alimiracle/php-totp-auth
Composer 安装命令:
composer require alimiracle/php-totp-auth
包简介
A simple TOTP (Time-based One-Time Password) generator and validator.
README 文档
README
A simple PHP library for generating and verifying Time-based One-Time Passwords (TOTP), compatible with authenticator apps like Google Authenticator, FreeOTP, and more.
Features
- TOTP generation and verification
- Compatible with PHP 7.0 and above
- Lightweight and framework-agnostic
- Can be integrated with Laravel, Symfony, and other frameworks
Installation
To install PHP TOTP Auth, use Composer, which is the recommended method:
composer require alimiracle/php-totp-auth
Once the installation is complete, you can start using the library in your PHP projects.
Usage
Basic Example
use TotpAuth\Totp;
$secret = 'mySuperSecretKey123!';
// Generate TOTP
$otp = Totp::generate($secret);
echo "Generated OTP: $otp\n";
// Verify TOTP (e.g., from user input)
$userInput = trim(fgets(STDIN));
if (Totp::verify($userInput, $secret)) {
echo "? Valid OTP\n";
} else {
echo "? Invalid OTP\n";
}
API Methods
The core functionality of the library revolves around two main methods: generate and verify. These methods can be accessed through the Totp class.
1. Totp::generate($secret, $digits = 6, $period = 40, $timestamp = null)
This method generates a Time-based One-Time Password (TOTP) based on a shared secret key.
Parameters:
$secret(string): The shared secret key between the server and the client. This key is unique to each user and should be kept secure.$digits(integer, default: 6): The number of digits in the generated OTP. Common values are 6 or 8 digits.$period(integer, default: 40): The validity period in seconds. This defines how often a new OTP should be generated (default is 40 seconds).$timestamp(integer, optional): An optional UNIX timestamp for custom timing. If not provided, the current time is used.
Returns:
- (string): The generated TOTP code, which can be used for authentication.
Example Usage:
use TotpAuth\Totp;
$secret = 'mySuperSecretKey123!';
// Generate TOTP
$otp = Totp::generate($secret);
echo "Generated OTP: $otp\n";
2. Totp::verify($userInput, $secret, $digits = 6, $period = 40, $timestamp = null)
This method verifies a TOTP against the expected OTP generated using the same shared secret key.
Parameters:
$userInput(string): The OTP provided by the user.$secret(string): The shared secret key used to generate the OTP.$digits(integer, default: 6): The number of digits expected in the OTP.$period(integer, default: 40): The validity period of the OTP.$timestamp(integer, optional): An optional UNIX timestamp for custom timing.$window(integer, default: 1): The time window (in periods) of tolerance. The window specifies how many periods before or after the current period the OTP is considered valid.
Returns:
- (bool): Returns
trueif the OTP is valid,falseif it is invalid.
Example Usage:
use TotpAuth\Totp;
$userInput = trim(fgets(STDIN)); // User input from terminal or form
$secret = 'mySuperSecretKey123!';
// Verify TOTP
if (Totp::verify($userInput, $secret)) {
echo "? Valid OTP\n";
} else {
echo "? Invalid OTP\n";
}
Laravel Integration
To use this package in a Laravel project:
Require the package via Composer:
composer require alimiracle/php-totp-authYou can use it in your controller or service:
use TotpAuth\Totp; class AuthController extends Controller { public function verifyTotp(Request $request) { $secret = auth()->user()->totp_secret; $code = $request->input('code'); if (Totp::verify($code, $secret)) { return response()->json(['message' => 'OTP verified successfully.']); } return response()->json(['message' => 'Invalid OTP.'], 401); } }
Testing
The PHP TOTP Auth package includes unit tests that cover a variety of scenarios:
- Valid and invalid OTP generation and verification
- Custom OTP lengths and validity periods
- OTP expiration handling
- Handling custom timestamps and invalid secret keys
- Edge cases such as an empty secret key
You can run the tests with the following command:
composer test
License
This project is licensed under the GNU Lesser General Public License v3.0 (LGPL-3.0).
See the LICENSE file for more details.
Author
Ali Miracle Email: alimiracle@riseup.net
alimiracle/php-totp-auth 适用场景与选型建议
alimiracle/php-totp-auth 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 19 次下载、GitHub Stars 达 0, 最近一次更新时间为 2025 年 05 月 13 日, 在 PHP 生态内属于活跃度较高的组件。
我们在过去多个企业项目中使用过 alimiracle/php-totp-auth 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 alimiracle/php-totp-auth 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
统计信息
- 总下载量: 19
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 0
- 点击次数: 11
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: LGPL-3.0
- 更新时间: 2025-05-13