KD2 Framework  Check-in [3f75a9f2eb]

Overview
Comment:Fix OTP issues with code beginning with a zero
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | 7.3
Files: files | file ages | folders
SHA1: 3f75a9f2ebc7e7ff31f9e51728cc7b2cec1076a6
User & Date: bohwaz on 2022-03-04 21:57:50
Other Links: branch diff | manifest | tags
Context
2022-03-08
01:45
Fix bugs and improve code editor handling of indentation and brackets, thanks @zou check-in: d5b36b51c2 user: bohwaz tags: 7.3
2022-03-04
21:57
Fix OTP issues with code beginning with a zero check-in: 3f75a9f2eb user: bohwaz tags: 7.3
2022-02-26
10:24
Return DB_Exception when a statement fails check-in: 9d2f348513 user: bohwaz tags: 7.3
Changes

Modified src/lib/KD2/Security_OTP.php from [9c550d108c] to [727cdc094e].

104
105
106
107
108
109
110

111
112
113
114
115
116
117
118
		$offset = ord($hmac[19]) & 0xf;

		$code = (ord($hmac[$offset+0]) & 0x7F) << 24 |
			(ord($hmac[$offset + 1]) & 0xFF) << 16 |
			(ord($hmac[$offset + 2]) & 0xFF) << 8 |
			(ord($hmac[$offset + 3]) & 0xFF);


		return (string) ($code % pow(10, $digits));
	}

	/**
	 * Time based One-time password (RFC 6238)
	 *
	 * Compatible with Google Authenticator
	 *







>
|







104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
		$offset = ord($hmac[19]) & 0xf;

		$code = (ord($hmac[$offset+0]) & 0x7F) << 24 |
			(ord($hmac[$offset + 1]) & 0xFF) << 16 |
			(ord($hmac[$offset + 2]) & 0xFF) << 8 |
			(ord($hmac[$offset + 3]) & 0xFF);

		$pattern = sprintf('%%%02dd', $digits); // eg. %06d
		return (string) sprintf($pattern, ($code % pow(10, $digits)));
	}

	/**
	 * Time based One-time password (RFC 6238)
	 *
	 * Compatible with Google Authenticator
	 *
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176

			// Will check previous and following codes, in case of time drift
			$start = $counter - $drift;
			$end = $counter + $drift;

			for ($i = $start; $i <= $end; $i++)
			{
				if (hash_equals(self::HOTP($secret, $i, null, $digits, $digest), $code))
				{
					return true;
				}
			}

			return false;
		}







|







163
164
165
166
167
168
169
170
171
172
173
174
175
176
177

			// Will check previous and following codes, in case of time drift
			$start = $counter - $drift;
			$end = $counter + $drift;

			for ($i = $start; $i <= $end; $i++)
			{
				if (hash_equals(self::HOTP($secret, $i, null, $digits, $digest), (string) $code))
				{
					return true;
				}
			}

			return false;
		}