PHP download

Download the PHP package dolondro/google-authenticator without Composer

On this page you can find all versions of the php package dolondro/google-authenticator. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download dolondro/google-authenticator
More information about dolondro/google-authenticator
Files in dolondro/google-authenticator

Vendor dolondro
Package google-authenticator
Short Description Code to authenticate against the Google Authenticator app
License MIT

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Example code of dolondro/google-authenticator

Informations about the package google-authenticator

GoogleAuthenticator

Author's note

Although this library is not deprecated by any means and should continue to work well, since the release of this library other projects have implemented this in a non-terrible style and have gained reasonable traction.

Before you implement this, consider whether otphp may suit your use case.

Introduction

2 factor authentication is pretty awesome. Far too many people use the same password for multiple things, and sometimes it's nice to actually have a secure application.

Using the Google Authenticator allows people to have another layer of security that will only allow them to access your web application/service if they have both the password and the correctly setup Google Authenticator app on their phone.

Implementation

As far as I could tell, there were (at the time of writing) 2 other PHP libraries for interacting with the Google Authenticator. Both of which work but neither of which seem to be updated much nor incorporate modern best practises.

This library has the advantage of being slightly nicer (I hope) to integrate into existing libraries, and contains inbuilt support for using a PSR-6 cache interface to reduce the possibility of a replay attack.

Usage

You can initially create the a secret code for use in your application using:

This gives you a secret. You should:

feed this object into a QrImageGenerator so your user can scan the QR code into their phone
attach the secret to their user account so you can query it

There are 2 ImageGenerator implementations included with this library:

EndroidQrImageGenerator which requires you composer require endroid/qr-code:~2.2|~3 which generates it without any external service dependencies.
GoogleImageGenerator which uses the Google QR code API to generate the image.

I'd recommend using Endroid as it seems that Google has now deprecated their QR code API

If neither of these fit the bill for some reason, it's easy to create another implementation, as all it needs to do is generate a QR code for the data in $secret->getUri()

You can verify that the user has been successful by using this:

Authenticate will either boolean true/false.

If you want to use a PSR-6 cache interface to attempt to prevent replay attacks, you can do so like so:

If the code has been used for that secret in the last 30 seconds, it will return false.

Examples

An example working implementation of this code can be found in the example.php file, which can be run either as:

Which will allow you to generate a secret, then test it, or:

Which will allow you to take an already existing code and again, test if your code is valid

References

Other PHP Google Authenticator implementations:

Specification for Google Authenticator:

https://github.com/google/google-authenticator/wiki/Key-Uri-Format

All versions of google-authenticator with dependencies

PHP Build Version

Package Version

Version 2.2.0 Release 24. May 2021
create-project require 6 people choosed require and
0 people choosed create-project.

Download

Download latest version of google-authenticator from vendor dolondro

Requires php Version >=5.4
christian-riesen/base32 Version ^1.2
psr/cache Version ^1.0
paragonie/random_compat Version ^2.0|~9.99

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package dolondro/google-authenticator contains the following files

Loading the files please wait ....