This repository has been archived by the owner on Sep 27, 2024. It is now read-only.
forked from rchouinard/rych-otp
-
Notifications
You must be signed in to change notification settings - Fork 0
/
HOTP.php
71 lines (62 loc) · 1.89 KB
/
HOTP.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
<?php
/**
* Ryan's OATH-OTP Library
*
* @package Rych\OTP
* @author Ryan Chouinard <[email protected]>
* @copyright Copyright (c) 2013, Ryan Chouinard
* @license MIT License - http://www.opensource.org/licenses/mit-license.php
*/
namespace Rych\OTP;
/**
* RFC-4226 HMAC-Based One-Time Passwords
*
* @package Rych\OTP
* @author Ryan Chouinard <[email protected]>
* @copyright Copyright (c) 2013, Ryan Chouinard
* @license MIT License - http://www.opensource.org/licenses/mit-license.php
*/
class HOTP extends AbstractOTP
{
/**
* @var integer
*/
protected $lastValidCounterOffset;
/**
* Get the counter offset value of the last valid counter value
*
* Useful to determine how far ahead the client counter is of the server
* value. Returned value will be between 0 and the configured window value.
* A return value of null indicates that the last counter verification
* failed.
*
* @return integer Returns the offset of the last valid counter value.
*/
public function getLastValidCounterOffset()
{
return $this->lastValidCounterOffset;
}
/**
* Validate an OTP
*
* @param string $otp The OTP value.
* @param integer $counter The counter value. Defaults to 0.
* @return boolean Returns true if the supplied counter value is valid
* within the configured counter window, false otherwise.
*/
public function validate($otp, $counter = 0)
{
$window = $this->getWindow();
$valid = false;
$offset = null;
for ($current = $counter; $current <= $counter + $window; ++$current) {
if ($otp == $this->calculate($current)) {
$valid = true;
$offset = $current - $counter;
break;
}
}
$this->lastValidCounterOffset = $offset;
return $valid;
}
}