commented code

Author: cstringer17

pages/sodiumtest.php

@@ -1,14 +1,17 @@
 <?php
-
+//Generates cryptographically secure pseudo-random KEY from sodium library
 $key = random_bytes(SODIUM_CRYPTO_SECRETBOX_KEYBYTES);
+//Generates cryptographically secure pseudo-random nonce from sodium library
 $nonce = random_bytes(SODIUM_CRYPTO_SECRETBOX_NONCEBYTES);
+//Authenticated secret-key encryption
 $ciphertext = sodium_crypto_secretbox("password", $nonce, $key);
+//Encode into 64
 $encoded = base64_encode($nonce . $ciphertext);
 
 echo $encoded . "<br>";
 echo $key . "<br>";
 
-
+//Decode ciphertext from base64 to plain string
 $decoded = base64_decode($encoded);
 $nonce = mb_substr($decoded, 0, SODIUM_CRYPTO_SECRETBOX_NONCEBYTES, '8bit');
 $ciphertext = mb_substr($decoded, SODIUM_CRYPTO_SECRETBOX_NONCEBYTES, null, '8bit');

pages/upload.php

@@ -6,7 +6,7 @@
 
 session_start();
 require_once "config.php";
-// Check if image file is a actual image or fake image
+// Check if image file is a actual image
 if (isset($_POST["submit"])) {
   $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
   if ($check !== false) {
@@ -46,9 +46,6 @@
 } else {
   if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
     //Write $target_file to db
-
-
-
     //Prepare sql statement
     $sql = "UPDATE users SET profilepicture = ? WHERE id = ?";
 

pages/uploadPassword.php

@@ -5,17 +5,21 @@
 
 
     require_once "config.php";
-    //data to enter
 
+    //SQL Statement
     $sql = "INSERT INTO passwordentrys (name, password, url, userid, username,keyy) VALUES (?, ?, ?, ? ,?,?)";
 
+    //Initialiaze validation variables
     $validation = true;
     $validationErrorText = "";
 
+    //Prepare statement
     if ($stmt = $mysqli->prepare($sql)) {
         // Bind variables to the prepared statement as parameters
         $stmt->bind_param("ssssss", $param_name, $param_password, $param_url, $param_userid, $param_username, $param_keyy);
 
+
+        //Validate Data for length
         if (strlen($_POST["name"]) >= 45) {
             $validation = false;
             $validationErrorText .= "The name cannot be longer than 45 characters <br>";
@@ -33,6 +37,7 @@
             $validationErrorText .= "The username cannot be longer than 45 characters <br>";
         }
 
+        //Validate data for isset
         if (!(isset($_POST["name"]) && isset($_POST["password"]) && isset($_POST["url"]) && isset($_POST["username"]))) {
             $validation = false;
             $validationErrorText .= "Please make sure all fields are filled out! <br>";
@@ -44,7 +49,7 @@
         $ciphertext = sodium_crypto_secretbox($_POST["password"], $nonce, $key);
         $encoded = base64_encode($nonce . $ciphertext);
 
-
+        //If validation passed then set parameters and execute 
         if ($validation) {
             // Set parameters
             $param_name =  htmlentities($_POST["name"]);
@@ -55,7 +60,7 @@
             $param_username = htmlentities($_POST["username"]);
 
 
-            // Attempt to execute the prepared statement
+            // Attempt to execute the prepared statement and redirect if successful
             if ($stmt->execute()) {
                 header("location: passwordmanager.php");
             } else {
@@ -99,6 +104,10 @@
     <br>
     <br>
 
+    <!--
+        Form to upload password
+        includes client-side validation
+     -->
     <form action="uploadPassword.php" method="post" enctype="multipart/form-data">
         <div class="container">
             <div class="row">