Commit 985795a2 authored by Lukas Fleischer's avatar Lukas Fleischer
Browse files

Add field for PGP key in profile information



This is handy for verifying the PGP key of new Trusted Users. Also, this
could potentially used as a basis to allow signed package uploads in the
future.

Implements FS#29028.
Signed-off-by: default avatarLukas Fleischer <archlinux@cryptocrack.de>
parent 0a1e1729
...@@ -6,7 +6,10 @@ From 1.9.1 to 2.0.0 ...@@ -6,7 +6,10 @@ From 1.9.1 to 2.0.0
1. Add new "Users" table login date column: 1. Add new "Users" table login date column:
----
ALTER TABLE Users ADD COLUMN LastLogin BIGINT NOT NULL DEFAULT 0; ALTER TABLE Users ADD COLUMN LastLogin BIGINT NOT NULL DEFAULT 0;
ALTER TABLE Users ADD COLUMN PGPKey VARCHAR(40) NULL DEFAULT NULL;
----
From 1.9.0 to 1.9.1 From 1.9.0 to 1.9.1
------------------- -------------------
......
...@@ -31,6 +31,7 @@ CREATE TABLE Users ( ...@@ -31,6 +31,7 @@ CREATE TABLE Users (
RealName VARCHAR(64) NOT NULL DEFAULT '', RealName VARCHAR(64) NOT NULL DEFAULT '',
LangPreference VARCHAR(5) NOT NULL DEFAULT 'en', LangPreference VARCHAR(5) NOT NULL DEFAULT 'en',
IRCNick VARCHAR(32) NOT NULL DEFAULT '', IRCNick VARCHAR(32) NOT NULL DEFAULT '',
PGPKey VARCHAR(40) NULL DEFAULT NULL,
LastVoted BIGINT UNSIGNED NOT NULL DEFAULT 0, LastVoted BIGINT UNSIGNED NOT NULL DEFAULT 0,
LastLogin BIGINT UNSIGNED NOT NULL DEFAULT 0, LastLogin BIGINT UNSIGNED NOT NULL DEFAULT 0,
PRIMARY KEY (ID), PRIMARY KEY (ID),
......
...@@ -33,7 +33,8 @@ if (isset($_COOKIE["AURSID"])) { ...@@ -33,7 +33,8 @@ if (isset($_COOKIE["AURSID"])) {
# #
search_results_page($atype, in_request("O"), in_request("SB"), search_results_page($atype, in_request("O"), in_request("SB"),
in_request("U"), in_request("T"), in_request("S"), in_request("U"), in_request("T"), in_request("S"),
in_request("E"), in_request("R"), in_request("I")); in_request("E"), in_request("R"), in_request("I"),
in_request("K"));
} else { } else {
# a non-privileged user is trying to access the search page # a non-privileged user is trying to access the search page
...@@ -64,7 +65,7 @@ if (isset($_COOKIE["AURSID"])) { ...@@ -64,7 +65,7 @@ if (isset($_COOKIE["AURSID"])) {
display_account_form($atype, "UpdateAccount", $row["Username"], display_account_form($atype, "UpdateAccount", $row["Username"],
$row["AccountType"], $row["Suspended"], $row["Email"], $row["AccountType"], $row["Suspended"], $row["Email"],
"", "", $row["RealName"], $row["LangPreference"], "", "", $row["RealName"], $row["LangPreference"],
$row["IRCNick"], $row["ID"]); $row["IRCNick"], $row["PGPKey"], $row["ID"]);
} }
} }
...@@ -82,7 +83,7 @@ if (isset($_COOKIE["AURSID"])) { ...@@ -82,7 +83,7 @@ if (isset($_COOKIE["AURSID"])) {
$row = mysql_fetch_assoc($result); $row = mysql_fetch_assoc($result);
display_account_info($row["Username"], display_account_info($row["Username"],
$row["AccountType"], $row["Email"], $row["RealName"], $row["AccountType"], $row["Email"], $row["RealName"],
$row["IRCNick"], $row["LastVoted"]); $row["IRCNick"], $row["PGPKey"], $row["LastVoted"]);
} }
} elseif ($action == "UpdateAccount") { } elseif ($action == "UpdateAccount") {
...@@ -92,7 +93,7 @@ if (isset($_COOKIE["AURSID"])) { ...@@ -92,7 +93,7 @@ if (isset($_COOKIE["AURSID"])) {
in_request("U"), in_request("T"), in_request("S"), in_request("U"), in_request("T"), in_request("S"),
in_request("E"), in_request("P"), in_request("C"), in_request("E"), in_request("P"), in_request("C"),
in_request("R"), in_request("L"), in_request("I"), in_request("R"), in_request("L"), in_request("I"),
in_request("ID")); in_request("K"), in_request("ID"));
} else { } else {
...@@ -127,7 +128,7 @@ if (isset($_COOKIE["AURSID"])) { ...@@ -127,7 +128,7 @@ if (isset($_COOKIE["AURSID"])) {
display_account_form($atype, "UpdateAccount", $row["Username"], display_account_form($atype, "UpdateAccount", $row["Username"],
$row["AccountType"], $row["Suspended"], $row["Email"], $row["AccountType"], $row["Suspended"], $row["Email"],
"", "", $row["RealName"], $row["LangPreference"], "", "", $row["RealName"], $row["LangPreference"],
$row["IRCNick"], $row["ID"]); $row["IRCNick"], $row["PGPKey"], $row["ID"]);
} }
} }
} }
...@@ -143,7 +144,7 @@ if (isset($_COOKIE["AURSID"])) { ...@@ -143,7 +144,7 @@ if (isset($_COOKIE["AURSID"])) {
process_account_form("","new", "NewAccount", process_account_form("","new", "NewAccount",
in_request("U"), 1, 0, in_request("E"), in_request("U"), 1, 0, in_request("E"),
in_request("P"), in_request("C"), in_request("R"), in_request("P"), in_request("C"), in_request("R"),
in_request("L"), in_request("I")); in_request("L"), in_request("I"), in_request("K"));
} else { } else {
# display the account request form # display the account request form
......
...@@ -8,10 +8,28 @@ function in_request($name) { ...@@ -8,10 +8,28 @@ function in_request($name) {
return ""; return "";
} }
# Format PGP key fingerprint
function html_format_pgp_fingerprint($fingerprint) {
if (strlen($fingerprint) != 40 || !ctype_xdigit($fingerprint)) {
return $fingerprint;
}
return htmlspecialchars(substr($fingerprint, 0, 4) . " " .
substr($fingerprint, 4, 4) . " " .
substr($fingerprint, 8, 4) . " " .
substr($fingerprint, 12, 4) . " " .
substr($fingerprint, 16, 4) . " " .
substr($fingerprint, 20, 4) . " " .
substr($fingerprint, 24, 4) . " " .
substr($fingerprint, 28, 4) . " " .
substr($fingerprint, 32, 4) . " " .
substr($fingerprint, 36, 4) . " ", ENT_QUOTES);
}
# Display the standard Account form, pass in default values if any # Display the standard Account form, pass in default values if any
function display_account_form($UTYPE,$A,$U="",$T="",$S="", function display_account_form($UTYPE,$A,$U="",$T="",$S="",
$E="",$P="",$C="",$R="",$L="",$I="",$UID=0) { $E="",$P="",$C="",$R="",$L="",$I="",$K="",$UID=0) {
# UTYPE: what user type the form is being displayed for # UTYPE: what user type the form is being displayed for
# A: what "form" name to use # A: what "form" name to use
# U: value to display for username # U: value to display for username
...@@ -112,6 +130,12 @@ function display_account_form($UTYPE,$A,$U="",$T="",$S="", ...@@ -112,6 +130,12 @@ function display_account_form($UTYPE,$A,$U="",$T="",$S="",
print " name='I' value='".htmlspecialchars($I,ENT_QUOTES)."' /></td>"; print " name='I' value='".htmlspecialchars($I,ENT_QUOTES)."' /></td>";
print "</tr>\n"; print "</tr>\n";
print "<tr>";
print "<td align='left'>".__("PGP Key Fingerprint").":</td>";
print "<td align='left'><input type='text' size='30' maxlength='50'";
print " name='K' value='".html_format_pgp_fingerprint($K)."' /></td>";
print "</tr>\n";
print "<tr>"; print "<tr>";
print "<td align='left'>".__("Language").":</td>"; print "<td align='left'>".__("Language").":</td>";
print "<td align='left'><select name=L>\n"; print "<td align='left'><select name=L>\n";
...@@ -152,7 +176,7 @@ function display_account_form($UTYPE,$A,$U="",$T="",$S="", ...@@ -152,7 +176,7 @@ function display_account_form($UTYPE,$A,$U="",$T="",$S="",
# process form input from a new/edit account form # process form input from a new/edit account form
# #
function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
$P="",$C="",$R="",$L="",$I="",$UID=0) { $P="",$C="",$R="",$L="",$I="",$K="",$UID=0) {
# UTYPE: The user's account type # UTYPE: The user's account type
# TYPE: either "edit" or "new" # TYPE: either "edit" or "new"
# A: what parent "form" name to use # A: what parent "form" name to use
...@@ -215,6 +239,11 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", ...@@ -215,6 +239,11 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
if (!$error && !valid_email($E)) { if (!$error && !valid_email($E)) {
$error = __("The email address is invalid."); $error = __("The email address is invalid.");
} }
if (!$error && $K != '' && !valid_pgp_fingerprint($K)) {
$error = __("The PGP key fingerprint is invalid.");
}
if ($UTYPE == "Trusted User" && $T == 3) { if ($UTYPE == "Trusted User" && $T == 3) {
$error = __("A Trusted User cannot assign Developer status."); $error = __("A Trusted User cannot assign Developer status.");
} }
...@@ -260,17 +289,17 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", ...@@ -260,17 +289,17 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
if ($error) { if ($error) {
print "<span class='error'>".$error."</span><br/>\n"; print "<span class='error'>".$error."</span><br/>\n";
display_account_form($UTYPE, $A, $U, $T, $S, $E, "", "", display_account_form($UTYPE, $A, $U, $T, $S, $E, "", "",
$R, $L, $I, $UID); $R, $L, $I, $K, $UID);
} else { } else {
if ($TYPE == "new") { if ($TYPE == "new") {
# no errors, go ahead and create the unprivileged user # no errors, go ahead and create the unprivileged user
$salt = generate_salt(); $salt = generate_salt();
$P = salted_hash($P, $salt); $P = salted_hash($P, $salt);
$escaped = array_map('db_escape_string', $escaped = array_map('db_escape_string',
array($U, $E, $P, $salt, $R, $L, $I)); array($U, $E, $P, $salt, $R, $L, $I, str_replace(" ", "", $K)));
$q = "INSERT INTO Users (" . $q = "INSERT INTO Users (" .
"AccountTypeID, Suspended, Username, Email, Passwd, Salt" . "AccountTypeID, Suspended, Username, Email, Passwd, Salt" .
", RealName, LangPreference, IRCNick) " . ", RealName, LangPreference, IRCNick, PGPKey) " .
"VALUES (1, 0, '" . implode("', '", $escaped) . "')"; "VALUES (1, 0, '" . implode("', '", $escaped) . "')";
$result = db_query($q, $dbh); $result = db_query($q, $dbh);
if (!$result) { if (!$result) {
...@@ -308,6 +337,7 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="", ...@@ -308,6 +337,7 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
$q.= ", RealName = '".db_escape_string($R)."'"; $q.= ", RealName = '".db_escape_string($R)."'";
$q.= ", LangPreference = '".db_escape_string($L)."'"; $q.= ", LangPreference = '".db_escape_string($L)."'";
$q.= ", IRCNick = '".db_escape_string($I)."'"; $q.= ", IRCNick = '".db_escape_string($I)."'";
$q.= ", PGPKey = '".db_escape_string(str_replace(" ", "", $K))."'";
$q.= " WHERE ID = ".intval($UID); $q.= " WHERE ID = ".intval($UID);
$result = db_query($q, $dbh); $result = db_query($q, $dbh);
if (!$result) { if (!$result) {
...@@ -333,7 +363,7 @@ function search_accounts_form() { ...@@ -333,7 +363,7 @@ function search_accounts_form() {
# search results page # search results page
# #
function search_results_page($UTYPE,$O=0,$SB="",$U="",$T="", function search_results_page($UTYPE,$O=0,$SB="",$U="",$T="",
$S="",$E="",$R="",$I="") { $S="",$E="",$R="",$I="",$K="") {
# UTYPE: what account type the user belongs to # UTYPE: what account type the user belongs to
# O: what row offset we're at # O: what row offset we're at
# SB: how to sort the results # SB: how to sort the results
...@@ -388,6 +418,10 @@ function search_results_page($UTYPE,$O=0,$SB="",$U="",$T="", ...@@ -388,6 +418,10 @@ function search_results_page($UTYPE,$O=0,$SB="",$U="",$T="",
$q.= "AND IRCNick LIKE '%".db_escape_like($I)."%' "; $q.= "AND IRCNick LIKE '%".db_escape_like($I)."%' ";
$search_vars[] = "I"; $search_vars[] = "I";
} }
if ($K) {
$q.= "AND PGPKey LIKE '%".db_escape_like(str_replace(" ", "", $K))."%' ";
$search_vars[] = "K";
}
switch ($SB) { switch ($SB) {
case 't': case 't':
$q.= "ORDER BY AccountTypeID, Username "; $q.= "ORDER BY AccountTypeID, Username ";
...@@ -429,6 +463,8 @@ function search_results_page($UTYPE,$O=0,$SB="",$U="",$T="", ...@@ -429,6 +463,8 @@ function search_results_page($UTYPE,$O=0,$SB="",$U="",$T="",
print "<th class='header'>"; print "<th class='header'>";
print "<span class='f2'>".__("IRC Nick")."</span></th>"; print "<span class='f2'>".__("IRC Nick")."</span></th>";
print "<th class='header'>"; print "<th class='header'>";
print "<span class='f2'>".__("PGP Key Fingerprint")."</span></th>";
print "<th class='header'>";
print "<span class='f2'>".__("Last Voted")."</span></th>"; print "<span class='f2'>".__("Last Voted")."</span></th>";
print "<th class='header'>"; print "<th class='header'>";
print "<span class='f2'>".__("Edit Account")."</span></th>"; print "<span class='f2'>".__("Edit Account")."</span></th>";
...@@ -460,6 +496,9 @@ function search_results_page($UTYPE,$O=0,$SB="",$U="",$T="", ...@@ -460,6 +496,9 @@ function search_results_page($UTYPE,$O=0,$SB="",$U="",$T="",
$row["IRCNick"] ? print htmlspecialchars($row["IRCNick"],ENT_QUOTES) : print "&nbsp;"; $row["IRCNick"] ? print htmlspecialchars($row["IRCNick"],ENT_QUOTES) : print "&nbsp;";
print "</span></td>"; print "</span></td>";
print "<td class='".$c."'><span class='f5'>"; print "<td class='".$c."'><span class='f5'>";
$row["PGPKey"] ? print html_format_pgp_fingerprint($row["PGPKey"]) : print "&nbsp;";
print "</span></td>";
print "<td class='".$c."'><span class='f5'>";
$row["LastVoted"] $row["LastVoted"]
? print date("Y-m-d", $row["LastVoted"]) ? print date("Y-m-d", $row["LastVoted"])
: print __("Never"); : print __("Never");
...@@ -526,7 +565,7 @@ function search_results_page($UTYPE,$O=0,$SB="",$U="",$T="", ...@@ -526,7 +565,7 @@ function search_results_page($UTYPE,$O=0,$SB="",$U="",$T="",
# Display non-editable account info # Display non-editable account info
# #
function display_account_info($U="", $T="", $E="", $R="", $I="", $LV="") { function display_account_info($U="", $T="", $E="", $R="", $I="", $K="", $LV="") {
# U: value to display for username # U: value to display for username
# T: value to display for account type # T: value to display for account type
# E: value to display for email address # E: value to display for email address
...@@ -574,6 +613,11 @@ function display_account_info($U="", $T="", $E="", $R="", $I="", $LV="") { ...@@ -574,6 +613,11 @@ function display_account_info($U="", $T="", $E="", $R="", $I="", $LV="") {
print " <td align='left'>".htmlspecialchars($I,ENT_QUOTES)."</td>\n"; print " <td align='left'>".htmlspecialchars($I,ENT_QUOTES)."</td>\n";
print " </tr>\n"; print " </tr>\n";
print " <tr>\n";
print " <td align='left'>".__("PGP Key Fingerprint").":</td>\n";
print " <td align='left'>".html_format_pgp_fingerprint($K)."</td>\n";
print " </tr>\n";
print " <tr>\n"; print " <tr>\n";
print " <td align='left'>".__("Last Voted").":</td>\n"; print " <td align='left'>".__("Last Voted").":</td>\n";
print " <td align='left'>"; print " <td align='left'>";
...@@ -783,6 +827,15 @@ function valid_passwd( $userID, $passwd, $dbh ) ...@@ -783,6 +827,15 @@ function valid_passwd( $userID, $passwd, $dbh )
return false; return false;
} }
/*
* Checks if the PGP key fingerprint is valid (must be 40 hexadecimal digits).
*/
function valid_pgp_fingerprint ( $fingerprint )
{
$fingerprint = str_replace(" ", "", $fingerprint);
return (strlen($fingerprint) == 40 && ctype_xdigit($fingerprint));
}
/* /*
* Is the user account suspended? * Is the user account suspended?
*/ */
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment