Home PHP Learn how to use Google Multi factor authentication in PHP

Learn how to use Google Multi factor authentication in PHP


Using Google Multi Factor Authentication in PHP

I have posted different tutorials on login registration feature with PDO as well MySQLi, Today this tutorial is bringing up the new additional step towards the user level security, google has introduced two step verification process with mobile application called Google Authenticator App which helps to bring in multi factor authentication.

By using google two-factor authentication you will be able to provide extra security layer to user, foreach and every login step user has to enter security code and it is different for each request it has 30-60 seconds timespan.

Checkout video for Live Demo:

Get Complete Source Code

let’s start by looking at tutorial features and the technology we are going to use to build.

Tutorial Features:

  • Register (Creating New User Account)
  • Login
  • Google Authenticator Configuration
  • Two-Step verification
  • State Management

Points to Learn:

  • PHP (Object Oriented)
  • MySQL
  • PHP Data Object
  • User of password_hash() and password_verify()
  • Bootstrap

At the end of this tutorial you should be able to create a login register application with multi factor authentication process.

Step 1: Download and Install Google Authenticator Application:

We are going to need Google Authenticator Application so before proceeding you should download and install application into your mobile phone, use following links to download the applications:


Download From App Store
Download from Google Play store



Step 2: Database Configuration:

As we are building Login Registration system we need a very basic table to store user details, along with that we need additional field to store Google Secret Code.

Users table structure for google two factor Authentication
Users table structure for google two factor Authentication

Step 3: Database Connection Script:

Create db_connection.php file and use following code, don’t forgot to update connection variables to match with your systems configuration:

I am going to store this file under config folder to make it more organised:


DB() – this is global function which are going to use in the project while interacting with database.

Step 4: Registration Page:

Create registration.php page and use following code do design our registration page.

Multi Factor authentication Registration page

Step 5: Login Page:

We are going to have login page on our index.php page, so let’s create new page called index.php and use below code to design login page.

google multi factor authentication Login page

Step 6: Create Library file:

As I said earlier we will add Object Oriented concept to learn bit of it, so this library file is part of OOP, which is going to have a class and different functions according to our need, let’s create library.php  file under library folder:


Quick description: We have created DemoLib class along with few basic functions, this class accepts $db variable which is the instance of PHP PDO Connection script, so whenever we needs to call functions from this DemoLib Class we have to pass the PDF connection instance.

Overall we have our core structure ready to use let’s making our registration from functional.

Step 7: User Registration:

Open up the registration.php file and add following code at the top of the file:

This is the script where we are creating new user in the system along with the unique Google Authenticator Code which is going to be a key while validating user request such as login.

If you see above code you will notice we are redirecting user to the next page that is Device confirmation, please make sure you have your mobile phone ready with the Authenticator Application installed.

Step 8: User Device Conformation:

Let’s create new page called confirm_google_auth.php and use following code:

Keep in mind we are validating user here, meaning GoogleAuthenticator is going to need QR Code image of Google Secrete code which we had stored along with the user record while creating new user.

So in this step we are going to fetch specific user google secret code and will generate QR code.


Google Device Confirmation

Step 9: Create profile page:

We are going to need a sample profile page to redirect user when successfully login or after getting device confirmation. let’s create that.


Step 10: Login Script:

We have completed our first work flow of creating and validating device of new user, now we need add login feature, we have our design ready on index.php go ahead and open that page and add following code:

We are doing a simple common operations here to validated user credentials and if valid details found we are redirecting user to extra step that is validated security code.

Step 11: Validated Security Code:


Step 12: User Logout:

Finally we need user logout page, use following to create logout.php page:


You can download or check live demo using below links:

Get Complete Source Code

Enjoy this tutorial? Get iTech Empires updates delivered straight to your inbox.

No Spam, ever. We'll never share your email address and you can opt out at any time.

Yogesh Kolihttp://www.itechempires.com
Yogesh Koli is a software engineer & Blogger lives in India. He's driven by an addiction to learning and a love for adventure. he has 6+ years of experience working with the front-end and back-end web application development.


5 Comment threads
4 Thread replies
Most reacted comment
Hottest comment thread
6 Comment authors
Yogesh KolivictorRohitYogesh KoliMark Jerard Recent comment authors

This site uses Akismet to reduce spam. Learn how your comment data is processed.

newest oldest most voted
Notify of

Al implementarlo localmente no funciona escaneo el codigo e ingreso los digitosque me pide y siempre me dice que el codigo es incorrecto, estoy usando la version descargada de aqui.


From where I can get /GoogleAuthenticator/GoogleAuthenticator.php ?

Jon Hirsch
Jon Hirsch

Ok, this line in is incorrect in confirm_google_auth.php

$user = $app->UserDetails($_SESSION[‘user_id’]);

Should be
$user = $app->UserDetails($_SESSION[‘username’]);

Junior Requena
Junior Requena

file /GoogleAuthenticator/GoogleAuthenticator.php ???????

Mark Jerard
Mark Jerard

not working the codes. please gave back my paypal credits

Yogesh Koli

You must be having an issues with the implementation, kindly checkout the live demo it’s working. and the code delivered to you is completely same as from the live demo. do checkout step by step and let me know if it’s still doesn’t work.

Mark Jerard
Mark Jerard

Hi there, the code is working in implementation but some bugs occurs. When I try to login then I can access the home page without putting the auth code. I tried as much decoding and searching to not access the home page but still user can access the home page. Your work is not complete.

Yogesh Koli

This is not right @markjerard:disqus .. I am telling you again do checkout demo first -http://demos.itechempires.com/php-google-two-factor-authentication/ also https://www.youtube.com/watch?v=tkcopVlSmRA

and then fell free to comment.

Tutorials You May Like!

- Advertisement -