1
0
mirror of https://github.com/Yubico/yubikey-val.git synced 2025-01-20 01:52:15 +01:00
yubikey-val/ykval-getapikey.php
2009-08-28 14:30:04 +00:00

65 lines
1.7 KiB
PHP

<?php
require_once 'ykval-common.php';
require_once 'ykval-config.php';
require_once 'Auth/Yubico.php';
header("content-type: text/plain");
debug("Request: " . $_SERVER['QUERY_STRING']);
$conn = mysql_connect($baseParams['__YKGAK_DB_HOST__'],
$baseParams['__YKGAK_DB_USER__'],
$baseParams['__YKGAK_DB_PW__']);
if (!$conn) {
logdie("code=connecterror");
}
if (!mysql_select_db($baseParams['__YKGAK_DB_NAME__'], $conn)) {
logdie("code=selecterror");
}
$email = $_REQUEST["email"];
$otp = $_REQUEST["otp"];
if (!$email || !$otp || !(strpos($email . $otp, " ") === FALSE)) {
logdie("code=noparam");
}
$yubi = &new Auth_Yubico($baseParams['__YKGAK_ID__'],
$baseParams['__YKGAK_KEY__']);
$auth = $yubi->verify($otp);
if (PEAR::isError($auth)) {
logdie("code=badotp\nstatus=" . $auth->getMessage());
}
$sqlid = mysql_real_escape_string($email . " " . $yubikey);
$fh = fopen("/dev/urandom", "r")
or logdie ("code=openerror");
$rnd = fread ($fh, 20)
or logdie ("code=readerror");
fclose ($fh);
$b64rnd = base64_encode ($rnd);
$query = "SELECT MAX(id) FROM clients";
$result = mysql_query($query, $conn);
if (!$result) {
debug("SQL query error: " . mysql_error());
logdie("code=maxiderror");
}
$id = mysql_fetch_row ($result);
mysql_free_result($result);
$id = $id[0] + 1;
$query = "INSERT INTO clients (id, created, email, otp, secret) " .
"VALUES (\"$id\", NOW(), " . mysql_quote($email) . ", " .
mysql_quote($otp) . ", " . "\"$b64rnd\")";
if (!mysql_query($query, $conn)) {
debug("SQL query error: " . mysql_error());
logdie("code=inserterror");
}
mysql_close($conn);
debug("Successfully added client ID $id");
echo "code=ok\nid=$id\nkey=$b64rnd\n";
?>