$now = time(); $elapsed = $now - $lastTime; $deviation = abs($elapsed - $tsDelta); // Time delta server might verify multiple OTPS in a row. In such case validation server doesn't // have time to tick a whole second and we need to avoid division by zero. if ($elapsed != 0) { $percent = $deviation / $elapsed; } else { $percent = 1; } $myLog->log(LOG_INFO, 'Timestamp', array('seen' => $seenTs, 'this' => $ts, 'delta' => $tsDiff, 'secs' => $tsDelta, 'accessed' => sprintf('%s (%s)', $lastTime, $ad['accessed']), 'now' => sprintf('%s (%s)' . $now, date('Y-m-d H:i:s', $now)), 'elapsed' => $elapsed, 'deviation' => sprintf('%s secs or %s%%', $deviation, round(100 * $percent)))); if ($deviation > TS_ABS_TOLERANCE && $percent > TS_REL_TOLERANCE) { $myLog->log(LOG_NOTICE, 'OTP failed phishing test'); // FIXME // This was wrapped around if (0). should we nuke or enable? // sendResp(S_DELAYED_OTP, $myLog, $apiKey, $extra); } } /** * Fill up with more response parameters */ if ($protocol_version >= 2.0) { $extra['sl'] = $sl_success_rate; } if ($timestamp == 1) { $extra['timestamp'] = ($otpinfo['high'] << 16) + $otpinfo['low']; $extra['sessioncounter'] = $sessionCounter; $extra['sessionuse'] = $sessionUse; } sendResp(S_OK, $myLog, $apiKey, $extra);
/** * This is not an error. When the remote server received an OTP to verify, it would * have sent out sync requests immediately. When the required number of responses had * been received, the current implementation discards all additional responses (to * return the result to the client as soon as possible). If our response sent last * time was discarded, we will end up here when the background ykval-queue processes * the sync request again. */ $myLog->log(LOG_INFO, 'Sync request unnecessarily sent'); } if ($syncParams['modified'] != $localParams['modified'] && $syncParams['nonce'] == $localParams['nonce']) { $deltaModified = $syncParams['modified'] - $localParams['modified']; if ($deltaModified < -1 || $deltaModified > 1) { $myLog->log(LOG_WARNING, "We might have a replay. 2 events at different times have generated the same counters. The time difference is {$deltaModified} seconds"); } } if ($syncParams['nonce'] != $localParams['nonce']) { $myLog->log(LOG_WARNING, 'Remote server has received a request to validate an already validated OTP'); } } if ($localParams['active'] != 1) { /** * The remote server has accepted an OTP from a YubiKey which we would not. * We still needed to update our counters with the counters from the OTP though. */ $myLog->log(LOG_WARNING, "Received sync-request for de-activated Yubikey {$yk_publicname} - check database synchronization!!!"); sendResp(S_BAD_OTP, $myLog); } $extra = array('modified' => $localParams['modified'], 'nonce' => $localParams['nonce'], 'yk_publicname' => $yk_publicname, 'yk_counter' => $localParams['yk_counter'], 'yk_use' => $localParams['yk_use'], 'yk_high' => $localParams['yk_high'], 'yk_low' => $localParams['yk_low']); sendResp(S_OK, $myLog, '', $extra);
$myLog->log(LOG_NOTICE, 'De-activated Yubikey ' . $yk_publicname); sendResp(S_BAD_OTP, $apiKey); exit; } /* Conditional update local database */ $sync->updateDbCounters($syncParams); $myLog->log(LOG_DEBUG, 'Local params ', $localParams); $myLog->log(LOG_DEBUG, 'Sync request params ', $syncParams); # # Compare sync and local counters and generate warnings according to # # http://code.google.com/p/yubikey-val-server-php/wiki/ServerReplicationProtocol # if ($sync->countersHigherThan($localParams, $syncParams)) { $myLog->log(LOG_WARNING, 'Remote server out of sync.'); } if ($sync->countersEqual($localParams, $syncParams)) { if ($syncParams['modified'] == $localParams['modified'] && $syncParams['nonce'] == $localParams['nonce']) { $myLog->log(LOG_NOTICE, 'Sync request unnessecarily sent'); } if ($syncParams['modified'] != $localParams['modified'] && $syncParams['nonce'] == $localParams['nonce']) { $deltaModified = $syncParams['modified'] - $localParams['modified']; $myLog->log(LOG_WARNING, 'We might have a replay. 2 events at different times have generated the same counters. The time difference is ' . $deltaModified . ' seconds'); } if ($syncParams['nonce'] != $localParams['nonce']) { $myLog->log(LOG_WARNING, 'Remote server has received a request to validate an already validated OTP '); } } $extra = array('modified' => $localParams['modified'], 'nonce' => $localParams['nonce'], 'yk_publicname' => $yk_publicname, 'yk_counter' => $localParams['yk_counter'], 'yk_use' => $localParams['yk_use'], 'yk_high' => $localParams['yk_high'], 'yk_low' => $localParams['yk_low']); sendResp(S_OK, '', $extra);
$app->get('/getTimetable/:name', function ($timetable) use($app) { $dbManager = new DBManager(); //create instance of DBManager class. $db = new DbOps($dbManager); //create instance of DbOps class passing in DBManager instance. $dbManager->openConn(); //call open connection from DBManager class. $response = array(); //create response array $result = $db->getTimetable($timetable); //call get timetable from DbOps $response["error"] = false; //set response error to false $response["data"] = array('timetable' => $result); //set response data to timetable array with data sendResp(HTTPSTATUS_OK, $response); //send response $dbManager->closeConn(); //close database connection }); /* * Function to check the headers of a request for Authorization Token * * @return String Returns a message based on wether the token is valid or not. */ function headerCheck() { $headers = apache_request_headers(); //get all headers from request. //if the Auth header is not set the return invalid. if (!isset($headers["Auth"]) && $headers["Auth"] == false) {