-
Notifications
You must be signed in to change notification settings - Fork 0
One-Time Passwords per RFC 4226 (HOTP) and RFC 6238 (TOTP) implemented in PHP.
License
LGPL-3.0, GPL-3.0 licenses found
Licenses found
LGPL-3.0
COPYING.LESSER
GPL-3.0
COPYING
thepapanoob/PHPOTP
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
** Warning ** While the code provided appears to work in limited cases, it probably contains bugs. See COPYING and COPYING.LESSER for disclaimers and such. If this concerns you, you are encouraged to read the code yourself. It is a surprisingly small amount of code, and much of it is rather straightforward. As always, patches are welcome. Patches must be provided as public domain (or whatever your local equivalent is) to prevent license entanglement issues. ** Introduction ** Two-factor authentication is becoming an increasingly popular way of increasing security. As an example, Google now supports it's use for their user accounts, as well as provides a Google Authenticator mobile app. The term "Two-factor" normally refers to authentication based on a password (the first factor) as well as something else (in this case a mobile app acting as a security token). Authentication that combines "something you know" and "something you have" brings additional security. ** Compatability ** Any standards complient HOTP/TOTP application should work. RedHat's FreeOTP works well and is Apache 2.0 licensed. https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp Google's Google Authenticator works well and is nicely polished, but supports only SHA1 with 6 digits and a 30-second window. https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2 ** Usage ** On the server: $OTP=new PHPOTP(); $Seed=$OTP->GenSeed(); StoreSeedSomewhereSafe($Seed); $URI=$OTP->TOTPAsURI('Issuer Name','A Label',Base32::Encode($Seed)); echo QREncode($URI); The StoreSeedSomewhereSafe() and QREncode() functions are left to the reader. The client would then use the QR code to set up their token, typically a mobile app. To authenticate, the user would provide the value currently provided by their token. The server would: $OTP=new PHPOTP(); $Seed=GetSeedFromSomewhereSafe(); $CurrValue=$OTP->TOTP($Seed); $Success=($CurrValue==$_REQUEST['value']); The Seed=GetSeedFromSomewhereSafe() function is left to the reader.
About
One-Time Passwords per RFC 4226 (HOTP) and RFC 6238 (TOTP) implemented in PHP.
Resources
License
LGPL-3.0, GPL-3.0 licenses found
Licenses found
LGPL-3.0
COPYING.LESSER
GPL-3.0
COPYING
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published