Download the PHP package chillerlan/php-authenticator without Composer

On this page you can find all versions of the php package chillerlan/php-authenticator. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package php-authenticator

chillerlan/php-authenticator

A generator for counter based (RFC 4226) and time based (RFC 6238) one time passwords (OTP). (a.k.a. Yet Another Google Authenticator Implementation!)

PHP Version Support version License GitHub actions workflow Coverage Codacy Downloads

Documentation

Requirements

Installation

requires composer

via terminal: composer require chillerlan/php-authenticator

composer.json

Note: replace dev-main with a version constraint, e.g. ^5.0 - see releases for valid versions

Profit!

Usage

Create a secret

The secret is usually being created once during the activation process in a user control panel. So all you need to do there is to display it to the user in a convenient way - as a text string and QR code for example - and save it somewhere with the user data.

A secret created with Authenticator::createSecret() will also be stored internally, so that you don't need to provide the secret you just created on follow-up operations with the current instance.

Verify a one time code

Now during the login process - after the user has successfully entered their credentials - you would ask them for a one time code to check it against the secret from your user database.

time based (TOTP)

Verify adjacent codes

counter based (HOTP)

URI creation

In order to display a QR code for a mobile authenticator you'll need an otpauth:// URI, which can be created using the following method.

Notes

Keep in mind that several URI settings are not (yet) recognized by all authenticators. Check the Google Authenticator wiki for more info.

API

Authenticator

method return description
__construct(SettingsContainerInterface $options = null, string $secret = null) -
setOptions(SettingsContainerInterface $options) Authenticator called internally by __construct()
setSecret(string $secret) Authenticator called internally by __construct()
getSecret() string
createSecret(int $length = null) string $length overrides AuthenticatorOptions setting
code(int $data = null) string $data may be a UNIX timestamp (TOTP) or a counter value (HOTP)
verify(string $otp, int $data = null) bool for $data see Authenticator::code()
getUri(string $label, string $issuer, int $hotpCounter = null, bool $omitSettings = null) string

AuthenticatorOptions

Properties

property type default allowed description
$digits int 6 6 or 8 auth code length
$period int 30 15 - 60 validation period (seconds)
$secret_length int 20 >= 16 length of the secret phrase (bytes, unencoded binary)
$algorithm string SHA1 SHA1, SHA256 or SHA512 HMAC hash algorithm, see AuthenticatorInterface::HASH_ALGOS
$mode string totp totp, hotp, battlenet or steam authenticator mode: time- or counter based, see AuthenticatorInterface::MODES
$adjacent int 1 >= 0 number of allowed adjacent codes
$time_offset int 0 * fixed time offset that will be added to the current time value
$useLocalTime bool true * whether to use local time or request server time
$forceTimeRefresh bool false * whether to force refreshing server time on each call

AuthenticatorInterface

Methods

method return description
setOptions(SettingsContainerInterface $options) AuthenticatorInterface
setSecret(string $encodedSecret) AuthenticatorInterface
getSecret() string
createSecret(int $length = null) string
getServertime() int
getCounter(int $data = null) int internal
getHMAC(int $counter) string internal
getCode(string $hmac) int internal
getOTP(int $code) string internal
code(int $data = null) string
verify(string $otp, int $data = null) bool

Constants

constant type description
TOTP string
HOTP string
STEAM_GUARD string
ALGO_SHA1 string
ALGO_SHA256 string
ALGO_SHA512 string
MODES array map of mode -> classname
HASH_ALGOS array list of available hash algorithms

2FA ALL THE THINGS!


All versions of php-authenticator with dependencies

PHP Build Version
Package Version
Requires php Version ^7.4 || ^8.0
chillerlan/php-settings-container Version ^2.1.6 || ^3.2.1
paragonie/constant_time_encoding Version ^2.6
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package chillerlan/php-authenticator contains the following files

Loading the files please wait ....