Pman/Login.php

[Pman.Base] / Pman / Login.php

diff --git a/Pman/Login.php b/Pman/Login.php
index bb7e049..72ce4fe 100644 (file)
--- a/Pman/Login.php
+++ b/Pman/Login.php
@@ -129,11 +129,23 @@ class Pman_Login extends Pman
         $tbl = empty($ff->Pman['authTable']) ? 'core_person' : $ff->Pman['authTable'];
         
         $u = DB_DataObject::factory($tbl);
+        $s = DB_DataObject::factory('core_setting');
+        $require_oath_val = 1;
+        $require_oath = $s->lookup('core', 'two_factor_authentication_requirement');
+        if(!empty($require_oath)) {
+            if($require_oath->val == 0) {
+                $require_oath_val = 0;
+            }
+        } 
+        
         if (!$u->isAuth()) {
-             
-            $this->jok(array('id' => 0, 'test' => 0)); // not logged in..
+            $this->jok(array(
+                'id' => 0,
+                'require_oath' => 0
+            ));
             exit;
         }
+        
         //die("got here?");
         $au = $u->getAuthUser();
         
@@ -315,9 +327,12 @@ class Pman_Login extends Pman
         }
         
         if(
-            !empty($u->oath_key) && 
-            !$u->checkTwoFactorAuthentication($_REQUEST['oath_password'])
-        ){
+            !empty($u->oath_key) &&
+           (
+               empty($_REQUEST['oath_password']) ||
+               !$u->checkTwoFactorAuthentication($_REQUEST['oath_password'])
+           )
+        ) {
             $this->jerror('LOGIN-BAD', 'You typed the wrong Username or Password  (3)');
             exit;
         }