Access generated digits about otphp HOT 5 CLOSED

Hi,

The current OTP is given by the method now().
But you dont't have to send it by SMS, email or whatever. It should be given by an application like Google Authenticator or FreeOTP.

from otphp.

Ok thank you for your reply.
My idea is to use this as sms verification of registrion for my client so system generates 6 number pin which has expire frame of 60 sec or more then is entered to php form.
My question how can i verify and what should i put -> $otp->verify("entered pin") or ?

from otphp.

hum... from my point of view, it doesn't seem appropriate.

An OTP is not necessarily valid during exactly X seconds when generated.
The time needed for a user to receive the SMS, open it, typing the OTP and validate it may take more time than the OTP lifetime.

When sending codes by email or SMS, it is preferable to use a random code with limited lifetime (approx 1h) instead of using TOTP.

from otphp.

I agree with you but if i change from 30 sec to 600 sec which is 10min or more then i can use this, right ? I the future idea is to implement qrcode verification...

My question how and if can verfiy digit ?

from otphp.

My question how and if can verfiy digit ?

It is explained in the doc

$otp = TOTP::create($secret); // create TOTP object from the secret.
$otp->verify($input); // Returns true if the input is verified, otherwise false.

If you want to send a unique / temporary code by SMS/email, just don't use TOTP for that but pure random values.
TOTP will undoubtedly lead to security issues or bad UX.

from otphp.