From 178bcd43497253c2ffb35d6c3ab3456277bf4ab6 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Fri, 1 Nov 2019 10:34:31 +0300
Subject: [PATCH] auth_internal: fix OTP seed checking

---
 plugins/auth_internal/init.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/auth_internal/init.php b/plugins/auth_internal/init.php
index b9c26b3c2..638baa83a 100644
--- a/plugins/auth_internal/init.php
+++ b/plugins/auth_internal/init.php
@@ -36,7 +36,7 @@ class Auth_Internal extends Plugin implements IAuthModule {
 					$base32 = new \OTPHP\Base32();
 
 					$otp_enabled = $row['otp_enabled'];
-					$secret = $base32->encode(sha1($row['salt']));
+					$secret = $base32->encode(mb_substr(sha1($row["salt"]), 0, 12), false);
 
 					$topt = new \OTPHP\TOTP($secret);
 					$otp_check = $topt->now();