.
*
*************************************************************/
// check that data has arrived here via HTTPS
if ($_SERVER['HTTPS'] != "on") {
die ("Use a secure HTTPS connection to the server. Aborting ...");
}
if (! is_file("gpgconfig.php")){
die ("Config file does not exist.");
}
require_once('gpgconfig.php');
if (! isset($DATADIR)){
$DATADIR = "/none";
$FILESDIR = "/none";
}
// use GET only when filename is given
if (strtoupper($_SERVER['REQUEST_METHOD']) != "POST") {
//check if there is a query string, then abort except if files are to be handled.
if (count($_GET) != 0){
if ($INPUT != 'file'){
die ("Always use POST to prevent recording of query strings. Aborting ...");
} else {
if (isset($_REQUEST['file'])){
// touch legitimate files only !
if (isset($USERID)) {
$FILESDIR = $DATADIR ."/". $USERID;
} else {
$FILESDIR = $GPGDIR."/data";
}
$RELATIVEFILE = checkinput($_REQUEST['file'],"noscript");
$FILE = $FILESDIR ."/". $RELATIVEFILE;
$FILE = str_replace('//','/',$FILE);
$FILE = str_replace('../','xxx',$FILE);
} else {
$FILE = "/none";
}
}
}
} else {
if (isset($_REQUEST['file'])) {
// touch legitimate files only !
if (isset($USERID)) {
$FILESDIR = $DATADIR ."/". $USERID;
} else {
$FILESDIR = $GPGDIR."/data";
}
$RELATIVEFILE = checkinput($_REQUEST['file'],"noscript");
$FILE = $FILESDIR ."/". $RELATIVEFILE;
$FILE = str_replace('//','/',$FILE);
$FILE = str_replace('../','xxx',$FILE);
}
}
if (! isset($RELATIVEFILE)){
$RELATIVEFILE = "/none";
}
if (! is_dir($GPGDIR)){
die ("GPG directory $GPGDIR does not exist.");
} else {
$ERRORFILE = $GPGDIR."/gpgerrors";
}
$TEXT = "";
if (isset($_REQUEST[$ENCRYPTIONTEXTAREA])) {
$TEXT = $_REQUEST[$ENCRYPTIONTEXTAREA];
// quote newlines and " and ' to preserve them
$TEXT = addslashes($TEXT);
}
if (! isset($KEYSELECTION)){
$KEYSELECTION = "no";
}
if (! isset($IFRAMENUMBER)){
$IFRAMENUMBER = 0;
}
if (! isset($SHOWTEXTAREA)){
$SHOWTEXTAREA = "no";
}
if (! isset($REPLACEFILE)){
$REPLACEFILE = "no";
}
if (isset($_REQUEST['encryptionkey'])){
$ENCRYPTIONKEY = checkinput($_REQUEST['encryptionkey'], "noscript");
}
echo "
\n";
echo "
\n";
if (isset($ENCRYPTIONKEY) && isset($TEXT) )
{
if (strlen($ENCRYPTIONKEY) > 0) {
// perform encryption
echo "
Encryption with key: \"".htmlentities($ENCRYPTIONKEY)."\"
\n";
// get a random filename for plain text file and encrypted result
// this is necessary to prevent overwriting by other users
$rndhandle = fopen("/dev/urandom","r");
$RND = fread($rndhandle,20);
fclose($rndhandle);
$PLAINTEXT = $GPGDIR."/".sha1($RND);
$FILENAME = $PLAINTEXT.".encrypted";
unix("touch ".$FILENAME);
if ($INPUT == 'file'){
// encrypt a file
unix("touch ".$PLAINTEXT);
unix("chmod 600 ".$PLAINTEXT);
unix("cp \"".$FILE."\" ".$PLAINTEXT);
$SIZE = unix("wc -c ".$PLAINTEXT." | cut -f1 -d' ' ");
echo "encrypting ".$SIZE." bytes ...";
$ENC = " /usr/bin/gpg -a --homedir ".$GPGDIR." --cipher-algo AES --yes --logger-file ".$ERRORFILE." --recipient \"".$ENCRYPTIONKEY."\" --always-trust -o ".$FILENAME." -e ".$PLAINTEXT;
echo unix($ENC);
// destroy content of the plain text file
$SIZE = unix("wc -c ".$PLAINTEXT." | cut -f1 -d' ' ");
//echo "\nOverwriting ".$SIZE." bytes plain text data\n";
unix("dd if=/dev/zero of=".$PLAINTEXT." bs=1 count=".$SIZE);
unix("sync");
unix("rm ".$PLAINTEXT);
} else {
echo strlen($TEXT)." bytes plain text given";
$ENC = " /usr/bin/gpg -a --homedir ".$GPGDIR." --cipher-algo AES --yes --logger-file ".$ERRORFILE." --recipient \"".$ENCRYPTIONKEY."\" --always-trust -e > ".$FILENAME;
unixpipe($ENC,$TEXT);
}
$handle = fopen($FILENAME, "r");
$RESULT = fread($handle,20000000);
fclose($handle);
if ($INPUT != 'file'){
unix("rm ".$FILENAME);
}
// check if encryption is successful
$ERR = strpos($RESULT,'BEGIN PGP MESSAGE');
if (! $ERR === false){
echo "
".strlen($RESULT)." bytes encrypted data
";
if ($INPUT != 'file') {
if ($SHOWTEXTAREA == "yes"){
$RESULT = "\n\n";
}
echo "