zeruniverse / password-manager Goto Github PK
View Code? Open in Web Editor NEWAn online keepass-like tool to manage password. client-side AES encryption!
License: Other
An online keepass-like tool to manage password. client-side AES encryption!
License: Other
It seems that the login takes considerable more time after we entered 150 accounts.
Is this because the passwords are decrypted when loading?
If so, then I suggest decryption should happen when I need to view a certain password and press the button.
In document.ready
we set it up so that on every resize the DataTable gets reinitiated:
$( window ).resize(function() {
if(datatablestatus!=null){
datatablestatus.destroy();
datatablestatus=$("#pwdlist").DataTable({ordering:false, info:true, "lengthMenu": [ [10, 25, 50, 100, 200, -1], [10, 25, 50, 100, 200, "All"] ] });
}
});
Is this necessary? I just deleted it on my test installation and everything worked fine when resizing, even hiding the tags when there isn't enough space works.
If there is a reason maybe datatablestatus.draw()
is enough?
... and to close together
I think this function should be hidden if the device is not trusted.
Is there an option to disable all the saved and updated javascript message boxes?
I have to go through 400 account records now and I'd find it much nicer to have a simple
bootstrap message banner below the menu for this kind of messages.
Implementations of tags and urls,... is sufficiently far to talk about layout.
At the moment it looks like this
Empty columns are being hidden. So if you don't need one type of field you just ignore it.
All Columns but account, username and password are hidden when in mobile mode.
I want to add a button for editing an account and a button for opening the url associated with an account.
What do you think is the most intuitive position for them?
My idea is to open the url when clicking on the account name. Add a little settings button after the account name. But maybe those two "clickables" are to near together for mobile.
I'd further move the regeneration of passwords and the removal of accounts into the editing dialog.
<thead>
<tr role="row"><th class="sorting_disabled" rowspan="1" colspan="1" style="width: 0px;">Account</th><th class="usercell hidden-xs field">Username</th><th class="sorting_disabled" rowspan="1" colspan="1" style="width: 0px;">Password</th><th class="urlcell hidden field">URL</th><iframe id="tmp_downloadhelper_iframe" style="display: none;"></iframe></tr>
</thead>
Above is the HTML code from firefox. The 0px width causes problems. Table only took a very small part of space on the left side. I tried it on Chrome, the code is the same. But Chrome is somehow smart enough to recognize it's an error. We definitely need to fix this.
BTW, I didn't see this bug when I first implement DataTables.
I mean for for number of entries shown
The button disabled is not re-enabled.
UTF8 encoded CSV file can't open correctly in Microsoft office. It supports ANSI by default. Similarly, ANSI encoded CSV might cause problem in password manager. (Though for English, they are same)
As thanks to your significant contribution to this project, I'll list you as a co-owner of the copyright.
I think to check if the json data is valid it shouldn't be
if(json.status!="RAW_OK")
but
if(json.status!="OK")
at least that's what chrome is showing.
I know I suggested this before, but I'd like to do it anyway :)
My suggestion is to get rid of the mysql database and work purely on flat files. One file for each password entry. At least as an alternative to the current way.
Three advantages:
Since a typical password database does probably not contain more than few hundred entries speed will be of no concern either.
Mail adresses may change. So I think It's necessary to let the user change his adress and maybe even his username.
-> Why don't you just use the mailadress for login? Mail adresses are unique - but user names are not. And it would simplify things.
May be for login, add security verifying. Pass a random timestamp and ask for sha512(pass,timestamp)
I created one user and successfully logged in.
Then I created a pin.
Logout
Then I tried to login, but failed (with the password) and there was no obvious way to enter the pin.
After creating several new users there was still no way of logging in.
Run in Chrome but fail in IE edge.
SCRIPT1006: Expected ')'
What can I change without destroying anything.
I mean wouldn't it be advisable not to let the user play with the taq field.
Being able to add a some custom fields is exactly what I need.
But I don't want to mess things up in an existing database.
Since the removal of the pin I can't log in anymore.
Steps to reproduce
=> Wrong Password Error
Looing at the password.js the
getpwd function is shown hsers like this:
function getpwd(charlist,plength) {
  var maxPos = charlist.length;
  var pwd = '';
var i;
  for (i = 0; i < parseInt(plength); i++) {
    pwd += charlist.charAt(Math.floor(Math.random() * maxPos));
  }
  return pwd;
}
strange....
Just a tiny visual tweak:
function echofooter()
{
echo '<footer class="footer navbar-fixed-bottom">
It seems we've finished pretty much what's planned. It's time to have a long-term stable release and slow down development pace. But we do need to have a system test before such a release
@BenjaminHae could you help with the test? I think you're currently running the HEAD of master branch.
What about if there was an option to upload an image additionally to a password entry.
On mobiles this could trigger the 'select photo/make picture' function. (This happens by default for image uploads on newer phones as far as I know.)
Typical usage would be a very quick way to add simple entries for cards with lots of stuff written on it like certain 'membership cards' or even an id card.
Maybe it would be better to just leave it always visible (left of the menu button with the mobile view).
I think there is need of a upgrade routine(when possible).
If there is more than one user it's not feasible to ask everyone to backup and then reimport their data. Someone would be left behind and loose his data.
See whether it works correctly. Seems it does not play any role in current version, which is weird
This tool might be useful: https://blog.zhengxianjun.com/online-tool/crypto/aes/
I just stumbled upon your little project. Nice !
I'd like to make some suggestions though which seem rather important to me.
How about moving the export to csv function to recover.php to discourage users from having plain-text backups?
If you want to keep the csv export in the main interface I'd suggest merging it into the backup dialog. Semantically that's the place it should be.
I can see the "Show Tags" button but there's no function behind it.
I make a backup, do the restore routine and save the file raw_pass.txt
- all in version 8.01.
When I reimport this file into the new version I get
aes.js:10 Uncaught Error: Malformed UTF-8
dataw.Utf8.stringify @ aes.js:10
decryptchar @ password.js:93
process @ password.php:344
if I try again in the same window I additionally get
one of account or password empty! will continue to process other accounts, check back after this finished
and afterwards the same error.
What do you think about being able to switch (in the config.php) to an administrative mode.
Then jumpto into the signup process right away if no user is present and give him some sort of admin flag.
Then you could provide some ability to delete or lock users.
Also I think the administrator should be able to forbid the self sign-up and just create accounts manually.
I really suggest that the password generation button is only visible if the password field is empty.
It's too easy to accidentially press the button.
For current master branch, sometimes after importing or adding entries, the datatable does not work. Either nothing shows up or a table in bootstrap style shows up (no datatable addons). This happens frequently after importing accounts into password-manager.
I've deployed the current master branch on test website. And I can simply reproduce this bug in Chromium in Linux.
I suspect this bug might be related to datatable operations after importing/adding accounts. An easy fix might be just reverting back to my implementation of datatable on those events (i.e. destroy and reconstruct datatable each time it changes).
It would be great if ...
Therefore I suggest to add a way to group items by the first tag defined (which would be easy and convenient)
btw. the tag cloud seems to have vanished completely. why is that?
After adding one account (entry), the input fields such as account (Item)
are not cleared. Since we use ajax instead of reloading, the account name we just inputed will show up if we click add entry
again. Don't know if it should be a bug or not.
can be reproduced here. http://phppasswordmanager.sourceforge.net/
Disable direct push to master branch.
CI-pass required before merging into master
This method ensures that even AES private key leaks, the attacker still can't get the correspondence of the letters (Alphabet needs part2 which has information not in part1).
Hi @BenjaminHae
I took a look at your new commits and it seems you try to add pagination support (LN 545 in password.php) but there's no pagination yet.
From the first look, I think it's not hard to add pagination but it seems the search / cloud filter features will be undermined if we do this. I think cloud filter and search should be global, and therefore my first thought is to make a big table where you put everything and maintain a attribute (let's say visible-id
) for each <tr>
. Normally, visible-id
will be same as id
(1,2,3...). But when a filter / search is enabled, every entry filtered out will have visible-id
as -1
and then you sort other entries by their original id
, small to big. So you can then show entry with visible-id
1 to N if user wants page 1 or N to 2N if user wants page 2...
Please let me know what you think about this implementation.
I played around with the info view - I think it's better readable this way.
Hope you like it:
I changed the field type from textbox to 'label' for this:
function showdetail(index){
var i=parseInt(index);
var x,s;
s='<b>'+accountarray[i]["name"]+'</b><br><br>\n';
s=s+'<table style="width: 100%" font color="#ff0000">';
s=s+'<col width="90"><col width="auto">';
for (x in accountarray[i]["other"]) s=s+'<tr><td><font color="#afafaf"><style="font-weight: normal;">'+x+'</td><td><font color="#6d6d6d"><b>'+accountarray[i]["other"][x]+'<b></td></tr>';
s=s+'</table>';
$('#details').html(s);
$("#showdetails").modal("show");
}
If you insert a linebreak when customizing fields the javascript code can't be executed because there will be a linebreak in a string literal.
I suggest just packing a config_template.php and telling the users to copy/setup a config.php when running for the first time and no config.php is found. This would make updates more easy to handle.
We're on a server with limited Mysql databases.
Also it would be great to be able to run the site with just php -S which seems to work perfectly except the current need for mysql. Is it difficult to use Sqlite instead.
I suggest for such a database with only a few tables and few - one tiny sqlite database
per registered user would be very handy solution.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.