PHPackages                             tianjiuapp/phpotp - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Utility &amp; Helpers](/categories/utility)
4. /
5. tianjiuapp/phpotp

ActiveLibrary[Utility &amp; Helpers](/categories/utility)

tianjiuapp/phpotp
=================

PHPOTP

v1.0.2(1y ago)03MITPHPPHP &gt;=8.0.0

Since Feb 9Pushed 1y agoCompare

[ Source](https://github.com/TianjiuApp/PHPOTP)[ Packagist](https://packagist.org/packages/tianjiuapp/phpotp)[ RSS](/packages/tianjiuapp-phpotp/feed)WikiDiscussions master Synced today

READMEChangelog (3)DependenciesVersions (4)Used By (0)

Due to the long-term disrepair of the original warehouse, it has been replicated here. This project uses the same license as the original project. The original project address is:

PHPOTP
======

[](#phpotp)

PHP Implementation of the OTP algorithm

Two factor authentication in PHP I hope it could help you to make your applications more secure. Two factor authentication adds one more step into the authentication process and therefore provides a mechanism to provide more security for your systems.

Explain in detail - [http://en.wikipedia.org/wiki/Two-factor\_authentication](http://en.wikipedia.org/wiki/Two-factor_authentication)

If you are interested in understanding algorythm step by step - you are invited to read article

I will be using PHP in this post, but the same can be implemented in any other programming language.

Required libraries To simplify the development and not reinvent the wheel, it is always useful to try to find if someone else has implemented it already. For PHP I have adopted:

a) Base32 implementation for PHP by Bryan Ruiz b) PHP HMAC hash implementation from community feedbacks on

in a result proof of concept implementation of RFC6238 have born: rfc6238.php which contains helper class TokenAuth6238 with several useful functions

Generating a secret
===================

[](#generating-a-secret)

A secret is used to provide a base for your application and the device generating the code to validate the user's identity. The secret is important and should be transfered over a secured channel. If attacker will get access to the secret, it's possible to generate the verification code and get around the security procedure.

secret = Base32Static::encode("yourrandomsecretkey")

\#Google authenticator Google provides Android and iPhone application that generates the verification code for the user.

Install the application and create new account by entering the a code. Name your account as you want and enter the secret generated in the previous step. Choose time based token.

Now you can see on you smartphone 6 character long password that allows you to validate the user's identity.

\#Validating the integrity Now that we have the secret and the smartphone is generating the verification code, let's try to validate the it.

```
