Totp

This class provides an RFC6238-compliant Time-based One Time Passwords, compatible with Google Authenticator (with PassCodeLength = 6 and TimePeriod = 30).

since

4.0.0

package

Application

Methods

__construct

Initialises an RFC6238-compatible TOTP generator. Please note that this class does not implement the constraint in the last paragraph of §5.2 of RFC6238. It's up to you to ensure that the same user/device does not retry validation within the same Time Step.

__construct(int timeStep = 30, int passCodeLength = 6, int secretLength = 10, object base32 = null) : mixed

Arguments

timeStep

intThe Time Step (in seconds). Use 30 to be compatible with Google Authenticator.

passCodeLength

intThe generated passcode length. Default: 6 digits.

secretLength

intThe length of the secret key. Default: 10 bytes (80 bits).

base32

objectThe base32 en/decrypter

Response

mixed

checkCode

Check is the given passcode $code is a valid TOTP generated using secret key $secret

checkCode(string secret, string code) : bool

Arguments

secret

stringThe Base32-encoded secret key

code

stringThe passcode to check

Response

boolTrue if the code is valid

generateSecret

Generates a (semi-)random Secret Key for TOTP generation

generateSecret() : string
note

Since 3.9.25 we use the secure method "random_bytes" over the original insecure "rand" function. The random_bytes function has been backported to outdated PHP versions by the core shipped library paragonie/random_compat

Response

string

getCode

Gets the TOTP passcode for a given secret key $secret and a given UNIX timestamp $time

getCode(string secret, int time = null) : string

Arguments

secret

stringThe Base32-encoded secret key

time

intUNIX timestamp

Response

string

getPeriod

Get the time period based on the $time timestamp and the Time Step defined. If $time is skipped or set to null the current timestamp will be used.

getPeriod(int|null time = null) : int

Arguments

time

int|nullTimestamp

Response

intThe time period since the UNIX Epoch

getUrl

Returns a QR code URL for easy setup of TOTP apps like Google Authenticator

getUrl(string user, string hostname, string secret) : string

Arguments

user

stringUser

hostname

stringHostname

secret

stringSecret string

Response

string

hashToInt

Extracts a part of a hash as an integer

hashToInt(string bytes, string start) : string

Arguments

bytes

stringThe hash

start

stringThe char to start from (0 = first char)

Response

string

Properties

_passCodeLength

Passcode length

Type(s)

int

_pinModulo

Pin modulo

Type(s)

int

_secretLength

The length of the secret in bytes.

RFC 4226: "The length of the shared secret MUST be at least 128 bits. This document RECOMMENDs a shared secret length of 160 bits." The original value was 10 bytes (80 bits) this value has been increased to 20 (160 bits) with Joomla! 3.9.25

Type(s)

int

_timeStep

Timestep

Type(s)

int

_base32

Base32

Type(s)

int