<?php
header("Expires: now");
include('database.inc');
session_start();
if($_REQUEST['maschine']) {
header("Content-Type: text/plain; charset=iso-8859-1");
$nl = "\n";
} else { # keine Maschine
$nl = "<BR/>\n";
?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Wahl für Netzbürger - Testserver</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link type="text/css" href="/main.css" rel="stylesheet">
</head>
<body class="main">
<div class=headline align=center>
Internetwahl 2005 <IMG height=32px SRC="http://www.fitug.de/pics/rabe.gif"/>
</div>
<table border="0" cellpadding="2" cellspacing="2" align=center>
<tr>
<td><A HREF="/">Start</A></td>
<td><A HREF="ablauf.html">Wie soll das gehen?</A></td>
<td><A HREF="sicher.html">Ist das sicher?</A></td>
<td><A HREF="wie.html">Wie kann ich helfen?</A></td>
<td><A HREF="wer.html">Wer seid Ihr?</A></td>
<td class=menuaktiv><A HREF="alien.html">Auslandswähler</A></td>
<td><A HREF="faq.html">FAQ</A></td>
<td><A HREF="statistik.html">Statistik</A></td>
<td><A HREF="ergebnisse.php">Ergebnisse</A></td>
</tr>
</table>
<table border="0" cellpadding="2" cellspacing="2" align=center>
<tr>
<td><A HREF="alien.html">Ablauf</A></td>
<td><A HREF="wahlschein0.php">Wahlschein</A></td>
<td><A HREF="software.html">Software</A></td>
<td class=menuaktiv><A HREF="testserver.php">Testserver</A></td>
</tr>
</table>
<FORM ACTION=<?= $PHP_SELF ?> METHOD=POST>
<?php
}
if($REQUEST_METHOD != 'POST') {?>
Öffentlicher Schlüssel:
<pre><?php
$file = popen("servercalc pubkey", "r");
$keyE = fgets($file, 1024);
$keyN = fgets($file, 1024);
print "e = 0x$keyE\n";
print "n = 0x$keyN\n";
?></pre>
<TABLE noborder>
<TR><TD valign=top>Wahlbenachrichtigung</TD>
<TD><TEXTAREA name="wahlbenachrichtigung" rows=10 cols=80>
Bitte hier die Wahlbenachrichtigung einfügen.
----- BEGIN PGP MESSAGE -----
...
</TEXTAREA></TD></TR>
<?php for($i=0; $i<40; $i++) {
print "<TR><TD align=right>Anforderung<sub>$i</sub></TD><TD><INPUT name=c$i size=80/></TD></TR>\n";
}?>
<TR><TD>maschinenlesbar</TD><TD><INPUT type=checkbox name="maschine"/></TD>
<TR><TD></TD><TD><INPUT type=submit name="Absenden"/></TD></TR>
</TABLE>
<?php
} else if($_REQUEST['wahlbenachrichtigung']) {
$pid = proc_open("check-pgp.pl",
array(0 => array("pipe", "r"),
1 => array("pipe", "w"),
2 => array("pipe", "w")),
$pipes);
if(is_resource($pid)) {
fwrite($pipes[0], $_REQUEST['wahlbenachrichtigung']); fclose($pipes[0]);
$msg = stream_get_contents($pipes[1]); fclose($pipes[1]);
$err = stream_get_contents($pipes[2]); fclose($pipes[2]);
proc_close($pid);
} else {
$msg = "";
$err = "Can't fork.";
}
if(!ereg('^\[Internetwahl 2005,(.*),([0-9]*)\]$', $msg, $match)) {
if($_REQUEST['maschine']) {
print "Message: '$msg'\n";
print "Fehler: '$err'";
} else { ?>
<TABLE border=1>
<TR><TH>Message</TH><TD> <?= htmlspecialchars($msg) ?> </TD></TR>
<TR><TH>Fehler</TH><TD> <?= htmlspecialchars($err) ?> </TD></TR>
</TABLE><?php
}
} else {
$_SESSION['wahlkreis'] = $match[2];
$_SESSION['kennung'] = $match[1];
$_SESSION['wahlbenachrichtigung'] = $_REQUEST['wahlbenachrichtigung'];
for($max=0; $max<100; $max++) {
if(!$_REQUEST["c$max"]) break;
if(!eregi('^[0-9a-f]+$', $_REQUEST["c$max"])) {
print "c$max is not in hex.$nl";
break;
}
$_SESSION["c$max"] = $_REQUEST["c$max"];
}
if($max < 40) {
print "Zu wenig Werte.$nl";
} else {
$geheim = rand(0, $max-1);
if($_REQUEST['maschine']) {
print $geheim;
} else { ?>
<TABLE noborder>
<?php for($i=0; $i<$max; $i++) {
if($i == $geheim) {
print "<TR><TD align=right>Verschleierung<sub>$i</sub></TD><TD>Nicht angeben!</TD></TR>\n";
print "<TR><TD align=right>Scheinnummer<sub>$i</sub></TD><TD>Nicht angeben!</TD></TR>\n";
} else {
print "<TR><TD align=right>Verschleierung<sub>$i</sub></TD><TD><INPUT name=r$i size=80/></TD></TR>\n";
print "<TR><TD align=right>Scheinnummer<sub>$i</sub></TD><TD><INPUT name=SN$i size=80/></TD></TR>\n";
}
}?>
<TR><TD>maschinenlesbar</TD><TD><INPUT type=checkbox name="maschine"/></TD>
<TR><TD></TD><TD><INPUT type=submit name="Absenden"/></TD></TR>
</TABLE>
<?php }
}
}
} else if($_SESSION['kennung']) {
# test_wahlschein has no unique constraint
if(!pg_query($db, "
INSERT INTO test_wahlschein
(kennung, wahlkreis, wahlbenachrichtigung)
VALUES ('".pg_escape_string($_SESSION['kennung'])."'
,'".pg_escape_string($_SESSION['wahlkreis'])."'
,'".pg_escape_string($_SESSION['wahlbenachrichtigung'])."')
")) {
foreach($_SESSION as $t => $c) {
if(ereg('^c([0-9]+)$',$t,$match))
$cs[$match[1]] = $c;
}
foreach($cs as $i => $c) {
if(!$_REQUEST["r$i"])
continue;
if(!eregi('^[0-9a-f]+$', $_REQUEST["r$i"])) {
print "r$i is not in hex.$nl";
break;
}
if(!eregi('^[0-9a-f]+$', $_REQUEST["SN$i"])) {
print "SN$i is not in hex.$nl";
break;
}
$ticket = "[Internetwahl 2005,{$_REQUEST["SN$i"]},{$_SESSION['wahlkreis']}]";
$hash = sha1($ticket);
$pid = proc_open("servercalc unblind",
array(0 => array("pipe", "r"),
1 => array("pipe", "w")),
$pipes);
if(is_resource($pid)) {
fwrite($pipes[0], $_REQUEST["r$i"]."\n$c\n");
fclose($pipes[0]);
$pkcs = fgets($pipes[1],1024);
fclose($pipes[1]);
proc_close($pid);
if(eregi("^10002([1-9a-f][0-9a-f]|[0-9a-f][1-9a-f])*00$hash\n$", $pkcs)) {
unset($cs[$i]);
} else {
print "c$i paßt nicht zu SN$i und r$i.$nl$ticket$nl$hash$nl$pkcs$nl";
break;
}
} else {
print "Can't fork.$nl";
break;
}
}
if(count($cs) != 1) {
print "Es sind ".count($cs)." Paarungen übrig:";
print implode(", ",array_keys($cs));
print "$nl";
} else {
$pid = proc_open("servercalc sign",
array(0 => array("pipe", "r"),
1 => array("pipe", "w")),
$pipes);
if(is_resource($pid)) {
fwrite($pipes[0], array_pop($cs)."\n");
fclose($pipes[0]);
$sig = fgets($pipes[1],1024);
fclose($pipes[1]);
proc_close($pid);
if($_REQUEST['maschine']) {
print "OK $sig";
} else {
print "<H1>Ihr unterschriebener Wahlschein</H1>";
print "<code>$sig</code>";
}
} else {
print "Can't fork.";
break;
}
# remove session
$_SESSION = array();
session_destroy();
}
}
}
if(!$_REQUEST['maschine']) {
?>
</FORM>
</div>
</body>
</html>
<?php } ?>