# HG changeset patch # User Dan # Date 1261182537 18000 # Node ID 6e947fa21237465e87bb9457aa3fbf68188f875e # Parent 1303cf9c594c0dd1bbe2d694d88b0e1dc493ebad Auth lib/hook fixes diff -r 1303cf9c594c -r 6e947fa21237 plugins/yubikey/auth.php --- a/plugins/yubikey/auth.php Mon Nov 09 09:21:05 2009 -0500 +++ b/plugins/yubikey/auth.php Fri Dec 18 19:28:57 2009 -0500 @@ -119,7 +119,7 @@ { if ( !$do_validate_pass ) $session->sql('INSERT INTO ' . table_prefix . "logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES\n" - . ' (\'security\', \'' . $auth_log_prefix . 'auth_bad\', '.time().', \''.enano_date('d M Y h:i a').'\', \'(Yubikey)\', ' + . ' (\'security\', \'' . $auth_log_prefix . 'auth_bad\', '.time().', \'DEPRECATED\', \'(Yubikey)\', ' . '\''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')'); return array( @@ -132,6 +132,8 @@ $do_validate_otp = true; $do_validate_user = $flags & $user_flag; $do_validate_pass = $flags & $pass_flag; + // to complete security logs later + $userdata['username'] = $username; } else { @@ -149,7 +151,7 @@ { if ( !$do_validate_pass ) $session->sql('INSERT INTO ' . table_prefix . "logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES\n" - . ' (\'security\', \'' . $auth_log_prefix . 'auth_bad\', '.time().', \''.enano_date('d M Y h:i a').'\', \'(Yubikey)\', ' + . ' (\'security\', \'' . $auth_log_prefix . 'auth_bad\', '.time().', \'DEPRECATED\', \'(Yubikey)\', ' . '\''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')'); if ( $otp_check['error'] === 'http_failed' ) @@ -180,7 +182,7 @@ // Username incorrect if ( !$do_validate_pass ) $session->sql('INSERT INTO ' . table_prefix . "logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES\n" - . ' (\'security\', \'' . $auth_log_prefix . 'auth_bad\', '.time().', \''.enano_date('d M Y h:i a').'\', \'(Yubikey)\', ' + . ' (\'security\', \'' . $auth_log_prefix . 'auth_bad\', '.time().', \'DEPRECATED\', \'(Yubikey)\', ' . '\''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')'); return array( 'mode' => 'error', @@ -205,7 +207,7 @@ { // No password required; validated, issue session key $session->sql('INSERT INTO ' . table_prefix . "logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES\n" - . ' (\'security\', \'' . $auth_log_prefix . 'auth_good\', '.time().', \''.enano_date('d M Y h:i a').'\', \'' . $db->escape($userdata['username']) . '\', ' + . ' (\'security\', \'' . $auth_log_prefix . 'auth_good\', '.time().', \'DEPRECATED\', \'' . $db->escape($userdata['username']) . '\', ' . '\''.$db->escape($_SERVER['REMOTE_ADDR']).'\', ' . intval($level) . ')'); $q = $db->sql_query('SELECT password FROM ' . table_prefix . "users WHERE user_id = $user_id;"); @@ -215,7 +217,7 @@ list($password) = $db->fetchrow_num(); $db->free_result(); - $session->register_session($user_id, $userdata['username'], $password, $level, $remember); + $session->register_session($user_id, $userdata['username'], $password, intval($level), $remember); return true; } }