$now = time();
$elapsed = $now - $lastTime;
$deviation = abs($elapsed - $tsDelta);
// Time delta server might verify multiple OTPS in a row. In such case validation server doesn't
// have time to tick a whole second and we need to avoid division by zero.
if ($elapsed != 0) {
$percent = $deviation / $elapsed;
} else {
$percent = 1;
}
$myLog->log(LOG_INFO, 'Timestamp', array('seen' => $seenTs, 'this' => $ts, 'delta' => $tsDiff, 'secs' => $tsDelta, 'accessed' => sprintf('%s (%s)', $lastTime, $ad['accessed']), 'now' => sprintf('%s (%s)' . $now, date('Y-m-d H:i:s', $now)), 'elapsed' => $elapsed, 'deviation' => sprintf('%s secs or %s%%', $deviation, round(100 * $percent))));
if ($deviation > TS_ABS_TOLERANCE && $percent > TS_REL_TOLERANCE) {
$myLog->log(LOG_NOTICE, 'OTP failed phishing test');
// FIXME
// This was wrapped around if (0). should we nuke or enable?
// sendResp(S_DELAYED_OTP, $myLog, $apiKey, $extra);
}
}
/**
* Fill up with more response parameters
*/
if ($protocol_version >= 2.0) {
$extra['sl'] = $sl_success_rate;
}
if ($timestamp == 1) {
$extra['timestamp'] = ($otpinfo['high'] << 16) + $otpinfo['low'];
$extra['sessioncounter'] = $sessionCounter;
$extra['sessionuse'] = $sessionUse;
}
sendResp(S_OK, $myLog, $apiKey, $extra);
/**
* This is not an error. When the remote server received an OTP to verify, it would
* have sent out sync requests immediately. When the required number of responses had
* been received, the current implementation discards all additional responses (to
* return the result to the client as soon as possible). If our response sent last
* time was discarded, we will end up here when the background ykval-queue processes
* the sync request again.
*/
$myLog->log(LOG_INFO, 'Sync request unnecessarily sent');
}
if ($syncParams['modified'] != $localParams['modified'] && $syncParams['nonce'] == $localParams['nonce']) {
$deltaModified = $syncParams['modified'] - $localParams['modified'];
if ($deltaModified < -1 || $deltaModified > 1) {
$myLog->log(LOG_WARNING, "We might have a replay. 2 events at different times have generated the same counters. The time difference is {$deltaModified} seconds");
}
}
if ($syncParams['nonce'] != $localParams['nonce']) {
$myLog->log(LOG_WARNING, 'Remote server has received a request to validate an already validated OTP');
}
}
if ($localParams['active'] != 1) {
/**
* The remote server has accepted an OTP from a YubiKey which we would not.
* We still needed to update our counters with the counters from the OTP though.
*/
$myLog->log(LOG_WARNING, "Received sync-request for de-activated Yubikey {$yk_publicname} - check database synchronization!!!");
sendResp(S_BAD_OTP, $myLog);
}
$extra = array('modified' => $localParams['modified'], 'nonce' => $localParams['nonce'], 'yk_publicname' => $yk_publicname, 'yk_counter' => $localParams['yk_counter'], 'yk_use' => $localParams['yk_use'], 'yk_high' => $localParams['yk_high'], 'yk_low' => $localParams['yk_low']);
sendResp(S_OK, $myLog, '', $extra);
$myLog->log(LOG_NOTICE, 'De-activated Yubikey ' . $yk_publicname);
sendResp(S_BAD_OTP, $apiKey);
exit;
}
/* Conditional update local database */
$sync->updateDbCounters($syncParams);
$myLog->log(LOG_DEBUG, 'Local params ', $localParams);
$myLog->log(LOG_DEBUG, 'Sync request params ', $syncParams);
#
# Compare sync and local counters and generate warnings according to
#
# http://code.google.com/p/yubikey-val-server-php/wiki/ServerReplicationProtocol
#
if ($sync->countersHigherThan($localParams, $syncParams)) {
$myLog->log(LOG_WARNING, 'Remote server out of sync.');
}
if ($sync->countersEqual($localParams, $syncParams)) {
if ($syncParams['modified'] == $localParams['modified'] && $syncParams['nonce'] == $localParams['nonce']) {
$myLog->log(LOG_NOTICE, 'Sync request unnessecarily sent');
}
if ($syncParams['modified'] != $localParams['modified'] && $syncParams['nonce'] == $localParams['nonce']) {
$deltaModified = $syncParams['modified'] - $localParams['modified'];
$myLog->log(LOG_WARNING, 'We might have a replay. 2 events at different times have generated the same counters. The time difference is ' . $deltaModified . ' seconds');
}
if ($syncParams['nonce'] != $localParams['nonce']) {
$myLog->log(LOG_WARNING, 'Remote server has received a request to validate an already validated OTP ');
}
}
$extra = array('modified' => $localParams['modified'], 'nonce' => $localParams['nonce'], 'yk_publicname' => $yk_publicname, 'yk_counter' => $localParams['yk_counter'], 'yk_use' => $localParams['yk_use'], 'yk_high' => $localParams['yk_high'], 'yk_low' => $localParams['yk_low']);
sendResp(S_OK, '', $extra);
$app->get('/getTimetable/:name', function ($timetable) use($app) {
$dbManager = new DBManager();
//create instance of DBManager class.
$db = new DbOps($dbManager);
//create instance of DbOps class passing in DBManager instance.
$dbManager->openConn();
//call open connection from DBManager class.
$response = array();
//create response array
$result = $db->getTimetable($timetable);
//call get timetable from DbOps
$response["error"] = false;
//set response error to false
$response["data"] = array('timetable' => $result);
//set response data to timetable array with data
sendResp(HTTPSTATUS_OK, $response);
//send response
$dbManager->closeConn();
//close database connection
});
/*
* Function to check the headers of a request for Authorization Token
*
* @return String Returns a message based on wether the token is valid or not.
*/
function headerCheck()
{
$headers = apache_request_headers();
//get all headers from request.
//if the Auth header is not set the return invalid.
if (!isset($headers["Auth"]) && $headers["Auth"] == false) {
