How does PHP gansta work?

See more:

PHP

Hello I'm trying to use 2fa using php gangsta
GitHub - PHPGangsta/GoogleAuthenticator: PHP class to generate and verify Google Authenticator 2-factor authentication[^]

but tbh I don't understand how to implement it or how it even works.
this is my script:
as you can see I have added the php gangsta here in loginback.php but here are my questions:
1) isn't the qr code irrelevent here? like to me I only need to use that for when users register? so they alsways have that qr code in their google app?
2) what is secret code? cuz is't always different from the one that is in the google authenticator app?
3) how does my code know the google authenticator code?
4) how does this verify that the user input code is the same as gthe

google authenticator code?

script = login_back.php
<pre>session_start();

if ( !isset($_POST['email'], $_POST['password']) ) {
    // Could not get the data that should have been sent.
    exit('Please fill both the username and password fields!');
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') { 
    require_once '../PHPGangsta/GoogleAuthenticator.php';

    $ga = new PHPGangsta_GoogleAuthenticator();
    $secret = $ga->createSecret();
    echo "Secret is: ".$secret."\n\n";
    echo "<br>";
    if(!empty($_POST['code'])){
        $code = $_POST['code'];
        if($ga->verifyCode($secret, $code)){
            echo "correct";
        }else{
            echo "fout";
        }
        
        $result = $ga->verifyCode($secret, $code, 3);
        echo "test";
        echo $result;
    }
    echo "<br>";
    $qrCodeUrl = $ga->getQRCodeGoogleUrl( 'glasvezel', $secret);
    echo '<img src="'.$qrCodeUrl.'" /><br />';


    // $code = $_POST['code'];
    // echo "code user has entered ".$code;

    echo "<br>";
    $oneCode = $ga->getCode($secret);
    echo "Checking Code '$oneCode' and Secret '$secret':\n";

    //code verificeerd alleen de secret en one code??
    $checkResult = $ga->verifyCode($secret, $oneCode, 3);    // 2 = 2*30sec clock tolerance
    echo "<br>";
    echo $checkResult;
    echo "<br>";
    if ($checkResult) {

        include "../config.php";
        $email = $_POST['email'];
        $password = $_POST['password'];

            $sql = 'SELECT * FROM users WHERE email = ?';
            $stmt = $conn->prepare($sql); 
            $stmt->bind_param("s", $email);
            $stmt->execute();
            $result = $stmt->get_result(); // get the mysqli result
            if ($row = $result->fetch_assoc()) {
                $naam = $row['name'];
                    // Account exists, now we verify the password.
                    // Note: remember to use password_hash in your registration file to store the hashed passwords.
                    
                    if (password_verify($password, $row['password'])) {
                        // Verification success! User has logged-in!
                        // Create sessions, so we know the user is logged in, they basically act like cookies but remember the data on the server.
                        session_regenerate_id();
                        $_SESSION['loggedin'] = TRUE;
                        $_SESSION['name'] = $naam;
                        // $_SESSION['id'] = $id;
                        echo 'Welcome ' . $_SESSION['name'] . '!';
                        
                    } else {
                        // Incorrect password
                        echo "<script>
                        alert('Verkeerd username of password');
                        window.location.href='../admin/login.php';
                        </script>";
                    }
                $stmt->close();
        }else{
            echo "<script>
                        alert('verkeerd email ingevoerd');
                        window.location.href='../admin/login.php';
                        </script>";
        }

    } else {
        echo 'FAILED';
    }
}

    

?>

What I have tried:

I googled but they just say add it to your code and it works ???