1 files changed, 10 insertions, 2 deletions

diff --git a/demo/demo.php b/demo/demo.php
index baf1570..996dd92 100644
--- a/demo/demo.php
+++ b/demo/demo.php
@@ -8,13 +8,13 @@
         <?php
         require_once 'loader.php';
         Loader::register('../lib','RobThree\\Auth');
-        
+
         use \RobThree\Auth\TwoFactorAuth;
 
         $tfa = new TwoFactorAuth('MyApp');
 
         echo '<li>First create a secret and associate it with a user';
-        $secret = $tfa->createSecret();
+        $secret = $tfa->createSecret(160);  // Though the default is an 80 bits secret (for backwards compatibility reasons) we recommend creating 160+ bits secrets (see RFC 4226 - Algorithm Requirements)
         echo '<li>Next create a QR code and let the user scan it:<br><img src="' . $tfa->getQRCodeImageAsDataUri('My label', $secret) . '"><br>...or display the secret to the user for manual entry: ' . chunk_split($secret, 4, ' ');
         $code = $tfa->getCode($secret);
         echo '<li>Next, have the user verify the code; at this time the code displayed by a 2FA-app would be: <span style="color:#00c">' . $code . '</span> (but that changes periodically)';
@@ -23,5 +23,13 @@
         ?>
     </ol>
     <p>Note: Make sure your server-time is <a href="http://en.wikipedia.org/wiki/Network_Time_Protocol">NTP-synced</a>! Depending on the $discrepancy allowed your time cannot drift too much from the users' time!</p>
+    <?php
+    try {
+        $tfa->ensureCorrectTime();
+        echo 'Your hosts time seems to be correct / within margin';
+    } catch (RobThree\Auth\TwoFactorAuthException $ex) {
+        echo '<b>Warning:</b> Your hosts time seems to be off: ' . $ex->getMessage();
+    }
+    ?>
 </body>
 </html>