From 6dc200ad484d6aab73e77a639f074e9eea9c37de Mon Sep 17 00:00:00 2001 From: Paul Chen Date: Wed, 3 Dec 2008 18:41:02 +0000 Subject: [PATCH] anti otp phishing --- verifyOTP.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/verifyOTP.php b/verifyOTP.php index ec3fc10..5497a96 100644 --- a/verifyOTP.php +++ b/verifyOTP.php @@ -156,8 +156,9 @@ if ($scDiff == 0) { // Same use session, check time stamp diff $elapsed = time() - $lastTime; debug('Elapsed time from last validation: ' . $elapsed . ' secs'); $deviation = abs($elapsed - $tsDelta); + $percent = truncate($deviation/$elapsed, 8) . '%'; debug("Key time deviation vs. elapsed time=".$deviation.' secs ('. - ($deviation/$elapsed).'%)'); + $percent.')'); if ($deviation > TS_TOLERANCE * $elapsed) { debug("Is the OTP generated from a real crypto key?"); sendResp(S_SECURITY_ERROR);