Basic Use

[JoeyUson]

As I understand the following step are need to use it in any php application.

1. Create a basic program referring to Demo which will create the secret, QRcode Image and run it which is needed to be scan by using Google Authenticator and once the code generated is similar with the displayed code in Goggle Authenticator then it is good and save as account.
2. Refresh the Demo which will generate a new QR code and secret key which suppose to be identical with the Google Authenticator assuming we are within the 30 sec time boundary. This time the code never be the same in Google Authenticator and Demo.
3. Expecting the Google Authenticator will show the same code as display in Demo to be consider as valid security.
4. What should I do although the demo already showing the time are sync between my device and Android phone?
   It seems basic but I don't understand why it does not sync. I'm using PHP 7.3

[RobThree]

No, anything after step 1 doesn't make sense. Once you verified your code is correct, next time you just ask the user for their TOTP ("authenticator") code. The QR is only scanned once, during setup of TOTP. Next time, the user logs in (with username and password for example) and as a second step (2nd factor, 2FA) you ask for their TOTP ("authenticator") code and verify it is correct.

[JoeyUson]

Got it now. The process are as follow:

1. During registration the generated QR code Image should be scan by Google Authenticator and it should display the code similar to the application which mean it is correctly registered.
2. Save the secret key generated in the application
3. On next login the application should load and used this key and compared with the inputted code from Google Authenticator within 30 sec.
4. If similar then valid.
5. Thanks now it is clear