PHPackages                             jakobo/hotp-php - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. jakobo/hotp-php

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

jakobo/hotp-php
===============

HOTP simplifies One Time Password systems for PHP Authentication

v2.1.0(2mo ago)5183.1k↓28.6%9BSD-3-ClausePHPPHP &gt;=8.0CI passing

Since Nov 2Pushed 2mo ago3 watchersCompare

[ Source](https://github.com/thecodedrift/hotp-php)[ Packagist](https://packagist.org/packages/jakobo/hotp-php)[ RSS](/packages/jakobo-hotp-php/feed)WikiDiscussions main Synced 3d ago

READMEChangelog (1)Dependencies (10)Versions (6)Used By (0)

HOTP - PHP Based HMAC One Time Passwords
========================================

[](#hotp---php-based-hmac-one-time-passwords)

**What is HOTP**: HOTP is a class that simplifies One Time Password systems for PHP Authentication. The HOTP/TOTP Algorithms have been around for a bit, so this is a straightforward class to meet the test vector requirements.

**What works with HOTP/TOTP**: It's been tested to the test vectors, and I've verified the time-sync hashes against the following:

- Android: Mobile-OTP
- iPhone: OATH Token

**Why would I use this**: Who wouldn't love a simple drop-in class for HMAC Based One Time Passwords? It's a great extra layer of security (creating two-factor auth) and it's pretty darn zippy.

**Okay you sold me. Give me some docs**:

```
use jakobo\HOTP\HOTP;

// event based
$result = HOTP::generateByCounter( $key, $counter );

// time based within a "window" of time
$result = HOTP::generateByTime( $key, $window );

// same as generateByTime, but for $min windows before and $max windows after
$result = HOTP::generateByTimeWindow( $key, $window, $min, $max );
```

with `$result`, you can do all sorts of neat things...

```
$result->toString();

$result->toHex();

$result->toDec();

// how many digits in your OTP?
$result->toHotp( $length );
```

Development
===========

[](#development)

In order to support multiple PHP versions, a docker file and compose is available.

To build a php docker image with composer (and dependencies):

```
# Bring up the environment, mounts to /app in the container
docker compose up

# Get into the PHP environment
docker compose exec php bash

# Run composer
cd /app
composer install
composer test
```

###  Health Score

58

—

FairBetter than 98% of packages

Maintenance84

Actively maintained with recent releases

Popularity44

Moderate usage in the ecosystem

Community19

Small or concentrated contributor base

Maturity71

Established project with proven stability

 Bus Factor1

Top contributor holds 71.4% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~906 days

Total

4

Last Release

82d ago

Major Versions

v1.0.1 → v2.0.02020-12-28

PHP version history (3 changes)v1.0.0PHP ^5.3.3 || ^7.0

v2.0.0PHP &gt;=7.2

v2.1.0PHP &gt;=8.0

### Community

Maintainers

![](https://www.gravatar.com/avatar/716c86d71cbf921e7912a505f89d799de398fc0a3af0bd4c8862834b2d642bd7?d=identicon)[wikimedia](/maintainers/wikimedia)

![](https://www.gravatar.com/avatar/c46448521016bb8e2aed9f7ec61ef86ea50f78263172749e9c29eb093aadb1f9?d=identicon)[theCodeDrift](/maintainers/theCodeDrift)

---

Top Contributors

[![reedy](https://avatars.githubusercontent.com/u/67615?v=4)](https://github.com/reedy "reedy (60 commits)")[![thecodedrift](https://avatars.githubusercontent.com/u/1795?v=4)](https://github.com/thecodedrift "thecodedrift (15 commits)")[![legoktm](https://avatars.githubusercontent.com/u/81392?v=4)](https://github.com/legoktm "legoktm (4 commits)")[![scottmac](https://avatars.githubusercontent.com/u/50088?v=4)](https://github.com/scottmac "scottmac (3 commits)")[![jrzepa](https://avatars.githubusercontent.com/u/45801553?v=4)](https://github.com/jrzepa "jrzepa (1 commits)")[![sachabeharry](https://avatars.githubusercontent.com/u/1455206?v=4)](https://github.com/sachabeharry "sachabeharry (1 commits)")

---

Tags

hotphotp-generatorotpphptotp

###  Code Quality

TestsPHPUnit

Code StylePHP CS Fixer

### Embed Badge

![Health badge](/badges/jakobo-hotp-php/health.svg)

```
[![Health](https://phpackages.com/badges/jakobo-hotp-php/health.svg)](https://phpackages.com/packages/jakobo-hotp-php)
```

###  Alternatives

[kartik-v/yii2-password

Useful password strength validation utilities for Yii Framework 2.0

761.3M17](/packages/kartik-v-yii2-password)[vitalybaev/laravel5-dkim

Laravel 5/6 package for signing outgoing messages with DKIM.

3163.1k](/packages/vitalybaev-laravel5-dkim)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
