我正在使用来自https://github.com/PHPGangsta/GoogleAuthenticator的Google身份验证器包。
我对于verifyCode函数的工作原理感到很困惑,因为无论生成的代码输入是正确还是错误,它都会给我一个成功的输出。有人可以解释如何验证用户生成的代码吗?
这是我的代码:
PHP
$ga = new PHPGangsta_GoogleAuthenticator();
$secret = $ga->createSecret();
echo "Secret is: ".$secret."\n\n";
echo '<img src="' . $ga->getQRCodeGoogleUrl('BeautyStyle', $secret) . '">';
$oneCode = $ga->getCode($secret);
echo "Checking Code '$oneCode' and Secret '$secret':\n";
$checkResult = $ga->verifyCode($secret, $oneCode, 2); // 2 = 2*30sec clock tolerance
if(isset($_POST['verify']))
{
if ($checkResult)
{
echo 'Success';
}
else
{
echo 'FAILED';
echo $userinput;
}
}
HTML
<form action="" method="POST">
<table cellspacing="3px">
<tr>
<td><input required class="formfield" type="text" name="verifycode" placeholder="Code"></td></tr>
</table>
<div class="signupbutton">
<input type="submit" name="verify" value="Sign Up">
</div></form>