private function PHPGangsta_GoogleAuthenticator::timingSafeEquals in TFA Basic plugins 7

A timing safe equals comparison more info here: http://blog.ircmaxell.com/2014/11/its-all-about-time.html.

Parameters

string $safeString The internal (safe) value to be checked:

string $userString The user submitted (unsafe) value:

Return value

bool True if the two strings are identical

1 call to PHPGangsta_GoogleAuthenticator::timingSafeEquals()

PHPGangsta_GoogleAuthenticator::verifyCode in includes/googleauthenticator/GoogleAuthenticator.php

Check if the code is correct. This will accept codes starting from $discrepancy*30sec ago to $discrepancy*30sec from now.

File

includes/googleauthenticator/GoogleAuthenticator.php, line 231

Class

PHPGangsta_GoogleAuthenticator

PHP Class for handling Google Authenticator 2-factor authentication.

Code

private function timingSafeEquals($safeString, $userString) {
  if (function_exists('hash_equals')) {
    return hash_equals($safeString, $userString);
  }
  $safeLen = strlen($safeString);
  $userLen = strlen($userString);
  if ($userLen != $safeLen) {
    return false;
  }
  $result = 0;
  for ($i = 0; $i < $userLen; ++$i) {
    $result |= ord($safeString[$i]) ^ ord($userString[$i]);
  }

  // They are only identical strings if $result is exactly 0...
  return $result === 0;
}