Your cart is currently empty!
TOTP authenticator PHP code [Two factor authentication] – Simple Tutorial
Here’s a simple implementation of a Time-based One-Time Password (TOTP) generator in PHP
What is TOTP
TOTP is a time-based variant of the One-Time Password (OTP) authentication system. It generates a unique code that is valid only for a limited period of time (e.g., 30 seconds). This code is used to authenticate a user in the same way a password would be used.
How TOTP works
The TOTP algorithm requires two things: a secret key shared between the server and the client, and the current time.
- The client and the server agree on a secret key and a time step (e.g., 30 seconds).
- The client calculates the current time step by dividing the current time by the time step and rounding down to the nearest whole number.
- The client generates a HMAC hash of the secret key and the current time step using the SHA-1 algorithm.
- The client takes the last
n
characters of the hash, wheren
is the desired length of the TOTP code (e.g., 6 characters). - The server performs the same calculation using the secret key and the current time step and compares the result with the code received from the client.
- If the code received from the client matches the code generated by the server, the user is authenticated.
TOTP in PHP Numeric Code – Sample Example 1
<?php // Use the parameters from the latest version of the TOTP RFC (6238) $timeStep = 30; $codeLength = 6; $secret = 'JBSWY3DPEHPK3PXP'; // Compute the current time step $timestamp = floor(time() / $timeStep); // Compute the HMAC hash of the secret and the current timestamp $hash = hash_hmac('sha1', pack('N*', 0) . pack('N*', $timestamp), $secret); // Generate the TOTP code by taking the last $codeLength characters of the hash $code = substr($hash, -$codeLength); // Convert the TOTP code to a number $numericCode = 0; for ($i = 0; $i < $codeLength; $i++) { $numericCode = $numericCode * 10 + hexdec($code[$i]); } // Output the numeric TOTP echo $numericCode . PHP_EOL;
TOTP in PHP Alphanumeric Code – Sample Example 2
<?php // Use the parameters from the latest version of the TOTP RFC (6238) $timeStep = 30; $codeLength = 6; $secret = 'JBSWY3DPEHPK3PXP'; // Compute the current time step $timestamp = floor(time() / $timeStep); // Compute the HMAC hash of the secret and the current timestamp $hash = hash_hmac('sha1', pack('N*', 0) . pack('N*', $timestamp), $secret); // Generate the TOTP code by taking the last $codeLength characters of the hash $code = substr($hash, -$codeLength); // Output the TOTP echo $code;
You can simply run the PHP script in a web server or in a command-line interface (CLI) and it will output the TOTP code.
For example, if you save the script to a file called totp.php
, you can run it in the CLI with the following command:
$ php totp.php
This script generates a TOTP code that is $codeLength
characters long (in this case, 6 characters). You can use this code for authentication purposes.
Conclusion
In this tutorial, you learned how TOTP works and how to generate a TOTP code in PHP. You can use this code for authentication purposes in a variety of applications, including two-factor authentication.
Comments
Grabber Pro
Original price was: $ 59.00.$ 39.00Current price is: $ 39.00.Insertcart Custom WooCommerce Checkbox Ultimate
Original price was: $ 39.00.$ 19.00Current price is: $ 19.00.Android App for Your Website
Original price was: $ 49.00.$ 35.00Current price is: $ 35.00.Abnomize Pro
Original price was: $ 30.00.$ 24.00Current price is: $ 24.00.Medical Portfolio Pro
Original price was: $ 31.00.$ 24.00Current price is: $ 24.00.
Latest Posts
- How to Use AWS SES Email from Localhost or Website: Complete Configuration in PHP
- How to Upload Images and PDFs in Android Apps Using Retrofit
- [Fix] File Permission Issue in Apache Website WordPress Not Writable to 775
- Best PHP ini Settings for WordPress & WooCommerce: Official Recommendations
- Script to Get Users System or Browser Data When Link Open Grab Using PHP & JavaScript
Leave a Reply