2009-08-28 13:15:21 +02:00
|
|
|
<?php
|
|
|
|
require_once 'ykval-common.php';
|
|
|
|
require_once 'ykval-config.php';
|
|
|
|
require_once 'Auth/Yubico.php';
|
|
|
|
|
|
|
|
header("content-type: text/plain");
|
|
|
|
|
|
|
|
debug("Request: " . $_SERVER['QUERY_STRING']);
|
|
|
|
|
|
|
|
$conn = mysql_connect($baseParams['__YKGAK_DB_HOST__'],
|
|
|
|
$baseParams['__YKGAK_DB_USER__'],
|
|
|
|
$baseParams['__YKGAK_DB_PW__']);
|
|
|
|
if (!$conn) {
|
|
|
|
logdie("code=connecterror");
|
|
|
|
}
|
|
|
|
if (!mysql_select_db($baseParams['__YKGAK_DB_NAME__'], $conn)) {
|
|
|
|
logdie("code=selecterror");
|
|
|
|
}
|
|
|
|
|
|
|
|
$email = $_REQUEST["email"];
|
|
|
|
$otp = $_REQUEST["otp"];
|
|
|
|
if (!$email || !$otp || !(strpos($email . $otp, " ") === FALSE)) {
|
|
|
|
logdie("code=noparam");
|
|
|
|
}
|
|
|
|
|
|
|
|
$yubi = &new Auth_Yubico($baseParams['__YKGAK_ID__'],
|
|
|
|
$baseParams['__YKGAK_KEY__']);
|
|
|
|
$auth = $yubi->verify($otp);
|
|
|
|
if (PEAR::isError($auth)) {
|
|
|
|
logdie("code=badotp\nstatus=" . $auth->getMessage());
|
|
|
|
}
|
|
|
|
|
|
|
|
$sqlid = mysql_real_escape_string($email . " " . $yubikey);
|
|
|
|
|
|
|
|
$fh = fopen("/dev/urandom", "r")
|
|
|
|
or logdie ("code=openerror");
|
|
|
|
$rnd = fread ($fh, 20)
|
|
|
|
or logdie ("code=readerror");
|
|
|
|
fclose ($fh);
|
|
|
|
$b64rnd = base64_encode ($rnd);
|
|
|
|
|
|
|
|
$query = "SELECT MAX(id) FROM clients";
|
2009-08-28 13:32:35 +02:00
|
|
|
$result = mysql_query($query, $conn);
|
|
|
|
if (!$result) {
|
2009-08-28 13:29:48 +02:00
|
|
|
debug("SQL query error: " . mysql_error());
|
|
|
|
logdie("code=maxiderror");
|
|
|
|
}
|
2009-08-28 16:30:04 +02:00
|
|
|
$id = mysql_fetch_row ($result);
|
2009-08-28 13:15:21 +02:00
|
|
|
mysql_free_result($result);
|
2009-08-28 16:30:04 +02:00
|
|
|
$id = $id[0] + 1;
|
2009-08-28 13:15:21 +02:00
|
|
|
|
2009-08-28 13:25:25 +02:00
|
|
|
$query = "INSERT INTO clients (id, created, email, otp, secret) " .
|
2009-08-28 16:30:04 +02:00
|
|
|
"VALUES (\"$id\", NOW(), " . mysql_quote($email) . ", " .
|
2009-08-28 13:25:25 +02:00
|
|
|
mysql_quote($otp) . ", " . "\"$b64rnd\")";
|
|
|
|
if (!mysql_query($query, $conn)) {
|
|
|
|
debug("SQL query error: " . mysql_error());
|
|
|
|
logdie("code=inserterror");
|
|
|
|
}
|
2009-08-28 13:15:21 +02:00
|
|
|
|
|
|
|
mysql_close($conn);
|
|
|
|
|
2009-08-28 16:30:04 +02:00
|
|
|
debug("Successfully added client ID $id");
|
|
|
|
echo "code=ok\nid=$id\nkey=$b64rnd\n";
|
2009-08-28 13:15:21 +02:00
|
|
|
?>
|