Integrating Google Two-Factor Authentication with CodeIgniter 3

Integrating google two-factor authentication in your CodeIgniter project is a fairly easy process. The two-factor authentication will help you to secure your admin login panel with an extra layer of protection. Even if somebody got your username and password they can't log in unless they know your key or get your phone which has google Authenticator app.

So let's start. The first step is downloading Google Authenticator PHP library from GitHub. It is a third party library but since it has BSD license you can you freely in your commercial application. You can download it from here.

Once you download it then copy GoogleAuthenticator.php file to your application/libraries folder. Then open that file in any editor and change its class name to GoogleAuthenticator.

Now we have our CodeIgniter library. Now use it in your login function like this,

function login(){

        $this->load->library('GoogleAuthenticator');
        
        // Form validation codes.......................................
        $config = array(
            array(
                'field' => 'uername',
                'label' => 'user Name',
                'rules' => 'trim|required|xss_clean',
                'errors' => array('required' => 'Enter Username', 'xss_clean' => 'cant inject malicious code')
            ),
            array(
                'field' => 'password',
                'label' => 'password',
                'rules' => 'trim|required|xss_clean',
                'errors' => array('required' => 'Enter Password.', 'xss_clean' => 'cant inject malicious code')
            ),
            array(
                'field' => 'token',
                'label' => 'Two-factor token',
                'rules' => 'trim|xss_clean|max_length[6]',
                'errors' => array('required' => 'Enter Two Factor Code.', 'xss_clean' => 'cant inject malicious code')
            ),

        );

        $this->form_validation->set_rules($config);
        if ($this->form_validation->run() == FALSE) 
        {

             $this->load->view('loginpage');

        }
        else
        {
            // 2 factor authentication codes....................................

            $gaobj = new GoogleAuthenticator();
            $secret = "QFDK6TURKQMBAD2L" ; //$gaobj->createSecret();
            $oneCode = $this->input->post('token');
            
            $token = $gaobj->getCode($secret);
                    
            $checkResult = $gaobj->verifyCode($secret, $oneCode, 2); // 2 = 2*30sec clock tolerance
	    if (!$checkResult)
            {
               
                $this->index('Two-factor token Failed'); // index function load login page view
               
            }
            else
            {    
                // Two-factor code success and now steps for username and password verification
            } 
        }
}

You can create a new key by calling below function.

$gaobj->createSecret();

Once you create a key download Google Authenticator from google play store and install your key.

Note

The algorithm is time-based. A new unique code is generated every 30 seconds and each code is valid for 90 seconds only. So you must ensure that your phone time and your server time is exactly same otherwise, it won't work.Comment below if you encountered any problem or need any help.