starred/google2fa

Fork 0

mirror of https://github.com/antonioribeiro/google2fa.git synced 2026-04-25 08:05:49 +03:00

[GH-ISSUE #191] Secret key is too short. Must be at least 16 base32 characters #556

New issue

Closed

opened 2026-03-14 12:11:10 +03:00 by kerem · 7 comments

kerem commented

2026-03-14 12:11:10 +03:00

Owner

Originally created by @NaysKutzu on GitHub (Dec 8, 2023).
Original GitHub issue: https://github.com/antonioribeiro/google2fa/issues/191

<?php
require("requirements/page.php");

use BaconQrCode\Renderer\Image\ImagickImageBackEnd;
use BaconQrCode\Renderer\ImageRenderer;
use BaconQrCode\Renderer\RendererStyle\RendererStyle;
use BaconQrCode\Writer;
use PragmaRX\Google2FA\Google2FA;
use MythicalClient\Handlers\ConfigHandler;

if ($session->getUserInfo("2fa_enabled") == "true") {
    header('location: /dashboard');
    die();
}

$google2fa = new Google2FA();
//Check if the key is in the database
if ($session->getUserInfo("2fa_secret") == null) {
    $secretKey = $google2fa->generateSecretKey(32);
    if (!$session->updateRowEncrypted($_COOKIE['token'], "2fa_secret", $secretKey)) {
        header('location: /dashboard?e=db_error');
        die();
    }
} else {
    $secretKey = $session->getUserInfoEncrypted("2fa_secret");
}

$g2faUrl = $google2fa->getQRCodeUrl(
    ConfigHandler::get('app', 'name'),
    $session->getUserInfoEncrypted("email"),
    $secretKey
);


$writer = new Writer(
    new ImageRenderer(
        new RendererStyle(400),
        new ImagickImageBackEnd()
    )
);
?>```

Originally created by @NaysKutzu on GitHub (Dec 8, 2023). Original GitHub issue: https://github.com/antonioribeiro/google2fa/issues/191 ```php <?php require("requirements/page.php"); use BaconQrCode\Renderer\Image\ImagickImageBackEnd; use BaconQrCode\Renderer\ImageRenderer; use BaconQrCode\Renderer\RendererStyle\RendererStyle; use BaconQrCode\Writer; use PragmaRX\Google2FA\Google2FA; use MythicalClient\Handlers\ConfigHandler; if ($session->getUserInfo("2fa_enabled") == "true") { header('location: /dashboard'); die(); } $google2fa = new Google2FA(); //Check if the key is in the database if ($session->getUserInfo("2fa_secret") == null) { $secretKey = $google2fa->generateSecretKey(32); if (!$session->updateRowEncrypted($_COOKIE['token'], "2fa_secret", $secretKey)) { header('location: /dashboard?e=db_error'); die(); } } else { $secretKey = $session->getUserInfoEncrypted("2fa_secret"); } $g2faUrl = $google2fa->getQRCodeUrl( ConfigHandler::get('app', 'name'), $session->getUserInfoEncrypted("email"), $secretKey ); $writer = new Writer( new ImageRenderer( new RendererStyle(400), new ImagickImageBackEnd() ) ); ?>```

kerem closed this issue

2026-03-14 12:11:16 +03:00

kerem commented

2026-03-14 12:11:21 +03:00

Author

Owner

@ainxgans commented on GitHub (Aug 28, 2025):

@NaysKutzu What is the solution

@ainxgans commented on GitHub (Aug 28, 2025): @NaysKutzu What is the solution

kerem commented

2026-03-14 12:11:27 +03:00

Author

Owner

@NaysKutzu commented on GitHub (Aug 28, 2025):

I started to use another package for 2fa

@NaysKutzu commented on GitHub (Aug 28, 2025): > I started to use another package for 2fa

kerem commented

2026-03-14 12:11:32 +03:00

Author

Owner

@ainxgans commented on GitHub (Sep 18, 2025):

@NaysKutzu withc one bro, give me the link

@ainxgans commented on GitHub (Sep 18, 2025): @NaysKutzu withc one bro, give me the link

kerem commented

2026-03-14 12:11:37 +03:00

Author

Owner

@antonioribeiro commented on GitHub (Sep 18, 2025):

@NaysKutzu , the tests on your PR are failing, are you able to fix them? Did you run tests locally?

I understand your concern and even Google's but this package is being used on a huge number of applications, seeing it breaking them all is something we should avoid at all costs...

@antonioribeiro commented on GitHub (Sep 18, 2025): @NaysKutzu , the tests on your PR are failing, are you able to fix them? Did you run tests locally? I understand your concern and even Google's but this package is being used on a huge number of applications, seeing it breaking them all is something we should avoid at all costs...

kerem commented

2026-03-14 12:11:42 +03:00

Author

Owner

@NaysKutzu commented on GitHub (Sep 18, 2025):

https://packagist.org/packages/pragmarx/google2fa

@NaysKutzu commented on GitHub (Sep 18, 2025): https://packagist.org/packages/pragmarx/google2fa

kerem commented

2026-03-14 12:11:47 +03:00

Author

Owner

@NaysKutzu commented on GitHub (Sep 18, 2025):

and the issue is and can be related to your date or time not being in sync

@NaysKutzu commented on GitHub (Sep 18, 2025): and the issue is and can be related to your date or time not being in sync

kerem commented

2026-03-14 12:11:52 +03:00

Author

Owner

@antonioribeiro commented on GitHub (Sep 19, 2025):

I just tagged v9.

@antonioribeiro commented on GitHub (Sep 19, 2025): I just tagged v9.

No labels

bug

pull-request

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/google2fa#556

No description provided.

Rows
Columns