vectorface/googleauthenticator

Google Authenticator 2-factor authentication

v3.2 2024-01-31 13:05 UTC

This package is auto-updated.

Last update: 2024-11-17 21:00:33 UTC


README

Build Status

English | 中文

This is a fork of https://github.com/PHPGangsta/GoogleAuthenticator with the following changes:

  • Uses https://github.com/endroid/qr-code to generate QR code data URIs
  • No longer generates Google's Chart API to make QR code links
  • Uses namespacing
  • Augmented test coverage to 100%
  • Bumped minimum PHP version to 8.1

Original License:

Description:

This PHP class can be used to interact with the Google Authenticator mobile app for 2-factor-authentication. This class can generate secrets, generate codes, validate codes and present a QR-Code for scanning the secret. It implements TOTP according to RFC6238

For a secure installation you have to make sure that used codes cannot be reused (replay-attack). You also need to limit the number of verifications, to fight against brute-force attacks. For example you could limit the amount of verifications to 10 tries within 10 minutes for one IP address (or IPv6 block). It depends on your environment.

Usage:

See following example:

<?php
require_once 'vendor/autoload.php';

use Vectorface\GoogleAuthenticator;

$ga = new GoogleAuthenticator();
$secret = $ga->createSecret();
echo "Secret is: {$secret}\n\n";

$qrCodeUrl = $ga->getQRCodeUrl('Admin', $secret, 'Blog');
echo "PNG Data URI for the QR-Code: {$qrCodeUrl}\n\n";

$oneCode = $ga->getCode($secret);
echo "Checking Code '$oneCode' and Secret '$secret':\n";

// 2 = 2*30sec clock tolerance
$checkResult = $ga->verifyCode($secret, $oneCode, 2);
if ($checkResult) {
    echo 'OK';
} else {
    echo 'FAILED';
}

Running the script provides output similar to:

Secret is: OQB6ZZGYHCPSX4AK

PNG Data URI for the QR-Code: data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAARgAAAEYCAIAAAAI[snipped]

Checking Code '848634' and Secret 'OQB6ZZGYHCPSX4AK':
OK

Installation:

composer require vectorface/googleauthenticator

Run Tests:

  • All tests are inside tests folder.
  • Execute composer install to prepare your environment.
  • Run composer test from the project root directory.