protected function action_set()
{
$userid = $this->userid(true);
$security = new Security();
if ($security->check_password($userid, $_POST['pw-old'], $expired)) {
if ($_POST['pw-new1'] == $_POST['pw-new2']) {
if ($_POST['pw-new1'] == $_POST['pw-old']) {
$this->message('New password must be different');
} else {
if (YUBIKEY && !$this->set_yubikey()) {
return;
}
$this->hide_request();
$security->set_password($userid, $_POST['pw-new1']);
unset($_SESSION['expired']);
$this->message('Password was changed', true);
$this->button('Login', null, 'login.php');
}
} else {
$this->message('New and repeated passwords do
not match');
}
} else {
$this->message('Invalid existing password');
}
}
private function set_temp_password($userid)
{
$tmp = bin2hex(openssl_random_pseudo_bytes(6));
$security = new Security();
if ($security->set_password($userid, $tmp, true)) {
return $tmp;
}
return null;
}
protected function action_yubikey()
{
$y = $_POST['yubikey'];
if (strlen($y) > 34) {
$identity = substr($y, 0, strlen($y) - 32);
$stmt = $this->db->query('select identity from
user where userid = :userid', array('userid' => $_SESSION['userid_pending']));
if (($row = $stmt->fetch()) && $row['identity'] == $identity) {
$yubi = new \Auth_Yubico(CLIENT_ID, CLIENT_KEY);
if ($yubi->verify($y) === true) {
if (!isset($_SESSION['expired'])) {
$security = new Security();
$security->store_verification($_SESSION['userid_pending'], true);
}
$this->is_verified();
return;
}
}
}
$this->show_form_yubikey();
$this->message('Invalid YubiKey OTP');
}
