secret = $secret; if ($_POST["auth"]) { $_SESSION["otp"] = (string) $_POST["auth"]["otp"]; } } function loginFormField($name, $heading, $value) { if ($name == 'password') { return $heading . $value . "OTP" . "\n" ; } } function login($login, $password) { if (isset($_SESSION["otp"])) { $timeSlot = floor(time() / 30); foreach (array(0, -1, 1) as $skew) { if ($_SESSION["otp"] == $this->getOtp($timeSlot + $skew)) { restart_session(); unset($_SESSION["otp"]); stop_session(); return; } } return 'Invalid OTP.'; } } function getOtp($timeSlot) { $data = str_pad(pack('N', $timeSlot), 8, "\0", STR_PAD_LEFT); $hash = hash_hmac('sha1', $data, $this->secret, true); $offset = ord(substr($hash, -1)) & 0xF; $unpacked = unpack('N', substr($hash, $offset, 4)); return ($unpacked[1] & 0x7FFFFFFF) % 1e6; } }