PHTP is a lightweight PHP library for generating and validating Time-based One-Time Passwords (TOTP) and other OTPs. It is designed to work seamlessly with authenticator applications such as Google Authenticator, Microsoft Authenticator, and others.
- Base32 encoding and decoding
- Support for generating One-Time Passwords (OTPs) and Time-based OTPs (TOTP)
- Configurable digits, time period, hash algorithms (SHA1, SHA256, SHA512)
- Generate secret keys for TOTP setup
- Generate URIs for TOTP setup compatible with major authenticator apps
Simply include the PHTP
class in your project:
require_once 'path/to/PHTP.php';
You can easily generate a TOTP or OTP using the code
function. This function supports multiple hash algorithms and customizable time periods.
$secret = 'JBSWY3DPEHPK3PXP'; // Base32 encoded secret key
$otp = PHTP::code($secret);
echo "Generated OTP: " . $otp;
Parameters:
$secret
(string) - Base32 encoded secret.$mode
(string) - Either 'TOTP' or 'OTP' (default: 'TOTP').$digits
(int) - Number of digits for the OTP (default: 6).$time
(int) - Time period in seconds (default: 30).$offset
(int) - Time offset in seconds (default: 0).$algo
(string) - Hashing algorithm: 'sha1', 'sha256', or 'sha512' (default: 'sha1').
Example:
$otp = PHTP::code('JBSWY3DPEHPK3PXP', 'TOTP', 6, 30, 0, 'sha1');
echo "Your OTP: $otp";
You can generate a base32 encoded secret key that will be used by the TOTP algorithm. This secret can be shared with the user’s authenticator app.
$secret = PHTP::key();
echo "Generated Secret Key: " . $secret;
Parameters:
$length
(int) - Length of the secret key (default: 24).
Example:
$secret = PHTP::key(24);
echo "Generated Secret: $secret";
Generate a URI that can be scanned by Google Authenticator, Microsoft Authenticator, or other TOTP-compatible apps to easily set up two-factor authentication.
$account = 'user@example.com';
$secret = 'JBSWY3DPEHPK3PXP';
$uri = PHTP::url($account, $secret);
echo "TOTP Setup URI: " . $uri;
Parameters:
$account
(string) - Account name (e.g., email or username).$secret
(string) - Base32 encoded secret key.$digits
(int) - Number of digits for the OTP (optional).$time
(int) - Time period in seconds (optional).$issuer
(string) - Issuer name (optional).$algo
(string) - Hashing algorithm (optional).
Example:
$uri = PHTP::url('user@example.com', 'JBSWY3DPEHPK3PXP', 6, 30, 'YourApp', 'sha1');
echo "Scan this QR code: " . $uri;
If you need to encode or decode data in base32 format, PHTP provides simple methods to handle this.
$encoded = PHTP::base32Encode('Some data');
$decoded = PHTP::base32Decode($encoded);
PHTP provides basic error checking. If invalid inputs are provided, functions will return an error message in the form of an array:
$otp = PHTP::code('InvalidSecret');
if (isset($otp['fail'])) {
echo "Error: " . $otp['fail'];
}
This library is open-sourced under the MIT License.
Contributions are welcome! Please submit pull requests via GitHub at PHTP GitHub.