Light

jakobo / hotp-php Goto Github PK

View Code? Open in Web Editor NEW

50.0 4.0 9.0 40 KB

HMAC Based One Time Passwords in PHP. RFC4226 and RFC6238 compliant.

License: Other

PHP 100.00%

php totp hotp hotp-generator otp

hotp-php's Introduction

HOTP - PHP Based HMAC One Time Passwords

What is HOTP: HOTP is a class that simplifies One Time Password systems for PHP Authentication. The HOTP/TOTP Algorithms have been around for a bit, so this is a straightforward class to meet the test vector requirements.

What works with HOTP/TOTP: It's been tested to the test vectors, and I've verified the time-sync hashes against the following:

Android: Mobile-OTP
iPhone: OATH Token

Why would I use this: Who wouldn't love a simple drop-in class for HMAC Based One Time Passwords? It's a great extra layer of security (creating two-factor auth) and it's pretty darn zippy.

Okay you sold me. Give me some docs:

use jakobo\HOTP\HOTP;

// event based
$result = HOTP::generateByCounter( $key, $counter );

// time based within a "window" of time
$result = HOTP::generateByTime( $key, $window );

// same as generateByTime, but for $min windows before and $max windows after
$result = HOTP::generateByTimeWindow( $key, $window, $min, $max );

with $result, you can do all sorts of neat things...

$result->toString();

$result->toHex();

$result->toDec();

// how many digits in your OTP?
$result->toHotp( $length );

hotp-php's People

Contributors

Stargazers

Watchers

Forkers

scottmac mikkorantalainen sipims zzz34k yueguangguang macpro111 ipublicis reedy legoktm

hotp-php's Issues

Composer file

Hi,

Thanks for this. Please could you consider adding as composer.json file, so that your code can be installed/managed via composer?

David

Enable CI

Any chance you could setup Travis/CI again on this repo?

Thanks!

HOTP::getTime()

The GetTime() method is completely unnecessary because it returns a stamp which is time zone agnostic. The only time zone that has to be right for unix time to work properly is the server's time zone which changing the PHP zone will have no effect over.

Add test case for bin_counter being < 8 chars

As of writing, only https://github.com/Jakobo/hotp-php/blob/ea29559/src/HOTP.php#L34-L37 is untested

Not a big deal, but would be nice to get 100% coverage sometime ;)

Tag a release

I've added this basically to packagist at https://packagist.org/packages/jakobo/hotp-php (more than happy to add you as a maintainer on that packagist package if you give me a username)

Can you tag a release (version number is dealers choice) so people can start bringing this in, rather than having to use dev-master from packagist as is? :)

Automated Syntax Formatting on Commit

I've been out of the PHP game for a while, and the tooling in composer has simply gotten much better. So that future commits and code are protected against awkward { and } placement, we should use something to automate the formatting of commit code instead of relying on VS Code to do the heavy lifting.

Ideally, we'd use something like GrumPHP, directly use PHP-CS-Fixer, or add Husky/Lint-Staged tasks via node.

/cc @jrzepa in case I'm missing anything from #13 where the original commit was to get our code standards up to par

PHP 8.0 support

Might just be as simple as allowing ^8.0 in the composer.json requires...

Tests

Some unit tests would proably be beneficial

example.php provides a good set of testing criteria that probably helps do a lot of the testing...

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.