From 77ebda6eb54b1d6e6b4e1428bcc3ef7807995d37 Mon Sep 17 00:00:00 2001 From: Ineiev Date: Fri, 10 Feb 2017 12:10:55 +0000 Subject: [PATCH] Encrypt message to GPG key when available. --- frontend/php/account/lostpw-confirm.php | 54 +++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/frontend/php/account/lostpw-confirm.php b/frontend/php/account/lostpw-confirm.php index a4dc5cd..96a90c3 100644 --- a/frontend/php/account/lostpw-confirm.php +++ b/frontend/php/account/lostpw-confirm.php @@ -4,6 +4,7 @@ # Copyright 1999-2000 (c) The SourceForge Crew # Copyright 2004-2005 (c) Mathieu Roy # Joxean Koret +# Copyright 2017 (c) Ineiev # # This file is part of Savane. # @@ -140,6 +141,55 @@ $message_for_admin = . gmdate('D, d M Y H:i:s \G\M\T') . "\n"; +$message_enc = ""; +$temp_dir = shell_exec('echo -n `mktemp --tmpdir -d lostpw.XXXXXXXX`'); +if($temp_dir != "") + { + # Import registered GPG key to temporary directory. + $temp_dir = "'".$temp_dir."'"; + $res_gpg = db_execute("SELECT gpg_key FROM user WHERE user_id=?", + array($row_user['user_id'])); + $row_gpg = db_fetch_array($res_gpg); + + $gpg_process = popen('gpg --homedir '.$temp_dir.' --import 2>/dev/null >/dev/null', + 'w'); + fwrite($gpg_process, $row_gpg['gpg_key']); + pclose($gpg_process); + + # Find first key with encryption capability; get its ID. + $gpg_command = 'gpg --homedir '.$temp_dir.' --list-keys --with-colons 2>/dev/null'; + $gpg_command = $gpg_command." | awk -F ':' '"; + $gpg_command = $gpg_command.'$1 == "pub" { if($12 !~ /[eE]/) next; '; + $gpg_command = $gpg_command.'if($5 == "") next; printf("%s", $5); exit(0); }'; + $gpg_command = $gpg_command."'"; + $key_id = shell_exec($gpg_command); + + if($key_id != "") + { + $temp_file = shell_exec('echo -n `mktemp --tmpdir lostpw.XXXXXXXX`'); + if($temp_file != "") + { + # Encrypt message. + $temp_file = "'".$temp_file."'"; + $gpg_command = 'gpg --homedir '.$temp_dir.' --batch -a --encrypt '; + $gpg_command = $gpg_command.'--trust-model always -r '.$key_id; + $gpg_command = $gpg_command." > ".$temp_file; + $gpg_process = popen($gpg_command, 'w'); + fwrite($gpg_process, $message); + pclose($gpg_process); + $message_enc = shell_exec("cat ".$temp_file); + shell_exec('rm -f '.$temp_file); + } + } + + shell_exec('rm -fr '.$temp_dir); + + if($message_enc != "") + { + $message = $message_enc; + } + } + sendmail_mail($GLOBALS['sys_mail_replyto']."@".$GLOBALS['sys_mail_domain'], $row_user['email'], $GLOBALS['sys_default_domain']." Verification", @@ -159,6 +209,10 @@ $HTML->header(array('title'=>_("Lost Password Confirmation"))); print '

'._("An email has been sent to the address you have on file.").'

'; print '

'._("Follow the instructions in the email to change your account password.").'

'; +if($message_enc != "") + { + print '

'._("Note that it was encrypted with your registered GPG key.").'

'; + } ; $HTML->footer(array()); -- 1.7.9.5