search

PHPGangsta / GoogleAuthenticator

PHP class to generate and verify Google Authenticator 2-factor authentication
http://phpgangsta.de/4376
BSD 2-Clause "Simplified" License
2.26k stars 698 forks source link

$ga->verifyCode always false #49

Open jman057 opened 7 years ago

jman057 commented 7 years ago

Hi, I've installed this and started working with it. the demo script works fine however I cannot validate this when trying it with live data from the google app. I'm lost for what to try next...

  1. User has a secret created and saved to their account using $ga->createSecret(), so this doesn't change.
  2. User is presented with a QR code which includes the site title and secret.
  3. upon scanning with the mobile app, the user is presented with a 6-digit code that they enter into a form on my website app
  4. upon submission, the secret and the users entered code are submitted via ajax, where $ga->verifyCode($secret, $code, 2); will return false.
  5. In an attempt to debug, I have compared the code generated by $ga->getCode($secret); which is always different from what the google mobile app creates.

Any ideas why this isn't working? Many thanks in advance

function ajax_google_authenticaion_register(){
      //custom class that initialises and loads resources  
    $authentication = new rs_authenticator();

    $ga = new PHPGangsta_GoogleAuthenticator();

//variables correctly parsed by javascript
    $secret = $_POST['secret'];
    $code = $_POST['code'];

//just to compare, looking at this variable which is always different from $secret for some reason..?
    $oneCode = $ga->getCode($secret);

//finally the check which will always come up as false when attempting a code from the google authentication mobile app
    $checkResult = $ga->verifyCode($secret, $code, 2);    // 2 = 2*30sec clock tolerance
    if($checkResult){
        echo "true";
    }else{
        echo "false";
    }
    die();
}
jman057 commented 7 years ago

Okay so I have continued working with this and believe the issue was in the app. I opened the app, went to settings/Time correction for codes/Sync now, then deleted all accounts and tried again and now it seems to work as promised. Cheers!

jackttcoms commented 7 years ago

Try this script very easy to use and nice UI

https://www.codester.com/items/4267/2-step-authentication-php-script?ref=ChewiScripts