101 lines
2.9 KiB
PHP
101 lines
2.9 KiB
PHP
<?php
|
|
/*
|
|
|
|
gpg-mailgate
|
|
|
|
This file is part of the gpg-mailgate source code.
|
|
|
|
gpg-mailgate is free software: you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation, either version 3 of the License, or
|
|
(at your option) any later version.
|
|
|
|
gpg-mailgate source code is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with gpg-mailgate source code. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
*/
|
|
|
|
//returns true on success or error message on failure
|
|
function requestPGP($email, $key) {
|
|
require_once(includePath() . "/lock.php");
|
|
global $config, $lang;
|
|
|
|
if(!checkLock('requestpgp')) {
|
|
return $lang['submit_error_trylater'];
|
|
}
|
|
|
|
if(!filter_var($email, FILTER_VALIDATE_EMAIL)) {
|
|
return $lang['submit_error_bademail'];
|
|
}
|
|
|
|
if(strlen($email) > 256 || strlen($key) > 1024 * 32) {
|
|
return $lang['submit_error_toolong'];
|
|
}
|
|
|
|
if(!isAscii($key)) {
|
|
return $lang['submit_error_nonascii'];
|
|
}
|
|
|
|
//housekeeping
|
|
databaseQuery("DELETE FROM gpgmw_keys WHERE time < DATE_SUB(NOW(), INTERVAL 48 HOUR) AND confirm != '' AND status = 0");
|
|
|
|
//if we already have an unaccepted key for this user, only replace if one day has elapsed since the last request
|
|
// this may prevent spam
|
|
$result = databaseQuery("SELECT HOUR(TIMEDIFF(time, NOW())), id FROM gpgmw_keys WHERE email = ? AND status = 0", array($email));
|
|
|
|
if($row = $result->fetch()) {
|
|
if($row[0] < 24) {
|
|
return $lang['submit_error_alreadyqueue'];
|
|
} else {
|
|
databaseQuery('DELETE FROM gpgmw_keys WHERE id = ?', array($row[1]));
|
|
}
|
|
}
|
|
|
|
//if PGP key verification is enabled, do it
|
|
if($config['pgpverify_enable']) {
|
|
require_once(includePath() . "/gpg.php");
|
|
|
|
if(!verifyPGPKey($key, $email)) {
|
|
return $lang['submit_error_badkey'];
|
|
}
|
|
}
|
|
|
|
//well, it looks good, let's submit it
|
|
lockAction('requestpgp');
|
|
$confirm = uid(32);
|
|
$confirm_link = "{$config['site_url']}/confirm.php?email=" . urlencode($email) . "&confirm=$confirm";
|
|
$result = gpgmw_mail($config['email_subject_requestpgp'], sprintf($lang['mail_confirm'], $confirm_link), $email);
|
|
|
|
if(!$result) {
|
|
return $lang['submit_error_emailfail'];
|
|
}
|
|
|
|
databaseQuery("INSERT INTO gpgmw_keys (email, publickey, confirm) VALUES (?, ?, ?)", array($email, $key, $confirm));
|
|
return true;
|
|
}
|
|
|
|
//returns false on failure or true on success
|
|
function confirmPGP($email, $confirm) {
|
|
require_once(includePath() . "/lock.php");
|
|
|
|
if(!lockAction('confirmpgp')) {
|
|
return false;
|
|
}
|
|
|
|
$result = databaseQuery("SELECT id FROM gpgmw_keys WHERE confirm = ? AND email = ?", array($confirm, $email));
|
|
|
|
if($row = $result->fetch()) {
|
|
databaseQuery("UPDATE gpgmw_keys SET confirm = '' WHERE id = ?", array($row[0]));
|
|
return true;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
?>
|