty username
	* Update README
This commit is contained in:
Gregory Soutade
2013-10-17 18:26:54 +02:00
parent 4fd1f1e92f
commit 67d21ff3ef
5 changed files with 12 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
server/functions.php
View File

@@ -177,8 +177,8 @@ function add_entry($user, $mkey, $url, $login, $password)
if ($db == null) return false;
$password = encrypt($mkey, $password, true);
$login = encrypt($mkey, "@@" . $url . ";" . $login, false);
$password = encrypt($mkey, trim($password), true);
$login = encrypt($mkey, "@@" . trim($url) . ";" . trim($login), false);
if ($password == null || $login == null)
return false;
@@ -232,7 +232,9 @@ function list_entries($user, $mkey)
if ($mkey != "")
$login = decrypt($mkey, $row['login'], false);
else
$login = "";
if ($login[0] != '@' && $login[1] != '@')
{
$subres = array('login_ciph' => $row['login'],

2
server/index.php
View File

@@ -107,7 +107,7 @@ else
}
echo "</select>\n";
echo ' <b>Master key </b> <input id="see_password" type="password" name="mkey"/>';
echo "<input name=\"see\" type=\"submit\" value=\"See\" onclick=\"a=document.getElementById('selected_user') ; return derive_mkey(a.options[a.selectedIndex].value, 'see_password') ;\"/>" . "\n";
echo "<input name=\"see\" type=\"submit\" value=\"See\" onclick=\"if (document.getElementById('see_password').value == '') return true; a=document.getElementById('selected_user') ; return derive_mkey(a.options[a.selectedIndex].value, 'see_password') ;\"/>" . "\n";
}
?>
</form>

3
server/ref/index.php
View File

@@ -45,7 +45,8 @@ for ($i=0; isset($_POST["k$i"]); $i++)
{
$statement->bindValue(":login", $_POST["k$i"]);
$result = $statement->execute();
$row = $result->fetchArray();
$row = $result->fetchArray(SQLITE3_ASSOC);
$result->finalize();
if (isset($row["password"]))
{
echo "pass=" . $row["password"] . "\n";