rych / otp
PHP implementation of the OATH one-time password standards
Installs: 217 029
Dependents: 4
Suggesters: 0
Security: 0
Stars: 36
Watchers: 4
Forks: 4
Open Issues: 1
Requires
- php: >=5.3.4
- ext-hash: *
- rych/random: 0.1.*
Requires (Dev)
- phpunit/phpunit: ~4.7
- satooshi/php-coveralls: ~0.6
This package is auto-updated.
Last update: 2024-10-23 11:14:26 UTC
README
This library provides HMAC and time-based one-time password functionality as defined by RFC 4226 and RFC 6238 for PHP 5.3+.
Install
Via Composer
$ composer require rych/otp
Usage
The library makes generating and sharing secret keys easy.
<?php use Rych\OTP\Seed; // Generates a 20-byte (160-bit) secret key $otpSeed = Seed::generate(); // -OR- use a pre-generated string $otpSeed = new Seed('ThisIsMySecretSeed'); // Display secret key details printf("Secret (HEX): %s\n", $otpSeed->getValue(Seed::FORMAT_HEX)); printf("Secret (BASE32): %s\n", $otpSeed->getValue(Seed::FORMAT_BASE32));
When a user attempts to login, they should be prompted to provide the OTP displayed on their device. The library can then validate the provided OTP using the user's shared secret key.
<?php use Rych\OTP\HOTP; $otpSeed = $userObject->getOTPSeed(); $otpCounter = $userObject->getOTPCounter(); $providedOTP = $requestObject->getPost('otp'); // The constructor will accept a Seed object or a string $otplib = new HOTP($otpSeed); if ($otplib->validate($providedOTP, $otpCounter)) { // Advance the application's stored counter // This bit is important for HOTP but not done for TOTP $userObject->incrementOTPCounter($otplib->getLastValidCounterOffset() + 1); // Now the user is authenticated }
Time-based OTPs are handled the same way, except you don't have a counter value to track or increment.
Change log
Please see CHANGELOG for more information what has changed recently.
Testing
$ vendor/bin/phpunit -c phpunit.dist.xml
Security
If you discover any security related issues, please email rchouinard@gmail.com instead of using the issue tracker.
License
The MIT License (MIT). Please see License File for more information.