Add add_entry and delete_entry
This commit is contained in:
parent
f56d067483
commit
c44e84124b
|
@ -171,28 +171,28 @@ function load_database($user)
|
||||||
return $db;
|
return $db;
|
||||||
}
|
}
|
||||||
|
|
||||||
function add_entry($user, $mkey, $url, $login, $password)
|
function add_entry($user, $login, $password)
|
||||||
{
|
{
|
||||||
$db = load_database($user);
|
$db = load_database($user);
|
||||||
|
|
||||||
if ($db == null) return false;
|
if ($db == null)
|
||||||
|
{
|
||||||
$password = encrypt($mkey, trim($password), true);
|
echo "Unknown user";
|
||||||
$login = encrypt($mkey, "@@" . trim($url) . ";" . trim($login), false);
|
|
||||||
|
|
||||||
if ($password == null || $login == null)
|
|
||||||
return false;
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
$count = $db->querySingle("SELECT COUNT(*) FROM gpass WHERE login='" . $login . "'");
|
$count = $db->querySingle("SELECT COUNT(*) FROM gpass WHERE login='" . $login . "'");
|
||||||
|
|
||||||
if ($count != 0)
|
if ($count != 0)
|
||||||
{
|
{
|
||||||
echo "<div class=\"error\">Entry already exists</div>";
|
echo "Entry already exists";
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
$result = $db->query("INSERT INTO gpass ('login', 'password') VALUES ('" . $login . "', '" . $password . "')");
|
$result = $db->query("INSERT INTO gpass ('login', 'password') VALUES ('" . $login . "', '" . $password . "')");
|
||||||
|
|
||||||
|
echo "OK";
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -200,10 +200,16 @@ function delete_entry($user, $login)
|
||||||
{
|
{
|
||||||
$db = load_database($user);
|
$db = load_database($user);
|
||||||
|
|
||||||
if ($db == null) return false;
|
if ($db == null)
|
||||||
|
{
|
||||||
|
echo "Unknown user";
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
$db->query("DELETE FROM gpass WHERE login='" . $login . "'");
|
$db->query("DELETE FROM gpass WHERE login='" . $login . "'");
|
||||||
|
|
||||||
|
echo "OK";
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -223,6 +229,8 @@ function list_entries($user)
|
||||||
|
|
||||||
$result = $db->query("SELECT * FROM gpass");
|
$result = $db->query("SELECT * FROM gpass");
|
||||||
|
|
||||||
|
echo "entries\n";
|
||||||
|
|
||||||
while (($row = $result->fetchArray()))
|
while (($row = $result->fetchArray()))
|
||||||
{
|
{
|
||||||
echo $row['login'] . ";" . $row['password'] . "\n";
|
echo $row['login'] . ";" . $row['password'] . "\n";
|
||||||
|
|
|
@ -25,8 +25,16 @@ session_start();
|
||||||
$VIEW_CIPHERED_PASSWORDS=true;
|
$VIEW_CIPHERED_PASSWORDS=true;
|
||||||
$ADMIN_MODE=true;
|
$ADMIN_MODE=true;
|
||||||
|
|
||||||
if (isset($_GET['get_passwords']) && isset($_GET['user']))
|
if (isset($_POST['get_passwords']) && isset($_POST['user']))
|
||||||
return list_entries($_GET['user']);
|
return list_entries($_POST['user']);
|
||||||
|
|
||||||
|
if (isset($_POST['add_entry']) && isset($_POST['user']) &&
|
||||||
|
isset($_POST['login']) && isset($_POST['password']))
|
||||||
|
return add_entry($_POST['user'], $_POST['login'], $_POST['password']);
|
||||||
|
|
||||||
|
if (isset($_POST['delete_entry']) && isset($_POST['user']) &&
|
||||||
|
isset($_POST['login']))
|
||||||
|
return delete_entry($_POST['user'], $_POST['login']);
|
||||||
|
|
||||||
?>
|
?>
|
||||||
<!DOCTYPE html>
|
<!DOCTYPE html>
|
||||||
|
@ -96,16 +104,13 @@ else
|
||||||
if ($user != "")
|
if ($user != "")
|
||||||
{
|
{
|
||||||
echo "<b>Add a new password</b><br/>\n";
|
echo "<b>Add a new password</b><br/>\n";
|
||||||
echo '<form method="post">' . "\n";
|
|
||||||
echo '<input type="hidden" name="user" value="' . $user . '"/>';
|
|
||||||
|
|
||||||
echo 'URL <input id="new_url" type="text" name="url"/>';
|
echo 'URL <input type="text" name="url"/>';
|
||||||
echo 'login <input type="text" name="login" />';
|
echo 'login <input type="text" name="login" />';
|
||||||
echo 'password <input id="new_password" type="text" name="pwd"/>';
|
echo 'password <input id="new_password" type="text" name="password"/>';
|
||||||
echo 'master key <input id="new_mkey" type="password" name="mkey"/>';
|
echo 'master key <input type="password" name="mkey"/>';
|
||||||
echo '<input type="button" value="Generate password" onClick="generate_password();"/>';
|
echo '<input type="button" value="Generate password" onClick="generate_password();"/>';
|
||||||
echo "<input type=\"submit\" name=\"add\" value=\"Add\" onclick=\"a = document.getElementById('new_url') ; a.value = url_domain(a.value); return derive_mkey('$user', 'new_mkey') ;\"/>";
|
echo "<input type=\"button\" name=\"add\" value=\"Add\" onclick=\"add_password();\"/>";
|
||||||
echo '</form>' . "\n";
|
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
</div>
|
</div>
|
||||||
|
|
|
@ -31,6 +31,20 @@ parseUri.options = {
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
if (!String.prototype.trim) {
|
||||||
|
String.prototype.trim = function() {
|
||||||
|
return this.replace(/^\s+|\s+$/g, "");
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
// Array Remove - By John Resig (MIT Licensed)
|
||||||
|
// http://stackoverflow.com/questions/500606/javascript-array-delete-elements
|
||||||
|
Array.prototype.remove = function(from, to) {
|
||||||
|
var rest = this.slice((to || from) + 1 || this.length);
|
||||||
|
this.length = from < 0 ? this.length + from : from;
|
||||||
|
return this.push.apply(this, rest);
|
||||||
|
};
|
||||||
|
|
||||||
function generate_password()
|
function generate_password()
|
||||||
{
|
{
|
||||||
// symbols 32 - 47 / 58 - 64 / 91 - 96 / 123 - 126
|
// symbols 32 - 47 / 58 - 64 / 91 - 96 / 123 - 126
|
||||||
|
@ -119,6 +133,10 @@ function PasswordEntry (ciphered_login="", ciphered_password="") {
|
||||||
this.masterkey = masterkey;
|
this.masterkey = masterkey;
|
||||||
aes.finish();
|
aes.finish();
|
||||||
|
|
||||||
|
// Remove salt
|
||||||
|
this.clear_password = this.clear_password.replace(/\0*$/, "");
|
||||||
|
this.clear_password = this.clear_password.substr(0, this.clear_password.length-3);
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -135,16 +153,19 @@ function list_all_entries(user)
|
||||||
req = new XMLHttpRequest();
|
req = new XMLHttpRequest();
|
||||||
req.addEventListener("load", function(evt) {
|
req.addEventListener("load", function(evt) {
|
||||||
entries = this.responseText.split("\n");
|
entries = this.responseText.split("\n");
|
||||||
for(i=0; i<entries.length; i++)
|
if (entries[0] == "entries")
|
||||||
|
{
|
||||||
|
for(i=1; i<entries.length; i++)
|
||||||
{
|
{
|
||||||
if (entries[i] == "") continue;
|
if (entries[i] == "") continue;
|
||||||
entry = entries[i].split(";");
|
entry = entries[i].split(";");
|
||||||
passwords.push(new PasswordEntry(entry[0], entry[1]));
|
passwords.push(new PasswordEntry(entry[0], entry[1]));
|
||||||
}
|
}
|
||||||
|
}
|
||||||
}, false);
|
}, false);
|
||||||
req.open("GET", document.documentURI + "?get_passwords=1&user=" + user, false);
|
req.open("POST", document.documentURI, false);
|
||||||
req.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded; charset=UTF-8');
|
req.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded; charset=UTF-8');
|
||||||
req.send(null);
|
req.send("get_passwords=1&user=" + user);
|
||||||
}
|
}
|
||||||
|
|
||||||
function change_master_key()
|
function change_master_key()
|
||||||
|
@ -176,9 +197,15 @@ function change_master_key()
|
||||||
if (passwords[i].isUnciphered(current_mkey))
|
if (passwords[i].isUnciphered(current_mkey))
|
||||||
{
|
{
|
||||||
div = document.createElement("div");
|
div = document.createElement("div");
|
||||||
div.setAttribute("id", i);
|
div.setAttribute("id", "entry_" + i);
|
||||||
div.setAttribute("class", "password");
|
div.setAttribute("class", "password");
|
||||||
|
|
||||||
|
ciph_login = document.createElement("input");
|
||||||
|
ciph_login.setAttribute("name", "ciphered_login");
|
||||||
|
ciph_login.setAttribute("type", "hidden");
|
||||||
|
ciph_login.setAttribute("login", passwords[i].ciphered_login);
|
||||||
|
div.appendChild(ciph_login);
|
||||||
|
|
||||||
div.appendChild(document.createTextNode("URL"));
|
div.appendChild(document.createTextNode("URL"));
|
||||||
url = document.createElement("input");
|
url = document.createElement("input");
|
||||||
url.setAttribute("type", "text");
|
url.setAttribute("type", "text");
|
||||||
|
@ -203,6 +230,7 @@ function change_master_key()
|
||||||
delete_button = document.createElement("input");
|
delete_button = document.createElement("input");
|
||||||
delete_button.setAttribute("type", "button");
|
delete_button.setAttribute("type", "button");
|
||||||
delete_button.setAttribute("value", "Delete");
|
delete_button.setAttribute("value", "Delete");
|
||||||
|
delete_button.setAttribute("onclick", "delete_entry(\"entry_" + i + "\");");
|
||||||
div.appendChild(delete_button);
|
div.appendChild(delete_button);
|
||||||
|
|
||||||
update_button = document.createElement("input");
|
update_button = document.createElement("input");
|
||||||
|
@ -227,9 +255,15 @@ function change_master_key()
|
||||||
if (!passwords[i].isUnciphered(current_mkey))
|
if (!passwords[i].isUnciphered(current_mkey))
|
||||||
{
|
{
|
||||||
div = document.createElement("div");
|
div = document.createElement("div");
|
||||||
div.setAttribute("id", i);
|
div.setAttribute("id", "entry_" + i);
|
||||||
div.setAttribute("class", "password");
|
div.setAttribute("class", "password");
|
||||||
|
|
||||||
|
ciph_login = document.createElement("input");
|
||||||
|
ciph_login.setAttribute("name", "ciphered_login");
|
||||||
|
ciph_login.setAttribute("type", "hidden");
|
||||||
|
ciph_login.setAttribute("login", passwords[i].ciphered_login);
|
||||||
|
div.appendChild(ciph_login);
|
||||||
|
|
||||||
div.appendChild(document.createTextNode("URL"));
|
div.appendChild(document.createTextNode("URL"));
|
||||||
url = document.createElement("input");
|
url = document.createElement("input");
|
||||||
url.setAttribute("class", "hash");
|
url.setAttribute("class", "hash");
|
||||||
|
@ -249,6 +283,7 @@ function change_master_key()
|
||||||
delete_button = document.createElement("input");
|
delete_button = document.createElement("input");
|
||||||
delete_button.setAttribute("type", "button");
|
delete_button.setAttribute("type", "button");
|
||||||
delete_button.setAttribute("value", "Delete");
|
delete_button.setAttribute("value", "Delete");
|
||||||
|
delete_button.setAttribute("onclick", "delete_entry(\"entry_" + i + "\");");
|
||||||
div.appendChild(delete_button);
|
div.appendChild(delete_button);
|
||||||
|
|
||||||
password_div.appendChild(div);
|
password_div.appendChild(div);
|
||||||
|
@ -263,8 +298,9 @@ function update_master_key()
|
||||||
if (user != current_user)
|
if (user != current_user)
|
||||||
{
|
{
|
||||||
current_user = user;
|
current_user = user;
|
||||||
|
|
||||||
document.title = "gPass : global Password - " + current_user;
|
document.title = "gPass : global Password - " + current_user;
|
||||||
passwords = new Array();
|
|
||||||
list_all_entries(current_user);
|
list_all_entries(current_user);
|
||||||
|
|
||||||
addon_address = document.getElementById("addon_address");
|
addon_address = document.getElementById("addon_address");
|
||||||
|
@ -288,3 +324,180 @@ function start()
|
||||||
|
|
||||||
return update_master_key();
|
return update_master_key();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function add_password()
|
||||||
|
{
|
||||||
|
var url = "";
|
||||||
|
var login = "";
|
||||||
|
var password = "";
|
||||||
|
var mkey = "";
|
||||||
|
|
||||||
|
div = document.getElementById("add_new_password");
|
||||||
|
|
||||||
|
inputs = div.getElementsByTagName("input");
|
||||||
|
|
||||||
|
for(i=0; i<inputs.length; i++)
|
||||||
|
{
|
||||||
|
if (inputs[i].getAttribute("name") == "url")
|
||||||
|
url = url_domain(inputs[i].value);
|
||||||
|
else if (inputs[i].getAttribute("name") == "login")
|
||||||
|
login = inputs[i].value.trim();
|
||||||
|
else if (inputs[i].getAttribute("name") == "password")
|
||||||
|
password = inputs[i].value.trim();
|
||||||
|
else if (inputs[i].getAttribute("name") == "mkey")
|
||||||
|
mkey = inputs[i].value;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (url == "")
|
||||||
|
{
|
||||||
|
alert("URL is empty");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (login == "")
|
||||||
|
{
|
||||||
|
alert("Login is empty");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (password == "")
|
||||||
|
{
|
||||||
|
alert("Password is empty");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (mkey == "")
|
||||||
|
{
|
||||||
|
alert("Master key is empty");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
mkey = derive_mkey(current_user, mkey);
|
||||||
|
|
||||||
|
for(i=0; i<passwords.length; i++)
|
||||||
|
{
|
||||||
|
p = passwords[i];
|
||||||
|
if (p.clear_url == url &&
|
||||||
|
p.clear_password == password &&
|
||||||
|
p.clear_login == login &&
|
||||||
|
p.masterkey == mkey)
|
||||||
|
{
|
||||||
|
alert("Entry already exists");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
ciphered_login = "@@" + url + ";" + login;
|
||||||
|
ciphered_password = password;
|
||||||
|
|
||||||
|
for(i=0; i<3; i++)
|
||||||
|
{
|
||||||
|
password += String.fromCharCode((Math.random() * 128)+1);
|
||||||
|
}
|
||||||
|
|
||||||
|
aes = new AES();
|
||||||
|
a_masterkey = aes.init(hex2a(mkey));
|
||||||
|
ciphered_login = a2hex(aes.encryptLongString(ciphered_login, a_masterkey));
|
||||||
|
ciphered_password = a2hex(aes.encryptLongString(ciphered_password, a_masterkey));
|
||||||
|
|
||||||
|
var ok = false;
|
||||||
|
req = new XMLHttpRequest();
|
||||||
|
req.addEventListener("load", function(evt) {
|
||||||
|
resp = this.responseText;
|
||||||
|
if (resp == "OK")
|
||||||
|
ok = true;
|
||||||
|
else
|
||||||
|
alert(resp);
|
||||||
|
}, false);
|
||||||
|
req.open("POST", document.documentURI, false);
|
||||||
|
req.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded; charset=UTF-8');
|
||||||
|
req.send("add_entry=1&user=" + user + "&login=" + ciphered_login + "&password=" + ciphered_password);
|
||||||
|
|
||||||
|
if (!ok) return false;
|
||||||
|
|
||||||
|
current_mkey = mkey;
|
||||||
|
|
||||||
|
pentry = new PasswordEntry(ciphered_login, ciphered_password);
|
||||||
|
pentry.unciphered = true;
|
||||||
|
pentry.clear_url = url;
|
||||||
|
pentry.clear_login = login;
|
||||||
|
pentry.clear_password = password.substr(0, password.length-3);
|
||||||
|
pentry.masterkey = mkey;
|
||||||
|
|
||||||
|
passwords.push(pentry);
|
||||||
|
|
||||||
|
change_master_key();
|
||||||
|
|
||||||
|
for(i=0; i<inputs.length; i++)
|
||||||
|
inputs[i].value = "";
|
||||||
|
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
function delete_entry(entry_number)
|
||||||
|
{
|
||||||
|
entry = document.getElementById(entry_number);
|
||||||
|
|
||||||
|
if (entry == null) {
|
||||||
|
alert(entry_number + " not found");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
inputs = entry.getElementsByTagName("input");
|
||||||
|
|
||||||
|
var ciphered_login = null;
|
||||||
|
for(i=0; i<inputs.length; i++)
|
||||||
|
{
|
||||||
|
if (inputs[i].getAttribute("name") == "ciphered_login")
|
||||||
|
{
|
||||||
|
ciphered_login = inputs[i];
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (ciphered_login == null)
|
||||||
|
{
|
||||||
|
alert("Widget not found");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
var found = -1;
|
||||||
|
ciphered_login = ciphered_login.getAttribute("login");
|
||||||
|
for(i=0; i<passwords.length; i++)
|
||||||
|
{
|
||||||
|
if (passwords[i].ciphered_login == ciphered_login)
|
||||||
|
{
|
||||||
|
found = i;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (found == -1)
|
||||||
|
{
|
||||||
|
alert("Password not found int database");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(!confirm("Are you sure want to delete this entry ?"))
|
||||||
|
return;
|
||||||
|
|
||||||
|
var ok = false;
|
||||||
|
req = new XMLHttpRequest();
|
||||||
|
req.addEventListener("load", function(evt) {
|
||||||
|
resp = this.responseText;
|
||||||
|
if (resp == "OK")
|
||||||
|
ok = true;
|
||||||
|
else
|
||||||
|
alert(resp);
|
||||||
|
}, false);
|
||||||
|
req.open("POST", document.documentURI, false);
|
||||||
|
req.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded; charset=UTF-8');
|
||||||
|
req.send("delete_entry=1&user=" + user + "&login=" + ciphered_login);
|
||||||
|
|
||||||
|
if (!ok) return false;
|
||||||
|
|
||||||
|
entry.parentNode.removeChild(entry);
|
||||||
|
|
||||||
|
passwords.remove(found);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user