rooty/yubikey-val
1
0
Fork 0
mirror of https://github.com/Yubico/yubikey-val.git synced 2024-11-29 09:24:12 +01:00
Code Issues Projects Releases Wiki Activity

Don't put secret in log. Use new OTP database field for OTPs.

Browse Source
This commit is contained in:
Simon Josefsson 2009-08-28 11:25:25 +00:00
parent cdda50f0d2
commit c36812ea89
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
ykval-getapikey.php
View File

@ -46,13 +46,16 @@ $max = mysql_fetch_row ($result);
mysql_free_result($result);
$max = $max[0] + 1;
$query = "INSERT INTO clients (id, created, email, notes, secret) " .
$query = "INSERT INTO clients (id, created, email, otp, secret) " .
"VALUES (\"$max\", NOW(), " . mysql_quote($email) . ", " .
mysql_quote("OTP " . $otp) . ", " . "\"$b64rnd\")";
query($conn, $query)
or logdie("code=inserterror");
mysql_quote($otp) . ", " . "\"$b64rnd\")";
if (!mysql_query($query, $conn)) {
debug("SQL query error: " . mysql_error());
logdie("code=inserterror");
}
mysql_close($conn);
logdie("code=ok\nmax=$max\nkey=$b64rnd");
debug("Successfully added client ID $max");
echo "code=ok\nmax=$max\nkey=$b64rnd\n";
?>