/** * Verify HOTP token honouring window * @param string $key Secret Key * @param int $otp OTP supplied by user * @param int|boolean $counter Counter, if false timestamp is used * @return boolean|int */ function verify_hotp($key, $otp, $counter = false) { if (oath_hotp($key, $counter) == $otp) { return true; } else { if ($counter === false) { //TimeBased HOTP requires lookbehind and lookahead. $counter = floor(microtime(true) / keyInterval); $initcount = $counter - (otpWindow + 1) * keyInterval; $endcount = $counter + otpWindow * keyInterval; $totp = true; } else { //Counter based HOTP only has lookahead, not lookbehind. $initcount = $counter - 1; $endcount = $counter + otpWindow; $totp = false; } while (++$initcount <= $endcount) { if (oath_hotp($key, $initcount) == $otp) { if (!$totp) { return $initcount; } else { return true; } } } } return false; }
/** * Verify HOTP token honouring window * @param string $key Secret Key * @param int $otp OTP supplied by user * @param int|boolean $counter Counter, if false timestamp is used * @return boolean|int */ function verify_hotp($key, $otp, $counter = false) { if (oath_hotp($key, $counter) == $otp) { return true; } else { if ($counter === false) { //TimeBased HOTP requires lookbehind and lookahead. $counter = floor(microtime(true) / KEY_INTERVAL); $initcount = $counter - (OTP_WINDOW + 1) * KEY_INTERVAL; $endcount = $counter + OTP_WINDOW * KEY_INTERVAL; $totp = true; } else { //Counter based HOTP only has lookahead, not lookbehind. $initcount = $counter - 1; $endcount = $counter + OTP_WINDOW; $totp = false; } while (++$initcount <= $endcount) { if (oath_hotp($key, $initcount) == $otp) { if (!$totp) { return $initcount; } else { return true; } } } } return false; }