Two-Factor-Authentication

This PHP Library implements TOTP algorithm popularized by GoogleAuthenticator. It provides a simple, secure, and user-friendly 2-Factor-Authentication scheme., _(*1)

Algorithm

The Time-Based One-Time Password Algorithm is described in RFC 26238 is located at https://tools.ietf.org/html/rfc6238, _(*2)

Generating Secrets

Have your users download the GoogleAuthenticator app to their smart phone. Links to Android Play Store and Apple App Store, _(*3)

Generate a Secret for each user and store it in your application, _(*4)

use Mindgruve\TwoFactorAuth\Secret;
$secret = new Secret();
// Secrets can be Serialized to a Base32 String
$serializedSecret = $secret->asBase32();
// Save this $serializedSecret in your application for this user

Have your user load the secret into GoogleAuthenticator., _(*5)

use Mindgruve\TwoFactorAuth\Secret;
$secret = new Secret();
/**
 * Display a QR code for users to scan
 */
<img src="<?php echo $secret->getGoogleQRCodeUrl(); ?>">
/**
 *  Display the secret for users to enter manually.
 */
echo $secret->asBase32();

GoogleAuthenticator will now generate a new token every 30 seconds for your user, _(*6)

Validating Tokens

When your user logs in, prompt the user for a token. The user opens their GoogleAuthenticator and enters in the token shown on their screen, which regenerates every 30 seconds. To validate the token, you load the user's secret (from your database for instance) and use the helper function isValidToken() to validate the user supplied token., _(*7)

    use Mindgruve\TwoFactorAuth\Authenticator;
    use Mindgruve\TwoFactorAuth\Secret;
    use Mindgruve\TwoFactorAuth\Token;

    /**
     * Load the $serializedSecret for the user
     * The $tokenString is value submitted by the user
     */
     $secret = new Secret($serializedSecret);
     $token = new Token($tokenString);
     $authenticator = new Authenticator();
     if($authenticator->isValidToken($secret, $token)){
        // access granted
     } else {
        // access denied
     }