<?php// Needs php-pdo, php-mcrypt at the least...//// Here's the schema:

1. <?php
2. // Needs php-pdo, php-mcrypt at the least...
3. //
4. // Here's the schema:
5. // create table passwords(id, password, ctime, xtime, views, xviews);
6. //
7. // Housecleaning needs to be done out-of-band (cron?) to delete expired things
8. //
9. #$db = new PDO("DSN", "USER", "PASSWORD");  if you want to use something other than sqlite...
10. $db = new PDO("sqlite:/tmp/passwords");
11. $key = "super sekrit"; // You should change this.
12. $xtime_default = 7; // default days until expires
13. $xviews_default = 2; // default # of views before it expires
14. #
15. # yeeeaaahhh, lets start by inlining some HTML
16. ?>
17. <!doctype html>
18. <html lang="en">
19. <meta charset="utf-8">
20. <title>I get yer passwords right here</title>
21. <body>
22. <?php
23.  
24. //----- Lookup password
25. if($_GET['id']) {
26.     $query = "select password,views from passwords where id=:id and xtime>datetime('now') and xviews>views";
27.     $params = array("id"=>$_GET['id']);
28.     $statement = $db->prepare($query);
29.     $statement->execute($params);
30.  
31.     $result = $statement->fetchAll();
32.     if(!$result[0]) {
33.         die("error");
34.     }
35.     $password = mcrypt_decrypt(
36.         MCRYPT_RIJNDAEL_256,
37.         $key,
38.         base64_decode($result[0]['password']),
39.         MCRYPT_MODE_ECB,
40.         mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND)
41.     );
42.  
43.     // Update the view counter before showing the password
44.     $query = "update passwords set views=views+1 where id=:id";
45.     $statement = $db->prepare($query);
46.     $statement->execute($params);
47.  
48.     print("Here's the password: " . $password);
49.  
50. //----- Save password
51. } else if($_POST['password']) {
52.  
53.     // Use whatever encryption you feel like. Or none.
54.     // I mean, if a hacker can get to this file and see $key, what does it
55.     // matter that you're going through this encryption step before putting
56.     // it into the database? You /could/ ask for a key from the user, but
57.     // then that complicates their usage....
58.     $encrypted = base64_encode(
59.         mcrypt_encrypt(
60.             MCRYPT_RIJNDAEL_256,
61.             $key,
62.             $_POST['password'],
63.             MCRYPT_MODE_ECB,
64.             mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND)
65.         )
66.     );
67.  
68.     $query = "insert into passwords(id,password,ctime,views,xtime,xviews)
69.                values
70.                (:id, :password, datetime('now'), 0, datetime('now',,:xtime), :xviews)";
71.     $params = array(
72.         "id"        => md5(uniqid()),
73.         "password"  => $encrypted,
74.         "xtime"     => "+" . (is_numeric($_POST['xtime']) ? $_POST['xtime'] : $xtime_default) . " days",
75.         "xviews"    => is_numeric($_POST['xviews']) ? $_POST['xviews'] : $xviews_default,
76.     );
77.  
78.     $url = sprintf("http://%s%s?id=%s", $_SERVER['HTTP_HOST'], $_SERVER['PHP_SELF'], $params['id']);
79.     $statement = $db->prepare($query);
80.     $statement->execute($params);
81.  
82.     print("Here's your URL: $url");
83.  
84. //----- Show form
85. } else {
86. ?>
87. <form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">
88. <p>Password: <input type="text" name="password" /></p>
89. <p>Expiry (in days, defaults to <?php echo $xtime_default ?>): <input type="text" name="days" /></p>
90. <p>Expiry (in number of views defaults to <?php echo $xviews_default ?>): <input type="text" name="views" /></p>
91. <p><input type="submit" value="Submit" /></p>
92. </form>
93.  
94. </form>
95.  
96. <?php
97. }
98. ?>
99. </body>
100. </html>