wccplatform / otphp
A PHP library for generating one time passwords according to RFC 4226 (HOTP Algorithm) and the RFC 6238 (TOTP Algorithm) and compatible with Google Authenticator
Requires
- php: ^7.1
- beberlei/assert: ^2.4
- paragonie/constant_time_encoding: ^2.0
Requires (Dev)
- phpunit/phpunit: ^6.0
- satooshi/php-coveralls: ^1.0
- v10.0.x-dev
- dev-master / 10.0.x-dev
- v9.1.0
- v9.0.x-dev
- v9.0.3
- v9.0.2
- v9.0.1
- v9.0.0
- v9.0.0-alpha1
- v8.3.x-dev
- v8.3.2
- v8.3.1
- v8.3.0
- v8.2.0
- v8.1.0
- v8.0.0
- v7.0.4
- v7.0.3
- v7.0.2
- v7.0.1
- v7.0.0
- v6.0.4
- v6.0.3
- v6.0.2
- v6.0.1
- v6.0.0
- v5.0.1
- 5.0.0
- v4.0.4
- v4.0.3
- v4.0.2
- v4.0.1
- v4.0.0
- v3.1.1
- v3.1.0
- v3.0.1-stable
- v3.0.0-stable
- v2.0.2-stable
- v2.0.1-stable
- v2.0.0-stable
- v1.0.1-stable
- v1.0.0-stable
This package is not auto-updated.
Last update: 2024-04-11 02:47:36 UTC
README
Help me out for a couple of 🍻!
A php library for generating one-time passwords according to RFC 4226 (HOTP Algorithm) and RFC 6238 (TOTP Algorithm)
This library is compatible with Google Authenticator apps available for Android and iPhone. It is also compatible with other applications such as FreeOTP for example.
The Release Process
The release process is described here.
Prerequisites
This library needs at least PHP 7.1.
It has been successfully tested using PHP 7.1 and nightly branch.
For older PHP versions support, please use release 8.3.x of this library.
Installation
The preferred way to install this library is to rely on Composer:
composer require spomky-labs/otphp
By default, documentation and test environment are excluded.
If you want to test the library or get the documentation, please add --prefer-source option:
composer require spomky-labs/otphp --prefer-source
TOTP or HOTP?
This library supports both TOTP and HOTP.
TOTP is a time based one-time password. It lives only for a few seconds (the period).
You just have to be sure that the clock of your server and your device are synchronized.
This is the most common OTP.
HOTP is a counter based one-time password. Every time a password is used, the counter is updated.
You have to verify that the server and the device are synchronized.
How to use
To create an OTP object, just use the static create method. Your object will be able to generate passwords:
<?php use OTPHP\TOTP; $otp = TOTP::create(); echo 'The current OTP is: '.$otp->now();
In the example above, we use the TOTP class, but you can use the HOTP one the same way.
Then, you have to configure you applications.
You can use the provisioning Uri ($otp->getProvisioningUri();) as QR Code input to easily configure all of them.
We recommend you to use your own QR Code generator (e.g. BaconQrCode). If you do not have your own generator, the classes provide a convenient way to get an Uri to the Google Chart API which will generate it for you:
$googleChartUri = $totp->getQrCodeUri(); echo "<img src='{$googleChartUri}'>";
Now that your applications are configured, you can verify the generated OTPs:
$otp->verify($input); // Returns true if the input is verified, otherwise false.
Advanced Features
- Customization
- Application Configuration: get the provisioning Uri
- Factory: from a provisioning Uri to an OTP object
- Window: the window parameter
- Q&A: Questions and Answers
Upgrade
Base 32 Encoder
Please note that the internal Base32 encoder changed on versions 8.3.2 and 9.0.2.
Before
use Base32\Base32;
$encoded = Base32::encode('foo');
After
use ParagonIE\ConstantTime\Base32;
$encoded = Base32::encode('foo');
Contributing
Requests for new features, bug fixed and all other ideas to make this project useful are welcome.
Please report all issues in the repository bug tracker.
Also make sure to follow these best practices.
Security Issues
If you discover a security vulnerability within the project, please don't use the bug tracker and don't publish it publicly. Instead, please contact me at https://gitter.im/Spomky/
Licence
This software is release under the MIT licence.