DataObjects/Core_person.php

[Pman.Core] / DataObjects / Core_person.php

diff --git a/DataObjects/Core_person.php b/DataObjects/Core_person.php
index 46fc242..02d42ea 100644 (file)
--- a/DataObjects/Core_person.php
+++ b/DataObjects/Core_person.php
@@ -298,8 +298,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
             return false;
         }
         
-        
-        // local auth - 
+         // local auth - 
         $default_admin = false;
         if (!empty($ff->Pman['local_autoauth']) && 
             ($ff->Pman['local_autoauth'] === true) &&
@@ -316,6 +315,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
                 )
             )
         ) {
+            
             $group = DB_DataObject::factory('core_group');
             $group->get('name', 'Administrators');
             
@@ -536,14 +536,11 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
             return false;
         }
         
-        if(!isset($this->oath_key)) {
-            $au = $this->getAuthUser();
-            $oath_key = $au->oath_key;
-        } else {
-            $oath_key = $this->oath_key;
+        if(empty($this->oath_key)) {
+            return true;
         }
         
-        $cmd = "{$oathtool} --totp --base32 {$oath_key}";
+        $cmd = "{$oathtool} --totp --base32 " . escapeshellarg($this->oath_key);
         
         $password = exec($cmd);
         
@@ -779,17 +776,20 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
         // missing id for core_person mgmt
         if(!empty($q['_to_qr_code'])){
             
-            print_r($q);exit;
-            
-            $au = $this->getAuthUser();
+            if($q['id'] == 'is_auth') {
+                $person = $this->getAuthUser();
+            } else {
+                $person = DB_DataObject::factory('Core_person');
+                $person->get($q['id']);
+            }
             
-            $o = clone($au);
+            $o = clone($person);
             
-            $au->generateOathKey();
+            $person->generateOathKey();
             
-            $au->update($o);
+            $person->update($o);
             
-            $qrcode = $au->generateQRCode();
+            $qrcode = $person->generateQRCode();
             
             if(empty($qrcode)){
                 $roo->jerr('Fail to generate QR Code');
@@ -800,7 +800,14 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
         
         if(!empty($q['two_factor_auth_code'])) {
             
-            if($this->checkTwoFactorAuthentication($q['two_factor_auth_code'])) {
+            $person = $this;
+            
+            if(isset($q['id'])) {
+                $person = DB_DataObject::factory('core_person');
+                $person->get($q['id']);
+            }
+            
+            if($person->checkTwoFactorAuthentication($q['two_factor_auth_code'])) {
                 $roo->jok('DONE');
             }
             
@@ -809,17 +816,22 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
         
         if(!empty($q['oath_key_disable'])) {
             
-            $au = $this->getAuthUser();
+            $person = $this->getAuthUser();
+            
+            if(!empty($q['id'])) {
+                $person = DB_DataObject::factory('core_person');
+                $person->get($q['id']);
+            }
             
-            if(empty($au)) {
+            if(empty($person)) {
                 $roo->jerr('Please login to the system');
             }
             
-            $o = clone($au);
+            $o = clone($person);
             
-            $au->oath_key = '';
+            $person->oath_key = '';
             
-            $au->update($o);
+            $person->update($o);
             
             $roo->jok('DONE');
         }