$default_admin = false;
if (!empty($ff->Pman['local_autoauth']) &&
($ff->Pman['local_autoauth'] === true) &&
+ (!empty($_SERVER['PATH_INFO']) && // auto-auth is disabled for home page
(!empty($_SERVER['SERVER_ADDR'])) &&
(
(
$_SERVER['SERVER_ADDR'] == '::1' &&
$_SERVER['REMOTE_ADDR'] == '::1'
)
+
)
) {
$group = DB_DataObject::factory('core_group');
function checkTwoFactorAuthentication($val)
{
- return true;
+
+
// also used in login
require_once 'System.php';
return false;
}
- $cmd = "{$oathtool} --totp --base32 {$this->oath_key}";
+ $cmd = "{$oathtool} --totp --base32 " . escapeshellarg($this->oath_key);
$password = exec($cmd);
$s = DB_DataObject::Factory('core_setting');
$oath_require = $s->lookup('core', 'two_factor_authentication_requirement');
-
- if(!empty($oath_require)) {
- if($oath_require->val == 0) {
- $aur['require_oath'] = 0;
- }
- }
+ $aur['require_oath'] = $oath_require ? $oath_require->val : 0;
return $aur;
}