Hello I'm trying to use 2fa using php gangsta
GitHub - PHPGangsta/GoogleAuthenticator: PHP class to generate and verify Google Authenticator 2-factor authentication[
^]
but tbh I don't understand how to implement it or how it even works.
this is my script:
as you can see I have added the php gangsta here in loginback.php but here are my questions:
1) isn't the qr code irrelevent here? like to me I only need to use that for when users register? so they alsways have that qr code in their google app?
2) what is secret code? cuz is't always different from the one that is in the google authenticator app?
3) how does my code know the google authenticator code?
4) how does this verify that the user input code is the same as gthe
google authenticator code?
script = login_back.php
<pre>session_start();
if ( !isset($_POST['email'], $_POST['password']) ) {
exit('Please fill both the username and password fields!');
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
require_once '../PHPGangsta/GoogleAuthenticator.php';
$ga = new PHPGangsta_GoogleAuthenticator();
$secret = $ga->createSecret();
echo "Secret is: ".$secret."\n\n";
echo "<br>";
if(!empty($_POST['code'])){
$code = $_POST['code'];
if($ga->verifyCode($secret, $code)){
echo "correct";
}else{
echo "fout";
}
$result = $ga->verifyCode($secret, $code, 3);
echo "test";
echo $result;
}
echo "<br>";
$qrCodeUrl = $ga->getQRCodeGoogleUrl( 'glasvezel', $secret);
echo '<img src="'.$qrCodeUrl.'" /><br />';
echo "<br>";
$oneCode = $ga->getCode($secret);
echo "Checking Code '$oneCode' and Secret '$secret':\n";
$checkResult = $ga->verifyCode($secret, $oneCode, 3);
echo "<br>";
echo $checkResult;
echo "<br>";
if ($checkResult) {
include "../config.php";
$email = $_POST['email'];
$password = $_POST['password'];
$sql = 'SELECT * FROM users WHERE email = ?';
$stmt = $conn->prepare($sql);
$stmt->bind_param("s", $email);
$stmt->execute();
$result = $stmt->get_result();
if ($row = $result->fetch_assoc()) {
$naam = $row['name'];
if (password_verify($password, $row['password'])) {
session_regenerate_id();
$_SESSION['loggedin'] = TRUE;
$_SESSION['name'] = $naam;
echo 'Welcome ' . $_SESSION['name'] . '!';
} else {
echo "<script>
alert('Verkeerd username of password');
window.location.href='../admin/login.php';
</script>";
}
$stmt->close();
}else{
echo "<script>
alert('verkeerd email ingevoerd');
window.location.href='../admin/login.php';
</script>";
}
} else {
echo 'FAILED';
}
}
?>
What I have tried:
I googled but they just say add it to your code and it works ???