Rooba
/
boinc
mirror of https://github.com/BOINC/boinc.git
1
0
Fork 0
Code Issues 1 Packages Projects Releases Wiki Activity

Requested changes to PR 2965 

* Less technical error messages, reduced code duplication, changed makeproject to generate keys, added op php file for generating keypairs, changed the button styling, changed input to textarea.
* Split the ops scripts into separate check and generate files, reduced code duplication by creating a new inc file to define key variables.
This commit is contained in:
grcgrc 2019-05-08 17:20:03 +01:00
parent a01853120a
commit 8d12ac9a66
10 changed files with 350 additions and 221 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
html/inc/account_ownership.inc Normal file
View File

@ -0,0 +1,35 @@
<?php
// This file is part of BOINC.
// http://boinc.berkeley.edu
// Copyright (C) 2008 University of California
//
// BOINC is free software; you can redistribute it and/or modify it
// under the terms of the GNU Lesser General Public License
// as published by the Free Software Foundation,
// either version 3 of the License, or (at your option) any later version.
//
// BOINC is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
// See the GNU Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License
// along with BOINC. If not, see <http://www.gnu.org/licenses/>.
require_once("../inc/boinc_db.inc");
require_once("../inc/user.inc");
require_once("../inc/util.inc");
$temp_config = get_config();
$temp_keydir = parse_config($temp_config, "<key_dir>"); // key directory can be customized
$account_ownership_private_key_file_name = "account_ownership_private.pem"; // private key file name
$account_ownership_private_key = "$temp_keydir/$account_ownership_private_key_file_name"; // for overwriting key
$account_ownership_private_key_file_path = "file://$account_ownership_private_key"; // for checking file existence
$account_ownership_public_key_file_name = "account_ownership_public.pem"; // public key file name
$account_ownership_public_key = "$temp_keydir/$account_ownership_public_key_file_name"; // for overwriting key
$account_ownership_public_key_file_path = "file://$account_ownership_public_key"; // for checking file existence
?>

14
html/inc/user.inc
View File

@ -283,10 +283,16 @@ function show_user_info_private($user) {
tra("Account keys"),
"<a href=\"weak_auth.php\">".tra("View")."</a>"
);
row2(
tra("Account Ownership"),
"<a href=\"account_ownership_form.php?$url_tokens\">Generate ownership proof</a>"
);
require_once("../inc/account_ownership.inc");
if (file_exists($account_ownership_private_key_file_path)) {
// If the server has keys configured show the account ownership form
row2(
tra("Account Ownership"),
"<a href=\"account_ownership.php?$url_tokens\">Generate ownership proof</a>"
);
}
}
}

39
html/ops/check_account_ownership_keys.php Normal file
View File

@ -0,0 +1,39 @@
<?php
// This file is part of BOINC.
// http://boinc.berkeley.edu
// Copyright (C) 2008 University of California
//
// BOINC is free software; you can redistribute it and/or modify it
// under the terms of the GNU Lesser General Public License
// as published by the Free Software Foundation,
// either version 3 of the License, or (at your option) any later version.
//
// BOINC is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
// See the GNU Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License
// along with BOINC. If not, see <http://www.gnu.org/licenses/>.
require_once("../inc/boinc_db.inc");
require_once("../inc/user.inc");
require_once("../inc/util.inc");
require_once("../inc/account_ownership.inc");
if (!file_exists($account_ownership_private_key_file_path)) {
echo "<p>The '$account_ownership_private_key_file_name' key <b>doesn't</b> exist. Please run the 'generate_account_ownership_keys.php' script from the BOINC web server command line.";
} else {
echo "<p>The '$account_ownership_private_key_file_name' key exists.";
}
if (!file_exists($account_ownership_public_key_file_path)) {
echo "<p>The '$account_ownership_public_key_file_name' key <b>doesn't</b> exist. Please run the 'generate_account_ownership_keys.php' script from the BOINC web server command line.";
} else {
echo "<p>The '$account_ownership_public_key_file_name' key exists.";
}
echo "<p>For more info see the related wiki page: <a href=\"https://boinc.berkeley.edu/trac/wiki/ProofOfOwnership\">ProofOfOwnership</a></p>"
?>

73
html/ops/generate_account_ownership_keys.php Normal file
View File

@ -0,0 +1,73 @@
#!/usr/bin/env php
<?php
// This file is part of BOINC.
// http://boinc.berkeley.edu
// Copyright (C) 2008 University of California
//
// BOINC is free software; you can redistribute it and/or modify it
// under the terms of the GNU Lesser General Public License
// as published by the Free Software Foundation,
// either version 3 of the License, or (at your option) any later version.
//
// BOINC is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
// See the GNU Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License
// along with BOINC. If not, see <http://www.gnu.org/licenses/>.
require_once("../inc/boinc_db.inc");
require_once("../inc/user.inc");
require_once("../inc/util.inc");
require_once("../inc/account_ownership.inc");
if (php_sapi_name() == "cli") {
if (!empty($argv[1])) {
if ($argv[1] == "overwrite") {
if (file_exists($account_ownership_private_key_file_path)) {
// If the private key exists, delete it.
unlink($account_ownership_private_key);
echo "erased '$account_ownership_private_key_file_name' \n";
}
if (file_exists($account_ownership_public_key_file_path)) {
// If the public key exists, delete it.
unlink($account_ownership_public_key);
echo "erased '$account_ownership_public_key_file_name' \n";
}
}
}
if ((!file_exists($account_ownership_private_key_file_path)) && (!file_exists($account_ownership_public_key_file_path))) {
try {
$generated_pkey = openssl_pkey_new(array(
'digest_alg' => 'sha512',
'private_key_bits' => 4096,
'private_key_type' => OPENSSL_KEYTYPE_RSA
));
$pubkey = openssl_pkey_get_details($generated_pkey); // Get the public key from the generated pkey pair
file_put_contents($account_ownership_public_key, $pubkey['key']); // Save the public key to disk
openssl_pkey_export_to_file($generated_pkey, $account_ownership_private_key); // Save the private key to disk
openssl_pkey_free($generated_pkey); // Free key data securely from memory
if ((file_exists($account_ownership_private_key_file_path)) && (file_exists($account_ownership_public_key_file_path))) {
echo "Successfully generated a new account ownership keypair.";
} else {
throw new Exception('Failed to generate account ownership keypair.');
}
} catch (Exception $e) {
echo 'Caught exception during account ownership key generation: ', $e->getMessage(), "\n";
}
} else {
echo "The private and public keys already exist. Repeat the command with the 'overwrite' parameter to replace the existing ownership keys.";
}
} else {
echo "This script must be run from the CLI";
}
?>

19
html/ops/index.php
View File

@ -87,7 +87,7 @@ echo "
<p>
<table border=\"0\"><tr valign=\"top\">
<td><b>Browse database:</b>
<ul>
<ul>
<li><a href=\"db_form.php?table=result&amp;detail=low\">Results</a></li>
<li><a href=\"db_form.php?table=workunit\">Workunits</a></li>
<li><a href=\"db_form.php?table=host&amp;detail=low\">Hosts</a></li>
@ -99,9 +99,9 @@ echo "
<li><a href=dbinfo.php>DB row counts and disk usage</a>
<li><a href=\"show_log.php?f=mysql*.log&amp;l=-20\">Tail MySQL logs</a>
</ul>
</td>
</td>
<td><b>Computing</b>
<ul>
<li><a href=\"manage_apps.php\">Manage applications</a></li>
@ -122,12 +122,12 @@ echo "
<li>
<form method=\"get\" action=\"clear_host.php\">
<input class=\"btn btn-default\" type=\"submit\" value=\"Clear RPC seqno\">
host ID:
host ID:
<input type=\"text\" size=\"5\" name=\"hostid\">
</form>
</ul>
</td>
</td>
<td><b>User management</b>
<ul>
<li><a href=".url_base()."/forum_index.php>Post news item</a></li>
@ -136,6 +136,7 @@ echo "
<li><a href=\"manage_special_users.php\">User privileges</a></li>
<li><a href=".url_base()."/manage_project.php>User job submission privileges</a></li>
<li><a href=\"mass_email.php\">Send mass email to a selected set of users</a></li>
<li><a href=\"check_account_ownership_keys.php\">Check generated account ownership keys</a></li>
<li><form action=\"manage_user.php\">
<input class=\"btn btn-default\" type=\"submit\" value=\"Manage user\">
ID: <input name=\"userid\">
@ -153,11 +154,11 @@ $show_deprecated = get_str("show_deprecated", true);
$show_only = array("all"); // Add all appids you want to display, or "all"
$apps = BoincApp::enum("");
foreach ($apps as $app) {
if (in_array($app->id, $show_only)
if (in_array($app->id, $show_only)
|| ( in_array("all", $show_only)
&& (!$app->deprecated || $show_deprecated)
)) {
echo "
<b>Results for <tt>$app->name</tt>:</b>
<ul>
@ -177,7 +178,7 @@ foreach ($apps as $app) {
</a> |
<a href=\"pass_percentage_by_platform.php?appid=$app->id&amp;nsecs=$secs\">
summary per app version
</a> |
</a> |
<a href=\"failure_result_summary_by_host.php?appid=$app->id&amp;nsecs=$secs\">
failures broken down by (app version, host)
</a> |

173
html/user/account_ownership.php Normal file
View File

@ -0,0 +1,173 @@
<?php
// This file is part of BOINC.
// http://boinc.berkeley.edu
// Copyright (C) 2008 University of California
//
// BOINC is free software; you can redistribute it and/or modify it
// under the terms of the GNU Lesser General Public License
// as published by the Free Software Foundation,
// either version 3 of the License, or (at your option) any later version.
//
// BOINC is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
// See the GNU Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License
// along with BOINC. If not, see <http://www.gnu.org/licenses/>.
require_once("../inc/boinc_db.inc");
require_once("../inc/user.inc");
require_once("../inc/util.inc");
require_once("../inc/countries.inc");
require_once('../inc/recaptchalib.php');
check_get_args(array("tnow", "ttok"));
$user = get_logged_in_user();
check_tokens($user->authenticator);
function account_ownership_action($user) {
// POST request - the user has submitted the form.
page_head(tra("Proof of account ownership results"), null, null, null, boinc_recaptcha_get_head_extra());
global $recaptcha_private_key;
if ($recaptcha_private_key) {
// Recaptcha is enabled on the BOINC server
if (!boinc_recaptcha_isValidated($recaptcha_private_key)) {
// The user failed to solve the recaptcha prompt - redirect them to an error message!
error_page(
tra("Your reCAPTCHA response was not correct. Please try again.")
);
}
}
// Input is passed in from the openssl_sign_form
$user_data = htmlentities(post_str("user_data", true), ENT_QUOTES, "UTF-8"); // Convert special characters to html equivelant
if ((strlen($user_data) > 0) && (strlen($user_data) <= 4096)) {
require_once("../inc/account_ownership.inc");
// Check that the private key file exists where specified. If not, redirect to error page.
if (!file_exists($account_ownership_private_key_file_path)) {
error_page(tra("The proof of account ownership feature is not set up properly. Contact the project administrator to resolve the issue."));
}
// Check that the public key file exists where specified. If not, redirect to error page.
if (!file_exists($account_ownership_public_key_file_path)) {
error_page(tra("The proof of account ownership feature is not set up properly. Contact the project administrator to resolve the issue."));
}
$privkey = fopen($account_ownership_private_key_file_path, "r"); // Opening private key file
if (!isset($privkey) || empty($privkey)) {
error_page(tra("The proof of account ownership feature is not set up properly. Contact the project administrator to resolve the issue."));
}
$privkey_contents = fread($privkey, 8192); // Reading contents of private key into var
fclose($privkey); // Closing private key file
$userid = $user->id; // Retrieving the user's UserId
$message_data = "$userid $user_data"; // Create the message which will be signed.
$private_key_pem = openssl_pkey_get_private($privkey_contents); // Loading the private key into memory
openssl_sign($message_data, $signature, $private_key_pem, OPENSSL_ALGO_SHA512); // Compute signature using SHA512
openssl_free_key($private_key_pem); // Free the private key from memory for additional security
$pubkey = fopen($account_ownership_public_key_file_path, "r"); // Open public key file
if ((!isset($pubkey)) || empty($pubkey)) {
error_page(tra("The proof of account ownership feature is not set up properly. Contact the project administrator to resolve the issue."));
}
$pubkey_contents = fread($pubkey, 8192); // Read contents to var
fclose($pubkey); // Close pub key file
$base64_sig = base64_encode($signature); // Base64 encode the generated signature to enable safe output to text file.
$decoded_sig = base64_decode($base64_sig); // Decode base64 sig for use in sig_verification
$pubkeyid = openssl_pkey_get_public($pubkey_contents); // fetch public key into memory
$sig_verification = openssl_verify($message_data, $decoded_sig, $pubkeyid, OPENSSL_ALGO_SHA512); // Verify that the generated signature against the original data, using the public key.
openssl_free_key($pubkeyid); // Free the public key from memory
// Check if signature was successfully validated
if ($sig_verification == 1) {
$url_tokens = url_tokens($user->authenticator);
// The generated signature has been successfully verified using the public key.
global $master_url; // Define global master_url variable for use in output
echo "<p>Do not share this information with anyone other than the external system which has requested this proof of account ownership.</p>";
echo "<textarea rows='13' cols='50' id='result_textbox'><account_ownership_verification>\n<master_url>$master_url</master_url>\n<msg>$message_data</msg>\n<signature>$base64_sig</signature>\n</account_ownership_verification></textarea>";
echo "<br/><br/><button class='btn btn-success' onclick='copy_result_textbox()'>Copy text</button>";
echo "<a href='account_ownership.php?$url_tokens'><button class='btn btn-default'>Go back</button></a>";
echo '<script type="text/javascript">';
echo 'function copy_result_textbox() {
var target_textbox = document.getElementById("result_textbox");
target_textbox.select();
document.execCommand("copy");
alert("Copied to clipboard");
}';
echo '</script>';
page_tail();
} elseif ($sig_verification == 0) {
// The generated signature has not been verified. The private/public keys do not match.
error_page(tra("Signature verification failed. Contact the project administrator to resolve the issue."));
} else {
// Something has gone wrong & an error has occurred.
error_page(tra("An error occured during the signature verification. Contact the project administrator to resolve the issue."));
}
} else {
// User data input invalid
error_page(tra("Invalid input. User input must have a length > 0 and < 4096. <form><input type='button' value='Go back!'' onclick='history.back()'></form>"));
}
}
function account_ownership_form($user) {
// GET request - the user has navigated to the page.
page_head(tra("Generate proof of account ownership"), null, null, null, boinc_recaptcha_get_head_extra());
if ($user) { // Verify the user is logged in
require_once("../inc/account_ownership.inc");
if (!file_exists($account_ownership_private_key_file_path)) {
// Check that the private key file exists where specified. If not, redirect to error page.
error_page(tra("The proof of account ownership feature is not set up properly. Contact the project administrator to resolve the issue."));
}
if (!file_exists($account_ownership_public_key_file_path)) {
// Check that the public key file exists where specified. If not, redirect to error page.
error_page(tra("The proof of account ownership feature is not set up properly. Contact the project administrator to resolve the issue."));
}
echo "<p>This tool is designed to create a proof of account ownership for external systems.</p>";
global $recaptcha_public_key;
if ($recaptcha_public_key) {
// Recaptcha configured
echo "<p>Enter a message with length less than 4096 characters into the input textbox below, solve the captcha then click the 'Generate' button.</p>";
} else {
// Recaptcha not configured
echo "<p>Enter a message with length less than 4096 characters into the input textbox below then click the 'Generate' button.</p>";
}
echo "<p>A textbox will then appear which contains your proof of account ownership.";
echo "<form method=post action=account_ownership.php>";
echo form_tokens($user->authenticator);
echo "<textarea rows='4' cols='50' name=user_data type=text size=20 placeholder='Enter text'></textarea><br/><br/>";
if ($recaptcha_public_key) {
// Trigger recaptcha!
form_general("", boinc_recaptcha_get_html($recaptcha_public_key));
}
echo "<input class=\"btn btn-success\" type=submit value='".tra("Generate")."'>";
echo "</form><br/><hr/>";
} else {
// The user is not logged in!
echo "<p>You need to be logged in to use this functionality.</p>";
}
page_tail();
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
account_ownership_action($user);
} else {
account_ownership_form($user);
}
?>

130
html/user/account_ownership_action.php
View File

@ -1,130 +0,0 @@
<?php
// This file is part of BOINC.
// http://boinc.berkeley.edu
// Copyright (C) 2008 University of California
//
// BOINC is free software; you can redistribute it and/or modify it
// under the terms of the GNU Lesser General Public License
// as published by the Free Software Foundation,
// either version 3 of the License, or (at your option) any later version.
//
// BOINC is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
// See the GNU Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License
// along with BOINC. If not, see <http://www.gnu.org/licenses/>.
require_once("../inc/boinc_db.inc");
require_once("../inc/user.inc");
require_once("../inc/util.inc");
require_once('../inc/recaptchalib.php');
check_get_args(array("tnow", "ttok"));
// Check the user is online
$user = get_logged_in_user();
check_tokens($user->authenticator);
page_head(tra("Proof of account ownership results"), null, null, null, boinc_recaptcha_get_head_extra());
global $recaptcha_private_key;
if ($recaptcha_private_key) {
// Recaptcha is enabled on the BOINC server
if (!boinc_recaptcha_isValidated($recaptcha_private_key)) {
// The user failed to solve the recaptcha prompt - redirect them to an error message!
error_page(
tra("Your reCAPTCHA response was not correct. Please try again.")
);
}
}
// Input is passed in from the openssl_sign_form
$user_data = htmlentities(post_str("user_data", true), ENT_QUOTES, "UTF-8"); // Convert special characters to html equivelant
if ((strlen($user_data) > 0) && (strlen($user_data) <= 4096)) {
// The user data input is valid
$config = get_config();
$keydir = parse_config($config, "<key_dir>");
/*
How to generate required keys in /project/keys/ folder:
openssl genpkey -algorithm RSA -out ownership_sign_private.pem -pkeyopt rsa_keygen_bits:2048
openssl rsa -pubout -in ownership_sign_private.pem -out ownership_sign_public.pem
chown -R boincadm:boincadm ext*
chmod --reference upload_private ownership_sign_public.pem
chmod --reference upload_private ownership_sign_private.pem
*/
// If the following keys do not exist, then the users will be shown an error message.
$private_key_path = "file://$keydir/ownership_sign_private.pem";
$public_key_path = "file://$keydir/ownership_sign_public.pem";
// Check that the private key file exists where specified. If not, redirect to error page.
if (!file_exists($private_key_path)) {
error_page(tra("The required private key doesn't exist. Contact the project administrator to resolve this issue."));
}
// Check that the public key file exists where specified. If not, redirect to error page.
if (!file_exists($public_key_path)) {
error_page(tra("The required public key doesn't exist. Contact the project administrator to resolve this issue."));
}
$privkey = fopen($private_key_path, "r"); // Opening private key file
if (!isset($privkey) || empty($privkey)) {
error_page(tra("Unable to access the required private key. Contact the project administrator to resolve this issue."));
}
$privkey_contents = fread($privkey, 8192); // Reading contents of private key into var
fclose($privkey); // Closing private key file
$userid = $user->id; // Retrieving the user's UserId
$message_data = "$userid $user_data"; // Create the message which will be signed.
$private_key_pem = openssl_pkey_get_private($privkey_contents); // Loading the private key into memory
openssl_sign($message_data, $signature, $private_key_pem, OPENSSL_ALGO_SHA512); // Compute signature using SHA512
openssl_free_key($private_key_pem); // Free the private key from memory for additional security
$pubkey = fopen($public_key_path, "r"); // Open public key file
if ((!isset($pubkey)) || empty($pubkey)) {
error_page(tra("Unable to access the required public key. Contact the project administrator to resolve this issue."));
}
$pubkey_contents = fread($pubkey, 8192); // Read contents to var
fclose($pubkey); // Close pub key file
$base64_sig = base64_encode($signature); // Base64 encode the generated signature to enable safe output to text file.
$decoded_sig = base64_decode($base64_sig); // Decode base64 sig for use in sig_verification
$pubkeyid = openssl_pkey_get_public($pubkey_contents); // fetch public key into memory
$sig_verification = openssl_verify($message_data, $decoded_sig, $pubkeyid, OPENSSL_ALGO_SHA512); // Verify that the generated signature against the original data, using the public key.
openssl_free_key($pubkeyid); // Free the public key from memory
// Check if signature was successfully validated
if ($sig_verification == 1) {
// The generated signature has been successfully verified using the public key.
global $master_url; // Define global master_url variable for use in output
echo "<p>Do not share this information with anyone other than the external system which has requested this proof of account ownership.</p>";
echo "<textarea rows='13' cols='50' id='openssl_result_textbox'><account_ownership_verification>\n<master_url>$master_url</master_url>\n<msg>$message_data</msg>\n<signature>$base64_sig</signature>\n</account_ownership_verification></textarea>";
echo "<br/><button onclick='copy_result_textbox()'>Copy text</button>";
echo '<script type="text/javascript">';
echo 'function copy_result_textbox() {
var target_textbox = document.getElementById("openssl_result_textbox");
target_textbox.select();
document.execCommand("copy");
alert("Copied the text: " + copyText.value);
}';
echo '</script>';
page_tail();
} elseif ($sig_verification == 0) {
// The generated signature has not been verified. The private/public keys do not match.
error_page(tra("Signature verification failed. Try again at a later time."));
} else {
// Something has gone wrong & an error has occurred.
error_page(tra("An error occured during the signature verification. Try again at a later time."));
}
} else {
// User data input invalid
error_page(tra("Invalid input. User input must have a length > 0 and < 4096. <form><input type='button' value='Go back!'' onclick='history.back()'></form>"));
}
?>

73
html/user/account_ownership_form.php
View File

@ -1,73 +0,0 @@
<?php
// This file is part of BOINC.
// http://boinc.berkeley.edu
// Copyright (C) 2008 University of California
//
// BOINC is free software; you can redistribute it and/or modify it
// under the terms of the GNU Lesser General Public License
// as published by the Free Software Foundation,
// either version 3 of the License, or (at your option) any later version.
//
// BOINC is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
// See the GNU Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License
// along with BOINC. If not, see <http://www.gnu.org/licenses/>.
require_once("../inc/boinc_db.inc");
require_once("../inc/user.inc");
require_once("../inc/util.inc");
require_once("../inc/countries.inc");
require_once('../inc/recaptchalib.php');
check_get_args(array("tnow", "ttok"));
$user = get_logged_in_user();
check_tokens($user->authenticator);
page_head(tra("Generate proof of account ownership"), null, null, null, boinc_recaptcha_get_head_extra());
// Verify the user is logged in
if ($user) {
// If the following keys do not exist, then the users will be shown an error message.
$config = get_config();
$keydir = parse_config($config, "<key_dir>");
$private_key_path = "file://$keydir/ownership_sign_private.pem";
$public_key_path = "file://$keydir/ownership_sign_public.pem";
// Check that the private key file exists where specified. If not, redirect to error page.
if (!file_exists($private_key_path)) {
error_page(tra("The private key doesn't exist. Contact the project administrator to resolve this issue."));
}
// Check that the public key file exists where specified. If not, redirect to error page.
if (!file_exists($public_key_path)) {
error_page(tra("The public key doesn't exist. Contact the project administrator to resolve this issue."));
}
echo "<p>This tool is designed to create a proof of account ownership for external systems.</p>";
echo "<p>Enter a message with length less than 4096 characters into the input textbox below, solve the captcha then click the 'Generate' button.</p>";
echo "<p>A textbox will then appear which contains your proof of account ownership.";
echo "<form method=post action=openssl_sign_action.php>";
echo form_tokens($user->authenticator);
echo "<input name=user_data type=text size=20 value='Enter text'><br/><br/>";
// Trigger recaptcha!
global $recaptcha_public_key;
if ($recaptcha_public_key) {
form_general("", boinc_recaptcha_get_html($recaptcha_public_key));
}
echo "<br/><input class=\"btn btn-default\" type=submit value='".tra("Generate")."'>";
echo "</form><br/><hr/>";
} else {
// The user is not logged in!
echo "<p>You need to be logged in to use this functionality.</p>";
}
page_tail();
?>

10
html/user/get_project_config.php
View File

@ -19,6 +19,7 @@
require_once("../inc/consent.inc");
require_once("../inc/util.inc");
require_once("../inc/xml.inc");
require_once("../inc/account_ownership.inc");
if(file_exists('../inc/release.inc'))
include '../inc/release.inc';
@ -138,11 +139,10 @@ if (file_exists("../../project_keywords.xml")) {
readfile("../../project_keywords.xml");
}
$keydir = parse_config($config, "<key_dir>");
if (is_readable($keydir."/ownership_sign_public.pem")) {
echo " <ownership_signature_public_key>";
echo base64_encode(file_get_contents($keydir."/ownership_sign_public.pem"));
echo "</ownership_signature_public_key>\n";
if (is_readable($account_ownership_public_key)) {
echo " <account_ownership_public_key>";
echo base64_encode(file_get_contents($account_ownership_public_key));
echo "</account_ownership_public_key>\n";
}
echo "</project_config>";

5
tools/make_project
View File

@ -324,6 +324,11 @@ try:
except:
print '''Couldn't install translation files'''
try:
os.system('cd '+proot+'/html/ops; ./generate_account_ownership_keys.php')
except:
print '''Couldn't generate account ownership keypair'''
print '''Done installing default daemons.'''
# copy the test app if needed