diff options
| author | RobThree <rob@devcorner.nl> | 2014-09-19 02:03:01 +0200 |
|---|---|---|
| committer | root <root@devcorner.nl> | 2014-09-19 02:06:11 +0200 |
| commit | afb4d2807607f740a97a041ba75d7c32484bd3cc (patch) | |
| tree | 7d633a269f8f3230f0ebe0913974aaa57e92803c | |
| parent | 0a658e3eb2b2f84bd8d7c03d1b60e5c23d3aa63f (diff) | |
| download | TwoFactorAuth-afb4d2807607f740a97a041ba75d7c32484bd3cc.zip TwoFactorAuth-afb4d2807607f740a97a041ba75d7c32484bd3cc.tar.gz TwoFactorAuth-afb4d2807607f740a97a041ba75d7c32484bd3cc.tar.bz2 | |
* Authorization -> Authentication. D'oh!
* Removed nonsense from demo.php and improved text/wording a little
| -rw-r--r-- | README.md | 2 | ||||
| -rw-r--r-- | demo.php | 12 |
2 files changed, 7 insertions, 7 deletions
@@ -1,6 +1,6 @@ # TwoFactorAuth class for PHP -PHP class for two-factor authorization using [TOTP](http://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm) and [QR-codes](http://en.wikipedia.org/wiki/QR_code). Inspired, based and mostly an improvement on '[GoogleAuthenticator](https://github.com/PHPGangsta/GoogleAuthenticator)'. +PHP class for two-factor authentication using [TOTP](http://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm) and [QR-codes](http://en.wikipedia.org/wiki/QR_code). Inspired, based and mostly an improvement on '[GoogleAuthenticator](https://github.com/PHPGangsta/GoogleAuthenticator)'. ## Requirements @@ -4,22 +4,22 @@ <title>Demo</title> </head> <body> - <ul> + <ol> <?php error_reporting(-1); require_once 'src/TwoFactorAuth.php'; $tfa = new TwoFactorAuth('MyApp'); + echo '<li>First create a secret and associate it with a user'; $secret = $tfa->createSecret(); - echo '<li>First create a secret and associate it with a user: ' . $secret . ' (keep this code private; do not share it with the user or anyone else)'; - echo '<li>Next create a QR code and let the user scan it:<br><img src="' . $tfa->getQRCodeImageAsDataUri('My label', $secret) . '">'; + echo '<li>Next create a QR code and let the user scan it:<br><img src="' . $tfa->getQRCodeImageAsDataUri('My label', $secret) . '"><br>...or display the secret to the user for manual entry: ' . chunk_split($secret, 4, ' '); $code = $tfa->getCode($secret); echo '<li>Next, have the user verify the code; at this time the code displayed by a 2FA-app would be: <span style="color:#00c">' . $code . '</span> (but that changes periodically)'; - echo '<li>When the code checks out, 2FA can be / is enabled; store secret with user (encrypted?) and have the user verify a code each time a new session is started.'; + echo '<li>When the code checks out, 2FA can be / is enabled; store (encrypted?) secret with user and have the user verify a code each time a new session is started.'; echo '<li>When aforementioned code (' . $code . ') was entered, the result would be: ' . (($tfa->verifyCode($secret, $code) === true) ? '<span style="color:#0c0">OK</span>' : '<span style="color:#c00">FAIL</span>'); - echo '<li>Make sure server-time is NTP-synced!'; ?> - </ul> + </ol> + <p>Note: Make sure your server-time is <a href="http://en.wikipedia.org/wiki/Network_Time_Protocol">NTP-synced</a>! Depending on the $discrepancy allowed your time cannot drift too much from the users' time!</p> </body> </html> |