rooty/yubikey-val
1
0
Fork 0
mirror of https://github.com/Yubico/yubikey-val.git synced 2025-02-01 01:52:18 +01:00
Code Issues Projects Releases Wiki Activity

Always check signatures.

Browse Source
This commit is contained in:
Simon Josefsson 2009-03-18 15:05:59 +00:00
parent 2071c0a5a0
commit 1a9d30108e
2 changed files with 2 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
common.php
View File

@ -140,7 +140,7 @@ function getAuthData($conn, $devId) {
// $clientId: The decimal client identity // $clientId: The decimal client identity
function getClientData($conn, $clientId) { function getClientData($conn, $clientId) {
$stmt = 'SELECT id, secret, chk_sig, chk_owner, chk_time'. $stmt = 'SELECT id, secret, chk_time'.
' FROM clients WHERE active AND id='.mysql_quote($clientId); ' FROM clients WHERE active AND id='.mysql_quote($clientId);
$r = query($conn, $stmt); $r = query($conn, $stmt);
if (mysql_num_rows($r) > 0) { if (mysql_num_rows($r) > 0) {

6
verify.php
View File

@ -46,11 +46,7 @@ debug($cd);
// //
$apiKey = base64_decode($cd['secret']); $apiKey = base64_decode($cd['secret']);
if ($cd['chk_sig'] && $h == '') { if ($h != '') {
debug('Signature missing');
sendResp(S_MISSING_PARAMETER);
exit;
} else if ($cd['chk_sig'] || $h != '') {
// Create the signature using the API key // Create the signature using the API key
$a = array (); $a = array ();
$a['id'] = $client; $a['id'] = $client;