CakeOTP – One Time Password for CakePHP

A one-time password (OTP) is a password that is only valid for a single login session or transaction. It is commonly used in the internet for registration and password reminder process in which OTPs are provides to the user in a form of a link that the user uses to access in order to create/reset his password.

CakeOTP is a secure and table-less implementation of One Time Password for the popular CakePHP development framework.


Check out CakeOTP live demo here.


Import the otp component (with CakePHP Email and Auth core components):

var $components = array('Auth','Email','Otp');

Creating and sending the OTP email:

// create the OTP - TTL = time to live, assume username = email

$otp = $this->Otp->createOTP(



         'ttl'=> $ttl));

$link = '<a href="http://' .





$otp.'"> Registration link </a>';

// send mail

$this->Email->from    = "";

$this->Email->to      = $username;

$this->Email->subject = "Website Registration";

$this->Email->sendAs = 'html';

Authenticate OTP

 // validate OTP




      'ttl'=> $ttl)) ){

// handle Authenticated request


// handle unauthenticated request


Download CakeOTP 1.1


See CakeOTP getting started for setup and additional usage details.

Comments (3)

I have been playing around with this today I think that the generatePass should be in otp comp and take params to set the len and stren of password

I made a few changes to otp to play right within my app – I still have some way to go since I have a validation routing to confirm password when changes – I have to disable that when otp is in use. Also I have email but use the field login as username

github would be a great place for this :)

@Majic3 – Thank! If you make any useful modifications send them to amir(at)spacebug(dot)com and I will put it in the next release.

I’m trying to use OTP to make a forgot password system, but i’m stucked here. Do you have som example to show?

Post a comment