cacert/cacert-webdb
9
0
Fork 0
Code Issues Pull requests 3 Projects Releases 4 Wiki Activity

Fix for https://bugs.cacert.org/view.php?id=1339

Browse source
This commit is contained in:
Mendel Mobach 2014-11-18 22:08:23 +00:00
parent cda3e7f0db
commit 8be54e45e9
3 changed files with 1 additions and 134 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
includes/account.php
View file

@ -1333,16 +1333,6 @@ function buildSubjectFromSession() {
mysql_query($query);
}
//!!!Should be rewritten
$_SESSION['_config']['user']['otphash'] = trim(stripslashes(strip_tags($_REQUEST['otphash'])));
$_SESSION['_config']['user']['otppin'] = trim(stripslashes(strip_tags($_REQUEST['otppin'])));
if($_SESSION['_config']['user']['otphash'] != "" && $_SESSION['_config']['user']['otppin'] != "")
{
$query = "update `users` set `otphash`='".mysql_real_escape_string($_SESSION['_config']['user']['otphash'])."',
`otppin`='".mysql_real_escape_string($_SESSION['_config']['user']['otppin'])."' where `id`='".intval($_SESSION['profile']['id'])."'";
mysql_query($query);
}
$_SESSION['_config']['user']['set'] = 0;
$_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
$_SESSION['profile']['loggedin'] = 1;

12
pages/account/13.php
View file

@ -127,19 +127,9 @@
<td colspan="2" class="title"><a href="account.php?id=59&amp;oldid=13&amp;userid=<?=intval($_SESSION['profile']['id'])?>"><?=_('Show account history')?></a></td>
</tr>
<tr>
<td colspan="2" class="title"><a href="account.php?id=13&amp;showdetails=<?=intval(!$showdetails)?>"><?=_("View secret question & answers and OTP phrases")?></a></td>
<td colspan="2" class="title"><a href="account.php?id=13&amp;showdetails=<?=intval(!$showdetails)?>"><?=_("View secret question & answers")?></a></td>
</tr>
<? if($showdetails){ ?>
<tr>
<td class="DataTD"><?=_("OTP Hash")?><br>
(<?=_("Not displayed")?>)</td>
<td class="DataTD"><input type="text" name="otphash"></td>
</tr>
<tr>
<td class="DataTD"><?=_("OTP PIN")?><br>
(<?=_("Not displayed")?>)</td>
<td class="DataTD"><input type="text" name="otppin"></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><?=_("Lost Pass Phrase Questions")?></td>
</tr>

113
www/index.php
View file

@ -177,73 +177,6 @@ require_once('../includes/lib/l10n.php');
exit;
}
function getOTP64($otp)
{
$lookupChar = "123456789abcdefhkmnprstuvwxyzABCDEFGHKMNPQRSTUVWXYZ=+[]&@#*!-?%:";
for($i = 0; $i < 6; $i++)
$val[$i] = hexdec(substr($otp, $i * 2, 2));
$tmp1 = $val[0] >> 2;
$OTP = $lookupChar[$tmp1 & 63];
$tmp2 = $val[0] - ($tmp1 << 2);
$tmp1 = $val[1] >> 4;
$OTP .= $lookupChar[($tmp1 + $tmp2) & 63];
$tmp2 = $val[1] - ($tmp1 << 4);
$tmp1 = $val[2] >> 6;
$OTP .= $lookupChar[($tmp1 + $tmp2) & 63];
$tmp2 = $val[2] - ($tmp1 << 6);
$OTP .= $lookupChar[$tmp2 & 63];
$tmp1 = $val[3] >> 2;
$OTP .= $lookupChar[$tmp1 & 63];
$tmp2 = $val[3] - ($tmp1 << 2);
$tmp1 = $val[4] >> 4;
$OTP .= $lookupChar[($tmp1 + $tmp2) & 63];
$tmp2 = $val[4] - ($tmp1 << 4);
$tmp1 = $val[5] >> 6;
$OTP .= $lookupChar[($tmp1 + $tmp2) & 63];
$tmp2 = $val[5] - ($tmp1 << 6);
$OTP .= $lookupChar[$tmp2 & 63];
return $OTP;
}
function getOTP32($otp)
{
$lookupChar = "0123456789abcdefghkmnoprstuvwxyz";
for($i = 0; $i < 7; $i++)
$val[$i] = hexdec(substr($otp, $i * 2, 2));
$tmp1 = $val[0] >> 3;
$OTP = $lookupChar[$tmp1 & 31];
$tmp2 = $val[0] - ($tmp1 << 3);
$tmp1 = $val[1] >> 6;
$OTP .= $lookupChar[($tmp1 + $tmp2) & 31];
$tmp2 = ($val[1] - ($tmp1 << 6)) >> 1;
$OTP .= $lookupChar[$tmp2 & 31];
$tmp2 = $val[1] - (($val[1] >> 1) << 1);
$tmp1 = $val[2] >> 4;
$OTP .= $lookupChar[($tmp1 + $tmp2) & 31];
$tmp2 = $val[2] - ($tmp1 << 4);
$tmp1 = $val[3] >> 7;
$OTP .= $lookupChar[($tmp1 + $tmp2) & 31];
$tmp2 = ($val[3] - ($tmp1 << 7)) >> 2;
$OTP .= $lookupChar[$tmp2 & 31];
$tmp2 = $val[3] - (($val[3] - ($tmp1 << 7)) >> 2) << 2;
$tmp1 = $val[4] >> 5;
$OTP .= $lookupChar[($tmp1 + $tmp2) & 31];
$tmp2 = $val[4] - ($tmp1 << 5);
$OTP .= $lookupChar[$tmp2 & 31];
$tmp1 = $val[5] >> 3;
$OTP .= $lookupChar[$tmp1 & 31];
$tmp2 = $val[5] - ($tmp1 << 3);
$tmp1 = $val[6] >> 6;
$OTP .= $lookupChar[($tmp1 + $tmp2) & 31];
return $OTP;
}
if($oldid == 4)
{
$oldid = 0;
@ -256,52 +189,6 @@ require_once('../includes/lib/l10n.php');
$query = "select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
`password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
$otpquery = "select * from `users` where `email`='$email' and `otphash`!='' and `verified`=1 and `deleted`=0 and `locked`=0";
$otpres = mysql_query($otpquery);
if(mysql_num_rows($otpres) > 0)
{
$otp = mysql_fetch_assoc($otpres);
$otphash = $otp['otphash'];
$otppin = $otp['otppin'];
if(strlen($pword) == 6)
{
$matchperiod = 18;
$time = round(gmdate("U") / 10);
} else {
$matchperiod = 3;
$time = round(gmdate("U") / 60);
}
$query = "delete from `otphashes` where UNIX_TIMESTAMP(`when`) <= UNIX_TIMESTAMP(NOW()) - 600";
mysql_query($query);
$query = "select * from `otphashes` where `username`='$email' and `otp`='$pword'";
if(mysql_num_rows(mysql_query($query)) <= 0)
{
$query = "insert into `otphashes` set `when`=NOW(), `username`='$email', `otp`='$pword'";
mysql_query($query);
for($i = $time - $matchperiod; $i <= $time + $matchperiod * 2; $i++)
{
if($otppin > 0)
$tmpmd5 = md5("$i$otphash$otppin");
else
$tmpmd5 = md5("$i$otphash");
if(strlen($pword) == 6)
$md5 = substr(md5("$i$otphash"), 0, 6);
else if(strlen($pword) == 8)
$md5 = getOTP64(md5("$i$otphash"));
else
$md5 = getOTP32(md5("$i$otphash"));
if($pword == $md5)
$res = mysql_query($otpquery);
}
}
}
}
if(mysql_num_rows($res) > 0)
{
$_SESSION['profile'] = "";