gPass

gPass Commit Details

Date:2020-02-26 16:00:24 (5 months 8 days ago)
Author:Grégory Soutadé
Branch:master
Commit:9d528aeaa02079d6dafd0b369678ec718a7b7308
Parents: 6f1e2a814d7454a10041ca32c3999319a5e50cd1
Message:Update server: * Check that $db variable is OK before processing database requests * Don't close $db before calling lastErrorMsg() * Add support for user & url parameters from gPass popup

Changes:
Mserver/_user (2 diffs)
Mserver/functions.php (3 diffs)
Mserver/index.php (5 diffs)
Mserver/resources/gpass.js (1 diff)

File differences

server/_user
11
22
3
3
44
55
66
......
6363
6464
6565
66
67
68
69
7066
7167
7268
7369
74
70
7571
76
77
78
79
80
72
73
74
8175
82
83
84
76
77
78
79
80
81
82
83
84
85
8586
86
8787
88
88
89
8990
9091
9192
92
93
<?php
/*
Copyright (C) 2013-2015 Grégory Soutadé
Copyright (C) 2013-2020 Grégory Soutadé
This file is part of gPass.
$db = load_database();
$res = "";
$statement = $db->prepare("SELECT password FROM gpass WHERE login=:login");
echo "protocol=gpass-$PROTOCOL_VERSION\n";
if ($PBKDF2_LEVEL != 1000)
echo "pbkdf2_level=$PBKDF2_LEVEL\n";
for ($i=0; $i<$MAX_PASSWORDS_PER_REQUEST && isset($_POST["k$i"]); $i++)
if ($db)
{
$statement->bindValue(":login", addslashes($_POST["k$i"]));
$result = $statement->execute();
$row = $result->fetchArray(SQLITE3_ASSOC);
$result->finalize();
if (isset($row["password"]))
$statement = $db->prepare("SELECT password FROM gpass WHERE login=:login");
for ($i=0; $i<$MAX_PASSWORDS_PER_REQUEST && isset($_POST["k$i"]); $i++)
{
echo "matched_key=" . $i . "\n";
echo "pass=" . $row["password"] . "\n";
break;
$statement->bindValue(":login", addslashes($_POST["k$i"]));
$result = $statement->execute();
$row = $result->fetchArray(SQLITE3_ASSOC);
$result->finalize();
if (isset($row["password"]))
{
echo "matched_key=" . $i . "\n";
echo "pass=" . $row["password"] . "\n";
break;
}
}
}
$statement->close();
$statement->close();
}
echo "<end>";
?>
?>
server/functions.php
11
22
3
3
44
55
66
......
241241
242242
243243
244
245244
246245
247246
248247
249
248
250249
251250
252251
253252
254
253
255254
255
256
257
258
256259
257260
258261
......
329332
330333
331334
332
335
<?php
/*
Copyright (C) 2013-2017 Grégory Soutadé
Copyright (C) 2013-2019 Grégory Soutadé
This file is part of gPass.
}
$result = $db->exec("DELETE FROM gpass WHERE login='" . $login . "'");
$db->close();
if (!$result)
{
echo "Error " . $db->lastErrorMsg();
return false;
$ret = false;
}
else
{
echo "OK";
return true;
$ret = true;
}
$db->close();
return $ret;
}
function update_entry($user, $mkey, $old_login, $url, $login, $password, $shadow_login, $salt, $old_access_token, $new_access_token)
$db->close();
}
?>
?>
server/index.php
11
22
33
4
4
55
6
6
77
88
99
1010
11
11
1212
1313
1414
1515
16
16
1717
1818
1919
......
5050
5151
5252
53
53
5454
5555
5656
......
6161
6262
6363
64
64
6565
6666
6767
......
6969
7070
7171
72
72
7373
7474
7575
......
158158
159159
160160
161
162
161
162
163163
164164
165165
<?php
/*
Copyright (C) 2013-2017 Grégory Soutadé
This file is part of gPass.
gPass is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
gPass is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with gPass. If not, see <http://www.gnu.org/licenses/>.
*/
if (isset($_POST['get_passwords']) && isset($_POST['user']))
return list_entries($user);
if (isset($_POST['add_entry']) && isset($_POST['user']) &&
if (isset($_POST['add_entry']) && isset($_POST['user']) &&
isset($_POST['login']) && isset($_POST['password']) &&
isset($_POST['shadow_login']) && isset($_POST['salt']) &&
isset($_POST['access_token']) )
$salt,
$access_token);
if (isset($_POST['delete_entry']) && isset($_POST['user']) &&
if (isset($_POST['delete_entry']) && isset($_POST['user']) &&
isset($_POST['login']) && isset($_POST['access_token']))
return delete_entry($user,
$login,
}
?>
<!DOCTYPE html>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" >
{
echo "<b>Add a new password</b><br/>\n";
echo 'URL <input type="text" name="url"/>';
echo 'login <input type="text" name="login" />';
echo 'URL <input type="text" name="url" value="' . (filter_input(INPUT_GET, "url", FILTER_SANITIZE_SPECIAL_CHARS) ?: "") . '"/>';
echo 'login <input type="text" name="login" value="' . (filter_input(INPUT_GET, "user", FILTER_SANITIZE_SPECIAL_CHARS) ?: "") . '"/>';
echo 'password <input id="new_password" type="text" name="password"/>';
echo 'master key <input type="text" name="mkey" onkeypress="if (event.keyCode == 13) add_password();" onkeyup="chkPass(this.value);"/>';
echo '<input type="button" value="Generate password" onClick="generate_password();"/>';
server/resources/gpass.js
145145
146146
147147
148
148
149149
150150
151151
var current_mkey = "";
var clearTimer = null;
var global_iv = null;
var server_url = document.documentURI;
var server_url = window.location.href.split('?')[0];
function PasswordEntry (ciphered_login, ciphered_password, salt, shadow_login) {
this.ciphered_login = ciphered_login;

Archive Download the corresponding diff file