Mercurial Mercurial > repos > yubikey / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
plugins/yubikey/auth.php
changeset 17 e04c0f64e972
parent 5 2114640729a5
child 25 2e7ccbdfdc0a
equal deleted inserted replaced
16:3163b9f58ae8 17:e04c0f64e972 
    73       // we're ok, use normal password auth
 
    73       // we're ok, use normal password auth
 
    74       return null;
 
    74       return null;
 
    75     }
 
    75     }
 
    76     else
 
    76     else
 
    77     {
 
    77     {
 
    78       // user did enter an OTP
 
    78       // user did enter an OTP; make sure it's associated with the username
 
       
    79       $yubi_uid = $db->escape(substr($userdata['yubikey_otp'], 0, 12));
 
       
    80       $q = $db->sql_query('SELECT 1 FROM ' . table_prefix . 'yubikey WHERE yubi_uid = \'' . $yubi_uid . '\';');
 
       
    81       if ( !$q )
 
       
    82         $db->die_json();
 
       
    83       if ( $db->numrows() < 1 )
 
       
    84       {
 
       
    85         $db->free_result();
 
       
    86         return array(
 
       
    87             'mode' => 'error',
 
       
    88             'error' => 'yubiauth_err_key_not_authorized'
 
       
    89           );
 
       
    90       }
 
       
    91       $db->free_result();
 
    79       $do_validate_otp = true;
 
    92       $do_validate_otp = true;
 
    80     }
 
    93     }
 
    81   }
 
    94   }
 
    82   else if ( !empty($userdata['yubikey_otp']) )
 
    95   else if ( !empty($userdata['yubikey_otp']) )
 
    83   {
 
    96   {
 
   132     {
 
   145     {
 
   133       if ( !$do_validate_pass )
 
   146       if ( !$do_validate_pass )
 
   134         $session->sql('INSERT INTO ' . table_prefix . "logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES\n"
 
   147         $session->sql('INSERT INTO ' . table_prefix . "logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES\n"
 
   135                    . '  (\'security\', \'' . $auth_log_prefix . 'auth_bad\', '.time().', \''.enano_date('d M Y h:i a').'\', \'(Yubikey)\', '
 
   148                    . '  (\'security\', \'' . $auth_log_prefix . 'auth_bad\', '.time().', \''.enano_date('d M Y h:i a').'\', \'(Yubikey)\', '
 
   136                       . '\''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')');
 
   149                       . '\''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')');
 
       
   150       
       
   151       if ( $otp_check['error'] === 'http_failed' )
 
       
   152       {
 
       
   153         return array(
 
       
   154             'mode' => 'error',
 
       
   155             'error' => 'yubiauth_err_' . $otp_check['error'],
 
       
   156             'http_error' => $otp_check['http_error']
 
       
   157           );
 
       
   158       }
 
   137       return array(
 
   159       return array(
 
   138           'mode' => 'error',
 
   160           'mode' => 'error',
 
   139           'error' => 'yubiauth_err_' . $otp_check['error']
 
   161           'error' => 'yubiauth_err_' . $otp_check['error']
 
   140         );
 
   162         );
 
   141     }
 
   163     }
Yubikey support