createSecret(); setcookie('secret', $secret); } // look for a form submitted code to verify if (!empty($_POST['code'])) { $code = $_POST['code']; $qrCodeUrl = $ga->getQRCodeUrl('example.user@gmail.com', $secret, 'ExampleCompany'); $isExampleCode = false; } else { // retrieve the Google QR code URL based on our secret $qrCodeUrl = $ga->getQRCodeUrl('example.user@gmail.com', $secret, 'ExampleCompany'); // generate an example correct code based on the secret (to be used as an example) $isExampleCode = true; $code = $ga->getCode($secret); } // check if the secret matches the code (with 60 second window) $checkResult = $ga->verifyCode($secret, $code, 2); ?> Google Authenticator PHP Client - Example Usage

Google Authenticator PHP Client - Example Usage

To test, please first install and open the Google Authenticator app on your iPhone or Android device.

Get it on Google Play Available on the App Store

CAUTION: This example is for testing purposes only. You should never publicly expose your secret. Here are RFC6238's security recommendations:

We also RECOMMEND storing the keys securely in the validation system, and, more specifically, encrypting them using tamper-resistant hardware encryption and exposing them only when required: for example, the key is decrypted when needed to verify an OTP value, and re-encrypted immediately to limit exposure in the RAM to a short period of time.

The key store MUST be in a secure area, to avoid, as much as possible, direct attack on the validation system and secrets database. Particularly, access to the key material should be limited to programs and processes required by the validation system only.

Test Google Authenticator

  1. Open your Google Authenticator app on your mobile device and scan the QR Code below.
  2. Post the 6 digit code generated by Google Authenticator here and submit to verify/authenticate it.

If code verification fails after repeated retries, a new secret may have been generated for you. This means you will have to delete the test entry from your Google Authenticator app and add a new one.