Pman/Login.php

[Pman.Base] / Pman / Login.php

diff --git a/Pman/Login.php b/Pman/Login.php
index e822011..72ce4fe 100644 (file)
--- a/Pman/Login.php
+++ b/Pman/Login.php
@@ -130,18 +130,18 @@ class Pman_Login extends Pman
         
         $u = DB_DataObject::factory($tbl);
         $s = DB_DataObject::factory('core_setting');
-        $oath_require_val = 1;
-        $oath_require = $s->lookup('core', 'two_factor_authentication_requirement');
-        if(!empty($oath_require)) {
-            if($oath_require->val == 0) {
-                $oath_require_val = 0;
+        $require_oath_val = 1;
+        $require_oath = $s->lookup('core', 'two_factor_authentication_requirement');
+        if(!empty($require_oath)) {
+            if($require_oath->val == 0) {
+                $require_oath_val = 0;
             }
         } 
         
         if (!$u->isAuth()) {
             $this->jok(array(
                 'id' => 0,
-                'require_oath' => $oath_require_val
+                'require_oath' => 0
             ));
             exit;
         }
@@ -327,9 +327,12 @@ class Pman_Login extends Pman
         }
         
         if(
-            !empty($u->oath_key) && 
-            !$u->checkTwoFactorAuthentication($_REQUEST['oath_password'])
-        ){
+            !empty($u->oath_key) &&
+           (
+               empty($_REQUEST['oath_password']) ||
+               !$u->checkTwoFactorAuthentication($_REQUEST['oath_password'])
+           )
+        ) {
             $this->jerror('LOGIN-BAD', 'You typed the wrong Username or Password  (3)');
             exit;
         }