|Last Updated|| ||Ratings|| ||Unique User Downloads|| ||Download Rankings|
|2020-02-17 (1 month ago) ||Not enough user ratings||Total: 991 This week: 2||All time: 3,619 This week: 212|
This package implements chat box between users using encrypted messages.
They use a commonly agreed password to encrypt the messages using BlowFish before they are sent to the server via AJAX.
The server stores the encrypted messages in a MySQL database before they are delivered and decrypted to other chat users with the same password.
Prize: One ebook of choice by Packt
|When you want to implement a chat system between users of your application or site, there is always the concern that the messages may be viewed by people that manage the site, or even by spies and secret services because messages may have to be stored in the server before delivering them to the other users in the chat.
One way to avoid this problem is to implement end to end cryptography. This means that messages are encrypted before sent from the origin user and only decrypted by the destination users.
It uses a secret key that only the origin and destination users know about. This way messages may be securely stored on the server database to be able to deliver to the recipient later when he is not online, without the risk of a third party viewing the messages without knowing the secret password.
Lightweight end-to-end encrypted chatbox, with an emphasis on speed and minimalism.
Uses a previously agreed password with the recipient, avoiding any initial key exchange across a network.
- Lightweight (45kB).
- POST AJAX used (GET AJAX data would be recorded in server logs).
- SHA-256-hashed key.
- Blowfish cipher in CBC-mode (base64 display overlays binary-encrypted data).
- Messages stored encrypted in the database.
Clone the repository (or extract the ZIP archive) into a suitable directory in the server's web directory
sudo git clone https://github.com/Tinram/CChat.git
On Linux/BSD servers, set appropriate file ownership / permissions
e.g. for Debian-based distros, Apache is www-data:
sudo chown -R www-data:<your_user_name> CChat/
sudo chmod 664 install.php classes/cchat.class.php
- Edit the configuration section details in install.php (line 18 onwards): username, passwords, database, host etc.
- Edit the relevant constants in /classes/cchat.class.php (line 18 onwards) to conform to the credentials used in install.php
Run install.php through the server (which, if you have root MySQL access, should mean set-up is complete):
View CChat's index.php in a browser, which if install.php ran correctly, should display without connection errors to the server, and display init: test as the first message.
- Alter the timezone if required: index.php (line 5):
- message display
- your name
- your password (use a strong password, previously agreed, to share messages with a recipient)
- your message
The decrypt button will decrypt existing encrypted messages in field 1, if the correct password is present in field 2.
Enter your name in field 2, password in field 3, and a message in field 4, then click the chat button.
A page refresh (encrypted messages displayed) or the wrong password will result in gibberish displayed in field 1.
The AJAX polling is 6 seconds between server checks for new messages (change the
iCheckFreq variable (in microseconds) /js/cchat.js (line 17)).
The last hour's messages are displayed in field 1 (change the
MESSAGE_BUFFER constant /classes/cchat.class.php (line 24)).
Character Set Limitation
- Intermittent duplicate message bug (refresh page and it disappears): /js/cchat.js (line 294).
- Some intermittent line break character removal when using Linux and Windows browser clients together.
- Matthew of JS Classes for testing / revision suggestions.
- Karl, who asked me to create a 'shoutbox' in 2010.
- To God (I narrowly escaped death in 1992).
- To Sofia.
CChat is released under the GPL v.3.
Won a JS Classes Innovation Award (August 2016).
||Applications that use this package
No pages of applications that use this class were specified.
If you know an application of this package, send a message to the author to add a link here.