. * *************************************************************/ // check that data has arrived here via HTTPS if ($_SERVER['HTTPS'] != "on") { die ("Use a secure HTTPS connection to the server. Aborting ..."); } if (strtoupper($_SERVER['REQUEST_METHOD']) != "POST") { //check if there is a query string, then abort. if (count($_GET) != 0){ die ("Always use POST to prevent recording of query strings. Aborting ..."); } } if (! is_file("gpgconfig.php")){ die ("Config file does not exist."); } require_once('gpgconfig.php'); if (! is_dir($GPGDIR)){ die ("GPG directory $GPGDIR does not exist."); } else { $ERRORFILE = $GPGDIR."/gpgerrors"; } if (! isset($SIGSHOWTEXTAREA)){ $SIGSHOWTEXTAREA = "no"; } if (! isset($VERIFYIFRAMENUMBER)){ $VERIFYIFRAMENUMBER = 0; } if (isset($_REQUEST[$VERIFYTEXTAREA])) { $TEXT = $_REQUEST[$VERIFYTEXTAREA]; } echo "\n"; echo "
\n"; if (isset($TEXT) && (strlen($TEXT) > 20) ) { // perform verification echo "

Signature Verification

\n"; $STATUSFILE = $GPGDIR."/status"; unix ("rm ".$STATUSFILE); $VRFY = " /usr/bin/gpg --homedir ".$GPGDIR." --require-secmem --batch --no-tty --yes --logger-file ".$STATUSFILE." --verify" ; unixpipe($VRFY,$TEXT); $handle = fopen($STATUSFILE, "r"); $RESULT = fread($handle,20000000); fclose($handle); $RESULT = unix("cat ".$STATUSFILE); // check if verification is successful $ERR1 = strpos($RESULT,'no signed data'); $ERR2 = strpos($RESULT,'the signature could not be verified'); if (($ERR1 === false) && ($ERR2 === false)){ echo "\n"; echo "

\n"; echo "    \n\n"; } else { echo "

Verification failed.

"; echo "\n"; } } else { // print form echo "

Signature Verification

\n"; echo "

\n"; echo "\n\n"; echo "

"; echo "    \n"; echo "\n"; echo "

\n"; } echo "

version ".$VERSION." powered by Senderek Web Security

"; echo "

\n"; ?>