Overview
Comment: | Fix OTP issues with code beginning with a zero |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | 7.3 |
Files: | files | file ages | folders |
SHA1: |
3f75a9f2ebc7e7ff31f9e51728cc7b2c |
User & Date: | bohwaz on 2022-03-04 21:57:50 |
Other Links: | branch diff | manifest | tags |
Context
2022-03-08
| ||
01:45 | Fix bugs and improve code editor handling of indentation and brackets, thanks @zou check-in: d5b36b51c2 user: bohwaz tags: 7.3 | |
2022-03-04
| ||
21:57 | Fix OTP issues with code beginning with a zero check-in: 3f75a9f2eb user: bohwaz tags: 7.3 | |
2022-02-26
| ||
10:24 | Return DB_Exception when a statement fails check-in: 9d2f348513 user: bohwaz tags: 7.3 | |
Changes
Modified src/lib/KD2/Security_OTP.php from [9c550d108c] to [727cdc094e].
︙ | ︙ | |||
104 105 106 107 108 109 110 | $offset = ord($hmac[19]) & 0xf; $code = (ord($hmac[$offset+0]) & 0x7F) << 24 | (ord($hmac[$offset + 1]) & 0xFF) << 16 | (ord($hmac[$offset + 2]) & 0xFF) << 8 | (ord($hmac[$offset + 3]) & 0xFF); | > | | 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 | $offset = ord($hmac[19]) & 0xf; $code = (ord($hmac[$offset+0]) & 0x7F) << 24 | (ord($hmac[$offset + 1]) & 0xFF) << 16 | (ord($hmac[$offset + 2]) & 0xFF) << 8 | (ord($hmac[$offset + 3]) & 0xFF); $pattern = sprintf('%%%02dd', $digits); // eg. %06d return (string) sprintf($pattern, ($code % pow(10, $digits))); } /** * Time based One-time password (RFC 6238) * * Compatible with Google Authenticator * |
︙ | ︙ | |||
162 163 164 165 166 167 168 | // Will check previous and following codes, in case of time drift $start = $counter - $drift; $end = $counter + $drift; for ($i = $start; $i <= $end; $i++) { | | | 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 | // Will check previous and following codes, in case of time drift $start = $counter - $drift; $end = $counter + $drift; for ($i = $start; $i <= $end; $i++) { if (hash_equals(self::HOTP($secret, $i, null, $digits, $digest), (string) $code)) { return true; } } return false; } |
︙ | ︙ |