The best way of making use of this project is by installing it with composer.
php composer.phar require robthree/twofactorauth
or if you have composer installed globally
composer require robthree/twofactorauth
Now you can create an instance for use with your code
use RobThree\Auth\TwoFactorAuth; $tfa = new TwoFactorAuth();
Note: if you are not using a framework that uses composer, you should include the composer loader yourself
When your user is setting up two-factor, or multi-factor, authentication in your project, you can create a secret from the instance.
$secret = $tfa->createSecret();
Once you have a secret, it can be communicated to the user however you wish.
<p>Please enter the following code in your app: '<?php echo $secret; ?>'</p>
Note: until you have verified the user is able to use the secret properly, you should store the secret as part of the current session and not save the secret against your user record.
Having provided the user with the secret, the best practice is to verify their authenticator app can create the appropriate code.
$result = $tfa->verifyCode($secret, $_POST['verification']);
If $result is true then your user has been able to successfully record the $secret in their authenticator app and it has generated an appropriate code.
You can now save the $secret to your user record and use the same verifyCode method each time they log in.