PHP Classes
elePHPant
Icontem

PHP Secure Chat: Chat box between users using encrypted messages

Recommend this page to a friend!
  Info   View files Example   View files View files (10)   DownloadInstall with Composer Download .zip   Reputation   Support forum   Blog    
Last Updated Ratings Unique User Downloads Download Rankings
2017-03-04 (21 days ago) RSS 2.0 feedNot enough user ratingsTotal: 544 This week: 9All time: 5,303 This week: 93Up
Version License PHP version Categories
cchat 1.0.1GNU General Publi...5PHP 5, Cryptography
Description Author

This package implements chat box between users using encrypted messages.

It can output HTML and JavaScript to implement a chat box between users.

They use a commonly agreed password to encrypt the messages using BlowFish before they are sent to the server via AJAX.

The server stores the encrypted messages in a MySQL database before they are delivered and decrypted to other chat users with the same password.

Innovation Award
PHP Programming Innovation award nominee
January 2017
Number 12
When you want to implement a chat system between users of your application or site, there is always the concern that the messages may be viewed by people that manage the site, or even by spies and secret services because messages may have to be stored in the server before delivering them to the other users in the chat.

One way to avoid this problem is to implement end to end cryptography. This means that messages are encrypted before sent from the origin user and only decrypted by the destination users.

This package provides a solution to implement such approach in PHP. It uses some JavaScript to encrypt messages before sending from the origin user browser using the Blowfish algorithm.

It uses a secret key that only the origin and destination users know about. This way messages may be securely stored on the server database to be able to deliver to the recipient later when he is not online, without the risk of a third party viewing the messages without knowing the secret password.

Manuel Lemos
  Performance   Level  
Name: Martin Latter is available for providing paid consulting. Contact Martin Latter .
Classes: 5 packages by
Country: United Kingdom United Kingdom
Age: ???
All time rank: 212594 in United Kingdom United Kingdom
Week rank: 86 Up3 in United Kingdom United Kingdom Up
Innovation award
Innovation award
Nominee: 3x

Details

CChat

Purpose

Lightweight end-to-end encrypted chatbox using JavaScript, PHP, and MySQLi, with an emphasis on speed and minimalism.

Password

Uses a previously agreed password with the recipient, avoiding any initial key exchange across a network.

Features

  • Lightweight (45kB).
  • All data encrypted by the browser's JavaScript.
  • POST AJAX used (GET AJAX data would be recorded in server logs).
  • Coded to PHP 5.3 and using legacy JavaScript event handlers for maximum server-client compatibility.

Encryption

  • SHA-256-hashed key.
  • Blowfish cipher in CBC-mode (base64 display overlays binary-encrypted data).
  • Messages stored encrypted in the database.

The Blowfish block cipher is simple, strong, and fast. Its speed is ideal for JavaScript implementation.

Set-up

  1. Configure /install.php (line 17) configuration section details: username, passwords, database etc.
  2. Configure /classes/cchat.class.php (line 18) constants to be identical to those in /install.php
  3. Run /install.php through your server (which, if you have root MySQL access, should mean set-up is now complete and CChat's /index.php now displays in a browser without connection errors to the server).
  4. Alter the timezone if required: /index.php (line 5): date_default_timezone_set('Europe/London')

Operation

Fields:

  1. message display
  2. your name
  3. your password (use a strong password, previously agreed, to share messages with a recipient)
  4. your message

The decrypt button will decrypt existing encrypted messages in field 1, if the correct password is present in field 2.

Enter your name in field 2, password in field 3, and a message in field 4, then click the chat button.

A page refresh (encrypted messages displayed) or the wrong password will result in gibberish displayed in field 1.

Default Timings

The AJAX polling is 6 seconds between server checks for new messages (change the iCheckFreq variable /js/cchat.js (line 17)).

The last hour's messages are displayed in field 1 (change the MESSAGE_BUFFER constant /classes/cchat.class.php (line 24)).

Character Set Limitation

Unicode character encoding is unfortunately not possible with the present JavaScript Blowfish cipher encryption (the reason the database remains as latin1 encoding).

Known Bugs

  1. Intermittent duplicate message bug (refresh page and it disappears): /js/cchat.js (line 294).
  2. Some intermittent line break character removal when using Linux and Windows browser clients together.

Credits

  • Nils Reimers for the Blowfish cipher in JavaScript.
  • Angel Marin and Paul Johnston for the SHA-256 hash function in JavaScript.
  • Matthew of JS Classes for testing / revision suggestions.
  • Karl, who asked me to create a 'shoutbox' in 2010.

Dedications

  • To God (I narrowly escaped death in 1992).
  • To Sofia.

License

CChat is released under the GPL v.3.

Miscellaneous

alt

Won a JS Classes Innovation Award (August 2016).

  Files folder image Files  
File Role Description
Files folder imageclasses (1 file)
Files folder imagecss (1 file)
Files folder imageincludes (2 files)
Files folder imagejs (2 files)
Files folder imagesql (1 file)
Accessible without login Plain text file index.php Example Example script
Accessible without login Plain text file install.php Example Example script
Accessible without login Plain text file ReadMe.md Doc. Documentation

  Files folder image Files  /  classes  
File Role Description
  Plain text file cchat.class.php Class Class source

  Files folder image Files  /  css  
File Role Description
  Accessible without login Plain text file cchat.css Data Auxiliary data

  Files folder image Files  /  includes  
File Role Description
  Accessible without login Plain text file check.php Example Example script
  Accessible without login Plain text file update.php Example Example script

  Files folder image Files  /  js  
File Role Description
  Accessible without login Plain text file bf.js Data Auxiliary data
  Accessible without login Plain text file cchat.js Data Auxiliary data

  Files folder image Files  /  sql  
File Role Description
  Accessible without login Plain text file cchat.sql Data Auxiliary data

 Version Control Unique User Downloads Download Rankings  
 100%
Total:544
This week:9
All time:5,303
This week:93Up