diff -r 6edb31919f0e -r 9fdc988ce46e yms/backend.php
--- a/yms/backend.php	Sat Aug 01 01:42:21 2009 -0400
+++ b/yms/backend.php	Mon Aug 03 02:52:59 2009 -0400
@@ -5,7 +5,7 @@
   global $db, $session, $paths, $template, $plugins; // Common objects
   
   if ( $client_id === false )
-    $client_id = $session->user_id;
+    $client_id = $GLOBALS['yms_client_id'];
   
   $key = yms_tobinary($key);
   $otp = yms_tobinary($otp);
@@ -66,7 +66,7 @@
   global $db, $session, $paths, $template, $plugins; // Common objects
   
   if ( $client_id === false )
-    $client_id = $session->user_id;
+    $client_id = $GLOBALS['yms_client_id'];
   
   $otp = yms_tobinary($otp);
   
@@ -114,7 +114,7 @@
   global $db, $session, $paths, $template, $plugins; // Common objects
   
   if ( $client_id === false )
-    $client_id = $session->user_id;
+    $client_id = $GLOBALS['yms_client_id'];
   
   $q = $db->sql_query('SELECT 1 FROM ' . table_prefix . "yms_yubikeys WHERE id = $id AND client_id = $client_id;");
   if ( !$q )
@@ -176,6 +176,31 @@
   return true;
 }
 
+function yms_update_counters($id, $scount, $tcount, $client_id = false, $any_client = null)
+{
+  global $db, $session, $paths, $template, $plugins; // Common objects
+  
+  if ( !$client_id )
+    $client_id = intval($GLOBALS['yms_client_id']);
+  
+  foreach ( array($id, $scount, $tcount, $client_id) as $var )
+    if ( (!is_int($var) && !is_string($var)) || (is_string($var) && !ctype_digit($var)) )
+      return "yms_err_expected_int";
+    
+  $any_client_sql = '';
+  if ( is_bool($any_client) )
+  {
+    $operand = $any_client ? "|" : "& ~";
+    $any_client_sql = ", flags = flags " . $operand . YMS_ANY_CLIENT;
+  }
+    
+  $q = $db->sql_query('UPDATE ' . table_prefix . "yms_yubikeys SET session_count = {$scount}, token_count = {$tcount}{$any_client_sql} WHERE id = $id AND client_id = $client_id");
+  if ( !$q )
+    $db->_die();
+  
+  return true;
+}
+
 function yms_get_url($url)
 {
   require_once(ENANO_ROOT . '/includes/http.php');
@@ -291,10 +316,10 @@
     {
       return 'NO_SUCH_KEY';
     }
-    if ( !($flags & YMS_ENABLED) )
-    {
-      return 'NO_SUCH_KEY';
-    }
+  }
+  if ( !($flags & YMS_ENABLED) )
+  {
+    return 'NO_SUCH_KEY';
   }
   
   // decode the OTP