public function oath_hotp($key, $counter)
{
if (strlen($key) < 8) {
throw new Exception('Secret key is too short. Must be at least 16 base 32 characters');
}
$bin_counter = pack('N*', 0) . pack('N*', $counter);
// Counter must be 64-bit int
$hash = hash_hmac('sha1', $bin_counter, $key, true);
return str_pad(self::oath_truncate($hash), self::OTPLENGTH, '0', STR_PAD_LEFT);
}
$binarySeed = self::base32_decode($b32seed); for ($ts = $timeStamp - $window; $ts <= $timeStamp + $window; $ts++) { if (self::oath_hotp($binarySeed, $ts) == $key) { return true; } } return false; } public static function oath_truncate($hash) { $offset = ord($hash[19]) & 0xf; return ((ord($hash[$offset + 0]) & 0x7f) << 24 | (ord($hash[$offset + 1]) & 0xff) << 16 | (ord($hash[$offset + 2]) & 0xff) << 8 | ord($hash[$offset + 3]) & 0xff) % pow(10, self::otpLength); } } $InitalizationKey = "SMARTCUBEDEEPERA"; // Set the inital key $TimeStamp = Google2FA::get_timestamp(); $secretkey = Google2FA::base32_decode($InitalizationKey); // Decode it into binary $otp = Google2FA::oath_hotp($secretkey, $TimeStamp); // Get current token //echo("Init key: $InitalizationKey\n"); //echo("Timestamp: $TimeStamp\n"); //echo("One time password: $otp\n"); // Use this to verify a key as it allows for some time drift. $result = Google2FA::verify_key($InitalizationKey, $_GET["password"]); if ($result) { echo "true"; } else { echo "false"; }