diff options
author | Simon Rettberg | 2024-05-27 15:37:55 +0200 |
---|---|---|
committer | Simon Rettberg | 2024-05-27 15:37:55 +0200 |
commit | 43ddb14693e4a4830f471dd7c90f6257d95b7b29 (patch) | |
tree | 8c960b53e0f7ba1c660d16abf8bf044411b96080 /pam.php | |
parent | Merge branch 'master' of git.openslx.org:bwlp/bwlp-webadmin (diff) | |
download | bwlp-webadmin-43ddb14693e4a4830f471dd7c90f6257d95b7b29.tar.gz bwlp-webadmin-43ddb14693e4a4830f471dd7c90f6257d95b7b29.tar.xz bwlp-webadmin-43ddb14693e4a4830f471dd7c90f6257d95b7b29.zip |
Diffstat (limited to 'pam.php')
-rw-r--r-- | pam.php | 44 |
1 files changed, 44 insertions, 0 deletions
@@ -13,6 +13,48 @@ require_once 'config.php'; $action = Request::any('action'); // +// Even newer version - QR code based +// +if ($action === 'qrgen') { + // Generate new QR code + $token = Request::get('token'); + if (strlen($token) !== 16) { + http_response_code(400); + die('Wrong token length'); + } + Database::exec("DELETE FROM client_token WHERE dateline < UNIX_TIMESTAMP() - 300"); + $ret = Database::exec("INSERT INTO client_token (username, token, dateline, qrtoken) + VALUES ('', '', UNIX_TIMESTAMP(), :token)", ['token' => $token], true); + if ($ret === false) { + http_response_code(400); + die('Token already in use'); + } + $code = QRCode::getMinimumQRCode('https://' . CONFIG_FORCE_DOMAIN . '/?qr=' . $token, QR_ERROR_CORRECT_LEVEL_L); + Header('Content-Type: image/svg+xml; charset=utf-8'); + $code->printSVG(16); + exit; +} +if ($action === 'qrpoll') { + $token = Request::get('token'); + $ret = Database::queryFirst("SELECT username, token, dmsdsession FROM client_token WHERE qrtoken = :qrtoken LIMIT 1", + ['qrtoken' => $token]); + if ($ret === false) { + http_response_code(404); + exit; + } + if ($ret['username'] === '') { + http_response_code(204); + exit; + } + // Successful, send reply to lightdm + $retval = $ret['username'] . "\n" . $ret['token']; + if (!empty($ret['dmsdsession'])) { + $retval .= "\n" . $ret['dmsdsession']; + } + die ($retval); +} + +// // New version - browser based // if ($action === 'browser') { @@ -29,6 +71,8 @@ if ($action === 'verify') { if ($row === false) { die("ERROR=Invalid token"); } + Database::exec("DELETE FROM client_token WHERE token = :token LIMIT 1", + ['token' => (string)Request::any('token')]); die("USER={$row['username']}"); } |