author | Dan |
Thu, 26 Feb 2009 11:30:17 -0500 | |
changeset 3 | d0fe7acaf0e8 |
parent 0 | 9d2c4f04a0d0 |
child 8 | 032ca892b9a2 |
permissions | -rw-r--r-- |
0 | 1 |
<?php |
2 |
||
3
d0fe7acaf0e8
Maybe we could actually make yubikey_enable in config not ignored!
Dan
parents:
0
diff
changeset
|
3 |
if ( getConfig('yubikey_enable', '1') != '1' ) |
d0fe7acaf0e8
Maybe we could actually make yubikey_enable in config not ignored!
Dan
parents:
0
diff
changeset
|
4 |
return true; |
d0fe7acaf0e8
Maybe we could actually make yubikey_enable in config not ignored!
Dan
parents:
0
diff
changeset
|
5 |
|
0 | 6 |
$plugins->attachHook("userprefs_jbox", "yubikey_ucp_setup();"); |
7 |
$plugins->attachHook("userprefs_body", "return yubikey_user_cp(\$section);"); |
|
8 |
$plugins->attachHook("login_form_html", "yubikey_inject_html_login();"); |
|
9 |
||
10 |
function yubikey_ucp_setup() |
|
11 |
{ |
|
12 |
userprefs_menu_add('usercp_sec_profile', 'yubiucp_panel_title', makeUrlNS('Special', 'Preferences/Yubikey')); |
|
13 |
} |
|
14 |
||
15 |
function yubikey_user_cp($section) |
|
16 |
{ |
|
17 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
18 |
global $lang; |
|
19 |
||
20 |
if ( $section !== 'Yubikey' ) |
|
21 |
return false; |
|
22 |
||
23 |
$count_enabled = intval(getConfig('yubikey_enroll_limit', '3')); |
|
24 |
||
25 |
if ( isset($_POST['submit']) ) |
|
26 |
{ |
|
27 |
csrf_request_confirm(); |
|
28 |
||
29 |
$keys = array(); |
|
30 |
if ( isset($_POST['yubikey_enable']) ) |
|
31 |
{ |
|
32 |
for ( $i = 0; $i < $count_enabled; $i++ ) |
|
33 |
{ |
|
34 |
if ( !empty($_POST["yubikey_otp_$i"]) ) |
|
35 |
{ |
|
36 |
$ckey =& $_POST["yubikey_otp_$i"]; |
|
37 |
if ( preg_match('/^[cbdefghijklnrtuv]{12,44}$/', $ckey) ) |
|
38 |
{ |
|
39 |
$ckey = substr($ckey, 0, 12); |
|
40 |
$keys[] = $ckey; |
|
41 |
} |
|
42 |
unset($ckey); |
|
43 |
} |
|
44 |
} |
|
45 |
} |
|
46 |
// Check for double enrollment |
|
47 |
$keys_check = "yubi_uid = '" . implode("' OR yubi_uid = '", $keys) . "'"; |
|
48 |
$q = $db->sql_query('SELECT yubi_uid FROM ' . table_prefix . "yubikey WHERE ( $keys_check ) AND user_id != {$session->user_id};"); |
|
49 |
if ( !$q ) |
|
50 |
$db->_die(); |
|
51 |
||
52 |
if ( $db->numrows() > 0 ) |
|
53 |
{ |
|
54 |
echo '<div class="error-box" style="margin: 0 0 10px 0;">' . $lang->get('yubiucp_err_double_enrollment') . '</div>'; |
|
55 |
while ( $row = $db->fetchrow() ) |
|
56 |
{ |
|
57 |
foreach ( $keys as $i => $key ) |
|
58 |
{ |
|
59 |
if ( $key == $row['yubi_uid'] ) |
|
60 |
{ |
|
61 |
unset($keys[$i]); |
|
62 |
} |
|
63 |
} |
|
64 |
} |
|
65 |
$keys = array_values($keys); |
|
66 |
} |
|
67 |
$db->free_result(); |
|
68 |
||
69 |
// Remove all currently registered keys |
|
70 |
$q = $db->sql_query('DELETE FROM ' . table_prefix . "yubikey WHERE user_id = {$session->user_id};"); |
|
71 |
if ( !$q ) |
|
72 |
$db->_die(); |
|
73 |
||
74 |
// Enroll any new keys |
|
75 |
if ( !empty($keys) ) |
|
76 |
{ |
|
77 |
$query = 'INSERT INTO ' . table_prefix . "yubikey(user_id, yubi_uid) VALUES\n " . |
|
78 |
"( $session->user_id, '" . implode("' ),\n ( $session->user_id, '", $keys) . "' );"; |
|
79 |
if ( !$db->sql_query($query) ) |
|
80 |
$db->_die(); |
|
81 |
} |
|
82 |
||
83 |
// Calculate flags |
|
84 |
$yubi_flags = 0; |
|
85 |
$yubi_flags |= intval($_POST['login_normal_flags']); |
|
86 |
$yubi_flags |= intval($_POST['login_elev_flags']); |
|
87 |
$yubi_flags |= ( isset($_POST['allow_no_yubikey']) ) ? YK_SEC_ALLOW_NO_OTP : 0; |
|
88 |
||
89 |
// update flags |
|
90 |
$q = $db->sql_query('UPDATE ' . table_prefix . "users SET user_yubikey_flags = $yubi_flags WHERE user_id = {$session->user_id};"); |
|
91 |
if ( !$q ) |
|
92 |
$db->_die(); |
|
93 |
} |
|
94 |
else |
|
95 |
{ |
|
96 |
// Fetch flags |
|
97 |
$q = $db->sql_query('SELECT user_yubikey_flags FROM ' . table_prefix . "users WHERE user_id = {$session->user_id};"); |
|
98 |
if ( !$q ) |
|
99 |
$db->_die(); |
|
100 |
||
101 |
list($yubi_flags) = $db->fetchrow_num(); |
|
102 |
$yubi_flags = intval($yubi_flags); |
|
103 |
// Fetch user's authorized keys from the DB |
|
104 |
$q = $db->sql_query('SELECT yubi_uid FROM ' . table_prefix . "yubikey WHERE user_id = {$session->user_id};"); |
|
105 |
if ( !$q ) |
|
106 |
$db->_die(); |
|
107 |
||
108 |
$keys = array(); |
|
109 |
while ( $row = $db->fetchrow() ) |
|
110 |
{ |
|
111 |
$keys[] = $row['yubi_uid']; |
|
112 |
} |
|
113 |
$db->free_result(); |
|
114 |
} |
|
115 |
||
116 |
while ( count($keys) < $count_enabled ) |
|
117 |
{ |
|
118 |
$keys[] = false; |
|
119 |
} |
|
120 |
||
121 |
$enable_checked = ( $keys[0] === false && !isset($_POST['yubikey_enable']) ) ? '' : 'checked="checked"'; |
|
122 |
$displaytable = ( $keys[0] === false && !isset($_POST['yubikey_enable']) ) ? 'none' : 'block'; |
|
123 |
||
124 |
$check_normal_keyonly = ( !($yubi_flags & YK_SEC_NORMAL_USERNAME) && !($yubi_flags & YK_SEC_NORMAL_PASSWORD) ) ? 'checked="checked" ' : ''; |
|
125 |
$check_normal_username = ( ($yubi_flags & YK_SEC_NORMAL_USERNAME) && !($yubi_flags & YK_SEC_NORMAL_PASSWORD) ) ? 'checked="checked" ' : ''; |
|
126 |
$check_normal_userandpw = ( ($yubi_flags & YK_SEC_NORMAL_USERNAME) && ($yubi_flags & YK_SEC_NORMAL_PASSWORD) ) ? 'checked="checked" ' : ''; |
|
127 |
||
128 |
$check_elev_keyonly = ( !($yubi_flags & YK_SEC_ELEV_USERNAME) && !($yubi_flags & YK_SEC_ELEV_PASSWORD) ) ? 'checked="checked" ' : ''; |
|
129 |
$check_elev_username = ( ($yubi_flags & YK_SEC_ELEV_USERNAME) && !($yubi_flags & YK_SEC_ELEV_PASSWORD) ) ? 'checked="checked" ' : ''; |
|
130 |
$check_elev_userandpw = ( ($yubi_flags & YK_SEC_ELEV_USERNAME) && ($yubi_flags & YK_SEC_ELEV_PASSWORD) ) ? 'checked="checked" ' : ''; |
|
131 |
||
132 |
?> |
|
133 |
<h3 style="margin-top: 0;"><?php echo $lang->get('yubiucp_panel_title'); ?></h3> |
|
134 |
||
135 |
<form action="<?php echo makeUrlNS('Special', 'Preferences/Yubikey'); ?>" method="post"> |
|
136 |
||
137 |
<div> |
|
138 |
<table border="0" cellpadding="4" width="100%"> |
|
139 |
<tr> |
|
140 |
<td style="width: 50%; text-align: right;"> |
|
141 |
<?php echo $lang->get('yubiucp_field_enable_title'); ?><br /> |
|
142 |
<small><?php echo $lang->get('yubiucp_field_enable_hint'); ?></small> |
|
143 |
</td> |
|
144 |
<td style="width: 50%;"> |
|
145 |
<label> |
|
146 |
<input type="checkbox" name="yubikey_enable" onclick="if ( $(this).attr('checked') ) $('#yk_useroptions').show('blind'); else $('#yk_useroptions').hide('blind');" <?php echo $enable_checked; ?> /> |
|
147 |
<?php echo $lang->get('yubiucp_field_enable'); ?> |
|
148 |
</label> |
|
149 |
</td> |
|
150 |
</tr> |
|
151 |
</table> |
|
152 |
<table border="0" cellpadding="4" width="100%" id="yk_useroptions" style="display: <?php echo $displaytable ?>;"> |
|
153 |
<tr class="yk_alt1"> |
|
154 |
<td style="width: 50%; text-align: right;"> |
|
155 |
<?php echo $lang->get('yubiucp_field_keys_title'); ?><br /> |
|
156 |
<small><?php |
|
157 |
echo $lang->get('yubiucp_field_keys_hint'); |
|
158 |
if ( $count_enabled > 1 ) |
|
159 |
{ |
|
160 |
echo ' '; |
|
161 |
echo $lang->get('yubiucp_field_keys_maximum', array('max' => $count_enabled)); |
|
162 |
} |
|
163 |
?></small> |
|
164 |
</td> |
|
165 |
<td style="width: 50%;"> |
|
166 |
<?php |
|
167 |
for ( $i = 0; $i < $count_enabled; $i++ ) |
|
168 |
{ |
|
169 |
echo '<p>' . generate_yubikey_field('yubikey_otp_' . $i, $keys[$i]) . '</p>'; |
|
170 |
} |
|
171 |
?> |
|
172 |
</td> |
|
173 |
</tr> |
|
174 |
<tr> |
|
175 |
<td style="width: 50%; text-align: right;"> |
|
176 |
<?php echo $lang->get('yubiucp_field_normal_flags'); ?> |
|
177 |
</td> |
|
178 |
<td> |
|
179 |
<label> |
|
180 |
<input type="radio" name="login_normal_flags" value="0" <?php echo $check_normal_keyonly; ?>/> |
|
181 |
<?php echo $lang->get('yubiucp_field_flags_keyonly'); ?> |
|
182 |
</label> |
|
183 |
||
184 |
<br /> |
|
185 |
||
186 |
<label> |
|
187 |
<input type="radio" name="login_normal_flags" value="<?php echo strval(YK_SEC_NORMAL_USERNAME); ?>" <?php echo $check_normal_username; ?>/> |
|
188 |
<?php echo $lang->get('yubiucp_field_flags_username'); ?> |
|
189 |
</label> |
|
190 |
||
191 |
<br /> |
|
192 |
||
193 |
<label> |
|
194 |
<input type="radio" name="login_normal_flags" value="<?php echo strval(YK_SEC_NORMAL_USERNAME | YK_SEC_NORMAL_PASSWORD); ?>" <?php echo $check_normal_userandpw; ?>/> |
|
195 |
<?php echo $lang->get('yubiucp_field_flags_userandpw'); ?> |
|
196 |
</label> |
|
197 |
</td> |
|
198 |
</tr> |
|
199 |
<tr class="yk_alt1"> |
|
200 |
<td style="width: 50%; text-align: right;"> |
|
201 |
<?php echo $lang->get('yubiucp_field_elev_flags'); ?> |
|
202 |
</td> |
|
203 |
<td> |
|
204 |
<label> |
|
205 |
<input type="radio" name="login_elev_flags" value="0" <?php echo $check_elev_keyonly; ?>/> |
|
206 |
<?php echo $lang->get('yubiucp_field_flags_keyonly'); ?> |
|
207 |
</label> |
|
208 |
||
209 |
<br /> |
|
210 |
||
211 |
<label> |
|
212 |
<input type="radio" name="login_elev_flags" value="<?php echo strval(YK_SEC_ELEV_USERNAME); ?>" <?php echo $check_elev_username; ?>/> |
|
213 |
<?php echo $lang->get('yubiucp_field_flags_username'); ?> |
|
214 |
</label> |
|
215 |
||
216 |
<br /> |
|
217 |
||
218 |
<label> |
|
219 |
<input type="radio" name="login_elev_flags" value="<?php echo strval(YK_SEC_ELEV_USERNAME | YK_SEC_ELEV_PASSWORD); ?>" <?php echo $check_elev_userandpw; ?>/> |
|
220 |
<?php echo $lang->get('yubiucp_field_flags_userandpw'); ?> |
|
221 |
</label> |
|
222 |
</td> |
|
223 |
</tr> |
|
224 |
<tr> |
|
225 |
<td> |
|
226 |
</td> |
|
227 |
<td> |
|
228 |
<label> |
|
229 |
<input type="checkbox" name="allow_no_yubikey" <?php if ( $yubi_flags & YK_SEC_ALLOW_NO_OTP ) echo 'checked="checked" '; ?>/> |
|
230 |
<?php echo $lang->get('yubiucp_field_allow_plain_login'); ?> |
|
231 |
</label> |
|
232 |
<br /> |
|
233 |
<small> |
|
234 |
<?php echo $lang->get('yubiucp_field_allow_plain_login_hint'); ?> |
|
235 |
</small> |
|
236 |
</td> |
|
237 |
</tr> |
|
238 |
</table> |
|
239 |
<table border="0" cellpadding="4" width="100%"> |
|
240 |
<tr class="yk_alt1"> |
|
241 |
<td colspan="2" style="text-align: center;"> |
|
242 |
<input type="submit" name="submit" value="<?php echo $lang->get('etc_save_changes'); ?>" /> |
|
243 |
</td> |
|
244 |
</tr> |
|
245 |
</table> |
|
246 |
</div> |
|
247 |
||
248 |
<input type="hidden" name="cstok" value="<?php echo $session->csrf_token; ?>" /> |
|
249 |
||
250 |
</form> |
|
251 |
<?php |
|
252 |
||
253 |
return true; |
|
254 |
} |
|
255 |
||
256 |
function yubikey_inject_html_login() |
|
257 |
{ |
|
258 |
global $lang; |
|
259 |
?> |
|
260 |
<tr> |
|
261 |
<td class="row2"> |
|
262 |
<?php echo $lang->get('yubiauth_lbl_otp_field'); ?> |
|
263 |
</td> |
|
264 |
<td class="row1" colspan="2"> |
|
265 |
<input type="text" size="40" class="yubikey_noscript" name="yubikey_otp" /> |
|
266 |
</td> |
|
267 |
</tr> |
|
268 |
<?php |
|
269 |
} |
|
270 |