PHPackages nishadil/mfa - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. nishadil/mfa ActiveLibrary[Security](/categories/security) nishadil/mfa ============ A php library for Multi-factor authentication (MFA). v1.5.0(5mo ago)3161MITPHPPHP >=7.4 Since Jul 15Pushed 5mo agoCompare [ Source](https://github.com/nishadil/MFA)[ Packagist](https://packagist.org/packages/nishadil/mfa)[ RSS](/packages/nishadil-mfa/feed)WikiDiscussions main Synced 3w ago READMEChangelog (8)Dependencies (1)Versions (9)Used By (0) nishadil\\mfa ============= [](#nishadilmfa) A php library for Multi-factor authentication (MFA). MFA also known as 2FA or two factor authentication. [ ![](https://camo.githubusercontent.com/def9080b4a4133b59f242d94c4f73a1e139f64f4a2e018c89f217e9d10692647/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f76657273696f6e2d312e352e302d3030386665622e737667) ![](https://camo.githubusercontent.com/2b0bee64d62e159de97a324b65e4d6b4e7061b0cea4a488611a95ef4bc72918a/68747470733a2f2f696d672e736869656c64732e696f2f62616467652fe29da42d4e6973686164696c2d3030386665622e737667) ](https://github.com/nishadil/MFA/releases/tag/v1.5.0) ### What is TOTP [](#what-is-totp) TOTP, which stands for Time-based One-Time Password, is a computer algorithm that generates a temporary, unique password for authentication. It's widely used in two-factor authentication (2FA) systems to add an extra layer of security beyond a traditional password. The TOTP algorithm follows an open standard documented in [RFC 6238](https://datatracker.ietf.org/doc/html/rfc6238). The inputs include a shared secret key and the system time. ### What is HOTP [](#what-is-hotp) HOTP stands for HMAC-based One-Time Password and is the original standard that TOTP was based on. Both methods use a secret key as one of the inputs, but while TOTP uses the system time for the other input, HOTP uses a counter, which increments with each new validation. With HOTP, both parties increment the counter and use that to compute the one-time password. The HOTP standard is documented in [RFC 4226](https://datatracker.ietf.org/doc/html/rfc4226). Installation ============ [](#installation) This library can be installed using [Composer](https://getcomposer.org/). To install, please use following command ``` composer require nishadil/mfa ``` How to use ========== [](#how-to-use) ### Generate Secret Code [](#generate-secret-code) To create new secret code for user, call public static mathod `Mfa::createSecretCode();` ``` ``` output: ``` F6ZHAZMKSLY7ISFO ``` ### Generate long Secret Code [](#generate-long-secret-code) By default, we defined secret code length to *16* char long. You can change it if you need to generate long code. Accepted values should be in integer and within range of 16 to 128. eg: now we want to generate a 32 char long secret code. `Mfa::setSecretCodeLength(32);` then `Mfa::createSecretCode();` ``` ``` output: ``` 3TYBUTVEXBOBXYTJ6L7NZ4HC7QJWAKMY ``` ### Get TOTP from secret code [](#get-totp-from-secret-code) TOTP stands for Time-based One-Time Passwords and is a common form of Multi-factor authentication (MFA). To generate your TOTP based on your secret key and time you can call public static mathod `Mfa::getTOTP( string $secretCode );` ``` ``` output: ``` 557480 ``` ### Validate TOTP [](#validate-totp) To validate your TOTP based on your secret key and time you can call public static mathod `Mfa::validateTOTP(string $secretCode, string $userProvided_otp, int $tolerance = 1);`The `$tolerance` value is the number of time steps allowed before/after the current window (default `1`). Use `0` for strict expiry. ``` ``` output: ``` true ``` To change the TOTP time step (default 30 seconds), call `Mfa::setTimeStep(int $seconds);` before generating or validating codes: ``` ``` ### Get HOTP from secret code [](#get-hotp-from-secret-code) HOTP stands for HMAC-based One-Time Password and is the original standard that TOTP was based on. To generate your HOTP based on your secret key and counter value to call public static mathod `Mfa::getHOTP( string $secretCode, int $counter );` ``` ``` output: ``` 440791 ``` ### Validate HOTP [](#validate-hotp) To validate your HOTP based on your secret key and counter value call public static mathod `Mfa::validateHOTP(string $secretCode, string $userProvided_otp, int $counter);` ``` ``` output: ``` true ``` ### Create otpauth URI for Authenticator Apps [](#create-otpauth-uri-for-authenticator-apps) Many authenticator apps, such as Google Authenticator, Authy, and others, support scanning a QR code to quickly set up a new account. The QR code typically contains a special URI, called an `otpauth` URI, which holds all the necessary information for the app to generate one-time passwords. The `otpauth` URI follows a specific format: ``` otpauth://[type]/[label]?[parameters] ``` **Generate otpauth URI for TOTP Based method** ``` ``` output: ``` otpauth://totp/NishadilApp:user%40example.com?secret=3TYBUTVEXBOBXYTJ6L7NZ4HC7QJWAKMY&issuer=NishadilApp&digits=6&algorithm=SHA1&period=30 ``` **Generate otpauth URI for HOTP Based method** ``` ``` output: ``` otpauth://hotp/NishadilApp:user%40example.com?secret=3TYBUTVEXBOBXYTJ6L7NZ4HC7QJWAKMY&issuer=NishadilApp&digits=6&algorithm=SHA1&counter=100 ``` ### Generate Backup Codes [](#generate-backup-codes) To generate backup codes, call public static mathod `Mfa::generateBackupCodes(int $count = 10, int $length = 8);` ``` ``` output: ``` array[ 'QS5HT8FK-2D7LTZGM', 'S7DS93ON-U8RMR0TY', '965F5WEP-KP16XBME', 'G4E6IQ05-SUFEWHN0', 'SYS907DN-0JN060EE', 'IYGGRAXO-739H8TWR', 'PA79RE4J-4IZ83DB2', 'YH9YDR3Z-N51CGR4E', 'V36CMIRZ-1WNEZVN6', 'O3HU4FBC-V1OPWXZ8' ] ``` License ======= [](#license) This library is licensed for use under the MIT License (MIT) ### Health Score 37 — LowBetter than 81% of packages Maintenance71 Regular maintenance activity Popularity10 Limited adoption so far Community7 Small or concentrated contributor base Maturity49 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~129 days Recently: every ~27 days Total 8 Last Release 165d ago ### Community Maintainers ![](https://avatars.githubusercontent.com/u/3072416?v=4)[Nishadil](/maintainers/nishadil)[@nishadil](https://github.com/nishadil) --- Top Contributors [![NishadilDev](https://avatars.githubusercontent.com/u/110878197?v=4)](https://github.com/NishadilDev "NishadilDev (21 commits)") --- Tags 2fa2fa-securitybackupcodehotpmfasecuritytotp ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/nishadil-mfa/health.svg) ``` [![Health](https://phpackages.com/badges/nishadil-mfa/health.svg)](https://phpackages.com/packages/nishadil-mfa) ``` ### Alternatives [mews/purifier Laravel 5/6/7/8/9/10 HtmlPurifier Package 2.0k18.0M134](/packages/mews-purifier)[paragonie/ecc PHP Elliptic Curve Cryptography library 24772.0k35](/packages/paragonie-ecc) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)