How to Implement Google Two Factor Authentication Login In PHP

0
Shares
How to Implement Google Two Factor Authentication Login In PHP
3 (60%) 9 votes

Back in 2011, Google released two factor authentication for G-mail to generate one time login tokens. This Google two factor authentication is the type of authentication that provides unambiguous identification of users with the combination of two different components.

This type of authentication provides an additional layer of security as attacker is unlikely to able to crack both layers to get access. In fact, most websites have now implemented Google two factor authentication login including Facebook, eBay, Yahoo, Paypal, and many others.

Google Two Factor Authentication in PHP

The easiest way to implement Google two factor authentication in your PHP website is by using the Google authenticator. The Google authenticator provides Google two factor authentication api for Google account logins and for other websites. Moreover, the Google authenticator app is also available in the Android, iPhone, and Blackberry app store that is based on following two proposed standards:

  • Time-Based One Time Password
  • HMAC-Based One Time Password

And, for PHP part, Google2FA PHP package will be used.

Now, in this PHP tutorial, we’ll see step-by-step process for implementing Google two factor authentication API in a PHP website.

Let’s Get Started

First, login into your phpmyadmin. General login URL for local is – http://localhost/phpmyadmin

Click on database, enter database name, and press create button.

Now, select the database you created, and find import button. Click on browse button, download authentication_demo.sql and select it as database.

Here, we’ve successfully created database, now put JS and CSS file into project directory.

Use – Include (‘class/userclass.php’); to save information in database.

And, require_once ‘googleLib/GoogleAuthenticator.php’; to generate barcode with googlelib.

To decode this barcode, you’ll need Google authenticator application (Android / iOS).

Below is the code for Index.php file.

Index.php

<?php
include("config.php");
if(!empty($_SESSION['iUserId']))
{
header("Location: device_confirmations.php");
}

include('class/userClass.php');
$userClass = new userClass();

require_once 'googleLib/GoogleAuthenticator.php';
$authenticator = new GoogleAuthenticator();
$secret = $authenticator->createSecret();

$errorMsgReg='';
$errorMsgLogin='';
if (!empty($_POST['loginSubmit']))
{
$emailId=$_POST['vEmailId'];
$password=$_POST['vPassword'];
if(strlen(trim($emailId))>1 && strlen(trim($password))>1 )
{
$userId=$userClass->userLogin($emailId,$password,$secret);
if($userId)
{

header("Location: device_confirmations.php");
}
else
{
$errorMsgLogin="Please check login details.";
}
}
}

if (!empty($_POST['signupSubmit']))
{
$username =$_POST['vUsername'];
$email =$_POST['vEmailId'];
$password = $_POST['vPassword'];
$name =$_POST['vFullName'];
$usernameCheck = preg_match('~^[A-Za-z0-9_]{3,20}$~i', $username);
$emailCheck = preg_match('~^[a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})$~i', $email);
$passwordCheck = preg_match('~^[A-Za-z0-9!@#$%^&*()_]{6,20}$~i', $password);

if($usernameCheck && $emailCheck && strlen(trim($name))>0)
{

$uid=$userClass->userRegistration($username,$password,$email,$name,$secret);

if($uid)
{

header("Location: device_confirmations.php");
}
else
{
$errorMsgReg="Username or Email already exits.";
}

}
else
{
$errorMsgReg="Enter valid details.";
}
}

?>
<!DOCTYPE html>
<html>
<head>
<title>2-Step Verification </title>
<link rel="stylesheet" type="text/css" href="style.css" charset="utf-8" />
</head>
<body>
<div id="container">
<h1>2-Step Verification </h1>
<div id="login">
<h3>Login</h3>
<form method="post" action="" name="login">
<label>Username or Email</label>
<input type="text" name="vEmailId" autocomplete="off" />
<label>Password</label>
<input type="password" name="vPassword" autocomplete="off"/>
<div class="errorMsg"><?php echo $errorMsgLogin; ?></div>
<input type="submit" class="button" name="loginSubmit" value="Login">
</form>
</div>
<div id="signup">
<h3>Registration</h3>
<form method="post" action="" name="signup">
<label>Name</label>
<input type="text" name="vFullName" autocomplete="off" />
<label>Email</label>
<input type="text" name="vEmailId" autocomplete="off" />
<label>Username</label>
<input type="text" name="vUsername" autocomplete="off" />

<label>Password</label>
<input type="password" name="vPassword" autocomplete="off"/>
<div class="errorMsg"><?php echo $errorMsgReg; ?></div>
<input type="submit" class="button" name="signupSubmit" value="Signup">
</form>
</div>

</div>

</body>
</html>

Connection.php

<?php
session_start();
/* DATABASE CONFIGURATION */
define('DB_SERVER', 'localhost');
define('DB_USERNAME', '{USER NAME}');
define('DB_PASSWORD', '{PASSWORD}');
define('DB_DATABASE', 'authentication_demo');
define("BASE_URL", "http://localhost/AuthenticationDemo/"); // Eg. http://yourwebsite.com
function getDB()
{
$dbhost=DB_SERVER;
$dbuser=DB_USERNAME;
$dbpass=DB_PASSWORD;
$dbname=DB_DATABASE;
try {
$dbConnection = new PDO("mysql:host=$dbhost;dbname=$dbname", $dbuser, $dbpass);
$dbConnection->exec("set names utf8");
$dbConnection->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
return $dbConnection;
}
catch (PDOException $e) {
echo 'Connection failed: ' . $e->getMessage();
}

}
?>

Note: change value of HOST , USERNAME , PASSWORD , DATABASE_NAME after change run your connection.php file in browser.

device_confirmations.php

Once you see your barcode after login, scan the barcode with Google authenticator application, and save the generated number to insert into text box.

<?php
include('config.php');

if(empty($_SESSION['iUserId']))
{
header("Location: index.php");
}

include('class/userClass.php');
$userClass = new userClass();
$userDetails=$userClass->userDetails($_SESSION['iUserId']);
$secret=$userDetails->vAuthCode;
$email=$userDetails->vEmailId;

require_once 'googleLib/GoogleAuthenticator.php';

$ga = new GoogleAuthenticator();

$qrCodeUrl = $ga->getQRCodeGoogleUrl($email, $secret,'spaceo demo');

?>
<!DOCTYPE html>
<html>
<head>
<title>2-Step Verification</title>
<link rel="stylesheet" type="text/css" href="style.css" charset="utf-8" />
</head>
<body>
<div id="container">
<h1>2-Step Verification </h1>
<div id='device'>

<p>Enter the verification code generated by Authenticator on your phone.</p>
<div id="img">
<img src='<?php echo $qrCodeUrl; ?>' />
</div>

<form method="post" action="home.php">
<label>Enter Authenticator Code</label>
<input type="text" name="code" />
<input type="submit" class="button"/>
</form>
</div>
<div style="text-align:center">
<h3>Get Authenticator on your phone</h3>
<a href="https://itunes.apple.com/us/app/google-authenticator/id388497605?mt=8" target="_blank"><img class='app' src="images/iphone.png" /></a>

<a href="https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en" target="_blank"><img class="app" src="images/android.png" /></a>
</div>
</div>
</body>
</html>

home.php

<?php
include('config.php');
include('class/userClass.php');
$userClass = new userClass();
$userDetails=$userClass->userDetails($_SESSION['iUserId']);

if($_POST['code'])
{
$code=$_POST['code'];
$secret=$userDetails->vAuthCode;
require_once 'googleLib/GoogleAuthenticator.php';
$ga = new GoogleAuthenticator();
$checkResult = $ga->verifyCode($secret, $code, 2); // 2 = 2*30sec clock tolerance

if ($checkResult)
{
$_SESSION['vAuthCode']=$code;
}
else
{
echo 'FAILED';
}

}
include('session.php');
$userDetails=$userClass->userDetails($session_uid);

?>
<!DOCTYPE html>
<html>
<head>
<title>2-Step Verification</title>
<link rel="stylesheet" type="text/css" href="style.css" charset="utf-8" />
</head>
<body>
<div id="container">
<h1>Welcome <?php echo $userDetails->vFullName; ?></h1>

<pre>
<?php print_r($userDetails); ?>
</pre>
<h4><a href="<?php echo BASE_URL; ?>logout.php">Logout</a></h4>
</div>
</body>
</html>

That’s It!

Using these simple steps, you can easily add two factor authentication login in PHP. And, it’s also possible to add an additional layer in this authentication process to provide higher security, but the implementation can get tricky. So, It’s better that you talk to an expert or hire PHP developer, if you’d also like to implement it in your PHP website.

 
0
Shares
 

Have a Web App Development Idea Want to Built? We Can Help!