89 lines
2.9 KiB
PHP
89 lines
2.9 KiB
PHP
<?php
|
|
/*
|
|
|
|
gpg-mailgate
|
|
|
|
This file is part of the gpg-mailgate source code.
|
|
|
|
gpg-mailgate is free software: you can redistribute it and/or modify
|
|
it under the terms of the GNU Affero General Public License as published by
|
|
the Free Software Foundation, either version 3 of the License, or
|
|
(at your option) any later version.
|
|
|
|
gpg-mailgate source code is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU Affero General Public License for more details.
|
|
|
|
You should have received a copy of the GNU Affero General Public License
|
|
along with gpg-mailgate source code. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
*/
|
|
|
|
//returns true on success or error message on failure
|
|
function requestPGP($email, $key) {
|
|
require_once(includePath() . "/lock.php");
|
|
global $config;
|
|
|
|
if(!checkLock('requestpgp')) {
|
|
return "please wait a bit before trying again";
|
|
}
|
|
|
|
if(!filter_var($email, FILTER_VALIDATE_EMAIL)) {
|
|
return "invalid email address";
|
|
}
|
|
|
|
if(strlen($email) > 256 || strlen($key) > 1024 * 32) {
|
|
return "email address or key too long";
|
|
}
|
|
|
|
if(!isAscii($key)) {
|
|
return "only keys encoded with ASCII armor are accepted (gpg --armor)";
|
|
}
|
|
|
|
//housekeeping
|
|
databaseQuery("DELETE FROM gpgmw_keys WHERE time < DATE_SUB(NOW(), INTERVAL 48 HOUR) AND confirm != '' AND status = 0");
|
|
|
|
//if we already have an unaccepted key for this user, only replace if one day has elapsed since the last request
|
|
// this may prevent spam
|
|
$result = databaseQuery("SELECT HOUR(TIMEDIFF(time, NOW())), id FROM gpgmw_keys WHERE email = ? AND status = 0", array($email));
|
|
|
|
if($row = $result->fetch()) {
|
|
if($row[0] < 24) {
|
|
return "there is already a key in the queue for this email address; please wait twenty-four hours between submitting keys, or confirm the previous key and then resubmit";
|
|
} else {
|
|
databaseQuery('DELETE FROM gpgmw_keys WHERE id = ?', array($row[1]));
|
|
}
|
|
}
|
|
|
|
//well, it looks good, let's submit it
|
|
lockAction('requestpgp');
|
|
$confirm = uid(32);
|
|
$result = gpgmw_mail($config['email_subject_requestpgp'], "Please confirm your email address to complete the submission process. You can do so by clicking the link below\n\n{$config['site_url']}/confirm.php?email=" . urlencode($email) . "&confirm=$confirm\n\nThanks,\ngpg-mailgate-web", $email);
|
|
|
|
if(!$result) {
|
|
return "failed to send email";
|
|
}
|
|
|
|
databaseQuery("INSERT INTO gpgmw_keys (email, publickey, confirm) VALUES (?, ?, ?)", array($email, $key, $confirm));
|
|
return true;
|
|
}
|
|
|
|
//returns false on failure or true on success
|
|
function confirmPGP($email, $confirm) {
|
|
if(!lockAction('confirmpgp')) {
|
|
return "try again later";
|
|
}
|
|
|
|
$result = databaseQuery("SELECT id FROM gpgmw_keys WHERE confirm = ? AND email = ?", array($confirm, $email));
|
|
|
|
if($row = $result->fetch()) {
|
|
databaseQuery("UPDATE gpgmw_keys SET confirm = '' WHERE id = ?", array($row[0]));
|
|
return true;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
?>
|