Mercurial Mercurial > repos > yubikey / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
plugins/yubikey/auth.php
changeset 34 6e947fa21237
parent 33 1303cf9c594c
child 37 5e946a3f405b
equal deleted inserted replaced
33:1303cf9c594c 34:6e947fa21237 
   117     
   117     
   118     if ( $db->numrows() < 1 )
 
   118     if ( $db->numrows() < 1 )
 
   119     {
 
   119     {
 
   120       if ( !$do_validate_pass )
 
   120       if ( !$do_validate_pass )
 
   121         $session->sql('INSERT INTO ' . table_prefix . "logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES\n"
 
   121         $session->sql('INSERT INTO ' . table_prefix . "logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES\n"
 
   122                    . '  (\'security\', \'' . $auth_log_prefix . 'auth_bad\', '.time().', \''.enano_date('d M Y h:i a').'\', \'(Yubikey)\', '
 
   122                    . '  (\'security\', \'' . $auth_log_prefix . 'auth_bad\', '.time().', \'DEPRECATED\', \'(Yubikey)\', '
 
   123                       . '\''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')');
 
   123                       . '\''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')');
 
   124       
   124       
   125       return array(
 
   125       return array(
 
   126           'mode' => 'error',
 
   126           'mode' => 'error',
 
   127           'error' => 'yubiauth_err_key_not_authorized'
 
   127           'error' => 'yubiauth_err_key_not_authorized'
 
   130     
   130     
   131     list($user_id, $username, $flags) = $db->fetchrow_num();
 
   131     list($user_id, $username, $flags) = $db->fetchrow_num();
 
   132     $do_validate_otp = true;
 
   132     $do_validate_otp = true;
 
   133     $do_validate_user = $flags & $user_flag;
 
   133     $do_validate_user = $flags & $user_flag;
 
   134     $do_validate_pass = $flags & $pass_flag;
 
   134     $do_validate_pass = $flags & $pass_flag;
 
       
   135     // to complete security logs later
 
       
   136     $userdata['username'] = $username;
 
   135   }
 
   137   }
 
   136   else
 
   138   else
 
   137   {
 
   139   {
 
   138     // Nothing - no username or OTP. This request can't be used; throw it out.
 
   140     // Nothing - no username or OTP. This request can't be used; throw it out.
 
   139     return array(
 
   141     return array(
 
   147     $otp_check = yubikey_validate_otp($userdata['yubikey_otp']);
 
   149     $otp_check = yubikey_validate_otp($userdata['yubikey_otp']);
 
   148     if ( !$otp_check['success'] )
 
   150     if ( !$otp_check['success'] )
 
   149     {
 
   151     {
 
   150       if ( !$do_validate_pass )
 
   152       if ( !$do_validate_pass )
 
   151         $session->sql('INSERT INTO ' . table_prefix . "logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES\n"
 
   153         $session->sql('INSERT INTO ' . table_prefix . "logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES\n"
 
   152                    . '  (\'security\', \'' . $auth_log_prefix . 'auth_bad\', '.time().', \''.enano_date('d M Y h:i a').'\', \'(Yubikey)\', '
 
   154                    . '  (\'security\', \'' . $auth_log_prefix . 'auth_bad\', '.time().', \'DEPRECATED\', \'(Yubikey)\', '
 
   153                       . '\''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')');
 
   155                       . '\''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')');
 
   154       
   156       
   155       if ( $otp_check['error'] === 'http_failed' )
 
   157       if ( $otp_check['error'] === 'http_failed' )
 
   156       {
 
   158       {
 
   157         return array(
 
   159         return array(
 
   178     if ( strtolower($username) !== strtolower($userdata['username']) )
 
   180     if ( strtolower($username) !== strtolower($userdata['username']) )
 
   179     {
 
   181     {
 
   180       // Username incorrect
 
   182       // Username incorrect
 
   181       if ( !$do_validate_pass )
 
   183       if ( !$do_validate_pass )
 
   182         $session->sql('INSERT INTO ' . table_prefix . "logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES\n"
 
   184         $session->sql('INSERT INTO ' . table_prefix . "logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES\n"
 
   183                    . '  (\'security\', \'' . $auth_log_prefix . 'auth_bad\', '.time().', \''.enano_date('d M Y h:i a').'\', \'(Yubikey)\', '
 
   185                    . '  (\'security\', \'' . $auth_log_prefix . 'auth_bad\', '.time().', \'DEPRECATED\', \'(Yubikey)\', '
 
   184                       . '\''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')');
 
   186                       . '\''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')');
 
   185       return array(
 
   187       return array(
 
   186           'mode' => 'error',
 
   188           'mode' => 'error',
 
   187           'error' => 'invalid_credentials'
 
   189           'error' => 'invalid_credentials'
 
   188         );
 
   190         );
 
   203   }
 
   205   }
 
   204   else
 
   206   else
 
   205   {
 
   207   {
 
   206     // No password required; validated, issue session key
 
   208     // No password required; validated, issue session key
 
   207     $session->sql('INSERT INTO ' . table_prefix . "logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES\n"
 
   209     $session->sql('INSERT INTO ' . table_prefix . "logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES\n"
 
   208                    . '  (\'security\', \'' . $auth_log_prefix . 'auth_good\', '.time().', \''.enano_date('d M Y h:i a').'\', \'' . $db->escape($userdata['username']) . '\', '
 
   210                    . '  (\'security\', \'' . $auth_log_prefix . 'auth_good\', '.time().', \'DEPRECATED\', \'' . $db->escape($userdata['username']) . '\', '
 
   209                       . '\''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')');
 
   211                       . '\''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')');
 
   210         
   212         
   211     $q = $db->sql_query('SELECT password FROM ' . table_prefix . "users WHERE user_id = $user_id;");
 
   213     $q = $db->sql_query('SELECT password FROM ' . table_prefix . "users WHERE user_id = $user_id;");
 
   212     if ( !$q )
 
   214     if ( !$q )
 
   213       $db->_die();
 
   215       $db->_die();
 
   214     
   216     
   215     list($password) = $db->fetchrow_num();
 
   217     list($password) = $db->fetchrow_num();
 
   216     $db->free_result();
 
   218     $db->free_result();
 
   217     
   219     
   218     $session->register_session($user_id, $userdata['username'], $password, $level, $remember);
 
   220     $session->register_session($user_id, $userdata['username'], $password, intval($level), $remember);
 
   219     return true;
 
   221     return true;
 
   220   }
 
   222   }
 
   221 }
 
   223 }
 
   222 
   224 
   223 function yubikey_add_special_pages()
 
   225 function yubikey_add_special_pages()
Yubikey support