2017 © Pedro Peláez
 

library otp

PHP implementation of the OATH one-time password standards

image

rych/otp

PHP implementation of the OATH one-time password standards

  • Wednesday, May 18, 2016
  • by rchouinard
  • Repository
  • 4 Watchers
  • 37 Stars
  • 62,479 Installations
  • PHP
  • 5 Dependents
  • 0 Suggesters
  • 4 Forks
  • 2 Open issues
  • 5 Versions
  • 10 % Grown

The README.md

OATH-OTP Implementation for PHP

Latest Version on Packagist ![Software License][ico-license] Build Status ![Coverage Status][ico-coveralls] Quality Score ![Total Downloads][ico-downloads], (*1)

This library provides HMAC and time-based one-time password functionality as defined by RFC 4226 and RFC 6238 for PHP 5.3+., (*2)

Install

Via Composer, (*3)

``` bash $ composer require rych/otp, (*4)



## Usage

The library makes generating and sharing secret keys easy.

```php
<?php

use Rych\OTP\Seed;

// Generates a 20-byte (160-bit) secret key
$otpSeed = Seed::generate();

// -OR- use a pre-generated string
$otpSeed = new Seed('ThisIsMySecretSeed');

// Display secret key details
printf("Secret (HEX): %s\n", $otpSeed->getValue(Seed::FORMAT_HEX));
printf("Secret (BASE32): %s\n", $otpSeed->getValue(Seed::FORMAT_BASE32));

When a user attempts to login, they should be prompted to provide the OTP displayed on their device. The library can then validate the provided OTP using the user's shared secret key., (*5)

<?php

use Rych\OTP\HOTP;

$otpSeed = $userObject->getOTPSeed();
$otpCounter = $userObject->getOTPCounter();
$providedOTP = $requestObject->getPost('otp');

// The constructor will accept a Seed object or a string
$otplib = new HOTP($otpSeed);
if ($otplib->validate($providedOTP, $otpCounter)) {
    // Advance the application's stored counter
    // This bit is important for HOTP but not done for TOTP
    $userObject->incrementOTPCounter($otplib->getLastValidCounterOffset() + 1);

    // Now the user is authenticated
}

Time-based OTPs are handled the same way, except you don't have a counter value to track or increment., (*6)

Change log

Please see CHANGELOG for more information what has changed recently., (*7)

Testing

bash $ vendor/bin/phpunit -c phpunit.dist.xml, (*8)

Security

If you discover any security related issues, please email rchouinard@gmail.com instead of using the issue tracker., (*9)

License

The MIT License (MIT). Please see License File for more information., (*10)

The Versions

18/05 2016

dev-develop

dev-develop https://github.com/rchouinard/rych-otp

PHP implementation of the OATH one-time password standards

  Sources   Download

MIT

The Requires

 

The Development Requires

by Ryan Chouinard

security otp oath totp hotp rfc4226 rfc6238

30/06 2015

dev-master

9999999-dev https://github.com/rchouinard/rych-otp

PHP implementation of the OATH one-time password standards

  Sources   Download

MIT

The Requires

 

The Development Requires

by Ryan Chouinard

security otp oath totp hotp rfc4226 rfc6238

30/06 2015

v1.1.1

1.1.1.0 https://github.com/rchouinard/rych-otp

PHP implementation of the OATH one-time password standards

  Sources   Download

MIT

The Requires

 

The Development Requires

by Ryan Chouinard

security otp oath totp hotp rfc4226 rfc6238

24/02 2014

v1.1.0

1.1.0.0 https://github.com/rchouinard/rych-otp

PHP implementation of the OATH one-time password standards

  Sources   Download

MIT

The Requires

 

The Development Requires

by Ryan Chouinard

security otp oath totp hotp rfc4226 rfc6238

12/11 2013

v1.0.0

1.0.0.0 https://github.com/rchouinard/rych-otp

PHP implementation of the OATH one-time password standards

  Sources   Download

MIT

The Requires

 

The Development Requires

by Ryan Chouinard

security otp oath totp hotp rfc4226 rfc6238