protected function pre_action_login()
{
$userid = $_POST['userid'];
$security = new Security();
if ($security->check_password($userid, $_POST['pw'], $expired)) {
$this->login_phase1($userid);
if ($expired) {
$_SESSION['expired'] = true;
$security->store_verification($userid, 0);
}
$this->transfer('loginverify.php', array('action_start' => '1'));
} else {
Sleep(2);
$this->transfer('login.php', array('msg' => 'User ID and/or password are invalid'));
}
}
protected function action_yubikey()
{
$y = $_POST['yubikey'];
if (strlen($y) > 34) {
$identity = substr($y, 0, strlen($y) - 32);
$stmt = $this->db->query('select identity from
user where userid = :userid', array('userid' => $_SESSION['userid_pending']));
if (($row = $stmt->fetch()) && $row['identity'] == $identity) {
$yubi = new \Auth_Yubico(CLIENT_ID, CLIENT_KEY);
if ($yubi->verify($y) === true) {
if (!isset($_SESSION['expired'])) {
$security = new Security();
$security->store_verification($_SESSION['userid_pending'], true);
}
$this->is_verified();
return;
}
}
}
$this->show_form_yubikey();
$this->message('Invalid YubiKey OTP');
}
