# HG changeset patch
# User Dan Fuhry <dan@enanocms.org>
# Date 1416859904 18000
# Node ID be4a5f24bb296247977d10842803d2c52898bd6a
# Parent  3db638306413ca4a9a057b1c0e989933833cf077
Add support for freezing the YMS client ID

diff -r 3db638306413 -r be4a5f24bb29 YubikeyManagement.php
--- a/YubikeyManagement.php	Fri Aug 20 01:43:08 2010 -0400
+++ b/YubikeyManagement.php	Mon Nov 24 15:11:44 2014 -0500
@@ -192,6 +192,8 @@
         acp_field_claim_enable_hint: 'If you plan to program your own Yubikeys and give them to others, enable this to allow them to create YMS accounts and "claim" the keys so they can see AES secrets and control settings on their keys.<br />
                                       If you enable this, all Administrators will see an option when adding a new key to put it into the pool of unclaimed keys.<br />
                                       To claim a Yubikey, YMS requires users to enter a valid OTP, and optionally, an additional field you may configure below.',
+		acp_field_force_client_id_title: 'Shared client ID:',
+		acp_field_force_client_id_hint: 'If set, all Yubikeys will be registered to the same underlying client account. This allows everyone on the site to manage a single pool of Yubikeys using different accounts.',
         acp_field_claim_enable: 'Enable the claim system',
         acp_field_claimauth_enable_title: 'Use external authentication when claiming Yubikeys:',
         acp_field_claimauth_enable_hint: 'This allows you to require an additional value - for example, the receipt number from the user\'s Yubikey order - when Yubikeys are claimed.',
diff -r 3db638306413 -r be4a5f24bb29 yms/admincp.php
--- a/yms/admincp.php	Fri Aug 20 01:43:08 2010 -0400
+++ b/yms/admincp.php	Mon Nov 24 15:11:44 2014 -0500
@@ -21,6 +21,7 @@
   if ( isset($_POST['submit']) )
   {
     setConfig('yms_require_reauth', isset($_POST['require_reauth']) ? '1' : '0');
+    setConfig('yms_force_client_id', !empty($_POST['force_client_id']) && ctype_digit($_POST['force_client_id']) ? $_POST['force_client_id'] : '');
     setConfig('yms_claim_enable', isset($_POST['claim_enable']) ? '1' : '0');
     setConfig('yms_claim_auth_enable', isset($_POST['claimauth_enable']) ? '1' : '0');
     setConfig('yms_claim_auth_field', $_POST['claimauth_field']);
@@ -56,6 +57,16 @@
     
     <tr>
       <td class="row2" style="width: 50%;">
+        <?php echo $lang->get('yms_acp_field_force_client_id_title'); ?><br />
+        <small><?php echo $lang->get('yms_acp_field_force_client_id_hint'); ?></small>
+      </td>
+      <td class="row1" style="width: 50%;">
+        <input type="text" size="5" name="force_client_id" <?php if ( ($force_cid = getConfig('yms_force_client_id', 0)) > 0 ) echo 'value="' . $force_cid . '"'; ?>/>
+      </td>
+    </tr>
+    
+    <tr>
+      <td class="row2" style="width: 50%;">
         <?php echo $lang->get('yms_acp_field_claim_enable_title'); ?><br />
         <small><?php echo $lang->get('yms_acp_field_claim_enable_hint'); ?></small>
       </td>
diff -r 3db638306413 -r be4a5f24bb29 yms/yms.php
--- a/yms/yms.php	Fri Aug 20 01:43:08 2010 -0400
+++ b/yms/yms.php	Mon Nov 24 15:11:44 2014 -0500
@@ -7,7 +7,7 @@
   global $output;
   global $yms_client_id;
   
-  $yms_client_id = $session->user_id;
+  $yms_client_id = ($force_cid = getConfig('yms_force_client_id', 0)) > 0 ? intval($force_cid) : $session->user_id;
   
   // Require re-auth?
   if ( $session->auth_level < USER_LEVEL_CHPREF && getConfig('yms_require_reauth', 1) == 1 )