Google Authenticator using PHP

php authentication google-authentication google-authenticator

27,692

Found out that my server time was not synced with internet time. After syncing time in web server the issue got resolved. So timezone doesnt affect the authenticator as long as both mobile phone and the server have synced to have correct time (NTP servers).

If anyone having same issue check server time and mobile phone time, make sure they are showing right time even a minute slow or fast can end up generating wrong codes.

27,692

Author by

Abhishek Salian

merge delete

Updated on July 09, 2022

Comments

Abhishek Salian almost 2 years
I have used https://github.com/chregu/GoogleAuthenticator.php to built a 2 factor authentication for a web application i am working on. Everything works generating secret and even the code worked. Now i set up the same code in a different server and generated new secret key and added it to google authenticator mobile app now the code generated in mobile doesnt match.

I digging up by comparing results on both server and noticed the time() function returns different time (1 hr difference) then i forced my 2nd server(where google code didnt work) to have same time as first one and it worked. So i am really confused is this some sort of time zone issue? Coz i really need these servers to have their own time zone.

Is there any work around?

Also I followed https://support.google.com/accounts/answer/185834?hl=en and synced my google authenticator app still doesnt work. the code generated in mobile app works on my 2nd server after an hour. Can anyone please help me or suggest me a different approach.

here is the code i am using to connect to the above library
```
class googleAuthLibrary extends GoogleAuthenticator
{
    public function getSecretKey()
    {
        $secretKey = $this->generateSecret();

        return $secretKey;
    }

    public function getQRLink($username, $hostname, $secretKey)
    {
        $url = 'https://chart.googleapis.com/chart?cht=qr&chs=300x300&chl=';

        $qrCode = 'otpauth://totp/'.$username.'@'.$hostname.'?secret='.$secretKey;

        $url = $url.$qrCode;

        return $url;
    }

    public function getAuthCode($secretKey)
    {
        $authCode =$this->getCode($secretKey);

        return $authCode;
    }
}
```
Ashu Kumar over 4 years

that means server from USA and person from India both must have to be same timezone? is it practically impossible to do. customer might have different-different time zone than how it could possible to run the code ?
HappyDog about 3 years

No - that's the opposite of what's being said: "Timezone doesnt affect the authenticator". Instead, the problem occurs if your clock has drifted, as computer clocks can sometimes do (just like analog clocks). If that happens, then things might not work correctly, so you should use a time server to keep the clock in sync.