Last Updated or created 2024-05-26
I’ve played with FreeOTP for my own websites in the past, but here is a cleaned up version.
apt-get install qrencode oathtool
Using a webserver with php you can use below simple sniplet to restrict access.
<?PHP
$output = shell_exec('oathtool --totp=sha256 --base32 ################PLACE-SECRET-OUTPUT-HERE-############');
$otp=$_POST["otp"];
$stripped = preg_replace('/\D/', '', $output);
$strippedotp = preg_replace('/\D/', '', $otp);
?>
<form action="" method="post">
OTP: <input type="text" name="otp"><br>
<input type="submit">
</form>
<?PHP
if(strcmp("$strippedotp", "$stripped") == 0)
{ echo "Access"; }
else
{ echo "No Access"; }
?>
bash script to generate secret and qrcode
#!/bin/bash
secret=$(echo 1234567812345678 | base32)
echo "Secret : (place in PHP file)"
echo $secret
qrencode -t ANSI256 -o - $(echo otpauth://totp/Mine:myname?secret=${secret}\&issuer=Mine\&algorithm=SHA256\&digits=6\&period=30) -o qrcode.png -t png -s 5
Above generates a QRcode you can import in FreeOTP
Thanks for the nice sample
Unfortunately there is a BUG in your bash-script:
qrencode drops informations after & (ampersand)
Thanks for letting me know, missing slashes on my website.
Incorrect paste?!?
Updated the code
=== email pastes ======
> May I bother you with a Question?
> I experience, that it works when using FreeOTP
> Using Microsoft Authenticator fails, generates OTPs > different from FreeOTP.
> Have you experienced similar?
=== email pastes ======
> OTP-Tools – MSAuthenticator Issue
> Thanks for your Tools
> They have helped us to solve the MS Problem:
> We have found, that the actual Microsoft
> Authenticator (Android) ignores
> algorithm=SHA256 and uses SHA1 instead,
> without creating an error Message.