Yubikey Management Server: yms/validate.php@3db638306413 (annotated)

0 9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	1	<?php
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	2
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	3	function page_Special_YubikeyValidate()
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	4	{
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	5	global $db, $session, $paths, $template, $plugins; // Common objects
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	6	global $do_gzip;
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	7	$do_gzip = false;
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	8
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	9	// Check parameters
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	10	if ( !isset($_GET['id']) )
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	11	{
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	12	yms_send_reply('MISSING_PARAMETER', '', array('info' => 'id'));
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	13	}
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	14
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	15	if ( !isset($_GET['otp']) )
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	16	{
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	17	yms_send_reply('MISSING_PARAMETER', '', array('info' => 'otp'));
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	18	}
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	19
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	20	// first, get API key so we can properly sign responses
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	21	$id = intval($_GET['id']);
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	22	$q = $db->sql_query("SELECT apikey FROM " . table_prefix . "yms_clients WHERE id = $id;");
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	23	if ( !$q )
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	24	$db->_die();
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	25
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	26	if ( $db->numrows($q) < 1 )
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	27	yms_send_reply("NO_SUCH_CLIENT");
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	28
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	29	list($g_api_key) = $db->fetchrow_num($q);
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	30	$db->free_result($q);
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	31
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	32	// check API key
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	33	if ( isset($_GET['h']) )
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	34	{
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	35	$hex_api_key = yms_hex_encode(base64_decode($g_api_key));
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	36	$right_sig = yubikey_sign($_GET, $hex_api_key);
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	37	if ( $right_sig !== $_GET['h'] )
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	38	{
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	39	yms_send_reply('BAD_SIGNATURE');
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	40	}
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	41	}
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	42
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	43	$GLOBALS['g_api_key'] =& $g_api_key;
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	44
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	45	yms_send_reply(yms_validate_otp($_GET['otp'], $id));
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	46	}
9997bee9ad03 First commit. Lacks key deletion support and an admin CP for controlling options. Dan parents: diff changeset	47

author	Dan Fuhry <dan@enanocms.org>
	Fri, 20 Aug 2010 01:43:08 -0400
changeset 7	3db638306413
parent 0	9997bee9ad03
child 10	351d40b21cbc
permissions	-rw-r--r--