chalec
/
ctrlv-privatebin
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added an optional password protection

This commit is contained in:
Hexalyse 2015-08-22 17:23:41 +02:00
parent d600ae7319
commit 3b537eda40
2 changed files with 185 additions and 156 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
js/zerobin.js
View File

@ -18,14 +18,26 @@ sjcl.random.startCollectors();
* @param int seconds * @param int seconds
* @return string * @return string
*/ */
function secondsToHuman(seconds) function secondsToHuman(seconds) {
{ if (seconds < 60) {
if (seconds<60) { var v=Math.floor(seconds); return v+' second'+((v>1)?'s':''); } var v = Math.floor(seconds);
if (seconds<60*60) { var v=Math.floor(seconds/60); return v+' minute'+((v>1)?'s':''); } return v + ' second' + ((v > 1) ? 's' : '');
if (seconds<60*60*24) { var v=Math.floor(seconds/(60*60)); return v+' hour'+((v>1)?'s':''); } }
if (seconds < 60 * 60) {
var v = Math.floor(seconds / 60);
return v + ' minute' + ((v > 1) ? 's' : '');
}
if (seconds < 60 * 60 * 24) {
var v = Math.floor(seconds / (60 * 60));
return v + ' hour' + ((v > 1) ? 's' : '');
}
// If less than 2 months, display in days: // If less than 2 months, display in days:
if (seconds<60*60*24*60) { var v=Math.floor(seconds/(60*60*24)); return v+' day'+((v>1)?'s':''); } if (seconds < 60 * 60 * 24 * 60) {
var v=Math.floor(seconds/(60*60*24*30)); return v+' month'+((v>1)?'s':''); var v = Math.floor(seconds / (60 * 60 * 24));
return v + ' day' + ((v > 1) ? 's' : '');
}
var v = Math.floor(seconds / (60 * 60 * 24 * 30));
return v + ' month' + ((v > 1) ? 's' : '');
} }
/** /**
@ -35,13 +47,10 @@ function secondsToHuman(seconds)
* @param object associative_array Object to be serialized * @param object associative_array Object to be serialized
* @return string * @return string
*/ */
function hashToParameterString(associativeArray) function hashToParameterString(associativeArray) {
{
var parameterString = "" var parameterString = ""
for (key in associativeArray) for (key in associativeArray) {
{ if (parameterString === "") {
if( parameterString === "" )
{
parameterString = encodeURIComponent(key); parameterString = encodeURIComponent(key);
parameterString += "=" + encodeURIComponent(associativeArray[key]); parameterString += "=" + encodeURIComponent(associativeArray[key]);
} else { } else {
@ -61,8 +70,7 @@ function hashToParameterString(associativeArray)
* @param string parameter_string String containing parameters * @param string parameter_string String containing parameters
* @return object * @return object
*/ */
function parameterStringToHash(parameterString) function parameterStringToHash(parameterString) {
{
var parameterHash = {}; var parameterHash = {};
var parameterArray = parameterString.split("&"); var parameterArray = parameterString.split("&");
for (var i = 0; i < parameterArray.length; i++) { for (var i = 0; i < parameterArray.length; i++) {
@ -81,8 +89,7 @@ function parameterStringToHash(parameterString)
* *
* @return object * @return object
**/ **/
function getParameterHash() function getParameterHash() {
{
var hashIndex = window.location.href.indexOf("#"); var hashIndex = window.location.href.indexOf("#");
if (hashIndex >= 0) { if (hashIndex >= 0) {
return parameterStringToHash(window.location.href.substring(hashIndex + 1)); return parameterStringToHash(window.location.href.substring(hashIndex + 1));
@ -98,14 +105,14 @@ function getParameterHash()
* @return base64 string data * @return base64 string data
*/ */
function compress(message) { function compress(message) {
return Base64.toBase64( RawDeflate.deflate( Base64.utob(message) ) ); return Base64.toBase64(RawDeflate.deflate(Base64.utob(message)));
} }
/** /**
* Decompress a message compressed with compress(). * Decompress a message compressed with compress().
*/ */
function decompress(data) { function decompress(data) {
return Base64.btou( RawDeflate.inflate( Base64.fromBase64(data) ) ); return Base64.btou(RawDeflate.inflate(Base64.fromBase64(data)));
} }
/** /**
@ -116,7 +123,10 @@ function decompress(data) {
* @return encrypted string data * @return encrypted string data
*/ */
function zeroCipher(key, message) { function zeroCipher(key, message) {
return sjcl.encrypt(key,compress(message)); if ($('input#password').val().length == 0) {
return sjcl.encrypt(key, compress(message));
}
return sjcl.encrypt(key + sjcl.codec.hex.fromBits(sjcl.hash.sha256.hash($("input#password").val())), compress(message));
} }
/** /**
@ -127,7 +137,14 @@ function zeroCipher(key, message) {
* @return string readable message * @return string readable message
*/ */
function zeroDecipher(key, data) { function zeroDecipher(key, data) {
return decompress(sjcl.decrypt(key,data)); if (data != undefined) {
try {
return decompress(sjcl.decrypt(key, data));
} catch (err) {
var password = prompt("Please enter the password for this paste.", "");
return decompress(sjcl.decrypt(key + sjcl.codec.hex.fromBits(sjcl.hash.sha256.hash(password)), data));
}
}
} }
/** /**
@ -135,7 +152,7 @@ function zeroDecipher(key, data) {
* eg. http://server.com/zero/?aaaa#bbbb --> http://server.com/zero/ * eg. http://server.com/zero/?aaaa#bbbb --> http://server.com/zero/
*/ */
function scriptLocation() { function scriptLocation() {
var scriptLocation = window.location.href.substring(0,window.location.href.length var scriptLocation = window.location.href.substring(0, window.location.href.length
- window.location.search.length - window.location.hash.length); - window.location.search.length - window.location.hash.length);
var hashIndex = scriptLocation.indexOf("#"); var hashIndex = scriptLocation.indexOf("#");
if (hashIndex !== -1) { if (hashIndex !== -1) {
@ -165,8 +182,8 @@ function setElementText(element, text) {
// For IE<10. // For IE<10.
if ($('div#oldienotice').is(":visible")) { if ($('div#oldienotice').is(":visible")) {
// IE<10 does not support white-space:pre-wrap; so we have to do this BIG UGLY STINKING THING. // IE<10 does not support white-space:pre-wrap; so we have to do this BIG UGLY STINKING THING.
var html = htmlEntities(text).replace(/\n/ig,"\r\n<br>"); var html = htmlEntities(text).replace(/\n/ig, "\r\n<br>");
element.html('<pre>'+html+'</pre>'); element.html('<pre>' + html + '</pre>');
} }
// for other (sane) browsers: // for other (sane) browsers:
else { else {
@ -183,7 +200,7 @@ function setElementText(element, text) {
function displayMessages(key, comments) { function displayMessages(key, comments) {
try { // Try to decrypt the paste. try { // Try to decrypt the paste.
var cleartext = zeroDecipher(key, comments[0].data); var cleartext = zeroDecipher(key, comments[0].data);
} catch(err) { } catch (err) {
$('div#cleartext').addClass('hidden'); $('div#cleartext').addClass('hidden');
$('div#prettymessage').addClass('hidden'); $('div#prettymessage').addClass('hidden');
$('button#clonebutton').addClass('hidden'); $('button#clonebutton').addClass('hidden');
@ -196,7 +213,7 @@ function displayMessages(key, comments) {
prettyPrint(); prettyPrint();
// Display paste expiration. // Display paste expiration.
if (comments[0].meta.expire_date) $('div#remainingtime').removeClass('foryoureyesonly').text('This document will expire in '+secondsToHuman(comments[0].meta.remaining_time)+'.').removeClass('hidden'); if (comments[0].meta.expire_date) $('div#remainingtime').removeClass('foryoureyesonly').text('This document will expire in ' + secondsToHuman(comments[0].meta.remaining_time) + '.').removeClass('hidden');
if (comments[0].meta.burnafterreading) { if (comments[0].meta.burnafterreading) {
$('div#remainingtime').addClass('foryoureyesonly').text('FOR YOUR EYES ONLY. Don\'t close this window, this message can\'t be displayed again.').removeClass('hidden'); $('div#remainingtime').addClass('foryoureyesonly').text('FOR YOUR EYES ONLY. Don\'t close this window, this message can\'t be displayed again.').removeClass('hidden');
$('button#clonebutton').addClass('hidden'); // Discourage cloning (as it can't really be prevented). $('button#clonebutton').addClass('hidden'); // Discourage cloning (as it can't really be prevented).
@ -207,20 +224,21 @@ function displayMessages(key, comments) {
$('div#comments').html(''); $('div#comments').html('');
// For each comment. // For each comment.
for (var i = 1; i < comments.length; i++) { for (var i = 1; i < comments.length; i++) {
var comment=comments[i]; var comment = comments[i];
var cleartext="[Could not decrypt comment ; Wrong key ?]"; var cleartext = "[Could not decrypt comment ; Wrong key ?]";
try { try {
cleartext = zeroDecipher(key, comment.data); cleartext = zeroDecipher(key, comment.data);
} catch(err) { } } catch (err) {
}
var place = $('div#comments'); var place = $('div#comments');
// If parent comment exists, display below (CSS will automatically shift it right.) // If parent comment exists, display below (CSS will automatically shift it right.)
var cname = 'div#comment_'+comment.meta.parentid var cname = 'div#comment_' + comment.meta.parentid
// If the element exists in page // If the element exists in page
if ($(cname).length) { if ($(cname).length) {
place = $(cname); place = $(cname);
} }
var divComment = $('<article><div class="comment" id="comment_' + comment.meta.commentid+'">' var divComment = $('<article><div class="comment" id="comment_' + comment.meta.commentid + '">'
+ '<div class="commentmeta"><span class="nickname"></span><span class="commentdate"></span></div><div class="commentdata"></div>' + '<div class="commentmeta"><span class="nickname"></span><span class="commentdate"></span></div><div class="commentdata"></div>'
+ '<button onclick="open_reply($(this),\'' + comment.meta.commentid + '\');return false;">Reply</button>' + '<button onclick="open_reply($(this),\'' + comment.meta.commentid + '\');return false;">Reply</button>'
+ '</div></article>'); + '</div></article>');
@ -232,8 +250,9 @@ function displayMessages(key, comments) {
// Try to get optional nickname: // Try to get optional nickname:
try { try {
divComment.find('span.nickname').text(zeroDecipher(key, comment.meta.nickname)); divComment.find('span.nickname').text(zeroDecipher(key, comment.meta.nickname));
} catch(err) { } } catch (err) {
divComment.find('span.commentdate').text(' ('+(new Date(comment.meta.postdate*1000).toString())+')').attr('title','CommentID: ' + comment.meta.commentid); }
divComment.find('span.commentdate').text(' (' + (new Date(comment.meta.postdate * 1000).toString()) + ')').attr('title', 'CommentID: ' + comment.meta.commentid);
// If an avatar is available, display it. // If an avatar is available, display it.
if (comment.meta.vizhash) { if (comment.meta.vizhash) {
@ -260,7 +279,7 @@ function open_reply(source, commentid) {
+ '<br /><button id="replybutton" onclick="send_comment(\'' + commentid + '\');return false;">Post comment</button>' + '<br /><button id="replybutton" onclick="send_comment(\'' + commentid + '\');return false;">Post comment</button>'
+ '<div id="replystatus"> </div>' + '<div id="replystatus"> </div>'
+ '</div>'); + '</div>');
$('input#nickname').focus(function() { $('input#nickname').focus(function () {
if ($(this).val() == $(this).attr('title')) { if ($(this).val() == $(this).attr('title')) {
$(this).val(''); $(this).val('');
} }
@ -274,34 +293,35 @@ function open_reply(source, commentid) {
*/ */
function send_comment(parentid) { function send_comment(parentid) {
// Do not send if no data. // Do not send if no data.
if ($('textarea#replymessage').val().length==0) { if ($('textarea#replymessage').val().length == 0) {
return; return;
} }
showStatus('Sending comment...', spin=true); showStatus('Sending comment...', spin = true);
var cipherdata = zeroCipher(pageKey(), $('textarea#replymessage').val()); var cipherdata = zeroCipher(pageKey(), $('textarea#replymessage').val());
var ciphernickname = ''; var ciphernickname = '';
var nick=$('input#nickname').val(); var nick = $('input#nickname').val();
if (nick != '' && nick != 'Optional nickname...') { if (nick != '' && nick != 'Optional nickname...') {
ciphernickname = zeroCipher(pageKey(), nick); ciphernickname = zeroCipher(pageKey(), nick);
} }
var data_to_send = { data:cipherdata, var data_to_send = {
data: cipherdata,
parentid: parentid, parentid: parentid,
pasteid: pasteID(), pasteid: pasteID(),
nickname: ciphernickname nickname: ciphernickname
}; };
$.post(scriptLocation(), data_to_send, 'json') $.post(scriptLocation(), data_to_send, 'json')
.error(function() { .error(function () {
showError('Comment could not be sent (server error or not responding).'); showError('Comment could not be sent (server error or not responding).');
}) })
.success(function(data) { .success(function (data) {
if (data.status == 0) { if (data.status == 0) {
showStatus('Comment posted.'); showStatus('Comment posted.');
location.reload(); location.reload();
} }
else if (data.status==1) { else if (data.status == 1) {
showError('Could not post comment: '+data.message); showError('Could not post comment: ' + data.message);
} }
else { else {
showError('Could not post comment.'); showError('Could not post comment.');
@ -320,27 +340,29 @@ function send_data() {
} }
// If sjcl has not collected enough entropy yet, display a message. // If sjcl has not collected enough entropy yet, display a message.
if (!sjcl.random.isReady()) if (!sjcl.random.isReady()) {
{ showStatus('Sending paste (Please move your mouse for more entropy)...', spin = true);
showStatus('Sending paste (Please move your mouse for more entropy)...', spin=true); sjcl.random.addEventListener('seeded', function () {
sjcl.random.addEventListener('seeded', function(){ send_data(); }); send_data();
});
return; return;
} }
showStatus('Sending paste...', spin=true); showStatus('Sending paste...', spin = true);
var randomkey = sjcl.codec.base64.fromBits(sjcl.random.randomWords(8, 0), 0); var randomkey = sjcl.codec.base64.fromBits(sjcl.random.randomWords(8, 0), 0);
var cipherdata = zeroCipher(randomkey, $('textarea#message').val()); var cipherdata = zeroCipher(randomkey, $('textarea#message').val());
var data_to_send = { data: cipherdata, var data_to_send = {
data: cipherdata,
expire: $('select#pasteExpiration').val(), expire: $('select#pasteExpiration').val(),
burnafterreading: $('input#burnafterreading').is(':checked') ? 1 : 0, burnafterreading: $('input#burnafterreading').is(':checked') ? 1 : 0,
opendiscussion: $('input#opendiscussion').is(':checked') ? 1 : 0 opendiscussion: $('input#opendiscussion').is(':checked') ? 1 : 0
}; };
$.post(scriptLocation(), data_to_send, 'json') $.post(scriptLocation(), data_to_send, 'json')
.error(function() { .error(function () {
showError('Data could not be sent (serveur error or not responding).'); showError('Data could not be sent (serveur error or not responding).');
}) })
.success(function(data) { .success(function (data) {
if (data.status == 0) { if (data.status == 0) {
stateExistingPaste(); stateExistingPaste();
var url = scriptLocation() + "?" + data.id + '#' + randomkey; var url = scriptLocation() + "?" + data.id + '#' + randomkey;
@ -358,8 +380,8 @@ function send_data() {
showStatus(''); showStatus('');
prettyPrint(); prettyPrint();
} }
else if (data.status==1) { else if (data.status == 1) {
showError('Could not create paste: '+data.message); showError('Could not create paste: ' + data.message);
} }
else { else {
showError('Could not create paste.'); showError('Could not create paste.');
@ -400,6 +422,7 @@ function stateNewPaste() {
$('div#remainingtime').addClass('hidden'); $('div#remainingtime').addClass('hidden');
$('div#burnafterreadingoption').removeClass('hidden'); $('div#burnafterreadingoption').removeClass('hidden');
$('div#opendisc').removeClass('hidden'); $('div#opendisc').removeClass('hidden');
$('#password').show();
$('button#newbutton').removeClass('hidden'); $('button#newbutton').removeClass('hidden');
$('div#pasteresult').addClass('hidden'); $('div#pasteresult').addClass('hidden');
$('textarea#message').text(''); $('textarea#message').text('');
@ -437,11 +460,10 @@ function stateExistingPaste() {
/** Return raw text /** Return raw text
*/ */
function rawText() function rawText() {
{
var paste = $('div#cleartext').html(); var paste = $('div#cleartext').html();
var newDoc = document.open('text/html', 'replace'); var newDoc = document.open('text/html', 'replace');
newDoc.write('<pre>'+paste+'</pre>'); newDoc.write('<pre>' + paste + '</pre>');
newDoc.close(); newDoc.close();
} }
@ -517,9 +539,9 @@ function showStatus(message, spin) {
*/ */
function urls2links(element) { function urls2links(element) {
var re = /((http|https|ftp):\/\/[\w?=&.\/-;#@~%+-]+(?![\w\s?&.\/;#~%"=-]*>))/ig; var re = /((http|https|ftp):\/\/[\w?=&.\/-;#@~%+-]+(?![\w\s?&.\/;#~%"=-]*>))/ig;
element.html(element.html().replace(re,'<a href="$1" rel="nofollow">$1</a>')); element.html(element.html().replace(re, '<a href="$1" rel="nofollow">$1</a>'));
var re = /((magnet):[\w?=&.\/-;#@~%+-]+)/ig; var re = /((magnet):[\w?=&.\/-;#@~%+-]+)/ig;
element.html(element.html().replace(re,'<a href="$1">$1</a>')); element.html(element.html().replace(re, '<a href="$1">$1</a>'));
} }
/** /**
@ -533,27 +555,33 @@ function pageKey() {
// We will strip any additional data. // We will strip any additional data.
// First, strip everything after the equal sign (=) which signals end of base64 string. // First, strip everything after the equal sign (=) which signals end of base64 string.
i = key.indexOf('='); if (i>-1) { key = key.substring(0,i+1); } i = key.indexOf('=');
if (i > -1) {
key = key.substring(0, i + 1);
}
// If the equal sign was not present, some parameters may remain: // If the equal sign was not present, some parameters may remain:
i = key.indexOf('&'); if (i>-1) { key = key.substring(0,i); } i = key.indexOf('&');
if (i > -1) {
key = key.substring(0, i);
}
// Then add trailing equal sign if it's missing // Then add trailing equal sign if it's missing
if (key.charAt(key.length-1)!=='=') key+='='; if (key.charAt(key.length - 1) !== '=') key += '=';
return key; return key;
} }
$(function() { $(function () {
// hide "no javascript" message // hide "no javascript" message
$('#noscript').hide(); $('#noscript').hide();
// If "burn after reading" is checked, disable discussion. // If "burn after reading" is checked, disable discussion.
$('input#burnafterreading').change(function() { $('input#burnafterreading').change(function () {
if ($(this).is(':checked') ) { if ($(this).is(':checked')) {
$('div#opendisc').addClass('buttondisabled'); $('div#opendisc').addClass('buttondisabled');
$('input#opendiscussion').attr({checked: false}); $('input#opendiscussion').attr({checked: false});
$('input#opendiscussion').attr('disabled',true); $('input#opendiscussion').attr('disabled', true);
} }
else { else {
$('div#opendisc').removeClass('buttondisabled'); $('div#opendisc').removeClass('buttondisabled');
@ -563,7 +591,7 @@ $(function() {
// Display status returned by php code if any (eg. Paste was properly deleted.) // Display status returned by php code if any (eg. Paste was properly deleted.)
if ($('div#status').text().length > 0) { if ($('div#status').text().length > 0) {
showStatus($('div#status').text(),false); showStatus($('div#status').text(), false);
return; return;
} }
@ -586,7 +614,7 @@ $(function() {
displayMessages(pageKey(), messages); displayMessages(pageKey(), messages);
} }
// Display error message from php code. // Display error message from php code.
else if ($('div#errormessage').text().length>1) { else if ($('div#errormessage').text().length > 1) {
showError($('div#errormessage').text()); showError($('div#errormessage').text());
} }
// Create a new paste. // Create a new paste.

1
tpl/page.html
View File

@ -65,6 +65,7 @@
<input type="checkbox" id="opendiscussion" name="opendiscussion" {if="!$OPENDISCUSSION"} disabled="disabled"{/if} /> <input type="checkbox" id="opendiscussion" name="opendiscussion" {if="!$OPENDISCUSSION"} disabled="disabled"{/if} />
<label for="opendiscussion">Open discussion</label> <label for="opendiscussion">Open discussion</label>
</div> </div>
<input id="password" placeholder="Optional password (recommended)" size="32" />
</div> </div>
<div id="pasteresult" class="hidden"> <div id="pasteresult" class="hidden">
<div id="deletelink"></div> <div id="deletelink"></div>