summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFelix Dörre <felix@dogcraft.de>2014-11-15 12:12:12 +0100
committerFelix Dörre <felix@dogcraft.de>2014-11-15 12:12:12 +0100
commit3e578bf67cf3ba551aecae52b2f95d910af336ec (patch)
tree04a7d453bba90ecc2ffcb6941796724378e6d5e6
parent6d0f414854b2c1aa1da9ec49889ac9bb3b69b966 (diff)
downloadcacert-devel-3e578bf67cf3ba551aecae52b2f95d910af336ec.tar.gz
cacert-devel-3e578bf67cf3ba551aecae52b2f95d910af336ec.tar.xz
cacert-devel-3e578bf67cf3ba551aecae52b2f95d910af336ec.zip
bug-1339: remove all traces of OTPbug-1339
-rw-r--r--includes/account.php10
-rw-r--r--pages/account/13.php12
-rw-r--r--www/index.php113
3 files changed, 1 insertions, 134 deletions
diff --git a/includes/account.php b/includes/account.php
index b1ab984..88026d6 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -1333,16 +1333,6 @@ function buildSubjectFromSession() {
mysql_query($query);
}
- //!!!Should be rewritten
- $_SESSION['_config']['user']['otphash'] = trim(stripslashes(strip_tags($_REQUEST['otphash'])));
- $_SESSION['_config']['user']['otppin'] = trim(stripslashes(strip_tags($_REQUEST['otppin'])));
- if($_SESSION['_config']['user']['otphash'] != "" && $_SESSION['_config']['user']['otppin'] != "")
- {
- $query = "update `users` set `otphash`='".mysql_real_escape_string($_SESSION['_config']['user']['otphash'])."',
- `otppin`='".mysql_real_escape_string($_SESSION['_config']['user']['otppin'])."' where `id`='".intval($_SESSION['profile']['id'])."'";
- mysql_query($query);
- }
-
$_SESSION['_config']['user']['set'] = 0;
$_SESSION['profile'] = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_SESSION['profile']['id'])."'"));
$_SESSION['profile']['loggedin'] = 1;
diff --git a/pages/account/13.php b/pages/account/13.php
index 080e277..ea28c0e 100644
--- a/pages/account/13.php
+++ b/pages/account/13.php
@@ -127,20 +127,10 @@
<td colspan="2" class="title"><a href="account.php?id=59&amp;oldid=13&amp;userid=<?=intval($_SESSION['profile']['id'])?>"><?=_('Show account history')?></a></td>
</tr>
<tr>
- <td colspan="2" class="title"><a href="account.php?id=13&amp;showdetails=<?=intval(!$showdetails)?>"><?=_("View secret question & answers and OTP phrases")?></a></td>
+ <td colspan="2" class="title"><a href="account.php?id=13&amp;showdetails=<?=intval(!$showdetails)?>"><?=_("View secret question & answers")?></a></td>
</tr>
<? if($showdetails){ ?>
<tr>
- <td class="DataTD"><?=_("OTP Hash")?><br>
- (<?=_("Not displayed")?>)</td>
- <td class="DataTD"><input type="text" name="otphash"></td>
- </tr>
- <tr>
- <td class="DataTD"><?=_("OTP PIN")?><br>
- (<?=_("Not displayed")?>)</td>
- <td class="DataTD"><input type="text" name="otppin"></td>
- </tr>
- <tr>
<td class="DataTD" colspan="2"><?=_("Lost Pass Phrase Questions")?></td>
</tr>
<tr>
diff --git a/www/index.php b/www/index.php
index 40a8e86..5a744fc 100644
--- a/www/index.php
+++ b/www/index.php
@@ -177,73 +177,6 @@ require_once('../includes/lib/l10n.php');
exit;
}
- function getOTP64($otp)
- {
- $lookupChar = "123456789abcdefhkmnprstuvwxyzABCDEFGHKMNPQRSTUVWXYZ=+[]&@#*!-?%:";
-
- for($i = 0; $i < 6; $i++)
- $val[$i] = hexdec(substr($otp, $i * 2, 2));
-
- $tmp1 = $val[0] >> 2;
- $OTP = $lookupChar[$tmp1 & 63];
- $tmp2 = $val[0] - ($tmp1 << 2);
- $tmp1 = $val[1] >> 4;
- $OTP .= $lookupChar[($tmp1 + $tmp2) & 63];
- $tmp2 = $val[1] - ($tmp1 << 4);
- $tmp1 = $val[2] >> 6;
- $OTP .= $lookupChar[($tmp1 + $tmp2) & 63];
- $tmp2 = $val[2] - ($tmp1 << 6);
- $OTP .= $lookupChar[$tmp2 & 63];
- $tmp1 = $val[3] >> 2;
- $OTP .= $lookupChar[$tmp1 & 63];
- $tmp2 = $val[3] - ($tmp1 << 2);
- $tmp1 = $val[4] >> 4;
- $OTP .= $lookupChar[($tmp1 + $tmp2) & 63];
- $tmp2 = $val[4] - ($tmp1 << 4);
- $tmp1 = $val[5] >> 6;
- $OTP .= $lookupChar[($tmp1 + $tmp2) & 63];
- $tmp2 = $val[5] - ($tmp1 << 6);
- $OTP .= $lookupChar[$tmp2 & 63];
-
- return $OTP;
- }
-
- function getOTP32($otp)
- {
- $lookupChar = "0123456789abcdefghkmnoprstuvwxyz";
-
- for($i = 0; $i < 7; $i++)
- $val[$i] = hexdec(substr($otp, $i * 2, 2));
-
- $tmp1 = $val[0] >> 3;
- $OTP = $lookupChar[$tmp1 & 31];
- $tmp2 = $val[0] - ($tmp1 << 3);
- $tmp1 = $val[1] >> 6;
- $OTP .= $lookupChar[($tmp1 + $tmp2) & 31];
- $tmp2 = ($val[1] - ($tmp1 << 6)) >> 1;
- $OTP .= $lookupChar[$tmp2 & 31];
- $tmp2 = $val[1] - (($val[1] >> 1) << 1);
- $tmp1 = $val[2] >> 4;
- $OTP .= $lookupChar[($tmp1 + $tmp2) & 31];
- $tmp2 = $val[2] - ($tmp1 << 4);
- $tmp1 = $val[3] >> 7;
- $OTP .= $lookupChar[($tmp1 + $tmp2) & 31];
- $tmp2 = ($val[3] - ($tmp1 << 7)) >> 2;
- $OTP .= $lookupChar[$tmp2 & 31];
- $tmp2 = $val[3] - (($val[3] - ($tmp1 << 7)) >> 2) << 2;
- $tmp1 = $val[4] >> 5;
- $OTP .= $lookupChar[($tmp1 + $tmp2) & 31];
- $tmp2 = $val[4] - ($tmp1 << 5);
- $OTP .= $lookupChar[$tmp2 & 31];
- $tmp1 = $val[5] >> 3;
- $OTP .= $lookupChar[$tmp1 & 31];
- $tmp2 = $val[5] - ($tmp1 << 3);
- $tmp1 = $val[6] >> 6;
- $OTP .= $lookupChar[($tmp1 + $tmp2) & 31];
-
- return $OTP;
- }
-
if($oldid == 4)
{
$oldid = 0;
@@ -256,52 +189,6 @@ require_once('../includes/lib/l10n.php');
$query = "select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
`password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0";
$res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
- {
- $otpquery = "select * from `users` where `email`='$email' and `otphash`!='' and `verified`=1 and `deleted`=0 and `locked`=0";
- $otpres = mysql_query($otpquery);
- if(mysql_num_rows($otpres) > 0)
- {
- $otp = mysql_fetch_assoc($otpres);
- $otphash = $otp['otphash'];
- $otppin = $otp['otppin'];
- if(strlen($pword) == 6)
- {
- $matchperiod = 18;
- $time = round(gmdate("U") / 10);
- } else {
- $matchperiod = 3;
- $time = round(gmdate("U") / 60);
- }
-
- $query = "delete from `otphashes` where UNIX_TIMESTAMP(`when`) <= UNIX_TIMESTAMP(NOW()) - 600";
- mysql_query($query);
-
- $query = "select * from `otphashes` where `username`='$email' and `otp`='$pword'";
- if(mysql_num_rows(mysql_query($query)) <= 0)
- {
- $query = "insert into `otphashes` set `when`=NOW(), `username`='$email', `otp`='$pword'";
- mysql_query($query);
- for($i = $time - $matchperiod; $i <= $time + $matchperiod * 2; $i++)
- {
- if($otppin > 0)
- $tmpmd5 = md5("$i$otphash$otppin");
- else
- $tmpmd5 = md5("$i$otphash");
-
- if(strlen($pword) == 6)
- $md5 = substr(md5("$i$otphash"), 0, 6);
- else if(strlen($pword) == 8)
- $md5 = getOTP64(md5("$i$otphash"));
- else
- $md5 = getOTP32(md5("$i$otphash"));
-
- if($pword == $md5)
- $res = mysql_query($otpquery);
- }
- }
- }
- }
if(mysql_num_rows($res) > 0)
{
$_SESSION['profile'] = "";