otp | Prutser ..

I’ve played with FreeOTP for my own websites in the past, but here is a cleaned up version.

apt-get install qrencode oathtool

Using a webserver with php you can use below simple sniplet to restrict access.

<?PHP
$output = shell_exec('oathtool --totp=sha256 --base32 ################PLACE-SECRET-OUTPUT-HERE-############');
$otp=$_POST["otp"];
$stripped = preg_replace('/\D/', '', $output);
$strippedotp = preg_replace('/\D/', '', $otp);
?>
<form action="" method="post">
OTP: <input type="text" name="otp"><br>
<input type="submit">
</form>
<?PHP
if(strcmp("$strippedotp", "$stripped") == 0)
{ echo "Access"; }
else
{ echo "No Access"; }
?>

bash script to generate secret and qrcode

#!/bin/bash
secret=$(echo 1234567812345678 | base32)
echo "Secret : (place in PHP file)"
echo $secret
qrencode -t ANSI256 -o - $(echo otpauth://totp/Mine:myname?secret=${secret}&issuer=Mine&algorithm=SHA256&digits=6&period=30) -o qrcode.png -t png -s 5

Above generates a QRcode you can import in FreeOTP

Prutser ..

Tag Archives: otp

Simple FreeOTP access for PHP

"If something is worth doing, it's worth overdoing."