Restore responding BAD_OTP if YubiKey is disabled.

It seems that we might get into problems if responding OK - the other
sync client validation server would think we approved of the OTP.

ykval-sync.php

@@ -116,15 +116,6 @@ if (!$localParams) {
   exit;
  }
 
-if ($localParams['active'] != 1) {
-  /* The remote server has accepted an OTP from a YubiKey which we would not. We update our
-   * counters
-   */
-  $myLog->log(LOG_WARNING, 'Received sync-request for de-activated Yubikey ' . $yk_publicname .
-	      ' - check database synchronization!!!');
-}
-
-
 /* Conditional update local database */
 $sync->updateDbCounters($syncParams);
 
@@ -169,7 +160,15 @@ if ($sync->countersEqual($localParams, $syncParams)) {
   }
  }
 
-
+if ($localParams['active'] != 1) {
+  /* The remote server has accepted an OTP from a YubiKey which we would not.
+   * We still needed to update our counters with the counters from the OTP though.
+   */
+  $myLog->log(LOG_WARNING, 'Received sync-request for de-activated Yubikey ' . $yk_publicname .
+	      ' - check database synchronization!!!');
+  sendResp(S_BAD_OTP, $apiKey);
+  exit;
+}
 
 $extra=array('modified'=>$localParams['modified'],
 	     'nonce'=>$localParams['nonce'],