From 9a3070106c488eaa2d72707274caeddd582d40ac Mon Sep 17 00:00:00 2001
From: Retro_Guy <retro.guy@rocksolidbbs.com>
Date: Wed, 26 Jan 2022 02:55:40 +0000
Subject: [PATCH] Log user out if private key missing

---
 Rocksolid_Light/common/header.php  | 10 +++++++---
 Rocksolid_Light/spoolnews/user.php |  4 +++-
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/Rocksolid_Light/common/header.php b/Rocksolid_Light/common/header.php
index 80c3e3d..c1753fc 100644
--- a/Rocksolid_Light/common/header.php
+++ b/Rocksolid_Light/common/header.php
@@ -21,7 +21,11 @@ $CONFIG = include $config_file;
 $menulist = file($config_dir."menu.conf", FILE_IGNORE_NEW_LINES);
 $linklist = file($config_dir."links.conf", FILE_IGNORE_NEW_LINES);
 
-$user = strtolower($_COOKIE['mail_name']);
+if(isset($_COOKIE['mail_name']) && isset($_COOKIE['pkey'])) {
+  $user = strtolower($_COOKIE['mail_name']);
+} else {
+  unset($user);
+}
 if(!isset($_SESSION['theme']) && file_exists($config_dir.'/userconfig/'.$user.'.config')) {
   $user_config = unserialize(file_get_contents($config_dir.'/userconfig/'.$user.'.config'));
   $_SESSION['theme'] = $user_config['theme'];
@@ -57,7 +61,7 @@ if (file_exists($rootdir.'common/themes/'.$_SESSION['theme'].'/images/rocksolidl
 		</td>
 		<td align="right">
 <?php
-		if(check_unread_mail() == true) {
+		if($user && check_unread_mail() == true) {
 			$unread = true;
 		} else {
 			$unread = false;
@@ -79,7 +83,7 @@ if (file_exists($rootdir.'common/themes/'.$_SESSION['theme'].'/images/rocksolidl
 				}
 			}
 			echo '<a href="../spoolnews/user.php">';
-                        if(isset($_COOKIE['mail_name'])) {
+                        if(isset($user)) {
                                 echo '('.$_COOKIE['mail_name'].')';
                         } else {
 				echo 'login';
diff --git a/Rocksolid_Light/spoolnews/user.php b/Rocksolid_Light/spoolnews/user.php
index 70ff998..672b7bf 100644
--- a/Rocksolid_Light/spoolnews/user.php
+++ b/Rocksolid_Light/spoolnews/user.php
@@ -19,6 +19,8 @@ if($_POST['command'] == 'Logout') {
   setcookie('mail_auth', null, -1, '/');
   unset($_COOKIE['cookie_name']);
   setcookie('cookie_name', null, -1, '/');
+  unset($_COOKIE['pkey']);
+  setcookie('pkey', null, -1, '/');
   unset($_SESSION['theme']);
   unset($_POST['username']);
   include "head.inc";
@@ -35,7 +37,7 @@ include "head.inc";
     $_POST['username'] = $_COOKIE['mail_name'];
   }
   $name = $_POST['username'];
-  if((password_verify($_POST['username'].$keys[0].get_user_config($_POST['username'],'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($_POST['username'].$keys[1].get_user_config($_POST['username'],'encryptionkey'), $_COOKIE['mail_auth']))) {
+  if(((get_user_mail_auth_data($_COOKIE['mail_name'])) && password_verify($_POST['username'].$keys[0].get_user_config($_POST['username'],'encryptionkey'), $_COOKIE['mail_auth'])) || (password_verify($_POST['username'].$keys[1].get_user_config($_POST['username'],'encryptionkey'), $_COOKIE['mail_auth']))) {
     $logged_in = true;
   } else {
     if(check_bbs_auth($_POST['username'], $_POST['password'])) {