'._('There was an error importing the key').'

'; }else{ $db = get_db_instance(); $stmt = $db->prepare('UPDATE users SET pgp_key = ?, tfa = 0, pgp_verified = 0 WHERE id = ?;'); $stmt->execute([$pgp_key, $user['id']]); $user['pgp_key'] = $pgp_key; } } if(isset($_POST['enable_2fa_code'])){ if($_POST['enable_2fa_code'] !== $_SESSION['enable_2fa_code']){ echo '

'._('Sorry, the code was incorrect').'

'; } else { $db = get_db_instance(); $stmt = $db->prepare('UPDATE users SET tfa = 1, pgp_verified = 1 WHERE id = ?;'); $stmt->execute([$user['id']]); $user['tfa'] = 1; } } } if(!empty($user['pgp_key'])){ if($user['tfa'] == '1'){ echo '

'._('Yay, PGP based 2FA is enabled!').'

'; } else { $gpg = gnupg_init(); gnupg_seterrormode($gpg, GNUPG_ERROR_WARNING); gnupg_setarmor($gpg, 1); $imported_key = gnupg_import($gpg, $user['pgp_key']); if($imported_key){ $key_info = gnupg_keyinfo($gpg, $imported_key['fingerprint']); foreach($key_info as $key){ if(!$key['can_encrypt']){ echo '

'._("Sorry, this key can't be used to encrypt a message to you. Your key may have expired or has been revoked.").'

'; }else{ foreach($key['subkeys'] as $subkey){ gnupg_addencryptkey($gpg, $subkey['fingerprint']); } } } $_SESSION['enable_2fa_code'] = bin2hex(random_bytes(3)); if($encrypted = gnupg_encrypt($gpg, _('To enable 2FA, please enter the following code to confirm ownership of your key:')."\n\n$_SESSION[enable_2fa_code]\n")){ echo '

'._('To enable 2FA using your PGP key, please decrypt the following PGP encrypted message and confirm the code:').'

'; echo "

$encrypted

"; ?>