Repository: lelag/otphp
Branch: master
Commit: bbe634327b04
Files: 13
Total size: 27.0 KB
Directory structure:
gitextract_ufs2v9hq/
├── .gitignore
├── LICENCE
├── README.markdown
├── lib/
│ ├── hotp.php
│ ├── otp.php
│ ├── otphp.php
│ └── totp.php
├── tests/
│ ├── HOTPTest.php
│ ├── OTPTest.php
│ ├── TOTPTest.php
│ └── TestTest.php
└── vendor/
├── base32.php
└── libs.php
================================================
FILE CONTENTS
================================================
================================================
FILE: .gitignore
================================================
.bak
================================================
FILE: LICENCE
================================================
Copyright (c) 2011 Le Lag
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
================================================
FILE: README.markdown
================================================
# OTPHP - A PHP One Time Password Library
A php library for generating one time passwords according to [ RFC 4226 ](http://tools.ietf.org/html/rfc4226) and the [ HOTP RFC ](http://tools.ietf.org/html/draft-mraihi-totp-timebased-00)
This is compatible with Google Authenticator apps available for Android and iPhone, and now in use on GMail
This is a port of the rotp ruby library available at https://github.com/mdp/rotp
Note : This project has not been updated since it was created. If you need a PHP OTP library, you should check out the great fork by Spomky-Labs at https://github.com/Spomky-Labs/otphp which has been improved and is currently maintained.
## Quick overview of using One Time Passwords on your phone
* OTP's involve a shared secret, stored both on the phone and the server
* OTP's can be generated on a phone without internet connectivity(AT&T mode)
* OTP's should always be used as a second factor of authentication(if your phone is lost, you account is still secured with a password)
* Google Authenticator allows you to store multiple OTP secrets and provision those using a QR Code(no more typing in the secret)
## Installation
clone this repository and include lib/otphp.php in your project.
## Use
### Time based OTP's
$totp = new \OTPHP\TOTP("base32secret3232");
$totp->now(); // => 492039
// OTP verified for current time
$totp->verify(492039); // => true
//30s later
$totp->verify(492039); // => false
### Counter based OTP's
$hotp = new \OTPHP\HOTP("base32secretkey3232");
$hotp->at(0); // => 260182
$hotp->at(1); // => 55283
$hotp->at(1401); // => 316439
// OTP verified with a counter
$totp->verify(316439, 1401); // => true
$totp->verify(316439, 1402); // => false
### Google Authenticator Compatible
The library works with the Google Authenticator iPhone and Android app, and also
includes the ability to generate provisioning URI's for use with the QR Code scanner
built into the app.
$totp->provisioning_uri(); // => 'otpauth://totp/alice@google.com?secret=JBSWY3DPEHPK3PXP'
$hotp->provisioning_uri(); // => 'otpauth://hotp/alice@google.com?secret=JBSWY3DPEHPK3PXP&counter=0'
This can then be rendered as a QR Code which can then be scanned and added to the users
list of OTP credentials.
#### Working example
Scan the following barcode with your phone, using Google Authenticator
Now run the following and compare the output
<?php
require_once('otphp/lib/otphp.php');
$totp = new \OTPHP\TOTP("JBSWY3DPEHPK3PXP");
echo "Current OTP: ". $totp->now();
## Licence
This software is release under MIT licence.
================================================
FILE: lib/hotp.php
================================================
<?php
/*
* Copyright (c) 2011 Le Lag
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
namespace OTPHP {
/**
* HOTP - One time password generator
*
* The HOTP class allow for the generation
* and verification of one-time password using
* the HOTP specified algorithm.
*
* This class is meant to be compatible with
* Google Authenticator
*
* This class was originally ported from the rotp
* ruby library available at https://github.com/mdp/rotp
*/
class HOTP extends OTP {
/**
* Get the password for a specific counter value
* @param integer $count the counter which is used to
* seed the hmac hash function.
* @return integer the One Time Password
*/
public function at($count) {
return $this->generateOTP($count);
}
/**
* Verify if a password is valid for a specific counter value
*
* @param integer $otp the one-time password
* @param integer $counter the counter value
* @return bool true if the counter is valid, false otherwise
*/
public function verify($otp, $counter) {
return ($otp == $this->at($counter));
}
/**
* Returns the uri for a specific secret for hotp method.
* Can be encoded as a image for simple configuration in
* Google Authenticator.
*
* @param string $name the name of the account / profile
* @param integer $initial_count the initial counter
* @return string the uri for the hmac secret
*/
public function provisioning_uri($name, $initial_count) {
return "otpauth://hotp/".urlencode($name)."?secret={$this->secret}&counter=$initial_count";
}
}
}
================================================
FILE: lib/otp.php
================================================
<?php
/*
* Copyright (c) 2011 Le Lag
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
namespace OTPHP {
/**
* One Time Password Generator
*
* The OTP class allow the generation of one-time
* password that is described in rfc 4xxx.
*
* This is class is meant to be compatible with
* Google Authenticator.
*
* This class was originally ported from the rotp
* ruby library available at https://github.com/mdp/rotp
*/
class OTP {
/**
* The base32 encoded secret key
* @var string
*/
public $secret;
/**
* The algorithm used for the hmac hash function
* @var string
*/
public $digest;
/**
* The number of digits in the one-time password
* @var integer
*/
public $digits;
/**
* Constructor for the OTP class
* @param string $secret the secret key
* @param array $opt options array can contain the
* following keys :
* @param integer digits : the number of digits in the one time password
* Currently Google Authenticator only support 6. Defaults to 6.
* @param string digest : the algorithm used for the hmac hash function
* Google Authenticator only support sha1. Defaults to sha1
*
* @return new OTP class.
*/
public function __construct($secret, $opt = Array()) {
$this->digits = isset($opt['digits']) ? $opt['digits'] : 6;
$this->digest = isset($opt['digest']) ? $opt['digest'] : 'sha1';
$this->secret = $secret;
}
/**
* Generate a one-time password
*
* @param integer $input : number used to seed the hmac hash function.
* This number is usually a counter (HOTP) or calculated based on the current
* timestamp (see TOTP class).
* @return integer the one-time password
*/
public function generateOTP($input) {
$hash = hash_hmac($this->digest, $this->intToBytestring($input), $this->byteSecret());
foreach(str_split($hash, 2) as $hex) { // stupid PHP has bin2hex but no hex2bin WTF
$hmac[] = hexdec($hex);
}
$offset = $hmac[19] & 0xf;
$code = ($hmac[$offset+0] & 0x7F) << 24 |
($hmac[$offset + 1] & 0xFF) << 16 |
($hmac[$offset + 2] & 0xFF) << 8 |
($hmac[$offset + 3] & 0xFF);
return $code % pow(10, $this->digits);
}
/**
* Returns the binary value of the base32 encoded secret
* @access private
* This method should be private but was left public for
* phpunit tests to work.
* @return binary secret key
*/
public function byteSecret() {
return \Base32::decode($this->secret);
}
/**
* Turns an integer in a OATH bytestring
* @param integer $int
* @access private
* @return string bytestring
*/
public function intToBytestring($int) {
$result = Array();
while($int != 0) {
$result[] = chr($int & 0xFF);
$int >>= 8;
}
return str_pad(join(array_reverse($result)), 8, "\000", STR_PAD_LEFT);
}
}
}
================================================
FILE: lib/otphp.php
================================================
<?php
/*
* Copyright (c) 2011 Le Lag
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
require_once dirname(__FILE__).'/../vendor/libs.php';
require_once dirname(__FILE__).'/otp.php';
require_once dirname(__FILE__).'/hotp.php';
require_once dirname(__FILE__).'/totp.php';
================================================
FILE: lib/totp.php
================================================
<?php
/*
* Copyright (c) 2011 Le Lag
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
namespace OTPHP {
/**
* TOTP - One time password generator
*
* The TOTP class allow for the generation
* and verification of one-time password using
* the TOTP specified algorithm.
*
* This class is meant to be compatible with
* Google Authenticator
*
* This class was originally ported from the rotp
* ruby library available at https://github.com/mdp/rotp
*/
class TOTP extends OTP {
/**
* The interval in seconds for a one-time password timeframe
* Defaults to 30
* @var integer
*/
public $interval;
public function __construct($s, $opt = Array()) {
$this->interval = isset($opt['interval']) ? $opt['interval'] : 30;
parent::__construct($s, $opt);
}
/**
* Get the password for a specific timestamp value
*
* @param integer $timestamp the timestamp which is timecoded and
* used to seed the hmac hash function.
* @return integer the One Time Password
*/
public function at($timestamp) {
return $this->generateOTP($this->timecode($timestamp));
}
/**
* Get the password for the current timestamp value
*
* @return integer the current One Time Password
*/
public function now() {
return $this->generateOTP($this->timecode(time()));
}
/**
* Verify if a password is valid for a specific counter value
*
* @param integer $otp the one-time password
* @param integer $timestamp the timestamp for the a given time, defaults to current time.
* @return bool true if the counter is valid, false otherwise
*/
public function verify($otp, $timestamp = null) {
if($timestamp === null)
$timestamp = time();
return ($otp == $this->at($timestamp));
}
/**
* Returns the uri for a specific secret for totp method.
* Can be encoded as a image for simple configuration in
* Google Authenticator.
*
* @param string $name the name of the account / profile
* @return string the uri for the hmac secret
*/
public function provisioning_uri($name) {
return "otpauth://totp/".urlencode($name)."?secret={$this->secret}";
}
/**
* Transform a timestamp in a counter based on specified internal
*
* @param integer $timestamp
* @return integer the timecode
*/
protected function timecode($timestamp) {
return (int)( (((int)$timestamp * 1000) / ($this->interval * 1000)));
}
}
}
================================================
FILE: tests/HOTPTest.php
================================================
<?php
/*
* Copyright (c) 2011 Le Lag
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
require_once dirname(__FILE__).'/../lib/otphp.php';
class HOPTTest extends PHPUnit_Framework_TestCase {
public function test_it_gets_the_good_code() {
$o = new \OTPHP\HOTP('JDDK4U6G3BJLEZ7Y');
$this->assertEquals(855783,$o->at(0));
$this->assertEquals(549607,$o->at(500));
$this->assertEquals(654666,$o->at(1500));
}
public function test_it_verify_the_code() {
$o = new \OTPHP\HOTP('JDDK4U6G3BJLEZ7Y');
$this->assertTrue($o->verify(855783, 0));
$this->assertTrue($o->verify(549607, 500));
$this->assertTrue($o->verify(654666, 1500));
}
public function test_it_returns_the_provisioning_uri() {
$o = new \OTPHP\HOTP('JDDK4U6G3BJLEZ7Y');
$this->assertEquals("otpauth://hotp/name?secret=JDDK4U6G3BJLEZ7Y&counter=0",
$o->provisioning_uri('name', 0));
}
}
================================================
FILE: tests/OTPTest.php
================================================
<?php
/*
* Copyright (c) 2011 Le Lag
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
require_once dirname(__FILE__).'/../lib/otphp.php';
class TestOTP extends PHPUnit_Framework_TestCase {
public function test_it_decodes_the_secret() {
$o = new \OTPHP\OTP('JDDK4U6G3BJLEZ7Y');
$this->assertEquals("H\306\256S\306\330R\262g\370", $o->byteSecret());
}
public function test_it_turns_an_int_into_bytestring() {
$o = new \OTPHP\OTP('JDDK4U6G3BJLEZ7Y');
$this->assertEquals("\000\000\000\000\000\000\000\000", $o->intToBytestring(0));
$this->assertEquals("\000\000\000\000\000\000\000\001", $o->intToBytestring(1));
$this->assertEquals("\000\000\000\000\000\000\001\364", $o->intToBytestring(500));
$this->assertEquals("\000\000\000\000\000\000\005\334", $o->intToBytestring(1500));
}
public function test_it_generate_otp() {
$o = new \OTPHP\OTP('JDDK4U6G3BJLEZ7Y');
$this->assertEquals(855783, $o->generateOTP(0));
$this->assertEquals(549607, $o->generateOTP(500));
$this->assertEquals(654666, $o->generateOTP(1500));
}
}
================================================
FILE: tests/TOTPTest.php
================================================
<?php
/*
* Copyright (c) 2011 Le Lag
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
require_once dirname(__FILE__).'/../lib/otphp.php';
class TOPTTest extends PHPUnit_Framework_TestCase {
public function test_it_has_an_interval() {
$o = new \OTPHP\TOTP('JDDK4U6G3BJLEZ7Y');
$this->assertEquals(30,$o->interval);
$b = new \OTPHP\TOTP('JDDK4U6G3BJLEZ7Y', Array('interval'=>60));
$this->assertEquals(60,$b->interval);
}
public function test_it_gets_the_good_code_at_given_times() {
$o = new \OTPHP\TOTP('JDDK4U6G3BJLEZ7Y');
$this->assertEquals(855783,$o->at(0));
$this->assertEquals(762124,$o->at(319690800));
$this->assertEquals(139664,$o->at(1301012137));
}
public function test_it_verify_the_code() {
$o = new \OTPHP\TOTP('JDDK4U6G3BJLEZ7Y');
$this->assertTrue($o->verify(855783, 0));
$this->assertTrue($o->verify(762124, 319690800));
$this->assertTrue($o->verify(139664, 1301012137));
}
public function test_it_returns_the_provisioning_uri() {
$o = new \OTPHP\TOTP('JDDK4U6G3BJLEZ7Y');
$this->assertEquals("otpauth://totp/name?secret=JDDK4U6G3BJLEZ7Y",
$o->provisioning_uri('name'));
}
}
================================================
FILE: tests/TestTest.php
================================================
<?php
/*
* Copyright (c) 2011 Le Lag
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
require_once dirname(__FILE__).'/../lib/otphp.php';
class TestTest extends PHPUnit_Framework_TestCase {
public function testThatPHPUnitWorks() {
$this->assertEquals(1,1);
}
}
================================================
FILE: vendor/base32.php
================================================
<?php
/**
* Encode in Base32 based on RFC 4648.
* Requires 20% more space than base64
* Great for case-insensitive filesystems like Windows and URL's (except for = char which can be excluded using the pad option for urls)
*
* @package default
* @author Bryan Ruiz
**/
class Base32 {
private static $map = array(
'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', // 7
'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', // 15
'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', // 23
'Y', 'Z', '2', '3', '4', '5', '6', '7', // 31
'=' // padding char
);
private static $flippedMap = array(
'A'=>'0', 'B'=>'1', 'C'=>'2', 'D'=>'3', 'E'=>'4', 'F'=>'5', 'G'=>'6', 'H'=>'7',
'I'=>'8', 'J'=>'9', 'K'=>'10', 'L'=>'11', 'M'=>'12', 'N'=>'13', 'O'=>'14', 'P'=>'15',
'Q'=>'16', 'R'=>'17', 'S'=>'18', 'T'=>'19', 'U'=>'20', 'V'=>'21', 'W'=>'22', 'X'=>'23',
'Y'=>'24', 'Z'=>'25', '2'=>'26', '3'=>'27', '4'=>'28', '5'=>'29', '6'=>'30', '7'=>'31'
);
/**
* Use padding false when encoding for urls
*
* @return base32 encoded string
* @author Bryan Ruiz
**/
public static function encode($input, $padding = true) {
if(empty($input)) return "";
$input = str_split($input);
$binaryString = "";
for($i = 0; $i < count($input); $i++) {
$binaryString .= str_pad(base_convert(ord($input[$i]), 10, 2), 8, '0', STR_PAD_LEFT);
}
$fiveBitBinaryArray = str_split($binaryString, 5);
$base32 = "";
$i=0;
while($i < count($fiveBitBinaryArray)) {
$base32 .= self::$map[base_convert(str_pad($fiveBitBinaryArray[$i], 5,'0'), 2, 10)];
$i++;
}
if($padding && ($x = strlen($binaryString) % 40) != 0) {
if($x == 8) $base32 .= str_repeat(self::$map[32], 6);
else if($x == 16) $base32 .= str_repeat(self::$map[32], 4);
else if($x == 24) $base32 .= str_repeat(self::$map[32], 3);
else if($x == 32) $base32 .= self::$map[32];
}
return $base32;
}
public static function decode($input) {
if(empty($input)) return;
$paddingCharCount = substr_count($input, self::$map[32]);
$allowedValues = array(6,4,3,1,0);
if(!in_array($paddingCharCount, $allowedValues)) return false;
for($i=0; $i<4; $i++){
if($paddingCharCount == $allowedValues[$i] &&
substr($input, -($allowedValues[$i])) != str_repeat(self::$map[32], $allowedValues[$i])) return false;
}
$input = str_replace('=','', $input);
$input = str_split($input);
$binaryString = "";
for($i=0; $i < count($input); $i = $i+8) {
$x = "";
if(!in_array($input[$i], self::$map)) return false;
for($j=0; $j < 8; $j++) {
$x .= str_pad(base_convert(@self::$flippedMap[@$input[$i + $j]], 10, 2), 5, '0', STR_PAD_LEFT);
}
$eightBits = str_split($x, 8);
for($z = 0; $z < count($eightBits); $z++) {
$binaryString .= ( ($y = chr(base_convert($eightBits[$z], 2, 10))) || ord($y) == 48 ) ? $y:"";
}
}
return $binaryString;
}
}
================================================
FILE: vendor/libs.php
================================================
<?php
/*
* Copyright (c) 2011 Le Lag
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
// Add any needed third party library to this directory
//require_once dirname(__FILE__).'/some_lib/lib.php';
require_once dirname(__FILE__).'/base32.php';
gitextract_ufs2v9hq/
├── .gitignore
├── LICENCE
├── README.markdown
├── lib/
│ ├── hotp.php
│ ├── otp.php
│ ├── otphp.php
│ └── totp.php
├── tests/
│ ├── HOTPTest.php
│ ├── OTPTest.php
│ ├── TOTPTest.php
│ └── TestTest.php
└── vendor/
├── base32.php
└── libs.php
SYMBOL INDEX (34 symbols across 8 files)
FILE: lib/hotp.php
class HOTP (line 37) | class HOTP extends OTP {
method at (line 44) | public function at($count) {
method verify (line 56) | public function verify($otp, $counter) {
method provisioning_uri (line 69) | public function provisioning_uri($name, $initial_count) {
FILE: lib/otp.php
class OTP (line 36) | class OTP {
method __construct (line 67) | public function __construct($secret, $opt = Array()) {
method generateOTP (line 81) | public function generateOTP($input) {
method byteSecret (line 101) | public function byteSecret() {
method intToBytestring (line 111) | public function intToBytestring($int) {
FILE: lib/totp.php
class TOTP (line 37) | class TOTP extends OTP {
method __construct (line 45) | public function __construct($s, $opt = Array()) {
method at (line 57) | public function at($timestamp) {
method now (line 66) | public function now() {
method verify (line 77) | public function verify($otp, $timestamp = null) {
method provisioning_uri (line 91) | public function provisioning_uri($name) {
method timecode (line 101) | protected function timecode($timestamp) {
FILE: tests/HOTPTest.php
class HOPTTest (line 25) | class HOPTTest extends PHPUnit_Framework_TestCase {
method test_it_gets_the_good_code (line 26) | public function test_it_gets_the_good_code() {
method test_it_verify_the_code (line 33) | public function test_it_verify_the_code() {
method test_it_returns_the_provisioning_uri (line 40) | public function test_it_returns_the_provisioning_uri() {
FILE: tests/OTPTest.php
class TestOTP (line 25) | class TestOTP extends PHPUnit_Framework_TestCase {
method test_it_decodes_the_secret (line 27) | public function test_it_decodes_the_secret() {
method test_it_turns_an_int_into_bytestring (line 32) | public function test_it_turns_an_int_into_bytestring() {
method test_it_generate_otp (line 40) | public function test_it_generate_otp() {
FILE: tests/TOTPTest.php
class TOPTTest (line 25) | class TOPTTest extends PHPUnit_Framework_TestCase {
method test_it_has_an_interval (line 27) | public function test_it_has_an_interval() {
method test_it_gets_the_good_code_at_given_times (line 34) | public function test_it_gets_the_good_code_at_given_times() {
method test_it_verify_the_code (line 41) | public function test_it_verify_the_code() {
method test_it_returns_the_provisioning_uri (line 48) | public function test_it_returns_the_provisioning_uri() {
FILE: tests/TestTest.php
class TestTest (line 25) | class TestTest extends PHPUnit_Framework_TestCase {
method testThatPHPUnitWorks (line 26) | public function testThatPHPUnitWorks() {
FILE: vendor/base32.php
class Base32 (line 11) | class Base32 {
method encode (line 34) | public static function encode($input, $padding = true) {
method decode (line 57) | public static function decode($input) {
Condensed preview — 13 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (29K chars).
[
{
"path": ".gitignore",
"chars": 5,
"preview": ".bak\n"
},
{
"path": "LICENCE",
"chars": 1052,
"preview": "Copyright (c) 2011 Le Lag \n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this softwar"
},
{
"path": "README.markdown",
"chars": 2795,
"preview": "# OTPHP - A PHP One Time Password Library\n\nA php library for generating one time passwords according to [ RFC 4226 ](htt"
},
{
"path": "lib/hotp.php",
"chars": 2707,
"preview": "<?php\n/*\n * Copyright (c) 2011 Le Lag \n * Permission is hereby granted, free of charge, to any person obtaining a copy\n "
},
{
"path": "lib/otp.php",
"chars": 4046,
"preview": "<?php\n/*\n * Copyright (c) 2011 Le Lag \n * Permission is hereby granted, free of charge, to any person obtaining a copy\n "
},
{
"path": "lib/otphp.php",
"chars": 1300,
"preview": "<?php\n/*\n * Copyright (c) 2011 Le Lag \n * Permission is hereby granted, free of charge, to any person obtaining a copy\n "
},
{
"path": "lib/totp.php",
"chars": 3617,
"preview": "<?php\n/*\n * Copyright (c) 2011 Le Lag \n * Permission is hereby granted, free of charge, to any person obtaining a copy\n "
},
{
"path": "tests/HOTPTest.php",
"chars": 1925,
"preview": "<?php\n/*\n * Copyright (c) 2011 Le Lag \n * Permission is hereby granted, free of charge, to any person obtaining a copy\n "
},
{
"path": "tests/OTPTest.php",
"chars": 2105,
"preview": "<?php\n/*\n * Copyright (c) 2011 Le Lag \n * Permission is hereby granted, free of charge, to any person obtaining a copy\n "
},
{
"path": "tests/TOTPTest.php",
"chars": 2202,
"preview": "<?php\n/*\n * Copyright (c) 2011 Le Lag \n * Permission is hereby granted, free of charge, to any person obtaining a copy\n "
},
{
"path": "tests/TestTest.php",
"chars": 1298,
"preview": "<?php\n/*\n * Copyright (c) 2011 Le Lag \n * Permission is hereby granted, free of charge, to any person obtaining a copy\n "
},
{
"path": "vendor/base32.php",
"chars": 3275,
"preview": "<?php\n\n/**\n * Encode in Base32 based on RFC 4648.\n * Requires 20% more space than base64 \n * Great for case-insensitive"
},
{
"path": "vendor/libs.php",
"chars": 1271,
"preview": "<?php\n/*\n * Copyright (c) 2011 Le Lag \n * Permission is hereby granted, free of charge, to any person obtaining a copy\n "
}
]
About this extraction
This page contains the full source code of the lelag/otphp GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 13 files (27.0 KB), approximately 7.5k tokens, and a symbol index with 34 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.