protected function pre_action_login() { $userid = $_POST['userid']; $security = new Security(); if ($security->check_password($userid, $_POST['pw'], $expired)) { $this->login_phase1($userid); if ($expired) { $_SESSION['expired'] = true; $security->store_verification($userid, 0); } $this->transfer('loginverify.php', array('action_start' => '1')); } else { Sleep(2); $this->transfer('login.php', array('msg' => 'User ID and/or password are invalid')); } }
protected function action_yubikey() { $y = $_POST['yubikey']; if (strlen($y) > 34) { $identity = substr($y, 0, strlen($y) - 32); $stmt = $this->db->query('select identity from user where userid = :userid', array('userid' => $_SESSION['userid_pending'])); if (($row = $stmt->fetch()) && $row['identity'] == $identity) { $yubi = new \Auth_Yubico(CLIENT_ID, CLIENT_KEY); if ($yubi->verify($y) === true) { if (!isset($_SESSION['expired'])) { $security = new Security(); $security->store_verification($_SESSION['userid_pending'], true); } $this->is_verified(); return; } } } $this->show_form_yubikey(); $this->message('Invalid YubiKey OTP'); }