From c36812ea891711ee087cc6a4fd5cdf53da241b6e Mon Sep 17 00:00:00 2001
From: Simon Josefsson <simon@josefsson.org>
Date: Fri, 28 Aug 2009 11:25:25 +0000
Subject: [PATCH] Don't put secret in log.  Use new OTP database field for
 OTPs.

---
 ykval-getapikey.php | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/ykval-getapikey.php b/ykval-getapikey.php
index 2b9d5c4..6db140d 100644
--- a/ykval-getapikey.php
+++ b/ykval-getapikey.php
@@ -46,13 +46,16 @@ $max = mysql_fetch_row ($result);
 mysql_free_result($result);
 $max = $max[0] + 1;
 
-$query = "INSERT INTO clients (id, created, email, notes, secret) " .
+$query = "INSERT INTO clients (id, created, email, otp, secret) " .
   "VALUES (\"$max\", NOW(), " . mysql_quote($email) . ", " .
-  mysql_quote("OTP " . $otp) . ", " . "\"$b64rnd\")";
-query($conn, $query)
-  or logdie("code=inserterror");
+  mysql_quote($otp) . ", " . "\"$b64rnd\")";
+if (!mysql_query($query, $conn)) {
+  debug("SQL query error: " . mysql_error());
+  logdie("code=inserterror");
+}
 
 mysql_close($conn);
 
-logdie("code=ok\nmax=$max\nkey=$b64rnd");
+debug("Successfully added client ID $max");
+echo "code=ok\nmax=$max\nkey=$b64rnd\n";
 ?>