}
+ $auto_auth_allow = false;
+ if (!empty($ff->Pman['local_autoauth']) && $ff->Pman['local_autoauth'] === true) {
+ $auto_auth_allow = true;
+ }
+ if (empty($_SERVER['PATH_INFO']) || $_SERVER['PATH_INFO'] == '/Login') {
+ $auto_auth_allow = false;
+ }
+
// local auth -
$default_admin = false;
if (!empty($ff->Pman['local_autoauth']) &&
($ff->Pman['local_autoauth'] === true) &&
+ (
+ !empty($_SERVER['PATH_INFO']) || // auto-auth is disabled for home page and login
+ $_SERVER['PATH_INFO'] != '/Login'
+ ) && // auto-auth is disabled for home page
(!empty($_SERVER['SERVER_ADDR'])) &&
(
(
$_SERVER['SERVER_ADDR'] == '::1' &&
$_SERVER['REMOTE_ADDR'] == '::1'
)
+
)
) {
$group = DB_DataObject::factory('core_group');
$u = DB_DataObject::factory($this->tableName());
$ff = HTML_FlexyFramework::get();
- if (!empty($ff->Pman['local_autoauth']) &&
+ if (!empty($ff->Pman['local_autoauth']) &&
+ ($ff->Pman['local_autoauth'] === true) &&
(!empty($_SERVER['SERVER_ADDR'])) &&
(
(
function checkTwoFactorAuthentication($val)
{
- // also used in login
+
+ // also used in login
require_once 'System.php';
if(
return false;
}
- $cmd = "{$oathtool} --totp --base32 {$this->oath_key}";
+ $cmd = "{$oathtool} --totp --base32 " . escapeshellarg($this->oath_key);
$password = exec($cmd);
$aur['oath_key'] = '';
$aur['oath_key_enable'] = !empty($this->oath_key);
+ $aur['require_oath'] = 1;
$s = DB_DataObject::Factory('core_setting');
- $aur['disable_oath'] = (bool) $s->lookup('core', 'two_factor_authentication') ? 1 : 0;
+ $oath_require = $s->lookup('core', 'two_factor_authentication_requirement');
+ $aur['require_oath'] = $oath_require ? $oath_require->val : 0;
return $aur;
}
{
//DB_DataObject::DebugLevel(1);
if(!empty($q['_to_qr_code'])){
-
$person = DB_DataObject::factory('Core_person');
$person->id = $q['id'];
}
if(!empty($q['oath_key_disable'])) {
-
$person = DB_DataObject::factory('core_person');
$person->get($q['id']);
projects / Pman.Core / blobdiff