Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
HMAC Based One Time Passwords in PHP
branch: master

Merge pull request #3 from sachabeharry/patch-1

Update hotp.php to do Lazy calculation of decimal and hex values. Can improve performance when doing large numbers of calculations.
latest commit d8369b25da
Jakob Heuser authored

README.markdown

HOTP - PHP Based HMAC One Time Passwords

What is HOTP: HOTP is a class that simplifies One Time Password systems for PHP Authentication. The HOTP/TOTP Algorithms have been around for a bit, so this is a straightforward class to meet the test vector requirements.

What works with HOTP/TOTP: It's been tested to the test vectors, and I've verified the time-sync hashes against the following:

  • Android: Mobile-OTP
  • iPhone: OATH Token

Why would I use this: Who wouldn't love a simple drop-in class for HMAC Based One Time Passwords? It's a great extra layer of security (creating two-factor auth) and it's pretty darn zippy.

Okay you sold me. Give me some docs:

  • $result = HOTP::generateByCounter($key, $counter); // event based
  • $result = HOTP::generateByTime($key, $window); // time based within a "window" of time
  • $result = HOTP::generateByTimeWindow($key, $window, $min, $max); // same as generateByTime, but for $min windows before and $max windows after

with $result, you can do all sorts of neat things...

  • $result->toString();
  • $result->toHex();
  • $result->doDec();
  • $result->toHotp($length); // how many digits in your OTP?
Something went wrong with that request. Please try again.