Download the PHP package chillerlan/php-authenticator without Composer
On this page you can find all versions of the php package chillerlan/php-authenticator. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download chillerlan/php-authenticator
More information about chillerlan/php-authenticator
Files in chillerlan/php-authenticator
Package php-authenticator
Short Description A generator for counter- and time based 2-factor authentication codes (Google Authenticator). PHP 7.4+
License
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package php-authenticator
chillerlan/php-authenticator
A generator for counter based (RFC 4226) and time based (RFC 6238) one time passwords (OTP). (a.k.a. Yet Another Google Authenticator Implementation!)
Documentation
Requirements
- PHP 8.2+
ext-curlfor Steam Guard server time synchronizationext-sodiumfor constant time implementations of base64 encode/decode and hex2bin/bin2hex (paragonie/constant_time_encodingis used as fallback)
Installation
requires composer
via terminal: composer require chillerlan/php-authenticator
composer.json
Note: replace dev-main with a version constraint, e.g. ^5.0 - see releases for valid versions
Profit!
Usage
Create a secret
The secret is usually being created once during the activation process in a user control panel. So all you need to do there is to display it to the user in a convenient way - as a text string and QR code for example - and save it somewhere with the user data.
A secret created with Authenticator::createSecret() will also be stored internally,
so that you don't need to provide the secret you just created on follow-up operations with the current instance.
Verify a one time code
Now during the login process - after the user has successfully entered their credentials - you would ask them for a one time code to check it against the secret from your user database.
time based (TOTP)
Verify adjacent codes
counter based (HOTP)
URI creation
In order to display a QR code for a mobile authenticator you'll need an otpauth:// URI, which can be created using the following method.
$labelshould be something that identifies the account to which the secret belongs$issueris the name of your website or company for example, so that the user is able to identify multiple accounts.
Notes
Keep in mind that several URI settings are not (yet) recognized by all authenticators. Check the Google Authenticator wiki for more info.
API
Authenticator
| method | return | description |
|---|---|---|
__construct(SettingsContainerInterface $options = null, string $secret = null) |
- | |
setOptions(SettingsContainerInterface $options) |
Authenticator |
called internally by __construct() |
setSecret(string $secret) |
Authenticator |
called internally by __construct() |
getSecret() |
string |
|
createSecret(int $length = null) |
string |
$length overrides AuthenticatorOptions setting |
code(int $data = null) |
string |
$data may be a UNIX timestamp (TOTP) or a counter value (HOTP) |
verify(string $otp, int $data = null) |
bool |
for $data see Authenticator::code() |
getUri(string $label, string $issuer, int $hotpCounter = null, bool $omitSettings = null) |
string |
AuthenticatorOptions
Properties
| property | type | default | allowed | description |
|---|---|---|---|---|
$digits |
int |
6 | 6 or 8 | auth code length |
$period |
int |
30 | 15 - 60 | validation period (seconds) |
$secret_length |
int |
20 | >= 16 | length of the secret phrase (bytes, unencoded binary) |
$algorithm |
string |
SHA1 |
SHA1, SHA256 or SHA512 |
HMAC hash algorithm, see AuthenticatorInterface::HASH_ALGOS |
$mode |
string |
totp |
totp, hotp, battlenet or steam |
authenticator mode: time- or counter based, see AuthenticatorInterface::MODES |
$adjacent |
int |
1 | >= 0 | number of allowed adjacent codes |
$time_offset |
int |
0 | * | fixed time offset that will be added to the current time value |
$useLocalTime |
bool |
true | * | whether to use local time or request server time |
$forceTimeRefresh |
bool |
false | * | whether to force refreshing server time on each call |
AuthenticatorInterface
Methods
| method | return | description |
|---|---|---|
setOptions(SettingsContainerInterface $options) |
AuthenticatorInterface |
|
setSecret(string $encodedSecret) |
AuthenticatorInterface |
|
getSecret() |
string |
|
createSecret(int $length = null) |
string |
|
getServertime() |
int |
|
getCounter(int $data = null) |
int |
internal |
getHMAC(int $counter) |
string |
internal |
getCode(string $hmac) |
int |
internal |
getOTP(int $code) |
string |
internal |
code(int $data = null) |
string |
|
verify(string $otp, int $data = null) |
bool |
Constants
| constant | type | description |
|---|---|---|
TOTP |
string |
|
HOTP |
string |
|
STEAM_GUARD |
string |
|
ALGO_SHA1 |
string |
|
ALGO_SHA256 |
string |
|
ALGO_SHA512 |
string |
|
MODES |
array |
map of mode -> classname |
HASH_ALGOS |
array |
list of available hash algorithms |
All versions of php-authenticator with dependencies
chillerlan/php-settings-container Version ^2.1.6 || ^3.2.1
paragonie/constant_time_encoding Version ^2.6