生成二次验证的临时密码，兼容谷歌验证器

function base32Decode($in)
{
    $l = strlen($in);
    $n = $bs = 0;
    for ($i = 0; $i < $l; $i++) {
        $n <<= 5;
        $n += stripos('ABCDEFGHIJKLMNOPQRSTUVWXYZ234567', $in[$i]);
        $bs = ($bs + 5) % 8;
        $out .= $bs < 5 ? chr(($n & (255 << $bs)) >> $bs) : null;
    }
    return $out;
}

function getOTP($secret)
{
    $seed = base32Decode($secret);
    $time = str_pad(pack('N', intval(0 + time() / 30)), 8, "\x00", STR_PAD_LEFT);
    $hash = hash_hmac('sha1', $time, $seed, false);
    $otp = (hexdec(substr($hash, hexdec($hash[39]) * 2, 8)) & 0x7fffffff) % pow(10, 6);
    return sprintf("%'06u", $otp);
}

echo getOTP('secret_key');