Fetching latest commit…
Cannot retrieve the latest commit at this time.
|Failed to load latest commit information.|
============= ABOUT ============= HTML-Form submission code and DB scheme for storing petition data in a secure way Basically the idea is to encrypt submitted e-mails asymetrically, so your e-mail list cannot be stolen and your supporters e-mails and personal data are protected ============= LICENSE ============= The provided software is covered unter the following License: GNU Affero General Public License, version 3 http://www.gnu.org/licenses/agpl-3.0.html additionally, your are required to contact me and tell me if this stuff was actually useful to someone ;-> ============================ Required PHP Features ============================ * PHP version >= 5.2 * openssl * mcrypt * filter * PECL: pecl-html ============= SETUP ============= !!! KEEP THE CONTENTS INSIDE "./offline/" ON A SEPARATE MACHINE !!! (except the public key "./petition-data.pub", of course) On the secure offline machine: 1. generate a public an private key eg: php generate_keypair.php 2. keep the private key safe 3. edit ./offline/config.php for later On the online machine: 1. make sure you have PHP >= 5.2 and above extensions installed 2. put the php files (everything NOT in directory ./offline/) wherever you can best integrate them into your existing file structure 3. create a form like example_form (in your static html files/wiki/CMS) that submits to submit.php (submit.php may be renamed) 4. copy your public key e.g. "/petition-data.pub" to your online machine 5. Create a database for the petition data eg: mysql <<< "CREATE DATABASE petition" mysql petition < petition.sql mysql <<< "GRANT INSERT,UPDATE on petition.entry to submitformuser@localhost identified by '<password>' " 6. edit config.php and place it in the same dir as submit.php and verify_email.php 7. check that all file and URI paths are correct in config.php 8a. create all missing .html files configured in config.php 8b. OR: modify skeleton file "submit.php" to suit your needs i.e. display more fine grained success or error messages. ======================= DECRYPTING DATA ======================= On the secure offline machine: 1. Install a copy of the online database on your offline machine OR make sure you have remote access to your online machine (from your offline machine, yes, haha) 2. if not done already, edit ./offline/config.php make sure your db user has CREATE and INSERT permissions 3. run "php decrypt.php" ========== TODO ========== * write ajax submit2.php which produces informative error message if required fields empty (like: which?) or accidental resubmit * think of something so database structure need only be changed in one place instead of ~10