生成二次验证的临时密码,兼容谷歌验证器
function base32Decode($in)
{
$l = strlen($in);
$n = $bs = 0;
for ($i = 0; $i < $l; $i++) {
$n <<= 5;
$n += stripos('ABCDEFGHIJKLMNOPQRSTUVWXYZ234567', $in[$i]);
$bs = ($bs + 5) % 8;
$out .= $bs < 5 ? chr(($n & (255 << $bs)) >> $bs) : null;
}
return $out;
}
function getOTP($secret)
{
$seed = base32Decode($secret);
$time = str_pad(pack('N', intval(0 + time() / 30)), 8, "\x00", STR_PAD_LEFT);
$hash = hash_hmac('sha1', $time, $seed, false);
$otp = (hexdec(substr($hash, hexdec($hash[39]) * 2, 8)) & 0x7fffffff) % pow(10, 6);
return sprintf("%'06u", $otp);
}
echo getOTP('secret_key');