From bc0e3fa677cc713aa12f4e9d95978c448ec631f1 Mon Sep 17 00:00:00 2001
From: Jos Groot Lipman <jos.grootlipman@aareon.nl>
Date: Thu, 17 Mar 2016 14:18:26 +0000
Subject: [PATCH] AAIT#35643 OTP/2 factor authentication

svn path=/Website/trunk/; revision=28523
---
 APPL/PRS/prs_perslid_otp_new_save.asp | 38 +++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 APPL/PRS/prs_perslid_otp_new_save.asp

diff --git a/APPL/PRS/prs_perslid_otp_new_save.asp b/APPL/PRS/prs_perslid_otp_new_save.asp
new file mode 100644
index 0000000000..c61e4090b2
--- /dev/null
+++ b/APPL/PRS/prs_perslid_otp_new_save.asp
@@ -0,0 +1,38 @@
+<%@language = "javascript" %>
+<% /*
+    $Revision$
+    $Id$
+
+    File:           prs_perslid_otp_new_save.asp.asp
+    Description:    Verifieert een temp otp-code en maakt hem eventueel definitief
+    Parameters:
+    Context:        Vanuit prs_perslid_otp_new.asp
+    Note:
+*/
+var JSON_Result = true;
+%>
+
+<!--#include file="../Shared/common.inc"-->
+<!--#include file="../Shared/login.inc"-->
+<!-- #include file="../Shared/json2.js" -->
+<%
+protectRequest.validateToken();
+
+var otp_code = getFParam("otp_code");
+var otp_secret = Session("otp_secret_temp");
+var otp_counter = -1;
+
+if (!verify_otp(otp_code, otp_secret , -1))
+    abort_with_warning(L("lcl_otp_wrong"));
+
+var sql = "UPDATE prs_perslid"
+        + "   SET prs_perslid_otpsecret = " + safe.quoted_sql(otp_secret)
+        + "     , prs_perslid_otpcounter = " + otp_counter
+        + " WHERE prs_perslid_key = " + user_key;
+Oracle.Execute(sql);
+
+var result = { success: user_key > 0, message: L("lcl_otp_saved") };
+
+Response.Write(JSON.stringify(result));
+Response.End;
+%>