From 99f95d6c2b2e55146582bab8941b2bff62394187 Mon Sep 17 00:00:00 2001
From: Retro_Guy <retro.guy@rocksolidbbs.com>
Date: Mon, 29 Mar 2021 23:48:22 -0700
Subject: [PATCH] Check if user exists before allowing encrypt post to user

---
 Rocksolid_Light/rocksolid/lib/message.inc.php |  1 +
 Rocksolid_Light/rocksolid/lib/post.inc.php    | 14 +++++++++++++-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/Rocksolid_Light/rocksolid/lib/message.inc.php b/Rocksolid_Light/rocksolid/lib/message.inc.php
index 47f6158..098fed4 100644
--- a/Rocksolid_Light/rocksolid/lib/message.inc.php
+++ b/Rocksolid_Light/rocksolid/lib/message.inc.php
@@ -746,6 +746,7 @@ function message_decrypt($key,$group,$id,$attachment=0,$article_data=false,$maxl
              $article_data->header->content_type_format[$attachment]);
       $depth=0;
       echo '<div class="np_article_body">';
+      echo "(Copy text below to quote in reply)<br /><br />";
       $currentlen=0; // needed if $maxlen is set
       for ($i=0; $i<=count($body) &&
                  (($currentlen<$maxlen) || ($maxlen==false)); $i++) {
diff --git a/Rocksolid_Light/rocksolid/lib/post.inc.php b/Rocksolid_Light/rocksolid/lib/post.inc.php
index fa35d46..332cab7 100644
--- a/Rocksolid_Light/rocksolid/lib/post.inc.php
+++ b/Rocksolid_Light/rocksolid/lib/post.inc.php
@@ -189,9 +189,19 @@ function check_rate_limit($name,$set=0,$gettime=0) {
  */
 function message_post($subject,$from,$newsgroups,$ref,$body,$encryptthis,$encryptto) {
   global $server,$port,$send_poster_host,$text_error,$CONFIG;
-  global $www_charset,$spooldir;
+  global $www_charset,$config_dir,$spooldir;
   global $msgid_generate,$msgid_fqdn;
   flush();
+  if(isset($encryptthis)) {
+    $workpath = $config_dir."users/";
+    $username = trim(strtolower($encryptto));
+    $userFilename = $workpath.$username;
+    if((!is_file($userFilename)) || $encryptto == $CONFIG['anonusername']) {
+      $response = "Cannot encrypt to $encryptto. No such user";
+      return $response;
+    }
+  }
+
   $msgid=generate_msgid($subject.",".$from.",".$newsgroups.",".$ref.",".$body);
 /*
  * SPAM CHECK
@@ -213,6 +223,8 @@ function message_post($subject,$from,$newsgroups,$ref,$body,$encryptthis,$encryp
 	nntp_close($ns);
 	return $weg;
     }
+
+
     fputs($ns,'Subject: '.encode_subject($subject)."\r\n");
 
 // For Synchronet use