diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..b19604c --- /dev/null +++ b/.gitattributes @@ -0,0 +1,2 @@ +*.env linguist-language=ENV +./* linguist-documentation \ No newline at end of file diff --git a/.gitignore b/.gitignore index db8aa01..2694a56 100644 --- a/.gitignore +++ b/.gitignore @@ -1,10 +1,7 @@ -# Composer -/vendor/ -composer.json +# Project Files +.gitattributes +#snyk.sarif -# Project based +# QuickBlaze Security /Modules/Database.env /Modules/InstallationStatus.json - -# Github -snyk.sarif \ No newline at end of file diff --git a/.htaccess b/.htaccess index ed4e26b..57648c9 100644 --- a/.htaccess +++ b/.htaccess @@ -1,7 +1,16 @@ +# URL handling RewriteEngine on RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d -RewriteRule ^.* /index.php [L,QSA] +RewriteRule ^.* index.php [L,QSA] +# Error handling ErrorDocument 404 /404 +ErrorDocument 403 /403 ErrorDocument 500 /500 + +# File security + +Order allow,deny +Deny from all + \ No newline at end of file diff --git a/.version b/.version index d3f8aa1..8c955e1 100644 --- a/.version +++ b/.version @@ -1 +1 @@ -{"VERSION":"1.0.4"} \ No newline at end of file +{ "BRANCH": "dev", "VERSION":"1.0.5-dev" } \ No newline at end of file diff --git a/LICENSE b/LICENSE index bf1bf1f..c3f7d79 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2022 Axton +Copyright (c) 2022 axtonprice.com Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal @@ -18,4 +18,4 @@ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. +SOFTWARE. \ No newline at end of file diff --git a/Modules/.htaccess b/Modules/.htaccess new file mode 100644 index 0000000..3418e55 --- /dev/null +++ b/Modules/.htaccess @@ -0,0 +1 @@ +deny from all \ No newline at end of file diff --git a/Modules/Database_example.env b/Modules/Database_example.env index f421735..0e551e1 100644 --- a/Modules/Database_example.env +++ b/Modules/Database_example.env @@ -1,7 +1,6 @@ - { "HOSTNAME": "", "USERNAME": "", "PASSWORD": "", "DATABASE": "" -} \ No newline at end of file +} diff --git a/Modules/Functions.php b/Modules/Functions.php index 5936a05..62f97c3 100644 --- a/Modules/Functions.php +++ b/Modules/Functions.php @@ -20,7 +20,7 @@ function processData($data) function ifTextBoxDisabled() { sanitizeXSS(); // Sanitize Script - if ($_GET["submitted"]) { + if (isset($_GET["submitted"])) { echo "disabled"; } } @@ -57,12 +57,13 @@ function determineSubmissionFooter() } function determineSystemVersion() { - $latestVersion = json_decode(file_get_contents("https://raw.githubusercontent.com/axtonprice-dev/quickblaze-encrypt/main/.version", true), true); if (!file_exists("./.version")) { - file_put_contents("./.version", json_encode(array("version" => $latestVersion["VERSION"]))); touch("./.version"); + $latestVersion = json_decode(file_get_contents("https://raw.githubusercontent.com/axtonprice-dev/quickblaze-encrypt/main/.version", true), true); + file_put_contents("./.version", json_encode(array("BRANCH" => $latestVersion["BRANCH"], "VERSION" => $latestVersion["VERSION"]))); } $thisVersion = json_decode(file_get_contents("./.version", true), true); + $latestVersion = json_decode(file_get_contents("https://raw.githubusercontent.com/axtonprice-dev/quickblaze-encrypt/" . $thisVersion["BRANCH"] . "/.version", true), true); if ($thisVersion["VERSION"] != $latestVersion["VERSION"]) { return 'v' . $thisVersion["VERSION"] . ' (Outdated!)'; } else { @@ -99,16 +100,18 @@ function decryptData($encryption_key) // getRecord("encrypted_contents", $dataKe function setupDatabase() { sanitizeXSS(); // Sanitize Script + error_reporting(0); // disable error reporting if (!file_exists("./Modules/InstallationStatus.json")) { touch("./Modules/InstallationStatus.json"); - file_put_contents("./Modules/InstallationStatus.json", json_encode(array("INSTALLED" => "true"))); + file_put_contents("./Modules/InstallationStatus.json", json_encode(array("INSTALLED" => "false"))); } $json = json_decode(file_get_contents("./Modules/InstallationStatus.json", true), true); - if ($json["INSTALLED"] == "false") { + if ($json["INSTALLED"] == "false" || $json["INSTALLED"] == "") { $json = json_decode(file_get_contents("./Modules/Database.env", true), true); - $mysqli = new mysqli($json["HOSTNAME"], $json["USERNAME"], $json["PASSWORD"], $json["DATABASE"]); - if ($mysqli->connect_errno) { - return $mysqli->connect_errno; + try { // attempt database connection + $mysqli = new mysqli($json["HOSTNAME"], $json["USERNAME"], $json["PASSWORD"], $json["DATABASE"]); + } catch (mysqli_sql_exception $e) { + die(file_get_contents("./Public/Error/DatabaseCredentials.html")); // throw error page if invalid credentials } $tableCreateSQL = "CREATE TABLE IF NOT EXISTS `quickblaze_records` (`record_id` int(11) NOT NULL,`encrypted_contents` longtext NOT NULL,`encryption_token` varchar(128) NOT NULL,`source_ip` varchar(100) NOT NULL, `record_date` timestamp(5) NOT NULL DEFAULT current_timestamp(5)) ENGINE=InnoDB DEFAULT CHARSET=utf8;"; $addPrimaryKeySQL = "ALTER TABLE `quickblaze_records` ADD PRIMARY KEY (`record_id`);"; @@ -130,6 +133,18 @@ function setupDatabase() $mysqli->close(); } + error_reporting(E_ALL); // enable error reporting +} +function checkDatabase() +{ + if (!file_exists("./Modules/Database.env")) { + die(file_get_contents("./Public/Error/DatabaseConfig.html")); + } else { + $json = json_decode(file_get_contents("./Modules/Database.env", true), true); + if ($json["DATABASE"] == "" || $json["HOSTNAME"] == "") { + die(file_get_contents("./Public/Error/DatabaseConfig.html")); + } + } } function insertRecord($encrypted_contents, $encryption_token) diff --git a/Public/Error/403.html b/Public/Error/403.html new file mode 100644 index 0000000..2fe0698 --- /dev/null +++ b/Public/Error/403.html @@ -0,0 +1,127 @@ + + + + + + + + + QuickBlaze + + + + + + + + + + +
+
+

Access to this page is restricted

+

Please check with the site admin if you believe this is a mistake.

+
+ + + \ No newline at end of file diff --git a/Public/Error/404.html b/Public/Error/404.html index 1b9bfb9..28b9b99 100644 --- a/Public/Error/404.html +++ b/Public/Error/404.html @@ -27,10 +27,26 @@
This page does not exist. It was most likely removed!
GitHub • - Discord • + Discord

+ + + + \ No newline at end of file diff --git a/Public/Error/500.html b/Public/Error/500.html index c5f3006..2b51fcf 100644 --- a/Public/Error/500.html +++ b/Public/Error/500.html @@ -27,10 +27,26 @@
An internal server error occurred. Please try again later

GitHub • - Discord • + Discord

+ + + + \ No newline at end of file diff --git a/Public/Error/DatabaseConfig.html b/Public/Error/DatabaseConfig.html new file mode 100644 index 0000000..d9b0d9e --- /dev/null +++ b/Public/Error/DatabaseConfig.html @@ -0,0 +1,50 @@ + + + + + + + + + QuickBlaze + + + + + + + + + + +
+

Database Error

+
+
You have not configured the database correctly!

Please refer to the GitHub repository.
+ +

+ GitHub • + Discord +

+
+ + + + + + + + \ No newline at end of file diff --git a/Public/Error/DatabaseCredentials.html b/Public/Error/DatabaseCredentials.html new file mode 100644 index 0000000..c860d6f --- /dev/null +++ b/Public/Error/DatabaseCredentials.html @@ -0,0 +1,50 @@ + + + + + + + + + QuickBlaze + + + + + + + + + + +
+

Database Error

+
+
Failed to connect to the database using the connection credentials you have provided.

Please refer to the GitHub repository.
+ +

+ GitHub • + Discord +

+
+ + + + + + + + \ No newline at end of file diff --git a/Public/assets/css/style.css b/Public/assets/css/style.css index f943327..e3ab621 100644 --- a/Public/assets/css/style.css +++ b/Public/assets/css/style.css @@ -35,3 +35,7 @@ textarea { .form-submit .form-floating:focus-within { z-index: 2; } + +.darkmode--activated button, .darkmode--activated textarea:outline { + mix-blend-mode: difference; +} diff --git a/Public/index.php b/Public/index.php index dccfbab..85a95b6 100644 --- a/Public/index.php +++ b/Public/index.php @@ -23,7 +23,7 @@
One time view encrypted message sharing system


- + @@ -36,6 +36,22 @@ + + + + \ No newline at end of file diff --git a/Public/view.php b/Public/view.php index a2e75b4..9108555 100644 --- a/Public/view.php +++ b/Public/view.php @@ -28,12 +28,28 @@

GitHubDiscord • - v +

+ + + + \ No newline at end of file diff --git a/README.md b/README.md index a6e29c1..5c177bc 100644 --- a/README.md +++ b/README.md @@ -1,17 +1,17 @@

QuickBlaze Encryption 👋

+

- Version + Version License: MIT - Discord: axtonprice + Discord: axtonprice

> An extremely simple, one-time view encryption system. Send links anywhere on the internet, and the encrypted message will automatically be destroyed after being viewed once! - ### ✨ Click to view Demo ## Requirements @@ -21,31 +21,43 @@ - PHP [MBSTRING](http://php.net/manual/en/book.mbstring.php) module for full UTF-8 support. - PHP [JSON](http://php.net/manual/en/book.json.php) module for JSON manipulation -⚠️ ***Do not install QuickBlaze into a directory, it will cause issues! We recommend you install it to separate subdomain.*** - ## Installation 1. Download the latest version from the releases page. 2. Upload and extract the file to your web server or hosting subdomain. -3. Update the database information in `/Modules/Database_example.env`, then rename the file to `Database.env`. +3. Update the database information in `/modules/Database_example.env`, then ensure you rename the file to `Database.env`. [(See below for layout format)](#configuration) 4. Visit your domain https://quickblaze.example.com/ 5. Enjoy! +⚠️ *Don't delete the `.version` file! It contains necessary version data, and modifying it may cause issues!* + +## Configuration +Example configuration layout of `Database.env`: +```json +{ + "HOSTNAME": "mysql.example.com", + "USERNAME": "admin", + "PASSWORD": "admin123", + "DATABASE": "quickblaze_db" +} +``` + ## How it Works -The user enters the message they would like to encrypt. The system then securely encrypts the message, and generates an encryption key. *The key can be used to decrypt the encrypted message.* The system then creates a new record in the database, containing the encrypted data and the encryption key. Once the decryption function is executed (indicating the user has viewed the message) the database record is deleted along with the encryption data and key. This means the data is now permanently lost and cannot be viewed, accessed or recovered.

Keep your URL safe, it contains the encryption key! Without it, the data cannot be decrypted! +The user enters the message they would like to encrypt. The system then securely encrypts the message, and generates an encryption key. *The key can be used to decrypt the encrypted message.* The system then creates a new record in the database, containing the encrypted data and the encryption key. Once the decryption function is executed (indicating the user has viewed the message) the database record is deleted along with the encryption data and key. This means the data is now permanently lost and cannot be viewed, accessed or recovered.

Keep your URL safe, it contains the encryption key! Exposing the URL means anybody will be able to view the encrypted message! -## Screenshots +## Screenshots *(Light/Dark Mode)*

- - - - - + + + + + +

-## Authors, Credits, and Contributors +## Authors and Contributors 👤 **axtonprice** - Main Author @@ -61,3 +73,7 @@ If you like this project, give a ⭐️ to support us! Copyright © 2022 [axtonprice](https://github.com/axtonprice).
This project is [MIT](https://github.com/axtonprice/quickblaze-encrypt/blob/main/LICENSE) licensed. + +
+ + diff --git a/composer.json b/composer.json deleted file mode 100644 index 8fb25bb..0000000 --- a/composer.json +++ /dev/null @@ -1,13 +0,0 @@ -{ - "name": "axtonprice/quickblaze", - "description": "An extremely simple, one-time view encryption message system. Send anybody passwords, or secret messages on a one-time view basis.", - "type": "project", - "license": "MIT", - "authors": [ - { - "name": "Axton", - "email": "enquires@axtonprice.com" - } - ], - "require": {} -} diff --git a/index.php b/index.php index 75dd0a0..4aa849b 100644 --- a/index.php +++ b/index.php @@ -1,43 +1,50 @@