Yubikey support: plugins/yubikey/usercp.php@03d6287d4a8b (annotated)

0 9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	1	<?php
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	2
3 d0fe7acaf0e8 Maybe we could actually make yubikey_enable in config not ignored! Dan parents: 0 diff changeset	3	if ( getConfig('yubikey_enable', '1') != '1' )
d0fe7acaf0e8 Maybe we could actually make yubikey_enable in config not ignored! Dan parents: 0 diff changeset	4	return true;
d0fe7acaf0e8 Maybe we could actually make yubikey_enable in config not ignored! Dan parents: 0 diff changeset	5
0 9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	6	$plugins->attachHook("userprefs_jbox", "yubikey_ucp_setup();");
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	7	$plugins->attachHook("userprefs_body", "return yubikey_user_cp(\$section);");
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	8	$plugins->attachHook("login_form_html", "yubikey_inject_html_login();");
8 032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	9	$plugins->attachHook("ucp_register_form", "yubikey_inject_registration_form();");
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	10	$plugins->attachHook("ucp_register_validate", "yubikey_register_validate(\$error);");
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	11	$plugins->attachHook("user_registered", "yubikey_register_insert_key(\$user_id);");
0 9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	12
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	13	function yubikey_ucp_setup()
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	14	{
15 c479ca761d29 Yubikey user CP now requires re-auth to CHPREF. Didn't win YubiKing :-( Dan parents: 8 diff changeset	15	userprefs_menu_add('usercp_sec_profile', 'yubiucp_panel_title', makeUrlNS('Special', 'Preferences/Yubikey') . '" onclick="ajaxLoginNavTo(\'Special\', \'Preferences/Yubikey\', '.USER_LEVEL_CHPREF.'); return false;');
0 9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	16	}
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	17
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	18	function yubikey_user_cp($section)
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	19	{
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	20	global $db, $session, $paths, $template, $plugins; // Common objects
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	21	global $lang;
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	22
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	23	if ( $section !== 'Yubikey' )
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	24	return false;
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	25
15 c479ca761d29 Yubikey user CP now requires re-auth to CHPREF. Didn't win YubiKing :-( Dan parents: 8 diff changeset	26	if ( $session->auth_level < USER_LEVEL_CHPREF )
c479ca761d29 Yubikey user CP now requires re-auth to CHPREF. Didn't win YubiKing :-( Dan parents: 8 diff changeset	27	{
c479ca761d29 Yubikey user CP now requires re-auth to CHPREF. Didn't win YubiKing :-( Dan parents: 8 diff changeset	28	redirect(makeUrlNS('Special', 'Login/' . $paths->fullpage, 'level=' . USER_LEVEL_CHPREF, true), 'Authentication required', 'You need to re-authenticate to access this page.', 0);
c479ca761d29 Yubikey user CP now requires re-auth to CHPREF. Didn't win YubiKing :-( Dan parents: 8 diff changeset	29	}
c479ca761d29 Yubikey user CP now requires re-auth to CHPREF. Didn't win YubiKing :-( Dan parents: 8 diff changeset	30
0 9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	31	$count_enabled = intval(getConfig('yubikey_enroll_limit', '3'));
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	32
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	33	if ( isset($_POST['submit']) )
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	34	{
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	35	csrf_request_confirm();
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	36
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	37	$keys = array();
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	38	if ( isset($_POST['yubikey_enable']) )
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	39	{
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	40	for ( $i = 0; $i < $count_enabled; $i++ )
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	41	{
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	42	if ( !empty($_POST["yubikey_otp_$i"]) )
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	43	{
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	44	$ckey =& $_POST["yubikey_otp_$i"];
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	45	if ( preg_match('/^[cbdefghijklnrtuv]{12,44}$/', $ckey) )
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	46	{
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	47	$ckey = substr($ckey, 0, 12);
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	48	$keys[] = $ckey;
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	49	}
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	50	unset($ckey);
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	51	}
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	52	}
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	53	}
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	54	// Check for double enrollment
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	55	$keys_check = "yubi_uid = '" . implode("' OR yubi_uid = '", $keys) . "'";
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	56	$q = $db->sql_query('SELECT yubi_uid FROM ' . table_prefix . "yubikey WHERE ( $keys_check ) AND user_id != {$session->user_id};");
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	57	if ( !$q )
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	58	$db->_die();
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	59
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	60	if ( $db->numrows() > 0 )
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	61	{
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	62	echo '<div class="error-box" style="margin: 0 0 10px 0;">' . $lang->get('yubiucp_err_double_enrollment') . '</div>';
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	63	while ( $row = $db->fetchrow() )
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	64	{
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	65	foreach ( $keys as $i => $key )
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	66	{
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	67	if ( $key == $row['yubi_uid'] )
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	68	{
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	69	unset($keys[$i]);
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	70	}
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	71	}
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	72	}
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	73	$keys = array_values($keys);
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	74	}
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	75	$db->free_result();
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	76
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	77	// Remove all currently registered keys
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	78	$q = $db->sql_query('DELETE FROM ' . table_prefix . "yubikey WHERE user_id = {$session->user_id};");
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	79	if ( !$q )
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	80	$db->_die();
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	81
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	82	// Enroll any new keys
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	83	if ( !empty($keys) )
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	84	{
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	85	$query = 'INSERT INTO ' . table_prefix . "yubikey(user_id, yubi_uid) VALUES\n " .
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	86	"( $session->user_id, '" . implode("' ),\n ( $session->user_id, '", $keys) . "' );";
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	87	if ( !$db->sql_query($query) )
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	88	$db->_die();
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	89	}
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	90
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	91	// Calculate flags
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	92	$yubi_flags = 0;
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	93	$yubi_flags \|= intval($_POST['login_normal_flags']);
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	94	$yubi_flags \|= intval($_POST['login_elev_flags']);
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	95	$yubi_flags \|= ( isset($_POST['allow_no_yubikey']) ) ? YK_SEC_ALLOW_NO_OTP : 0;
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	96
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	97	// update flags
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	98	$q = $db->sql_query('UPDATE ' . table_prefix . "users SET user_yubikey_flags = $yubi_flags WHERE user_id = {$session->user_id};");
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	99	if ( !$q )
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	100	$db->_die();
32 b00055a88867 Added session key salt support Dan parents: 15 diff changeset	101
b00055a88867 Added session key salt support Dan parents: 15 diff changeset	102	// regenerate session
b00055a88867 Added session key salt support Dan parents: 15 diff changeset	103	$q = $db->sql_query('SELECT password FROM ' . table_prefix . "users WHERE user_id = {$session->user_id};");
b00055a88867 Added session key salt support Dan parents: 15 diff changeset	104	if ( !$q )
b00055a88867 Added session key salt support Dan parents: 15 diff changeset	105	$db->_die();
b00055a88867 Added session key salt support Dan parents: 15 diff changeset	106	list($password_hmac) = $db->fetchrow_num();
b00055a88867 Added session key salt support Dan parents: 15 diff changeset	107
35 03d6287d4a8b Modified yubifields in forms to show the OTP prefix; modified some strings Dan parents: 32 diff changeset	108	@$session->register_session($session->user_id, $session->username, $password_hmac, USER_LEVEL_MEMBER, false);
32 b00055a88867 Added session key salt support Dan parents: 15 diff changeset	109	$session->logout(USER_LEVEL_CHPREF);
b00055a88867 Added session key salt support Dan parents: 15 diff changeset	110
b00055a88867 Added session key salt support Dan parents: 15 diff changeset	111	// redirect back to normal CP
35 03d6287d4a8b Modified yubifields in forms to show the OTP prefix; modified some strings Dan parents: 32 diff changeset	112	// if OB-ing isn't enabled, require a JS redirect (hey, not many other options...)
03d6287d4a8b Modified yubifields in forms to show the OTP prefix; modified some strings Dan parents: 32 diff changeset	113	if ( @ob_get_contents() )
03d6287d4a8b Modified yubifields in forms to show the OTP prefix; modified some strings Dan parents: 32 diff changeset	114	{
03d6287d4a8b Modified yubifields in forms to show the OTP prefix; modified some strings Dan parents: 32 diff changeset	115	@ob_end_clean();
03d6287d4a8b Modified yubifields in forms to show the OTP prefix; modified some strings Dan parents: 32 diff changeset	116	redirect(makeUrlNS('Special', 'Preferences'), $lang->get('yubiucp_msg_save_title'), $lang->get('yubiucp_msg_save_body'), 3);
03d6287d4a8b Modified yubifields in forms to show the OTP prefix; modified some strings Dan parents: 32 diff changeset	117	}
03d6287d4a8b Modified yubifields in forms to show the OTP prefix; modified some strings Dan parents: 32 diff changeset	118	else
03d6287d4a8b Modified yubifields in forms to show the OTP prefix; modified some strings Dan parents: 32 diff changeset	119	{
03d6287d4a8b Modified yubifields in forms to show the OTP prefix; modified some strings Dan parents: 32 diff changeset	120	echo '<h3>' . $lang->get('yubiucp_msg_save_title') . '</h3>';
03d6287d4a8b Modified yubifields in forms to show the OTP prefix; modified some strings Dan parents: 32 diff changeset	121	echo '<p>' . $lang->get('yubiucp_msg_save_body') . '</p>';
03d6287d4a8b Modified yubifields in forms to show the OTP prefix; modified some strings Dan parents: 32 diff changeset	122	// not much choice here, i'm resorting to javascript because the user CP always
03d6287d4a8b Modified yubifields in forms to show the OTP prefix; modified some strings Dan parents: 32 diff changeset	123	// sends headers :-/
03d6287d4a8b Modified yubifields in forms to show the OTP prefix; modified some strings Dan parents: 32 diff changeset	124	echo '<script type="text/javascript">
03d6287d4a8b Modified yubifields in forms to show the OTP prefix; modified some strings Dan parents: 32 diff changeset	125	addOnloadHook(function()
03d6287d4a8b Modified yubifields in forms to show the OTP prefix; modified some strings Dan parents: 32 diff changeset	126	{' .
03d6287d4a8b Modified yubifields in forms to show the OTP prefix; modified some strings Dan parents: 32 diff changeset	127	// note: $_COOKIE['sid'] has just been assigned by $session->register_session() - so it's safe to use here.
03d6287d4a8b Modified yubifields in forms to show the OTP prefix; modified some strings Dan parents: 32 diff changeset	128	'
03d6287d4a8b Modified yubifields in forms to show the OTP prefix; modified some strings Dan parents: 32 diff changeset	129	createCookie(\'sid\', \'' . $_COOKIE['sid'] . '\');
03d6287d4a8b Modified yubifields in forms to show the OTP prefix; modified some strings Dan parents: 32 diff changeset	130	window.location = makeUrlNS(\'Special\', \'Preferences\');
03d6287d4a8b Modified yubifields in forms to show the OTP prefix; modified some strings Dan parents: 32 diff changeset	131	});
03d6287d4a8b Modified yubifields in forms to show the OTP prefix; modified some strings Dan parents: 32 diff changeset	132	</script>';
03d6287d4a8b Modified yubifields in forms to show the OTP prefix; modified some strings Dan parents: 32 diff changeset	133	return true;
03d6287d4a8b Modified yubifields in forms to show the OTP prefix; modified some strings Dan parents: 32 diff changeset	134	}
0 9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	135	}
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	136	else
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	137	{
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	138	// Fetch flags
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	139	$q = $db->sql_query('SELECT user_yubikey_flags FROM ' . table_prefix . "users WHERE user_id = {$session->user_id};");
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	140	if ( !$q )
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	141	$db->_die();
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	142
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	143	list($yubi_flags) = $db->fetchrow_num();
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	144	$yubi_flags = intval($yubi_flags);
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	145	// Fetch user's authorized keys from the DB
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	146	$q = $db->sql_query('SELECT yubi_uid FROM ' . table_prefix . "yubikey WHERE user_id = {$session->user_id};");
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	147	if ( !$q )
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	148	$db->_die();
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	149
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	150	$keys = array();
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	151	while ( $row = $db->fetchrow() )
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	152	{
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	153	$keys[] = $row['yubi_uid'];
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	154	}
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	155	$db->free_result();
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	156	}
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	157
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	158	while ( count($keys) < $count_enabled )
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	159	{
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	160	$keys[] = false;
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	161	}
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	162
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	163	$enable_checked = ( $keys[0] === false && !isset($_POST['yubikey_enable']) ) ? '' : 'checked="checked"';
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	164	$displaytable = ( $keys[0] === false && !isset($_POST['yubikey_enable']) ) ? 'none' : 'block';
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	165
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	166	$check_normal_keyonly = ( !($yubi_flags & YK_SEC_NORMAL_USERNAME) && !($yubi_flags & YK_SEC_NORMAL_PASSWORD) ) ? 'checked="checked" ' : '';
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	167	$check_normal_username = ( ($yubi_flags & YK_SEC_NORMAL_USERNAME) && !($yubi_flags & YK_SEC_NORMAL_PASSWORD) ) ? 'checked="checked" ' : '';
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	168	$check_normal_userandpw = ( ($yubi_flags & YK_SEC_NORMAL_USERNAME) && ($yubi_flags & YK_SEC_NORMAL_PASSWORD) ) ? 'checked="checked" ' : '';
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	169
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	170	$check_elev_keyonly = ( !($yubi_flags & YK_SEC_ELEV_USERNAME) && !($yubi_flags & YK_SEC_ELEV_PASSWORD) ) ? 'checked="checked" ' : '';
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	171	$check_elev_username = ( ($yubi_flags & YK_SEC_ELEV_USERNAME) && !($yubi_flags & YK_SEC_ELEV_PASSWORD) ) ? 'checked="checked" ' : '';
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	172	$check_elev_userandpw = ( ($yubi_flags & YK_SEC_ELEV_USERNAME) && ($yubi_flags & YK_SEC_ELEV_PASSWORD) ) ? 'checked="checked" ' : '';
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	173
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	174	?>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	175	<h3 style="margin-top: 0;"><?php echo $lang->get('yubiucp_panel_title'); ?></h3>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	176
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	177	<form action="<?php echo makeUrlNS('Special', 'Preferences/Yubikey'); ?>" method="post">
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	178
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	179	<div>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	180	<table border="0" cellpadding="4" width="100%">
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	181	<tr>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	182	<td style="width: 50%; text-align: right;">
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	183	<?php echo $lang->get('yubiucp_field_enable_title'); ?><br />
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	184	<small><?php echo $lang->get('yubiucp_field_enable_hint'); ?></small>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	185	</td>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	186	<td style="width: 50%;">
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	187	<label>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	188	<input type="checkbox" name="yubikey_enable" onclick="if ( $(this).attr('checked') ) $('#yk_useroptions').show('blind'); else $('#yk_useroptions').hide('blind');" <?php echo $enable_checked; ?> />
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	189	<?php echo $lang->get('yubiucp_field_enable'); ?>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	190	</label>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	191	</td>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	192	</tr>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	193	</table>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	194	<table border="0" cellpadding="4" width="100%" id="yk_useroptions" style="display: <?php echo $displaytable ?>;">
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	195	<tr class="yk_alt1">
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	196	<td style="width: 50%; text-align: right;">
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	197	<?php echo $lang->get('yubiucp_field_keys_title'); ?><br />
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	198	<small><?php
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	199	echo $lang->get('yubiucp_field_keys_hint');
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	200	if ( $count_enabled > 1 )
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	201	{
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	202	echo ' ';
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	203	echo $lang->get('yubiucp_field_keys_maximum', array('max' => $count_enabled));
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	204	}
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	205	?></small>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	206	</td>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	207	<td style="width: 50%;">
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	208	<?php
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	209	for ( $i = 0; $i < $count_enabled; $i++ )
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	210	{
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	211	echo '<p>' . generate_yubikey_field('yubikey_otp_' . $i, $keys[$i]) . '</p>';
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	212	}
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	213	?>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	214	</td>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	215	</tr>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	216	<tr>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	217	<td style="width: 50%; text-align: right;">
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	218	<?php echo $lang->get('yubiucp_field_normal_flags'); ?>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	219	</td>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	220	<td>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	221	<label>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	222	<input type="radio" name="login_normal_flags" value="0" <?php echo $check_normal_keyonly; ?>/>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	223	<?php echo $lang->get('yubiucp_field_flags_keyonly'); ?>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	224	</label>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	225
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	226	<br />
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	227
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	228	<label>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	229	<input type="radio" name="login_normal_flags" value="<?php echo strval(YK_SEC_NORMAL_USERNAME); ?>" <?php echo $check_normal_username; ?>/>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	230	<?php echo $lang->get('yubiucp_field_flags_username'); ?>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	231	</label>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	232
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	233	<br />
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	234
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	235	<label>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	236	<input type="radio" name="login_normal_flags" value="<?php echo strval(YK_SEC_NORMAL_USERNAME \| YK_SEC_NORMAL_PASSWORD); ?>" <?php echo $check_normal_userandpw; ?>/>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	237	<?php echo $lang->get('yubiucp_field_flags_userandpw'); ?>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	238	</label>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	239	</td>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	240	</tr>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	241	<tr class="yk_alt1">
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	242	<td style="width: 50%; text-align: right;">
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	243	<?php echo $lang->get('yubiucp_field_elev_flags'); ?>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	244	</td>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	245	<td>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	246	<label>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	247	<input type="radio" name="login_elev_flags" value="0" <?php echo $check_elev_keyonly; ?>/>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	248	<?php echo $lang->get('yubiucp_field_flags_keyonly'); ?>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	249	</label>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	250
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	251	<br />
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	252
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	253	<label>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	254	<input type="radio" name="login_elev_flags" value="<?php echo strval(YK_SEC_ELEV_USERNAME); ?>" <?php echo $check_elev_username; ?>/>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	255	<?php echo $lang->get('yubiucp_field_flags_username'); ?>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	256	</label>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	257
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	258	<br />
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	259
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	260	<label>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	261	<input type="radio" name="login_elev_flags" value="<?php echo strval(YK_SEC_ELEV_USERNAME \| YK_SEC_ELEV_PASSWORD); ?>" <?php echo $check_elev_userandpw; ?>/>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	262	<?php echo $lang->get('yubiucp_field_flags_userandpw'); ?>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	263	</label>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	264	</td>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	265	</tr>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	266	<tr>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	267	<td>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	268	</td>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	269	<td>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	270	<label>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	271	<input type="checkbox" name="allow_no_yubikey" <?php if ( $yubi_flags & YK_SEC_ALLOW_NO_OTP ) echo 'checked="checked" '; ?>/>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	272	<?php echo $lang->get('yubiucp_field_allow_plain_login'); ?>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	273	</label>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	274	<br />
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	275	<small>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	276	<?php echo $lang->get('yubiucp_field_allow_plain_login_hint'); ?>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	277	</small>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	278	</td>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	279	</tr>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	280	</table>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	281	<table border="0" cellpadding="4" width="100%">
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	282	<tr class="yk_alt1">
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	283	<td colspan="2" style="text-align: center;">
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	284	<input type="submit" name="submit" value="<?php echo $lang->get('etc_save_changes'); ?>" />
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	285	</td>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	286	</tr>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	287	</table>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	288	</div>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	289
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	290	<input type="hidden" name="cstok" value="<?php echo $session->csrf_token; ?>" />
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	291
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	292	</form>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	293	<?php
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	294
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	295	return true;
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	296	}
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	297
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	298	function yubikey_inject_html_login()
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	299	{
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	300	global $lang;
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	301	?>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	302	<tr>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	303	<td class="row2">
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	304	<?php echo $lang->get('yubiauth_lbl_otp_field'); ?>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	305	</td>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	306	<td class="row1" colspan="2">
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	307	<input type="text" size="40" class="yubikey_noscript" name="yubikey_otp" />
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	308	</td>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	309	</tr>
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	310	<?php
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	311	}
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	312
8 032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	313	function yubikey_inject_registration_form()
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	314	{
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	315	global $lang;
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	316
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	317	$preset_otp = isset($_POST['yubikey_otp']) ? $_POST['yubikey_otp'] : false;
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	318	?>
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	319	<tr>
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	320	<td class="row1">
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	321	<?php echo $lang->get('yubiucp_reg_field_otp'); ?><br />
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	322	<small><?php
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	323	if ( getConfig('yubikey_reg_require_otp', '0') == '1' )
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	324	echo $lang->get('yubiucp_reg_field_otp_hint_required');
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	325	else
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	326	echo $lang->get('yubiucp_reg_field_otp_hint_optional');
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	327	?></small>
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	328	</td>
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	329	<td class="row1">
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	330	<?php
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	331	echo generate_yubikey_field('yubikey_otp', $preset_otp);
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	332	?>
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	333	</td>
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	334	<td class="row1">
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	335	</td>
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	336	</tr>
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	337	<?php
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	338	}
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	339
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	340	function yubikey_register_validate(&$error)
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	341	{
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	342	global $db, $session, $paths, $template, $plugins; // Common objects
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	343	global $lang;
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	344
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	345	$otp_required = getConfig('yubikey_reg_require_otp', '0') == '1';
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	346	$have_otp = !empty($_POST['yubikey_otp']);
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	347	if ( $otp_required && !$have_otp )
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	348	{
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	349	$error = $lang->get('yubiucp_reg_err_otp_required');
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	350	return false;
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	351	}
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	352	if ( $have_otp )
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	353	{
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	354	$result = yubikey_validate_otp($_POST['yubikey_otp']);
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	355	if ( !$result['success'] )
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	356	{
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	357	$error = '<b>' . $lang->get('yubiucp_reg_err_otp_invalid') . '</b><br />' . $lang->get("yubiauth_err_{$result['error']}");
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	358	return false;
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	359	}
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	360	// check for double enrollment
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	361	$yubi_uid = substr($_POST['yubikey_otp'], 0, 12);
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	362	// Note on SQL injection: yubikey_validate_otp() has already ensured that this is safe
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	363	$q = $db->sql_query('SELECT 1 FROM ' . table_prefix . "yubikey WHERE yubi_uid = '$yubi_uid';");
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	364	if ( !$q )
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	365	$db->_die();
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	366	if ( $db->numrows() > 0 )
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	367	{
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	368	$error = '<b>' . $lang->get('yubiucp_reg_err_otp_invalid') . '</b><br />' . $lang->get('yubiucp_err_double_enrollment_single');
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	369	return false;
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	370	}
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	371	$db->free_result();
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	372	}
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	373	}
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	374
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	375	function yubikey_register_insert_key($user_id)
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	376	{
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	377	global $db, $session, $paths, $template, $plugins; // Common objects
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	378	if ( !empty($_POST['yubikey_otp']) )
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	379	{
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	380	$yubi_uid = $db->escape(substr($_POST['yubikey_otp'], 0, 12));
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	381	$q = $db->sql_query('INSERT INTO ' . table_prefix . "yubikey ( user_id, yubi_uid ) VALUES ( $user_id, '$yubi_uid' );");
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	382	if ( !$q )
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	383	$db->_die();
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	384	}
032ca892b9a2 Added option to enroll Yubikey during registration + option in admin CP to require enrollment Dan parents: 3 diff changeset	385	}

author	Dan
	Fri, 18 Dec 2009 19:29:33 -0500
changeset 35	03d6287d4a8b
parent 32	b00055a88867
child 37	5e946a3f405b
permissions	-rw-r--r--