summaryrefslogtreecommitdiff
path: root/computer-time-limit.php
diff options
context:
space:
mode:
authorStefanie Eckner <stefanie@eckner.net>2023-12-30 15:49:46 +0100
committerStefanie Eckner <stefanie@eckner.net>2023-12-30 15:49:46 +0100
commite35c1f6a2120775e23daf31256ce070cee2d462e (patch)
tree586be65a37d922743b73464e4aa59ca044a1d119 /computer-time-limit.php
parent216eafc2727ddc6c73c12d6961d2d2b632a582ff (diff)
downloadcomputer-time-limit-e35c1f6a2120775e23daf31256ce070cee2d462e.tar.xz
server auf signify umgebaut
Diffstat (limited to 'computer-time-limit.php')
-rw-r--r--computer-time-limit.php38
1 files changed, 23 insertions, 15 deletions
diff --git a/computer-time-limit.php b/computer-time-limit.php
index 6cbdd59..ed4dc3a 100644
--- a/computer-time-limit.php
+++ b/computer-time-limit.php
@@ -2,26 +2,34 @@
$db = new SQLite3('../backstage/computer-time-limit/computer-time-limit.sqlite');
-if (array_key_exists('key', $_POST)) {
- print(shell_exec('echo "' . base64_encode($_POST['key']) . '" | base64 -d | base64 -d | gpg --import 2>&1'));
- die();
-}
+if (array_key_exists('msg', $_POST) && array_key_exists('sig', $_POST)) {
-if (array_key_exists('gpg', $_POST)) {
- $sig = shell_exec('echo "' . base64_encode($_POST['gpg']) . '" | base64 -d | base64 -d | gpg --verify --with-colons --status-fd 1 2>/dev/null | grep -wFm1 VALIDSIG');
- $sig = explode(' ', $sig);
- if (abs(time() - $sig[4]) > 1200) {
- die();
- };
- if ($sig[1] != 'VALIDSIG') {
+ $sig_file = tempnam('/tmp', 'ctl-sig');
+ $h = fopen($sig_file, 'w');
+ fwrite($h, $_POST['sig'] . "\n");
+ fclose($h);
+
+ $msg_file = tempnam('/tmp', 'ctl-msg');
+ $h = fopen($msg_file, 'w');
+ fwrite($h, $_POST['msg'] . "\n");
+ fclose($h);
+
+ $key = trim(shell_exec('sed -n "1 s@^.* \([a-zA-Z]\+\)\.pub\$@\1@; T; p" ' . $sig_file));
+
+ $erg = shell_exec('signify -V -p ../backstage/computer-time-limit/keys/' . $key . '.pub -x ' . $sig_file . ' -m ' . $msg_file . ' 2>&1; echo $?');
+
+ if ($erg != 'Signature Verified' . "\n" . '0' . "\n") {
+ print($erg);
die();
}
- $key = $sig[2];
- $cnt = shell_exec('echo "' . base64_encode($_POST['gpg']) . '" | base64 -d | base64 -d | gpg --output - 2>/dev/null');
- $result = $db->query('SELECT * FROM `computer_time` WHERE `fingerprint`="' . $key . '"');
+ unlink($sig_file);
+ unlink($msg_file);
+
+ $result = $db->query('SELECT * FROM `computer_time` WHERE `name`="' . $key . '"');
$row = $result->fetchArray();
if (!$row) {
+ print($key . ' is not known.');
die();
}
$bis = strtotime($row['bis']);
@@ -60,7 +68,7 @@ if (array_key_exists('gpg', $_POST)) {
' SET `aktiv`=' . $aktiv . ',' .
'`von`="' . date('Y-m-d H:i:s', time()) . '",' .
'`bis`="' . date('Y-m-d H:i:s', time() + $noch) . '"' .
- ' WHERE `fingerprint`="' . $key . '"');
+ ' WHERE `name`="' . $key . '"');
die();
}