README.md
85 lines
| 1 | Google Authenticator PHP class |
| 2 | ============================== |
| 3 | |
| 4 | * Copyright (c) 2012-2016, [](http://www.phpgangsta.dehttp://www.phpgangsta.de](http://www.phpgangsta.de](http://www.phpgangsta.de) |
| 5 | * Author: Michael Kliewe, [](http://twitter.com/PHPGangsta@PHPGangsta](http://twitter.com/PHPGangsta](http://twitter.com/PHPGangsta) and [](https://github.com/PHPGangsta/GoogleAuthenticator/graphs/contributorscontributors](https://github.com/PHPGangsta/GoogleAuthenticator/graphs/contributors](https://github.com/PHPGangsta/GoogleAuthenticator/graphs/contributors) |
| 6 | * Licensed under the BSD License. |
| 7 | |
| 8 | [](https://travis-ci.org/PHPGangsta/GoogleAuthenticator](https://travis-ci.org/PHPGangsta/GoogleAuthenticator](https://travis-ci.org/PHPGangsta/GoogleAuthenticator) |
| 9 | |
| 10 | This PHP class can be used to interact with the Google Authenticator mobile app for 2-factor-authentication. This class |
| 11 | can generate secrets, generate codes, validate codes and present a QR-Code for scanning the secret. It implements TOTP |
| 12 | according to [](https://tools.ietf.org/html/rfc6238RFC6238](https://tools.ietf.org/html/rfc6238](https://tools.ietf.org/html/rfc6238) |
| 13 | |
| 14 | For a secure installation you have to make sure that used codes cannot be reused (replay-attack). You also need to |
| 15 | limit the number of verifications, to fight against brute-force attacks. For example you could limit the amount of |
| 16 | verifications to 10 tries within 10 minutes for one IP address (or IPv6 block). It depends on your environment. |
| 17 | |
| 18 | Usage: |
| 19 | ------ |
| 20 | |
| 21 | See following example: |
| 22 | |
| 23 | ```php |
| 24 | <?php |
| 25 | require_once 'PHPGangsta/GoogleAuthenticator.php'; |
| 26 | |
| 27 | $ga = new PHPGangsta_GoogleAuthenticator(); |
| 28 | $secret = $ga->createSecret(); |
| 29 | echo "Secret is: ".$secret."\n\n"; |
| 30 | |
| 31 | $qrCodeUrl = $ga->getQRCodeGoogleUrl('Blog', $secret); |
| 32 | echo "Google Charts URL for the QR-Code: ".$qrCodeUrl."\n\n"; |
| 33 | |
| 34 | $oneCode = $ga->getCode($secret); |
| 35 | echo "Checking Code '$oneCode' and Secret '$secret':\n"; |
| 36 | |
| 37 | $checkResult = $ga->verifyCode($secret, $oneCode, 2); // 2 = 2*30sec clock tolerance |
| 38 | if ($checkResult) { |
| 39 | echo 'OK'; |
| 40 | } else { |
| 41 | echo 'FAILED'; |
| 42 | } |
| 43 | ``` |
| 44 | Running the script provides the following output: |
| 45 | ``` |
| 46 | Secret is: OQB6ZZGYHCPSX4AK |
| 47 | |
| 48 | Google Charts URL for the QR-Code: https://www.google.com/chart?chs=200x200&chld=M|0&cht=qr&chl=otpauth://totp/infoATphpgangsta.de%3Fsecret%3DOQB6ZZGYHCPSX4AK |
| 49 | |
| 50 | Checking Code '848634' and Secret 'OQB6ZZGYHCPSX4AK': |
| 51 | OK |
| 52 | ``` |
| 53 | |
| 54 | Installation: |
| 55 | ------------- |
| 56 | |
| 57 | - Use [](https://getcomposer.org/doc/01-basic-usage.mdComposer](https://getcomposer.org/doc/01-basic-usage.md](https://getcomposer.org/doc/01-basic-usage.md) to |
| 58 | install the package |
| 59 | |
| 60 | - From project root directory execute following |
| 61 | |
| 62 | ```composer install``` |
| 63 | |
| 64 | - [](https://getcomposer.org/doc/01-basic-usage.mdComposer](https://getcomposer.org/doc/01-basic-usage.md](https://getcomposer.org/doc/01-basic-usage.md) will take care of autoloading |
| 65 | the library. Just include the following at the top of your file |
| 66 | |
| 67 | `require_once __DIR__ . '/../vendor/autoload.php';` |
| 68 | |
| 69 | Run Tests: |
| 70 | ---------- |
| 71 | |
| 72 | - All tests are inside `tests` folder. |
| 73 | - Execute `composer install` and then run the tests from project root |
| 74 | directory |
| 75 | - Run as `phpunit tests` from the project root directory |
| 76 | |
| 77 | |
| 78 | ToDo: |
| 79 | ----- |
| 80 | - ??? What do you need? |
| 81 | |
| 82 | Notes: |
| 83 | ------ |
| 84 | |
| 85 | If you like this script or have some features to add: contact me, visit my blog, fork this project, send pull requests, you know how it works. |