summaryrefslogtreecommitdiffstats
path: root/pam.php
diff options
context:
space:
mode:
authorSimon Rettberg2024-05-27 15:37:55 +0200
committerSimon Rettberg2024-05-27 15:37:55 +0200
commit43ddb14693e4a4830f471dd7c90f6257d95b7b29 (patch)
tree8c960b53e0f7ba1c660d16abf8bf044411b96080 /pam.php
parentMerge branch 'master' of git.openslx.org:bwlp/bwlp-webadmin (diff)
downloadbwlp-webadmin-master.tar.gz
bwlp-webadmin-master.tar.xz
bwlp-webadmin-master.zip
Add support for client login via QRCodeHEADmaster
Diffstat (limited to 'pam.php')
-rw-r--r--pam.php44
1 files changed, 44 insertions, 0 deletions
diff --git a/pam.php b/pam.php
index 20c5a85..3eb413e 100644
--- a/pam.php
+++ b/pam.php
@@ -13,6 +13,48 @@ require_once 'config.php';
$action = Request::any('action');
//
+// Even newer version - QR code based
+//
+if ($action === 'qrgen') {
+ // Generate new QR code
+ $token = Request::get('token');
+ if (strlen($token) !== 16) {
+ http_response_code(400);
+ die('Wrong token length');
+ }
+ Database::exec("DELETE FROM client_token WHERE dateline < UNIX_TIMESTAMP() - 300");
+ $ret = Database::exec("INSERT INTO client_token (username, token, dateline, qrtoken)
+ VALUES ('', '', UNIX_TIMESTAMP(), :token)", ['token' => $token], true);
+ if ($ret === false) {
+ http_response_code(400);
+ die('Token already in use');
+ }
+ $code = QRCode::getMinimumQRCode('https://' . CONFIG_FORCE_DOMAIN . '/?qr=' . $token, QR_ERROR_CORRECT_LEVEL_L);
+ Header('Content-Type: image/svg+xml; charset=utf-8');
+ $code->printSVG(16);
+ exit;
+}
+if ($action === 'qrpoll') {
+ $token = Request::get('token');
+ $ret = Database::queryFirst("SELECT username, token, dmsdsession FROM client_token WHERE qrtoken = :qrtoken LIMIT 1",
+ ['qrtoken' => $token]);
+ if ($ret === false) {
+ http_response_code(404);
+ exit;
+ }
+ if ($ret['username'] === '') {
+ http_response_code(204);
+ exit;
+ }
+ // Successful, send reply to lightdm
+ $retval = $ret['username'] . "\n" . $ret['token'];
+ if (!empty($ret['dmsdsession'])) {
+ $retval .= "\n" . $ret['dmsdsession'];
+ }
+ die ($retval);
+}
+
+//
// New version - browser based
//
if ($action === 'browser') {
@@ -29,6 +71,8 @@ if ($action === 'verify') {
if ($row === false) {
die("ERROR=Invalid token");
}
+ Database::exec("DELETE FROM client_token WHERE token = :token LIMIT 1",
+ ['token' => (string)Request::any('token')]);
die("USER={$row['username']}");
}