jp3cki/totp

RFC 6238 / TOTP: Time-Based One-Time Password Algorithm

v3.0.0 2024-06-24 03:22 UTC

This package is auto-updated.

Last update: 2024-12-24 04:35:34 UTC


README

PHP implementation of RFC6238 (TOTP: Time-Based One-Time Password Algorithm).

License Latest Stable Version CI

Requirements

  • PHP (64-bits): PHP 8.1 or later
  • PHP Extensions: hash

Install

  1. Set up Composer, the de facto standard package manager.
  2. php composer.phar require jp3cki/totp

Usage

<?php

declare(strict_types=1);

use jp3cki\totp\Totp;

require_once('vendor/autoload.php');

// Generate new shared-secret key (for each user)
$secret = Totp::generateKey();
echo "secret: {$secret}\n";
echo "\n";

// Make URI for importing from QRCode.
$uri = Totp::createKeyUriForGoogleAuthenticator($secret, 'theuser@example.com', 'Issuer Name');
echo "uri: {$uri}\n";
echo "\n";

// Verify user input
$userInput = '123456'; // $_POST['totp']
$isValid = Totp::verify($userInput, $secret, time());
var_dump($isValid);

License

The MIT License.

Copyright (c) 2015-2024 AIZAWA Hina <hina@fetus.jp>

Contributing

Patches and/or report issues are welcome.

  • Please create new branch for each issue or feature. (should not work in master branch)
  • Please write and run test. $ make test
  • Please run check-style for static code analysis and coding rule checking. $ make check-style
  • Please clean up commits.
  • Please create new pull-request for each issue or feature.
  • Please use Japanese or very simple English to create new pull-request or issue.

Breaking Changes

  • v3.0.0

    • Minimum environment is now PHP 8.1
  • v2.0.0

    • Minimum environment is now PHP 7.2
    • Argument types are now strictly enforced
    • Removed Random::generate*(). Always use random_bytes() now.