PHPackages jakobo/hotp-php - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. jakobo/hotp-php ActiveLibrary[Authentication & Authorization](/categories/authentication) jakobo/hotp-php =============== HOTP simplifies One Time Password systems for PHP Authentication v2.0.0(5y ago)5177.1k—3.9%9[1 PRs](https://github.com/thecodedrift/hotp-php/pulls)BSD-3-ClausePHPPHP >=7.2CI passing Since Nov 2Pushed 1mo ago3 watchersCompare [ Source](https://github.com/thecodedrift/hotp-php)[ Packagist](https://packagist.org/packages/jakobo/hotp-php)[ RSS](/packages/jakobo-hotp-php/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (1)Dependencies (4)Versions (5)Used By (0) HOTP - PHP Based HMAC One Time Passwords ======================================== [](#hotp---php-based-hmac-one-time-passwords) **What is HOTP**: HOTP is a class that simplifies One Time Password systems for PHP Authentication. The HOTP/TOTP Algorithms have been around for a bit, so this is a straightforward class to meet the test vector requirements. **What works with HOTP/TOTP**: It's been tested to the test vectors, and I've verified the time-sync hashes against the following: - Android: Mobile-OTP - iPhone: OATH Token **Why would I use this**: Who wouldn't love a simple drop-in class for HMAC Based One Time Passwords? It's a great extra layer of security (creating two-factor auth) and it's pretty darn zippy. **Okay you sold me. Give me some docs**: ``` use jakobo\HOTP\HOTP; // event based $result = HOTP::generateByCounter( $key, $counter ); // time based within a "window" of time $result = HOTP::generateByTime( $key, $window ); // same as generateByTime, but for $min windows before and $max windows after $result = HOTP::generateByTimeWindow( $key, $window, $min, $max ); ``` with `$result`, you can do all sorts of neat things... ``` $result->toString(); $result->toHex(); $result->toDec(); // how many digits in your OTP? $result->toHotp( $length ); ``` Development =========== [](#development) In order to support multiple PHP versions, a docker file and compose is available. To build a php docker image with composer (and dependencies): ``` # Bring up the environment, mounts to /app in the container docker compose up # Get into the PHP environment docker compose exec php bash # Run composer cd /app composer install composer test ``` ### Health Score 49 — FairBetter than 95% of packages Maintenance59 Moderate activity, may be stable Popularity44 Moderate usage in the ecosystem Community19 Small or concentrated contributor base Maturity59 Maturing project, gaining track record Bus Factor1 Top contributor holds 72% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~393 days Total 3 Last Release 1968d ago Major Versions v1.0.1 → v2.0.02020-12-28 PHP version history (2 changes)v1.0.0PHP ^5.3.3 || ^7.0 v2.0.0PHP >=7.2 ### Community Maintainers ![](https://www.gravatar.com/avatar/716c86d71cbf921e7912a505f89d799de398fc0a3af0bd4c8862834b2d642bd7?d=identicon)[wikimedia](/maintainers/wikimedia) ![](https://www.gravatar.com/avatar/c46448521016bb8e2aed9f7ec61ef86ea50f78263172749e9c29eb093aadb1f9?d=identicon)[theCodeDrift](/maintainers/theCodeDrift) --- Top Contributors [![reedy](https://avatars.githubusercontent.com/u/67615?v=4)](https://github.com/reedy "reedy (59 commits)")[![thecodedrift](https://avatars.githubusercontent.com/u/1795?v=4)](https://github.com/thecodedrift "thecodedrift (14 commits)")[![legoktm](https://avatars.githubusercontent.com/u/81392?v=4)](https://github.com/legoktm "legoktm (4 commits)")[![scottmac](https://avatars.githubusercontent.com/u/50088?v=4)](https://github.com/scottmac "scottmac (3 commits)")[![jrzepa](https://avatars.githubusercontent.com/u/45801553?v=4)](https://github.com/jrzepa "jrzepa (1 commits)")[![sachabeharry](https://avatars.githubusercontent.com/u/1455206?v=4)](https://github.com/sachabeharry "sachabeharry (1 commits)") --- Tags hotphotp-generatorotpphptotp ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/jakobo-hotp-php/health.svg) ``` [![Health](https://phpackages.com/badges/jakobo-hotp-php/health.svg)](https://phpackages.com/packages/jakobo-hotp-php) ``` ### Alternatives [bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[gesdinet/jwt-refresh-token-bundle Implements a refresh token system over Json Web Tokens in Symfony 70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[illuminate/auth The Illuminate Auth package. 9327.3M1.0k](/packages/illuminate-auth)[beatswitch/lock A flexible, driver based Acl package for PHP 5.4+ 870304.7k2](/packages/beatswitch-lock)[amocrm/amocrm-api-library amoCRM API Client 182728.5k6](/packages/amocrm-amocrm-api-library)[vonage/jwt A standalone package for creating JWTs for Vonage APIs 424.1M4](/packages/vonage-jwt) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)