2004-11-10 06:12:43 +00:00
< ? /*
2008-04-06 19:45:09 +00:00
LibreSSL - CAcert web application
Copyright ( C ) 2004 - 2008 CAcert Inc .
2004-11-10 06:12:43 +00:00
2008-04-06 19:45:09 +00:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; version 2 of the License .
2004-11-10 06:12:43 +00:00
2008-04-06 19:45:09 +00:00
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
2004-11-10 06:12:43 +00:00
2008-04-06 19:45:09 +00:00
You should have received a copy of the GNU General Public License
along with this program ; if not , write to the Free Software
Foundation , Inc . , 51 Franklin Street , Fifth Floor , Boston , MA 02110 - 1301 USA
2004-11-10 06:12:43 +00:00
*/ ?>
< ?
require_once ( " ../includes/loggedin.php " );
2009-04-07 16:50:52 +00:00
$id = 0 ; if ( array_key_exists ( 'id' , $_REQUEST )) $id = intval ( $_REQUEST [ 'id' ]);
2008-08-31 23:00:49 +00:00
$oldid = $_REQUEST [ 'oldid' ] = array_key_exists ( 'oldid' , $_REQUEST ) ? intval ( $_REQUEST [ 'oldid' ]) : 0 ;
2006-02-03 18:45:23 +00:00
2005-02-16 18:11:53 +00:00
if ( $_SESSION [ 'profile' ][ 'points' ] < 50 )
{
header ( " location: /account.php " );
exit ;
}
2004-11-10 06:12:43 +00:00
loadem ( " account " );
2007-11-17 12:27:15 +00:00
2008-08-31 23:00:49 +00:00
$CSR = " " ; if ( array_key_exists ( 'CSR' , $_REQUEST )) $CSR = stripslashes ( $_REQUEST [ 'CSR' ]);
2007-11-17 12:27:15 +00:00
2004-11-18 23:21:15 +00:00
if ( $oldid == " 0 " )
2004-11-10 06:12:43 +00:00
{
2008-08-31 23:00:49 +00:00
if ( array_key_exists ( 'process' , $_REQUEST ) && $_REQUEST [ 'process' ] != " " && $CSR == " " )
2004-11-10 06:12:43 +00:00
{
2004-11-18 23:21:15 +00:00
$_SESSION [ '_config' ][ 'errmsg' ] = _ ( " You failed to paste a valid GPG/PGP key. " );
2004-11-10 06:12:43 +00:00
$id = $oldid ;
2009-04-19 23:00:56 +00:00
$oldid = 0 ;
2004-11-10 06:12:43 +00:00
}
}
2007-02-07 13:50:25 +00:00
$keyid = " " ;
2009-04-19 23:14:00 +00:00
if ( 0 )
2007-11-19 16:31:50 +00:00
{
if ( $_SESSION [ " profile " ][ " id " ] != 5897 )
{
showheader ( _ ( " Welcome to CAcert.org " ));
echo " The OpenPGP signing system is currently shutdown due to a maintenance. We hope to get it fixed within the next few hours. We are very sorry for the inconvenience. " ;
exit ( 0 );
}
}
2007-11-17 12:27:15 +00:00
function verifyName ( $name )
{
2007-11-18 01:16:36 +00:00
if ( $name == " " ) return 0 ;
2007-11-17 12:27:15 +00:00
if ( $name == $_SESSION [ 'profile' ][ 'fname' ] . " " . $_SESSION [ 'profile' ][ 'lname' ]) return 1 ;
if ( $name == $_SESSION [ 'profile' ][ 'fname' ] . " " . $_SESSION [ 'profile' ][ 'mname' ] . " " . $_SESSION [ 'profile' ][ 'lname' ]) return 1 ;
if ( $name == $_SESSION [ 'profile' ][ 'fname' ] . " " . $_SESSION [ 'profile' ][ 'lname' ] . " " . $_SESSION [ 'profile' ][ 'suffix' ]) return 1 ;
if ( $name == $_SESSION [ 'profile' ][ 'fname' ] . " " . $_SESSION [ 'profile' ][ 'mname' ] . " " . $_SESSION [ 'profile' ][ 'lname' ] . " " . $_SESSION [ 'profile' ][ 'suffix' ]) return 1 ;
return 0 ;
}
function verifyEmail ( $email )
{
2007-11-18 01:16:36 +00:00
if ( $email == " " ) return 0 ;
2007-11-17 12:27:15 +00:00
if ( mysql_num_rows ( mysql_query ( " select * from `email` where `memid`=' " . $_SESSION [ 'profile' ][ 'id' ] . " ' and `email`=' " . mysql_real_escape_string ( $email ) . " ' and `deleted`=0 and `hash`='' " )) > 0 ) return 1 ;
return 0 ;
}
$ToBeDeleted = array ();
2009-04-19 23:00:56 +00:00
$state = 0 ;
2008-08-31 23:00:49 +00:00
if ( $oldid == " 0 " && $CSR != " " )
2004-11-10 06:12:43 +00:00
{
2008-08-31 23:00:49 +00:00
$debugkey = $gpgkey = clean_csr ( $CSR );
2007-11-17 12:27:15 +00:00
$debugpg = $gpg = trim ( `echo "$gpgkey"|gpg --with-colons --homedir /tmp 2>&1` );
2004-11-10 06:12:43 +00:00
$lines = " " ;
2006-08-03 13:20:55 +00:00
$gpgarr = explode ( " \n " , $gpg );
foreach ( $gpgarr as $line )
2004-11-10 06:12:43 +00:00
{
2007-11-17 12:27:15 +00:00
#echo "Line[]: $line <br/>\n";
2004-11-10 06:12:43 +00:00
if ( substr ( $line , 0 , 3 ) == " pub " || substr ( $line , 0 , 3 ) == " uid " )
{
if ( $lines != " " )
$lines .= " \n " ;
$lines .= $line ;
}
}
$gpg = $lines ;
2004-11-18 23:21:15 +00:00
$expires = 0 ;
2007-11-17 12:27:15 +00:00
$nerr = 0 ; $nok = 0 ;
$multiple = 0 ;
2004-11-10 06:12:43 +00:00
2009-04-09 12:57:42 +00:00
$resulttable = _ ( " The following UIDs were found in your key: " ) . " <br/><table border='1'><tr><td>#</td><td> " . _ ( " Name " ) . " </td><td> " . _ ( " Email " ) . " </td><td>Result</td> " ;
2007-11-17 12:27:15 +00:00
$i = 0 ;
2008-07-31 21:25:36 +00:00
$lastvalidemail = " " ;
2004-11-10 06:12:43 +00:00
foreach ( explode ( " \n " , $gpg ) as $line )
{
2009-04-19 23:00:56 +00:00
$bits = explode ( " : " , $line );
2007-11-17 12:27:15 +00:00
$resulttable .= " <tr><td> " .++ $i . " </td> " ;
2004-11-10 06:12:43 +00:00
$name = $comment = " " ;
if ( $bits [ 0 ] == " pub " && ( ! $keyid || ! $when ))
{
$keyid = $bits [ 4 ];
$when = $bits [ 5 ];
2004-11-18 23:21:15 +00:00
if ( $bits [ 6 ] != " " )
$expires = 1 ;
2004-11-10 06:12:43 +00:00
}
2009-04-19 23:00:56 +00:00
$name = " " ;
$comm = " " ;
2007-11-18 01:16:36 +00:00
$mail = " " ;
2009-04-19 23:00:56 +00:00
$uidformatwrong = 0 ;
if ( sizeof ( $bits ) < 10 ) $uidformatwrong = 1 ;
2007-12-19 22:12:21 +00:00
if ( preg_match ( " / \ @.* \ @/ " , $bits [ 9 ]))
{
showheader ( _ ( " Welcome to CAcert.org " ));
echo " <font color='#ff0000'> " . _ ( " Multiple Email Adresses per UID are not allowed. " ) . " </font> " ;
unset ( $_REQUEST [ 'process' ]);
$id = $oldid ;
unset ( $oldid );
exit ();
}
2009-04-19 23:00:56 +00:00
// Name (Comment) <Email>
if ( preg_match ( " /^([^ \ ( \ ) \ [@<>]+) \ (([^ \ ( \ )@<>]*) \ ) <([ \ w= \ /%.-]* \ @[ \ w.-]*|[ \ w.-]* \ ![ \ w= \ /%.-]*)>/ " , $bits [ 9 ], $matches ))
{
$name = trim ( hex2bin ( $matches [ 1 ]));
$nocomment = 0 ;
$comm = trim ( hex2bin ( $matches [ 2 ]));
$mail = trim ( hex2bin ( $matches [ 3 ]));
2007-11-18 01:16:36 +00:00
}
2009-04-19 23:00:56 +00:00
// Name <EMail>
elseif ( preg_match ( " /^([^ \ ( \ ) \ [@<>]+) <([ \ w= \ /%.-]* \ @[ \ w.-]*|[ \ w.-]* \ ![ \ w= \ /%.-]*)>/ " , $bits [ 9 ], $matches ))
{
$name = trim ( hex2bin ( $matches [ 1 ]));
$nocomment = 1 ;
$comm = " " ;
$mail = trim ( hex2bin ( $matches [ 2 ]));
}
// Unrecognized format
2007-11-18 01:16:36 +00:00
else
{
2009-04-19 23:00:56 +00:00
$nocomment = 1 ;
$uidformatwrong = 1 ;
2007-11-18 01:16:36 +00:00
}
2009-04-19 23:00:56 +00:00
$nameok = verifyName ( $name );
2007-11-17 12:27:15 +00:00
$emailok = verifyEmail ( $mail );
2007-11-18 01:16:36 +00:00
2009-04-19 23:00:56 +00:00
if ( $comm != " " )
$comment [] = $comm ;
$resulttable .= " <td bgcolor='# " . ( $nameok ? " c0ffc0 " : " ffc0c0 " ) . " '> " . sanitizeHTML ( $name ) . " </td> " ;
$resulttable .= " <td bgcolor='# " . ( $emailok ? " c0ffc0 " : " ffc0c0 " ) . " '> " . sanitizeHTML ( $mail ) . " </td> " ;
2007-11-17 12:27:15 +00:00
$uidok = 0 ;
2007-11-19 16:31:50 +00:00
if ( $bits [ 1 ] == " r " )
{
$rmessage = _ ( " Error: UID is revoked " );
}
2009-04-19 23:00:56 +00:00
elseif ( $uidformatwrong == 1 )
{
$rmessage = _ ( " The format of the UID was not recognized. Please use 'Name (comment) <email@domain>' " );
}
2007-11-19 16:31:50 +00:00
elseif ( $mail == " " and $name == " " )
2007-11-17 12:27:15 +00:00
{
$rmessage = _ ( " Error: Both Name and Email address are empty " );
}
elseif ( $emailok and $nameok )
{
$uidok = 1 ;
$rmessage = _ ( " Name and Email OK. " );
}
elseif ( ! $emailok and ! $nameok )
{
$rmessage = _ ( " Name and Email both cannot be matched with your account. " );
}
elseif ( $emailok and $name == " " )
{
$uidok = 1 ;
2007-11-18 01:16:36 +00:00
$rmessage = _ ( " The email is OK. The name is empty. " );
2007-11-17 12:27:15 +00:00
}
2007-11-18 01:16:36 +00:00
elseif ( $nameok and $mail == " " )
2007-11-17 12:27:15 +00:00
{
$uidok = 1 ;
2007-11-18 01:16:36 +00:00
$rmessage = _ ( " The name is OK. The email is empty. " );
2007-11-17 12:27:15 +00:00
}
elseif ( ! $emailok )
{
$rmessage = _ ( " The email address has not been registered and verified in your account. Please add the email address to your account first. " );
}
elseif ( ! $nameok )
{
$rmessage = _ ( " The name in the UID does not match the name in your account. Please verify the name. " );
}
2004-11-18 23:21:15 +00:00
2007-11-17 12:27:15 +00:00
else
{
$rmessage = _ ( " Error " );
}
if ( $uidok )
{
$nok ++ ;
$resulttable .= " <td> $rmessage </td> " ;
2008-07-31 21:25:36 +00:00
$lastvalidemail = $mail ;
2007-11-17 12:27:15 +00:00
}
else
2004-11-18 23:21:15 +00:00
{
2007-11-17 12:27:15 +00:00
$nerr ++ ;
//$ToBeDeleted[]=$i;
//echo "Adding UID $i\n";
2009-04-19 23:10:55 +00:00
$resulttable .= " <td bgcolor='#ffc0c0'> $rmessage </td> " ;
2004-11-18 23:21:15 +00:00
}
2007-11-17 12:27:15 +00:00
$resulttable .= " </tr> \n " ;
if ( $emailok ) $multiple ++ ;
2004-11-10 06:12:43 +00:00
}
2007-11-17 12:27:15 +00:00
$resulttable .= " </table> " ;
2004-11-10 06:12:43 +00:00
2007-11-17 12:27:15 +00:00
if ( $nok == 0 )
2004-11-10 06:12:43 +00:00
{
2007-11-18 01:16:36 +00:00
showheader ( _ ( " Welcome to CAcert.org " ));
echo $resulttable ;
echo " <font color='#ff0000'> " . _ ( " No valid UIDs found on your key " ) . " </font> " ;
2006-08-03 13:20:55 +00:00
unset ( $_REQUEST [ 'process' ]);
2004-11-10 06:12:43 +00:00
$id = $oldid ;
unset ( $oldid );
2006-08-03 13:20:55 +00:00
$do = `echo "$debugkey\n--\n$debugpg\n--" >> /www/tmp/gpg.debug` ;
2007-11-18 01:16:36 +00:00
exit ();
2004-11-10 06:12:43 +00:00
}
2007-11-17 12:27:15 +00:00
elseif ( $nerr )
{
$resulttable .= _ ( " The unverified UIDs have been removed, the verified UIDs have been signed. " );
}
2004-11-10 06:12:43 +00:00
}
2007-11-17 12:27:15 +00:00
2008-08-31 23:00:49 +00:00
if ( $oldid == " 0 " && $CSR != " " )
2004-11-10 06:12:43 +00:00
{
2008-11-17 20:52:42 +00:00
$query = " insert into `gpg` set `memid`=' " . intval ( $_SESSION [ 'profile' ][ 'id' ]) . " ',
2008-07-31 21:25:36 +00:00
`email` = '".mysql_real_escape_string($lastvalidemail)."' ,
2005-02-16 18:11:53 +00:00
`level` = '1' ,
2006-04-20 20:48:35 +00:00
`expires` = '".mysql_real_escape_string($expires)."' ,
2007-12-19 22:12:21 +00:00
`multiple` = '".mysql_real_escape_string($multiple)."' ,
`keyid` = '".mysql_real_escape_string($keyid)."' " ;
2004-11-10 06:12:43 +00:00
mysql_query ( $query );
$id = mysql_insert_id ();
2007-02-07 13:50:25 +00:00
$cwd = '/tmp/gpgspace' . $id ;
mkdir ( $cwd , 0755 );
$fp = fopen ( " $cwd /gpg.csr " , " w " );
2008-08-31 23:00:49 +00:00
fputs ( $fp , clean_csr ( $CSR ));
2004-11-10 06:12:43 +00:00
fclose ( $fp );
2007-02-07 13:50:25 +00:00
system ( " gpg --homedir $cwd --import $cwd /gpg.csr " );
2007-11-17 12:27:15 +00:00
$debugpg = $gpg = trim ( `gpg --homedir $cwd --with-colons --fixed-list-mode --list-keys $keyid 2>&1` );
$lines = " " ;
$gpgarr = explode ( " \n " , $gpg );
foreach ( $gpgarr as $line )
{
//echo "Line[]: $line <br/>\n";
if ( substr ( $line , 0 , 4 ) == " uid: " )
{
$name = $comment = " " ;
$bits = explode ( " : " , $line );
$pos = strpos ( $bits [ 9 ], " ( " ) - 1 ;
$nocomment = 0 ;
if ( $pos < 0 )
{
$nocomment = 1 ;
$pos = strpos ( $bits [ 9 ], " < " ) - 1 ;
}
2007-11-19 16:31:50 +00:00
if ( $pos < 0 )
{
$pos = strlen ( $bits [ 9 ]);
}
2007-11-17 12:27:15 +00:00
$name = trim ( hex2bin ( trim ( substr ( $bits [ 9 ], 0 , $pos ))));
$nameok = verifyName ( $name );
if ( $nocomment == 0 )
{
$pos += 2 ;
$pos2 = strpos ( $bits [ 9 ], " ) " );
$comm = trim ( hex2bin ( trim ( substr ( $bits [ 9 ], $pos , $pos2 - $pos ))));
if ( $comm != " " )
$comment [] = $comm ;
$pos = $pos2 + 3 ;
} else {
$pos = strpos ( $bits [ 9 ], " < " ) + 1 ;
}
2007-11-19 16:31:50 +00:00
$mail = " " ;
if ( preg_match ( " /<([ \ w.-]* \ @[ \ w.-]*)>/ " , $bits [ 9 ], $match )) {
//echo "Found: ".$match[1];
$mail = trim ( hex2bin ( $match [ 1 ]));
}
else
{
//echo "Not found!\n";
}
2007-11-17 12:27:15 +00:00
$emailok = verifyEmail ( $mail );
$uidid = $bits [ 7 ];
2007-11-19 16:31:50 +00:00
if ( $bits [ 1 ] == " r " )
{
$ToBeDeleted [] = $uidid ;
}
elseif ( $mail == " " and $name == " " )
2007-11-17 12:27:15 +00:00
{
//echo "$uidid will be deleted\n";
$ToBeDeleted [] = $uidid ;
}
elseif ( $emailok and $nameok )
{
}
2007-11-19 16:31:50 +00:00
elseif ( $emailok and $name == " " )
2007-11-17 12:27:15 +00:00
{
}
2007-11-19 16:31:50 +00:00
elseif ( $nameok and $mail == " " )
2007-11-17 12:27:15 +00:00
{
}
2007-11-19 16:31:50 +00:00
elseif ( ! $emailok and ! $nameok )
2007-11-17 12:27:15 +00:00
{
2007-11-19 16:31:50 +00:00
//echo "$uidid will be deleted\n";
$ToBeDeleted [] = $uidid ;
2007-11-17 12:27:15 +00:00
}
elseif ( ! $emailok )
{
//echo "$uidid will be deleted\n";
$ToBeDeleted [] = $uidid ;
}
elseif ( ! $nameok )
{
//echo "$uidid will be deleted\n";
$ToBeDeleted [] = $uidid ;
}
}
}
if ( count ( $ToBeDeleted ) > 0 )
{
2009-04-19 23:00:56 +00:00
2007-11-17 12:27:15 +00:00
2007-02-07 13:50:25 +00:00
$descriptorspec = array (
0 => array ( " pipe " , " r " ), // stdin is a pipe that the child will read from
1 => array ( " pipe " , " w " ), // stdout is a pipe that the child will write to
2 => array ( " pipe " , " w " ) // stderr is a file to write to
);
$stderr = fopen ( 'php://stderr' , 'w' );
2007-11-17 12:27:15 +00:00
//echo "Keyid: $keyid\n";
2007-02-07 13:50:25 +00:00
2007-11-17 12:27:15 +00:00
$process = proc_open ( " /usr/bin/gpg --homedir $cwd --no-tty --command-fd 0 --status-fd 1 --logger-fd 2 --edit-key $keyid " , $descriptorspec , $pipes );
2007-02-07 13:50:25 +00:00
//echo "Process: $process\n";
//fputs($stderr,"Process: $process\n");
if ( is_resource ( $process )) {
2007-11-17 12:27:15 +00:00
//echo("it is a resource\n");
2007-02-07 13:50:25 +00:00
// $pipes now looks like this:
// 0 => writeable handle connected to child stdin
// 1 => readable handle connected to child stdout
// Any error output will be appended to /tmp/error-output.txt
while ( ! feof ( $pipes [ 1 ]))
{
$buffer = fgets ( $pipes [ 1 ], 4096 );
2007-11-17 12:27:15 +00:00
//echo $buffer;
2007-02-07 13:50:25 +00:00
if ( $buffer == " [GNUPG:] GET_BOOL keyedit.sign_all.okay \n " )
{
2007-11-17 12:27:15 +00:00
fputs ( $pipes [ 0 ], " yes \n " );
2007-02-07 13:50:25 +00:00
}
elseif ( $buffer == " [GNUPG:] GOT_IT \n " )
{
}
elseif ( ereg ( " ^ \ [GNUPG: \ ] GET_BOOL keyedit \ .remove \ .uid \ .okay \ s* " , $buffer ))
{
2007-11-17 12:27:15 +00:00
fputs ( $pipes [ 0 ], " yes \n " );
2007-02-07 13:50:25 +00:00
}
2007-11-17 12:27:15 +00:00
elseif ( ereg ( " ^ \ [GNUPG: \ ] GET_LINE keyedit \ .prompt \ s* " , $buffer ))
2007-02-07 13:50:25 +00:00
{
if ( count ( $ToBeDeleted ) > 0 )
{
2007-11-17 12:27:15 +00:00
$delthisuid = array_pop ( $ToBeDeleted );
//echo "Deleting an UID $delthisuid\n";
fputs ( $pipes [ 0 ], " uid " . $delthisuid . " \n " );
2007-02-07 13:50:25 +00:00
}
else
{
2007-11-17 12:27:15 +00:00
//echo "Saving\n";
fputs ( $pipes [ 0 ], $state ? " save \n " : " deluid \n " );
2007-02-07 13:50:25 +00:00
$state ++ ;
}
}
elseif ( $buffer == " [GNUPG:] GOOD_PASSPHRASE \n " )
{
}
elseif ( ereg ( " ^ \ [GNUPG: \ ] KEYEXPIRED " , $buffer ))
{
echo " Key expired! \n " ;
exit ;
}
elseif ( $buffer == " " )
{
2007-11-17 12:27:15 +00:00
//echo "Empty!\n";
2007-02-07 13:50:25 +00:00
}
else
{
echo " ERROR: UNKNOWN $buffer\n " ;
}
}
//echo "Fertig\n";
fclose ( $pipes [ 0 ]);
//echo stream_get_contents($pipes[1]);
fclose ( $pipes [ 1 ]);
// It is important that you close any pipes before calling
// proc_close in order to avoid a deadlock
$return_value = proc_close ( $process );
//echo "command returned $return_value\n";
}
else
{
echo " Keine ressource! \n " ;
}
2007-11-17 12:27:15 +00:00
}
2007-02-07 13:50:25 +00:00
$do = `gpg --homedir $cwd --batch --export-options export-minimal --export $keyid >../csr/gpg-$id.csr` ;
//echo "Export: $do\n";
//$fp = fopen("../csr/gpg-$id.csr", "w");
2008-08-31 23:00:49 +00:00
//fputs($fp, clean_csr($CSR'));
2007-02-07 13:50:25 +00:00
//fclose($fp);
2007-11-17 12:27:15 +00:00
if ( 1 )
{
2007-02-07 13:50:25 +00:00
2004-11-10 06:12:43 +00:00
mysql_query ( " update `gpg` set `csr`='../csr/gpg- $id .csr' where `id`=' $id ' " );
2007-01-28 18:34:05 +00:00
waitForResult ( 'gpg' , $id );
2007-11-17 12:27:15 +00:00
}
2004-11-10 06:12:43 +00:00
showheader ( _ ( " Welcome to CAcert.org " ));
2007-11-17 12:27:15 +00:00
echo $resulttable ;
2004-11-10 06:12:43 +00:00
$query = " select * from `gpg` where `id`=' $id ' and `crt`!='' " ;
$res = mysql_query ( $query );
if ( mysql_num_rows ( $res ) <= 0 )
{
2006-08-03 13:20:55 +00:00
echo _ ( " Your certificate request has failed to be processed correctly, please try submitting it again. " ) . " <br> \n " ;
echo _ ( " If this is a re-occuring problem, please send a copy of the key you are trying to signed to support@cacert.org. Thank you. " );
2004-11-10 06:12:43 +00:00
} else {
echo " <pre> " ;
readfile ( " ../crt/gpg- $id .crt " );
echo " </pre> " ;
}
showfooter ();
exit ;
}
2004-11-18 23:21:15 +00:00
$id = intval ( $id );
2004-11-10 06:12:43 +00:00
showheader ( _ ( " Welcome to CAcert.org " ));
includeit ( $id , " gpg " );
showfooter ();
?>
