1 files changed, 44 insertions, 0 deletions

diff --git a/pam.php b/pam.php
index 20c5a85..3eb413e 100644
--- a/pam.php
+++ b/pam.php
@@ -13,6 +13,48 @@ require_once 'config.php';
 $action = Request::any('action');
 
 //
+// Even newer version - QR code based
+//
+if ($action === 'qrgen') {
+	// Generate new QR code
+	$token = Request::get('token');
+	if (strlen($token) !== 16) {
+		http_response_code(400);
+		die('Wrong token length');
+	}
+	Database::exec("DELETE FROM client_token WHERE dateline < UNIX_TIMESTAMP() - 300");
+	$ret = Database::exec("INSERT INTO client_token (username, token, dateline, qrtoken)
+		VALUES ('', '', UNIX_TIMESTAMP(), :token)", ['token' => $token], true);
+	if ($ret === false) {
+		http_response_code(400);
+		die('Token already in use');
+	}
+	$code = QRCode::getMinimumQRCode('https://' . CONFIG_FORCE_DOMAIN . '/?qr=' . $token, QR_ERROR_CORRECT_LEVEL_L);
+	Header('Content-Type: image/svg+xml; charset=utf-8');
+	$code->printSVG(16);
+	exit;
+}
+if ($action === 'qrpoll') {
+	$token = Request::get('token');
+	$ret = Database::queryFirst("SELECT username, token, dmsdsession FROM client_token WHERE qrtoken = :qrtoken LIMIT 1",
+		['qrtoken' => $token]);
+	if ($ret === false) {
+		http_response_code(404);
+		exit;
+	}
+	if ($ret['username'] === '') {
+		http_response_code(204);
+		exit;
+	}
+	// Successful, send reply to lightdm
+	$retval = $ret['username'] . "\n" . $ret['token'];
+	if (!empty($ret['dmsdsession'])) {
+		$retval .= "\n" . $ret['dmsdsession'];
+	}
+	die ($retval);
+}
+
+//
 // New version - browser based
 //
 if ($action === 'browser') {
@@ -29,6 +71,8 @@ if ($action === 'verify') {
 	if ($row === false) {
 		die("ERROR=Invalid token");
 	}
+	Database::exec("DELETE FROM client_token WHERE token = :token LIMIT 1",
+		['token' => (string)Request::any('token')]);
 	die("USER={$row['username']}");
 }