Tipu Zayn introduced a tool to create OTP with an expiry for PHP without using any Database. This is primarily a Laravel Package but it can be used outside of Laravel also.

Installation

You can install this package via composer by running this command:

composer require tzsk/otp

To publish the config file for laravel you can run

php artisan otp:publish

Usage

Import the facade class:

use Tzsk\Otp\Facades\Otp;

Generate an OTP:

$otp = Otp::generate($unique_secret);
// Returns - string

The above generated OTP will only be validated using the same unique secret within the default expiry time.

TIP: OTP is generally used for user verification. So the easiest way of determining the unique secret is the user’s email or phone number. Or maybe even the User ID. You can even get creative about the unique secret. You can use md5($email) the md5 of the user’s email or phone number.

Match an OTP:

$valid = Otp::match($otp, $unique_secret);
// Returns - boolean

Other Generate & Match Options:

There are other ways of generating or matching an OTP:

// Generate -

Otp::digits(8)->generate($unique_secret); // 8 Digits, Default expiry from config
Otp::expiry(30)->generate($unique_secret); // 30 min expiry, Default digits from config
Otp::digits(8)->expiry(30)->generate($unique_secret); // 8 digits, 30 min expiry

// The above generate method can be swapped with other generator methods. Ex -
Otp::make($unique_secret);
Otp::create($unique_secret);

Make sure to set the same config during checking. What that means is, if you have used 8 digits and 30 min during creation you will also have to use 8 digits and 30 min during checking as well.

// Match - (Different Runtime)

// The first example above
Otp::check($otp, $unique_secret); // -> false
Otp::digits(8)->check($otp, $unique_secret); // -> true

// The second example above
Otp::check($otp, $unique_secret); // -> false
Otp::expiry(30)->check($otp, $unique_secret); // -> true

// The third example above
Otp::check($otp, $unique_secret); // -> false
Otp::digits(8)->expiry(30)->check($otp, $unique_secret); // -> true

Here, in the above example for matching the OTP, we can see that the same config is required when matching the OTP with the secret which was used during the creation of the OTP.

Security Advantage: - The main advantage of using the same config while matching is some third person cannot use this tool to generate the same OTP for the user in question if he doesn’t know the config.

Helper usage

You can use the package with provided helper function as well

$otp = otp()->make($secret);
$otp = otp()->digits(8)->expiry(20)->make($secret);

Note

You can also utilize this package outside the laravel. If you want to know how to use this package outside the laravel, then you can visit Github for its complete documentation.