otp

Thank you @phil-davis for the PR

The only "functional" change is that one parameter has been changed to string, in a doc block, which should quiet down perhaps some quality checkers.

You can now also use more algorithms that are part of the RFC specs.

Thanks to @fkooman for the PR!

On a 64 bit PHP with a high enough PHP version this code is now 2038 safe.

Thanks to @fkooman for the contribution!

Labels are now urlencoded which should return a correct url for external use with QR codes (google authenticator etc)

Thank you @steffenweber for the contribution!

Thanks to @fkooman for widening the scope of which PHP unit versions this works with in development and for replacing the constant time compare with a more general solution (which also should perform better, if you don't need the polyfill).

Thanks to @fkooman for the merge request!

For those who have issues with time drift, you can now set an offset on the Otp class to compensate, in case your hoster doesn't keep it's server time properly in check.

Thanks to @mithodin for the pull request.

Thanks to @SamuelDauzon for the idea.

The counter based otp now has a resync function that allows you to specify a "counterwindow", similar to what the drift does on timer based ones, except only forward. So if your otp is out of sync, you can match one with this function, which then returns the counter it matched on for you to save the new value (or returns false if it doesn't match).

Thanks to @therealssj for the pull request!

Added generateRecoveryCodes for easy generation of recovery codes for your users to GoogleAuthenticator helper class.

Also added several cleanups and forcing PHP 5.4 from now on.

Thanks to @therealssj for the suggestion!

The GoogleAuthenticator class now uses random_int for the pseudo random generation. That function is available in PHP7 and there is a polyfill (linked in the README) for previous versions. If neither is present, it will default to it's current behavior.

Thanks to @inanimatt for the suggestion.

Thanks to @schinkel for the merge request on this one.

Previously it used "rand" for generating the pseudorandom in the googleauthenticator helper class. This has now been replaced with an implementation that will create a random either from openssl if it's present or otherwise use the mt_rand option (not as good, but better then just rand).

Will allow a display of "issuer" for software that can use it.