PHPackages tzsk/otp - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. tzsk/otp ActiveLibrary[Security](/categories/security) tzsk/otp ======== A secure, database-free One-Time Password (OTP) generator and verifier for PHP and Laravel. 10.0.0(1mo ago)241641.4k—0%32[1 issues](https://github.com/tzsk/otp/issues)[1 PRs](https://github.com/tzsk/otp/pulls)1MITPHPPHP ^8.4CI passing Since Jan 23Pushed 1mo ago3 watchersCompare [ Source](https://github.com/tzsk/otp)[ Packagist](https://packagist.org/packages/tzsk/otp)[ Docs](https://github.com/tzsk/otp)[ Fund](https://paypal.me/KMAhmed)[ GitHub Sponsors](https://github.com/tzsk)[ RSS](/packages/tzsk-otp/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (10)Dependencies (16)Versions (27)Used By (1) 🎁 OTP Generator & Verifier ============================== [](#gift-otp-generator--verifier) [![OTP](resources/otp.png)](resources/otp.png) [![GitHub License](https://camo.githubusercontent.com/23528d364e883ab10a6a470248b2923eddf00a17a5d95e1e7c871ca781bea381/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f747a736b2f6f74703f7374796c653d666f722d7468652d6261646765)](https://camo.githubusercontent.com/23528d364e883ab10a6a470248b2923eddf00a17a5d95e1e7c871ca781bea381/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f747a736b2f6f74703f7374796c653d666f722d7468652d6261646765)[![Latest Version on Packagist](https://camo.githubusercontent.com/43bf965360967c059dac6d35a5b2fd0a6c6dad0837b33ef8453be10abb3ba4c6/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f747a736b2f6f74702e7376673f7374796c653d666f722d7468652d6261646765266c6f676f3d636f6d706f736572)](https://packagist.org/packages/tzsk/otp)[![GitHub Tests Action Status](https://camo.githubusercontent.com/0cda7a08b919c2990f564da5448a9a8584ed56e007f3245c1aade54da3315212/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f747a736b2f6f74702f74657374732e796d6c3f6272616e63683d6d6173746572266c6162656c3d7465737473267374796c653d666f722d7468652d6261646765266c6f676f3d676974687562)](https://github.com/tzsk/otp/actions?query=workflow%3ATests+branch%3Amaster)[![Total Downloads](https://camo.githubusercontent.com/6fb0b51eeac3fc469ea8dad1f64565e1bc1474347bc6c760032ff673cb3bc0a1/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f747a736b2f6f74702e7376673f7374796c653d666f722d7468652d6261646765266c6f676f3d6c61726176656c)](https://packagist.org/packages/tzsk/otp) A secure, database-free One-Time Password (OTP) generator and verifier for PHP. While primarily designed as a Laravel package, it can also be used independently in any PHP application. 📦 Installation -------------- [](#package-installation) Via Composer: ``` composer require tzsk/otp ``` To publish the configuration file for Laravel, run: ``` php artisan otp:publish ``` 🔥 Usage in Laravel ------------------ [](#fire-usage-in-laravel) Import the facade class: ``` use Tzsk\Otp\Facades\Otp; ``` **Generate an OTP:** ``` $otp = Otp::generate($unique_secret); // Returns - string ``` The OTP generated above will only be successfully validated if the same unique secret is provided within the default expiration time. > **TIP:** OTPs are commonly used for user verification. The most straightforward approach to determining the `unique_secret` is to use the user's email address, phone number, or User ID. You can also be creative with the unique secret, such as using `md5($email)` to create an MD5 hash of the user's email or phone number. **Match an OTP:** ``` $valid = Otp::match($otp, $unique_secret); // Returns - boolean ``` **Other Generate & Match Options:** There are other ways of generating or matching an OTP: ``` // Generate - Otp::digits(8)->generate($unique_secret); // 8 Digits, Default expiry from config Otp::expiry(30)->generate($unique_secret); // 30 min expiry, Default digits from config Otp::digits(8)->expiry(30)->generate($unique_secret); // 8 digits, 30 min expiry // The generate method above can be swapped with other generator methods. Ex - Otp::make($unique_secret); Otp::create($unique_secret); ``` Make sure to use the same configuration during validation. For example, if you specified 8 digits and a 30-minute expiration during creation, you must also specify 8 digits and a 30-minute expiration during verification. ``` // Match - (Different Runtime) // For the first example above Otp::check($otp, $unique_secret); // -> false Otp::digits(8)->check($otp, $unique_secret); // -> true // For the second example above Otp::check($otp, $unique_secret); // -> false Otp::expiry(30)->check($otp, $unique_secret); // -> true // For the third example above Otp::check($otp, $unique_secret); // -> false Otp::digits(8)->expiry(30)->check($otp, $unique_secret); // -> true ``` As demonstrated in the examples above, the exact configuration used to generate the OTP must be provided when matching the OTP with the secret. **Security Advantage:** The primary advantage of requiring the same configuration during verification is that it prevents a malicious actor from using this tool to generate the same OTP for a targeted user without knowing the exact configuration parameters used. ### 🌊 Helper usage [](#ocean-helper-usage) You can use the package with the provided helper function as well: ``` $otp = otp()->make($secret); $otp = otp()->digits(8)->expiry(20)->make($secret); ``` 😍 Usage outside Laravel ----------------------- [](#heart_eyes-usage-outside-laravel) Install the package with Composer exactly as described above. Then, simply use the provided helper function. **Generate:** ``` /** * You will need a directory in your filesystem where the package can store data. * Ensure you restrict access to this directory and its files using your web server configuration (Apache or Nginx). */ // Let's assume the directory you created is `./otp-tmp` $manager = otp('./otp-tmp'); /** * Default properties - * $digits -> 4 * $expiry -> 10 min */ $manager->digits(6); // To change the number of OTP digits $manager->expiry(20); // To change the mins until expiry $manager->generate($unique_secret); // Will return a string of OTP $manager->match($otp, $unique_secret); // Will return true or false. ``` All functionalities remain identical to those documented in the Laravel Usage section. The only difference is that you use the `$manager` instance instead of the static Facade. **NOTE:** You don't need to specify a path if you are using Laravel. The package will automatically detect and utilize Laravel's default cache store. Example: ``` $manager->digits(...)->expiry(...)->generate($unique_secret); // And... $manager->digits(...)->expiry(...)->match($otp, $unique_secret); ``` Again, remember that when verifying an OTP, the digit and expiration configuration must match the settings used during generation. 🔬 Testing --------- [](#microscope-testing) ``` composer test ``` 📅 Changelog ----------- [](#date-changelog) Please see [CHANGELOG](CHANGELOG.md) for more information on what has changed recently. ❤️ Contributing --------------- [](#heart-contributing) Please see [CONTRIBUTING](.github/CONTRIBUTING.md) for details. 🔒 Security Vulnerabilities -------------------------- [](#lock-security-vulnerabilities) Please review [our security policy](../../security/policy) on how to report security vulnerabilities. 👑 Credits --------- [](#crown-credits) - [Kazi Ahmed](https://github.com/tzsk) - [All Contributors](../../contributors) 👮‍♂️ License ------------ [](#policeman-license) The MIT License (MIT). Please see [License File](LICENSE.md) for more information. ### Health Score 69 — FairBetter than 100% of packages Maintenance90 Actively maintained with recent releases Popularity56 Moderate usage in the ecosystem Community23 Small or concentrated contributor base Maturity88 Battle-tested with a long release history Bus Factor2 2 contributors hold 50%+ of commits How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~145 days Recently: every ~283 days Total 19 Last Release 55d ago Major Versions 5.1.3 → 6.0.02022-01-26 6.0.1 → 7.0.02023-02-15 7.0.0 → 8.0.02024-03-26 8.0.1 → 9.0.02025-03-08 9.0.0 → 10.0.02026-03-25 PHP version history (8 changes)2.0.0PHP ~7.2 3.0.0PHP ^7.2 4.0.1PHP ^7.3 5.0.0PHP ^7.4 5.1.0PHP ^7.4|^8.0 6.0.0PHP ^8.0 7.0.0PHP ^8.1 10.0.0PHP ^8.4 ### Community Maintainers ![](https://avatars.githubusercontent.com/u/47768513?v=4)[Kazi Manzur Ahmed](/maintainers/kazimahmed)[@kazimahmed](https://github.com/kazimahmed) --- Top Contributors [![dependabot-preview[bot]](https://avatars.githubusercontent.com/in/2141?v=4)](https://github.com/dependabot-preview[bot] "dependabot-preview[bot] (102 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (69 commits)")[![tzsk](https://avatars.githubusercontent.com/u/13273787?v=4)](https://github.com/tzsk "tzsk (54 commits)")[![ankurk91](https://avatars.githubusercontent.com/u/6111524?v=4)](https://github.com/ankurk91 "ankurk91 (3 commits)")[![laravel-shift](https://avatars.githubusercontent.com/u/15991828?v=4)](https://github.com/laravel-shift "laravel-shift (3 commits)")[![fd6130](https://avatars.githubusercontent.com/u/11419744?v=4)](https://github.com/fd6130 "fd6130 (2 commits)")[![SoftHeroes](https://avatars.githubusercontent.com/u/24780408?v=4)](https://github.com/SoftHeroes "SoftHeroes (1 commits)") --- Tags generate-otplaravel-packageotpotp-generatorotp-verificationphplaravelotpsecurity2faTwo Factor Authenticationtzsklaravel otpphp otpotp generatorotp verification ### Code Quality TestsPest Static AnalysisPHPStan, Psalm Code StyleLaravel Pint Type Coverage Yes ### Embed Badge ![Health badge](/badges/tzsk-otp/health.svg) ``` [![Health](https://phpackages.com/badges/tzsk-otp/health.svg)](https://phpackages.com/packages/tzsk-otp) ``` ### Alternatives [asbiin/laravel-webauthn Laravel Webauthn support 309574.8k](/packages/asbiin-laravel-webauthn)[dgtlss/warden A Laravel package that proactively monitors your dependencies for security vulnerabilities by running automated composer audits and sending notifications via webhooks and email 8745.6k](/packages/dgtlss-warden)[ercsctt/laravel-file-encryption Secure file encryption and decryption for Laravel applications 642.6k](/packages/ercsctt-laravel-file-encryption) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)