diff -r 65965da01c41 -r 748fa1b80031 plugins/yubikey/corelib.php --- a/plugins/yubikey/corelib.php Mon Mar 02 10:56:51 2009 -0500 +++ b/plugins/yubikey/corelib.php Sun Mar 08 00:45:45 2009 -0500 @@ -126,9 +126,19 @@ } if ( $response['status'] === 'OK' ) { - return array( - 'success' => true - ); + if ( yubikey_verify_timestamp($response['t']) ) + { + return array( + 'success' => true + ); + } + else + { + return array( + 'success' => false, + 'error' => 'timestamp_check_failed' + ); + } } else { @@ -168,16 +178,56 @@ return $sig; } +/** + * Validate the timestamp returned in a Yubico API response. Borrowed from Drupal and backported for friendliness with earlier versions of PHP. + * @param string Yubico timestamp + * @return bool True if valid, false otherwise + */ + +function yubikey_verify_timestamp($timestamp) +{ + $tolerance = intval(getConfig('yubikey_api_ts_tolerance', 150)); + + $now = time(); + $timestamp_seconds = strtotime(substr($timestamp, 0, -4)); + + if ( !$timestamp || !$now ) + { + return false; + } + + if ( ( $timestamp_seconds + $tolerance ) > $now && ( $timestamp_seconds - $tolerance ) < $now ) + { + return true; + } + + return false; +} + + $plugins->attachHook('compile_template', 'yubikey_attach_headers($this);'); function yubikey_attach_headers(&$template) { + global $db, $session, $paths, $template, $plugins; // Common objects + if ( getConfig('yubikey_enable', '1') != '1' ) return true; $template->add_header(''); $template->add_header(''); // config option for all users have yubikey - $template->add_header(''); + $user_flags = 0; + if ( $session->user_logged_in ) + { + $q = $db->sql_query('SELECT COUNT(yubi_uid) > 0 FROM ' . table_prefix . "yubikey WHERE user_id = {$session->user_id};"); + if ( !$q ) + $db->_die(); + + list($user_flags) = $db->fetchrow_num(); + $db->free_result(); + } + + $template->add_header(''); }