Home Explore Help
Sign In
mirrors
/
mailcow-dockerized
mirror of https://github.com/mailcow/mailcow-dockerized
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

prevent auth wipe out at yubi otp registration

FreddleSpl0it 3 years ago
parent
f724662874
commit
cd02483b19
1 changed files with 1 additions and 2 deletions
Split View Show Diff Stats
  1. 1 2
      data/web/inc/functions.inc.php

+ 1 - 2
data/web/inc/functions.inc.php
View File 

@@ -1240,8 +1240,7 @@ function set_tfa($_data) {
 
         $yubico_modhex_id = substr($_data["otp_token"], 0, 12);

         $stmt = $pdo->prepare("DELETE FROM `tfa`

           WHERE `username` = :username

-            AND (`authmech` != 'yubi_otp')

-            OR (`authmech` = 'yubi_otp' AND `secret` LIKE :modhex)");

+            AND (`authmech` = 'yubi_otp' AND `secret` LIKE :modhex)");

         $stmt->execute(array(':username' => $username, ':modhex' => '%' . $yubico_modhex_id));

         $stmt = $pdo->prepare("INSERT INTO `tfa` (`key_id`, `username`, `authmech`, `active`, `secret`) VALUES

           (:key_id, :username, 'yubi_otp', '1', :secret)");