Mercurial Mercurial > repos > yubikey / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
plugins/yubikey/corelib.php
changeset 10 748fa1b80031
parent 9 65965da01c41
child 16 3163b9f58ae8
equal deleted inserted replaced
9:65965da01c41 10:748fa1b80031 
   124         );
 
   124         );
 
   125     }
 
   125     }
 
   126   }
 
   126   }
 
   127   if ( $response['status'] === 'OK' )
 
   127   if ( $response['status'] === 'OK' )
 
   128   {
 
   128   {
 
   129     return array(
 
   129     if ( yubikey_verify_timestamp($response['t']) )
 
   130         'success' => true
 
   130     {
 
   131       );
 
   131       return array(
 
       
   132           'success' => true
 
       
   133         );
 
       
   134     }
 
       
   135     else
 
       
   136     {
 
       
   137       return array(
 
       
   138           'success' => false,
 
       
   139           'error' => 'timestamp_check_failed'
 
       
   140         );
 
       
   141     }
 
   132   }
 
   142   }
 
   133   else
 
   143   else
 
   134   {
 
   144   {
 
   135     return array(
 
   145     return array(
 
   136         'success' => false,
 
   146         'success' => false,
 
   166   $sig = base64_encode($sig);
 
   176   $sig = base64_encode($sig);
 
   167   
   177   
   168   return $sig;
 
   178   return $sig;
 
   169 }
 
   179 }
 
   170 
   180 
       
   181 /**
 
       
   182  * Validate the timestamp returned in a Yubico API response. Borrowed from Drupal and backported for friendliness with earlier versions of PHP.
 
       
   183  * @param string Yubico timestamp
 
       
   184  * @return bool True if valid, false otherwise
 
       
   185  */
 
       
   186 
       
   187 function yubikey_verify_timestamp($timestamp)
 
       
   188 {
 
       
   189   $tolerance = intval(getConfig('yubikey_api_ts_tolerance', 150));
 
       
   190   
       
   191   $now = time();
 
       
   192   $timestamp_seconds = strtotime(substr($timestamp, 0, -4));
 
       
   193 
       
   194   if ( !$timestamp || !$now )
 
       
   195   {
 
       
   196     return false;
 
       
   197   }
 
       
   198 
       
   199   if ( ( $timestamp_seconds + $tolerance ) > $now && ( $timestamp_seconds - $tolerance ) < $now )
 
       
   200   {
 
       
   201     return true;
 
       
   202   }
 
       
   203 
       
   204   return false;
 
       
   205 }
 
       
   206 
       
   207 
   171 $plugins->attachHook('compile_template', 'yubikey_attach_headers($this);');
 
   208 $plugins->attachHook('compile_template', 'yubikey_attach_headers($this);');
 
   172 
   209 
   173 function yubikey_attach_headers(&$template)
 
   210 function yubikey_attach_headers(&$template)
 
   174 {
 
   211 {
 
       
   212   global $db, $session, $paths, $template, $plugins; // Common objects
 
       
   213   
   175   if ( getConfig('yubikey_enable', '1') != '1' )
 
   214   if ( getConfig('yubikey_enable', '1') != '1' )
 
   176     return true;
 
   215     return true;
 
   177   
   216   
   178   $template->add_header('<script type="text/javascript" src="' . scriptPath . '/plugins/yubikey/yubikey.js"></script>');
 
   217   $template->add_header('<script type="text/javascript" src="' . scriptPath . '/plugins/yubikey/yubikey.js"></script>');
 
   179   $template->add_header('<link rel="stylesheet" type="text/css" href="' . scriptPath . '/plugins/yubikey/yubikey.css" />');
 
   218   $template->add_header('<link rel="stylesheet" type="text/css" href="' . scriptPath . '/plugins/yubikey/yubikey.css" />');
 
   180   // config option for all users have yubikey
 
   219   // config option for all users have yubikey
 
   181   $template->add_header('<script type="text/javascript">var yk_reg_require_otp = ' . getConfig('yubikey_reg_require_otp', '0') . '</script>');
 
   220   $user_flags = 0;
 
   182 }
 
   221   if ( $session->user_logged_in )
 
   183 
   222   {
 
       
   223     $q = $db->sql_query('SELECT COUNT(yubi_uid) > 0 FROM ' . table_prefix . "yubikey WHERE user_id = {$session->user_id};");
 
       
   224     if ( !$q )
 
       
   225       $db->_die();
 
       
   226     
       
   227     list($user_flags) = $db->fetchrow_num();
 
       
   228     $db->free_result();
 
       
   229   }
 
       
   230   
       
   231   $template->add_header('<script type="text/javascript">var yk_reg_require_otp = ' . getConfig('yubikey_reg_require_otp', '0') . '; var yk_user_enabled = ' . $user_flags . ';</script>');
 
       
   232 }
 
       
   233
Yubikey support