PHPackages                             kayon-ariel/totp-php - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. kayon-ariel/totp-php

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

kayon-ariel/totp-php
====================

Google Authenticator 2-factor authentication

v0.0.2(1y ago)1271MITPHPPHP &gt;=8.2

Since Oct 13Pushed 1y agoCompare

[ Source](https://github.com/kayon-ariel/totp-php)[ Packagist](https://packagist.org/packages/kayon-ariel/totp-php)[ RSS](/packages/kayon-ariel-totp-php/feed)WikiDiscussions master Synced today

READMEChangelog (2)Dependencies (1)Versions (3)Used By (0)

TOTP-PHP
========

[](#totp-php)

[![PHP Version](https://camo.githubusercontent.com/57a4b2b97b530830a27833fee0e4f091c19a05a2936c2e4a1b319d1349ad1f35/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f7068702d253345253344382e322d627269676874677265656e)](https://camo.githubusercontent.com/57a4b2b97b530830a27833fee0e4f091c19a05a2936c2e4a1b319d1349ad1f35/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f7068702d253345253344382e322d627269676874677265656e) [![License](https://camo.githubusercontent.com/b8cadaa967891081f8f165695470689986c028821dd8a040132f6e661795dc0d/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d626c7565)](https://camo.githubusercontent.com/b8cadaa967891081f8f165695470689986c028821dd8a040132f6e661795dc0d/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d626c7565) [![Packagist Downloads](https://camo.githubusercontent.com/c9ae2903c10cf93f4ccec5666d9c696113cd87bd6ab0504c4f4777f3c4ff5278/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f646d2f6b61796f6e2d617269656c2f746f74702d7068702e7376673f6c6162656c3d5061636b6167697374253230646f776e6c6f616473)](https://packagist.org/packages/kayon-ariel/totp-php)

Introduction
------------

[](#introduction)

**TOTP-PHP** is a PHP library for generating Time-based One-Time Passwords (TOTP) for two-factor authentication. This library is easy to integrate into your existing PHP applications, allowing you to enhance your security measures effectively.

**TOTP-PHP** is compatible with **Google Authenticator** and other TOTP applications, making it a great choice for implementing two-factor authentication in your projects.

For a secure installation you have to make sure that used codes cannot be reused (replay-attack). You also need to limit the number of verifications, to fight against brute-force attacks. For example you could limit the amount of verifications to 10 tries within 10 minutes for one IP address (or IPv6 block). It depends on your environment.

Features
--------

[](#features)

- Generate TOTP codes compliant with RFC 6238.
- Simple for use.
- Built-in validation methods.
- Secret key generation for TOTP.
- Compatible with Google Authenticator and similar apps.
- Generate QR code payloads for easy integration with TOTP applications.

Installation
------------

[](#installation)

You can install the `totp-php` library via Composer. Run the following command in your terminal:

```
composer require kayon-ariel/totp-php
```

Usage
-----

[](#usage)

Here is a simple example of how to use the library:

### Generating a TOTP Code

[](#generating-a-totp-code)

```
require 'vendor/autoload.php';

use TotpPhp\Totp;

// Create a new TOTP instance
$ga = new Totp();

// Generate a secret key
$secret = $ga->createSecret();
echo "Secret is: " . $secret . "\n\n";

// Generate a TOTP code based on the secret
$oneCode = $ga->getCode($secret);
echo "Checking Code '$oneCode' and Secret '$secret':\n";

// Verify the TOTP code against the secret
$checkResult = $ga->verifyCode($secret, $oneCode);

if ($checkResult) {
    echo 'OK';
} else {
    echo 'FAILED';
}
```

### Generating a Secret Key

[](#generating-a-secret-key)

You can generate a random secret key using the `createSecret` method. This is useful for initializing a new user or session.

```
$secret = $ga->createSecret();
echo "Your secret key is: " . $secret;
```

### Generating a QR Code Payload

[](#generating-a-qr-code-payload)

To generate a QR code payload for a TOTP secret, use the `getQrCodePayload` function:

```
$label = 'user@example.com'; // The user's email or username
$issuer = 'MyApp'; // Optional issuer name

$qrcodePayload = $totp->getQrCodePayload($secret, $label, $issuer);
echo "QR Code Payload: " . $qrcodePayload . "\n";
```

### Validating a TOTP Code

[](#validating-a-totp-code)

You can validate a TOTP code using the `verifyCode` method:

```
$userInputCode = '123456'; // Example user input
$isValid = $ga->verifyCode($secret, $userInputCode);

if ($isValid) {
    echo "The TOTP code is valid!";
} else {
    echo "The TOTP code is invalid!";
}
```

### Code Generation and Verification Logic

[](#code-generation-and-verification-logic)

The library uses the following methods:

- **`createSecret(int $secretLength = 16): string`**: Generates a new secret key with a specified length (minimum 16 characters).
- **`getCode(string $secret, ?int $timeSlice = null): string`**: Calculates the TOTP code for a given secret key and time slice (defaults to the current time).
- **`verifyCode(string $secret, string $code, int $discrepancy = 1): bool`**: Checks if the provided TOTP code matches the expected code for the secret, allowing for some time discrepancy.

License
-------

[](#license)

This library incorporates code from the original `PHPGangsta/GoogleAuthenticator` project:

- Copyright (c) 2012-2016,
- Author: Michael Kliewe, [@PHPGangsta](http://twitter.com/PHPGangsta) and [contributors](https://github.com/PHPGangsta/GoogleAuthenticator/graphs/contributors)
- Licensed under the BSD License.

Current: Copyright (c) 2024 Kayon Ariel, provided under the MIT License.

Contributions
-------------

[](#contributions)

Contributions are welcome! Feel free to submit issues, fork the repository, and submit pull requests.

Contact
-------

[](#contact)

For any inquiries or feedback, you can reach out to me at \[\].

###  Health Score

28

—

LowBetter than 52% of packages

Maintenance34

Infrequent updates — may be unmaintained

Popularity15

Limited adoption so far

Community16

Small or concentrated contributor base

Maturity43

Maturing project, gaining track record

 Bus Factor2

2 contributors hold 50%+ of commits

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~0 days

Total

2

Last Release

629d ago

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/90801274?v=4)[Kayon Ariel](/maintainers/kayon-ariel)[@kayon-ariel](https://github.com/kayon-ariel)

---

Top Contributors

[![PHPGangsta](https://avatars.githubusercontent.com/u/608408?v=4)](https://github.com/PHPGangsta "PHPGangsta (27 commits)")[![kayon-ariel](https://avatars.githubusercontent.com/u/90801274?v=4)](https://github.com/kayon-ariel "kayon-ariel (6 commits)")[![symm](https://avatars.githubusercontent.com/u/69390?v=4)](https://github.com/symm "symm (6 commits)")[![r--w](https://avatars.githubusercontent.com/u/1191700?v=4)](https://github.com/r--w "r--w (4 commits)")[![LukaszPiechowiak](https://avatars.githubusercontent.com/u/8948593?v=4)](https://github.com/LukaszPiechowiak "LukaszPiechowiak (4 commits)")[![samundra](https://avatars.githubusercontent.com/u/760855?v=4)](https://github.com/samundra "samundra (3 commits)")[![pgampe](https://avatars.githubusercontent.com/u/855238?v=4)](https://github.com/pgampe "pgampe (3 commits)")[![Sc00bz](https://avatars.githubusercontent.com/u/2030592?v=4)](https://github.com/Sc00bz "Sc00bz (3 commits)")[![yanniks](https://avatars.githubusercontent.com/u/993397?v=4)](https://github.com/yanniks "yanniks (1 commits)")[![alexandregz](https://avatars.githubusercontent.com/u/1374718?v=4)](https://github.com/alexandregz "alexandregz (1 commits)")[![edwardmp](https://avatars.githubusercontent.com/u/1686739?v=4)](https://github.com/edwardmp "edwardmp (1 commits)")[![leandro-lugaresi](https://avatars.githubusercontent.com/u/858713?v=4)](https://github.com/leandro-lugaresi "leandro-lugaresi (1 commits)")[![vmelnic](https://avatars.githubusercontent.com/u/1056081?v=4)](https://github.com/vmelnic "vmelnic (1 commits)")[![34x](https://avatars.githubusercontent.com/u/60165?v=4)](https://github.com/34x "34x (1 commits)")

---

Tags

2-factor-authenticationgoogle-authenticatorone-time-passwordotpphp-totptopttotp-phpotptotpgoogleauthenticatorrfc62382-Factor

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/kayon-ariel-totp-php/health.svg)

```
[![Health](https://phpackages.com/badges/kayon-ariel-totp-php/health.svg)](https://phpackages.com/packages/kayon-ariel-totp-php)
```

###  Alternatives

[christian-riesen/otp

One Time Passwords, hotp and totp according to RFC4226 and RFC6238

885.5M6](/packages/christian-riesen-otp)[chillerlan/php-authenticator

A generator for counter- and time based 2-factor authentication codes (Google Authenticator). PHP 8.2+

58133.8k3](/packages/chillerlan-php-authenticator)[vectorface/googleauthenticator

Google Authenticator 2-factor authentication

19256.5k1](/packages/vectorface-googleauthenticator)[infocyph/otp

Simple &amp; Secure Generic OTP, OCRA (RFC6287), TOTP (RFC6238) &amp; HOTP (RFC4226) solution!

147.3k](/packages/infocyph-otp)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
