$error
"; $ok=false; }elseif(!isset($_POST['username']) || $_POST['username']===''){ $msg.='Error: username may not be empty.
'; $ok=false; }else{ $stmt=$db->prepare('SELECT username, password, id, tfa, pgp_key FROM users WHERE username=?;'); $stmt->execute([$_POST['username']]); $tmp=[]; if(($tmp=$stmt->fetch(PDO::FETCH_ASSOC))===false && preg_match('/^([2-7a-z]{16}).onion$/', $_POST['username'], $match)){ $stmt=$db->prepare('SELECT users.username, users.password, users.id, users.tfa, users.pgp_key FROM users INNER JOIN onions ON (onions.user_id=users.id) WHERE onions.onion=?;'); $stmt->execute([$match[1]]); $tmp=$stmt->fetch(PDO::FETCH_ASSOC); } if($tmp){ $username=$tmp['username']; $password=$tmp['password']; $tfa=$tmp['tfa']; $pgp_key=$tmp['pgp_key']; $stmt=$db->prepare('SELECT new_account.approved FROM new_account INNER JOIN users ON (users.id=new_account.user_id) WHERE users.id=?;'); $stmt->execute([$tmp['id']]); if($tmp=$stmt->fetch(PDO::FETCH_NUM)){ if(REQUIRE_APPROVAL && !$tmp[0]){ $msg.='Error: Your account is pending admin approval. Please try again later.
'; }else{ $msg.='Error: Your account is pending creation. Please try again in a minute.
'; } $ok=false; }elseif(!isset($_POST['pass']) || !password_verify($_POST['pass'], $password)){ $msg.='Error: wrong password.
'; $ok=false; } }else{ $msg.='Error: username was not found. If you forgot it, you can enter youraccount.onion instead.
'; $ok=false; } } if($ok){ $_SESSION['hosting_username']=$username; $_SESSION['csrf_token']=sha1(uniqid()); if($tfa){ $code = bin2hex(random_bytes(3)); $_SESSION['2fa_code'] = $code; $_SESSION['pgp_key'] = $pgp_key; $_SESSION['tfa'] = $tfa; } else { session_write_close(); header('Location: home.php'); exit; } } } } print_header('Login'); if($tfa){ $gpg = gnupg_init(); gnupg_seterrormode($gpg, GNUPG_ERROR_WARNING); gnupg_setarmor($gpg, 1); $imported_key = gnupg_import($gpg, $pgp_key); if($imported_key){ $key_info = gnupg_keyinfo($gpg, $imported_key['fingerprint']); foreach($key_info as $key){ if($key['can_encrypt']){ foreach($key['subkeys'] as $subkey){ gnupg_addencryptkey($gpg, $subkey['fingerprint']); } } } $encrypted = gnupg_encrypt($gpg, "To login, please enter the following code to confirm ownership of your key:\n\n".$_SESSION['2fa_code']."\n"); echo $msg; echo "To login, please decrypt the following PGP encrypted message and confirm the code:
"; echo "$encrypted"; ?>
Don't have the private key at hand? Logout