sFire PHP Framework
sFire\OTP\Driver\HMAC is a driver for sFire\OTP\OTP.
To set-up the HMAC driver, you need to inject the driver into a new instance of sFire\OTP\OTP. You can do so by calling the setDriver method.
use sFire\OTP\OTP;
$hotp = new OTP();
$hotp -> setDriver('hotp');
After setting the driver, you can create a HMAC-based password.
$hotp = new OTP();
$hotp -> setDriver('hotp');
$hotp -> setSecret('ABCDEFGHIJKLMNOP');
$password = $hotp -> counter(0);
var_dump($password); //Outputs similar to "574252"
The counter method will use a counter which needs to be in syn with the client to create a HMAC-based on time password.
You may use the verify method to verify if a given password is correct. This method takes two parameter. The first argument is the HMAC-based one time password as an integer. The second parameter is the counter variable, if you want to verify an old or even a password in the future.
$hotp = new OTP();
$hotp -> setDriver('hotp');
$hotp -> setSecret('ABCDEFGHIJKLMNOP');
$password = $hotp -> counter(0);
$hotp -> verify($password, 0); //Outputs boolean true
$hotp -> verify($password, 5); //Outputs boolean false
You may set a couple of options:
Even the amount of digits the password needs to contain can be set with the setDigits method:
$hotp -> setDigits(8);
You may set the used algorithm with the setAlgorithm method:
$hotp -> setAlgorithm('sha256');
You can use the provision url to create a QR code for mobile deviced to scan and add the account and secret automatically.
$hotp = new OTP();
$hotp -> setDriver('totp');
$hotp -> setSecret('ABCDEFGHIJKLMNOP');
$url = $hotp -> getProvisioningUrl('sFire', 0);
var_dump($url); //Output similair to "otpauth://hotp/sFire?secret=ABCDEFGHIJKLMNOP&counter=0"