/**
* Verify HOTP token honouring window
* @param string $key Secret Key
* @param int $otp OTP supplied by user
* @param int|boolean $counter Counter, if false timestamp is used
* @return boolean|int
*/
function verify_hotp($key, $otp, $counter = false)
{
if (oath_hotp($key, $counter) == $otp) {
return true;
} else {
if ($counter === false) {
//TimeBased HOTP requires lookbehind and lookahead.
$counter = floor(microtime(true) / keyInterval);
$initcount = $counter - (otpWindow + 1) * keyInterval;
$endcount = $counter + otpWindow * keyInterval;
$totp = true;
} else {
//Counter based HOTP only has lookahead, not lookbehind.
$initcount = $counter - 1;
$endcount = $counter + otpWindow;
$totp = false;
}
while (++$initcount <= $endcount) {
if (oath_hotp($key, $initcount) == $otp) {
if (!$totp) {
return $initcount;
} else {
return true;
}
}
}
}
return false;
}
/**
* Verify HOTP token honouring window
* @param string $key Secret Key
* @param int $otp OTP supplied by user
* @param int|boolean $counter Counter, if false timestamp is used
* @return boolean|int
*/
function verify_hotp($key, $otp, $counter = false)
{
if (oath_hotp($key, $counter) == $otp) {
return true;
} else {
if ($counter === false) {
//TimeBased HOTP requires lookbehind and lookahead.
$counter = floor(microtime(true) / KEY_INTERVAL);
$initcount = $counter - (OTP_WINDOW + 1) * KEY_INTERVAL;
$endcount = $counter + OTP_WINDOW * KEY_INTERVAL;
$totp = true;
} else {
//Counter based HOTP only has lookahead, not lookbehind.
$initcount = $counter - 1;
$endcount = $counter + OTP_WINDOW;
$totp = false;
}
while (++$initcount <= $endcount) {
if (oath_hotp($key, $initcount) == $otp) {
if (!$totp) {
return $initcount;
} else {
return true;
}
}
}
}
return false;
}
