first commit

2025-07-27 15:36:11 +00:00 · 2025-06-16 00:12:10 +03:00 · 2025-06-16 00:12:10 +03:00 · 7d1a184952
commit 7d1a184952
5 changed files with 261 additions and 0 deletions
--- a/configs/apache.conf
+++ b/configs/apache.conf
@ -0,0 +1,13 @@
+<VirtualHost *:80>
+    ServerName messenger.local
+    DocumentRoot /var/www/html/main
+    
+    <Directory /var/www/html/main>
+        Options Indexes FollowSymLinks
+        AllowOverride All
+        Require all granted
+    </Directory>
+    
+    ErrorLog ${APACHE_LOG_DIR}/error.log
+    CustomLog ${APACHE_LOG_DIR}/access.log combined
+</VirtualHost> 
--- a/main/api.php
+++ b/main/api.php
@ -0,0 +1,39 @@
+<?php
+header('Content-Type: application/json');
+header('X-Content-Type-Options: nosniff');
+header('X-Frame-Options: DENY');
+header('X-XSS-Protection: 1; mode=block');
+header('Content-Security-Policy: default-src \'self\'');
+
+$db = new PDO('mysql:host=localhost;dbname=messenger', 'root', '');
+$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+
+if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
+    http_response_code(405);
+    die(json_encode(['error' => 'Method not allowed']));
+}
+
+$input = json_decode(file_get_contents('php://input'), true);
+if (!$input) {
+    http_response_code(400);
+    die(json_encode(['error' => 'Invalid JSON']));
+}
+
+$username = filter_var($input['username'] ?? '', FILTER_SANITIZE_STRING);
+$message = $input['message'] ?? '';
+$signature = $input['signature'] ?? '';
+$is_encrypted = !empty($input['encrypted']);
+
+if (!$username || !$message) {
+    http_response_code(400);
+    die(json_encode(['error' => 'Missing required fields']));
+}
+
+try {
+    $stmt = $db->prepare('INSERT INTO messages (username, message, signature, is_encrypted) VALUES (?, ?, ?, ?)');
+    $stmt->execute([$username, $message, $signature, $is_encrypted]);
+    echo json_encode(['success' => true]);
+} catch (Exception $e) {
+    http_response_code(500);
+    echo json_encode(['error' => 'Server error']);
+} 
--- a/main/db.sql
+++ b/main/db.sql
@ -0,0 +1,22 @@
+CREATE TABLE messages (
+    id INT AUTO_INCREMENT PRIMARY KEY,
+    username VARCHAR(50) NOT NULL,
+    message TEXT NOT NULL,
+    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+    signature TEXT,
+    is_encrypted BOOLEAN DEFAULT FALSE
+);
+
+CREATE TABLE users (
+    id INT AUTO_INCREMENT PRIMARY KEY,
+    username VARCHAR(50) NOT NULL UNIQUE,
+    password VARCHAR(255) NOT NULL,
+    pgp_key TEXT,
+    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+);
+
+CREATE TABLE registrations (
+    id INT AUTO_INCREMENT PRIMARY KEY,
+    ip VARCHAR(45) NOT NULL,
+    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+); 
--- a/main/index.php
+++ b/main/index.php
@ -0,0 +1,102 @@
+<?php
+header('X-Content-Type-Options: nosniff');
+header('X-Frame-Options: DENY');
+header('X-XSS-Protection: 1; mode=block');
+header('Content-Security-Policy: default-src \'self\'');
+
+$db = new PDO('mysql:host=localhost;dbname=messenger', 'root', '');
+$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    $username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
+    $message = filter_input(INPUT_POST, 'message', FILTER_SANITIZE_STRING);
+    $signature = $_POST['signature'] ?? '';
+    $is_encrypted = isset($_POST['encrypted']);
+    
+    if ($username && $message) {
+        $stmt = $db->prepare('INSERT INTO messages (username, message, signature, is_encrypted) VALUES (?, ?, ?, ?)');
+        $stmt->execute([$username, $message, $signature, $is_encrypted]);
+    }
+    header('Location: ' . $_SERVER['PHP_SELF']);
+    exit;
+}
+
+$stmt = $db->query('SELECT * FROM messages ORDER BY created_at DESC LIMIT 50');
+$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
+?>
+<!DOCTYPE html>
+<html>
+<head>
+    <meta charset="utf-8">
+    <title>Text0Nly</title>
+    <style>
+        body { font-family: Arial, sans-serif; max-width: 800px; margin: 0 auto; padding: 20px; }
+        .message { margin: 10px 0; padding: 10px; border: 1px solid #ddd; border-radius: 5px; }
+        .username { font-weight: bold; color: #2196F3; }
+        .time { color: #666; font-size: 0.8em; }
+        .encrypted { color: #4CAF50; }
+        .signature { color: #FF9800; font-size: 0.8em; }
+        form { margin: 20px 0; }
+        textarea { width: 100%; height: 100px; margin: 10px 0; }
+        input[type="text"] { width: 200px; }
+        .register-link { position: fixed; top: 20px; right: 20px; }
+        .api-info { margin: 20px 0; padding: 10px; background: #f5f5f5; border-radius: 5px; }
+    </style>
+</head>
+<body>
+    <div class="register-link">
+        <a href="register.php">Register</a>
+    </div>
+    
+    <h1>Text0Nly</h1>
+    
+    <div class="api-info">
+        <h3>Message API:</h3>
+        <pre>curl -X POST http://localhost/api.php -H "Content-Type: application/json" -d '{
+    "username": "name",
+    "message": "text",
+    "signature": "pgp_signature",
+    "encrypted": true
+}'</pre>
+    </div>
+    
+    <form method="post">
+        <input type="text" name="username" placeholder="Your username" required maxlength="50">
+        <textarea name="message" placeholder="Your message" required></textarea>
+        <textarea name="signature" placeholder="PGP signature (optional)"></textarea>
+        <div>
+            <input type="checkbox" name="encrypted" id="encrypted">
+            <label for="encrypted">Message is encrypted</label>
+        </div>
+        <button type="submit">Send</button>
+    </form>
+
+    <div id="messages">
+        <?php foreach ($messages as $msg): ?>
+            <div class="message">
+                <span class="username"><?= htmlspecialchars($msg['username']) ?>:</span>
+                <div><?= nl2br(htmlspecialchars($msg['message'])) ?></div>
+                <?php if ($msg['is_encrypted']): ?>
+                    <span class="encrypted">[Encrypted]</span>
+                <?php endif; ?>
+                <?php if ($msg['signature']): ?>
+                    <div class="signature">Signature: <?= htmlspecialchars($msg['signature']) ?></div>
+                <?php endif; ?>
+                <span class="time"><?= $msg['created_at'] ?></span>
+            </div>
+        <?php endforeach; ?>
+    </div>
+
+    <script>
+        setInterval(() => {
+            fetch(window.location.href)
+                .then(response => response.text())
+                .then(html => {
+                    const parser = new DOMParser();
+                    const doc = parser.parseFromString(html, 'text/html');
+                    document.getElementById('messages').innerHTML = doc.getElementById('messages').innerHTML;
+                });
+        }, 5000);
+    </script>
+</body>
+</html> 
--- a/main/register.php
+++ b/main/register.php
@ -0,0 +1,85 @@
+<?php
+session_start();
+header('X-Content-Type-Options: nosniff');
+header('X-Frame-Options: DENY');
+header('X-XSS-Protection: 1; mode=block');
+header('Content-Security-Policy: default-src \'self\'');
+
+$db = new PDO('mysql:host=localhost;dbname=messenger', 'root', '');
+$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+
+$error = '';
+$success = '';
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    $username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
+    $password = $_POST['password'] ?? '';
+    $pgp_key = $_POST['pgp_key'] ?? '';
+    $ip = $_SERVER['REMOTE_ADDR'];
+
+    if ($username && $password) {
+        if (strlen($username) > 50 || strlen($password) < 8) {
+            $error = 'Invalid data';
+        } else {
+            $stmt = $db->prepare('SELECT COUNT(*) FROM registrations WHERE ip = ? AND created_at > DATE_SUB(NOW(), INTERVAL 1 HOUR)');
+            $stmt->execute([$ip]);
+            $count = $stmt->fetchColumn();
+
+            if ($count >= 5) {
+                $error = 'Registration limit exceeded for your IP';
+            } else {
+                try {
+                    $stmt = $db->prepare('INSERT INTO users (username, password, pgp_key) VALUES (?, ?, ?)');
+                    $stmt->execute([$username, password_hash($password, PASSWORD_DEFAULT), $pgp_key]);
+                    
+                    $stmt = $db->prepare('INSERT INTO registrations (ip) VALUES (?)');
+                    $stmt->execute([$ip]);
+                    
+                    $success = 'Registration successful';
+                } catch (PDOException $e) {
+                    $error = 'Username already exists';
+                }
+            }
+        }
+    }
+}
+?>
+<!DOCTYPE html>
+<html>
+<head>
+    <meta charset="utf-8">
+    <title>Text0Nly - Registration</title>
+    <style>
+        body { font-family: Arial, sans-serif; max-width: 400px; margin: 20px auto; padding: 20px; }
+        .form-group { margin: 10px 0; }
+        input, textarea { width: 100%; padding: 8px; margin: 5px 0; }
+        textarea { height: 100px; }
+        button { width: 100%; padding: 10px; background: #2196F3; color: white; border: none; cursor: pointer; }
+        .error { color: red; }
+        .success { color: green; }
+    </style>
+</head>
+<body>
+    <h2>Registration</h2>
+    <?php if ($error): ?>
+        <div class="error"><?= htmlspecialchars($error) ?></div>
+    <?php endif; ?>
+    <?php if ($success): ?>
+        <div class="success"><?= htmlspecialchars($success) ?></div>
+    <?php endif; ?>
+    
+    <form method="post">
+        <div class="form-group">
+            <input type="text" name="username" placeholder="Username" required maxlength="50">
+        </div>
+        <div class="form-group">
+            <input type="password" name="password" placeholder="Password (min 8 characters)" required minlength="8">
+        </div>
+        <div class="form-group">
+            <textarea name="pgp_key" placeholder="PGP key (optional)"></textarea>
+        </div>
+        <button type="submit">Register</button>
+    </form>
+    <p><a href="index.php">Back to chat</a></p>
+</body>
+</html>