PHPackages                             greymich/php-totp - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Utility &amp; Helpers](/categories/utility)
4. /
5. greymich/php-totp

ActiveLibrary[Utility &amp; Helpers](/categories/utility)

greymich/php-totp
=================

PHP TOTP implementation for rfc6238

2.0.0(5y ago)550.7k—4.6%2[1 PRs](https://github.com/sunnyvision/php-totp/pulls)MITPHPPHP &gt;=5.6

Since May 7Pushed 5y ago1 watchersCompare

[ Source](https://github.com/sunnyvision/php-totp)[ Packagist](https://packagist.org/packages/greymich/php-totp)[ RSS](/packages/greymich-php-totp/feed)WikiDiscussions master Synced 1mo ago

READMEChangelogDependencies (1)Versions (2)Used By (0)

PHP TOTP
========

[](#php-totp)

Important notice
----------------

[](#important-notice)

For PHP 8.0 or above please use ^2.0. For PHP below 8.0, use ^1.0.

This library is an implementation of totp (rfc6238) in php (currently only sha1)

Features
--------

[](#features)

- PSR-4 autoloading compliant structure
- Unit-Testing with PHPUnit
- Easy to use to any framework or even a plain php file
- Supports SHA1 of HOTPTimeBased

Installation
------------

[](#installation)

Using composer (recommended):

```
$ composer require greymich/php-totp

```

In separate package:

```
require "path/to/lib/src/TOTP.php"

```

Examples
--------

[](#examples)

To start randomize a base32 secret or create one from an ASCII string

```
// ASCII to base32
$secret = Greymich\TOTP\TOTP::base32Encode("12345678901234567890");
// Random
$secret = Greymich\TOTP\TOTP::genSecret(32);
// Initiate totp instance by secret
$otp = new Greymich\TOTP\TOTP($secret);

```

Validate an OTP

```
$userInput = "";
$secret = "";
$otp = new Greymich\TOTP\TOTP($secret);
// To mitigate possible timing attacks
if(hash_equals( $otp->get(), $userInput )) {
	// Correct
}

```

Generate OTP registration uri (For QR scanning)

```
$secret = Greymich\TOTP\TOTP::base32Encode("12345678901234567890");
$otp = new Greymich\TOTP\TOTP($secret);
$uri = $otp->uri("[Platform] h.y.michael@icloud.com");

```

Tests
-----

[](#tests)

```
composer test

```

```
TOTP
 ✔ Should be true
 ✔ Should be free of syntax error
 ✔ Should encode and decode base 32
 ✔ Should generate totp with sha 1
 ✔ Should generate google authenticator compatible uri

```

Test are run against SHA1 of rfc6238 suggested testing vectors

```
  +-------------+--------------+------------------+----------+--------+
  |  Time (sec) |   UTC Time   | Value of T (hex) |   TOTP   |  Mode  |
  +-------------+--------------+------------------+----------+--------+
  |      59     |  1970-01-01  | 0000000000000001 | 94287082 |  SHA1  |
  |             |   00:00:59   |                  |          |        |
  |      59     |  1970-01-01  | 0000000000000001 | 46119246 | SHA256 |
  |             |   00:00:59   |                  |          |        |
  |      59     |  1970-01-01  | 0000000000000001 | 90693936 | SHA512 |
  |             |   00:00:59   |                  |          |        |
  |  1111111109 |  2005-03-18  | 00000000023523EC | 07081804 |  SHA1  |
  |             |   01:58:29   |                  |          |        |
  |  1111111109 |  2005-03-18  | 00000000023523EC | 68084774 | SHA256 |
  |             |   01:58:29   |                  |          |        |
  |  1111111109 |  2005-03-18  | 00000000023523EC | 25091201 | SHA512 |
  |             |   01:58:29   |                  |          |        |
  |  1111111111 |  2005-03-18  | 00000000023523ED | 14050471 |  SHA1  |
  |             |   01:58:31   |                  |          |        |
  |  1111111111 |  2005-03-18  | 00000000023523ED | 67062674 | SHA256 |
  |             |   01:58:31   |                  |          |        |
  |  1111111111 |  2005-03-18  | 00000000023523ED | 99943326 | SHA512 |
  |             |   01:58:31   |                  |          |        |
  |  1234567890 |  2009-02-13  | 000000000273EF07 | 89005924 |  SHA1  |
  |             |   23:31:30   |                  |          |        |
  |  1234567890 |  2009-02-13  | 000000000273EF07 | 91819424 | SHA256 |
  |             |   23:31:30   |                  |          |        |
  |  1234567890 |  2009-02-13  | 000000000273EF07 | 93441116 | SHA512 |
  |             |   23:31:30   |                  |          |        |
  |  2000000000 |  2033-05-18  | 0000000003F940AA | 69279037 |  SHA1  |
  |             |   03:33:20   |                  |          |        |
  |  2000000000 |  2033-05-18  | 0000000003F940AA | 90698825 | SHA256 |
  |             |   03:33:20   |                  |          |        |
  |  2000000000 |  2033-05-18  | 0000000003F940AA | 38618901 | SHA512 |
  |             |   03:33:20   |                  |          |        |
  | 20000000000 |  2603-10-11  | 0000000027BC86AA | 65353130 |  SHA1  |
  |             |   11:33:20   |                  |          |        |
  | 20000000000 |  2603-10-11  | 0000000027BC86AA | 77737706 | SHA256 |
  |             |   11:33:20   |                  |          |        |
  | 20000000000 |  2603-10-11  | 0000000027BC86AA | 47863826 | SHA512 |
  |             |   11:33:20   |                  |          |        |
  +-------------+--------------+------------------+----------+--------+

```

###  Health Score

31

—

LowBetter than 68% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity36

Limited adoption so far

Community9

Small or concentrated contributor base

Maturity47

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Unknown

Total

1

Last Release

1837d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/61a77dd5ef7ab0ea6f5244444cc742ea063d6cfb6775d3c86de490d9c9b0f811?d=identicon)[greymich](/maintainers/greymich)

---

Top Contributors

[![greymich](https://avatars.githubusercontent.com/u/18516701?v=4)](https://github.com/greymich "greymich (6 commits)")

---

Tags

phpcomposertotpone-time-password

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/greymich-php-totp/health.svg)

```
[![Health](https://phpackages.com/badges/greymich-php-totp/health.svg)](https://phpackages.com/packages/greymich-php-totp)
```

###  Alternatives

[jbzoo/composer-diff

See what has changed after a composer update.

53888.9k1](/packages/jbzoo-composer-diff)[liborm85/composer-vendor-cleaner

Composer Vendor Cleaner removes unnecessary development files and directories from vendor directory.

35342.7k1](/packages/liborm85-composer-vendor-cleaner)[camcima/php-geohash

Refactored GeoHash package

1074.0k](/packages/camcima-php-geohash)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)