public function account_POST(Request $request)
{
//login check
if (!UserService::isLoggedIn()) {
return ['status' => 302, 'location' => '#login'];
}
return CryptoService::loadPage($request, 'user.account');
}
/**
* @param Request $request
* @param $pageName
* @return array
*
* fancy function to capture all the ajax calls.....
*/
public function pageLoad_AJAX(Request $request, $pageName)
{
//todo: checks
//$input = $request->all();
//$input = $input['pageName'];
//return the
$page = str_replace('-', '.', $pageName);
return CryptoService::loadPage($request, $page);
}
public function register_POST(Request $request)
{
return CryptoService::loadPage($request, 'register');
}
/**
* @param Request $request
* @param $messageID
* @return array|string
*
* returns the encrypted page and message data, or the password box if encrypted
* then loaded again to retreive the encrypted message
*/
public function message_POST(Request $request, $messageID)
{
//this gets triggered if a user as attempted a password check
if ($request->has('human')) {
//attempt to find message
$lookup = DB::select("SELECT message, messageType, passwordHash FROM t_drop WHERE dropID = :id", ['id' => $messageID]);
if ($lookup == null) {
//does not exit
return ['status' => 302, 'location' => '#drop'];
} else {
$message = $lookup[0]->message;
$messageType = $lookup[0]->messageType;
//flash message to session (this is still not sent to the client in plaintext)
Session::flash('encMessage', $message);
Session::flash('encMessageType', $messageType);
//now delete the message from the server
DB::delete('DELETE FROM t_drop WHERE dropID = :id', ['id' => $messageID]);
//load regular message page
return CryptoService::loadPage($request, 'drop.message', (int) $messageType);
}
}
if ($request->has('hash')) {
$input = $request->all();
$serverAES = Session::get('serverAES');
$passwordHash = CryptoService::decryptAES($input['hash'], $serverAES);
$lookup = DB::select("SELECT message, messageType FROM t_drop WHERE dropID = :id AND passwordHash = :hash", ['hash' => $passwordHash, 'id' => $messageID]);
if ($lookup == null) {
//does not exit
return ['status' => 302, 'location' => '#drop'];
} else {
$message = $lookup[0]->message;
$messageType = $lookup[0]->messageType;
//flash message to session (this is still not sent to the client in plaintext)
Session::flash('encMessage', $message);
Session::flash('encMessageType', $messageType);
//now delete the message from the server
DB::delete('DELETE FROM t_drop WHERE dropID = :id', ['id' => $messageID]);
//load the encrypted message
return CryptoService::loadPage($request, 'drop.message', (int) $messageType);
}
} else {
//attempt to find message
$lookup = DB::select("SELECT message, messageType, passwordHash FROM t_drop WHERE dropID = :id", ['id' => $messageID]);
if ($lookup == null) {
//does not exit
return ['status' => 302, 'location' => '#drop'];
} else {
$message = $lookup[0]->message;
$messageType = $lookup[0]->messageType;
$password = $lookup[0]->passwordHash;
if ($password != null) {
//load page with more fancy javascript
return CryptoService::loadPage($request, 'drop.password');
} else {
//simple "human check"
return CryptoService::loadPage($request, 'drop.view', (int) $messageType);
}
}
}
}
