GoogleAuthenticator
GoogleAuthenticator copied to clipboard
Published
20 hours ago •
PHPGangsta
PHPGangsta
$ga->verifyCode always false
Hi, I've installed this and started working with it. the demo script works fine however I cannot validate this when trying it with live data from the google app. I'm lost for what to try next...
- User has a secret created and saved to their account using $ga->createSecret(), so this doesn't change.
- User is presented with a QR code which includes the site title and secret.
- upon scanning with the mobile app, the user is presented with a 6-digit code that they enter into a form on my website app
- upon submission, the secret and the users entered code are submitted via ajax, where $ga->verifyCode($secret, $code, 2); will return false.
- In an attempt to debug, I have compared the code generated by $ga->getCode($secret); which is always different from what the google mobile app creates.
Any ideas why this isn't working? Many thanks in advance
function ajax_google_authenticaion_register(){
//custom class that initialises and loads resources
$authentication = new rs_authenticator();
$ga = new PHPGangsta_GoogleAuthenticator();
//variables correctly parsed by javascript
$secret = $_POST['secret'];
$code = $_POST['code'];
//just to compare, looking at this variable which is always different from $secret for some reason..?
$oneCode = $ga->getCode($secret);
//finally the check which will always come up as false when attempting a code from the google authentication mobile app
$checkResult = $ga->verifyCode($secret, $code, 2); // 2 = 2*30sec clock tolerance
if($checkResult){
echo "true";
}else{
echo "false";
}
die();
}
Okay so I have continued working with this and believe the issue was in the app. I opened the app, went to settings/Time correction for codes/Sync now, then deleted all accounts and tried again and now it seems to work as promised. Cheers!
Try this script very easy to use and nice UI
https://www.codester.com/items/4267/2-step-authentication-php-script?ref=ChewiScripts
