0) return 1; return 0; } $ToBeDeleted=array(); $state=0; if($oldid == "0" && $CSR != "") { $debugkey = $gpgkey = clean_gpgcsr($CSR); $tnam = tempnam('/tmp/', '__gpg'); $fp = fopen($tnam, 'w'); fwrite($fp, $gpgkey); fclose($fp); $debugpg = $gpg = trim(`gpg --with-colons --homedir /tmp 2>&1 < $tnam`); unlink($tnam); $lines = ""; $gpgarr = explode("\n", $gpg); foreach($gpgarr as $line) { #echo "Line[]: $line
\n"; if(substr($line, 0, 3) == "pub" || substr($line, 0, 3) == "uid") { if($lines != "") $lines .= "\n"; $lines .= $line; } } $gpg = $lines; $expires = 0; $nerr=0; $nok=0; $multiple = 0; $resulttable=_("The following UIDs were found in your key:")."
"; $i=0; $lastvalidemail=""; $npubs=0; foreach(explode("\n", $gpg) as $line) { $bits = explode(":", $line); $resulttable.=""; $name = $comment = ""; if($bits[0] == "pub") { $npubs++; } if($npubs>1) { showheader(_("Welcome to CAcert.org")); echo ""._("Please upload only one key at a time.").""; unset($_REQUEST['process']); $id = $oldid; unset($oldid); exit(); } if($bits[0] == "pub" && (!$keyid || !$when)) { $keyid = $bits[4]; $when = $bits[5]; if($bits[6] != "") $expires = 1; } $name=""; $comm=""; $mail=""; $uidformatwrong=0; if(sizeof($bits)<10) $uidformatwrong=1; if(preg_match("/\@.*\@/",$bits[9])) { showheader(_("Welcome to CAcert.org")); echo ""._("Multiple Email Adresses per UID are not allowed.").""; unset($_REQUEST['process']); $id = $oldid; unset($oldid); exit(); } // Name (Comment) if(preg_match("/^([^\[@<>]+) $([^\($@<>]*)\) <([\w=\/%.-]*\@[\w.-]*|[\w.-]*\![\w=\/%.-]*)>/",$bits[9],$matches)) { $name=trim(hex2bin($matches[1])); $nocomment=0; $comm=trim(hex2bin($matches[2])); $mail=trim(hex2bin($matches[3])); } // Name elseif(preg_match("/^([^\[@<>]+) <([\w=\/%.-]*\@[\w.-]*|[\w.-]*\![\w=\/%.-]*)>/",$bits[9],$matches)) { $name=trim(hex2bin($matches[1])); $nocomment=1; $comm=""; $mail=trim(hex2bin($matches[2])); } // Unrecognized format else { $nocomment=1; $uidformatwrong=1; } $nameok=verifyName($name); $emailok=verifyEmail($mail); if($comm != "") $comment[] = $comm; $resulttable.=""; $resulttable.=""; $uidok=0; if($bits[1]=="r") { $rmessage=_("Error: UID is revoked"); } elseif($uidformatwrong==1) { $rmessage=_("The format of the UID was not recognized. Please use 'Name (comment) <email@domain>'"); } elseif($mail=="" and $name=="") { $rmessage=_("Error: Both Name and Email address are empty"); } elseif($emailok and $nameok) { $uidok=1; $rmessage=_("Name and Email OK."); } elseif(!$emailok and !$nameok) { $rmessage=_("Name and Email both cannot be matched with your account."); } elseif($emailok and $name=="") { $uidok=1; $rmessage=_("The email is OK. The name is empty."); } elseif($nameok and $mail=="") { $uidok=1; $rmessage=_("The name is OK. The email is empty."); } elseif(!$emailok) { $rmessage=_("The email address has not been registered and verified in your account. Please add the email address to your account first."); } elseif(!$nameok) { $rmessage=_("The name in the UID does not match the name in your account. Please verify the name."); } else { $rmessage=_("Error"); } if($uidok) { $nok++; $resulttable.=""; $lastvalidemail=$mail; } else { $nerr++; //$ToBeDeleted[]=$i; //echo "Adding UID $i\n"; $resulttable.=""; } $resulttable.="\n"; if($emailok) $multiple++; } $resulttable.="

#	"._("Name")."	"._("Email")."	Result
".++$i."	".sanitizeHTML($name)."	".sanitizeHTML($mail)."	$rmessage	$rmessage

"; if($nok==0) { showheader(_("Welcome to CAcert.org")); echo $resulttable; echo ""._("No valid UIDs found on your key").""; unset($_REQUEST['process']); $id = $oldid; unset($oldid); $do = `echo "$debugkey\n--\n$debugpg\n--" >> /www/tmp/gpg.debug`; exit(); } elseif($nerr) { $resulttable.=_("The unverified UIDs have been removed, the verified UIDs have been signed."); } } if($oldid == "0" && $CSR != "") { $query = "insert into `gpg` set `memid`='".intval($_SESSION['profile']['id'])."', `email`='".mysql_real_escape_string($lastvalidemail)."', `level`='1', `expires`='".mysql_real_escape_string($expires)."', `multiple`='".mysql_real_escape_string($multiple)."', `keyid`='".mysql_real_escape_string($keyid)."'"; mysql_query($query); $id = mysql_insert_id(); $cwd = '/tmp/gpgspace'.$id; mkdir($cwd,0755); $fp = fopen("$cwd/gpg.csr", "w"); fputs($fp, clean_gpgcsr($CSR)); fclose($fp); system("gpg --homedir $cwd --import $cwd/gpg.csr"); $debugpg = $gpg = trim(`gpg --homedir $cwd --with-colons --fixed-list-mode --list-keys $keyid 2>&1`); $lines = ""; $gpgarr = explode("\n", $gpg); foreach($gpgarr as $line) { //echo "Line[]: $line
\n"; if(substr($line, 0, 4) == "uid:") { $name = $comment = ""; $bits = explode(":", $line); $pos = strpos($bits[9], "(") - 1; $nocomment = 0; if($pos < 0) { $nocomment = 1; $pos = strpos($bits[9], "<") - 1; } if($pos < 0) { $pos = strlen($bits[9]); } $name = trim(hex2bin(trim(substr($bits[9], 0, $pos)))); $nameok=verifyName($name); if($nocomment == 0) { $pos += 2; $pos2 = strpos($bits[9], ")"); $comm = trim(hex2bin(trim(substr($bits[9], $pos, $pos2 - $pos)))); if($comm != "") $comment[] = $comm; $pos = $pos2 + 3; } else { $pos = strpos($bits[9], "<") + 1; } $mail=""; if (preg_match("/<([\w.-]*\@[\w.-]*)>/", $bits[9],$match)) { //echo "Found: ".$match[1]; $mail = trim(hex2bin($match[1])); } else { //echo "Not found!\n"; } $emailok=verifyEmail($mail); $uidid=$bits[7]; if($bits[1]=="r") { $ToBeDeleted[]=$uidid; } elseif($mail=="" and $name=="") { //echo "$uidid will be deleted\n"; $ToBeDeleted[]=$uidid; } elseif($emailok and $nameok) { } elseif($emailok and $name=="") { } elseif($nameok and $mail=="") { } elseif(!$emailok and !$nameok) { //echo "$uidid will be deleted\n"; $ToBeDeleted[]=$uidid; } elseif(!$emailok) { //echo "$uidid will be deleted\n"; $ToBeDeleted[]=$uidid; } elseif(!$nameok) { //echo "$uidid will be deleted\n"; $ToBeDeleted[]=$uidid; } } } if(count($ToBeDeleted)>0) { $descriptorspec = array( 0 => array("pipe", "r"), // stdin is a pipe that the child will read from 1 => array("pipe", "w"), // stdout is a pipe that the child will write to 2 => array("pipe", "w") // stderr is a file to write to ); $stderr = fopen('php://stderr', 'w'); //echo "Keyid: $keyid\n"; $process = proc_open("/usr/bin/gpg --homedir $cwd --no-tty --command-fd 0 --status-fd 1 --logger-fd 2 --edit-key $keyid", $descriptorspec, $pipes); //echo "Process: $process\n"; //fputs($stderr,"Process: $process\n"); if (is_resource($process)) { //echo("it is a resource\n"); // $pipes now looks like this: // 0 => writeable handle connected to child stdin // 1 => readable handle connected to child stdout // Any error output will be appended to /tmp/error-output.txt while (!feof($pipes[1])) { $buffer = fgets($pipes[1], 4096); //echo $buffer; if($buffer == "[GNUPG:] GET_BOOL keyedit.sign_all.okay\n") { fputs($pipes[0],"yes\n"); } elseif($buffer == "[GNUPG:] GOT_IT\n") { } elseif(ereg("^\[GNUPG:\] GET_BOOL keyedit\.remove\.uid\.okay\s*",$buffer)) { fputs($pipes[0],"yes\n"); } elseif(ereg("^\[GNUPG:\] GET_LINE keyedit\.prompt\s*",$buffer)) { if(count($ToBeDeleted)>0) { $delthisuid=array_pop($ToBeDeleted); //echo "Deleting an UID $delthisuid\n"; fputs($pipes[0],"uid ".$delthisuid."\n"); } else { //echo "Saving\n"; fputs($pipes[0],$state?"save\n":"deluid\n"); $state++; } } elseif($buffer == "[GNUPG:] GOOD_PASSPHRASE\n") { } elseif(ereg("^\[GNUPG:\] KEYEXPIRED ",$buffer)) { echo "Key expired!\n"; exit; } elseif($buffer == "") { //echo "Empty!\n"; } else { echo "ERROR: UNKNOWN $buffer\n"; } } //echo "Fertig\n"; fclose($pipes[0]); //echo stream_get_contents($pipes[1]); fclose($pipes[1]); // It is important that you close any pipes before calling // proc_close in order to avoid a deadlock $return_value = proc_close($process); //echo "command returned $return_value\n"; } else { echo "Keine ressource!\n"; } } $csrname=generatecertpath("csr","gpg",$id); $do=`gpg --homedir $cwd --batch --export-options export-minimal --export $keyid >$csrname`; mysql_query("update `gpg` set `csr`='$csrname' where `id`='$id'"); waitForResult('gpg', $id); showheader(_("Welcome to CAcert.org")); echo $resulttable; $query = "select * from `gpg` where `id`='$id' and `crt`!=''"; $res = mysql_query($query); if(mysql_num_rows($res) <= 0) { echo _("Your certificate request has failed to be processed correctly, please try submitting it again.")."
\n"; echo _("If this is a re-occuring problem, please send a copy of the key you are trying to signed to support@cacert.org. Thank you."); } else { echo "

";
			readfile(generatecertpath("crt","gpg",$id));
			echo "

"; } showfooter(); exit; } $id = intval($id); showheader(_("Welcome to CAcert.org")); includeit($id, "gpg"); showfooter(); ?>