This is a script designed for businesses, establishments, and technical support service providers. The purpose of this script is to enable the sharing of secure messages that can only be viewed once. Through this script, confidential information such as accounts, statements, and more can be exchanged.

Secure Self-Destruct Message Script is a lightweight and secure PHP-based system that allows users to send private messages that can only be viewed once. After the recipient opens the message, it becomes inaccessible forever.

Additionally, the script supports:

• Password protection for extra security.
• Message expiration timer: messages can automatically expire after a set period, even if not viewed.

Admin Panel:

https://onetime.akour.me/abma

Email: [email protected]

Password: admin

Top Features:

• Secure message via a unique Token code for each message
• Option to set an automatic self-destruct timer for the message if unread
• Ability to track the date and time the message was read by the recipient
• Support for Arabic and English languages
• Support for light and dark mode
• Advanced Twig templating system
• Application Programming Interface (API) for integration
• Option to attach an image with the message (available in the default template)

Top Features:

• Secure message via a unique Token code for each message
• Option to set an automatic self-destruct timer for the message if unread
• Ability to track the date and time the message was read by the recipient
• Support for Arabic and English languages
• Support for light and dark mode
• Advanced Twig templating system
• Application Programming Interface (API) for integration
• Option to attach an image with the message (available in the default template)

• PHP 8.1 or higher
• MySQL 5.x or MariaDB
• Apache/Nginx server
• mod_rewrite enabled (for clean URLs)

🔐 Message Encryption (AES-256-CBC)

To ensure maximum privacy and data protection, this script uses AES-256-CBC encryption to securely store messages in the database. Here's how it works:

• End-to-End Encryption: Messages are encrypted before being stored in the database and decrypted only when displayed to the intended recipient.
• Secure Key Handling: A 256-bit encryption key is generated using random_bytes() and safely stored in a local .env file. This key is never hardcoded in the script.
• Random Initialization Vector (IV): Every message is encrypted with a unique, random IV, which is stored alongside the message in the database to enable accurate decryption.
• OpenSSL Encryption: Built using PHP’s openssl_encrypt() and openssl_decrypt() functions, following modern cryptographic standards.
• Database Safe: Encrypted messages and IVs are safely stored using TEXT and VARCHAR columns respectively to handle any length of content.

This feature ensures that even if someone gains access to the database, the messages remain completely unreadable without the encryption key.

🔒 Sample Encryption Flow:

1. User writes a message → PHP encrypts it using AES-256.
2. Encrypted message + IV → Stored in the database.
3. When displaying the message → The script decrypts it in real-time using the key and IV.

✅ Benefits:

• GDPR-friendly secure message handling.
• Protects against data breaches.
• Easy to integrate and manage.

🛠️ How It Works

1. User writes a message.
2. Optionally sets password and/or expiration time.
3. System generates a unique URL.
4. User sends the URL to the recipient.
5. Message is deleted immediately after being viewed or when expired.

🔐 Security Options

• One-time Viewing: Messages can be seen only once.
• Password Protection: Optional password for added privacy.
• Expiration Timer: Set time limit even if not opened.

🌐 Clean URLs

Clean titles are enabled by default.

🛡️ Security Tips

• Messages can be encrypted in DB (if implemented).
• All inputs are sanitized to prevent XSS or SQL injection.
• Do not share passwords over insecure platforms.