Fix readme and added HTTPS validation

northox · Jan 23, 2012 · ca022ce · ca022ce
1 parent 75c0d97
commit ca022ce
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -10,7 +10,7 @@ PEAR and Curl module are required.
 2. Add the plugin in your config file (config/main.inc.php). In this case the plugin directory name is 'yubikey_authentication':
 
     `$rcmail_config['plugins'] = array('yubikey_authentication');`
-3. Set your API keys by visiting https://api.yubico.com/get-api-key/
+3. Set your API keys in config.inc.php by visiting https://api.yubico.com/get-api-key/
 
     `$rcmail_config['yubikey_api_id'] = '';  
     $rcmail_config['yubikey_api_key'] = '';`
@@ -19,10 +19,10 @@ PEAR and Curl module are required.
   1. Ensure "Require Yubikey OTP" is checked
   2. Set your "Yubikey ID" by simply pressing on your yubikey (only the first 12 chars will be used).
 
-5. Test your installation
+5. Test your installation. Your done!
 
 # Security
-Validation of the token is done via HMAC authentication (SHA1).
+Validation of the token is done via HMAC authentication (SHA1) over HTTPS.
 
 # License
 GPL2

diff --git a/yubikey_authentication.php b/yubikey_authentication.php
@@ -64,7 +64,7 @@ function login_after($args)
             } 
             else {
                 // Check the OTP against Yubikey webservice
-                $yubi = new Auth_Yubico(rcmail::get_instance()->config->get('yubikey_api_id'), rcmail::get_instance()->config->get('yubikey_api_key'), true);
+                $yubi = new Auth_Yubico(rcmail::get_instance()->config->get('yubikey_api_id'), rcmail::get_instance()->config->get('yubikey_api_key'), true, true);
                 $auth = $yubi->verify($yubikey_otp);
 
                 if (PEAR::isError($auth)) {