PHP download

Download the PHP package craftblue/google-authenticator-redux without Composer

On this page you can find all versions of the php package craftblue/google-authenticator-redux. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download craftblue/google-authenticator-redux
More information about craftblue/google-authenticator-redux
Files in craftblue/google-authenticator-redux

Vendor craftblue
Package google-authenticator-redux
Short Description A modern take on a PHP implementation of Google Authenticator 2-Factor Authentication focusing on best practices in security.
License BSD-4-Clause

Keywords security Authentication google auth authenticator 2fa google-authenticator two-factor-auth

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Example code of craftblue/google-authenticator-redux

Informations about the package google-authenticator-redux

Google Authenticator Redux PHP Client

The library provides support for 2-Factor authentication, often referred to as 2FA.

The client is intended to be used with the Google Authenticator mobile app available on both Android and iOS devices. Google Authenticator is merely an implementation of the algorithm defined in RFC6238, better known as TOTP: Time-Based One-Time Password Algorithm.

The class contains methods which support:

The generation of RFC6238 compliant secret keys
The generation of Base32 codes based on the secret key
Creation of QR Code image URLs to present to the user for scanning into the Google Authenticator app
Validation of a user-submitted code against a known secret key

Credits

This project is a full revamp of PHPGangsta's original GoogleAuthenticator repository to promote best practices in PHP security and modern PSR-4 standards with Packagist.

Fixes and improvements include:

Prevention of timing attacks
Proper pseudo-random secret key generation
Usage of safe string comparison functions
Usage of a standardized Base32 library
Improved examples and documentation
Improved code comments to point out source of
Validation and sanitization of QR code labels
Additional parameter support when generating QR codes
PSR-4 support

Installation

The recommended way to install this library is through Composer.

Ensure you require Composer's autoloader somewhere in your code:

You'll now have access to autoload and use the client in your code:

To get any updates available from GoogleAuthenticator, you can always run:

Example Code

Live Demo

This project contains an /example directory which contains a working index.php demo. If you have PHP running on your machine, you can run the example code using PHP's built in web server following these steps:

Checkout the repository, i.e. git checkout ____
Navigate to the example/ directory
Start PHP's built in web server for the project by running the included bash script:
Navigate your web browser to http://127.0.0.1:8000 for the demo
View the source code of index.php to learn how the demo works

Security Considerations

Secret keys should never be exposed to end users on the client side
Secret keys should be stored securely in your server-side code
Secret keys should be unique to each user. Only generate one per user.
It's recommended you two-way encrypt secret keys via tamper-resistant hardware encryption and expose them only when required. For example, you should only decrypt the secret key when verifying the user-submitted OTP code/value. The secret key should be immediately re-encrypted to limit exposure in your RAM.
Your client and server should have CSRF protection to prevent against replay attacks.
Implement rate limiting on your code verification endpoint with either exponential backoff delays or forced CAPTCHAs to ensure users cannot brute force guess any codes.

Running Tests

Depending on if you have PHPUnit available globally on your system or not, you can run the following:

All versions of google-authenticator-redux with dependencies

PHP Build Version

Package Version

Version 1.0.0 Release 30. Aug 2016
create-project require 1 people choosed require and
0 people choosed create-project.

Download

Download latest version of google-authenticator-redux from vendor craftblue

Requires christian-riesen/base32 Version 1.3.*
ircmaxell/random-lib Version ^1.1

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package craftblue/google-authenticator-redux contains the following files

Loading the files please wait ....