CakeOTP – One Time Password for CakePHP

A one-time password (OTP) is a password that is only valid for a single login session or transaction. It is commonly used in the internet for registration and password reminder process in which OTPs are provides to the user in a form of a link that the user uses to access in order to create/reset his password.

CakeOTP is a secure and table-less implementation of One Time Password for the popular CakePHP development framework.

Demo

Check out CakeOTP live demo here.

Usage

Import the otp component (with CakePHP Email and Auth core components):

var $components = array('Auth','Email','Otp');

Creating and sending the OTP email:



// create the OTP - TTL = time to live, assume username = email

$otp = $this->Otp->createOTP(

   array('user'=>$username,

         'password'=>$passwordHash,

         'ttl'=> $ttl));

$link = '<a href="http://' .

$_SERVER['SERVER_NAME']. 

Dispatcher::baseUrl().

"/users/otpregister/".

$username."/".$ttl."/".

$otp.'"> Registration link </a>';

// send mail

$this->Email->from    = "admin@somedomain.com";

$this->Email->to      = $username;

$this->Email->subject = "Website Registration";

$this->Email->sendAs = 'html';

Authenticate OTP


 // validate OTP

if($this->Otp->authenticateOTP($otp,

array('user'=>$email,

      'password'=>$passwordHash,

      'ttl'=> $ttl)) ){

// handle Authenticated request

}else{

// handle unauthenticated request
}

Download

Download CakeOTP 1.1

Documentation

See CakeOTP getting started for setup and additional usage details.

Comments (3)

I have been playing around with this today I think that the generatePass should be in otp comp and take params to set the len and stren of password

I made a few changes to otp to play right within my app – I still have some way to go since I have a validation routing to confirm password when changes – I have to disable that when otp is in use. Also I have email but use the field login as username

github would be a great place for this :)

@Majic3 – Thank! If you make any useful modifications send them to amir(at)spacebug(dot)com and I will put it in the next release.

I’m trying to use OTP to make a forgot password system, but i’m stucked here. Do you have som example to show?
Thanks

Post a comment