1
0
mirror of https://github.com/Yubico/yubikey-val.git synced 2024-12-01 15:24:16 +01:00

Don't put secret in log. Use new OTP database field for OTPs.

This commit is contained in:
Simon Josefsson 2009-08-28 11:25:25 +00:00
parent cdda50f0d2
commit c36812ea89

View File

@ -46,13 +46,16 @@ $max = mysql_fetch_row ($result);
mysql_free_result($result); mysql_free_result($result);
$max = $max[0] + 1; $max = $max[0] + 1;
$query = "INSERT INTO clients (id, created, email, notes, secret) " . $query = "INSERT INTO clients (id, created, email, otp, secret) " .
"VALUES (\"$max\", NOW(), " . mysql_quote($email) . ", " . "VALUES (\"$max\", NOW(), " . mysql_quote($email) . ", " .
mysql_quote("OTP " . $otp) . ", " . "\"$b64rnd\")"; mysql_quote($otp) . ", " . "\"$b64rnd\")";
query($conn, $query) if (!mysql_query($query, $conn)) {
or logdie("code=inserterror"); debug("SQL query error: " . mysql_error());
logdie("code=inserterror");
}
mysql_close($conn); mysql_close($conn);
logdie("code=ok\nmax=$max\nkey=$b64rnd"); debug("Successfully added client ID $max");
echo "code=ok\nmax=$max\nkey=$b64rnd\n";
?> ?>