Menu
I want to use Google 2FA in my PHP project. The user needs to enter the 6 digit 2fa code while logging in.
May you draw some tips on which direction to take?
693
Implementing Google Authenticator on your website using PHP Generate a secret key for each user. Generate the QR code for your user to scan when they enable 2FA. Verify that the code entered is valid at login.
On the desktop, you access it by going to Settings > Security and Login(Opens in a new window). Under Two-Factor Authentication, click Edit on the right. On the next screen, select how you'd like to receive your second form of authentication: a text message, authenticator app, or physical security key.
Which package you use is very important because you are putting a lot of trust into the person who controls that package. I would rather not use one called PHPGangsta, and instead go with this one.
UPDATE
I leave my original answer below, but the problem with the sonata solution is that it queries api.qrserver.com. They have these docs available here. Very nice of them to offer this service but I don't know them so I can't trust them.
I have instead gone with this solution which is inspired by PHPGangsta and also seems to be an improvement. Generally, it seems like a more trustworthy solution. I use it like so:
First add it using composer:
composer require robthree/twofactorauth
Then you can print out a QR Image:
$tfa = new TwoFactorAuth(env('APP_NAME'));
$secret = $tfa->createSecret();
$qrCodeImage = $tfa->getQRCodeImageAsDataUri($user->email, $secret);
echo '<img src='.$qrCodeImage.' />';
And then validate:
$tfa = new TwoFactorAuth();
$result = $tfa->verifyCode($secret, $code);
if (empty($result)) print 'Sorry!';
else print 'Yes!';
BELOW IS MY OLD ANSWER BUT I DONT RECOMMEND USING THIS SOLUTION
Add it using composer:
composer require sonata-project/google-authenticator
Generate a new code:
$g = new \Google\Authenticator\GoogleAuthenticator();
$salt = '7WAO342QFANY6IKBF7L7SWEUU79WL3VMT920VB5NQMW';
$secret = $username.$salt;
echo '<img src="'.$g->getURL($username, 'example.com', $secret).'" />';
And then validate it:
$g = new \Google\Authenticator\GoogleAuthenticator();
$salt = '7WAO342QFANY6IKBF7L7SWEUU79WL3VMT920VB5NQMW';
$secret = $username.$salt;
$check_this_code = $_POST['code'];
if ($g->checkCode($secret, $check_this_code)) {
echo 'Success!';
} else {
echo 'Invalid login';
}
Step 1) Create a unique secret code of length 16 characters. PHPGangsta provides wrapper class for Google Authenticator. You can download using composer.
curl -sS https://getcomposer.org/installer | php
php composer.phar require phpgangsta/googleauthenticator:dev-master
Use the below code to generate the secret code.
<?php
require 'vendor/autoload.php';
$authenticator = new PHPGangsta_GoogleAuthenticator();
$secret = $authenticator->createSecret();
echo "Secret: ".$secret;
?>
Step 2) Create a QR code withe the generated secret.
We need to prepare a QR code using the secret. If you want to read more about QR code generation for Google Authenticator. Github Wiki You can use any QR code generator to generate the QR code, For this demo I am using Google charts.
require 'vendor/autoload.php';
$authenticator = new PHPGangsta_GoogleAuthenticator();
$secret = $authenticator->createSecret();
echo "Secret: ".$secret."\n"; //save this at server side
$website = 'http://hayageek.com'; //Your Website
$title= 'Hayageek';
$qrCodeUrl = $authenticator->getQRCodeGoogleUrl($title, $secret,$website);
echo $qrCodeUrl;
Step 3) Generate TOTP (Time-Based One time password) using Google Authenticator App
Download the Google Authenticator app from Google Play or AppStore
Open the app and Click on ‘+’ Button, and scan the QR code generated using Google Charts. Authenticator app generates the TOTP for your website. TOTP will change for every 30 secs.
Two factor authentication with Google Authenticator
Step 4) Verifying OTP at server side
require 'vendor/autoload.php';
$authenticator = new PHPGangsta_GoogleAuthenticator();
$secret = '3JMZE4ASZRIISJRI'; //This is used to generate QR code
$otp = '183036' ;//Generated by Authenticator.
$tolerance = 0;
//Every otp is valid for 30 sec.
// If somebody provides OTP at 29th sec, by the time it reaches the server OTP is expired.
//So we can give tolerance =1, it will check current & previous OTP.
// tolerance =2, verifies current and last two OTPS
$checkResult = $authenticator->verifyCode($secret, $otp, $tolerance);
if ($checkResult)
{
echo 'OTP is Validated Succesfully';
} else {
echo 'FAILED';
}
source code refer this link : http://hayageek.com/two-factor-authentication-with-google-authenticator-php/
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
