. require_once("../inc/boinc_db.inc"); require_once("../inc/user.inc"); require_once("../inc/util.inc"); require_once("../inc/countries.inc"); require_once('../inc/recaptchalib.php'); check_get_args(array("tnow", "ttok")); $user = get_logged_in_user(); check_tokens($user->authenticator); function account_ownership_action($user) { // POST request - the user has submitted the form. page_head(tra("Proof of account ownership results"), null, null, null, boinc_recaptcha_get_head_extra()); global $recaptcha_private_key; if ($recaptcha_private_key) { // Recaptcha is enabled on the BOINC server if (!boinc_recaptcha_isValidated($recaptcha_private_key)) { // The user failed to solve the recaptcha prompt - redirect them to an error message! error_page( tra("Your reCAPTCHA response was not correct. Please try again.") ); } } // Input is passed in from the openssl_sign_form $user_data = htmlentities(post_str("user_data", true), ENT_QUOTES, "UTF-8"); // Convert special characters to html equivelant if ((strlen($user_data) > 0) && (strlen($user_data) <= 4096)) { require_once("../inc/account_ownership.inc"); // Check that the private key file exists where specified. If not, redirect to error page. if (!file_exists($account_ownership_private_key_file_path)) { error_page(tra("The proof of account ownership feature is not set up properly. Contact the project administrator to resolve the issue.")); } // Check that the public key file exists where specified. If not, redirect to error page. if (!file_exists($account_ownership_public_key_file_path)) { error_page(tra("The proof of account ownership feature is not set up properly. Contact the project administrator to resolve the issue.")); } $privkey = fopen($account_ownership_private_key_file_path, "r"); // Opening private key file if (!isset($privkey) || empty($privkey)) { error_page(tra("The proof of account ownership feature is not set up properly. Contact the project administrator to resolve the issue.")); } $privkey_contents = fread($privkey, 8192); // Reading contents of private key into var fclose($privkey); // Closing private key file $userid = $user->id; // Retrieving the user's UserId $message_data = "$userid $user_data"; // Create the message which will be signed. $private_key_pem = openssl_pkey_get_private($privkey_contents); // Loading the private key into memory openssl_sign($message_data, $signature, $private_key_pem, OPENSSL_ALGO_SHA512); // Compute signature using SHA512 openssl_free_key($private_key_pem); // Free the private key from memory for additional security $pubkey = fopen($account_ownership_public_key_file_path, "r"); // Open public key file if ((!isset($pubkey)) || empty($pubkey)) { error_page(tra("The proof of account ownership feature is not set up properly. Contact the project administrator to resolve the issue.")); } $pubkey_contents = fread($pubkey, 8192); // Read contents to var fclose($pubkey); // Close pub key file $base64_sig = base64_encode($signature); // Base64 encode the generated signature to enable safe output to text file. $decoded_sig = base64_decode($base64_sig); // Decode base64 sig for use in sig_verification $pubkeyid = openssl_pkey_get_public($pubkey_contents); // fetch public key into memory $sig_verification = openssl_verify($message_data, $decoded_sig, $pubkeyid, OPENSSL_ALGO_SHA512); // Verify that the generated signature against the original data, using the public key. openssl_free_key($pubkeyid); // Free the public key from memory // Check if signature was successfully validated if ($sig_verification == 1) { $url_tokens = url_tokens($user->authenticator); // The generated signature has been successfully verified using the public key. global $master_url; // Define global master_url variable for use in output echo "

Do not share this information with anyone other than the external system which has requested this proof of account ownership.

"; echo ""; echo "

"; echo ""; echo ''; page_tail(); } elseif ($sig_verification == 0) { // The generated signature has not been verified. The private/public keys do not match. error_page(tra("Signature verification failed. Contact the project administrator to resolve the issue.")); } else { // Something has gone wrong & an error has occurred. error_page(tra("An error occured during the signature verification. Contact the project administrator to resolve the issue.")); } } else { // User data input invalid error_page(tra("Invalid input. User input must have a length > 0 and < 4096.
")); } } function account_ownership_form($user) { // GET request - the user has navigated to the page. page_head(tra("Generate proof of account ownership"), null, null, null, boinc_recaptcha_get_head_extra()); if ($user) { // Verify the user is logged in require_once("../inc/account_ownership.inc"); if (!file_exists($account_ownership_private_key_file_path)) { // Check that the private key file exists where specified. If not, redirect to error page. error_page(tra("The proof of account ownership feature is not set up properly. Contact the project administrator to resolve the issue.")); } if (!file_exists($account_ownership_public_key_file_path)) { // Check that the public key file exists where specified. If not, redirect to error page. error_page(tra("The proof of account ownership feature is not set up properly. Contact the project administrator to resolve the issue.")); } echo "

This tool is designed to create a proof of account ownership for external systems.

"; global $recaptcha_public_key; if ($recaptcha_public_key) { // Recaptcha configured echo "

Enter a message with length less than 4096 characters into the input textbox below, solve the captcha then click the 'Generate' button.

"; } else { // Recaptcha not configured echo "

Enter a message with length less than 4096 characters into the input textbox below then click the 'Generate' button.

"; } echo "

A textbox will then appear which contains your proof of account ownership."; echo "

"; echo form_tokens($user->authenticator); echo "

"; if ($recaptcha_public_key) { // Trigger recaptcha! form_general("", boinc_recaptcha_get_html($recaptcha_public_key)); } echo ""; echo "


"; } else { // The user is not logged in! echo "

You need to be logged in to use this functionality.

"; } page_tail(); } if ($_SERVER['REQUEST_METHOD'] === 'POST') { account_ownership_action($user); } else { account_ownership_form($user); } ?>