You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
cacert-webdb/www/gpg.php

184 lines
5.4 KiB
PHTML

<? /*
Copyright (C) 2004 by Duane Groth <duane_at_CAcert_dot_org>
This file is part of CAcert.
CAcert has been released under the CAcert Source License
which can be found included with these source files or can
be downloaded from the internet from the following address:
http://www.cacert.org/src-lic.php
CAcert is distributed WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<?
require_once("../includes/loggedin.php");
19 years ago
$id = intval($_REQUEST['id']);
$oldid = $_REQUEST['oldid'] = intval($_REQUEST['oldid']);
if($_SESSION['profile']['points'] < 50)
{
header("location: /account.php");
exit;
}
loadem("account");
20 years ago
if($oldid == "0")
{
18 years ago
if($_REQUEST['process'] == _("Submit") && $_REQUEST['CSR'] == "")
{
20 years ago
$_SESSION['_config']['errmsg'] = _("You failed to paste a valid GPG/PGP key.");
$id = $oldid;
unset($oldid);
}
}
18 years ago
if($oldid == "0" && $_REQUEST['CSR'] != "")
{
18 years ago
$debugkey = $gpgkey = clean_csr(stripslashes($_REQUEST['CSR']));
$debugpg = $gpg = mysql_real_escape_string(trim(`echo "$gpgkey"|gpg --with-colons --homedir /tmp 2>&1`));
$lines = "";
18 years ago
$gpgarr = explode("\n", $gpg);
foreach($gpgarr as $line)
{
if(substr($line, 0, 3) == "pub" || substr($line, 0, 3) == "uid")
{
if($lines != "")
$lines .= "\n";
$lines .= $line;
}
}
$gpg = $lines;
20 years ago
$expires = 0;
foreach(explode("\n", $gpg) as $line)
{
$name = $comment = "";
$bits = explode(":", $line);
if($bits[0] == "pub" && (!$keyid || !$when))
{
$keyid = $bits[4];
$when = $bits[5];
20 years ago
if($bits[6] != "")
$expires = 1;
}
if(!strstr($line, "@")) continue;
$pos = strpos($bits[9], "(") - 1;
$nocomment = 0;
if($pos < 0)
{
$nocomment = 1;
$pos = strpos($bits[9], "<") - 1;
}
$name = trim(hex2bin(trim(substr($bits[9], 0, $pos))));
if($name != "")
$names[] = $name;
if($nocomment == 0)
{
$pos += 2;
$pos2 = strpos($bits[9], ")");
$comm = trim(hex2bin(trim(substr($bits[9], $pos, $pos2 - $pos))));
if($comm != "")
$comment[] = $comm;
$pos = $pos2 + 3;
} else {
$pos = strpos($bits[9], "<") + 1;
}
$pos2 = strpos($bits[9], ">", $pos);
$mail = trim(hex2bin(trim(substr($bits[9], $pos, $pos2 - $pos))));
if($mail != "")
$emailaddies[] = $mail;
}
20 years ago
$multiple = 0;
if(count($emailaddies) > 1)
$multiple = 1;
if(is_array($names))
{
20 years ago
foreach($names as $name)
{
if($name == $_SESSION['profile']['fname']." ".$_SESSION['profile']['lname'])
continue;
if($name == $_SESSION['profile']['fname']." ".$_SESSION['profile']['mname']." ".$_SESSION['profile']['lname'])
continue;
if($name == $_SESSION['profile']['fname']." ".$_SESSION['profile']['lname']." ".$_SESSION['profile']['suffix'])
continue;
if($name == $_SESSION['profile']['fname']." ".$_SESSION['profile']['mname']." ".$_SESSION['profile']['lname']." ".$_SESSION['profile']['suffix'])
continue;
$_SESSION['_config']['errmsg'] = _("No suitable name combination could be matched from your PGP/GPG keys to what we have in the database ('$name')");
18 years ago
unset($_REQUEST['process']);
20 years ago
$id = $oldid;
unset($oldid);
18 years ago
$do = `echo "$debugkey\n--\n$debugpg\n--" >> /www/tmp/gpg.debug`;
20 years ago
}
}
20 years ago
if(is_array($emailaddies) && count($emailaddies) >= 1)
{
20 years ago
foreach($emailaddies as $email)
{
if(mysql_num_rows(mysql_query("select * from `email` where `memid`='".$_SESSION['profile']['id']."' and
18 years ago
`email`='".mysql_real_escape_string($email)."' and `deleted`=0 and `hash`=''")) > 0)
20 years ago
continue;
$_SESSION['_config']['errmsg'] = _("No suitable emails could be matched from your PGP/GPG keys to what we have in the database. ('$email')");
18 years ago
unset($_REQUEST['process']);
20 years ago
$id = $oldid;
unset($oldid);
18 years ago
$do = `echo "$debugkey\n--\n$debugpg\n--" >> /www/tmp/gpg.debug`;
20 years ago
}
} else {
$_SESSION['_config']['errmsg'] = _("No emails found on your key");
18 years ago
unset($_REQUEST['process']);
$id = $oldid;
unset($oldid);
18 years ago
$do = `echo "$debugkey\n--\n$debugpg\n--" >> /www/tmp/gpg.debug`;
}
}
18 years ago
if($oldid == "0" && $_REQUEST['CSR'] != "")
{
20 years ago
$query = "insert into `gpg` set `memid`='".$_SESSION['profile']['id']."',
18 years ago
`email`='".mysql_real_escape_string($emailaddies['0'])."',
`level`='1',
18 years ago
`expires`='".mysql_real_escape_string($expires)."',
`multiple`='".mysql_real_escape_string($multiple)."'";
mysql_query($query);
$id = mysql_insert_id();
$fp = fopen("../csr/gpg-$id.csr", "w");
18 years ago
fputs($fp, clean_csr(stripslashes($_REQUEST['CSR'])));
fclose($fp);
mysql_query("update `gpg` set `csr`='../csr/gpg-$id.csr' where `id`='$id'");
waitForResult('gpg', $id);
showheader(_("Welcome to CAcert.org"));
$query = "select * from `gpg` where `id`='$id' and `crt`!=''";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
18 years ago
echo _("Your certificate request has failed to be processed correctly, please try submitting it again.")."<br>\n";
echo _("If this is a re-occuring problem, please send a copy of the key you are trying to signed to support@cacert.org. Thank you.");
} else {
echo "<pre>";
readfile("../crt/gpg-$id.crt");
echo "</pre>";
}
showfooter();
exit;
}
20 years ago
$id = intval($id);
$_SESSION['_config']['cert'] = intval($cert);
showheader(_("Welcome to CAcert.org"));
includeit($id, "gpg");
showfooter();
?>