exit;
}
+ if(!empty($_REQUEST['check_owner_company'])) {
+ $core_company = DB_DataObject::factory('core_company');
+ $core_company->comptype = 'OWNER';
+ $this->jok($core_company->count());
+ }
+
// might be an idea to disable this?!?
if (!empty($_REQUEST['username'])) {
$this->post();
$this->switchPublicUser($_REQUEST['loginPublic']);
}
-
$this->jerr("INVALID REQUEST");
exit;
}
function logout()
{
$ff = class_exists('HTML_FlexyFramework2') ? HTML_FlexyFramework2::get() : HTML_FlexyFramework::get();
- //DB_DAtaObject::debugLevel(1);
+
+ //DB_DAtaObject::debugLevel(1);
$u = $this->getAuthUser();
//print_r($u);
if ($u) {
$tbl = empty($ff->Pman['authTable']) ? 'core_person' : $ff->Pman['authTable'];
$u = DB_DataObject::factory($tbl);
+ $s = DB_DataObject::Factory('core_setting');
if (!$u->isAuth()) {
-
- $this->jok(array('id' => 0)); // not logged in..
- exit;
+ $this->jok(array(
+ 'id' => 0,
+ 'disable_oath' => (bool) $s->lookup('core', 'two_factor_authentication') ? 1 : 0
+ )); // not logged in..
+ exit;
}
//die("got here?");
$au = $u->getAuthUser();
}
if(!empty($u->oath_key) && empty($_REQUEST['oath_password'])){
- $this->jerror('LOGIN-BAD','Your account require Two-Factor Authentication');
+ $this->jerror('LOGIN-BAD','Your account requires Two-Factor Authentication');
}
// check if config allows non-owner passwords.
exit;
}
- if(!empty($u->oath_key) && !$u->checkTwoFactorAuthentication(trim($_REQUEST['oath_password'],"\x10"))){
+ if(
+ !empty($u->oath_key) &&
+ !$u->checkTwoFactorAuthentication($_REQUEST['oath_password'], $u->oath_key)
+ ){
$this->jerror('LOGIN-BAD', 'You typed the wrong Username or Password (3)');
exit;
}
return $_SERVER['REMOTE_ADDR'];
}
-
-
}