1
0
mirror of https://github.com/Yubico/yubikey-val.git synced 2024-12-01 15:24:16 +01:00
yubikey-val/ykval-getapikey.php

65 lines
1.7 KiB
PHP
Raw Normal View History

<?php
require_once 'ykval-common.php';
require_once 'ykval-config.php';
require_once 'Auth/Yubico.php';
header("content-type: text/plain");
debug("Request: " . $_SERVER['QUERY_STRING']);
$conn = mysql_connect($baseParams['__YKGAK_DB_HOST__'],
$baseParams['__YKGAK_DB_USER__'],
$baseParams['__YKGAK_DB_PW__']);
if (!$conn) {
logdie("code=connecterror");
}
if (!mysql_select_db($baseParams['__YKGAK_DB_NAME__'], $conn)) {
logdie("code=selecterror");
}
$email = $_REQUEST["email"];
$otp = $_REQUEST["otp"];
if (!$email || !$otp || !(strpos($email . $otp, " ") === FALSE)) {
logdie("code=noparam");
}
$yubi = &new Auth_Yubico($baseParams['__YKGAK_ID__'],
$baseParams['__YKGAK_KEY__']);
$auth = $yubi->verify($otp);
if (PEAR::isError($auth)) {
logdie("code=badotp\nstatus=" . $auth->getMessage());
}
$sqlid = mysql_real_escape_string($email . " " . $yubikey);
$fh = fopen("/dev/urandom", "r")
or logdie ("code=openerror");
$rnd = fread ($fh, 20)
or logdie ("code=readerror");
fclose ($fh);
$b64rnd = base64_encode ($rnd);
$query = "SELECT MAX(id) FROM clients";
2009-08-28 13:32:35 +02:00
$result = mysql_query($query, $conn);
if (!$result) {
2009-08-28 13:29:48 +02:00
debug("SQL query error: " . mysql_error());
logdie("code=maxiderror");
}
2009-08-28 16:30:04 +02:00
$id = mysql_fetch_row ($result);
mysql_free_result($result);
2009-08-28 16:30:04 +02:00
$id = $id[0] + 1;
$query = "INSERT INTO clients (id, created, email, otp, secret) " .
2009-08-28 16:30:04 +02:00
"VALUES (\"$id\", NOW(), " . mysql_quote($email) . ", " .
mysql_quote($otp) . ", " . "\"$b64rnd\")";
if (!mysql_query($query, $conn)) {
debug("SQL query error: " . mysql_error());
logdie("code=inserterror");
}
mysql_close($conn);
2009-08-28 16:30:04 +02:00
debug("Successfully added client ID $id");
echo "code=ok\nid=$id\nkey=$b64rnd\n";
?>