equal
deleted
inserted
replaced
79 } |
79 } |
80 else |
80 else |
81 { |
81 { |
82 // user did enter an OTP; make sure it's associated with the username |
82 // user did enter an OTP; make sure it's associated with the username |
83 $yubi_uid = $db->escape(substr($userdata['yubikey_otp'], 0, 12)); |
83 $yubi_uid = $db->escape(substr($userdata['yubikey_otp'], 0, 12)); |
84 $q = $db->sql_query('SELECT 1 FROM ' . table_prefix . 'yubikey WHERE yubi_uid = \'' . $yubi_uid . '\';'); |
84 $q = $db->sql_query('SELECT user_id FROM ' . table_prefix . 'yubikey WHERE yubi_uid = \'' . $yubi_uid . '\';'); |
85 if ( !$q ) |
85 if ( !$q ) |
86 $db->die_json(); |
86 $db->die_json(); |
87 if ( $db->numrows() < 1 ) |
87 if ( $db->numrows() < 1 ) |
88 { |
88 { |
89 $db->free_result(); |
89 $db->free_result(); |
90 return array( |
90 return array( |
91 'mode' => 'error', |
91 'mode' => 'error', |
92 'error' => 'yubiauth_err_key_not_authorized' |
92 'error' => 'yubiauth_err_key_not_authorized' |
|
93 ); |
|
94 } |
|
95 list($yubi_pair_uid) = $db->fetchrow_num(); |
|
96 if ( $yubi_pair_uid !== $user_id ) |
|
97 { |
|
98 return array( |
|
99 'mode' => 'error', |
|
100 'error' => 'yubiauth_err_uid_mismatch' |
93 ); |
101 ); |
94 } |
102 } |
95 $db->free_result(); |
103 $db->free_result(); |
96 $do_validate_otp = true; |
104 $do_validate_otp = true; |
97 } |
105 } |
127 'error' => 'yubiauth_err_key_not_authorized' |
135 'error' => 'yubiauth_err_key_not_authorized' |
128 ); |
136 ); |
129 } |
137 } |
130 |
138 |
131 list($user_id, $username, $flags) = $db->fetchrow_num(); |
139 list($user_id, $username, $flags) = $db->fetchrow_num(); |
|
140 |
|
141 if ( $level > USER_LEVEL_MEMBER ) |
|
142 { |
|
143 $session->start(); |
|
144 if ( $session->user_logged_in && ($session->user_id !== $user_id) ) |
|
145 { |
|
146 return array( |
|
147 'mode' => 'error', |
|
148 'error' => 'yubiauth_err_uid_mismatch' |
|
149 ); |
|
150 } |
|
151 } |
|
152 |
132 $do_validate_otp = true; |
153 $do_validate_otp = true; |
133 $do_validate_user = $flags & $user_flag; |
154 $do_validate_user = $flags & $user_flag; |
134 $do_validate_pass = $flags & $pass_flag; |
155 $do_validate_pass = $flags & $pass_flag; |
135 // to complete security logs later |
156 // to complete security logs later |
136 $userdata['username'] = $username; |
157 $userdata['username'] = $username; |
141 return array( |
162 return array( |
142 'mode' => 'error', |
163 'mode' => 'error', |
143 'error' => 'yubiauth_err_nothing_provided' |
164 'error' => 'yubiauth_err_nothing_provided' |
144 ); |
165 ); |
145 } |
166 } |
|
167 |
146 if ( $do_validate_otp ) |
168 if ( $do_validate_otp ) |
147 { |
169 { |
148 // We need to validate the OTP. |
170 // We need to validate the OTP. |
149 $otp_check = yubikey_validate_otp($userdata['yubikey_otp']); |
171 $otp_check = yubikey_validate_otp($userdata['yubikey_otp']); |
150 if ( !$otp_check['success'] ) |
172 if ( !$otp_check['success'] ) |