Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // Needs php-pdo, php-mcrypt at the least...
- //
- // Here's the schema:
- // create table passwords(id, password, ctime, xtime, views, xviews);
- //
- // Housecleaning needs to be done out-of-band (cron?) to delete expired things
- //
- #$db = new PDO("DSN", "USER", "PASSWORD"); if you want to use something other than sqlite...
- $db = new PDO("sqlite:/tmp/passwords");
- $key = "super sekrit"; // You should change this.
- $xtime_default = 7; // default days until expires
- $xviews_default = 2; // default # of views before it expires
- #
- # yeeeaaahhh, lets start by inlining some HTML
- ?>
- <!doctype html>
- <html lang="en">
- <meta charset="utf-8">
- <title>I get yer passwords right here</title>
- <body>
- <?php
- //----- Lookup password
- if($_GET['id']) {
- $query = "select password,views from passwords where id=:id and xtime>datetime('now') and xviews>views";
- $params = array("id"=>$_GET['id']);
- $statement = $db->prepare($query);
- $statement->execute($params);
- $result = $statement->fetchAll();
- if(!$result[0]) {
- die("error");
- }
- $password = mcrypt_decrypt(
- MCRYPT_RIJNDAEL_256,
- $key,
- base64_decode($result[0]['password']),
- MCRYPT_MODE_ECB,
- mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND)
- );
- // Update the view counter before showing the password
- $query = "update passwords set views=views+1 where id=:id";
- $statement = $db->prepare($query);
- $statement->execute($params);
- print("Here's the password: " . $password);
- //----- Save password
- } else if($_POST['password']) {
- // Use whatever encryption you feel like. Or none.
- // I mean, if a hacker can get to this file and see $key, what does it
- // matter that you're going through this encryption step before putting
- // it into the database? You /could/ ask for a key from the user, but
- // then that complicates their usage....
- $encrypted = base64_encode(
- mcrypt_encrypt(
- MCRYPT_RIJNDAEL_256,
- $key,
- $_POST['password'],
- MCRYPT_MODE_ECB,
- mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND)
- )
- );
- $query = "insert into passwords(id,password,ctime,views,xtime,xviews)
- values
- (:id, :password, datetime('now'), 0, datetime('now',,:xtime), :xviews)";
- $params = array(
- "id" => md5(uniqid()),
- "password" => $encrypted,
- "xtime" => "+" . (is_numeric($_POST['xtime']) ? $_POST['xtime'] : $xtime_default) . " days",
- "xviews" => is_numeric($_POST['xviews']) ? $_POST['xviews'] : $xviews_default,
- );
- $url = sprintf("http://%s%s?id=%s", $_SERVER['HTTP_HOST'], $_SERVER['PHP_SELF'], $params['id']);
- $statement = $db->prepare($query);
- $statement->execute($params);
- print("Here's your URL: $url");
- //----- Show form
- } else {
- ?>
- <form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">
- <p>Password: <input type="text" name="password" /></p>
- <p>Expiry (in days, defaults to <?php echo $xtime_default ?>): <input type="text" name="days" /></p>
- <p>Expiry (in number of views defaults to <?php echo $xviews_default ?>): <input type="text" name="views" /></p>
- <p><input type="submit" value="Submit" /></p>
- </form>
- </form>
- <?php
- }
- ?>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement