rooty/yubikey-val
1
0
Fork 0
mirror of https://github.com/Yubico/yubikey-val.git synced 2025-01-20 10:52:15 +01:00
Code Issues Projects Releases Wiki Activity

anti otp phishing

Browse Source
This commit is contained in:
Paul Chen 2008-12-03 18:27:48 +00:00
parent 150458a5ea
commit 15b2daaf19
1 changed files with 21 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
verifyOTP.php
View File

@ -140,24 +140,31 @@ if ($scDiff == 0) { // Same use session, check time stamp diff
sendResp(S_REPLAYED_OTP);
exit;
} else {
updDB($ad['id'], $decoded_token, $client);
$tsDelta = $tsDiff * TS_SEC;
debug("Timestamp OK (" . $ts . ") delta count=" . $tsDiff .
'-> delta secs=' . $tsDelta);
}
//// Check the real time
//
if ($ad['chk_time']) {
$lastTime = strtotime($ad['accessed']);
//$lastAccess = $ad['accessed'];
//echo 'Last accessed: '.$lastAccess.' '.date("F j, Y, g:i a", $lastTime)."\n";
$elapsed = time() - $lastTime;
debug('Elapsed time from last validation: ' . $elapsed . ' secs');
$deviation = abs($elapsed - $tsDelta);
debug("Key time deviation vs. real elapsed time=".$deviation.' secs');
debug("Key time deviation vs. elapsed time=".$deviation.' secs ('.
($deviation/$elapsed).'%)');
if ($deviation > TS_TOLERANCE * $elapsed) {
debug("Is the OTP generated from a real crypto key?");
sendResp(S_SECURITY_ERROR);
exit;
}
}
} // End check time stamp
//// Check the high counter
//