PHP download

Download the PHP package ez-php/two-factor without Composer

On this page you can find all versions of the php package ez-php/two-factor. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download ez-php/two-factor
More information about ez-php/two-factor
Files in ez-php/two-factor

Vendor ez-php
Package two-factor
Short Description Two-factor authentication module for the ez-php framework — RFC 6238 TOTP, QR code URLs, backup codes, and HTTP middleware
License MIT
Homepage https://github.com/ez-php/two-factor

Keywords framework php security Authentication two-factor otp totp 2fa ez-php

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Example code of ez-php/two-factor

Informations about the package two-factor

ez-php/two-factor

Two-factor authentication module for the ez-php framework. Provides RFC 6238 TOTP (Time-based One-Time Password) support with pure PHP — no external SDK required. Includes secret generation, QR code URL generation, code verification, backup codes, and HTTP middleware.

Installation

Setup

1. Implement the interface on your user model

2. Register the service provider

In provider/modules.php:

3. Add the middleware

Apply TwoFactorMiddleware to routes that require 2FA verification:

Usage

Enabling 2FA for a user

Verifying the setup code

Verifying during login

After the user is authenticated, mark the session as verified:

Backup codes

Middleware Behaviour

TwoFactorMiddleware runs on every request passing through it:

Condition	Result
No authenticated user	Pass through (200)
User does not implement `TwoFactorAuthenticableInterface`	Pass through (200)
User has 2FA disabled	Pass through (200)
Session contains `two_factor_verified = true`	Pass through (200)
2FA required but not verified	`423 Locked` + `X-Requires-2FA: true`

The X-Requires-2FA: true header signals to API clients that a 2FA verification step is needed.

API Reference

`TwoFactorManager`

Method	Description
`generateSecret(): string`	Generates a 16-character Base32 secret (80 bits of entropy)
`generateCode(string $secret, ?int $timestamp = null): string`	Generates a 6-digit TOTP code
`verifyCode(string $secret, string $code, ?int $timestamp = null): bool`	Verifies a code with ±1 time step tolerance
`getQrCodeUrl(string $issuer, string $account, string $secret): string`	Returns an `otpauth://totp/...` URI for QR code generation
`generateBackupCodes(int $count = 8): string[]`	Generates `XXXX-XXXX` format backup codes
`hashBackupCode(string $code): string`	Bcrypt-hashes a backup code for storage
`verifyBackupCode(string $code, string $hash): bool`	Verifies a backup code against its hash

`TwoFactorMiddleware`

Constant	Value
`SESSION_KEY`	`'two_factor_verified'`

Standards Compliance

RFC 6238 — TOTP: Time-Based One-Time Password Algorithm
RFC 4226 — HOTP: HMAC-Based One-Time Password Algorithm
RFC 4648 — Base32 encoding/decoding

All versions of two-factor with dependencies

PHP Build Version

Package Version

Version 1.11.1 Release 11. May 2026
create-project require 0 people chose require and
0 people chose create-project.

Download

Download latest version of two-factor from vendor ez-php

Requires php Version ^8.5
ez-php/contracts Version ^1.0
ez-php/http Version ^1.0
ez-php/auth Version ^1.0

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package ez-php/two-factor contains the following files

Loading the files please wait ...