lockbox-web/index.php

37 lines
1.2 KiB
PHP
Raw Permalink Normal View History

2020-04-14 18:50:58 +00:00
<?php
session_start();
require_once 'php/config.inc.php';
include header;
if (isset($_POST) && count($_POST)>0) {
// add a few misc maybe-useful fields to the data before encrypting
$_POST['00a_received'] = date(DATE_RSS);
$_POST['00b_spam'] = isset($_POST['email']) && trim($_POST['email']) != "" ? "probably" : "unlikely";
$_POST['00c_ip'] = $_SERVER['REMOTE_ADDR'];
$_POST['00d_session'] = session_id();
// serialize post data -- creates a risk of extraneous data being submitted by pests
$data = json_encode($_POST);
// pubkey is a base64-encoded key generated by sodium_crypto_box_keypair
$pubKey = base64_decode(file_get_contents("key.public"));
// for now, data is stored by encrypting each submission individually, base64 encoding it,
// and appending it as a separate line onto the end of the data file (prepending with a
// unix timestamp so later we can tell if new data has arrived without decrypting)
$encrypted = sodium_crypto_box_seal($data, $pubKey);
if (file_put_contents(FILE, time() . "|" . base64_encode($encrypted)."\n", FILE_APPEND | LOCK_EX) !== false) {
echo MSG_SUCCESS;
} else {
echo MSG_FAIL;
}
} else {
include form;
}
include footer;
?>