Google Authenticator PHP class

Copyright (c) 2012-2016, http://www.phpgangsta.de
Author: Michael Kliewe, @PHPGangsta and contributors
Licensed under the BSD License.

This PHP class can be used to interact with the Google Authenticator mobile app for 2-factor-authentication. This class can generate secrets, generate codes, validate codes and present a QR-Code for scanning the secret. It implements TOTP according to RFC6238

For a secure installation you have to make sure that used codes cannot be reused (replay-attack). You also need to limit the number of verifications, to fight against brute-force attacks. For example you could limit the amount of verifications to 10 tries within 10 minutes for one IP address (or IPv6 block). It depends on your environment.

Usage:

See following example:

<?php
require_once 'PHPGangsta/GoogleAuthenticator.php';

$ga = new PHPGangsta_GoogleAuthenticator();
$secret = $ga->createSecret();
echo "Secret is: ".$secret."\n\n";

$qrCodeUrl = $ga->getQRCodeGoogleUrl('Blog', $secret);
echo "Google Charts URL for the QR-Code: ".$qrCodeUrl."\n\n";

$oneCode = $ga->getCode($secret);
echo "Checking Code '$oneCode' and Secret '$secret':\n";

$checkResult = $ga->verifyCode($secret, $oneCode, 2);    // 2 = 2*30sec clock tolerance
if ($checkResult) {
    echo 'OK';
} else {
    echo 'FAILED';
}

Running the script provides the following output:

Secret is: OQB6ZZGYHCPSX4AK

Google Charts URL for the QR-Code: https://www.google.com/chart?chs=200x200&chld=M|0&cht=qr&chl=otpauth://totp/infoATphpgangsta.de%3Fsecret%3DOQB6ZZGYHCPSX4AK

Checking Code '848634' and Secret 'OQB6ZZGYHCPSX4AK':
OK

Installation:

Use Composer to install the package
From project root directory execute following

composer install

Composer will take care of autoloading the library. Just include the following at the top of your file

require_once __DIR__ . '/../vendor/autoload.php';

Run Tests:

All tests are inside tests folder.
Execute composer install and then run the tests from project root directory
Run as phpunit tests from the project root directory

ToDo:

??? What do you need?

Notes:

If you like this script or have some features to add: contact me, visit my blog, fork this project, send pull requests, you know how it works.

Project Name	Stars	Repos Using This	Packages Using This	Most Recent Commit	Total Releases	Latest Release	Open Issues	License	Language
Aws Iam Authenticator	2,045		64	a day ago	52	August 10, 2023	30	apache-2.0	Go
A tool to use AWS IAM credentials to authenticate to a Kubernetes cluster
Googleauthenticator	1,767	24	9	3 years ago		July 16, 2023	32	bsd-2-clause	PHP
PHP class to generate and verify Google Authenticator 2-factor authentication
Google2fa	1,611	585	77	7 months ago	33	April 05, 2020	5	mit	PHP
A One Time Password Authentication package, compatible with Google Authenticator.
Sparkmagic	1,251	17	5	9 days ago	56	September 13, 2023	144	other	Python
Jupyter magics and kernels for working with remote Spark clusters
Awesome Webauthn	1,071			4 days ago			2	cc0-1.0
A curated list of awesome WebAuthn/FIDO2 and now Passkey resources
Steam	849	29	9	3 months ago	67	May 15, 2022	34	mit	Python
☁️ Python package for interacting with Steam
Google2fa Laravel	800	66	21	7 months ago	25	August 17, 2021	43	mit	PHP
A One Time Password Authentication package, compatible with Google Authenticator for Laravel
Otpauth	656	11	21	4 days ago	89	November 10, 2022		mit	JavaScript
One Time Password (HOTP/TOTP) library for Node.js, Deno, Bun and browsers.
Webauthn Ruby	543	4	4	14 days ago	35	September 15, 2022	9	mit	Ruby
WebAuthn ruby server library ― Make your Ruby/Rails web server become a conformant WebAuthn Relying Party
Kerberos.net	456	1	5	a month ago	84	August 11, 2022	32	mit	C#
A Kerberos implementation built entirely in managed code.