forked from syseleven/shared-secrets
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathshare.php
114 lines (106 loc) · 5.5 KB
/
share.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
<?php
# prevent direct access
if (!defined("SYS11_SECRETS")) {
die("");
}
function share_secret($secret, &$error = null)
{
$result = null;
$error = false;
# only proceed when the read-only mode is not enabled
if (!READ_ONLY) {
# only proceed when the secret is not empty
if (!empty($secret)) {
# only proceed when the secret is not too long
if (MAX_PARAM_SIZE >= strlen($secret)) {
# for shared-secrets we only support encryption with one key
$keys = array_keys(RSA_PRIVATE_KEYS);
$pubkey = null;
if (is_pubkey(RSA_PRIVATE_KEYS[$keys[count($keys)-1]])) {
# open the public key
$pubkey = openssl_pkey_get_public(RSA_PRIVATE_KEYS[$keys[count($keys)-1]]);
} elseif (is_privkey(RSA_PRIVATE_KEYS[$keys[count($keys)-1]])) {
# extract the public key from the private key
$pubkey = open_pubkey(RSA_PRIVATE_KEYS[$keys[count($keys)-1]]);
}
if (null !== $pubkey) {
try {
$recipients = [$pubkey];
try {
$encrypted_secret = encrypt_v01($secret, $recipients, $encrypt_error);
} finally {
zeroize_array($recipients);
}
if (null !== $encrypted_secret) {
// Save secret to db
$encrypted_secret = apache_bugfix_encode(url_base64_encode(base64_encode($encrypted_secret)));
$uri = substr(str_shuffle('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'), 0, 12);
if ($link = mysqli_connect(MYSQL_HOST, MYSQL_USER, MYSQL_PASS, MYSQL_DB, MYSQL_PORT)) {
try {
if ($statement = mysqli_prepare($link, MYSQL_WRITE_SHARE)) {
if (mysqli_stmt_bind_param($statement, "ss", $encrypted_secret, $uri)) {
if (mysqli_stmt_execute($statement)) {
if (1 !== mysqli_affected_rows($link)) {
if (DEBUG_MODE) {
$error = $uri;
$error .= '<br>';
$error .= $encrypted_secret;
$error .= '<br>';
$error .= print_r($statement, true);
} else {
$error = "Please try again.";
}
}
} else {
if (DEBUG_MODE) {
$error = "Insert statement could not be executed";
}
}
} else {
if (DEBUG_MODE) {
$error = "Insert statement parameters could not be bound.";
}
}
} else {
if (DEBUG_MODE) {
$error = "Insert statement could not be prepared.";
}
}
} finally {
mysqli_close($link);
}
} else {
if (DEBUG_MODE) {
$error = "Database connection could not be established.";
}
}
# return the secret sharing URL
$result = get_secret_url($uri);
} else {
if (DEBUG_MODE) {
$error = "Encryption failed: $encrypt_error";
}
}
} finally {
openssl_pkey_free($pubkey);
}
} else {
if (DEBUG_MODE) {
$error = "Public key could not be read.";
}
}
} else {
$error = "The secret must at most be ".MAX_PARAM_SIZE." characters long.";
}
} else {
$error = "The secret must not be empty.";
}
} else {
$error = "The creation of secret sharing links is disabled.";
}
# set default error if non is given
if ((null === $result) && (false === $error)) {
$error = "An unknown error occured.";
}
return $result;
}