Rev 10 | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 10 | Rev 11 | ||
---|---|---|---|
Line 68... | Line 68... | ||
68 | 68 | ||
69 | return $dir.'/vts_client_challenge_'.self::sha3_512_hmac($ip_target.'/'.$random, $server_secret).'.tmp'; |
69 | return $dir.'/vts_client_challenge_'.self::sha3_512_hmac($ip_target.'/'.$random, $server_secret).'.tmp'; |
70 | } |
70 | } |
71 | 71 | ||
72 | public static function checkValidation($client_response, $max_time=10, $server_secret) { |
72 | public static function checkValidation($client_response, $max_time=10, $server_secret) { |
- | 73 | if (!is_array($client_response)) throw new \Exception('Challenge response is invalid'); |
|
- | 74 | if (count($client_response) != 5) throw new \Exception('Challenge response is invalid'); |
|
73 | list($starttime, $ip_target, $challenge, $answer, $challenge_integrity) = $client_response; |
75 | list($starttime, $ip_target, $challenge, $answer, $challenge_integrity) = $client_response; |
- | 76 | if (!is_numeric($starttime)) throw new \Exception('Challenge response is invalid'); |
|
- | 77 | if (!is_string($ip_target)) throw new \Exception('Challenge response is invalid'); |
|
- | 78 | if (!is_string($challenge)) throw new \Exception('Challenge response is invalid'); |
|
- | 79 | if (!is_numeric($answer)) throw new \Exception('Challenge response is invalid'); |
|
- | 80 | if (!is_string($challenge_integrity)) throw new \Exception('Challenge response is invalid'); |
|
- | 81 | ||
74 | $open_trans_file = self::getOpenTransFileName($ip_target, $answer, $server_secret); |
82 | $open_trans_file = self::getOpenTransFileName($ip_target, $answer, $server_secret); |
75 | 83 | ||
- | 84 | $current_ip = (isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : 'unknown'); |
|
76 | if ($ip_target != $_SERVER['REMOTE_ADDR']) { |
85 | if ($ip_target != $current_ip) { |
77 | throw new \Exception('Wrong IP'); |
86 | throw new \Exception("IP address has changed. Please try again. (current IP $current_ip, expected $ip_target)"); |
78 | } else if (time()-$starttime > $max_time) { |
87 | } else if (time()-$starttime > $max_time) { |
79 | throw new \Exception('Challenge expired'); |
88 | throw new \Exception('Challenge expired. Please try again.'); |
80 | } else if ($challenge_integrity != self::sha3_512_hmac($challenge,$server_secret)) { |
89 | } else if ($challenge_integrity != self::sha3_512_hmac($challenge,$server_secret)) { |
81 | throw new \Exception('Challenge integrity failed'); |
90 | throw new \Exception('Challenge integrity failed'); |
82 | } else if ($challenge !== self::sha3_512($starttime.'/'.$ip_target.'/'.$answer)) { |
91 | } else if ($challenge !== self::sha3_512($starttime.'/'.$ip_target.'/'.$answer)) { |
83 | throw new \Exception('Wrong answer'); |
92 | throw new \Exception('Wrong answer'); |
84 | } else if (!file_exists($open_trans_file)) { |
93 | } else if (!file_exists($open_trans_file)) { |