BLOGS

1
By sylvia Web PHP

Google Authenticator using PHP

Introduction:

Google Authenticator is a free app for your smart phone that generates a new code every 30 seconds. It works like this:

When enabling 2FA, the application you’re securing generates a QR code that user’s scan with their phone camera to add the profile to their Google Authenticator app.

Your user’s smart phone then generates a new code every 30 seconds to use for the second part of authentication to the application.

It  is useful to verify the user identity before providing them the access to a certain website or Application. It helps in protecting our accounts against password thefts.

How does it work?

The below image shows how the Google Authenticator actually works using two-factor authentication. While logging in the application, it provides an extra layer of authentication apart from the User Credentials. For login, user is asked to enter the Google Authenticator Code which is generated from its mobile App after scanning the QR Code or manually entering the setup key. The user is granted access of the application only after successful verification.

Enabling Two-Factor

The user of the app / system needs to associate his account with the Google Authenticator application installed on his smartphone. This association is made by reading a QR Code, or entering the code manually (in both cases, the code must be generated from the system itself).

Below, you can view the main interface of the Google Authenticator app. Each set of 6 digits refers to a specific system.

Google Authenticator
Integration:

We’ll use the library to:

Generate a secret key for each user
Generate the QR code for your user to scan when they enable 2FA.
Verify that the code entered is valid at login.
Generating the Secret Key:

Each user needs to have a “secret key” stored against their account (for example, a column in the database table where you store your user account information).

This key is used to generate the QR code that they scan, then subsequently to verify that the code they enter at login is correct.

Here’s the PHP that you need:

<?php

require_once PHPGangsta/GoogleAuthenticator.php;

$ga = new PHPGangsta_GoogleAuthenticator();

$secret = $ga->createSecret();

echoSecret is: “.$secret.”\n\n“;

?>

 

Note: although the secret key appears to be just a text string, to be compatible with Google Authenticator it has to be a Base32 string.

Generating the QR Code:

Using the same library, we can generate the text string that makes up the QR code. Then we can use a public API to generate a QR code image.

<?php

require_once PHPGangsta/GoogleAuthenticator.php;

$ga = new PHPGangsta_GoogleAuthenticator();

$qrCodeUrl = $ga->getQRCodeGoogleUrl(‘Blog’, $secret);

echoGoogle Charts URL for the QR-Code: “.$qrCodeUrl.”\n\n“;

?>

Verifying entered codes:

When the user logs in, you can then verify the code they’ve entered is valid by using their secret key and the code they entered into your UI.

<?php

require_once PHPGangsta/GoogleAuthenticator.php;

$ga = new PHPGangsta_GoogleAuthenticator();

$checkResult = $ga->verifyCode(<<Secret Key>>, <<OTP>>, 2);

if ($checkResult) {

   echo ‘OK’;

} else {

   echo ‘FAILED’;

}

?>

Comprehensive Full Stack Development Outsourcing​

Mastering Web, Mobile Native, and Cross-Platform Applications

Schedule a Meet
Most popular
Understanding the Flutter Architecture and Why it Matters for Your App
Understanding the Flutter Architecture
Understanding the Flutter Architecture and Why it Matters for Your App
Tips for Writing Clean and Reusable Flutter Code
Tips for Writing Clean and Reusable Flutter Code
Tips for Writing Clean and Reusable Flutter Code
Optimising Performance in Flutter Apps
Optimising Performance in Flutter Apps
Optimising Performance in Flutter Apps
View all posts
sylvia / About Author
More posts by sylvia