rooty/yubikey-val
1
0
Fork 0
mirror of https://github.com/Yubico/yubikey-val.git synced 2025-02-01 10:52:18 +01:00
Code Issues Projects Releases Wiki Activity

build up the array to sign by taking $_GET or $_POST and remove the h key

Browse Source
This commit is contained in:
Klas Lindfors 2012-05-16 13:45:08 +02:00
parent fb01829487
commit 2e0dbfa2c3
1 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
ykval-verify.php
View File

@ -166,14 +166,16 @@ $apiKey = base64_decode($cd['secret']);
if ($h != '') {
// Create the signature using the API key
$a = array ();
$a['id'] = $client;
$a['otp'] = $otp;
// include timestamp,sl and timeout in signature if it exists
if ($timestamp) $a['timestamp'] = $timestamp;
if ($sl) $a['sl'] = $sl;
if ($timeout) $a['timeout'] = $timeout;
if ($nonce) $a['nonce'] = $nonce;
$a;
if($_GET) {
$a = $_GET;
} elseif($_POST) {
$a = $_POST;
} else {
sendRest(S_BACKEND_ERROR);
exit;
}
unset($a['h']);
$hmac = sign($a, $apiKey);
// Compare it