$u = DB_DataObject::factory($tbl);
$s = DB_DataObject::factory('core_setting');
- $oath_require_val = 1;
- $oath_require = $s->lookup('core', 'two_factor_authentication_requirement');
- if(!empty($oath_require)) {
- if($oath_require->val == 0) {
- $oath_require_val = 0;
+ $require_oath_val = 1;
+ $require_oath = $s->lookup('core', 'two_factor_authentication_requirement');
+ if(!empty($require_oath)) {
+ if($require_oath->val == 0) {
+ $require_oath_val = 0;
}
}
if (!$u->isAuth()) {
$this->jok(array(
'id' => 0,
- 'require_oath' => $oath_require_val
+ 'require_oath' => 0
));
exit;
}
}
if(
- !empty($u->oath_key) &&
- !$u->checkTwoFactorAuthentication($_REQUEST['oath_password'])
- ){
+ !empty($u->oath_key) &&
+ (
+ empty($_REQUEST['oath_password']) ||
+ !$u->checkTwoFactorAuthentication($_REQUEST['oath_password'])
+ )
+ ) {
$this->jerror('LOGIN-BAD', 'You typed the wrong Username or Password (3)');
exit;
}