From 662046f50f04924d9f00e3341beccb929cbad224 Mon Sep 17 00:00:00 2001
From: Retro_Guy <retro.guy@rocksolidbbs.com>
Date: Fri, 11 Jun 2021 07:50:54 +0000
Subject: [PATCH] Authenticate email login using changing keys

---
 Rocksolid_Light/rocksolid/mail.php       |  7 ++++--
 Rocksolid_Light/rslight/scripts/cron.php | 27 ++++++++++++++++++++++++
 2 files changed, 32 insertions(+), 2 deletions(-)

diff --git a/Rocksolid_Light/rocksolid/mail.php b/Rocksolid_Light/rocksolid/mail.php
index 72bc44e..fb5281d 100644
--- a/Rocksolid_Light/rocksolid/mail.php
+++ b/Rocksolid_Light/rocksolid/mail.php
@@ -10,6 +10,9 @@ include "newsportal.php";
     $offset=$CONFIG['timezone'];
   }
 
+$keyfile = $spooldir.'/keys.dat';
+$keys = unserialize(file_get_contents($keyfile));
+
 include "head.inc";
 
 // How long should cookie allow user to stay logged in?
@@ -20,11 +23,11 @@ include "head.inc";
     $_POST['username'] = $_COOKIE['mail_name'];
   }
   $name = $_POST['username'];
-  if(password_verify($_POST['username'].get_user_config($_POST['username'],'encryptionkey'), $_COOKIE['auth'])) {
+  if((password_verify($_POST['username'].$keys[0].get_user_config($_POST['username'],'encryptionkey'), $_COOKIE['auth'])) || (password_verify($_POST['username'].$keys[1].get_user_config($_POST['username'],'encryptionkey'), $_COOKIE['auth']))) {
     $logged_in = true;
   } else {
     if(check_bbs_auth($_POST['username'], $_POST['password'])) {
-      $authkey = password_hash($_POST['username'].get_user_config($_POST['username'],'encryptionkey'), PASSWORD_DEFAULT);
+      $authkey = password_hash($_POST['username'].$keys[0].get_user_config($_POST['username'],'encryptionkey'), PASSWORD_DEFAULT);
 ?>
       <script type="text/javascript">
        if (navigator.cookieEnabled)
diff --git a/Rocksolid_Light/rslight/scripts/cron.php b/Rocksolid_Light/rslight/scripts/cron.php
index 7c57597..27ac57a 100755
--- a/Rocksolid_Light/rslight/scripts/cron.php
+++ b/Rocksolid_Light/rslight/scripts/cron.php
@@ -67,6 +67,9 @@ foreach($menulist as $menu) {
 # Rotate log files
   log_rotate();
   echo "Log files rotated\n";
+# Rotate keys
+  rotate_keys();
+  echo "Keys rotated\n";
 
 function log_rotate() {
   global $logdir;
@@ -91,6 +94,30 @@ function log_rotate() {
   }
 }
 
+function rotate_keys() {
+  global $spooldir;
+  $keyfile = $spooldir.'/keys.dat';
+  $newkeys = array();
+  if(filemtime($keyfile)+14400 > time()) {
+    return;
+  } else {
+    $new = true;
+    if(is_file($keyfile)) {
+      $keys = unserialize(file_get_contents($keyfile));
+      $new = false;
+    }  
+    if($new !== true) {
+      $newkeys[0] = base64_encode(openssl_random_pseudo_bytes(44));
+      $newkeys[1] = $keys[0];
+    } else {
+      $newkeys[0] = base64_encode(openssl_random_pseudo_bytes(44));
+      $newkeys[1] = base64_encode(openssl_random_pseudo_bytes(44));
+    }
+  }
+  file_put_contents($keyfile, serialize($newkeys));
+  touch($keyfile);
+}
+
 function change_identity( $uid, $gid )
     {
         if( !posix_setgid( $gid ) )