rooty/yubikey-val
1
0
Fork 0
mirror of https://github.com/Yubico/yubikey-val.git synced 2025-02-01 10:52:18 +01:00
Code Issues Projects Releases Wiki Activity

build up the array to sign by taking $_GET or $_POST and remove the h key

Browse Source
This commit is contained in:
Klas Lindfors 2012-05-16 13:45:08 +02:00
parent fb01829487
commit 2e0dbfa2c3
1 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
ykval-verify.php
View File

@ -166,14 +166,16 @@ $apiKey = base64_decode($cd['secret']);
if ($h != '') { if ($h != '') {
// Create the signature using the API key // Create the signature using the API key
$a = array (); $a;
$a['id'] = $client; if($_GET) {
$a['otp'] = $otp; $a = $_GET;
// include timestamp,sl and timeout in signature if it exists } elseif($_POST) {
if ($timestamp) $a['timestamp'] = $timestamp; $a = $_POST;
if ($sl) $a['sl'] = $sl; } else {
if ($timeout) $a['timeout'] = $timeout; sendRest(S_BACKEND_ERROR);
if ($nonce) $a['nonce'] = $nonce; exit;
}
unset($a['h']);
$hmac = sign($a, $apiKey); $hmac = sign($a, $apiKey);
// Compare it // Compare it