diff -r d109af008343 -r 6212d849ab08 yubikey/usercp.php --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/yubikey/usercp.php Fri Jun 30 17:49:12 2017 -0400 @@ -0,0 +1,385 @@ +attachHook("userprefs_jbox", "yubikey_ucp_setup();"); +$plugins->attachHook("userprefs_body", "return yubikey_user_cp(\$section);"); +$plugins->attachHook("login_form_html", "yubikey_inject_html_login();"); +$plugins->attachHook("ucp_register_form", "yubikey_inject_registration_form();"); +$plugins->attachHook("ucp_register_validate", "yubikey_register_validate(\$error);"); +$plugins->attachHook("user_registered", "yubikey_register_insert_key(\$user_id);"); + +function yubikey_ucp_setup() +{ + userprefs_menu_add('usercp_sec_profile', 'yubiucp_panel_title', makeUrlNS('Special', 'Preferences/Yubikey') . '" onclick="ajaxLoginNavTo(\'Special\', \'Preferences/Yubikey\', '.USER_LEVEL_CHPREF.'); return false;'); +} + +function yubikey_user_cp($section) +{ + global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; + + if ( $section !== 'Yubikey' ) + return false; + + if ( $session->auth_level < USER_LEVEL_CHPREF ) + { + redirect(makeUrlNS('Special', 'Login/' . $paths->fullpage, 'level=' . USER_LEVEL_CHPREF, true), 'Authentication required', 'You need to re-authenticate to access this page.', 0); + } + + $count_enabled = intval(getConfig('yubikey_enroll_limit', '3')); + + if ( isset($_POST['submit']) ) + { + csrf_request_confirm(); + + $keys = array(); + if ( isset($_POST['yubikey_enable']) ) + { + for ( $i = 0; $i < $count_enabled; $i++ ) + { + if ( !empty($_POST["yubikey_otp_$i"]) ) + { + $ckey =& $_POST["yubikey_otp_$i"]; + if ( preg_match('/^[cbdefghijklnrtuv]{12,44}$/', $ckey) ) + { + $ckey = substr($ckey, 0, 12); + $keys[] = $ckey; + } + unset($ckey); + } + } + } + // Check for double enrollment + $keys_check = "yubi_uid = '" . implode("' OR yubi_uid = '", $keys) . "'"; + $q = $db->sql_query('SELECT yubi_uid FROM ' . table_prefix . "yubikey WHERE ( $keys_check ) AND user_id != {$session->user_id};"); + if ( !$q ) + $db->_die(); + + if ( $db->numrows() > 0 ) + { + echo '
' . $lang->get('yubiucp_msg_save_body') . '
'; + // not much choice here, i'm resorting to javascript because the user CP always + // sends headers :-/ + echo ''; + return true; + } + } + else + { + // Fetch flags + $q = $db->sql_query('SELECT user_yubikey_flags FROM ' . table_prefix . "users WHERE user_id = {$session->user_id};"); + if ( !$q ) + $db->_die(); + + list($yubi_flags) = $db->fetchrow_num(); + $yubi_flags = intval($yubi_flags); + // Fetch user's authorized keys from the DB + $q = $db->sql_query('SELECT yubi_uid FROM ' . table_prefix . "yubikey WHERE user_id = {$session->user_id};"); + if ( !$q ) + $db->_die(); + + $keys = array(); + while ( $row = $db->fetchrow() ) + { + $keys[] = $row['yubi_uid']; + } + $db->free_result(); + } + + while ( count($keys) < $count_enabled ) + { + $keys[] = false; + } + + $enable_checked = ( $keys[0] === false && !isset($_POST['yubikey_enable']) ) ? '' : 'checked="checked"'; + $displaytable = ( $keys[0] === false && !isset($_POST['yubikey_enable']) ) ? 'none' : 'block'; + + $check_normal_keyonly = ( !($yubi_flags & YK_SEC_NORMAL_USERNAME) && !($yubi_flags & YK_SEC_NORMAL_PASSWORD) ) ? 'checked="checked" ' : ''; + $check_normal_username = ( ($yubi_flags & YK_SEC_NORMAL_USERNAME) && !($yubi_flags & YK_SEC_NORMAL_PASSWORD) ) ? 'checked="checked" ' : ''; + $check_normal_userandpw = ( ($yubi_flags & YK_SEC_NORMAL_USERNAME) && ($yubi_flags & YK_SEC_NORMAL_PASSWORD) ) ? 'checked="checked" ' : ''; + + $check_elev_keyonly = ( !($yubi_flags & YK_SEC_ELEV_USERNAME) && !($yubi_flags & YK_SEC_ELEV_PASSWORD) ) ? 'checked="checked" ' : ''; + $check_elev_username = ( ($yubi_flags & YK_SEC_ELEV_USERNAME) && !($yubi_flags & YK_SEC_ELEV_PASSWORD) ) ? 'checked="checked" ' : ''; + $check_elev_userandpw = ( ($yubi_flags & YK_SEC_ELEV_USERNAME) && ($yubi_flags & YK_SEC_ELEV_PASSWORD) ) ? 'checked="checked" ' : ''; + + ?> +