From e35c1f6a2120775e23daf31256ce070cee2d462e Mon Sep 17 00:00:00 2001
From: Stefanie Eckner <stefanie@eckner.net>
Date: Sat, 30 Dec 2023 15:49:46 +0100
Subject: server auf signify umgebaut

---
 computer-time-limit.php | 38 +++++++++++++++++++++++---------------
 1 file changed, 23 insertions(+), 15 deletions(-)

diff --git a/computer-time-limit.php b/computer-time-limit.php
index 6cbdd59..ed4dc3a 100644
--- a/computer-time-limit.php
+++ b/computer-time-limit.php
@@ -2,26 +2,34 @@
 
 $db = new SQLite3('../backstage/computer-time-limit/computer-time-limit.sqlite');
 
-if (array_key_exists('key', $_POST)) {
-  print(shell_exec('echo "' . base64_encode($_POST['key']) . '" | base64 -d | base64 -d | gpg --import 2>&1'));
-  die();
-}
+if (array_key_exists('msg', $_POST) && array_key_exists('sig', $_POST)) {
 
-if (array_key_exists('gpg', $_POST)) {
-  $sig = shell_exec('echo "' . base64_encode($_POST['gpg']) . '" | base64 -d | base64 -d | gpg --verify --with-colons --status-fd 1 2>/dev/null | grep -wFm1 VALIDSIG');
-  $sig =  explode(' ', $sig);
-  if (abs(time() - $sig[4]) > 1200) {
-    die();
-  };
-  if ($sig[1] != 'VALIDSIG') {
+  $sig_file = tempnam('/tmp', 'ctl-sig');
+  $h = fopen($sig_file, 'w');
+  fwrite($h, $_POST['sig'] . "\n");
+  fclose($h);
+
+  $msg_file = tempnam('/tmp', 'ctl-msg');
+  $h = fopen($msg_file, 'w');
+  fwrite($h, $_POST['msg'] . "\n");
+  fclose($h);
+
+  $key = trim(shell_exec('sed -n "1 s@^.* \([a-zA-Z]\+\)\.pub\$@\1@; T; p" ' . $sig_file));
+
+  $erg = shell_exec('signify -V -p ../backstage/computer-time-limit/keys/' . $key . '.pub -x ' . $sig_file . ' -m ' . $msg_file . ' 2>&1; echo $?');
+
+  if ($erg != 'Signature Verified' . "\n" . '0' . "\n") {
+    print($erg);
     die();
   }
-  $key = $sig[2];
-  $cnt = shell_exec('echo "' . base64_encode($_POST['gpg']) . '" | base64 -d | base64 -d | gpg --output - 2>/dev/null');
 
-  $result = $db->query('SELECT * FROM `computer_time` WHERE `fingerprint`="' . $key . '"');
+  unlink($sig_file);
+  unlink($msg_file);
+
+  $result = $db->query('SELECT * FROM `computer_time` WHERE `name`="' . $key . '"');
   $row = $result->fetchArray();
   if (!$row) {
+    print($key . ' is not known.');
     die();
   }
   $bis = strtotime($row['bis']);
@@ -60,7 +68,7 @@ if (array_key_exists('gpg', $_POST)) {
     ' SET `aktiv`=' . $aktiv . ',' .
     '`von`="' . date('Y-m-d H:i:s', time()) . '",' .
     '`bis`="' . date('Y-m-d H:i:s', time() + $noch) . '"' .
-    ' WHERE `fingerprint`="' . $key . '"');
+    ' WHERE `name`="' . $key . '"');
   die();
 }
 
-- 
cgit v1.2.3-70-g09d2