Skip to content

Commit

Permalink
New Feature: One time passwords. The user can call the limesurvey log…
Browse files Browse the repository at this point in the history 
…in at /limesurvey/admin and pass username and a one time password which was previously written into the users table (column one_time_pw) by an external application. Furthermore there is a setting in config-defaults which has to be turned on (default = off) to enable the usage of one time passwords.

git-svn-id: file:///Users/Shitiz/Downloads/lssvn/source/limesurvey181@6570 b72ed6b6-b9f8-46b5-92b4-906544132732
  • Loading branch information
@maziminke
maziminke committed Mar 20, 2009
1 parent 6537ca6 commit 141c615
Showing 1 changed file with 14 additions and 12 deletions.
26 changes: 14 additions & 12 deletions admin/login_check.php
View file
Expand Up @@ -18,6 +18,8 @@
if (!isset($action)) {$action=returnglobal('action');}




/*
* New feature since version 1.81: One time passwords
* The user can call the limesurvey login at /limesurvey/admin and pass username and
Expand All @@ -32,7 +34,7 @@
{
//take care of passed data
$user = sanitize_user($_GET['user']);
$pw = sanitize_paranoid_string($_GET['onepass']);//sanitize_float($_GET['onepass']);
$pw = sanitize_paranoid_string(md5($_GET['onepass']));

//check if setting $use_one_time_passwords exists in config file
if(isset($use_one_time_passwords))
Expand All @@ -41,7 +43,7 @@
if($use_one_time_passwords === false)
{
//create an error message
$loginsummary .= "<br />".$clang->gT("Data for username and one time password was received but the usage of one time passwords is disabled at your configuration settings. Please add the following line to config.php to enable one time passwords: ")."<br />";
$loginsummary = "<br />".$clang->gT("Data for username and one time password was received but the usage of one time passwords is disabled at your configuration settings. Please add the following line to config.php to enable one time passwords: ")."<br />";
$loginsummary .= '<br /><em>$use_one_time_passwords = true;</em><br />';
$loginsummary .= "<br /><br /><a href='$scriptname'>".$clang->gT("Continue")."</a><br />&nbsp;\n";
}
Expand Down Expand Up @@ -87,14 +89,10 @@
$uresult = $connect->Execute($uquery);

//data necessary for following functions
//$_POST['user'] = $srow['users_name'];
//$_POST['password'] = $srow['password'];
$_SESSION['user'] = $srow['users_name'];
$_SESSION['checksessionpost'] = randomkey(10);
$_SESSION['loginID'] = $srow['uid'];
$loginsummary = "";
GetSessionUserRights($_SESSION['loginID']);
//$adminoutput = "";

// Check if the user has changed his default password
if (strtolower($srow['password'])=='password')
Expand All @@ -109,14 +107,18 @@
//delete passed information
unset($_GET['user']);
unset($_GET['onepass']);

}
} //else -> passwords match

}
} //else -> password found

}
}
}
} //else -> one time passwords enabled

} //else -> one time passwords set

} //else -> data was passed by URL





Expand Down

0 comments on commit 141c615

Please sign in to comment.