Add field for PGP key in profile information

This is handy for verifying the PGP key of new Trusted Users. Also, this could potentially used as a basis to allow signed package uploads in the future. Implements FS#29028. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
2025-02-03 10:43:03 +01:00 · 2012-03-22 09:27:44 +01:00 · 2012-03-22 09:27:44 +01:00 · 985795a210
commit 985795a210
parent 0a1e1729d9
4 changed files with 71 additions and 13 deletions
--- a/3
+++ b/3
@ -6,7 +6,10 @@ From 1.9.1 to 2.0.0
 1. Add new "Users" table login date column:
 ----
 ALTER TABLE Users ADD COLUMN LastLogin BIGINT NOT NULL DEFAULT 0;
 ALTER TABLE Users ADD COLUMN PGPKey VARCHAR(40) NULL DEFAULT NULL;
 ----
 From 1.9.0 to 1.9.1
 -------------------
--- a/support/schema/aur-schema.sql
+++ b/support/schema/aur-schema.sql
@ -31,6 +31,7 @@ CREATE TABLE Users (
 	RealName VARCHAR(64) NOT NULL DEFAULT '',
 	LangPreference VARCHAR(5) NOT NULL DEFAULT 'en',
 	IRCNick VARCHAR(32) NOT NULL DEFAULT '',
 	PGPKey VARCHAR(40) NULL DEFAULT NULL,
 	LastVoted BIGINT UNSIGNED NOT NULL DEFAULT 0,
 	LastLogin BIGINT UNSIGNED NOT NULL DEFAULT 0,
 	PRIMARY KEY (ID),
--- a/web/html/account.php
+++ b/web/html/account.php
@ -33,7 +33,8 @@ if (isset($_COOKIE["AURSID"])) {
 			#
 			search_results_page($atype, in_request("O"), in_request("SB"),
 					in_request("U"), in_request("T"), in_request("S"),
-					in_request("E"), in_request("R"), in_request("I"));
+					in_request("E"), in_request("R"), in_request("I"),
 					in_request("K"));
 		} else {
 			# a non-privileged user is trying to access the search page
@ -64,7 +65,7 @@ if (isset($_COOKIE["AURSID"])) {
 				display_account_form($atype, "UpdateAccount", $row["Username"],
 						$row["AccountType"], $row["Suspended"], $row["Email"],
 						"", "", $row["RealName"], $row["LangPreference"],
-						$row["IRCNick"], $row["ID"]);
+						$row["IRCNick"], $row["PGPKey"], $row["ID"]);
 			}
 		}
@ -82,7 +83,7 @@ if (isset($_COOKIE["AURSID"])) {
 			$row = mysql_fetch_assoc($result);
 			display_account_info($row["Username"],
 						$row["AccountType"], $row["Email"], $row["RealName"],
-						$row["IRCNick"], $row["LastVoted"]);
+						$row["IRCNick"], $row["PGPKey"], $row["LastVoted"]);
 		}
 	} elseif ($action == "UpdateAccount") {
@ -92,7 +93,7 @@ if (isset($_COOKIE["AURSID"])) {
 				in_request("U"), in_request("T"), in_request("S"),
 				in_request("E"), in_request("P"), in_request("C"),
 				in_request("R"), in_request("L"), in_request("I"),
-				in_request("ID"));
+				in_request("K"), in_request("ID"));
 	} else {
@ -127,7 +128,7 @@ if (isset($_COOKIE["AURSID"])) {
 				display_account_form($atype, "UpdateAccount", $row["Username"],
 						$row["AccountType"], $row["Suspended"], $row["Email"],
 						"", "", $row["RealName"], $row["LangPreference"],
-						$row["IRCNick"], $row["ID"]);
+						$row["IRCNick"], $row["PGPKey"], $row["ID"]);
 			}
 		}
 	}
@ -143,7 +144,7 @@ if (isset($_COOKIE["AURSID"])) {
 		process_account_form("","new", "NewAccount",
 				in_request("U"), 1, 0, in_request("E"),
 				in_request("P"), in_request("C"), in_request("R"),
-				in_request("L"), in_request("I"));
+				in_request("L"), in_request("I"), in_request("K"));
 	} else {
 		# display the account request form
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@ -8,10 +8,28 @@ function in_request($name) {
 	return "";
 }
 # Format PGP key fingerprint
 function html_format_pgp_fingerprint($fingerprint) {
 	if (strlen($fingerprint) != 40 || !ctype_xdigit($fingerprint)) {
 		return $fingerprint;
 	}
 	return htmlspecialchars(substr($fingerprint, 0, 4) . " " .
 		substr($fingerprint, 4, 4) . " " .
 		substr($fingerprint, 8, 4) . " " .
 		substr($fingerprint, 12, 4) . " " .
 		substr($fingerprint, 16, 4) . "  " .
 		substr($fingerprint, 20, 4) . " " .
 		substr($fingerprint, 24, 4) . " " .
 		substr($fingerprint, 28, 4) . " " .
 		substr($fingerprint, 32, 4) . " " .
 		substr($fingerprint, 36, 4) . " ", ENT_QUOTES);
 }
 # Display the standard Account form, pass in default values if any
 function display_account_form($UTYPE,$A,$U="",$T="",$S="",
-			$E="",$P="",$C="",$R="",$L="",$I="",$UID=0) {
+			$E="",$P="",$C="",$R="",$L="",$I="",$K="",$UID=0) {
 	# UTYPE: what user type the form is being displayed for
 	# A: what "form" name to use
 	# U: value to display for username
@ -112,6 +130,12 @@ function display_account_form($UTYPE,$A,$U="",$T="",$S="",
 	print " name='I' value='".htmlspecialchars($I,ENT_QUOTES)."' /></td>";
 	print "</tr>\n";
 	print "<tr>";
 	print "<td align='left'>".__("PGP Key Fingerprint").":</td>";
 	print "<td align='left'><input type='text' size='30' maxlength='50'";
 	print " name='K' value='".html_format_pgp_fingerprint($K)."' /></td>";
 	print "</tr>\n";
 	print "<tr>";
 	print "<td align='left'>".__("Language").":</td>";
 	print "<td align='left'><select name=L>\n";
@ -152,7 +176,7 @@ function display_account_form($UTYPE,$A,$U="",$T="",$S="",
 # process form input from a new/edit account form
 #
 function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
-			$P="",$C="",$R="",$L="",$I="",$UID=0) {
+			$P="",$C="",$R="",$L="",$I="",$K="",$UID=0) {
 	# UTYPE: The user's account type
 	# TYPE: either "edit" or "new"
 	# A: what parent "form" name to use
@ -215,6 +239,11 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
 	if (!$error && !valid_email($E)) {
 		$error = __("The email address is invalid.");
 	}
 	if (!$error && $K != '' && !valid_pgp_fingerprint($K)) {
 		$error = __("The PGP key fingerprint is invalid.");
 	}
 	if ($UTYPE == "Trusted User" && $T == 3) {
 		$error = __("A Trusted User cannot assign Developer status.");
 	}
@ -260,17 +289,17 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
 	if ($error) {
 		print "<span class='error'>".$error."</span><br/>\n";
 		display_account_form($UTYPE, $A, $U, $T, $S, $E, "", "",
-				$R, $L, $I, $UID);
+				$R, $L, $I, $K, $UID);
 	} else {
 		if ($TYPE == "new") {
 			# no errors, go ahead and create the unprivileged user
 			$salt = generate_salt();
 			$P = salted_hash($P, $salt);
 			$escaped = array_map('db_escape_string',
-				array($U, $E, $P, $salt, $R, $L, $I));
+				array($U, $E, $P, $salt, $R, $L, $I, str_replace(" ", "", $K)));
 			$q = "INSERT INTO Users (" .
 				"AccountTypeID, Suspended, Username, Email, Passwd, Salt" .
-				", RealName, LangPreference, IRCNick) " .
+				", RealName, LangPreference, IRCNick, PGPKey) " .
 				"VALUES (1, 0, '" . implode("', '", $escaped) . "')";
 			$result = db_query($q, $dbh);
 			if (!$result) {
@ -308,6 +337,7 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
 			$q.= ", RealName = '".db_escape_string($R)."'";
 			$q.= ", LangPreference = '".db_escape_string($L)."'";
 			$q.= ", IRCNick = '".db_escape_string($I)."'";
 			$q.= ", PGPKey = '".db_escape_string(str_replace(" ", "", $K))."'";
 			$q.= " WHERE ID = ".intval($UID);
 			$result = db_query($q, $dbh);
 			if (!$result) {
@ -333,7 +363,7 @@ function search_accounts_form() {
 # search results page
 #
 function search_results_page($UTYPE,$O=0,$SB="",$U="",$T="",
-		$S="",$E="",$R="",$I="") {
+		$S="",$E="",$R="",$I="",$K="") {
 	# UTYPE: what account type the user belongs to
 	# O: what row offset we're at
 	# SB: how to sort the results
@ -388,6 +418,10 @@ function search_results_page($UTYPE,$O=0,$SB="",$U="",$T="",
 		$q.= "AND IRCNick LIKE '%".db_escape_like($I)."%' ";
 		$search_vars[] = "I";
 	}
 	if ($K) {
 		$q.= "AND PGPKey LIKE '%".db_escape_like(str_replace(" ", "", $K))."%' ";
 		$search_vars[] = "K";
 	}
 	switch ($SB) {
 		case 't':
 			$q.= "ORDER BY AccountTypeID, Username ";
@ -429,6 +463,8 @@ function search_results_page($UTYPE,$O=0,$SB="",$U="",$T="",
 			print "<th class='header'>";
 			print "<span class='f2'>".__("IRC Nick")."</span></th>";
 			print "<th class='header'>";
 			print "<span class='f2'>".__("PGP Key Fingerprint")."</span></th>";
 			print "<th class='header'>";
 			print "<span class='f2'>".__("Last Voted")."</span></th>";
 			print "<th class='header'>";
 			print "<span class='f2'>".__("Edit Account")."</span></th>";
@ -460,6 +496,9 @@ function search_results_page($UTYPE,$O=0,$SB="",$U="",$T="",
 				$row["IRCNick"] ? print htmlspecialchars($row["IRCNick"],ENT_QUOTES) : print "&nbsp;";
 				print "</span></td>";
 				print "<td class='".$c."'><span class='f5'>";
 				$row["PGPKey"] ? print html_format_pgp_fingerprint($row["PGPKey"]) : print "&nbsp;";
 				print "</span></td>";
 				print "<td class='".$c."'><span class='f5'>";
 				$row["LastVoted"]
 						? print date("Y-m-d", $row["LastVoted"])
 						: print __("Never");
@ -526,7 +565,7 @@ function search_results_page($UTYPE,$O=0,$SB="",$U="",$T="",
 # Display non-editable account info
 #
-function display_account_info($U="", $T="", $E="", $R="", $I="", $LV="") {
+function display_account_info($U="", $T="", $E="", $R="", $I="", $K="", $LV="") {
 	# U: value to display for username
 	# T: value to display for account type
 	# E: value to display for email address
@ -574,6 +613,11 @@ function display_account_info($U="", $T="", $E="", $R="", $I="", $LV="") {
 	print "    <td align='left'>".htmlspecialchars($I,ENT_QUOTES)."</td>\n";
 	print "  </tr>\n";
 	print "  <tr>\n";
 	print "    <td align='left'>".__("PGP Key Fingerprint").":</td>\n";
 	print "    <td align='left'>".html_format_pgp_fingerprint($K)."</td>\n";
 	print "  </tr>\n";
 	print "  <tr>\n";
 	print "    <td align='left'>".__("Last Voted").":</td>\n";
 	print "    <td align='left'>";
@ -783,6 +827,15 @@ function valid_passwd( $userID, $passwd, $dbh )
 	return false;
 }
 /*
 * Checks if the PGP key fingerprint is valid (must be 40 hexadecimal digits).
 */
 function valid_pgp_fingerprint ( $fingerprint )
 {
 	$fingerprint = str_replace(" ", "", $fingerprint);
 	return (strlen($fingerprint) == 40 && ctype_xdigit($fingerprint));
 }
 /*
 * Is the user account suspended?
 */