81 lines
2.9 KiB
PHP
81 lines
2.9 KiB
PHP
<?php
|
|
require('../common.php');
|
|
$user=check_login();
|
|
print_header('PGP 2FA');
|
|
dashboard_menu($user, 'pgp.php');
|
|
if($_SERVER['REQUEST_METHOD']==='POST'){
|
|
if($error=check_csrf_error()){
|
|
die($error);
|
|
}
|
|
if(isset($_POST['pgp_key'])){
|
|
$pgp_key = trim($_POST['pgp_key']);
|
|
$gpg = gnupg_init();
|
|
gnupg_seterrormode($gpg, GNUPG_ERROR_WARNING);
|
|
gnupg_setarmor($gpg, 1);
|
|
$imported_key = gnupg_import($gpg, $pgp_key);
|
|
if(!$imported_key){
|
|
echo "<p style=\"color:red\">There was an error importing the key</p>";
|
|
}else{
|
|
$db = get_db_instance();
|
|
$stmt = $db->prepare('UPDATE users SET pgp_key = ?, tfa = 0, pgp_verified = 0 WHERE id = ?;');
|
|
$stmt->execute([$pgp_key, $user['id']]);
|
|
$user['pgp_key'] = $pgp_key;
|
|
}
|
|
}
|
|
if(isset($_POST['enable_2fa_code'])){
|
|
if($_POST['enable_2fa_code'] !== $_SESSION['enable_2fa_code']){
|
|
echo "<p style=\"color:red\">Sorry, the code was incorrect</p>";
|
|
} else {
|
|
$db = get_db_instance();
|
|
$stmt = $db->prepare('UPDATE users SET tfa = 1, pgp_verified = 1 WHERE id = ?;');
|
|
$stmt->execute([$user['id']]);
|
|
$user['tfa'] = 1;
|
|
}
|
|
}
|
|
}
|
|
if(!empty($user['pgp_key'])){
|
|
if($user['tfa'] == '1'){
|
|
echo "<p style=\"color:green\">Yay, PGP based 2FA is enabled!</p>";
|
|
} else {
|
|
$gpg = gnupg_init();
|
|
gnupg_seterrormode($gpg, GNUPG_ERROR_WARNING);
|
|
gnupg_setarmor($gpg, 1);
|
|
$imported_key = gnupg_import($gpg, $user['pgp_key']);
|
|
if($imported_key){
|
|
$key_info = gnupg_keyinfo($gpg, $imported_key['fingerprint']);
|
|
foreach($key_info as $key){
|
|
if(!$key['can_encrypt']){
|
|
echo "<p>Sorry, this key can't be used to encrypt a message to you. Your key may have expired or has been revoked.</p>";
|
|
}else{
|
|
foreach($key['subkeys'] as $subkey){
|
|
gnupg_addencryptkey($gpg, $subkey['fingerprint']);
|
|
}
|
|
}
|
|
}
|
|
$_SESSION['enable_2fa_code'] = bin2hex(random_bytes(3));
|
|
if($encrypted = gnupg_encrypt($gpg, "To enable 2FA, please enter the following code to confirm ownership of your key:\n\n$_SESSION[enable_2fa_code]\n")){
|
|
echo "<p>To enable 2FA using your PGP key, please decrypt the following PGP encrypted message and confirm the code:</p>";
|
|
echo "<pre>$encrypted</pre>";
|
|
?>
|
|
<form action="pgp.php" method="post"><input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>">
|
|
<table border="1">
|
|
<tr><td><input type="text" name="enable_2fa_code"></td><td><button type="submit">Confirm</button></td></tr>
|
|
</table></form>
|
|
<hr>
|
|
<?php
|
|
}
|
|
}
|
|
}
|
|
}
|
|
?>
|
|
<p>Add your PGP key for more security features like 2FA:</p>
|
|
<form action="pgp.php" method="post">
|
|
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>">
|
|
<table border="1">
|
|
<tr><td><textarea name="pgp_key" rows="10" cols="50"><?php echo $user['pgp_key']; ?></textarea></td></tr>
|
|
<tr><td><button type="submit">Update PGP key</button></td></tr>
|
|
</table>
|
|
</form>
|
|
<p><a href="home.php">Go back to dashboard.</a></p>
|
|
</body></html>
|