function computationStep($S, $numberOfOTPs) { $hash = $S; for ($i = 1; $i <= $numberOfOTPs; $i++) { $hash = __otp_hash(hash_wrapper($hash)); /////////////////////// length integrity check////////////////////////// if (strlen($hash) != 16) { error_log("computation step : __otp_hash produced strlen(hash) = " . strlen($hash)); } /////////////////////////////////////////////////////////////////////// $otpList[$i] = $hash; } return $otpList; }
$uid = get_user_id(); $otp = $_POST['form_challenge_response']; $login = $_POST['login']; /* LICENSED UNDER THE GPL */ ############################################################################################### # # if they have clicked the login button # ############################################################################################### if ($login) { // six word format test/convert if (!is_array($otp)) { $otp = explode(' ', $otp); } $cur = ivcs_transform_from($otp); $last = __otp_hash(sha1($cur)); $sequence = get_otp_seq($uid); $match = demo_compare_last_otp($sequence, $last, $uid); if (!$match) { print "<h1>Invalid OTP</h1>"; } else { // update session/auth state demo_set_last_otp($sequence + 1, $cur, $uid); //redirect to requested page header("Location: index.php"); exit; } } else { } ############################################################################################### #