Can someone guide me on what I've done wrong with implementing Google authentication app? Here is what I've tried without success:
1# Create secret key
$chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567'; // allowed characters in Base32
$secret = '';
for ( $i = 0; $i < 16; $i++ )
{ $secret .= substr( $chars, mt_rand( 0, strlen( $chars ) - 1 ), 1 ); }
2# Create QR code via google service (description+secret key)and scan by smart phone and 6 digit is generating in every 30sec by Google-authentication app
3#. Now I'm trying to verify it ...([use base32 algo][1])
$tm = floor( time() / 30 ); // for time purpose
$secretkey=Base32::decode($secretkey); // return blank
$time=chr(0).chr(0).chr(0).chr(0).pack('N*',$tm+$i);
// Hash it with users secret key
$hm = hash_hmac( 'SHA1', $time, $secretkey, true );
// Use last nipple of result as index/offset
$offset = ord(substr($hm,-1)) & 0x0F;
// grab 4 bytes of the result
$hashpart=substr($hm,$offset,4);
// Unpak binary value
$value=unpack("N",$hashpart);
$value=$value[1];
// Only 32 bits
$value = $value & 0x7FFFFFFF;
$value = $value % 1000000;
The above code is based on other sources(wordpress google authentication app)...but it's not working.
$secretkey=Base32::decode($secretkey); always returns blank (empty)
Is there another way how to verify or implement time-based algo? Or a link where I can read about how to code for 2-way authentication for site?
Thanks for advance and appreciable effort. (I think its a security purpose question so I have put here instead of stackoverflow.. :) )
