projects
/
Pman.Core
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
DataObjects/Core_person.php
[Pman.Core]
/
DataObjects
/
Core_person.php
diff --git
a/DataObjects/Core_person.php
b/DataObjects/Core_person.php
index
88e6ab8
..
629edd6
100644
(file)
--- a/
DataObjects/Core_person.php
+++ b/
DataObjects/Core_person.php
@@
-291,12
+291,12
@@
class Pman_Core_DataObjects_Core_person extends DB_DataObject
}
}
- // local auth -
- $default_admin = false;
- if (!empty($ff->Pman['local_autoauth']) &&
- ($ff->Pman['local_autoauth'] === true) &&
- (!empty($_SERVER['SERVER_ADDR'])) &&
- (
+ $auto_auth_allow = false;
+ if (!empty($ff->Pman['local_autoauth']) && $ff->Pman['local_autoauth'] === true) {
+ $auto_auth_allow = true;
+ }
+ if (
+ (!empty($_SERVER['SERVER_ADDR'])) &&
(
$_SERVER['SERVER_ADDR'] == '127.0.0.1' &&
$_SERVER['REMOTE_ADDR'] == '127.0.0.1'
(
$_SERVER['SERVER_ADDR'] == '127.0.0.1' &&
$_SERVER['REMOTE_ADDR'] == '127.0.0.1'
@@
-306,8
+306,19
@@
class Pman_Core_DataObjects_Core_person extends DB_DataObject
$_SERVER['SERVER_ADDR'] == '::1' &&
$_SERVER['REMOTE_ADDR'] == '::1'
)
$_SERVER['SERVER_ADDR'] == '::1' &&
$_SERVER['REMOTE_ADDR'] == '::1'
)
- )
- ) {
+
+ ){
+ $auto_auth_allow = true;
+ }
+
+
+ if (empty($_SERVER['PATH_INFO']) || $_SERVER['PATH_INFO'] == '/Login') {
+ $auto_auth_allow = false;
+ }
+
+ // local auth -
+ $default_admin = false;
+ if ($auto_auth_allow) {
$group = DB_DataObject::factory('core_group');
$group->get('name', 'Administrators');
$group = DB_DataObject::factory('core_group');
$group->get('name', 'Administrators');
@@
-329,7
+340,8
@@
class Pman_Core_DataObjects_Core_person extends DB_DataObject
$u = DB_DataObject::factory($this->tableName());
$ff = HTML_FlexyFramework::get();
$u = DB_DataObject::factory($this->tableName());
$ff = HTML_FlexyFramework::get();
- if (!empty($ff->Pman['local_autoauth']) &&
+ if (!empty($ff->Pman['local_autoauth']) &&
+ ($ff->Pman['local_autoauth'] === true) &&
(!empty($_SERVER['SERVER_ADDR'])) &&
(
(
(!empty($_SERVER['SERVER_ADDR'])) &&
(
(
@@
-520,8
+532,9
@@
class Pman_Core_DataObjects_Core_person extends DB_DataObject
function checkTwoFactorAuthentication($val)
{
function checkTwoFactorAuthentication($val)
{
- // also used in login
+
+ // also used in login
require_once 'System.php';
if(
require_once 'System.php';
if(
@@
-537,7
+550,7
@@
class Pman_Core_DataObjects_Core_person extends DB_DataObject
return false;
}
return false;
}
- $cmd = "{$oathtool} --totp --base32
{$this->oath_key}"
;
+ $cmd = "{$oathtool} --totp --base32
" . escapeshellarg($this->oath_key)
;
$password = exec($cmd);
$password = exec($cmd);
@@
-672,9
+685,11
@@
class Pman_Core_DataObjects_Core_person extends DB_DataObject
$aur['oath_key'] = '';
$aur['oath_key_enable'] = !empty($this->oath_key);
$aur['oath_key'] = '';
$aur['oath_key_enable'] = !empty($this->oath_key);
+ $aur['require_oath'] = 1;
$s = DB_DataObject::Factory('core_setting');
$s = DB_DataObject::Factory('core_setting');
- $aur['disable_oath'] = (bool) $s->lookup('core', 'two_factor_authentication') ? 1 : 0;
+ $oath_require = $s->lookup('core', 'two_factor_authentication_requirement');
+ $aur['require_oath'] = $oath_require ? $oath_require->val : 0;
return $aur;
}
return $aur;
}
@@
-767,7
+782,6
@@
class Pman_Core_DataObjects_Core_person extends DB_DataObject
{
//DB_DataObject::DebugLevel(1);
if(!empty($q['_to_qr_code'])){
{
//DB_DataObject::DebugLevel(1);
if(!empty($q['_to_qr_code'])){
-
$person = DB_DataObject::factory('Core_person');
$person->id = $q['id'];
$person = DB_DataObject::factory('Core_person');
$person->id = $q['id'];
@@
-778,9
+792,11
@@
class Pman_Core_DataObjects_Core_person extends DB_DataObject
$hash = $this->generateOathKey();
$_SESSION[__CLASS__] =
$hash = $this->generateOathKey();
$_SESSION[__CLASS__] =
- isset($_SESSION[__CLASS__]) ? $_SESSION[__CLASS__] : array();
+ isset($_SESSION[__CLASS__]) ?
+ $_SESSION[__CLASS__] : array();
$_SESSION[__CLASS__]['oath'] =
$_SESSION[__CLASS__]['oath'] =
- isset($_SESSION[__CLASS__]['oath']) ? $_SESSION[__CLASS__]['oath'] : array();
+ isset($_SESSION[__CLASS__]['oath']) ?
+ $_SESSION[__CLASS__]['oath'] : array();
$_SESSION[__CLASS__]['oath'][$person->id] = $hash;
$_SESSION[__CLASS__]['oath'][$person->id] = $hash;
@@
-794,7
+810,6
@@
class Pman_Core_DataObjects_Core_person extends DB_DataObject
}
if(!empty($q['two_factor_auth_code'])) {
}
if(!empty($q['two_factor_auth_code'])) {
-
$person = DB_DataObject::factory('core_person');
$person->get($q['id']);
$o = clone($person);
$person = DB_DataObject::factory('core_person');
$person->get($q['id']);
$o = clone($person);
@@
-810,7
+825,6
@@
class Pman_Core_DataObjects_Core_person extends DB_DataObject
}
if(!empty($q['oath_key_disable'])) {
}
if(!empty($q['oath_key_disable'])) {
-
$person = DB_DataObject::factory('core_person');
$person->get($q['id']);
$person = DB_DataObject::factory('core_person');
$person->get($q['id']);