Google released two-factor for GMail in 2011 to generate one-time login tokens and by adding two-factor authentication (2FA) to your web application will increase the security of the data of the user. You just need a smartphone to download the “Authenticator” mobile app for scanning the QR Code generated after login or registration.
- Your PHP application will generate a QR code, users scan with their mobile phone camera to add the profile to the Google Authenticator application.
- After that the authenticator application will generate a new code within every 30 seconds for using the second authentication section to the application in PHP.
- First, we create the registration form and a login form. After the user registers to the system, we will generate the QR Code and validate it through Google Authenticator App.
Here, we have successfully created a database, now put JS and CSS files into the project directory.
You can use include (‘class/userclass.php’); to save information in the database. And, it require_once ‘googleLib/GoogleAuthenticator.php’; to generate barcodes with googlelib.
To decode this barcode, you will need a Google authenticator application (Android / iOS). Below is the code for the Index.php file.
<?php
include “config.php”;
if (!empty($_SESSION[“iUserId”])) {
header(“Location: device_confirmations.php”);
}
include “class/userClass.php”;
$userClass = new userClass();
require_once “googleLib/GoogleAuthenticator.php”;
$authenticator = new GoogleAuthenticator();
$secret = $authenticator->createSecret();
$errorMsgReg = “”;
$errorMsgLogin = “”;
if (!empty($_POST[“loginSubmit”])) {
$emailId = $_POST[“vEmailId”];
$password = $_POST[“vPassword”];
if (strlen(trim($emailId)) > 1 && strlen(trim($password)) > 1) {
$userId = $userClass->userLogin($emailId, $password, $secret);
if ($userId) {
header(“Location: device_confirmations.php”);
} else {
$errorMsgLogin = “Please check login details.”;
}
}
}
if (!empty($_POST[“signupSubmit”])) {
$username = $_POST[“vUsername”];
$email = $_POST[“vEmailId”];
$password = $_POST[“vPassword”];
$name = $_POST[“vFullName”];
$usernameCheck = preg_match(‘~^[A-Za-z0-9_]{3,20}$~i’, $username);
$emailCheck = preg_match(
‘~^[a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})$~i’,
$email
);
$passwordCheck = preg_match(‘~^[A-Za-z0-9!@#$%^&*()_]{6,20}$~i’, $password);
if ($usernameCheck && $emailCheck && strlen(trim($name)) > 0) {
$uid = $userClass->userRegistration(
$username,
$password,
$email,
$name,
$secret
);
if ($uid) {
header(“Location: device_confirmations.php”);
} else {
$errorMsgReg = “Username or Email already exits.”;
}
} else {
$errorMsgReg = “Enter valid details.”;
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>2-Step Verification </title>
<link rel=”stylesheet” type=”text/css” href=”style.css” charset=”utf-8″ /> </head>
<body>
<div id=”container”>
<h1>2-Step Verification </h1>
<div id=”login”>
<h3>Login</h3>
<form method=”post” action=”” name=”login”>
<label>Username or Email</label>
<input type=”text” name=”vEmailId” autocomplete=”off” />
<label>Password</label>
<input type=”password” name=”vPassword” autocomplete=”off” />
<div class=”errorMsg”>
<?php echo $errorMsgLogin; ?>
</div>
<input type=”submit” class=”button” name=”loginSubmit” value=”Login”> </form>
</div>
<div id=”signup”>
<h3>Registration</h3>
<form method=”post” action=”” name=”signup”>
<label>Name</label>
<input type=”text” name=”vFullName” autocomplete=”off” />
<label>Email</label>
<input type=”text” name=”vEmailId” autocomplete=”off” />
<label>Username</label>
<input type=”text” name=”vUsername” autocomplete=”off” />
<label>Password</label>
<input type=”password” name=”vPassword” autocomplete=”off” />
<div class=”errorMsg”>
<?php echo $errorMsgReg; ?>
</div>
<input type=”submit” class=”button” name=”signupSubmit” value=”Signup”> </form>
</div>
</div>
</body>
Connection.php
<?php
session_start();
/* DATABASE CONFIGURATION */
define(“DB_SERVER”, “localhost”);
define(“DB_USERNAME”, “{USER NAME}”);
define(“DB_PASSWORD”, “{PASSWORD}”);
define(“DB_DATABASE”, “authentication_demo”);
define(“BASE_URL”, “http://localhost/AuthenticationDemo/”); // Eg. http://yourwebsite.com
function getDB()
{
$dbhost = DB_SERVER;
$dbuser = DB_USERNAME;
$dbpass = DB_PASSWORD;
$dbname = DB_DATABASE;
try {
$dbConnection = new PDO(
“mysql:host=$dbhost;dbname=$dbname”,
$dbuser,
$dbpass
);
$dbConnection->exec(“set names utf8”);
$dbConnection->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
return $dbConnection;
} catch (PDOException $e) {
echo “Connection failed: ” . $e->getMessage();
}
}
?>
Note: change value of HOST , USERNAME , PASSWORD , DATABASE_NAME after change run your connection.php file in browser.
device_confirmations.php
Once you see your barcode after login then scan the barcode with Google authenticator application, and save the generated number to insert into the text box.
<?php
include “config.php”;
if (empty($_SESSION[“iUserId”])) {
header(“Location: index.php”);
}
include “class/userClass.php”;
$userClass = new userClass();
$userDetails = $userClass->userDetails($_SESSION[“iUserId”]);
$secret = $userDetails->vAuthCode;
$email = $userDetails->vEmailId;
require_once “googleLib/GoogleAuthenticator.php”;
$ga = new GoogleAuthenticator();
$qrCodeUrl = $ga->getQRCodeGoogleUrl($email, $secret, “spaceo demo”);
?>
<!DOCTYPE html>
<html>
<head>
<title>2-Step Verification</title>
<link rel=”stylesheet” type=”text/css” href=”style.css” charset=”utf-8″ /> </head>
<body>
<div id=”container”>
<h1>2-Step Verification </h1>
<div id=’device’>
<p>Enter the verification code generated by Authenticator on your phone.</p>
<div id=”img”> <img src='<?php echo $qrCodeUrl; ?>’ /> </div>
<form method=”post” action=”home.php”>
<label>Enter Authenticator Code</label>
<input type=”text” name=”code” />
<input type=”submit” class=”button” /> </form>
</div>
<div style=”text-align:center”>
<h3>Get Authenticator on your phone</h3>
<a href=”https://itunes.apple.com/us/app/google-authenticator/id388497605?mt=8″ target=”_blank”><img class=’app’ src=”images/iphone.png” /></a>
<a href=”https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en” target=”_blank”><img class=”app” src=”images/android.png” /></a>
</div>
</div>
</body>
</html>
home.php
<?php
include “config.php”;
include “class/userClass.php”;
$userClass = new userClass();
$userDetails = $userClass->userDetails($_SESSION[“iUserId”]);
if ($_POST[“code”]) {
$code = $_POST[“code”];
$secret = $userDetails->vAuthCode;
require_once “googleLib/GoogleAuthenticator.php”;
$ga = new GoogleAuthenticator();
$checkResult = $ga->verifyCode($secret, $code, 2); // 2 = 2*30sec clock tolerance
if ($checkResult) {
$_SESSION[“vAuthCode”] = $code;
} else {
echo “FAILED”;
}
}
include “session.php”;
$userDetails = $userClass->userDetails($session_uid);
?>
<!DOCTYPE html>
<html>
<head>
<title>2-Step Verification</title>
<link rel=”stylesheet” type=”text/css” href=”style.css” charset=”utf-8″ /> </head>
<body>
<div id=”container”>
<h1>Welcome <?php echo $userDetails->vFullName; ?></h1> <pre>
<?php print_r($userDetails); ?>
</pre>
<h4><a href=”<?php echo BASE_URL; ?>logout.php”>Logout</a></h4> </div>
</body>
</html>
Using these simple steps of coding, you can Implement Google Two Factor Authentication Login In PHP. Hire Php Web Development Company that has the potential to implement this.
Do you have an Idea?
Conclusion
Php Development Company in India can help you to implement the Google two factor authentication Login in PHP. You can follow these above steps or you can Hire Php Developer for your long or short project who can give you the best solution in PHP.