Comments (5)
Hi,
The current OTP is given by the method now()
.
But you dont't have to send it by SMS, email or whatever. It should be given by an application like Google Authenticator or FreeOTP.
from otphp.
Ok thank you for your reply.
My idea is to use this as sms verification of registrion for my client so system generates 6 number pin which has expire frame of 60 sec or more then is entered to php form.
My question how can i verify and what should i put -> $otp->verify("entered pin") or ?
from otphp.
hum... from my point of view, it doesn't seem appropriate.
An OTP is not necessarily valid during exactly X seconds when generated.
The time needed for a user to receive the SMS, open it, typing the OTP and validate it may take more time than the OTP lifetime.
When sending codes by email or SMS, it is preferable to use a random code with limited lifetime (approx 1h) instead of using TOTP.
from otphp.
I agree with you but if i change from 30 sec to 600 sec which is 10min or more then i can use this, right ? I the future idea is to implement qrcode verification...
My question how and if can verfiy digit ?
from otphp.
My question how and if can verfiy digit ?
$otp = TOTP::create($secret); // create TOTP object from the secret.
$otp->verify($input); // Returns true if the input is verified, otherwise false.
If you want to send a unique / temporary code by SMS/email, just don't use TOTP for that but pure random values.
TOTP will undoubtedly lead to security issues or bad UX.
from otphp.
Related Issues (20)
- Not identifying the service HOT 2
- Decimal time window HOT 7
- question: what data to use for getting TOTP HOT 2
- PHP 8 HOT 2
- new feature made (getExpiration) HOT 4
- OTP verification failed if set custom period HOT 6
- Make setSecret() public HOT 4
- add issuer to getQrCodeUri HOT 1
- Invalid links in the Readme file HOT 1
- TOTP -> verify doesn't seem to be correctly implemented to include leeway HOT 1
- Dependency issue with thecodingmachine/safe HOT 4
- `OTPInterface::create(null|string $secret = null)` is prone to misuse HOT 3
- Missing generate static method in TOTP.php HOT 2
- invalid OTP URI HOT 9
- PSR Clock HOT 3
- TOTP code almost always verifies false HOT 3
- Migration path should be clear for the leeway/window HOT 5
- Authenticator app compatibility HOT 1
- OTPHP not being loaded via autoload HOT 2
- Verification fails with documentation defaults? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from otphp.