Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/factor/PhabricatorTOTPAuthFactor.php
| Show First 20 Lines • Show All 195 Lines • ▼ Show 20 Lines | public static function verifyTOTPCode( | ||||
| // short period of time. | // short period of time. | ||||
| $now = (int)(time() / 30); | $now = (int)(time() / 30); | ||||
| // Allow the user to enter a code a few minutes away on either side, in | // Allow the user to enter a code a few minutes away on either side, in | ||||
| // case the server or client has some clock skew. | // case the server or client has some clock skew. | ||||
| for ($offset = -2; $offset <= 2; $offset++) { | for ($offset = -2; $offset <= 2; $offset++) { | ||||
| $real = self::getTOTPCode($key, $now + $offset); | $real = self::getTOTPCode($key, $now + $offset); | ||||
| if ($real === $code) { | if (phutil_hashes_are_identical($real, $code)) { | ||||
| return true; | return true; | ||||
| } | } | ||||
| } | } | ||||
| // TODO: After validating a code, this should mark it as used and prevent | // TODO: After validating a code, this should mark it as used and prevent | ||||
| // it from being reused. | // it from being reused. | ||||
| return false; | return false; | ||||
| ▲ Show 20 Lines • Show All 96 Lines • Show Last 20 Lines | |||||