Search

Projects

Classes

Methods

Back to Joomla project (class list)

Class Totp - list of methods

This class provides an RFC6238-compliant Time-based One Time Passwords, compatible with Google Authenticator (with PassCodeLength = 6 and TimePeriod = 30).
Package: Joomla\CMS\Encrypt
Copyright: (C) 2013 Open Source Matters, Inc.
License: GNU General Public License version 2 or later; see LICENSE.txt
Located at: Joomla/Encrypt/Totp.php
Project: Joomla

Method Summary

public
__construct
(mixed $timeStep = 30, mixed $passCodeLength = 6, mixed $secretLength = 10, mixed $base32 = null)

Initialises an RFC6238-compatible TOTP generator. Please note that this class does not implement the constraint in the last paragraph of ยง5.2 of RFC6238. It's up to you to ensure that the same user/device does not retry validation within the same Time Step.
Parameters
  • int $timeStep The Time Step (in seconds). Use 30 to be compatible with Google Authenticator.
  • int $passCodeLength The generated passcode length. Default: 6 digits.
  • int $secretLength The length of the secret key. Default: 10 bytes (80 bits).
  • object $base32 The base32 en/decrypter
Show source code of this method: __construct Source Code

public int
(mixed $time = null)

Get the time period based on the $time timestamp and the Time Step defined. If $time is skipped or set to null the current timestamp will be used.
Parameters
  • int|null $time Timestamp
Returns
  • int The time period since the UNIX Epoch
Show source code of this method: getPeriod Source Code

public bool
(mixed $secret, mixed $code)

Check is the given passcode $code is a valid TOTP generated using secret key $secret
Parameters
  • string $secret The Base32-encoded secret key
  • string $code The passcode to check
Returns
  • bool True if the code is valid
Show source code of this method: checkCode Source Code

public string
(mixed $secret, mixed $time = null)

Gets the TOTP passcode for a given secret key $secret and a given UNIX timestamp $time
Parameters
  • string $secret The Base32-encoded secret key
  • int $time UNIX timestamp
Returns
  • string
Show source code of this method: getCode Source Code

protected string
(mixed $bytes, mixed $start)

Extracts a part of a hash as an integer
Parameters
  • string $bytes The hash
  • string $start The char to start from (0 = first char)
Returns
  • string
Show source code of this method: hashToInt Source Code

public string
(mixed $user, mixed $hostname, mixed $secret)

Returns a QR code URL for easy setup of TOTP apps like Google Authenticator
Parameters
  • string $user User
  • string $hostname Hostname
  • string $secret Secret string
Returns
  • string
Show source code of this method: getUrl Source Code

public string
()

Generates a (semi-)random Secret Key for TOTP generation
Returns
  • string
-
  • Since 3.9.25 we use the secure method "random_bytes" over the original insecure "rand" function. The random_bytes function has been backported to outdated PHP versions by the core shipped library paragonie/random_compat
Show source code of this method: generateSecret Source Code

Properties Summary

private int
$_passCodeLength
Passcode length
private int
$_pinModulo
Pin modulo
private int
$_secretLength
The length of the secret in bytes.
private int
$_timeStep
Timestep
private int
$_base32
Base32

Tags Summary

Since
4.0.0