Ive been reading a lot about the Yubikey the last week and found a PDF slideshow that listed a URL accessing the API in a simple manner so I produced this PHP code using it :
Code:
<?php
$otp = "cccccccvfckdvfblijjfctibtlrbejjddjiligvbkevu"; // OTP from Yubikey
$yubikeyid = substr($otp, 0, 12); // Grab first 12 chars for unique userid
$apiserver1 = "https://api.yubico.com/wsapi/verify?id=1&otp="; // Yubico API server
$serverresponse = file_get_contents($apiserver1 . $otp); // Access server using concat string of URL plus OTP
$pos = strpos($serverresponse, "status=OK"); // Check the server response for "status=ok"
if ($pos === false) { // If the string is not returned there is an error
echo "$yubikeyid - Invalid<BR><BR> - $serverresponse";
} else { // Else the string was found and the Yubikey is valid, now check the userid etc...
echo "$yubikeyid - OK<BR><BR> - $serverresponse";
}
?>
Is this too simplistic / a bad idea?
Thanks
R.
Login
FAQ
Search
