1 <?php |
1 <?php |
2 |
2 |
3 if ( getConfig('yubikey_enable', '1') != '1' ) |
3 if ( getConfig('yubikey_enable', '1') != '1' ) |
4 return true; |
4 return true; |
5 |
5 |
6 // hook into auth |
6 // hook into auth |
7 $plugins->attachHook('login_process_userdata_json', 'return yubikey_auth_hook_json($userinfo, $req["level"], @$req["remember"]);'); |
7 $plugins->attachHook('login_process_userdata_json', 'return yubikey_auth_hook_json($userinfo, $req["level"], @$req["remember"]);'); |
8 // hook into special page init |
8 // hook into special page init |
9 $plugins->attachHook('session_started', 'yubikey_add_special_pages();'); |
9 $plugins->attachHook('session_started', 'yubikey_add_special_pages();'); |
10 // session key security |
10 // session key security |
11 $plugins->attachHook('session_key_calc', 'yubikey_sk_calc($user_id, $key_pieces, $sk_mode);'); |
11 $plugins->attachHook('session_key_calc', 'yubikey_sk_calc($user_id, $key_pieces, $sk_mode);'); |
12 |
12 |
13 function yubikey_auth_hook_json(&$userdata, $level, $remember) |
13 function yubikey_auth_hook_json(&$userdata, $level, $remember) |
14 { |
14 { |
15 global $db, $session, $paths, $template, $plugins; // Common objects |
15 global $db, $session, $paths, $template, $plugins; // Common objects |
16 global $lang; |
16 global $lang; |
17 |
17 |
18 $do_validate_otp = false; |
18 $do_validate_otp = false; |
19 $do_validate_user = false; |
19 $do_validate_user = false; |
20 $do_validate_pass = false; |
20 $do_validate_pass = false; |
21 |
21 |
22 $user_flag = ( $level >= USER_LEVEL_CHPREF ) ? YK_SEC_ELEV_USERNAME : YK_SEC_NORMAL_USERNAME; |
22 $user_flag = ( $level >= USER_LEVEL_CHPREF ) ? YK_SEC_ELEV_USERNAME : YK_SEC_NORMAL_USERNAME; |
23 $pass_flag = ( $level >= USER_LEVEL_CHPREF ) ? YK_SEC_ELEV_PASSWORD : YK_SEC_NORMAL_PASSWORD; |
23 $pass_flag = ( $level >= USER_LEVEL_CHPREF ) ? YK_SEC_ELEV_PASSWORD : YK_SEC_NORMAL_PASSWORD; |
24 |
24 |
25 $auth_log_prefix = ( $level >= USER_LEVEL_CHPREF ) ? 'admin_' : ''; |
25 $auth_log_prefix = ( $level >= USER_LEVEL_CHPREF ) ? 'admin_' : ''; |
26 |
26 |
27 // Sort of a hack: if the password looks like an OTP and the OTP field is empty, use the password as the OTP |
27 // Sort of a hack: if the password looks like an OTP and the OTP field is empty, use the password as the OTP |
28 if ( empty($userdata['yubikey_otp']) && preg_match('/^[cbdefghijklnrtuv]{44}$/', $userdata['password'] ) ) |
28 if ( empty($userdata['yubikey_otp']) && preg_match('/^[cbdefghijklnrtuv]{44}$/', $userdata['password'] ) ) |
29 { |
29 { |
30 $userdata['yubikey_otp'] = $userdata['password']; |
30 $userdata['yubikey_otp'] = $userdata['password']; |
31 } |
31 } |
32 |
32 |
33 // Lockouts removed from here - they're done during preprocessing now. |
33 // Lockouts removed from here - they're done during preprocessing now. |
34 |
34 |
35 if ( !empty($userdata['username']) ) |
35 if ( !empty($userdata['username']) ) |
36 { |
36 { |
37 // get flags |
37 // get flags |
38 $q = $db->sql_query('SELECT user_id, user_yubikey_flags FROM ' . table_prefix . "users WHERE " . ENANO_SQLFUNC_LOWERCASE . "(username) = '" . $db->escape(strtolower($userdata['username'])) . "';"); |
38 $q = $db->sql_query('SELECT user_id, user_yubikey_flags FROM ' . table_prefix . "users WHERE " . ENANO_SQLFUNC_LOWERCASE . "(username) = '" . $db->escape(strtolower($userdata['username'])) . "';"); |
39 if ( !$q ) |
39 if ( !$q ) |
40 $db->die_json(); |
40 $db->die_json(); |
41 |
41 |
42 if ( $db->numrows() < 1 ) |
42 if ( $db->numrows() < 1 ) |
43 { |
43 { |
44 // Username not found - let the main login function handle it |
44 // Username not found - let the main login function handle it |
45 $db->free_result(); |
45 $db->free_result(); |
46 return null; |
46 return null; |
47 } |
47 } |
48 list($user_id, $flags) = $db->fetchrow_num(); |
48 list($user_id, $flags) = $db->fetchrow_num(); |
49 $flags = intval($flags); |
49 $flags = intval($flags); |
50 // At the point the username is validated. |
50 // At the point the username is validated. |
51 $do_validate_user = false; |
51 $do_validate_user = false; |
52 $do_validate_pass = $flags & $pass_flag; |
52 $do_validate_pass = $flags & $pass_flag; |
53 if ( empty($userdata['yubikey_otp']) ) |
53 if ( empty($userdata['yubikey_otp']) ) |
54 { |
54 { |
55 // no OTP was provided |
55 // no OTP was provided |
56 // make sure the user has allowed logging in with no OTP |
56 // make sure the user has allowed logging in with no OTP |
57 if ( !($flags & YK_SEC_ALLOW_NO_OTP) ) |
57 if ( !($flags & YK_SEC_ALLOW_NO_OTP) ) |
58 { |
58 { |
59 // We also might have no Yubikeys enrolled. |
59 // We also might have no Yubikeys enrolled. |
60 $q = $db->sql_query('SELECT 1 FROM ' . table_prefix . "yubikey WHERE user_id = $user_id;"); |
60 $q = $db->sql_query('SELECT 1 FROM ' . table_prefix . "yubikey WHERE user_id = $user_id;"); |
61 if ( !$q ) |
61 if ( !$q ) |
62 $db->die_json(); |
62 $db->die_json(); |
63 |
63 |
64 if ( $db->numrows() > 0 ) |
64 if ( $db->numrows() > 0 ) |
65 { |
65 { |
66 // Yep at least one key is enrolled. |
66 // Yep at least one key is enrolled. |
67 // I don't think these should be logged because they'll usually just be innocent mistakes. |
67 // I don't think these should be logged because they'll usually just be innocent mistakes. |
68 $db->free_result(); |
68 $db->free_result(); |
69 return array( |
69 return array( |
70 'mode' => 'error', |
70 'mode' => 'error', |
71 'error' => 'yubiauth_err_must_have_otp' |
71 'error' => 'yubiauth_err_must_have_otp' |
72 ); |
72 ); |
73 } |
73 } |
74 // Nope, no keys enrolled, user hasn't enabled Yubikey support |
74 // Nope, no keys enrolled, user hasn't enabled Yubikey support |
75 $db->free_result(); |
75 $db->free_result(); |
76 } |
76 } |
77 // we're ok, use normal password auth |
77 // we're ok, use normal password auth |
78 return null; |
78 return null; |
79 } |
79 } |
80 else |
80 else |
81 { |
81 { |
82 // user did enter an OTP; make sure it's associated with the username |
82 // user did enter an OTP; make sure it's associated with the username |
83 $yubi_uid = $db->escape(substr($userdata['yubikey_otp'], 0, 12)); |
83 $yubi_uid = $db->escape(substr($userdata['yubikey_otp'], 0, 12)); |
84 $q = $db->sql_query('SELECT 1 FROM ' . table_prefix . 'yubikey WHERE yubi_uid = \'' . $yubi_uid . '\';'); |
84 $q = $db->sql_query('SELECT 1 FROM ' . table_prefix . 'yubikey WHERE yubi_uid = \'' . $yubi_uid . '\';'); |
85 if ( !$q ) |
85 if ( !$q ) |
86 $db->die_json(); |
86 $db->die_json(); |
87 if ( $db->numrows() < 1 ) |
87 if ( $db->numrows() < 1 ) |
88 { |
88 { |
89 $db->free_result(); |
89 $db->free_result(); |
90 return array( |
90 return array( |
91 'mode' => 'error', |
91 'mode' => 'error', |
92 'error' => 'yubiauth_err_key_not_authorized' |
92 'error' => 'yubiauth_err_key_not_authorized' |
93 ); |
93 ); |
94 } |
94 } |
95 $db->free_result(); |
95 $db->free_result(); |
96 $do_validate_otp = true; |
96 $do_validate_otp = true; |
97 } |
97 } |
98 } |
98 } |
99 else if ( !empty($userdata['yubikey_otp']) ) |
99 else if ( !empty($userdata['yubikey_otp']) ) |
100 { |
100 { |
101 // we have an OTP, but no username to work with |
101 // we have an OTP, but no username to work with |
102 $yubi_uid = substr($userdata['yubikey_otp'], 0, 12); |
102 $yubi_uid = substr($userdata['yubikey_otp'], 0, 12); |
103 if ( !preg_match('/^[cbdefghijklnrtuv]{12}$/', $yubi_uid ) ) |
103 if ( !preg_match('/^[cbdefghijklnrtuv]{12}$/', $yubi_uid ) ) |
104 { |
104 { |
105 return array( |
105 return array( |
106 'mode' => 'error', |
106 'mode' => 'error', |
107 'error' => 'yubiauth_err_invalid_otp' |
107 'error' => 'yubiauth_err_invalid_otp' |
108 ); |
108 ); |
109 } |
109 } |
110 $q = $db->sql_query('SELECT u.user_id, u.username, u.user_yubikey_flags FROM ' . table_prefix . "users AS u\n" |
110 $q = $db->sql_query('SELECT u.user_id, u.username, u.user_yubikey_flags FROM ' . table_prefix . "users AS u\n" |
111 . " LEFT JOIN " . table_prefix . "yubikey AS y\n" |
111 . " LEFT JOIN " . table_prefix . "yubikey AS y\n" |
112 . " ON ( y.user_id = u.user_id )\n" |
112 . " ON ( y.user_id = u.user_id )\n" |
113 . " WHERE y.yubi_uid = '$yubi_uid'\n" |
113 . " WHERE y.yubi_uid = '$yubi_uid'\n" |
114 . " GROUP BY u.user_yubikey_flags;"); |
114 . " GROUP BY u.user_yubikey_flags;"); |
115 if ( !$q ) |
115 if ( !$q ) |
116 $db->_die(); |
116 $db->_die(); |
117 |
117 |
118 if ( $db->numrows() < 1 ) |
118 if ( $db->numrows() < 1 ) |
119 { |
119 { |
120 if ( !$do_validate_pass ) |
120 if ( !$do_validate_pass ) |
121 $session->sql('INSERT INTO ' . table_prefix . "logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES\n" |
121 $session->sql('INSERT INTO ' . table_prefix . "logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES\n" |
122 . ' (\'security\', \'' . $auth_log_prefix . 'auth_bad\', '.time().', \'DEPRECATED\', \'(Yubikey)\', ' |
122 . ' (\'security\', \'' . $auth_log_prefix . 'auth_bad\', '.time().', \'DEPRECATED\', \'(Yubikey)\', ' |
123 . '\''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')'); |
123 . '\''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')'); |
124 |
124 |
125 return array( |
125 return array( |
126 'mode' => 'error', |
126 'mode' => 'error', |
127 'error' => 'yubiauth_err_key_not_authorized' |
127 'error' => 'yubiauth_err_key_not_authorized' |
128 ); |
128 ); |
129 } |
129 } |
130 |
130 |
131 list($user_id, $username, $flags) = $db->fetchrow_num(); |
131 list($user_id, $username, $flags) = $db->fetchrow_num(); |
132 $do_validate_otp = true; |
132 $do_validate_otp = true; |
133 $do_validate_user = $flags & $user_flag; |
133 $do_validate_user = $flags & $user_flag; |
134 $do_validate_pass = $flags & $pass_flag; |
134 $do_validate_pass = $flags & $pass_flag; |
135 // to complete security logs later |
135 // to complete security logs later |
136 $userdata['username'] = $username; |
136 $userdata['username'] = $username; |
137 } |
137 } |
138 else |
138 else |
139 { |
139 { |
140 // Nothing - no username or OTP. This request can't be used; throw it out. |
140 // Nothing - no username or OTP. This request can't be used; throw it out. |
141 return array( |
141 return array( |
142 'mode' => 'error', |
142 'mode' => 'error', |
143 'error' => 'yubiauth_err_nothing_provided' |
143 'error' => 'yubiauth_err_nothing_provided' |
144 ); |
144 ); |
145 } |
145 } |
146 if ( $do_validate_otp ) |
146 if ( $do_validate_otp ) |
147 { |
147 { |
148 // We need to validate the OTP. |
148 // We need to validate the OTP. |
149 $otp_check = yubikey_validate_otp($userdata['yubikey_otp']); |
149 $otp_check = yubikey_validate_otp($userdata['yubikey_otp']); |
150 if ( !$otp_check['success'] ) |
150 if ( !$otp_check['success'] ) |
151 { |
151 { |
152 if ( !$do_validate_pass ) |
152 if ( !$do_validate_pass ) |
153 $session->sql('INSERT INTO ' . table_prefix . "logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES\n" |
153 $session->sql('INSERT INTO ' . table_prefix . "logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES\n" |
154 . ' (\'security\', \'' . $auth_log_prefix . 'auth_bad\', '.time().', \'DEPRECATED\', \'(Yubikey)\', ' |
154 . ' (\'security\', \'' . $auth_log_prefix . 'auth_bad\', '.time().', \'DEPRECATED\', \'(Yubikey)\', ' |
155 . '\''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')'); |
155 . '\''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')'); |
156 |
156 |
157 if ( $otp_check['error'] === 'http_failed' ) |
157 if ( $otp_check['error'] === 'http_failed' ) |
158 { |
158 { |
159 return array( |
159 return array( |
160 'mode' => 'error', |
160 'mode' => 'error', |
161 'error' => 'yubiauth_err_' . $otp_check['error'], |
161 'error' => 'yubiauth_err_' . $otp_check['error'], |
162 'http_error' => $otp_check['http_error'] |
162 'http_error' => $otp_check['http_error'] |
163 ); |
163 ); |
164 } |
164 } |
165 return array( |
165 return array( |
166 'mode' => 'error', |
166 'mode' => 'error', |
167 'error' => 'yubiauth_err_' . $otp_check['error'] |
167 'error' => 'yubiauth_err_' . $otp_check['error'] |
168 ); |
168 ); |
169 } |
169 } |
170 } |
170 } |
171 if ( $do_validate_user ) |
171 if ( $do_validate_user ) |
172 { |
172 { |
173 if ( empty($username) ) |
173 if ( empty($username) ) |
174 { |
174 { |
175 return array( |
175 return array( |
176 'mode' => 'error', |
176 'mode' => 'error', |
177 'error' => 'yubiauth_err_must_have_username' |
177 'error' => 'yubiauth_err_must_have_username' |
178 ); |
178 ); |
179 } |
179 } |
180 if ( strtolower($username) !== strtolower($userdata['username']) ) |
180 if ( strtolower($username) !== strtolower($userdata['username']) ) |
181 { |
181 { |
182 // Username incorrect |
182 // Username incorrect |
183 if ( !$do_validate_pass ) |
183 if ( !$do_validate_pass ) |
184 $session->sql('INSERT INTO ' . table_prefix . "logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES\n" |
184 $session->sql('INSERT INTO ' . table_prefix . "logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES\n" |
185 . ' (\'security\', \'' . $auth_log_prefix . 'auth_bad\', '.time().', \'DEPRECATED\', \'(Yubikey)\', ' |
185 . ' (\'security\', \'' . $auth_log_prefix . 'auth_bad\', '.time().', \'DEPRECATED\', \'(Yubikey)\', ' |
186 . '\''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')'); |
186 . '\''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')'); |
187 return array( |
187 return array( |
188 'mode' => 'error', |
188 'mode' => 'error', |
189 'error' => 'invalid_credentials' |
189 'error' => 'invalid_credentials' |
190 ); |
190 ); |
191 } |
191 } |
192 } |
192 } |
193 // Do we need to have the password validated? |
193 // Do we need to have the password validated? |
194 if ( $do_validate_pass ) |
194 if ( $do_validate_pass ) |
195 { |
195 { |
196 if ( empty($userdata['password']) ) |
196 if ( empty($userdata['password']) ) |
197 { |
197 { |
198 return array( |
198 return array( |
199 'mode' => 'error', |
199 'mode' => 'error', |
200 'error' => 'yubiauth_err_must_have_password' |
200 'error' => 'yubiauth_err_must_have_password' |
201 ); |
201 ); |
202 } |
202 } |
203 // Yes; return and let the login API continue |
203 // Yes; return and let the login API continue |
204 return null; |
204 return null; |
205 } |
205 } |
206 else |
206 else |
207 { |
207 { |
208 // No password required; validated, issue session key |
208 // No password required; validated, issue session key |
209 $session->sql('INSERT INTO ' . table_prefix . "logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES\n" |
209 $session->sql('INSERT INTO ' . table_prefix . "logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES\n" |
210 . ' (\'security\', \'' . $auth_log_prefix . 'auth_good\', '.time().', \'DEPRECATED\', \'' . $db->escape($userdata['username']) . '\', ' |
210 . ' (\'security\', \'' . $auth_log_prefix . 'auth_good\', '.time().', \'DEPRECATED\', \'' . $db->escape($userdata['username']) . '\', ' |
211 . '\''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')'); |
211 . '\''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')'); |
212 |
212 |
213 $q = $db->sql_query('SELECT password FROM ' . table_prefix . "users WHERE user_id = $user_id;"); |
213 $q = $db->sql_query('SELECT password FROM ' . table_prefix . "users WHERE user_id = $user_id;"); |
214 if ( !$q ) |
214 if ( !$q ) |
215 $db->_die(); |
215 $db->_die(); |
216 |
216 |
217 list($password) = $db->fetchrow_num(); |
217 list($password) = $db->fetchrow_num(); |
218 $db->free_result(); |
218 $db->free_result(); |
219 |
219 |
220 $session->register_session($user_id, $userdata['username'], $password, intval($level), $remember); |
220 $session->register_session($user_id, $userdata['username'], $password, intval($level), $remember); |
221 return true; |
221 return true; |
222 } |
222 } |
223 } |
223 } |
224 |
224 |
225 function yubikey_add_special_pages() |
225 function yubikey_add_special_pages() |
226 { |
226 { |
227 global $db, $session, $paths, $template, $plugins; // Common objects |
227 global $db, $session, $paths, $template, $plugins; // Common objects |
228 global $lang; |
228 global $lang; |
229 |
229 |
230 if ( getConfig('yubikey_enable', '1') != '1' ) |
230 if ( getConfig('yubikey_enable', '1') != '1' ) |
231 return true; |
231 return true; |
232 |
232 |
233 $paths->add_page(array( |
233 $paths->add_page(array( |
234 'name' => $lang->get('yubiauth_specialpage_yubikey'), |
234 'name' => $lang->get('yubiauth_specialpage_yubikey'), |
235 'urlname' => 'Yubikey', |
235 'urlname' => 'Yubikey', |
236 'namespace' => 'Special', |
236 'namespace' => 'Special', |
237 'visible' => 0, 'protected' => 0, 'comments_on' => 0, 'special' => 0 |
237 'visible' => 0, 'protected' => 0, 'comments_on' => 0, 'special' => 0 |
238 )); |
238 )); |
239 } |
239 } |
240 |
240 |
241 function yubikey_sk_calc($user_id, &$key_pieces, &$sk_mode) |
241 function yubikey_sk_calc($user_id, &$key_pieces, &$sk_mode) |
242 { |
242 { |
243 global $db, $session, $paths, $template, $plugins; // Common objects |
243 global $db, $session, $paths, $template, $plugins; // Common objects |
244 // hash the user's yubikeys |
244 // hash the user's yubikeys |
245 $q = $db->sql_query('SELECT yubi_uid FROM ' . table_prefix . "yubikey WHERE user_id = $user_id;"); |
245 $q = $db->sql_query('SELECT yubi_uid FROM ' . table_prefix . "yubikey WHERE user_id = $user_id;"); |
246 if ( !$q ) |
246 if ( !$q ) |
247 $db->_die(); |
247 $db->_die(); |
248 |
248 |
249 while ( $row = $db->fetchrow() ) |
249 while ( $row = $db->fetchrow() ) |
250 { |
250 { |
251 $key_pieces[] = $row['yubi_uid']; |
251 $key_pieces[] = $row['yubi_uid']; |
252 } |
252 } |
253 } |
253 } |
254 |
254 |
255 function page_Special_Yubikey() |
255 function page_Special_Yubikey() |
256 { |
256 { |
257 global $db, $session, $paths, $template, $plugins; // Common objects |
257 global $db, $session, $paths, $template, $plugins; // Common objects |
258 |
258 |
259 header('Content-type: text/javascript'); |
259 header('Content-type: text/javascript'); |
260 /* |
260 /* |
261 if ( isset($_GET['validate_otp']) ) |
261 if ( isset($_GET['validate_otp']) ) |
262 { |
262 { |
263 echo enano_json_encode(yubikey_validate_otp($_GET['validate_otp'])); |
263 echo enano_json_encode(yubikey_validate_otp($_GET['validate_otp'])); |
264 return true; |
264 return true; |
265 } |
265 } |
266 */ |
266 */ |
267 if ( isset($_GET['get_flags']) || isset($_POST['get_flags']) ) |
267 if ( isset($_GET['get_flags']) || isset($_POST['get_flags']) ) |
268 { |
268 { |
269 $yubi_uid = substr($_REQUEST['get_flags'], 0, 12); |
269 $yubi_uid = substr($_REQUEST['get_flags'], 0, 12); |
270 if ( !preg_match('/^[cbdefghijklnrtuv]{12}$/', $yubi_uid) ) |
270 if ( !preg_match('/^[cbdefghijklnrtuv]{12}$/', $yubi_uid) ) |
271 { |
271 { |
272 return print enano_json_encode(array( |
272 return print enano_json_encode(array( |
273 'mode' => 'error', |
273 'mode' => 'error', |
274 'error' => 'invalid_otp' |
274 'error' => 'invalid_otp' |
275 )); |
275 )); |
276 } |
276 } |
277 $q = $db->sql_query('SELECT u.user_yubikey_flags FROM ' . table_prefix . "users AS u\n" |
277 $q = $db->sql_query('SELECT u.user_yubikey_flags FROM ' . table_prefix . "users AS u\n" |
278 . " LEFT JOIN " . table_prefix . "yubikey AS y\n" |
278 . " LEFT JOIN " . table_prefix . "yubikey AS y\n" |
279 . " ON ( y.user_id = u.user_id )\n" |
279 . " ON ( y.user_id = u.user_id )\n" |
280 . " WHERE y.yubi_uid = '$yubi_uid'\n" |
280 . " WHERE y.yubi_uid = '$yubi_uid'\n" |
281 . " GROUP BY u.user_yubikey_flags;"); |
281 . " GROUP BY u.user_yubikey_flags;"); |
282 if ( !$q ) |
282 if ( !$q ) |
283 $db->_die(); |
283 $db->_die(); |
284 |
284 |
285 if ( $db->numrows() < 1 ) |
285 if ( $db->numrows() < 1 ) |
286 { |
286 { |
287 return print enano_json_encode(array( |
287 return print enano_json_encode(array( |
288 'mode' => 'error', |
288 'mode' => 'error', |
289 'error' => 'key_not_authorized' |
289 'error' => 'key_not_authorized' |
290 )); |
290 )); |
291 } |
291 } |
292 |
292 |
293 list($flags) = $db->fetchrow_num(); |
293 list($flags) = $db->fetchrow_num(); |
294 |
294 |
295 echo enano_json_encode(array( |
295 echo enano_json_encode(array( |
296 // We strip YK_SEC_ALLOW_NO_OTP here for security reasons. |
296 // We strip YK_SEC_ALLOW_NO_OTP here for security reasons. |
297 'flags' => intval($flags & ~YK_SEC_ALLOW_NO_OTP) |
297 'flags' => intval($flags & ~YK_SEC_ALLOW_NO_OTP) |
298 )); |
298 )); |
299 |
299 |
300 return true; |
300 return true; |
301 } |
301 } |
302 } |
302 } |
303 |
303 |