diff options
| author | Christian Riesen <chris.riesen@gmail.com> | 2012-06-16 16:27:48 +0200 |
|---|---|---|
| committer | Christian Riesen <chris.riesen@gmail.com> | 2012-06-16 16:27:48 +0200 |
| commit | 2fea54288f85c87f9ea97fda67a8e4e8460f44cc (patch) | |
| tree | 7303f09937b0b0dccdac9c5033cec626b9382d1d /example/index.php | |
| parent | e479274944c385945eb14060f95806222faa7755 (diff) | |
| download | otp-2fea54288f85c87f9ea97fda67a8e4e8460f44cc.zip otp-2fea54288f85c87f9ea97fda67a8e4e8460f44cc.tar.gz otp-2fea54288f85c87f9ea97fda67a8e4e8460f44cc.tar.bz2 | |
Added example
Diffstat (limited to 'example/index.php')
| -rw-r--r-- | example/index.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/example/index.php b/example/index.php index 75bb0e6..d4a789c 100644 --- a/example/index.php +++ b/example/index.php @@ -14,6 +14,7 @@ use Otp\Base32; use Otp\GoogleAuthenticator; // Getting a secret, either by generating or from storage +// DON'T use sessions as storage for this in production!!! $secret = 0; if (isset($_SESSION['otpsecret'])) { @@ -82,6 +83,10 @@ if (isset($_POST['otpkey'])) { // to use it here! if ($otp->checkTotp(Base32::decode($secret), $key)) { echo 'Key correct!'; + // Add here something that makes note of this key and will not allow + // the use of it, for this user for the next 2 minutes. This way you + // prevent a replay attack. Otherwise your OTP is missing one of the + // key features it can bring in security to your application! } else { echo 'Wrong key!'; } |