Skip to content
/ GoogleAuthenticator Public

PHP class to generate and verify Google Authenticator 2-factor authentication

License

BSD-2-Clause license
14 stars 9 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Vectorface/GoogleAuthenticator

BranchesTags

Repository files navigation

Google Authenticator (TOTP)

Build Status

English | 中文

This is a fork of https://github.com/PHPGangsta/GoogleAuthenticator with the following changes:

  • Uses https://github.com/endroid/qr-code to generate QR code data URIs
  • No longer generates Google's Chart API to make QR code links
  • Uses namespacing
  • Augmented test coverage to 100%
  • Bumped minimum PHP version to 8.1

Original License:

Description:

This PHP class can be used to interact with the Google Authenticator mobile app for 2-factor-authentication. This class can generate secrets, generate codes, validate codes and present a QR-Code for scanning the secret. It implements TOTP according to RFC6238

For a secure installation you have to make sure that used codes cannot be reused (replay-attack). You also need to limit the number of verifications, to fight against brute-force attacks. For example you could limit the amount of verifications to 10 tries within 10 minutes for one IP address (or IPv6 block). It depends on your environment.

Usage:

See following example:

<?php
require_once 'vendor/autoload.php';

use Vectorface\GoogleAuthenticator;

$ga = new GoogleAuthenticator();
$secret = $ga->createSecret();
echo "Secret is: {$secret}\n\n";

$qrCodeUrl = $ga->getQRCodeUrl('Admin', $secret, 'Blog');
echo "PNG Data URI for the QR-Code: {$qrCodeUrl}\n\n";

$oneCode = $ga->getCode($secret);
echo "Checking Code '$oneCode' and Secret '$secret':\n";

// 2 = 2*30sec clock tolerance
$checkResult = $ga->verifyCode($secret, $oneCode, 2);
if ($checkResult) {
    echo 'OK';
} else {
    echo 'FAILED';
}

Running the script provides output similar to:

Secret is: OQB6ZZGYHCPSX4AK

PNG Data URI for the QR-Code: data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAARgAAAEYCAIAAAAI[snipped]

Checking Code '848634' and Secret 'OQB6ZZGYHCPSX4AK':
OK

Installation:

composer require vectorface/googleauthenticator

Run Tests:

  • All tests are inside tests folder.
  • Execute composer install to prepare your environment.
  • Run composer test from the project root directory.

About

PHP class to generate and verify Google Authenticator 2-factor authentication

Resources

Readme

License

BSD-2-Clause license
Activity
Custom properties

Stars

14 stars

Watchers

4 watching

Forks

9 forks
Report repository

Releases 6

v3.3: PHP 8.4 support Latest
Dec 12, 2024
+ 5 releases

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages