OATH-HOTP implementation for PHP
PHP
Switch branches/tags
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
nbproject
src
tests
.coveralls.yml
.gitattributes
.gitignore
.travis.yml
CHANGELOG.md
LICENSE.md
README.md
composer.json
phpunit.xml.dist

README.md

OATH-OTP Implementation for PHP

Latest Version on Packagist Software License Build Status Coverage Status Quality Score Total Downloads

This library provides HMAC and time-based one-time password functionality as defined by RFC 4226 and RFC 6238 for PHP 5.3+.

Install

Via Composer

$ composer require rych/otp

Usage

The library makes generating and sharing secret keys easy.

<?php

use Rych\OTP\Seed;

// Generates a 20-byte (160-bit) secret key
$otpSeed = Seed::generate();

// -OR- use a pre-generated string
$otpSeed = new Seed('ThisIsMySecretSeed');

// Display secret key details
printf("Secret (HEX): %s\n", $otpSeed->getValue(Seed::FORMAT_HEX));
printf("Secret (BASE32): %s\n", $otpSeed->getValue(Seed::FORMAT_BASE32));

When a user attempts to login, they should be prompted to provide the OTP displayed on their device. The library can then validate the provided OTP using the user's shared secret key.

<?php

use Rych\OTP\HOTP;

$otpSeed = $userObject->getOTPSeed();
$otpCounter = $userObject->getOTPCounter();
$providedOTP = $requestObject->getPost('otp');

// The constructor will accept a Seed object or a string
$otplib = new HOTP($otpSeed);
if ($otplib->validate($providedOTP, $otpCounter)) {
    // Advance the application's stored counter
    // This bit is important for HOTP but not done for TOTP
    $userObject->incrementOTPCounter($otplib->getLastValidCounterOffset() + 1);

    // Now the user is authenticated
}

Time-based OTPs are handled the same way, except you don't have a counter value to track or increment.

Change log

Please see CHANGELOG for more information what has changed recently.

Testing

$ vendor/bin/phpunit -c phpunit.dist.xml

Security

If you discover any security related issues, please email rchouinard@gmail.com instead of using the issue tracker.

License

The MIT License (MIT). Please see License File for more information.