Yubikey support: plugins/yubikey/auth.php@2114640729a5 (annotated)

0 9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	1	<?php
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	2
3 d0fe7acaf0e8 Maybe we could actually make yubikey_enable in config not ignored! Dan parents: 2 diff changeset	3	if ( getConfig('yubikey_enable', '1') != '1' )
d0fe7acaf0e8 Maybe we could actually make yubikey_enable in config not ignored! Dan parents: 2 diff changeset	4	return true;
d0fe7acaf0e8 Maybe we could actually make yubikey_enable in config not ignored! Dan parents: 2 diff changeset	5
0 9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	6	// hook into auth
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	7	$plugins->attachHook('login_process_userdata_json', 'return yubikey_auth_hook_json($userinfo, $req["level"], @$req["remember"]);');
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	8	// hook into special page init
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	9	$plugins->attachHook('session_started', 'yubikey_add_special_pages();');
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	10
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	11	function yubikey_auth_hook_json(&$userdata, $level, $remember)
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	12	{
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	13	global $db, $session, $paths, $template, $plugins; // Common objects
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	14	global $lang;
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	15
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	16	$do_validate_otp = false;
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	17	$do_validate_user = false;
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	18	$do_validate_pass = false;
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	19
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	20	$user_flag = ( $level >= USER_LEVEL_CHPREF ) ? YK_SEC_ELEV_USERNAME : YK_SEC_NORMAL_USERNAME;
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	21	$pass_flag = ( $level >= USER_LEVEL_CHPREF ) ? YK_SEC_ELEV_PASSWORD : YK_SEC_NORMAL_PASSWORD;
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	22
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	23	$auth_log_prefix = ( $level >= USER_LEVEL_CHPREF ) ? 'admin_' : '';
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	24
2 6edc6ebb3b39 Minor: if input OTP is empty and password looks like OTP, now copies password to OTP in memory and treats password field as OTP. Will require patch in Enano trunk to work for html login. Dan parents: 0 diff changeset	25	// Sort of a hack: if the password looks like an OTP and the OTP field is empty, use the password as the OTP
6edc6ebb3b39 Minor: if input OTP is empty and password looks like OTP, now copies password to OTP in memory and treats password field as OTP. Will require patch in Enano trunk to work for html login. Dan parents: 0 diff changeset	26	if ( empty($userdata['yubikey_otp']) && preg_match('/^[cbdefghijklnrtuv]{44}$/', $userdata['password'] ) )
6edc6ebb3b39 Minor: if input OTP is empty and password looks like OTP, now copies password to OTP in memory and treats password field as OTP. Will require patch in Enano trunk to work for html login. Dan parents: 0 diff changeset	27	{
6edc6ebb3b39 Minor: if input OTP is empty and password looks like OTP, now copies password to OTP in memory and treats password field as OTP. Will require patch in Enano trunk to work for html login. Dan parents: 0 diff changeset	28	$userdata['yubikey_otp'] = $userdata['password'];
6edc6ebb3b39 Minor: if input OTP is empty and password looks like OTP, now copies password to OTP in memory and treats password field as OTP. Will require patch in Enano trunk to work for html login. Dan parents: 0 diff changeset	29	}
6edc6ebb3b39 Minor: if input OTP is empty and password looks like OTP, now copies password to OTP in memory and treats password field as OTP. Will require patch in Enano trunk to work for html login. Dan parents: 0 diff changeset	30
0 9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	31	if ( !empty($userdata['username']) )
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	32	{
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	33	// get flags
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	34	$q = $db->sql_query('SELECT user_id, user_yubikey_flags FROM ' . table_prefix . "users WHERE " . ENANO_SQLFUNC_LOWERCASE . "(username) = '" . $db->escape(strtolower($userdata['username'])) . "';");
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	35	if ( !$q )
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	36	$db->die_json();
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	37
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	38	if ( $db->numrows() < 1 )
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	39	{
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	40	// Username not found - let the main login function handle it
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	41	$db->free_result();
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	42	return null;
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	43	}
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	44	list($user_id, $flags) = $db->fetchrow_num();
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	45	$flags = intval($flags);
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	46	// At the point the username is validated.
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	47	$do_validate_user = false;
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	48	$do_validate_pass = $flags & $pass_flag;
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	49	if ( empty($userdata['yubikey_otp']) )
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	50	{
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	51	// no OTP was provided
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	52	// make sure the user has allowed logging in with no OTP
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	53	if ( !($flags & YK_SEC_ALLOW_NO_OTP) )
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	54	{
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	55	// We also might have no Yubikeys enrolled.
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	56	$q = $db->sql_query('SELECT 1 FROM ' . table_prefix . "yubikey WHERE user_id = $user_id;");
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	57	if ( !$q )
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	58	$db->die_json();
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	59
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	60	if ( $db->numrows() > 0 )
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	61	{
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	62	// Yep at least one key is enrolled.
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	63	// I don't think these should be logged because they'll usually just be innocent mistakes.
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	64	$db->free_result();
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	65	return array(
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	66	'mode' => 'error',
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	67	'error' => 'yubiauth_err_must_have_otp'
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	68	);
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	69	}
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	70	// Nope, no keys enrolled, user hasn't enabled Yubikey support
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	71	$db->free_result();
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	72	}
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	73	// we're ok, use normal password auth
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	74	return null;
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	75	}
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	76	else
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	77	{
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	78	// user did enter an OTP
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	79	$do_validate_otp = true;
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	80	}
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	81	}
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	82	else if ( !empty($userdata['yubikey_otp']) )
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	83	{
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	84	// we have an OTP, but no username to work with
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	85	$yubi_uid = substr($userdata['yubikey_otp'], 0, 12);
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	86	if ( !preg_match('/^[cbdefghijklnrtuv]{12}$/', $yubi_uid ) )
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	87	{
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	88	return array(
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	89	'mode' => 'error',
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	90	'error' => 'yubiauth_err_invalid_otp'
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	91	);
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	92	}
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	93	$q = $db->sql_query('SELECT u.user_id, u.username, u.user_yubikey_flags FROM ' . table_prefix . "users AS u\n"
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	94	. " LEFT JOIN " . table_prefix . "yubikey AS y\n"
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	95	. " ON ( y.user_id = u.user_id )\n"
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	96	. " WHERE y.yubi_uid = '$yubi_uid'\n"
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	97	. " GROUP BY u.user_yubikey_flags;");
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	98	if ( !$q )
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	99	$db->_die();
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	100
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	101	if ( $db->numrows() < 1 )
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	102	{
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	103	if ( !$do_validate_pass )
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	104	$session->sql('INSERT INTO ' . table_prefix . "logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES\n"
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	105	. ' (\'security\', \'' . $auth_log_prefix . 'auth_bad\', '.time().', \''.enano_date('d M Y h:i a').'\', \'(Yubikey)\', '
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	106	. '\''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')');
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	107
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	108	return array(
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	109	'mode' => 'error',
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	110	'error' => 'yubiauth_err_key_not_authorized'
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	111	);
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	112	}
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	113
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	114	list($user_id, $username, $flags) = $db->fetchrow_num();
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	115	$do_validate_otp = true;
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	116	$do_validate_user = $flags & $user_flag;
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	117	$do_validate_pass = $flags & $pass_flag;
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	118	}
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	119	else
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	120	{
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	121	// Nothing - no username or OTP. This request can't be used; throw it out.
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	122	return array(
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	123	'mode' => 'error',
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	124	'error' => 'yubiauth_err_nothing_provided'
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	125	);
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	126	}
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	127	if ( $do_validate_otp )
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	128	{
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	129	// We need to validate the OTP.
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	130	$otp_check = yubikey_validate_otp($userdata['yubikey_otp']);
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	131	if ( !$otp_check['success'] )
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	132	{
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	133	if ( !$do_validate_pass )
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	134	$session->sql('INSERT INTO ' . table_prefix . "logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES\n"
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	135	. ' (\'security\', \'' . $auth_log_prefix . 'auth_bad\', '.time().', \''.enano_date('d M Y h:i a').'\', \'(Yubikey)\', '
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	136	. '\''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')');
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	137	return array(
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	138	'mode' => 'error',
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	139	'error' => 'yubiauth_err_' . $otp_check['error']
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	140	);
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	141	}
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	142	}
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	143	if ( $do_validate_user )
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	144	{
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	145	if ( empty($username) )
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	146	{
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	147	return array(
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	148	'mode' => 'error',
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	149	'error' => 'yubiauth_err_must_have_username'
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	150	);
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	151	}
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	152	if ( strtolower($username) !== strtolower($userdata['username']) )
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	153	{
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	154	// Username incorrect
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	155	if ( !$do_validate_pass )
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	156	$session->sql('INSERT INTO ' . table_prefix . "logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES\n"
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	157	. ' (\'security\', \'' . $auth_log_prefix . 'auth_bad\', '.time().', \''.enano_date('d M Y h:i a').'\', \'(Yubikey)\', '
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	158	. '\''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')');
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	159	return array(
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	160	'mode' => 'error',
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	161	'error' => 'invalid_credentials'
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	162	);
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	163	}
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	164	}
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	165	// Do we need to have the password validated?
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	166	if ( $do_validate_pass )
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	167	{
5 2114640729a5 Auth: added string for pass required Dan parents: 3 diff changeset	168	if ( empty($userdata['password']) )
2114640729a5 Auth: added string for pass required Dan parents: 3 diff changeset	169	{
2114640729a5 Auth: added string for pass required Dan parents: 3 diff changeset	170	return array(
2114640729a5 Auth: added string for pass required Dan parents: 3 diff changeset	171	'mode' => 'error',
2114640729a5 Auth: added string for pass required Dan parents: 3 diff changeset	172	'error' => 'yubiauth_err_must_have_password'
2114640729a5 Auth: added string for pass required Dan parents: 3 diff changeset	173	);
2114640729a5 Auth: added string for pass required Dan parents: 3 diff changeset	174	}
0 9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	175	// Yes; return and let the login API continue
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	176	return null;
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	177	}
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	178	else
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	179	{
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	180	// No password required; validated, issue session key
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	181	$session->sql('INSERT INTO ' . table_prefix . "logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES\n"
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	182	. ' (\'security\', \'' . $auth_log_prefix . 'auth_good\', '.time().', \''.enano_date('d M Y h:i a').'\', \'' . $db->escape($userdata['username']) . '\', '
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	183	. '\''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')');
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	184
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	185	$q = $db->sql_query('SELECT password FROM ' . table_prefix . "users WHERE user_id = $user_id;");
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	186	if ( !$q )
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	187	$db->_die();
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	188
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	189	list($password) = $db->fetchrow_num();
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	190	$db->free_result();
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	191
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	192	$session->register_session($user_id, $userdata['username'], $password, $level, $remember);
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	193	return true;
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	194	}
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	195	}
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	196
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	197	function yubikey_add_special_pages()
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	198	{
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	199	global $db, $session, $paths, $template, $plugins; // Common objects
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	200	global $lang;
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	201
3 d0fe7acaf0e8 Maybe we could actually make yubikey_enable in config not ignored! Dan parents: 2 diff changeset	202	if ( getConfig('yubikey_enable', '1') != '1' )
d0fe7acaf0e8 Maybe we could actually make yubikey_enable in config not ignored! Dan parents: 2 diff changeset	203	return true;
d0fe7acaf0e8 Maybe we could actually make yubikey_enable in config not ignored! Dan parents: 2 diff changeset	204
0 9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	205	$paths->add_page(array(
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	206	'name' => $lang->get('yubiauth_specialpage_yubikey'),
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	207	'urlname' => 'Yubikey',
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	208	'namespace' => 'Special',
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	209	'visible' => 0, 'protected' => 0, 'comments_on' => 0, 'special' => 0
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	210	));
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	211	}
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	212
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	213	function page_Special_Yubikey()
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	214	{
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	215	global $db, $session, $paths, $template, $plugins; // Common objects
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	216
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	217	header('Content-type: text/javascript');
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	218	/*
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	219	if ( isset($_GET['validate_otp']) )
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	220	{
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	221	echo enano_json_encode(yubikey_validate_otp($_GET['validate_otp']));
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	222	return true;
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	223	}
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	224	*/
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	225	if ( isset($_GET['get_flags']) \|\| isset($_POST['get_flags']) )
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	226	{
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	227	$yubi_uid = substr($_REQUEST['get_flags'], 0, 12);
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	228	if ( !preg_match('/^[cbdefghijklnrtuv]{12}$/', $yubi_uid) )
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	229	{
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	230	return print enano_json_encode(array(
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	231	'mode' => 'error',
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	232	'error' => 'invalid_otp'
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	233	));
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	234	}
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	235	$q = $db->sql_query('SELECT u.user_yubikey_flags FROM ' . table_prefix . "users AS u\n"
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	236	. " LEFT JOIN " . table_prefix . "yubikey AS y\n"
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	237	. " ON ( y.user_id = u.user_id )\n"
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	238	. " WHERE y.yubi_uid = '$yubi_uid'\n"
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	239	. " GROUP BY u.user_yubikey_flags;");
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	240	if ( !$q )
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	241	$db->_die();
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	242
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	243	if ( $db->numrows() < 1 )
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	244	{
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	245	return print enano_json_encode(array(
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	246	'mode' => 'error',
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	247	'error' => 'key_not_authorized'
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	248	));
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	249	}
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	250
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	251	list($flags) = $db->fetchrow_num();
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	252
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	253	echo enano_json_encode(array(
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	254	// We strip YK_SEC_ALLOW_NO_OTP here for security reasons.
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	255	'flags' => intval($flags & ~YK_SEC_ALLOW_NO_OTP)
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	256	));
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	257
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	258	return true;
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	259	}
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	260	}
9d2c4f04a0d0 First commit! Hoping everything works. Dan parents: diff changeset	261

author	Dan
	Sun, 01 Mar 2009 20:41:17 -0500
changeset 5	2114640729a5
parent 3	d0fe7acaf0e8
child 17	e04c0f64e972
permissions	-rw-r--r--