D3Public/oxtotp
8
0
Fork 1
Code Pull Requests Releases Activity

use confkey for encrypting instead of fragile user password

Browse Source
This commit is contained in:
Daniel Seifert
2018-10-22 12:10:43 +02:00
parent 96057b594a
commit 58fb0cb803
6 changed files with 16 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/Modules/Application/Controller/Admin/d3_totp_LoginController.php
View File

@ -41,7 +41,6 @@ class d3_totp_LoginController extends d3_totp_LoginController_parent
if ($auth
&& $totp->isActive()
&& false == Registry::getSession()->getVariable(d3totp::TOTP_SESSION_VARNAME)
&& Registry::getSession()->hasVariable('pwdTransmit')
) {
// set auth as secured parameter;
Registry::getSession()->setVariable("auth", $auth);
@ -63,10 +62,6 @@ class d3_totp_LoginController extends d3_totp_LoginController_parent
$totp = oxNew(d3totp::class);
$totp->loadByUserId(Registry::getSession()->getVariable("auth"));
if (Registry::getRequest()->getRequestParameter('pwd')) {
Registry::getSession()->setVariable('pwdTransmit', Registry::getRequest()->getRequestParameter('pwd'));
}
$return = 'login';
try {
@ -74,7 +69,6 @@ class d3_totp_LoginController extends d3_totp_LoginController_parent
$return = parent::checklogin();
} elseif ($this->hasValidTotp($sTotp, $totp)) {
Registry::getSession()->setVariable(d3totp::TOTP_SESSION_VARNAME, $sTotp);
Registry::getSession()->deleteVariable('pwdTransmit');
$return = "admin_start";
}
} catch (d3totp_wrongOtpException $oEx) {