diff options
| author | Stefanie Eckner <stefanie@eckner.net> | 2023-12-30 15:49:46 +0100 |
|---|---|---|
| committer | Stefanie Eckner <stefanie@eckner.net> | 2023-12-30 15:49:46 +0100 |
| commit | e35c1f6a2120775e23daf31256ce070cee2d462e (patch) | |
| tree | 586be65a37d922743b73464e4aa59ca044a1d119 | |
| parent | 216eafc2727ddc6c73c12d6961d2d2b632a582ff (diff) | |
| download | computer-time-limit-e35c1f6a2120775e23daf31256ce070cee2d462e.tar.xz | |
server auf signify umgebaut
| -rw-r--r-- | computer-time-limit.php | 38 |
1 files changed, 23 insertions, 15 deletions
diff --git a/computer-time-limit.php b/computer-time-limit.php index 6cbdd59..ed4dc3a 100644 --- a/computer-time-limit.php +++ b/computer-time-limit.php @@ -2,26 +2,34 @@ $db = new SQLite3('../backstage/computer-time-limit/computer-time-limit.sqlite'); -if (array_key_exists('key', $_POST)) { - print(shell_exec('echo "' . base64_encode($_POST['key']) . '" | base64 -d | base64 -d | gpg --import 2>&1')); - die(); -} +if (array_key_exists('msg', $_POST) && array_key_exists('sig', $_POST)) { -if (array_key_exists('gpg', $_POST)) { - $sig = shell_exec('echo "' . base64_encode($_POST['gpg']) . '" | base64 -d | base64 -d | gpg --verify --with-colons --status-fd 1 2>/dev/null | grep -wFm1 VALIDSIG'); - $sig = explode(' ', $sig); - if (abs(time() - $sig[4]) > 1200) { - die(); - }; - if ($sig[1] != 'VALIDSIG') { + $sig_file = tempnam('/tmp', 'ctl-sig'); + $h = fopen($sig_file, 'w'); + fwrite($h, $_POST['sig'] . "\n"); + fclose($h); + + $msg_file = tempnam('/tmp', 'ctl-msg'); + $h = fopen($msg_file, 'w'); + fwrite($h, $_POST['msg'] . "\n"); + fclose($h); + + $key = trim(shell_exec('sed -n "1 s@^.* \([a-zA-Z]\+\)\.pub\$@\1@; T; p" ' . $sig_file)); + + $erg = shell_exec('signify -V -p ../backstage/computer-time-limit/keys/' . $key . '.pub -x ' . $sig_file . ' -m ' . $msg_file . ' 2>&1; echo $?'); + + if ($erg != 'Signature Verified' . "\n" . '0' . "\n") { + print($erg); die(); } - $key = $sig[2]; - $cnt = shell_exec('echo "' . base64_encode($_POST['gpg']) . '" | base64 -d | base64 -d | gpg --output - 2>/dev/null'); - $result = $db->query('SELECT * FROM `computer_time` WHERE `fingerprint`="' . $key . '"'); + unlink($sig_file); + unlink($msg_file); + + $result = $db->query('SELECT * FROM `computer_time` WHERE `name`="' . $key . '"'); $row = $result->fetchArray(); if (!$row) { + print($key . ' is not known.'); die(); } $bis = strtotime($row['bis']); @@ -60,7 +68,7 @@ if (array_key_exists('gpg', $_POST)) { ' SET `aktiv`=' . $aktiv . ',' . '`von`="' . date('Y-m-d H:i:s', time()) . '",' . '`bis`="' . date('Y-m-d H:i:s', time() + $noch) . '"' . - ' WHERE `fingerprint`="' . $key . '"'); + ' WHERE `name`="' . $key . '"'); die(); } |