htmlform submission code and DB scheme for storing petition data in a secure way
PHP
Switch branches/tags
Nothing to show
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
offline
README
captcha.php
config.php
encrypt.php
example_form.html
petition.sql
stats.php
submit.php
verify_email.php

README

=============
    ABOUT
=============

HTML-Form submission code and DB scheme for storing petition data in a secure way

Basically the idea is to encrypt submitted e-mails asymetrically, so your e-mail list cannot be stolen and your supporters e-mails and personal data are protected

=============
   LICENSE
=============

The provided software is covered unter the following License:

GNU Affero General Public License, version 3
http://www.gnu.org/licenses/agpl-3.0.html

additionally, your are required to contact me and tell me if
this stuff was actually useful to someone ;->

============================
   Required PHP Features
============================

* PHP version >= 5.2
* openssl
* mcrypt
* filter
* PECL: pecl-html

=============
    SETUP
=============

!!! KEEP THE CONTENTS INSIDE "./offline/" ON A SEPARATE MACHINE !!!
    (except the public key "./petition-data.pub", of course)


On the secure offline machine:
1. generate a public an private key
  eg:
    php generate_keypair.php
2. keep the private key safe
3. edit ./offline/config.php for later

On the online machine:
1. make sure you have PHP >= 5.2 and above extensions installed
2. put the php files (everything NOT in directory ./offline/) wherever you can best integrate them into your existing file structure
3. create a form like example_form (in your static html files/wiki/CMS) that submits to submit.php
   (submit.php may be renamed)
4. copy your public key e.g. "/petition-data.pub" to your online machine
5. Create a database for the petition data
  eg:
    mysql <<< "CREATE DATABASE petition"
    mysql petition < petition.sql
    mysql <<< "GRANT INSERT,UPDATE on petition.entry to submitformuser@localhost identified by '<password>' "
6. edit config.php and place it in the same dir as submit.php and verify_email.php
7. check that all file and URI paths are correct in config.php
8a. create all missing .html files configured in config.php
8b. OR: modify skeleton file "submit.php" to suit your needs
    i.e. display more fine grained success or error messages.
    

=======================
    DECRYPTING DATA
=======================

On the secure offline machine:
1. Install a copy of the online database on your offline machine
    OR make sure you have remote access to your online machine (from your offline machine, yes, haha)
2. if not done already, edit ./offline/config.php
    make sure your db user has CREATE and INSERT permissions
3. run "php decrypt.php"

==========
   TODO
==========

* write ajax submit2.php which produces informative error message if required fields empty (like: which?) or accidental resubmit
* think of something so database structure need only be changed in one place instead of ~10