verifyCode

Question

verifyCode

svanlaere opened this issue 7 years ago · comments

S. van Laere commented 7 years ago

verifyCode allways returns false in my code.
What I did:

Store secret in session
Use session secret to Display QR image while also displaying the code using getCode()
Submit form with the entered code
verifyCode allways return false

Any idea what could be the problem?

Rob Janssen · Answer 1 · Fri Feb 17 2017 08:56:02 GMT+0800 (China Standard Time)

First guess would be your time being off / timezone being incorrect (see #16 which, unfortunately, is in Dutch but Google Translate may help). If that's absolutely ruled out then I'd check if the value passed to verifyCode() is correct, the value stored in the session is correct etc. and start debugging from there.

S. van Laere · Answer 2 · Fri Feb 17 2017 09:31:47 GMT+0800 (China Standard Time)

I'm a Dutch native :)

Current time(): 1487294677
Result:
GMT: Fri, 17 Feb 2017 01:24:37 GMT
Your time zone: vrijdag 17 februari 2017 1:24:37 GMT+0:00

Seems fine to me.

Double checked the values passed but i'm sure its correct.

Rob Janssen · Answer 3 · Fri Feb 17 2017 17:22:53 GMT+0800 (China Standard Time)

Does the demo work for you? Or the unittests?
Can you show your (relevant parts of!) the code?

S. van Laere · Answer 4 · Fri Feb 17 2017 19:36:36 GMT+0800 (China Standard Time)

Your demo works fine, in fact I found out why it did not work for me.
I used filter_var but hash_equals requires a string:
$code = filter_var($code, FILTER_VALIDATE_INT);

Rob Janssen · Answer 5 · Fri Feb 17 2017 21:08:52 GMT+0800 (China Standard Time)

Ah, that makes sense 😉
Just because a string (usually) only contains numbers doesn't mean it can be converted to an int 😉 Remember that it's perfectly possible to get a code like 012345 where the leading 0 is still required/important. Converting to an int will loose the leading 0.