Click here to Skip to main content
15,662,823 members
Please Sign up or sign in to vote.
1.00/5 (2 votes)
See more:
Hello I'm trying to use 2fa using php gangsta
GitHub - PHPGangsta/GoogleAuthenticator: PHP class to generate and verify Google Authenticator 2-factor authentication[^]

but tbh I don't understand how to implement it or how it even works.
this is my script:
as you can see I have added the php gangsta here in loginback.php but here are my questions:
1) isn't the qr code irrelevent here? like to me I only need to use that for when users register? so they alsways have that qr code in their google app?
2) what is secret code? cuz is't always different from the one that is in the google authenticator app?
3) how does my code know the google authenticator code?
4) how does this verify that the user input code is the same as gthe
google authenticator code?

script = login_back.php

if ( !isset($_POST['email'], $_POST['password']) ) {
    // Could not get the data that should have been sent.
    exit('Please fill both the username and password fields!');
    require_once '../PHPGangsta/GoogleAuthenticator.php';

    $ga = new PHPGangsta_GoogleAuthenticator();
    $secret = $ga->createSecret();
    echo "Secret is: ".$secret."\n\n";
    echo "<br>";
        $code = $_POST['code'];
        if($ga->verifyCode($secret, $code)){
            echo "correct";
            echo "fout";
        $result = $ga->verifyCode($secret, $code, 3);
        echo "test";
        echo $result;
    echo "<br>";
    $qrCodeUrl = $ga->getQRCodeGoogleUrl( 'glasvezel', $secret);
    echo '<img src="'.$qrCodeUrl.'" /><br />';

    // $code = $_POST['code'];
    // echo "code user has entered ".$code;

    echo "<br>";
    $oneCode = $ga->getCode($secret);
    echo "Checking Code '$oneCode' and Secret '$secret':\n";

    //code verificeerd alleen de secret en one code??
    $checkResult = $ga->verifyCode($secret, $oneCode, 3);    // 2 = 2*30sec clock tolerance
    echo "<br>";
    echo $checkResult;
    echo "<br>";
    if ($checkResult) {

        include "../config.php";
        $email = $_POST['email'];
        $password = $_POST['password'];

            $sql = 'SELECT * FROM users WHERE email = ?';
            $stmt = $conn->prepare($sql); 
            $stmt->bind_param("s", $email);
            $result = $stmt->get_result(); // get the mysqli result
            if ($row = $result->fetch_assoc()) {
                $naam = $row['name'];
                    // Account exists, now we verify the password.
                    // Note: remember to use password_hash in your registration file to store the hashed passwords.
                    if (password_verify($password, $row['password'])) {
                        // Verification success! User has logged-in!
                        // Create sessions, so we know the user is logged in, they basically act like cookies but remember the data on the server.
                        $_SESSION['loggedin'] = TRUE;
                        $_SESSION['name'] = $naam;
                        // $_SESSION['id'] = $id;
                        echo 'Welcome ' . $_SESSION['name'] . '!';
                    } else {
                        // Incorrect password
                        echo "<script>
                        alert('Verkeerd username of password');
            echo "<script>
                        alert('verkeerd email ingevoerd');

    } else {
        echo 'FAILED';



What I have tried:

I googled but they just say add it to your code and it works ???
Updated 23-Feb-23 0:29am

1 solution

So talk to the author - there is an "Issues" button at the top that allows you to post a message describing your problem: Issues · PHPGangsta/GoogleAuthenticator · GitHub[^]

But ... it's a ten year old project, that hasn't been changed for 4 years. It may not be current with changes in Google Authenticator, and that could be your problem.
Share this answer

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900