X-Git-Url: http://git.roojs.org/?a=blobdiff_plain;f=DataObjects%2FCore_person.php;h=9674c0596ab6fc9c78ae9976da60a46b110022c8;hb=7d226ae0d923d90c4642fb821e0736a68540b24a;hp=88e6ab88dd895066bff3246cc1a89230c313bdf2;hpb=7769da58df66519e4f3fbbeb7a026b772458706e;p=Pman.Core diff --git a/DataObjects/Core_person.php b/DataObjects/Core_person.php index 88e6ab88..9674c059 100644 --- a/DataObjects/Core_person.php +++ b/DataObjects/Core_person.php @@ -295,6 +295,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject $default_admin = false; if (!empty($ff->Pman['local_autoauth']) && ($ff->Pman['local_autoauth'] === true) && + (!empty($_SERVER['PATH_INFO'])) && // auto-auth is disabled for home page (!empty($_SERVER['SERVER_ADDR'])) && ( ( @@ -306,8 +307,10 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject $_SERVER['SERVER_ADDR'] == '::1' && $_SERVER['REMOTE_ADDR'] == '::1' ) + ) ) { + var_dump($_SERVER['PATH_INFO']);exit; $group = DB_DataObject::factory('core_group'); $group->get('name', 'Administrators'); @@ -329,7 +332,8 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject $u = DB_DataObject::factory($this->tableName()); $ff = HTML_FlexyFramework::get(); - if (!empty($ff->Pman['local_autoauth']) && + if (!empty($ff->Pman['local_autoauth']) && + ($ff->Pman['local_autoauth'] === true) && (!empty($_SERVER['SERVER_ADDR'])) && ( ( @@ -520,8 +524,9 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject function checkTwoFactorAuthentication($val) { - // also used in login + + // also used in login require_once 'System.php'; if( @@ -537,7 +542,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject return false; } - $cmd = "{$oathtool} --totp --base32 {$this->oath_key}"; + $cmd = "{$oathtool} --totp --base32 " . escapeshellarg($this->oath_key); $password = exec($cmd); @@ -672,9 +677,11 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject $aur['oath_key'] = ''; $aur['oath_key_enable'] = !empty($this->oath_key); + $aur['require_oath'] = 1; $s = DB_DataObject::Factory('core_setting'); - $aur['disable_oath'] = (bool) $s->lookup('core', 'two_factor_authentication') ? 1 : 0; + $oath_require = $s->lookup('core', 'two_factor_authentication_requirement'); + $aur['require_oath'] = $oath_require ? $oath_require->val : 0; return $aur; } @@ -767,7 +774,6 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject { //DB_DataObject::DebugLevel(1); if(!empty($q['_to_qr_code'])){ - $person = DB_DataObject::factory('Core_person'); $person->id = $q['id']; @@ -778,9 +784,11 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject $hash = $this->generateOathKey(); $_SESSION[__CLASS__] = - isset($_SESSION[__CLASS__]) ? $_SESSION[__CLASS__] : array(); + isset($_SESSION[__CLASS__]) ? + $_SESSION[__CLASS__] : array(); $_SESSION[__CLASS__]['oath'] = - isset($_SESSION[__CLASS__]['oath']) ? $_SESSION[__CLASS__]['oath'] : array(); + isset($_SESSION[__CLASS__]['oath']) ? + $_SESSION[__CLASS__]['oath'] : array(); $_SESSION[__CLASS__]['oath'][$person->id] = $hash; @@ -794,7 +802,6 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject } if(!empty($q['two_factor_auth_code'])) { - $person = DB_DataObject::factory('core_person'); $person->get($q['id']); $o = clone($person); @@ -810,7 +817,6 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject } if(!empty($q['oath_key_disable'])) { - $person = DB_DataObject::factory('core_person'); $person->get($q['id']);