Skip to content

Commit

Permalink
Reduce TOTP refresh window
Browse files Browse the repository at this point in the history 
Prevent giving a large window for the validity of single OTP codes

Signed-off-by: Shitiz Garg <[email protected]>
  • Loading branch information
@Dragooon
Dragooon committed Dec 5, 2014
1 parent 183e821 commit 23a8ba3
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion Sources/LogInOut.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -407,7 +407,7 @@ function LoginTFA()
$member = $context['tfa_member'];

$totp = new \TOTP\Auth($member['tfa_secret']);
$totp->setRange(15);
$totp->setRange(1);

if (!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest')
{
Expand Down
2 changes: 1 addition & 1 deletion Sources/Profile-Modify.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3996,7 +3996,7 @@ function tfasetup($memID)
{
$code = $_POST['tfa_code'];
$totp = new \TOTP\Auth($_SESSION['tfa_secret']);
$totp->setRange(15);
$totp->setRange(1);
$valid_password = hash_verify_password($user_settings['member_name'], trim($_POST['passwd']), $user_settings['passwd']);
$valid_code = strlen($code) == $totp->getCodeLength() && $totp->validateCode($code);

Expand Down

0 comments on commit 23a8ba3

Please sign in to comment.