<?php
/**
* Test script for Cryptopost PHP class
*/
session_start();
if (isset($_GET['destroySession'])){
session_destroy();
session_start();
}
require_once './Cryptopost.class.php';
$crypto = new Cryptopost(1024, './openssl.cnf'); // Session MUST be started.
if (isset($_GET['resetKeys'])) $crypto->reset();
// Check for FORM encrypted data
if (isset($_POST['cryptoPost'])){
$cryptedPost = $_POST; // Save crypted data for debug
$formId = $crypto->decodeForm(); // Decrypt $_POST contents
// Do stuff here (database record, etc).
// Dont forget to secure filter $_POST values.
//
// DON'T USE received $_POST values in the HTML code! This will transmit
// data as clear text to the browser: Use javascript 'cryptoPost.decrypt()'
// method to fill your form, so data is decrypted locally at client's browser.
if (isset($_POST['data1'])){
$data['data1'] = filter_var($_POST['data1'], FILTER_VALIDATE_INT);
/* ... etc ... */
}
// Encrypt processed data if you need to fill form again:
$encrypted = $crypto->encodeData($_POST, $formId);
}
?>
<!DOCTYPE html>
<html lang="en-EN">
<head>
<meta charset="UTF-8">
<title>Cryptopost</title>
<meta name="sessionkey" content="<?php echo $_SESSION['RSA_Public_key'];?>">
<script src="./javascript/rsa_jsbn.js"></script>
<script src="./javascript/gibberish-aes.js"></script>
<script src="./javascript/cryptopost.js"></script>
</head>
<body>
<h1>Testing Cryptopost class</h1>
<form id="form1" method="POST" action="test.php" onsubmit="return cryptoPost.encrypt('form1')">
Data 1: <input type="text" name="data1" value="" /><br />
Data 2: <input type="text" name="data2" value="" /><br />
Data 3: <input type="text" name="data3" value="" /><br />
Data 4: <textarea cols="40" rows="5" name="data4"></textarea>
<br />
<input type="submit" name="submit" value="Submit" />
<input type="reset" name="reset" value="Reset" />
<a href="test.php?resetKeys=1" onclick="cryptoPost.reset();">Reset keys</a>
<a href="test.php?destroySession=1">Destroy session</a>
</form>
<!-- Fill form input fields -->
<?php if (isset($encrypted)) { ?>
<script>cryptoPost.decrypt('<?php echo $encrypted;?>');</script>
<?php } ?>
<br />
<br />
<?php
// Debug
echo '<h2>Session keys:</h2>';
if (isset($_SESSION['RSA_Public_key'])){
echo 'RSA public key (hex) = '. $_SESSION['RSA_Public_key'];
echo '<br /><br />';
}
if (isset($_SESSION['aesKey'])){
echo 'AES key (hex) = '. bin2hex($_SESSION['aesKey']);
echo '<br />';
}
if (isset($cryptedPost)){
echo '<h2>Received POST data:</h2><pre>';
var_dump($cryptedPost);
echo '</pre><br />';
echo '<h2>Decrypted POST data:</h2><pre>';
var_dump($_POST);
echo '</pre><br />';
}
?>
</body>
</html>
|