From 178bcd43497253c2ffb35d6c3ab3456277bf4ab6 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Fri, 1 Nov 2019 10:34:31 +0300 Subject: [PATCH] auth_internal: fix OTP seed checking --- plugins/auth_internal/init.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/auth_internal/init.php b/plugins/auth_internal/init.php index b9c26b3c2..638baa83a 100644 --- a/plugins/auth_internal/init.php +++ b/plugins/auth_internal/init.php @@ -36,7 +36,7 @@ class Auth_Internal extends Plugin implements IAuthModule { $base32 = new \OTPHP\Base32(); $otp_enabled = $row['otp_enabled']; - $secret = $base32->encode(sha1($row['salt'])); + $secret = $base32->encode(mb_substr(sha1($row["salt"]), 0, 12), false); $topt = new \OTPHP\TOTP($secret); $otp_check = $topt->now();