Skip to content

sethadam1/GoogleAuthenticator

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

67 Commits
.github/workflows
.github/workflows
 
 
sethadam1
sethadam1
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
composer.json
composer.json
 
 

Repository files navigation

Google Authenticator PHP class

Forked and maintained by Adam Scheinberg (GitHub) (2026). This is a fork of PHPGangsta/GoogleAuthenticator with PHP 8.2+ modernization, updated class naming, and Packagist packaging. Released under the same BSD-4-Clause license. See LICENSE.md for details.

This PHP class can be used to interact with the Google Authenticator mobile app for 2-factor-authentication. It can generate secrets, generate codes, validate codes, and produce a QR code URL for scanning. It implements TOTP according to RFC6238.

For a secure installation you have to make sure that used codes cannot be reused (replay-attack). You also need to limit the number of verifications to fight against brute-force attacks. For example, limit attempts to 10 tries within 10 minutes per IP address (or IPv6 block).

Requirements:

  • PHP 8.2 or higher
  • Tested on PHP 8.2, 8.3, 8.4, and 8.5

Installation:

composer require sethadam1/googleauthenticator

Or add to your composer.json:

{
    "require": {
        "sethadam1/googleauthenticator": "^1.0"
    }
}

Usage:

<?php
require_once __DIR__ . '/vendor/autoload.php';

$ga = new GoogleAuthenticator();
$secret = $ga->createSecret();
echo "Secret is: " . $secret . "\n\n";

$qrCodeUrl = $ga->getQRCodeUrl('Blog', $secret);
echo "QR-Code URL: " . $qrCodeUrl . "\n\n";

$oneCode = $ga->getCode($secret);
echo "Checking Code '$oneCode' and Secret '$secret':\n";

$checkResult = $ga->verifyCode($secret, $oneCode, 2);    // 2 = 2*30sec clock tolerance
if ($checkResult) {
    echo 'OK';
} else {
    echo 'FAILED';
}

Running the script provides the following output:

Secret is: OQB6ZZGYHCPSX4AK

QR-Code URL: https://api.qrserver.com/v1/create-qr-code/?data=otpauth%3A%2F%2Ftotp%2FBlog%3Fsecret%3DOQB6ZZGYHCPSX4AK&size=200x200&ecc=M

Checking Code '848634' and Secret 'OQB6ZZGYHCPSX4AK':
OK

Migrating from PHPGangsta/GoogleAuthenticator:

This library is a drop-in replacement. Legacy names are aliased and fully functional, so no code changes are required. To adopt the modern names at your own pace:

Legacy Modern
new PHPGangsta_GoogleAuthenticator() new GoogleAuthenticator()
getQRCodeGoogleUrl(...) getQRCodeUrl(...)

Run Tests:

composer install
./vendor/bin/phpunit tests/

About

PHP class to generate and verify Google Authenticator 2-factor authentication

phpgangsta.de/4376

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages

  • PHP 100.0%